When preparing for the exam, make sure you understand these key concepts covered in Chapter 3 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.
Reviewing Basic Networking Concepts
- A use case typically describes an organizational goal and administrators enable specific protocols to meet organizational goals.
- Protocols used for voice and video include Real-time Transport Protocol (RTP) and Secure Real-time Transport Protocol (SRTP). SRTP provides encryption, message authentication, and integrity for RTP.
- File Transfer Protocol (FTP) is commonly used to transfer files over networks, but FTP does not encrypt the transmission.
- Several encryption protocols encrypt data-in-transit to protect its confidentiality. They include File Transfer Protocol Secure (FTPS), Secure File Transfer Protocol (SFTP), Secure Shell (SSH), Secure Sockets Layer (SSL), and Transport Layer Security (TLS).
- SMTP sends email using TCP port 25. POP3 receives email using TCP port 110. IMAP4 uses TCP port Secure POP uses TLS on port 995 (legacy) or with STARTTLS on port Secure IMAP uses TLS on port 993 (legacy) or with STARTTLS on port 143.
- HTTP uses port 80 for web traffic. HTTPS encrypts HTTP traffic in transit and uses port 443.
- Directory services solutions implement Kerberos as the authentication protocol. They also use Lightweight Directory Access Protocol (LDAP) over TCP port 389 and LDAP Secure (LDAPS) over TCP port 636.
- Administrators commonly connect to remote systems using SSH instead of Telnet because SSH encrypts the connection. Administrators also use Remote Desktop Protocol (RDP) to connect to remote systems using TCP port 3389.
- The Network Time Protocol (NTP) provides time synchronization services.
- Domain Name System (DNS) provides domain name resolution. DNS zones include A records for IPv4 addresses and AAAA records for IPv6 addresses. Zone data is updated with zone transfers and secure zone transfers help prevent unauthorized access to zone data. DNS uses TCP port 53 for zone transfers and UDP port 53 for DNS client queries.
- Domain Name System Security Extensions (DNSSEC) provides validation for DNS responses and helps prevent DNS poisoning attacks.
- Two command-line tools used to query DNS are nslookup and dig. Both support the axfr switch, allowing them to download all zone data from a DNS server, unless the DNS server blocks the attempt.
Understanding Basic Network Devices
- Switches are used for network connectivity and they map media access control (MAC) addresses to physical ports.
- Port security limits access to switch ports. It includes limiting the number of MAC addresses per port and disabling unused ports. You can also manually map each port to a specific MAC address or group of addresses.
- An aggregation switch connects multiple switches together in a network.
- Routers connect networks and direct traffic based on the destination IP address. Routers (and firewalls) use rules within access control lists (ACLs) to allow or block traffic.
- Implicit deny indicates that unless something is explicitly allowed, it is denied. It is the last rule in an ACL. Host-based firewalls (sometimes called application-based) filter traffic in and out of individual hosts. Some Linux systems use iptables or xtables for firewall capabilities.
- Network-based firewalls filter traffic in and out of a network. They are placed on the border of the network, such as between the Internet and an internal network.
- A stateless firewall controls traffic between networks using rules within an ACL. The ACL can block traffic based on ports, IP addresses, subnets, and some protocols. Stateful firewalls filter traffic based on the state of a packet within a session.
- A web application firewall (WAF) protects a web server against web application attacks. It is typically placed in the demilitarized zone (DMZ) and will alert administrators of suspicious events.
Implementing a Secure Network
- A DMZ provides a layer of protection for servers that are accessible from the Internet.
- An intranet is an internal network. People use the intranet to communicate and share content with each other. An extranet is part of a network that can be accessed by authorized entities from outside of the network.
- NAT translates public IP addresses to private IP addresses, private back to public, and hides IP addresses on the internal network from users on the Internet.
- Networks use various methods to provide network segregation, segmentation, and isolation.
- An airgap is a metaphor for physical isolation, indicating a system or network is completely isolated from another system or network.
- Routers provide logical separation and segmentation using ACLs to control traffic.
- Forward proxy servers forward requests for services from a client. It can cache content and record users’ Internet activity. A transparent proxy accepts and forwards requests without modifying them. A nontransparent proxy can modify or filter requests, such as filtering traffic based on destination URLs.
- Reverse proxy servers accept traffic from the Internet and forward it to one or more internal web servers. The reverse proxy server is placed in the DMZ and the web servers can be in the internal network.
- A unified threat management (UTM) security appliance includes multiple layers of protection, such as URL filters, content inspection, malware inspection, and a distributed denial-of-service (DDoS) mitigator. UTMs typically raise alerts and send them to administrators to interpret.
- Mail gateways are logically placed between an email server and the Internet. They examine and analyze all traffic and can block unsolicited email with a spam filter. Many include data loss prevention (DLP) and encryption capabilities.
Summarizing Routing and Switching Use Cases
- Loop protection protects against switching loop problems, such as when a user connects two switch ports together with a cable. Spanning Tree Protocols protect against switching loops.
- Flood guards prevent MAC flood attacks on switches.
- VLANs can logically separate computers or logically group computers regardless of their physical location. You create them with Layer 3 switches.
- Routers use rules within ACLs as an antispoofing method. Border firewalls block all traffic coming from private IP addresses.
- SNMPv3 is used to monitor and configure network devices and uses notification messages known as traps. It uses strong authentication mechanisms and is preferred over earlier versions. SNMP uses UDP ports 161 and 162.
Listing of all exam topic reviews:
Chapter 1 Mastering Security Basics
Chapter 2 Understanding Identity and Access Management
Chapter 3 Exploring Network Technologies and Tools
Chapter 4 Securing Your Network
Chapter 5 Securing Hosts and Data
Chapter 6 Comparing Threats, Vulnerabilities, and Common Attacks
Chapter 7 Protecting Against Advanced Attacks
Chapter 8 Using Risk Management Tools
Chapter 9 Implementing Controls to Protect Assets
Chapter 10 Understanding Cryptography and PKI
Chapter 11 Implementing Policies to Mitigate Risks