SSCP Study Guide

Josh Jacobs SSCP, CISSP
Lee Clemmer SSCP, CISSP
Michael Dalton SSCP, CISSP
Russ Rogers CISSP
Jeffrey Posluns SSCP, CISSP, Technical Editor

Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or production (collectively "Makers") of this book ("the Work") do not guarantee or warrant the results to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state.

In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files.

Syngress Media®, Syngress®, "Career Advancement Through Skill Enhancement®," "Ask the Author UPDATE®," and "Hack Proofing®," are registered trademarks of Syngress Publishing, Inc. "Mission Critical™," and "The Only Way to Stop a Hacker is to Think Like One™" are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.

PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370

Copyright © 2003 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

1  2  3  4  5  6  7  8  9  0

ISBN: 1-931836-80-9

Technical Editor: Jeffrey Posluns
Technical Reviewer: Tony Piltzecker
Acquisitions Editor: Catherine B. Nolan
DVD Production: Michael Donovan
Cover Designer: Michael Kavish
Page Layout and Art by: Shannon Tozier
Copy Editor: Judy Eby
Indexer: Odessa&Cie

Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada.

Acknowledgments

We would like to acknowledge the following people for their kindness and support in making this book possible.

Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin Votel, Kent Anderson, Frida Yara, Jon Mayes, John Mesjak, Peg O'Donnell, Sandra Patterson, Betty Redmond, Roy Remer, Ron Shapiro, Patricia Kelly, Andrea Tetrick, Jennifer Pascal, Doug Reil, David Dahl, Janis Carpenter, and Susan Fryer of Publishers Group West for sharing their incredible marketing experience and expertise.

Duncan Enright, AnnHelen Lindeholm, David Burton, Febea Marinetti, and Rosie Moss of Elsevier Science for making certain that our vision remains worldwide in scope.

David Buckland, Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive our books.

Kwon Sung June at Acorn Publishing for his support.

Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow, Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates for all their help and enthusiasm representing our product in Canada.

Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at Jaguar Book Group for their help with distribution of Syngress books in Canada.

David Scott, Annette Scott, Geoff Ebbs, Hedley Partis, Bec Lowe, and Mark Langley of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.

Winston Lim of Global Publishing for his help and support with distribution of Syngress books in the Philippines.

Contributors

Lee Clemmer   (SSCP, CISSP, RHCE, CCNA, SGCE, SGCA, MCSE, CCSA, Sun Solaris Certified Engineer) is a Founder and Chief Security Consultant with Higher Ground Networks, LLC. His areas of expertise range from Internet penetration testing and security auditing to information security systems architecture. Headquartered in Atlanta, GA, Higher Ground Networks delivers technical and strategic information security expertise to clients in the southeastern United States. Lee's experience with Linux and various versions of UNIX, coupled with his depth of experience with Microsoft's offerings, make him the firm's key resource for cross-platform security designs. Lee's background includes positions such as Senior Security Consultant with Kent Technologies, and Director of Secure Networks with Xcelerate Corp. Lee holds a bachelor's degree from the University of Georgia, and is a member of the ISSA, USENIX, and SAGE organizations.

Michael Dalton   (SSCP, CISSP, CCNA, MCSE, CISA) is an Information Security Specialist with a Fortune 500 insurance benefits company in North America. Michael works in the Information Protection practice on the Compliance Review Team. His primary work responsibilities include Internet and extranet firewall reviews, Information Protection Systems Development Lifecycle (SDLC) application reviews, and external service provider security posture assessments. Michael holds a bachelor's degree from Central Connecticut State University and is an ISSA-CT and ISACA member. Michael currently resides in Weatouge, CT with his incredibly supportive wife, Kimberly, and two sons, Benjamin and John Clark.

Joshua G. Jacobs   (SSCP, MCSA, MCP, A+) is the Technology Administrator for Reynolds, Bone & Griesbeck, PLC. He has an extensive background in systems administration as well as Web application design and development. Joshua provides support for the firm's network as well as client networks throughout the South. His specialties include security information management, Intranet development, firewall administration, policy development, and support for various operating systems including Novell NetWare, Windows 2000 and AIX. Joshua's recent work also includes Web application development and custom software scripting to automate application deployment. Joshua, his wife, Heather, and their two sons, Owen and Joshua II, live in Collierville, TN. He would like to thank his wife for her love and continuous support that made it possible for him to contribute to this book.

Russ Rogers   (CISSP, IAM) is the President of Security Horizon, Inc. Security Horizon is a veteran-owned small business, based in Colorado Springs, CO, specializing in professional security services and training. It is one of only two companies with a Cooperative Research and Development Agreement (CRADA) with the National Security Agency (NSA) to teach their INFOSEC Assessment Methodology (IAM). Russ's background includes network vulnerability assessments, organizational assessments using the NSA IAM, security policy development, and training assessors on the IAM. His experience spans positions in military intelligence, system administration, security administration, commercial and Department of Defense assessments, and special security project development. Russ holds a master's degree in Computer Systems Management from the University of Maryland and is a member of the Information System Security Association (ISSA), International Who's Who in Information Technology, International Information Systems Security Certification Consortium (ISC)², and a regular contributor to the annual Black Hat Security conference.

Robert J. Shimonski   (Security+, Sniffer SCP, Cisco CCDP, CCNP, Nortel NNCSS, MCSE, MCP+I, Master CNE, CIP, CIBS, CWP, CIW, GSEC, GCIH, Server+, Network+, i-Net+, A+, e-Biz+, TICSA, SPS) is the Lead Network Engineer and Security Analyst for Thomson Industries, a leading manufacturer and provider of linear motion products and engineering. One of Robert's responsibilities is to use multiple network analysis tools to monitor, baseline, and troubleshoot an enterprise network comprised of many protocols and media technologies.

Robert currently hosts an online forum for TechTarget.com and is referred to as the "Network Management Answer Man," where he offers daily solutions to seekers of network analysis and management advice. Robert's other specialties include network infrastructure design with the Cisco and Nortel product line for enterprise networks. Robert also provides network and security analysis using Sniffer Pro, Etherpeek, the CiscoSecure Platform (including PIX Firewalls), and Norton's AntiVirus Enterprise Software.

Robert has contributed to many articles, study guides and certification preparation software, Web sites, and organizations worldwide, including MCP Magazine, TechTarget.com, BrainBuzz.com, and SANS.org. Robert holds a bachelor's degree from SUNY, NY and is a part time Licensed Technical Instructor for Computer Career Center in Garden City, NY teaching Windows-based and Networking Technologies. Robert is also a contributing author for Configuring and Troubleshooting Windows XP Professional (Syngress Publishing, ISBN: 1-928994-80-6), BizTalk Server 2000 Developer's Guide for .NET (Syngress, ISBN: 1-928994-40-7), Sniffer Pro Network Optimization & Troubleshooting Handbook (Syngress, ISBN: 1-931836-57-4), MCSE Implementing and Administering Security in a Windows 2000 Network Study Guide & DVD Training System (Syngress, ISBN: 1-931836-84-1) and is Technical Editor for Security+ Study Guide & DVD Training System (Syngress, ISBN: 1-931836-72-8).

Norris L. Johnson, Jr.   (Security+, MCSA, MCSE, CTT+, A+, Linux+, Network +, CCNA) is a technology trainer and owner of a consulting company in the Seattle-Tacoma area. His consultancies have included deployments and security planning for local firms and public agencies, as well as providing services to other local computer firms in need of problem solving and solutions for their clients. He specializes in Windows NT 4.0, Windows 2000, and Windows XP issues, providing consultation and implementation for networks, security planning, and services. In addition to consulting work, Norris provides technical training for clients and teaches for area community and technical colleges. He is co-author of Security+ Study Guide & DVD Training System (Syngress Publishing, ISBN: 1-931836-72-8), Configuring and Troubleshooting Windows XP Professional (Syngress, ISBN: 1-928994-80-6), and Hack Proofing Your Network, Second Edition (Syngress, ISBN: 1-928994-70-9). Norris has also performed technical edits and reviews on Hack Proofing Windows 2000 Server (Syngress, ISBN: 1-931836-49-3) and Windows 2000 Active Directory, Second Edition (Syngress, ISBN: 1-928994-60-1). Norris holds a bachelor's degree from Washington State University. He is deeply appreciative of the support of his wife, Cindy, and three sons in helping to maintain his focus and efforts toward computer training and education.

Jeremy Faircloth   (Security+, CCNA, MCSE, MCP+I, A+) is a Senior IT Engineer for Gateway, Inc., where he develops and maintains enterprise-wide client/server and Web-based technologies. He also acts as a technical resource for other IT professionals, using his expertise to help others expand their knowledge. As an analyst with over 10 years of real world IT experience, he has become an expert in many areas including Web development, database administration, enterprise security, network design, and project management. Jeremy is a contributor to several Syngress publications including Hack Proofing XML (ISBN: 1-931836-50-7), ASP .NET Developer's Guide (ISBN: 1-928994-51-2), and Security+ Study Guide & DVD Training System (ISBN: 1-931836-72-8). Jeremy currently resides in Dakota City, NE and wishes to thank Christina Williams and Austin Faircloth for their support in his various technical endeavors.

