Chapter 3. Nonessential Services and Attacks

Terms you'll need to understand:

• Nonessential services

• DoS/DDoS

• Back door

• Spoofing

• Man-in-the-middle attack

• Replay

• Transmission Control Protocol/Internet Protocol (TCP/IP) hijacking

• Password guessing (brute force/dictionary)

• Software exploitation

• Viruses

• Trojan horses

• Logic bombs

• Worms

• Social engineering

• Auditing

Techniques you'll need to master:

• Understanding and identifying common services that may be disabled or locked down to thwart unauthorized access

• Recognizing when an attack is happening and taking proper steps to end it

• Learning to identify which types of attacks you might be subject to and how to implement proper security to protect your environment

• Recognizing malicious code and knowing how to respond appropriately

• Understanding how easy social engineering has become

• Learning the concepts of proper auditing

The challenge of working in a mixed operating system environment becomes a factor when trying to secure your resources. It has become very common for servers to be subject to a myriad of attacks through services, protocols, and open ports.

The Security+ exam requires that you understand that eliminating nonessential services can thwart many would-be attackers and that you understand the different types of attacks that can happen.