www.Ebook777.com


Syngress knows what passing the exam means to
you and to your career. And we know that you
are often financing your own training and
certification; therefore, you need a system that is
comprehensive, affordable, and effective.
Boasting one-of-a-kind integration of text, DVD-quality
instructor-led training, and Web-based exam simulation, the
Syngress Study Guide & DVD Training System guarantees 100% coverage of exam
objectives.
The Syngress Study Guide & DVD Training System includes:
■

Study Guide with 100% coverage of exam objectives By reading
this study guide and following the corresponding objective list, you
can be sure that you have studied 100% of the exam objectives.

■

Instructor-led DVD This DVD provides almost two hours of virtual
classroom instruction.

■

Web-based practice exams Just visit us at www.syngress.com/
certification to access a complete exam simulation.

Thank you for giving us the opportunity to serve your certification needs. And
be sure to let us know if there’s anything else we can do to help you get the

maximum value from your investment. We’re listening.

www.syngress.com/certification


SYNGRESS STUDY GUIDES &
DVD TRAINING SYSTEMS
AVAILABLE NOW!
ORDER at
www.syngress.com/certification

SSCP Systems Security Certified Practitioner
Study Guide & DVD Training System
The need for qualified information security specialists is at an all-time
high. This is the only announced book that shows network and security
administrators how to obtain the SSCP certification.
ISBN: 1-931836-80-9
Price: $59.95 USA $92.95 CAN

AVAILABLE NOW!
ORDER at
www.syngress.com/certification

Security+ Study Guide & DVD Training System
The Security+ Study Guide & DVD Training System is a one-of-a-kind
integration of text, DVD-quality instructor led training, and Web-based
exam simulation and remediation. This system gives you 100% coverage
of the official CompTIA® Security+ exam objectives plus test preparation
software for the edge you need to pass the exam on your first try.
ISBN: 1-931836-72-8

Price: $59.95 USA $92.95 CAN

Watch for our Study Guide and DVD Training Systems
for .NET Certification! Coming… May, 2003
AVAILABLE AUGUST 2003!
ORDER at
www.syngress.com/certification

MCSE Installing, Configuring, and Administering
Microsoft .NET Server (Exam 70-275) Study Guide &
DVD Training System
A fully integrated (Study Guide/Online Exam/DVD) learning system
guaranteed to deliver 100% coverage of Microsoft’s learning objectives
for MCSE Exam 70-275, one of four core requirements for MCSE .NET
certification.
ISBN: 1-931836-92-2
Price: $59.95 USA $92.95 CAN

www.syngress.com/certification

www.Ebook777.com


Will Schmied
Robert J. Shimonski
Dr. Thomas W. Shinder
Tony Piltzecker

Technical Editor


Technical Editor


Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or
production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results
to be obtained from the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work
is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state
to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or
other incidental or consequential damages arising out from the Work or its contents. Because some
states do not allow the exclusion or limitation of liability for consequential or incidental damages, the
above limitation may not apply to you.
You should always use reasonable care, including backup and other appropriate precautions, when
working with computers, networks, data, and files.
Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,” “Ask the Author
UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc. “Mission
Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress
Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of
their respective companies.
KEY
001
002
003
004
005
006
007
008
009

010

SERIAL NUMBER
PV43KFU7GY
Q29T6CN7VA
8C38A9HF5X
Z6TN247H9Y
7PT5R3T8MS
3SHX6BNC4E
G8PQND42AK
9EU6BKM8D7
SU76W4KDFH
5BVF397V2Z

PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
MCSE Implementing and Administering Security in a
Windows 2000 Network Study Guide & DVD Training System

Copyright © 2003 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of
America. Except as permitted under the Copyright Act of 1976, no part of this publication may be
reproduced or distributed in any form or by any means, or stored in a database or retrieval system,
without the prior written permission of the publisher, with the exception that the program listings
may be entered, stored, and executed in a computer system, but they may not be reproduced for
publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-931836-84-1

Technical Editor:Thomas W. Shinder M.D
Cover Designer: Michael Kavish
and Tony Piltzecker
Page Layout and Art by: Shannon Tozier
Technical Reviewer: Robert J. Shimonski
Copy Editor: Darlene Bordwell and Judy Edy
Acquisitions Editor: Jonathan Babcock
Indexer: Rich Carlson
DVD Production: Michael Donovan
Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada.

