Professional Documents
Culture Documents
CompTia CH4 Identity and Access Management
CompTia CH4 Identity and Access Management
CompTia CH4 Identity and Access Management
-Wireshark also a widely known network packet sniffers. Graphical user interface, free and versatile.
- Network Scanners
+ Solarwinds
+ Lan Helper
+Aircrack (scanning and cracking Wi-Fi); tools like wzcook.exe, extract wireless data; main tool is
aircrack-ng
Password Cracker
Pwdump: copy the local password hashes from Windows SAM file. Once you have the password hases,
you can use rainbow table tool to check to see if the passwords can be recovered.
Vulnerability Scanners
Netcraft.com : info about websites including what operating system they are running
Isc.sans.edu: SANS Institute cyber storm center, provide information on current cyber threats
NESSUS.
OWASP Zap
Exploitation Frameworks
COMMAND-Line Tools
Ping : check if some website is accessible. (example ping www.google.com)
Nestat: current network connections
Tracert: tells the entire path to a given address.
Nslookup/dig
Arp (address Resolution Protocol)
Ipconfig/ip/ifconfig
Needs downloading:
Nmap : software, port scan machines.
Netcat free download
+Strong Authentication
Configuration Issues
Default Passwords.
Failure to Patch
Limit Admin Access: Wireless access points have an administrative panel. Only accessible va physical
connection.
Filtering
Logging
Other issues
+ unauthorized software
__________________________________________________________________________________
Security Technologies
IDS
Antimalware
Identification means finding out who someone is. Authentication is a mechanism of verifying that
identification/proving it.
Multifactor Authentication
Federations
Transitive access
IF party (A) trust (b) and (B) trust (C) then A trust (C)
SPAP (Shiva PAP): encrypts the username and password. Helps prevents packet sniffer. Not able to lmit
replay attacks or session hijacking.
CHAP (Challenge Handshake Authentication Protocol) : after logins, client computer send computer
generated number (cryptographic hash)
Mandatory Access Control (MAC) is a inflexible method for how information access is permitted. Users
can’t share information unless their rights to share it are established by administrators.
Discretionary Access Control (DAC) model, allows users to share information dynamically with other
users.
ROLE-BASED ACCESS CONTROL (RBAC)
Atribute-based access control (ABAC) Consider a lot more aspects of subject, object, environment
conditions.
Smartcards: access control and security purposes. Store permissions and access information
Common Access Card : Defense department, US GOV, has id, chip, barcode
PiVC : US gov
This chapter introduced you to a number of tools that you can use to gather data about your network.
For the Security+ exam, you should be able to define the tool types, such as vulnerability scanners and
password crackers. For your job duties as a security administrator, you should be able to utilize several
of these tools. The command-line tools also comprise common test questions on the Security+ exam.
Next the chapter examined troubleshooting configuration issues. This is a very broad topic, and no single
chapter could fully address it. The main point to understand is that if your security devices and services
are not properly configured, that misconfiguration is itself a security vulnerability.
This chapter introduced a number of security technologies and explained how to view their output. That
includes IDS, firewall, antivirus, and other related technologies. You should be familiar with how to view
outputs from these systems.
The chapter also addressed access control and identity management. The key difference between
authentication and identification is that authentication means that someone has accurate information,
whereas identification means that accurate information is proven to be in possession of the correct
individual.
The most basic form of authentication is known as single-factor authentication (SFA), because only one
set of values is checked. To increase security, it is necessary to use multifactor authentication, which
involves two or more values that are checked.
The most basic form of authentication is known as single-factor authentication (SFA), because only one
set of values is checked. To increase security, it is necessary to use multifactor authentication, which
involves two or more values that are checked.
ACLs are being implemented in network devices and systems to enable the control of access to systems
and users. ACLs allow individual systems, users, or IP addresses to be ignored.