CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass

Monday, April 20, 2020

Identity and Authentication Factors

IDENTITY

The first part of a login process is providing some form of identification, such as a username or email address

AUTHENTICATION FACTORS

Proves that the user is who they claim to be. Authentication credentials should be kept secret. This helps prevent unauthorized users from gaining access to confidential information. There are five authentication factors.

1. Something you know: Password, PIN, passphrase, security question answer, CAPTCHA, a PIN that was mailed to you.

2.  Something you have: CAC (Common Access Card), PIV (Personal Identity Verification), Smart Card, Digital Certificate (CAC, PIV, & Smart Card are all digital certificates), PIN or code sent to your cell phone, key fob or token (pic to the right)


3. Something you are: Fingerprint, iris scan, retina scan, facial scan, voice pattern, palm geometry.

4. Somewhere you are: IP address, MAC address, GPS location computer name.

5. Something you do: Signature analysis, signature dynamics, have the user sign their name, keyboard timing, keystroke dynamics, gait (the way you walk), finger swipe pattern.
Posted by at No comments:
Labels: , , , , , , , ,

Sunday, April 19, 2020

Certificates - PKI (Public Key Infrastructure)

Types of Certificates

Self-signed: This type of certificate is owned by the server that signed it. They will be untrusted inside an organization until the certificate is imported into the machine attempting to access the server,

Root: Identifies the CA (Certificate Authority). There is no other authority higher than the root, therefore its certificate must be self-signed.

User: There are certificate templates for standard users, administrators, recovery agents, smart card logon, etc.

Email: These are used for digital signature and the encryption/decryption of emails. Emails can be referred to as messages or electronic messages.

Code-signing certificates: These are used with software/applications to validate the end-user the integrity of the product.

Domain Validation (DV): This proves the ownership for a domain. Not the most secure method as it is vulnerable to compromise.

Extended Validation (EV): A thorough check is required to validate the ownership of the domain. This is also the most trusted certificate. EV protects against phishing attacks. 

Subject Alternative Name (SAN): Some organizations own multiple domains and may choose to combine them into one certificate. 
google.com
google.ca
android.com
youtube.com
Above are just a few of the domains Google owns. These can be combined into one certificate, making this certificate a SAN. If the company adds another domain after the certificate has been issued, they will need to purchase a new certificate.

Below is another example of when you would use a SAN certificate. If the organization installed three different web servers and the certificate needed to match the hostname, it would need a SAN certificate.
sales.example.com
info.example.com
training.example.com
In this case, the hostnames for the above are as follows: "sales", "info", and "training". 

Wildcard: The Wildcard certificate will protect all first-level sub-domains as long as they belong to the same domain. This reduces the burden of an administrator have to account for a certificate for each sub-domain.

research.practice.com
marketing.practice.com
dallas.practice.com
chicago.practice.com
seattle.practice.com

The five above all belong to the same domain, so instead of five certificates, one could be purchased:

*.practice.com

X.509 Certificate: What you need to know
Hashed with SHA
Encrypted with RSA
The entity that issued the certificate
The entity that the certificate was issued to
The validity date: from and to
Posted by at No comments:
Labels: , , , , , , , ,

Saturday, April 18, 2020

SSL/TLS Accelerator vs SSL Decryptor

SSL/TLS Accelerator

An SSL/TLS Accelerator is normally a plug-in card on the web server, can also be included in a load balancing appliance. The web server is busy heading out the proper web page to be displayed. In the mean-time, the accelerator handles the decryption and encryption for the TLS session. 

The accelerator does not inspect the traffic. 

SSL Decryptor

An SSL decryptor is sometimes called an inspector or interceptor. It is employed as some type of proxy to inspect encrypted traffic as it enters or leaves the network. 

This protects against someone trying to use encryption to exfiltrate data. The device is placed at the edge of the network. 

The decryptor can perform the following functions"
1. Block connections using a weak cipher suite. 
2. Prevent inspection of authorized traffic that is subject to privacy.
3. Prevent sessions that cannot be inspected.
Posted by at No comments:

Hashing Algorithms: MD5, SHA, RIPEMD, & HMAC

HASHING

Hashing is used to verify integrity, making sure the media has not been altered, changed, or modified by accidental or intentional means. Hashing can also be called a checksum or message digest. 

A hash is a one-way function that produces a fixed-length output. This output cannot be reversed to produce the original input. Hashing only alerts you to the fact that something has changed, in other words, it has lost its integrity.

Hashing is used for many reasons:
1. The most common and widely used methods are with passwords. When an individual login to the PC their password is hashed and matched against the hashes that are stored if it matches the user is authenticated.

2. Sometimes hashing is used to make sure financial records have not been changed. This process can be performed daily, weekly, or monthly. This is referred to as "file integrity monitoring."

3. File integrity monitoring can be used to check the hash value of image files. If the "hash value has changed" on website images, or other images being sent or stored at the organization, then the most likely explanation is someone is using "steganography" to hide stolen data.

4. Running a file integrity program to check configuration files on network devices to compare them to the previous week or months hashes to look for changes.

5. Vendors sometimes provide these for applications, patches, and updates to verify you received the entire download or that it has not been modified. You would need to run a hashing algorithm to see if the hash matches that on the website.

HASHING ALGORITHMS

MD5 - Message-Digest 5 uses a 128-bit has value. It is the fast of the hashing algorithms but has documented collisions. Despite being deprecated it is still one of the most widely used hashing programs.

SHA/SHA-1 - Secure Hash Algorithm. SHA was created to address the weaknesses of MD5. Both SHA and SHA-1 use a 160-bit digest. 

SHA-2 was created to address the problems with SHA-1. SHA-2 uses longer digests (256, 384, & 512).

RIPEMD - RACE Integrity Primitives Evaluation Message Digest. Produces performance and encryption strength similar to SHA-1.

HMAC - Hash-based Message Authentication Code is used to verify both the integrity and authenticity of a message. It combines a hash function and a secret key. 
Posted by at No comments:
Labels: , , , , , ,

Friday, July 5, 2019

Bluetooth Attacks

Bluetooth Attack Types



1. Bluejacking
The attacker sends an unsolicited message to a nearby device. The type of message can be an image or text.

2. Blueborne
This type of attack is a virus that is spread through the air. It allows the attacker to take full control of the target device. The target device doesn’t have to be in discoverable mode for the attack to be successful.

3. Bluesnarfing
An attacker accesses a Bluetooth device to steal contact lists, text messages, calendars, and emails. The attackers use tools such as obexftp and hcitool.

4. Bluebugging
This type of attack allows the attacker to enable call forwarding on the target device, the ability to listen in all calls, and can send messages.

Posted by at No comments:
Labels: , , , ,

Wednesday, April 17, 2019

Kerberos

KERBEROS

  • Kerberos is an authentication protocol
  • Kerberos provides SSO (Single Sign-On)
  • Uses Port 88 TCP or UDP
  • KDC (Key Distribution Center) uses 2 services: Authentication Service and a Ticket Granting Service
    • Authentication Service handles authenticating user login requests
    • The AS issues a TGT (Ticket Granting Ticket)
    • To access any resource within the domain the client quests a Service Ticket
    • The TGS (Ticket Granting Service) issues the Service Ticket to the client so they can access the resource
  • TGT's are uniques to Kerberos only
  • By default, the client and the Kerberos server have to be within a 5-minute window of each other for authentication to succeed. 
  • Kerberos provides mutual authentication as the server authenticates to the client.
  • Kerberos prevents eavesdropping and MITM attacks. (Man-In-The-Middle)
Posted by at No comments:
Labels: , , ,

AAA Services (Authentication, Authorization, and Accounting)

AAA Services

RADIUS: Remote Authentication Dial-in User Service
  • Port 1812 UDP for authentication
  • Port 1813 TCP for accounting
  • WPA Enterprise / WPA2 Enterprise both require a RADIUS server.
  • RADIUS clients are also referred to as 802.1x clients.
  • RADIUS is a client/server protocol.
  • Communication between the client and the RADIUS server uses UDP
  • RADIUS is vendor-neutral
  • Only encrypts the passwords

Diameter
  • Uses TCP for communication between client and server.
  • Considered to be an improvement over RADIUS.
  • Diameter also works with VoIP
  • Used for both local and remote access

TACACS+: Terminal Access Controller Access-Control System Plus
  • TACACS+ provides a more advanced AAA
  • Three different servers, Authentication, Authorization, Accounting
  • Communicates over TCP
  • Uses Port 49 TCP
  • Manages routers and switches (Network infrastructure devices)
  • Encrypts the entire packet
  • TACACS+ is a proprietary protocol


Posted by at No comments:
Subscribe to: Posts (Atom)