www.Ebook777.com


Acknowledgments
We would like to acknowledge the following people for their kindness and support in
making this book possible.
Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin
Votel, Kent Anderson, Frida Yara, Jon Mayes, John Mesjak, Peg O’Donnell, Sandra
Patterson, Betty Redmond, Roy Remer, Ron Shapiro, Patricia Kelly, Andrea Tetrick,
Jennifer Pascal, Doug Reil, David Dahl, Janis Carpenter, and Susan Fryer of Publishers
Group West for sharing their incredible marketing experience and expertise.
Duncan Enright, AnnHelen Lindeholm, David Burton, Febea Marinetti, and Rosie Moss
of Elsevier Science for making certain that our vision remains worldwide in scope.
David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim,
Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which
they receive our books.
Kwon Sung June at Acorn Publishing for his support.
Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow,
Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates for all their

help and enthusiasm representing our product in Canada.
Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at
Jaguar Book Group for their help with distribution of Syngress books in Canada.
David Scott, Annette Scott, Geoff Ebbs, Hedley Partis, Bec Lowe, and Mark Langley of
Woodslane for distributing our books throughout Australia, New Zealand, Papua New
Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.
Winston Lim of Global Publishing for his help and support with distribution of Syngress
books in the Philippines.

v


Author
Will Schmied (BSET, MCSE, CWNA, MCSA, Security+, Network+, A+)
is a featured writer on Windows 2000 and Windows XP technologies for
CramSession.com. He has also authored several works for various Microsoft
certification exams.Will provides consulting and training on Microsoft products to small and medium sized organizations in the Hampton Roads,VA
area. He holds a bachelor’s degree in Mechanical Engineering Technology
from Old Dominion University and is a member of the American Society of
Mechanical Engineers and the National Society of Professional Engineers.
Will currently resides in Newport News,VA with his wife, Allison, and their
children, Christopher, Austin, Andrea, and Hannah.

Contributors
Dave Bixler is the Technology Services Manager and Information Security
Officer for Siemens Business Systems Inc., one of the world’s leading IT service providers, where he heads a consulting group responsible for internal IT
consulting, and is also responsible for information security company-wide.
Dave has been working in the computer industry for longer than he cares to
remember, working on everything from paper tape readers to Windows .NET
servers. He currently focuses on Internet technologies, specifically thin client

servers, transparent proxy servers, and information security. Dave’s industry
certifications include Microsoft’s MCP and MCSE, and Novell’s MCNE.
Martin Grasdal (MCSE+I, MCSE/W2K, MCT, CISSP, CTT, A+), Director
of Web Sites and CTO at Brainbuzz.com, has worked in the computer
industry for over nine years. He has been an MCT since 1995 and an MCSE
since 1996. His training and networking experience covers a broad range of
products, including NetWare, Lotus Notes,Windows NT and 2000,
Exchange Server, IIS, Proxy Server, and ISA Server. Martin also works

www.Ebook777.com


actively as a consultant. His recent consulting experience includes contract
work for Microsoft as a Technical Contributor to the MCP Program on projects related to server technologies. Martin has served as Technical Editor for
several Syngress books, including Configuring ISA Server 2000: Building
Firewalls for Windows 2000 (ISBN: 1-928994-29-6), and Configuring and
Troubleshooting Windows XP Professional (ISBN: 1-928994-80-6). Martin lives
in Edmonton, Alberta, Canada with his wife, Cathy, and their two sons.

Technical Reviewer & Contributor
Robert J. Shimonski (Sniffer SCP, Cisco CCDP, CCNP, Nortel NNCSS,
MCSE, MCP+I, Master CNE, CIP, CIBS, CWP, CIW, GSEC, GCIH,
Server+, Network+, i-Net+, A+, e-Biz+,TICSA, SPS) is the Lead Network
Engineer and Security Analyst for Thomson Industries, a leading manufacturer and provider of linear motion products and engineering. One of
Robert’s responsibilities is to use multiple network analysis tools to monitor,
baseline, and troubleshoot an enterprise network comprised of many protocols and media technologies.
Robert currently hosts an online forum for TechTarget.com and is
referred to as the “Network Management Answer Man,” where he offers
daily solutions to seekers of network analysis and management advice.
Robert’s other specialties include network infrastructure design with the

Cisco and Nortel product line for enterprise networks. Robert also provides
network and security analysis using Sniffer Pro, Etherpeek, the CiscoSecure
Platform (including PIX Firewalls), and Norton’s AntiVirus Enterprise
Software.
Robert has contributed to many articles, study guides and certification
preparation software,Web sites, and organizations worldwide, including MCP
Magazine,TechTarget.com, BrainBuzz.com, and SANS.org. Robert’s background includes positions as a Network Architect at Avis Rent A Car and
Cendant Information Technology. Robert holds a bachelor’s degree from
SUNY, NY and is a part time Licensed Technical Instructor for Computer
Career Center in Garden City, NY teaching Windows-based and
vii


Networking Technologies. Robert is also a contributing author for
Configuring and Troubleshooting Windows XP Professional (Syngress Publishing,
ISBN: 1-928994-80-6) BizTalk Server 2000 Developer’s Guide for .NET
(Syngress, ISBN: 1-928994-40-7), and Sniffer Pro Network Optimization &
Troubleshooting Handbook (Syngress, ISBN: 1-931836-57-4).