Michael Cross   (Security+, MCSE, MCP+I, CNA, Network+) is an Internet Specialist and Programmer with the Niagara Regional Police Service, and has also served as their Network Administrator. He performs computer forensic examinations on computers involved in criminal investigations, and has consulted and assisted in cases dealing with computer-related/Internet crimes. He is responsible for designing and maintaining their Web site at www.nrps.com, as well as their Intranet. Michael programs applications used by various units of the Police Service, has been responsible for network security and administration, and continues to assist in this regard. Michael is part of an Information Technology team that provides support to a user base of over 800 civilian and uniform users. His theory is that when the users carry guns, you tend to be more motivated in solving their problems.

Michael also owns KnightWare, a company that provides Web page design and various other services. In addition to this company, he has been a freelance writer for several years, and published over three dozen times in numerous books and anthologies. He is a contributing author to Scene of the Cybercrime: Computer Forensics Handbook (Syngress Publishing, ISBN: 1-931836-65-5) and the Security+ Study Guide & DVD Training System (Syngress, ISBN: 1-931836-72-8). He currently resides in St. Catharines, Ontario, Canada with his lovely wife, Jennifer, and his darling daughter, Sara.

F. William Lynch   (Security+ SCSA, CCNA, LPI-I, MCSE, MCP, Linux+, A+) is co-author for Hack Proofing Sun Solaris 8 (Syngress Publishing, ISBN: 1-928994-44-X), Hack Proofing XML (Syngress, ISBN: 1-931836-50-7), Security+ Study Guide & DVD Training System (Syngress, ISBN: 1-931836-72-8), and Hack Proofing Your Network, Second Edition (Syngress, ISBN: 1-928994-70-9). He is an independent security and systems administration consultant and specializes in firewalls, virtual private networks, security auditing, documentation, and systems performance analysis. William has served as a consultant to multinational corporations and the Federal government including the Centers for Disease Control and Prevention headquarters in Atlanta, GA as well as various airbases of the United States Air Force. He is also the Founder and Director of the MRTG-PME project, which uses the MRTG engine to track systems performance of various UNIX-like operating systems. William holds a bachelor's degree in Chemical Engineering from the University of Dayton in Dayton, OH and a master's of Business Administration from Regis University in Denver, CO.

Debra Littlejohn Shinder   (MCSE) is author of Scene of the Cybercrime: Computer Forensics Handbook (Syngress Publishing, ISBN: 1-931836-65-5), co-author of Configuring ISA Server 2000: Building Firewalls for Windows 2000 (Syngress, ISBN: 1-928994-29-6) and Troubleshooting Windows 2000 TCP/IP (Syngress, ISBN: 1-928994-11-3), as well as a contributor to numerous other technical books. Along with her husband, Dr. Thomas W. Shinder, Deb does network consulting in the Dallas-Ft.Worth area, designs Web sites for businesses, municipalities and non-profit organizations, and teaches in the Dallas County Community College District's technical training programs. As a former police officer and Police Academy instructor, she specializes in computer/network security and forensics.

Deb has written hundreds of articles for Web and print publications such as TechRepublic, CNET, Swynk.com, BrainBuzz.com, and WinXP News. She has also written numerous online courses for DigitalThink, Inc. and prepared curricula for classroom instruction. She has contributed to Microsoft's TechNet, and speaks at conferences such as the Black Hat Security briefings and Certification Expo. She edits the A+ weekly newsletter for CramSession and writes a weekly feature for the Net Admin News.

Deb has been writing since she finished her first (still unpublished) novel in ninth grade. She edited her high school and college newspapers and wrote and edited newsletters for city employees and police associations. Prior to entering the tech field, she had articles published in law enforcement and self-help psychology publications. She is a member of the IEEE's IPv6 Working Group and has written and tech edited questions for various certification practice exams.

Technical Reviewer

Tony Piltzecker   (Security+, CISSP, MCSE, CCNA, Check Point CCSA, Citrix CCA), author of the CCSA Exam Cram, is a Network Architect with Planning Systems Inc., providing network design and support for federal and state agencies. Tony's specialties include network security design, implementation, and testing. Tony's background includes positions as a Senior Networking Consultant with Integrated Information Systems and a Senior Engineer with Private Networks, Inc. Tony holds a bachelor's degree in Business Administration, and is a member of ISSA. Tony is a contributing author to Security+ Study Guide & DVD Training System (Syngress Publishing, ISBN: 1-931836-72-8) and MCSE Implementing and Administering Security in a Windows 2000 Network Study Guide & DVD Training System (Syngress, ISBN: 1-931836-84-1). Tony currently resides in Leominster, MA with his wife, Melanie, and his daughter, Kaitlyn.

