Exam Essentials

Be able to describe the various types of attacks to which your systems are exposed. Your network is vulnerable to Denial of Service (DoS) attacks caused by either a single system or multiple systems. Multiple system attacks are called Distributed Denial of Service Attacks (DDoS). Your systems are also susceptible to access, modification, and repudiation attacks.

Be able to describe the methods used to conduct a back door attack. Back door attacks occur using either existing maintenance hooks or developmental tools to examine the internal operations of a program. These hooks are usually removed when a product is prepared for market or production. Back door attacks also refer to the insertion of a program or service into a machine that allows authentication to be bypassed and access gained.

Be able to describe how a spoofing attack occurs. Spoofing attacks occur when a user or system masquerades as another user or system. Spoofing allows the attacker to assume the privileges and access rights of the real user or system.

Be able to describe a man in the middle attack. Man in the middle attacks are based on the principle that a system can be placed between two legitimate users to capture or exploit the information being sent between them. Both sides of the conversation assume that the man in the middle is the other end and communicate normally. This creates a security breach and allows unauthorized access to information.

Be able to describe a replay attack. A replay attack captures information from a previous session and attempts to resend it to gain unauthorized access. This attack is based on the premise that if it worked once, it will work again. This is especially effective in environments where a user ID and password are sent in the clear across a large network.

Be able to describe a TCP/IP hijacking. TCP/IP hijacking occurs when an unauthorized system replaces the authorized system without being detected. This allows access privileges to be kept in the session. Hijacking attacks are hard to detect because everything appears to be normal, except for the hijacked system. Hijacking attacks take advantage of the sequencing numbers used in TCP sessions.

Be able to describe the two methods used in password guessing. The two methods in password guessing are brute force and dictionary. Brute force attacks work by trying to randomly guess a password repeatedly against a known account ID. Dictionary methods apply a set of words, such as a dictionary, against the identified account.

Be able to explain how social engineering occurs. Social engineering describes a process where an unauthorized person attempts to gain access to information by asking the help desk or other employees for account and password information. This assault typically occurs by the attacker representing himself or herself as someone who would legitimately have a right to that information.

Be able to explain how software exploitation occurs. Software exploitation involves using features or capabilities of a software product in a manner either unplanned for, or unanticipated by the software manufacturers. In many cases, the original feature enhanced the functionality of the product but, unfortunately, creates a potential vulnerability.

Be able to explain the characteristics and types of viruses used to disrupt systems and networks. Several different types of viruses are floating around today. The most common ones include polymorphic viruses, stealth viruses, retroviruses, multipartite viruses, and the macro viruses. A macro virus attack occurs using another program, such as a word processor or spreadsheet program. Viruses can also hide in the boot sector of a disk, this type of virus is considered a stealth virus.

Be able to describe how worms operate. Worms attack systems and attempt to procreate and propagate. Worms spread using files, e-mail, and physical media, such as a floppy disk. A worm will also frequently contain a virus that causes the destruction of a system.

Be able to describe how antivirus software operates. Antivirus software looks for a signature in the virus to determine what type of virus it is. The software then takes action to neutralize the virus based upon a virus definition database. Virus Definition Database updates are regularly made available on vendor sites.

Be able to describe how audit files can help detect unauthorized activity on a system or network. Most operating systems provide a number of audit files to record the results of activities on a system. These log files will frequently contain unsuccessful logon attempts, as well as excessive network traffic. These files should be reviewed on a regular basis to determine what is happening on a system or a network.



CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net