Technical Editors
Thomas W. Shinder M.D. (MVP, MCSE) is a computing industry veteran who has worked as a trainer, writer, and a consultant for Fortune 500
companies including FINA Oil, Lucent Technologies, and Sealand Container
Corporation.Tom was a Series Editor of the Syngress/Osborne Series of
Windows 2000 Certification Study Guides and is author of the best selling
book Configuring ISA Server 2000: Building Firewalls with Windows 2000
(Syngress Publishing, ISBN: 1-928994-29-6).Tom is the editor of the
Brainbuzz.com Win2k News newsletter and is a regular contributor to
TechProGuild. He is also content editor, contributor, and moderator for the
World’s leading site on ISA Server 2000, www.isaserver.org. Microsoft recognized Tom’s leadership in the ISA Server community and awarded him their
Most Valued Professional (MVP) award in December of 2001.

Tony Piltzecker (CISSP, MCSE, CCNA, Check Point CCSA, Citrix CCA,
Security+) is author of the CCSA Exam Cram and co-author of the
Security+ Study Guide and DVD Training System (Syngress Publishing, ISBN:
1-931836-72-8). He is a Network Architect with Planning Systems Inc., providing network design and support for federal and state agencies.Tony’s specialties include network security design, implementation, and testing.Tony’s
background includes positions as a senior networking consultant with
Integrated Information Systems and a senior engineer with Private
Networks, Inc. He holds a bachelor’s degree in Business Administration and
is a member of ISSA.Tony resides in Leominster, MA with his wife, Melanie,
and his daughter, Kaitlyn.
viii

www.Ebook777.com


About the Study Guide &
DVD Training System
In this book, you’ll find lots of interesting sidebars designed to highlight the most important concepts being presented in the main text.These include the following:
■

Exam Warnings focus on specific elements on which the reader needs to
focus in order to pass the exam.

■

Test Day Tips are short tips that will help you in organizing and remembering
information for the exam.

■

Notes from the Underground contain background information that goes

beyond what you need to know from the exam, providing a deep foundation
for understanding the security concepts discussed in the text.

■

Damage and Defense relate real-world experiences to security exploits while
outlining defensive strategies.

■

Head of the Class discussions are based on the author’s interactions with students in live classrooms and the topics covered here are the ones students have
the most problems with.

Each chapter also includes hands-on exercises. It is important that you work through
these exercises in order to be confident you know how to apply the concepts you have
just read about.
You will find a number of helpful elements at the end of each chapter. For example,
each chapter contains a Summary of Exam Objectives that ties the topics discussed in that
chapter to the published objectives. Each chapter also contains an Exam Objectives Fast
Track, which boils all exam objectives down to manageable summaries that are perfect
for last minute review. The Exam Objectives Frequently Asked Questions answers those questions that most often arise from readers and students regarding the topics covered in the
chapter. Finally, in the Self Test section, you will find a set of practice questions written in
a multiple-choice form similar to those you will encounter on the exam.You can use the
Self Test Quick Answer Key that follows the Self Test questions to quickly determine what
information you need to review again.The Self Test Appendix at the end of the book provides detailed explanations of both the correct and incorrect answers.

ix


Additional Resources

There are two other important exam preparation tools included with this Study Guide.
One is the DVD included in the back of this book.The other is the practice exam available from our website.
■

Instructor-led training DVD provides you with almost two hours of
virtual classroom instruction. Sit back and watch as an author and trainer
reviews all the key exam concepts from the perspective of someone taking the
exam for the first time. Here, you’ll cut through all of the noise to prepare you
for exactly what to expect when you take the exam for the first time.You will
want to watch this DVD just before you head out to the testing center!

■

Web based practice exams. Just visit us at www.syngress.com/certification
to access a complete Exam Simulation.These exams are written to test you on
all of the published certification objectives.The exam simulator runs in both
“live” and “practice” mode. Use “live” mode first to get an accurate gauge of
your knowledge and skills, and then use practice mode to launch an extensive
review of the questions that gave you trouble.

x

www.Ebook777.com


Table of Contents and
Security+ Exam Objectives
All of CompTIA’s published objectives for the Security+
exam are covered in this book. To help you easily
find the sections that directly support particular

objectives, we’ve referenced the domain and
objective number next to the corresponding text
in the following Table of Contents. In some chapters, we’ve made the judgment that it is probably
easier for the student to cover objectives in a
slightly different sequence than the order of the
published CompTIA objectives. By reading this study guide
and following the corresponding exam objective list, you
can be sure that you have studied 100% of CompTIA’s
Security+ exam objectives.

™ Domain 1.0 General Security Concepts …………………………1
Chapter 1 Access Control, Authentication, and Auditing ……3
Introduction…………………………………………………………4
Introduction to AAA ………………………………………………4
What is AAA? …………………………………………………5
Access Control ………………………………………………6
Authentication ………………………………………………6
Auditing ……………………………………………………7
1.1
Access Control………………………………………………………7
1.1.1
MAC/DAC/RBAC ……………………………………………8
MAC…………………………………………………………8
DAC …………………………………………………………9
RBAC………………………………………………………10
1.2
Authentication ……………………………………………………12
1.2.1
Kerberos ………………………………………………………17
1.2.2

CHAP …………………………………………………………20
1.2.3
Certificates ……………………………………………………21
1.2.4
Username/Password……………………………………………22
1.2.5
Tokens …………………………………………………………23
1.2.6
Multi-Factor …………………………………………………24
xv


xvi

Contents

1.2.7
1.2.8

1.3

Mutual Authentication…………………………………………25
Biometrics ……………………………………………………26
Auditing ……………………………………………………………27
Auditing Systems ………………………………………………27
Logging ………………………………………………………32
System Scanning ………………………………………………32
Disabling Non-Essential Services, Protocols, Systems
and Processes ……………………………………………………34
Non-Essential Services…………………………………………34

Non-Essential Protocols ………………………………………35
Disabling Non-Essential Systems ………………………………36
Disabling Non-Essential Processes ……………………………36
Disabling Non-Essential Programs ……………………………36
Summary of Exam Objectives ……………………………………40
Exam Objectives Fast Track ………………………………………41
Exam Objectives Frequently Asked Questions ……………………43
Self Test ……………………………………………………………44
Self Test Quick Answer Key ………………………………………52

Chapter 2 Attacks …………………………………………………53
1.4
Attacks ……………………………………………………………54
Active Attacks ……………………………………………………55
1.4.1
DoS/DDoS ……………………………………………………56
Resource Consumption Attacks ……………………………57
1.4.1
DDoS Attacks ………………………………………………58
1.4.12
Software Exploitation and Buffer Overflows …………………63
SYN Attacks …………………………………………………64
1.4.3
Spoofing ………………………………………………………65
1.4.4
Man in the Middle Attacks ……………………………………69
1.4.5
Replay Attacks …………………………………………………70
1.4.6
TCP/IP Hijacking ……………………………………………71

Wardialing ……………………………………………………71
Dumpster Diving ………………………………………………72
1.6
Social Engineering ……………………………………………72
Passive Attacks ……………………………………………………73
1.7
Vulnerability Scanning …………………………………………74
Sniffing and Eavesdropping ……………………………………75
1.4.11 Password Attacks …………………………………………………76

www.Ebook777.com


Contents

1.4.11.1
Brute Force Attacks ……………………………………………76
1.4.11.2
Dictionary-Based Attacks………………………………………77
1.5
Malicous Code Attacks ……………………………………………77
1.5.1
1.5.2
1.5.3
1.5.4
1.4.2

Malware ………………………………………………………77
Viruses ……………………………………………………78
Trojan Horses ………………………………………………80

Logic Bombs ………………………………………………83
Worms ……………………………………………………83
Back Door ……………………………………………………84
Summary of Exam Objectives ……………………………………86
Exam Objectives Fast Track ………………………………………87
Exam Objectives Frequently Asked Questions ……………………89
Self Test ……………………………………………………………90
Self Test Quick Answer Key ………………………………………94

™ Domain 2.0 Communication Security …………………………95
Chapter 3 Remote Access and E-mail …………………………97
Introduction ………………………………………………………98
The Need for Communication Security …………………………98
Communications-Based Security………………………………99
1.1
Remote Access Security …………………………………………100
1.1.1
802.1x ………………………………………………………100
EAP ………………………………………………………102
Vulnerabilities ……………………………………………103
1.1.2
VPN …………………………………………………………105
Site-to-Site VPN …………………………………………105
Remote Access VPN………………………………………107
1.1.3
RADIUS ……………………………………………………108
Authentication Process ……………………………………109
Vulnerabilities ……………………………………………109
1.1.4
TACACS/+ …………………………………………………110

TACACS …………………………………………………110
XTACACS ………………………………………………110
TACACS+ ………………………………………………111
Vulnerabilities ……………………………………………112
1.1.5
PPTP/L2TP …………………………………………………113
PPTP ……………………………………………………113

xvii


xviii

Contents

L2TP………………………………………………………116
SSH …………………………………………………………118
How SSH Works …………………………………………118
1.1.7
IPSec …………………………………………………………118
IPSec Authentication ……………………………………121
ISAKMP …………………………………………………121
1.1.8
Vulnerabilities…………………………………………………122
Eavesdropping ……………………………………………122
Data Modification…………………………………………122
Identity Spoofing …………………………………………123
User Vulnerabilities and Errors ……………………………123
Administrator Vulnerabilities and Errors …………………123
1.2

