Test Tips

Previous page
Table of content
Next page

  < Day Day Up > 


It has been stated already that security is a very broad topic. In order to prepare yourself for the Security+ exam and the plethora of possible questions you might encounter, you should focus your test preparation study on the following network security-related Test Tips as well as the review questions at the end of the chapter.

These Test Tips serve primarily as a review of the chapter. However, you might notice that some of the tips have not been discussed. Be prepared and learn to be surprised by the unexpected. The real exam will show you no mercy. Know these tips inside and out!

  • Multiplexing is the combining of data channels over a single transmission line.

  • DNS (Domain Name Servers) resolve fully qualified domain names (or host names) to IP addresses. For example, Microsoft.com is a domain name. A properly configured DNS could resolve Microsoft.com to the IP address 207.46.129.180.

  • A bastion host is gateway or firewall that protects an internal network from external networks. Simply put, a bastion host is a system setup on an internal network that screens for possible attacks aimed at a particular internal network.

  • ATM (Asynchronous Transfer Mode) is a dedicated switching technology that transmits data in fixed-length, 53-byte units called cells. ATM is well suited for the transmission of audio and video and is said to be the answer to the low bandwidth problems that face Internet users.

  • A Demilitarized Zone (DMZ) is a neutral area between an internal network and the Internet that typically contains one host system or a small network of systems.

  • Network Address Translation (NAT) is an Internet standard most often used with routers to provide firewall security by hiding an internal private network's range of IP addresses from outside networks.

  • An FDDI ring is typically composed of two fiber-optic Token Rings. An outside ring is used for the primary transport of data and an inside ring acts as a backup if the primary ring fails. An FDDI ring is redundant and somewhat more secure than star, bus, or traditional ring topologies.

  • The seven layers of the OSI reference model from layer 1 to layer 7 are Physical, Data Link, Network, Transport, Session, Presentation, and Application. Just remember 'Programmers Do Not Throw Sausage Pizza Away.'

  • Secure Remote Procedure Call (RPC) is a protocol that is used to allow a client-side application program to execute or request a service from a server computer without being concerned with network intricacies or server procedures.

  • IPSec employs two encryption modes: transport and tunnel. Using the transport mode, only the data portion (or payload) of a packet is encrypted while the header remains unchanged. In tunnel mode, security is further enhanced because both the payload and header are encrypted. IPSec offers security services such as connectionless integrity, data origin authentication, and confidentiality.

  • Frame relay is also much faster than X.25 and can take advantage of T1 (1.544 Mbps) and T3 (Mbps) speeds. Frame relay uses public switched WANs that can redirect packets if a segment goes bad.

  • A circuit gateway is a packet filter that relays packets from one host to another based on the protocol and IP address. A circuit gateway forms a sort of tunnel through a firewall allowing two specified hosts to interact.

  • The term, transparency, is used in network security lingo to describe how intrusive a network countermeasure, such as a firewall, is to a user. For example, a packet filter is more transparent to a user than an application proxy. In other words, users will typically not be aware that a router is filtering their data packets. However, if an application gateway is used, users will have to authenticate with the firewall or configure their applications to authenticate through the firewall.

  • Point-to-Point Tunneling protocol (PPTP) allows a virtual private network (VPN) to be created using the Internet. PPTP is essentially a set of communication rules that allow the boundaries of private networks to be extended. PPTP has in many cases eliminated the need for companies to use expensive, dedicated leased lines to expand the privacy of their networks.

  • Leased-line speeds are as follows:

    • DS-0 (Digital Signal Level 0): One channel transmits 64KBps on T1 line.

    • DS-1 (Digital Signal Level 1): Transmits 1.544MBps on T1 line.

    • DS-3 (Digital Signal Level 3): Transmits 44.736 MBps on a T3 line.

  • CAT5 UTP is also referred to 100BaseT or 100BaseTX. It carries a data signal 100 meters or approximately 328 feet. It is the most popular UTP cable in use today.

  • Application proxies or gateways are concerned more with specific applications and actual data. The application proxy offers much more control than packet filters and circuit gateways by controlling or limiting user access from within the protocol itself. In other words, with an application proxy, administrators can actually control what information can be sent out of or pulled into a network.

  • CHAP uses a secret one-way hash value that is generated by the requester and sent to the server.

  • SMTP (Simple Mail Transfer Protocol) is an unsafe protocol used to send e-mail messages between mail servers. SMTP was not originally developed to protect against e-mail and e-mail server attacks. The best way to protect your e-mail server and e-mail in general is to scan and filter all messages and secure each e-mail message with encryption.

  • SNMP (Simple Network Management Protocol) is an unsafe network management protocol that allows the use of clear text passwords. SNMP traffic should be filtered at the firewall.

  • A multihomed server (a system with two NICs) can be configured as a firewall by enabling IP forwarding and building a Routing Information Table (RIT).

  • Devices such as routers, hubs, and switches are a single point of failure. Each of these devices should be protected with a UPS (Uninterruptible Power Supply) in the event of power surges, spikes, and brownouts.

  • The four primary types of firewall architectures are as follows:

    • Packet filter: A packet filter router uses an ACL (Access Control List). It is the oldest of the mentioned architectures. It separates a private network from a public network.

    • Screened host: This firewall architecture combines a bastion host and a packet filter firewall, which requires the intruder to get by two separate systems in order to reach an internal network. This is more secure than a traditional packet filtering firewall.

    • Dual-homed host: Straight to the point, this is a system with two NICs. One NIC supports access to a private network and the other is for a public network. This acts as a filter and is also known as a multihomed bastion host.

    • Screened subnet: This firewall architecture combines the security of two packet filters and a bastion host. This is the most secure of the firewall architectures and requires high overhead. This overhead is realized in high-maintenance requirements.

  • VoIP (Voice over IP) technology is essentially the delivery of voice in digital packets over IP networks. This technology is generally less expensive than traditional circuit switching of voice using PSTN (Public Switched Telephone Network). VoIP is a rapidly growing technology that offers security and quality of service.

  • Security services are a combination of security techniques, files, policies, and procedures. The following six security services are defined by OSI communication standards in order to provide secure communications:

    • Authentication

    • Access control

    • Data confidentiality

    • Data integrity

    • Non-repudiation

    • Monitoring and logging

  • In order for packet-switching networks to work properly, packets must contain the network address of the sending system as well as that of the destination system.

  • When the functionality of devices such as a network bridge and a network router are combined, the result is a device known as a brouter.

  • Most communication takes place at the Data Link layer of the OSI reference model.

  • An extranet is part of a private network (intranet) that is extended to customers, vendors, suppliers, and possibly other remote users. Most extranets use tunneling to connect multiple intranetwork connections to an extranet.


  < Day Day Up > 


Previous page
Table of content
Next page
The Security+ Exam Guide (TestTaker's Guide Series)
Security + Exam Guide (Charles River Media Networking/Security)
ISBN: 1584502517
EAN: 2147483647
Year: 2003
Pages: 136
Authors: Christopher A. Crayton
BUY ON AMAZON
MySQL Stored Procedure Programming
Image Processing with LabVIEW and IMAQ Vision
Java for RPG Programmers, 2nd Edition
Programming Microsoft ASP.NET 3.5
Programming .Net Windows Applications
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy