آزمون بین المللی +Security

آزمون و کتب دوره امنیت

گواهی نامه Security + ، دانش حرفه ای افراد در زمینه امنیت را تعیین می کند، و یکی از سریعترین زمینه های رو به رشد در IT می باشد.گواهی نامه بین المللی Security + ، مهارت و صلاحیت شما را در زمینه های زیر نشان می دهد :

امنیت شبکه
امنیت عملیاتی و موثر
تهدیدات و آسیب پذیریها
امنیت داده ها، برنامه های کاربردی و ماشینهای میزبان
کنترل دسترسی و مدیریت هویت کاربران
رمزنگاری

Comptia Security + ، نه تنها تضمین کننده دانش مفاهیم امنیتی، ابزارها و روشهای واکنش به رویدادهای امنیتی است، بلکه پیش بینی ریسکهای امنیتی و محافظت در برابر آنها را نیز از سوی کارکنان امنیتی تضمین می کند.

مخاطبین نقشهای امنیتی، عبارتند از : مهندسین امنیت، مشاوران و متخصصین امنیتی، تکنسینهای تضمین کننده اطلاعات، مدیران امنیتی، مدیران سیستم و مدیران شبکه.

سازمانهایی که کارکنان دارای گواهی Security + شرکت Comptia را استخدام می کنند، عبارتند از : سیستمهای اطلاعاتی هیتاچی ( ژاپن )، Trendmicro ( فیلیپین )، Lockheed Martin، وزارت امور خارجه ایالات متحده آمریکا، پیمانکاران دولت آمریکا مانند EDS و … می باشند.

Security + Comptia یکی از گزینه های برای گواهی نامه های مورد نیاز وزارت دفاع ایالات متحده آمریکا برای کارکنان نظامی یا پیمانکاران نظامی درگیر در فعالیتهای تضمین کننده اطلاعات است.

گواهی CompTIA Security+، مورد تایید سازمان بین المللی استاندارد سازی (ISO) و موسسه استانداردهای ملی آمریکا (ANSI) می باشد. گواهی CompTIA Security+ در حال حاضراز طریق برنامه های آموزشی مداوم CompTIA نگهداری می شود.

مفاهیم عمومی امنیت موارد زیر می باشند

Access Control MAC/DAC/RBAC – know the differences between Mandatory Access Control, Discretionary Access Control and Rule based Access Control. DO not configure Rule based with Role based

Authentication
Know how to configure authentication for you systems. Know the differences between each authentication type and what type of cryptology is used with each

Kerberos – a ticket based system

CHAP – CHAP is more secure than PAP

Certificates – know why certificates are used. A certificate authority in a PKI system with issue certificates to guarantee authenticity

Username/Password – standard authentication method

Tokens – RSA SecurID is an example. Remember that one time passwords can be used

Multi-Factor – instead of one factor of authentication, you can have 2 or more like using username and passwords with a biometrics system

Biometrics – hand scanning, retina scans and Smartcards for authentication

Non-essential Services and Protocols – Disabling unnecessary systems / process / programs
Simple – disable what you don’t need to that your systems wont be exploited based on running services and protocols you are not using

Attacks

DOS/DDOS – a denial of service attack is when you attack a system to block usage from legitimate systems. The legitimate systems are given a denial of service. DDOS is the distributed form where the attack comes from multiple locations

Back Door – a back door left in a program where the software creator (or hacker) sneaks in by

Man in the Middle – a hacker can get in the middle of a session and eavesdrop of poison the conversation

Replay – capturing data and replaying it for exploitation – like replaying a password to enter a system

TCP/IP Hijacking – taking over a TCPIP session

Weak Keys, Mathematical and Birthday attacks are all cytological attacks used to break ciphers

Password Guessing – the act of guessing passwords to enter a system

Brute Force – an onslaught attack that doesn’t stop until the password is . Will use any combination known to the password

Dictionary – using a dictionary file to

Software Exploitation – exploiting bugs and known flaws

Social Engineering
The act of tricking users into giving up system information

WLAN

A wireless LAN is one in which a mobile user can connect to a local area network (LAN) through a wireless (radio) connection

A standard, IEEE 802.11, specifies the technologies for wireless LANs

The standard includes an encryption method, the Wired Equivalent Privacy algorithm

Wi-Fi is the popular term for a high-frequency wireless local area network WLAN)

Wi-Fi is specified in the 802.11b specification from the Institute of Electrical and Electronics Engineers (IEEE) and is part of a series of wireless specifications together with 802.11, 802.11a, and 802.11g

All four standards use the Ethernet protocol and CSMA/CA (carrier sense multiple access with collision avoidance) for path sharing

The 802.11b (Wi-Fi) operates in the 2.4 GHz range offering data speeds up to 11 megabits per second

The modulation used in 802.11 has historically been phase-shift keying PSK)

The modulation method selected for 802.11b is known as complementary code keying (CCK), which allows higher data speeds and is less susceptible to multipath-propagation interference

Unless adequately protected, a Wi-Fi wireless LAN can be susceptible to access from the outside by unauthorized users, some of who have used the access as a free Internet connection

The activity of locating and exploiting security-exposed wireless LANs is commonly known as war driving

War driving is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, you need a vehicle, a computer (which can be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car

Companies that have a wireless LAN are urged to add security safeguards such as the Wired Equivalent Privacy (WEP) encryption standard, the setup and use of a virtual private network (VPN) or IPsec, and a firewall or DMZ

Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b that is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN

WEP seeks to establish protection to that offered by the wired network’s physical security measures by encrypting data transmitted over the WLAN

Data encryption protects the vulnerable wireless link between clients and access points; once this measure has been taken, other typical LAN security mechanisms such as password protection, end-to-end encryption, virtual private networks (VPNs), and authentication can be put in place to ensure privacy

A research group from the University of California at Berkeley recently published a report citing “major security flaws” in WEP that left WLANs using the protocol vulnerable to attacks (called wireless equivalent privacy attacks)

The Wireless Ethernet Compatibility Alliance (WECA) claims that WEP – which is included in many networking products – was never intended to be the sole security mechanism for a WLAN, and that, in conjunction with traditional security practices, it is very effective

۸۰۲٫۱۱

۸۰۲٫۱۱ is a family of specifications for wireless local area networks (WLANs) developed by a working group of the Institute of Electrical and Electronics Engineers IEEE)

There are currently four specifications in the family: 802.11, 802.11a, 802.11b, and 802.11g

All four use the Ethernet protocol and CSMA/CA (carrier sense multiple access with collision avoidance) for path sharing

The most recently approved standard, 802.11g, offers wireless transmission over relatively short distances at up to 54 megabits per second (Mbps) compared with the 11 megabits per second of the 802.11b standard

Like 802.11b, 802.11g operates in the 2.4 GHz range and is thus compatible with it

AAA

Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services

These combined processes are considered important for effective network management and security

As the first process, authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted

The process of authentication is based on each user having a unique set of criteria for gaining access

The AAA server compares a user’s authentication credentials with other user credentials stored in a database

If the credentials match, the user is granted access to the network

If the credentials are at variance, authentication fails and network access is denied

Authentication, authorization, and accounting services are often provided by a dedicated AAA server, a program that performs these functions

A current standard by which network access servers interface with the AAA server is the Remote Authentication Dial-In User Service (RADIUS) or Tacacs

PKI

A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority

The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates

The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message

A public key infrastructure consists of

A certificate authority (CA) that issues and verifies digital certificate. A certificate includes the public key or information about the public key

A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor

One or more directories where the certificates (with their public keys) are held

A certificate management system

Asymmetric and Symmetric

Asymmetric cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely

A user requests a public and private key pair

A user who wants to send an encrypted message can get the intended recipient’s public key from a public administrator

When the recipient gets the message, they decrypt it with their private key, which no one else should have access to

This process is known as a public key infrastructure

In symmetric cryptography, the same key is used for both encryption and decryption

This approach is simpler but less secure since the key must be communicated to and known at both sender and receiver locations

Malware
www.sarc.com

Malware (for “malicious software”) is programming or files that are developed for the purpose of doing harm

Malware includes computer viruses, worms, and Trojan horses

A virus is a piece of programming code usually disguised as something else that causes some unexpected and usually undesirable event

A virus is often designed so that it is automatically spread to other computer users

Viruses can be transmitted as attachments to an e-mail note, as downloads, or be present on a diskette or CD

The source of the e-mail note, downloaded file, or diskette you’ve received is often unaware of the virus

Generally, there are three main classes of viruses

File infectors

System or boot-record infectors

Macro viruses

The best protection against a virus is to know the origin of each program or file you load into your computer or open from your e-mail program and make sure you have updated virus protection software, engines and definitions on your systems