E-mail Security …………………………………………………124
1.2.1
MIME ………………………………………………………127
1.2.1
S/MIME ……………………………………………………127
1.2.2
PGP …………………………………………………………128
How PGP Works …………………………………………129
PGP Interface Integration…………………………………129
1.2.3
Vulnerabilities…………………………………………………135
SMTP Relay………………………………………………136
E-mail and Viruses ………………………………………139
1.2.3.1
Spam ………………………………………………………141
1.2.3.2
Hoaxes ……………………………………………………142
Summary of Exam Objectives ……………………………………144
Exam Objectives Fast Track ………………………………………147
Exam Objectives Frequently Asked Questions …………………149
Self Test …………………………………………………………151
Self Test Quick Answer Key………………………………………158
1.1.6

Chapter 4 Wireless ………………………………………………159
Introduction ………………………………………………………160
1.6
Wireless Concepts ………………………………………………160
Understanding Wireless Networks……………………………160
Overview of Wireless Communication in a

Wireless Network …………………………………………161
Radio Frequency Communications ………………………161
Spread Spectrum Technology ……………………………163

www.Ebook777.com


Contents

1.6.3
1.6.1
1.6.2

1.6.3

1.6.4

1.6.4.1

Wireless Network Architecture……………………………165
CSMA/CD and CSMA/CA ……………………………166
Wireless Local Area Networks ………………………………168
WAP …………………………………………………………169
WTLS ………………………………………………………170
IEEE 802.11 …………………………………………………170
IEEE 802.11b ……………………………………………171
Ad-Hoc and Infrastructure Network Configuration …………173
WEP …………………………………………………………174
Creating Privacy with WEP ………………………………176
Authentication ……………………………………………178

Common Exploits of Wireless Networks ……………………184
Passive Attacks on Wireless Networks ……………………184
Active Attacks on Wireless Networks ……………………190
MITM Attacks on Wireless Networks ……………………191
Wireless Vulnerabilities ………………………………………191
WAP Vulnerabilities …………………………………………192
WEP Vulnerabilities …………………………………………193
Security of 64-Bit versus 128-Bit Keys …………………197
Acquiring a WEP Key ……………………………………198
Addressing Common Risks and Threats ……………………202
Finding a Target …………………………………………202
Finding Weaknesses in a Target ……………………………206
Exploiting Those Weaknesses ……………………………207
Sniffing ………………………………………………………208
Protecting Against Sniffing and Eavesdropping……………211
Spoofing (Interception) and Unauthorized Access …………211
Protecting Against Spoofing and Unauthorized Attacks …213
Network Hijacking and Modification ………………………213
Protection against Network Hijacking and Modification…215
Denial of Service and Flooding Attacks………………………215
Protecting Against DoS and Flooding Attacks ……………218
IEEE 802.1x Vulnerabilities …………………………………218
Site Surveys …………………………………………………219
Additional Security Measures for Wireless Networks ………219
Using a Separate Subnet for Wireless Networks …………220
Using VPNs for Wireless Access to Wired Network ………220

xix



xx

Contents

Temporal Key Integrity Protocol …………………………223
Message Integrity Code (MIC) …………………………223
IEEE 802.11i Standard ……………………………………224
Summary …………………………………………………………228
Exam Objectives Fast Track ………………………………………231
Exam Objectives Frequently Asked Questions …………………234
Self Test …………………………………………………………237
Self Test Quick Answer Key………………………………………242
Chapter 5 Web Security …………………………………………243
Introduction ………………………………………………………244
1.3
Web Security ……………………………………………………244
Web Server Lockdown ………………………………………245
Managing Access Control …………………………………246
Handling Directory and Data Structures …………………247
Eliminating Scripting Vulnerabilities ………………………247
Logging Activity …………………………………………248
Performing Backups ………………………………………249
Maintaining Integrity ……………………………………249
Finding Rogue Web Servers ………………………………250
Stopping Browser Exploits……………………………………254
Exploitable Browser Characteristics ………………………254
Web Spoofing ……………………………………………255
Web Server Exploits …………………………………………257
1.3.1/1.3.2 SSL and HTTP/S ……………………………………………258
1.3.1/1.4.1

SSL and TLS ………………………………………………258
S-HTTP …………………………………………………259
1.3.3
Instant Messaging ……………………………………………261
1.3.3.1
Vulnerabilites ……………………………………………261
1.3.3.2
IP Addressing Conventions ……………………………261
1.3.3.3
File Transfer ……………………………………………261
1.3.3.4
Privacy …………………………………………………261
1.3.4
Web-based Vulnerabilities ……………………………………262
Understanding Java-, JavaScript-, and
ActiveX-based Problems…………………………………262
Preventing Problems with Java, JavaScript, and ActiveX …265
Programming Secure Scripts………………………………270
1.3.4.5
Code Signing: Solution or More Problems?………………272

www.Ebook777.com


Contents

Understanding Code Signing ……………………………272
The Strengths of Code Signing …………………………273
Problems with the Code Signing Process…………………273
1.3.4.1

