Copyright © 2011 Darril Gibson All rights reserved. ISBN: 1463762364 ISBN-13: 9781463762360 eBook ISBN: 978-1-61915-813-9 Library of Congress Control Number: 2011913176 CreateSpace, North Charleston, SC Dedication To my wife, who even after nineteen years of marriage continues to remind me how wonderful life can be if you’re in a loving relationship. Thanks for sharing your life with me. Acknowledgments Books of this size and depth can’t be done by a single person, and I’m grateful for the many people who helped me put this book together. First, thanks to my wife. She has provided me immeasurable support throughout this project. The two technical editors, Duane Gibson and Bill Talbott, provided outstanding feedback and superb technical insight. Bill is an old friend from my Navy days, and he’s currently doing great things as a consultant working for Microsoft. Duane (my brother) is an old friend from my childhood days, and he’s widely recognized as a Cisco expert. They both have taught many Security+ classes and provided me with some great perspectives. I’m grateful they were involved in this project. I certainly appreciate all the feedback they gave me, but I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on them. The entire team at CreateSpace was easy to work with and provided excellent services from the first contact through the entire editing and layout process. I’m thankful for all the work and support they provided. About the Author Darril Gibson is an accomplished author and professional trainer. He has authored or coauthored more than a dozen books and contributed as a technical editor for many more books. He holds many current IT certifications, including: CompTIA A+, Network+, Security+, CASP, (ISC)2 SSCP, CISSP, Microsoft’s MCDST (XP), MCSA, MCSA Messaging (2000, 2003), MCSE (NT 4.0, 2000, 2003), MCDBA (SQL 7.0, 2000), MCITP (Vista, Server 2008, SQL 2005, SQL 2008), MCTS (Server 2008, SQL Server 2008), MCSD (6.0, .NET), and ITIL Foundations v 3.0. He is the CEO of Security Consulting and Training, LLC, and actively teaches, writes, and consults on a wide variety of IT topics, including CompTIA Security+. He also teaches as an adjunct professor at ECPI University. Darril lives in Virginia Beach with his wife and two dogs. Whenever possible, they escape to a small cabin in the country on over twenty acres of land that continue to provide peace, tranquility, and balance. You can send him an email at [email protected]. About the Technical Editors Duane Gibson’s certs are A+, Network+, Security+, MCSE, CCNA, CEH, and FCC-GROL. He has over 10 years’ experience as a technical trainer. Bill Talbott is the founder and CEO of Talbott Consulting and Training, Inc. and has been in the IT industry for over 23 years. He has been a technical trainer for the past 11 years specializing in the delivery of Microsoft, CompTIA and tailored curriculum for Universities, Fortune 500 and local companies. Table of Contents Introduction Who This Book is For About This Book How to Use This Book Remember This Vendor Neutral Web Resources Assumptions Set a Goal About the Exam Number of Questions and Duration Passing Score Beta Questions Question Types Exam Format Exam Prerequisites Exam Test Providers Exam Domains Objective to Chapter Map Recertification Requirements CompTIA Security+ Assessment Exam Assessment Exam Answers Chapter 1 Mastering the Basics of Security Exploring Core Security Principles Confidentiality Integrity Availability Balancing CIA Non-repudiation Defense in Depth Implicit Deny Introducing Basic Risk Concepts Exploring Authentication Concepts Comparing Identification, Authentication, and Authorization Identity Proofing Identity Proofing for Verification Self-service Password Reset Systems Three Factors of Authentication Something You Know Something You Have Something You Are Multifactor Authentication Exploring Authentication Services Kerberos LDAP Mutual Authentication Single Sign-on IEEE 802.1X Remote Access Authentication PAP CHAP MS-CHAP and MS-CHAPv2 RADIUS TACACS/XTACACS TACACS+ AAA Protocols Chapter 1 Exam Topic Review Chapter 1 Practice Questions Chapter 1 Practice Question Answers Chapter 2 Exploring Control Types and Methods Understanding Basic Control Types Technical Controls Management Controls Operational Controls Controls Based on Functions Preventative Controls Detective Controls Corrective Controls Exploring Access Control Models Role- and Rule-Based Access Control Using Roles Based on Jobs and Functions Establishing Access with Groups as Roles Using User Templates to Enforce Least Privilege Discretionary Access Control SIDs and DACLs The Owner Establishes Access Beware of Trojans Mandatory Access Control Labels and Lattice Establishing Access Understanding Physical Security Controls Access Controls Door Access Systems Physical Access Control—ID Badges Physical Access Lists and Logs Tailgating Mantraps Security Guards Video Surveillance (CCTV) Physical Tokens Hardware Locks Understanding Logical Access Controls Least Privilege Access Control Lists Group Policy Using a Password Policy Domain Password Policy Device Policy Account Management Centralized and Decentralized Account Management Disabling and Deleting Accounts Time-of-day Restrictions Account Expiration Account Access Review Chapter 2 Exam Topic Review Chapter 2 Practice Questions Chapter 2 Practice Question Answers Chapter 3 Understanding Basic Network Security Reviewing Basic Networking Concepts Protocols Common TCP/IP Protocols IPv4 vs IPv6 Subnetting Subnetting and Availability Calculating Subnet IP Addresses with a Calculator Understanding and Identifying Ports Well-Known Ports Combining the IP Address and the Port IP Address Used to Locate Hosts Server Ports Client Ports Putting It All Together The Importance of Ports in Security Port Scanners Understanding Basic Network Devices Hub Switch