Nonrepudiation

In general, Nonrepudiation is the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated

On the Internet, the digital signature is used not only to ensure that a message or document has been electronically signed by the person that purported to sign the document, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the signature

Since no security technology is absolutely foolproof, some experts warn that the digital signature alone may not always guarantee Nonrepudiation

It is suggested that multiple approaches be used, such as capturing unique biometric information and other data about the sender or signer that collectively would be difficult to repudiate

Smurfing

Smurfing is the attacking of a network by exploiting Internet Protocol (IP) broadcast addressing and certain other aspects of Internet operation

The exploit of smurfing, as it has come to be known, takes advantage of certain known characteristics of the Internet Protocol (IP) and the Internet Control Message Protocol (ICMP)

ICMP is used by network nodes and their administrators to exchange information about the state of the network

ICMP can be used to ping other nodes to see if they are operational. An operational node returns an echo message in response to a ping message

A smurf program builds a network packet that appears to originate from another address (this is known as spoofing an IP address)

The packet contains an ICMP ping message that is addressed to an IP broadcast address, meaning all IP addresses in a given network

The echo responses to the ping message are sent back to the “victim” address. Enough pings and resultant echoes can flood the network making it unusable for real traffic

One way to defeat smurfing is to disable IP broadcast addressing at each network router since it is seldom used

Social Engineering

In computer security, social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures

A social engineer runs what used to be called a “con game”. For example, a person using social engineering to break into a computer network would try to gain the confidence of someone who is authorized to access the network in order to get them to reveal information that compromises the network’s security

They might call the authorized employee with some kind of urgent problem; social engineers often rely on the natural helpfulness of people as well as on their weaknesses

DDOS

On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system

The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users

Disaster Recovery (Hot / Cold Site)

A hot site is a commercial disaster recovery service that allows a business to continue computer and network operations in the event of a computer or equipment disaster

A cold site is a similar type of disaster recovery service that provides office space, but the customer provides and installs all the equipment needed to continue operations

Infrastructure Security

Devices

Firewalls – used to filter traffic and create a choke point into your infrastructure

Routers – used to route packets… can also be fixed with ACL’s of access control lists for security

Switches – you can configure VLANs on them for security. VLANs will separate broadcast domains and subnets and you can apply security that way

Wireless – wireless systems are very vulnerable to attack. You must know how to apply encryption to secure these systems

Modems – modems allow for dial in access to your infrastructure. Know they are susceptible to war dialing an exploitation

VPN – virtual private networks… used to encrypt personal data over an unsecure medium like the Internet

IDS – intrusion detection systems used for host and network based intrusion detection

Security Topologies

DMZ – Demilitarized Zone used to create an isolated segment for public access into your infrastructure

Extranet – usually a VPN based connection from business partners to your company for exchanging business data

Education – Training of end users, executives and HR

User Awareness – make sure you users are aware of the dangers of hackers and exploitation especially in secure environments

Education – educating them is the best way… they are generally the weakest link in your security infrastructure

Online Resources – make sure personnel know how to find information online especially for research purposes

Documentation

You must have network documentation in times of security planning and disaster recover

You will also need a security policy / and a disaster recovery plan for you infrastructure

نمونه ای از کتاب Security +

Security+ Certification Training Kit

By Microsoft Corporation, Andy Ruth, Kurt Hudson

Publisher: Microsoft Press

Released: February 2003

Pages: ۵۱۲

اطلاعات آزمون

جزئیات آزمون

تعداد کل سوالات

حداکثر ۱۰۰ سوال

مدت زمان آزمون

۹۰ دقیقه

امتیاز مورد نیاز جهت قبولی

۷۵۰
(مقیاس نمره از؛۱۰۰-۹۰۰ )

تجارب پیشنهادی

گواهی نامه CompTIA Network + و ۲ سال سابقه کار فنی در زمینه شبکه با تاکید بر روی مباحث امنیتی

زبانها

انگلیسی، کره ای، آلمانی، ژاپنی

کد آزمون

SY0-301, JK0-018

لینک نمونه سوالات+ Security

برای دریافت سوالات اطلاعات مورد نیاز را وارد نمایید

آزمون دوره بین المللی +Security (امنیت)

http://certification.comptia.org/Training/testingcenters/samplequestions.aspx