JavaScript ……………………………………………………275
1.3.4.2
ActiveX ………………………………………………………276
Dangers Associated with Using ActiveX …………………278
Avoiding Common ActiveX Vulnerabilities ………………280
Lessening the Impact of ActiveX Vulnerabilities …………282
1.3.4.3
Buffer Overflows ……………………………………………286
Making Browsers and E-Mail Clients More Secure …………288
Restricting Programming Languages ……………………288
Keep Security Patches Current……………………………289
1.3.4.4
Cookie Awareness …………………………………………289
Securing Web Browser Software ……………………………290
Securing Microsoft Internet Explorer ……………………290
1.3.4.6
CGI …………………………………………………………294
What is a CGI Script and What Does It Do? ……………295
Typical Uses of CGI Scripts ………………………………297
Break-ins Resulting from Weak CGI Scripts…………………301
CGI Wrappers ……………………………………………303
whisker …………………………………………………303
1.5
FTP Security ……………………………………………………307
1.5.1
S/FTP ………………………………………………………307
1.5.2
Blind FTP/Anonymous………………………………………307
1.5.3/1.5.4 FTP Sharing and Vulnerabilities………………………………308
1.5.4.1

Packet Sniffing FTP Transmissions……………………………308
1.4
Directory Services and LDAP Security …………………………312
1.4.2
LDAP …………………………………………………………312
Summary of Exam Objectives ……………………………………315
Exam Objectives Fast Track ………………………………………315
Exam Objectives Frequently Asked Questions …………………318
Self Test …………………………………………………………320
Self Test Quick Answer Key………………………………………326
™ Domain 3.0 Infrastructure Security ……………………………327
Chapter 6 Devices and Media …………………………………329
Introduction ………………………………………………………330
1.1
Device-based Security ……………………………………………330

xxi


xxii

Contents

1.1.1

1.1.2
1.1.3
1.1.4
1.1.5
1.1.6

1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.2
1.2.1

1.2.2
1.2.3
1.2.4
1.2.4.1
1.2.4.2
1.2.4.3
1.2.4.4
1.2.4.5
1.5.4.6

Firewalls ………………………………………………………331
Packet Filtering Firewalls …………………………………332
Application Layer Gateways ………………………………337
Stateful Inspection Firewalls ………………………………339
Routers ………………………………………………………342
Switches ………………………………………………………345
Wireless ………………………………………………………348
Modems ………………………………………………………349
RAS …………………………………………………………352
Telecom/PBX ………………………………………………354

Virtual Private Network ……………………………………355
IDS……………………………………………………………359
Network Monitoring/Diagnostic ……………………………362
Workstations …………………………………………………363
Servers ………………………………………………………367
Mobile Devices ………………………………………………368
Media-based Security ……………………………………………369
Coax Cable …………………………………………………370
Thin Coax ………………………………………………370
Thick Coax ………………………………………………371
Vulnerabilities of Coax Cabling …………………………372
UTP/STP Cable ……………………………………………372
Fiber Optic Cable ……………………………………………375
Removable Media ……………………………………………376
Magnetic Tape ……………………………………………377
CDR………………………………………………………378
Hard Drives ………………………………………………378
Diskettes …………………………………………………379
Flashcards …………………………………………………380
Smart Cards ………………………………………………381
Summary of Exam Objectives ……………………………………382
Exam Objectives Fast Track ………………………………………385
Exam Objectives Frequently Asked Questions …………………386
Self Test …………………………………………………………387
Self Test Quick Answer Key………………………………………393

www.Ebook777.com


Contents


Chapter 7 Topologies and IDS …………………………………395
Introduction ………………………………………………………396
1.3
Security Topologies ………………………………………………397
1.3.1
Security Zones ………………………………………………398
1.3.1.1
Introducing the Demilitarized Zone ……………………402
1.3.1.2
Intranet ……………………………………………………409
1.3.1.3
Extranet……………………………………………………412
1.3.2
VLANs ………………………………………………………414
1.3.3
Network Address Translation …………………………………416
1.3.4
Tunneling ……………………………………………………420
1.4
Intrusion Detection ……………………………………………422
1.4.1/1.4.2 Network- and Host-Based IDSs ……………………………424
Signature-Based IDSs and Detection Evasion ………………429
Popular Commercial IDS Systems……………………………431
1.4.3
Honeypots and Honeynets …………………………………433
Judging False Positives and Negatives ………………………436
1.4.4
Incident Response ……………………………………………437
Summary of Exam Objectives ……………………………………438

Exam Objectives Fast Track ………………………………………439
Exam Objectives Frequently Asked Questions …………………441
Self Test …………………………………………………………443
Self Test Quick Answer Key………………………………………448
Chapter 8 System Hardening……………………………………449
Introduction ………………………………………………………450
1.5.1 Concepts and Processes of OS and NOS Hardening ……………451
1.5.1.1
File System……………………………………………………453
1.5.1.2
Updates ………………………………………………………454
Hotfixes……………………………………………………455
Service Packs………………………………………………456
Patches ……………………………………………………456
1.5.2 Network Hardening………………………………………………458
1.5.2.1
Updates (Firmware) …………………………………………459
1.5.2.2
Configuration ………………………………………………459
1.5.2.2.1
Enabling and Disabling Services and Protocols …………459
1.5.2.2.2
Access Control Lists ………………………………………467
1.5.5 Application Hardening……………………………………………468

xxiii


xxiv


Contents

1.5.3.1

Updates ………………………………………………………469
Hotfixes……………………………………………………470
Service Packs………………………………………………470
Patches ……………………………………………………470
1.5.3.2
Web Servers …………………………………………………470
1.5.3.3
E-mail Servers ………………………………………………472
1.5.3.4
FTP Servers …………………………………………………473
1.5.3.5
DNS Servers …………………………………………………473
1.5.3.6
NNTP Servers ………………………………………………474
1.5.3.7
File and Print Servers ………………………………………475
1.5.3.8
DHCP Servers ………………………………………………477
1.5.3.9
Data Repositories ……………………………………………478
1.5.3.9.1
Directory Services…………………………………………479
1.5.3.9.2
Databases …………………………………………………480
Summary of Exam Objectives ……………………………………482
Exam Objectives Fast Track ………………………………………482

Exam Objectives Frequently Asked Questions …………………483
Self Test …………………………………………………………485
Self Test Quick Answer Key………………………………………493
™ Domain 4.0 Basics of Cryptography …………………………495
Chapter 9 Basics of Cryptography ……………………………497
Introduction ………………………………………………………498
1.1
Algorithms ………………………………………………………499
What Is Encryption? …………………………………………499
1.1.2
Symmetric Encryption Algorithms …………………………500
DES and Triple DES………………………………………501
Advanced Encryption Standard (Rijndael) ………………503
International Data Encryption Algorithm ………………504
1.1.3
Asymmetric Encryption Algorithms …………………………505
Diffie-Hellman ……………………………………………507
El Gamal …………………………………………………508
RSA ………………………………………………………509
1.1.1
Hashing Algorithms …………………………………………510
1.2
Concepts of Using Cryptography ………………………………512
1.2.1
Confidentiality ………………………………………………513
1.2.2
Integrity ………………………………………………………514

www.Ebook777.com



Contents

1.2.2.1

Digital Signatures …………………………………………515
MITM Attacks ……………………………………………516
1.2.3
Authentication ………………………………………………518
1.2.4
Non-Repudiation ……………………………………………519
1.2.4.1
Digital Signatures …………………………………………519
1.2.5
Access Control ………………………………………………519
Summary of Exam Objectives ……………………………………520
Exam Objectives Fast Track ………………………………………521
Exam Objectives Frequently Asked Questions …………………522
Self Test …………………………………………………………525
Self Test Quick Answer Key………………………………………530
Chapter 10 Public Key Infrastructure …………………………531
Introduction ………………………………………………………532
1.3
PKI ………………………………………………………………532
1.3.1
Certificates ……………………………………………………535
X.509 ……………………………………………………536
1.3.1.1
Certificate Policies ………………………………………538
1.3.1.2

Certificate Practice Statements ……………………………539
1.3.2
Revocation……………………………………………………539
Certificate Revocation List ………………………………540
Online Certificate Status Protocol ………………………541
1.3.3
Trust Models …………………………………………………541
Single CA Model …………………………………………543
Hierarchical Model ………………………………………543
Web-of-Trust Model ……………………………………546
1.4
Standards and Protocols ………………………………………546
1.5
Key Management Lifecycle ………………………………………549
1.5.1
Centralized versus Decentralized Keys ………………………549
1.5.2
Storage ………………………………………………………550
1.5.2.1
Hardware Key Storage versus Software Key Storage ……550
1.5.2.2
Private Key Protection ……………………………………552
1.5.3
Escrow ………………………………………………………552
1.5.4
Expiration ……………………………………………………554
1.5.5
Revocation……………………………………………………554
1.5.6.1
Status Checking …………………………………………555

1.5.6
Suspension ……………………………………………………556

xxv


xxvi

Contents

Status Checking …………………………………………557
Recovery ……………………………………………………557
Key Recovery Information ………………………………558
1.5.7.1
M of N Control …………………………………………558
1.5.8
Renewal………………………………………………………559
1.5.9
Destruction …………………………………………………560
1.5.10
Key Usage ……………………………………………………561
1.5.10.1
Multiple Key Pairs (Single, Dual) …………………………561
Summary of Exam Objectives ……………………………………562
Exam Objectives Fast Track ………………………………………563
Exam Objectives Frequently Asked Questions …………………564
Self Test …………………………………………………………565
Self Test Quick Answer Key………………………………………572
1.5.7