Technical Editor

Jeffrey Posluns   (SSCP, CISSP, CISA, CCNP, CCDA, GSEC) is the Founder of SecuritySage, a leading-edge information security and privacy consulting firm. Jeffrey oversees and directs the professional services teams, product reviews, and innovative product development. Jeffrey has over 11 years experience specializing in security methodologies, audits and controls. He has extensive expertise in the analysis of hacker tools and techniques, intrusion detection, security policies, forensics, and incident response. Jeffrey is an industry-recognized leader known for his ability to identify trends, resolve issues, and provide the highest quality of customer service, educational seminars, and thought-provoking presentations. Prior to SecuritySage, Jeffrey founded and co-founded several e-commerce and security initiatives, where he served as President and/or Chief Technology Officer. His responsibilities included such areas as the strategy and implementation of corporate initiatives, project management, professional and managed services, as well as research and development. He has also authored a variety of security-specific books, white papers, financial and security-related software, and security toolkits. Jeffrey is looked to as an authority to speak on IT security related issues and trends at conferences, in the media, and law enforcement forums. He is a regular speaker at industry conferences organized by such groups as the Information Systems Audit and Control Association (ISACA) and the Association of Certified Fraud Examiners (ACFE). Jeffrey is also a trainer for the CISSP certification course.

About the Study Guide & DVD Training System

In this book, you'll find lots of interesting sidebars designed to highlight the most important concepts being presented in the main text. These include the following:

• Exam Warnings   focus on specific elements on which the reader needs to focus in order to pass the exam.

• Test Day Tips   are short tips that will help you in organizing and remembering information for the exam.

• Notes from the Underground   contain background information that goes beyond what you need to know from the exam, providing a deep foundation for understanding the security concepts discussed in the text.

• Damage and Defense   relate real-world experiences to security exploits while outlining defensive strategies.

• Head of the Class   discussions are based on the author's interactions with students in live classrooms and the topics covered here are the ones students have the most problems with.

Each chapter also includes hands-on exercises. It is important that you work through these exercises in order to be confident you know how to apply the concepts you have just read about.

You will find a number of helpful elements at the end of each chapter. For example, each chapter contains a Summary of Exam Objectives that ties the topics discussed in that chapter to the published objectives. Each chapter also contains an Exam Objectives Fast Track, which boils all exam objectives down to manageable summaries that are perfect for last minute review. The Exam Objectives Frequently Asked Questions answers those questions that most often arise from readers and students regarding the topics covered in the chapter. Finally, in the Self Test section, you will find a set of practice questions written in a multiple-choice form similar to those you will encounter on the exam. You can use the Self Test Quick Answer Key that follows the Self Test questions to quickly determine what information you need to review again. The Self Test Appendix at the end of the book provides detailed explanations of both the correct and incorrect answers.

Additional Resources

There are two other important exam preparation tools included with this Study Guide. One is the DVD included in the back of this book. The other is the practice exam available from our website.

• Instructor-led training DVD provides you with almost two hours of virtual classroom instruction.   Sit back and watch as an author and trainer reviews all the key exam concepts from the perspective of someone taking the exam for the first time. Here, you'll cut through all of the noise to prepare you for exactly what to expect when you take the exam for the first time. You will want to watch this DVD just before you head out to the testing center!

• Web based practice exams.   Just visit us at www.syngress.com/certification to access a complete Exam Simulation. These exams are written to test you on all of the published certification objectives. The exam simulator runs in both "live" and "practice" mode. Use "live" mode first to get an accurate gauge of your knowledge and skills, and then use practice mode to launch an extensive review of the questions that gave you trouble.

Table of Contents and (ISC)² SSCP Common Body of Knowledge (CBK)

All seven domains of (ISC)²'s published Common Body of Knowledge (CBK) for the SSCP Exam are covered in this book. We've devoted one, complete chapter to each of the seven domains. To help you easily find coverage for each, we've referenced each domain under the corresponding chapter title in the following Table of Contents. By reading this study guide and following the corresponding domain list, you can be sure that you have studied 100% of (ISC)²'s SSCP CBK.

Syngress knows what passing the exam means to you and to your career. And we know that you are often financing your own training and certification; therefore, you need a system that is comprehensive, affordable, and effective.

Boasting one-of-a-kind integration of text, DVD-quality instructor-led training, and Web-based exam simulation, the Syngress Study Guide & DVD Training System guarantees 100% coverage of exam objectives.

The Syngress Study Guide & DVD Training System includes:

• Study Guide with 100% coverage of exam objectives   By reading this study guide and following the corresponding objective list, you can be sure that you have studied 100% of the exam objectives.

• Instructor-led DVD   This DVD provides almost two hours of virtual classroom instruction.

• Web-based practice exams   Just visit us at www.syngress.com/certification to access a complete exam simulation.

Thank you for giving us the opportunity to serve your certification needs. And be sure to let us know if there's anything else we can do to help you get the maximum value from your investment. We're listening.

www.syngress.com/certification