™ Domain 5.0 Operational and Organization Security ………573
Chapter 11 Incident Response …………………………………575
Introduction ………………………………………………………576
1.1
Physical Security …………………………………………………576
1.1.1
Access Control ………………………………………………578
1.1.1.1
Physical Barriers …………………………………………582
1.1.1.2
Biometrics…………………………………………………585
1.1.2
Social Engineering……………………………………………585
1.1.3
Environment …………………………………………………587
1.1.3.1
Wireless Cells ……………………………………………589
1.1.3.2
Location …………………………………………………590
1.1.3.3
Shielding …………………………………………………591
1.1.3.4
Fire Suppression …………………………………………593
1.6
Forensics …………………………………………………………594
Awareness …………………………………………………595
Conceptual Knowledge …………………………………597
Understanding ……………………………………………597
What Your Role Is ………………………………………598
1.6.1

Chain of Custody ……………………………………………602
1.6.2
Preservation of Evidence ……………………………………603
1.6.3
Collection of Evidence ………………………………………607
1.7
Risk Identification ………………………………………………610
1.7.1
Asset Identification……………………………………………611

www.Ebook777.com


Contents

1.7.2
1.7.3
1.7.4

Risk Assessment ………………………………………………614
Threat Identification …………………………………………617
Vulnerabilities…………………………………………………618
Summary of Exam Objectives ……………………………………620
Exam Objectives Fast Track ………………………………………620
Exam Objectives Frequently Asked Questions …………………622
Self Test …………………………………………………………624
Self Test Quick Answer Key………………………………………630

Chapter 12 Policies and Disaster Recovery …………………631
Introduction ………………………………………………………632

1.4
Policies and Procedures …………………………………………633
1.4.1
Security Policies………………………………………………635
Restricted Access Policies …………………………………635
Workstation Security Policies ……………………………636
Physical Security Policies …………………………………636
1.4.1.1
Acceptable Use Policies ………………………………………637
1.4.1.2
Due Care ……………………………………………………640
1.4.1.3
Privacy ………………………………………………………642
1.4.1.4
Separation of Duties …………………………………………644
1.4.1.5
Need to Know ………………………………………………645
1.4.1.6
Password Management ………………………………………646
Strong Passwords …………………………………………647
Password Changes and Restrictions ………………………648
Using Passwords as Part of a Multifaceted
Security System …………………………………………648
Administrator Accounts …………………………………649
1.4.1.7
SLA …………………………………………………………649
1.4.1.8
Disposal/Destruction …………………………………………650
1.4.1.9
HR Policy ……………………………………………………652

Code of Ethics ……………………………………………654
1.4.2
Incident Response Policy ……………………………………654
1.5
Privilege Management ……………………………………………659
1.5.1
User/Group/Role Management ……………………………659
1.5.2
Single Sign-on ………………………………………………662
1.5.3
Centralized versus Decentralized ……………………………663
1.5.4
Auditing ………………………………………………………665

xxvii


xxviii

Contents

Privilege …………………………………………………666
Usage ……………………………………………………666
Escalation …………………………………………………667
1.5.5
MAC/DAC/RBAC …………………………………………667
1.8
Education and Documentation …………………………………669
1.8.1
Communication………………………………………………669

1.8.2
User Awareness ………………………………………………671
1.8.3
Education ……………………………………………………673
1.8.4
Online Resources ……………………………………………674
1.9
Documentation ………………………………………………675
1.9.1
Standards and Guidelines ……………………………………676
1.9.2
Systems Architecture …………………………………………677
1.9.3
Change Documentation ……………………………………679
1.9.4
Logs and Inventories …………………………………………680
1.9.5
Classification …………………………………………………681
1.9.5.1
Notification ………………………………………………682
1.9.6
Retention/Storage ……………………………………………683
1.9.7
Destruction …………………………………………………684
1.2
Disaster Recovery ………………………………………………684
1.2.1
Backups ………………………………………………………685
Rotation Schemes…………………………………………686
1.2.1.1

Offsite Storage ……………………………………………689
1.2.2
Secure Recovery ……………………………………………690
1.2.2.1
Alternate Sites ……………………………………………692
1.2.3
Disaster Recovery Plan ………………………………………693
1.3
Business Continuity ………………………………………………695
1.3.1
Utilities ………………………………………………………697
1.3.2
High Availability/Fault Tolerance ……………………………698
Summary of Exam Objectives ……………………………………701
Exam Objectives Fast Track ………………………………………702
Exam Objectives Frequently Asked Questions …………………705
Self Test …………………………………………………………707
Self Test Quick Answer Key………………………………………713
Appendix A: Self Test Questions, Answers,
and Explanations …………………………………………………715
Index …………………………………………………………………803

www.Ebook777.com