GSEC GIAC Security. Essentials Certification ONE ALL IN EXAM GUIDE. Ric Messier. Singapore Sydney Toronto

Transcription

1 ALL IN ONE GSEC GIAC Security Essentials Certification EXAM GUIDE Ric Messier New York Chicago San Francisco Athens London Madrid Mexico City Milan New Delhi Singapore Sydney Toronto "4 McGraw-Hill Education is an independent entity from Global Information Assurance Certification (GIAC) and is not affiliated with GIAC in any manner. This study/training guide and/or material is not sponsored by, endorsed by, or affiliated with GIAC in any manner. This publication and CD-ROM may be used in assisting students to prepare for the GIAC Security Essentials (GSEC) exam. Neither GIAC nor McGraw-Hill Education warrant that use of this publication and CD-ROM will ensure passing any exam. GIAC is a registered trademark of Global Information Assurance Certification in the United States and certain other countries. All other trademarks are trademarks of their respective owners.

2 CONTENTS Acknowledgments Introduction xvi xvii Chapter I Information Security and the GIAC Security Essentials Certification I The Evolution and Importance of Security 1 Types of Security Threats 2 Malware 2 Identity Theft 4 Mobile Devices 6 Denial of Service 6 Insider Threats 7 About SANS 7 About the GSEC Certification 8 Who the Exam Is For 9 About the Exam 9 The Purpose of This Book 10 Chapter 2 Networking Fundamentals II History oftcp/ip Networking Stacks 13 The OSI Model 14 TCP/IP Architecture 18 Protocols 19 Internet Protocol 20 IP Version 4 Headers Addressing Fragmentation Internet Protocol Version 6 27 Internet Control Message Protocol (ICMP) 29 Transmission Control Protocol (TCP) 31 Reliable Delivery 33 The Mitnick-Shimomura Attack 37 User Datagram Protocol (UDP) 38 Domain Name System (DNS) 40 Chapter Review 42 Questions 42 Answers 44 Exercise Answers 45 H 26 vii

3 GSEC GIAC Security Essentials Certification All-in-One Exam Guide viii Chapter 3 Network Design 47 Cable Types 47 Coaxial Cable 47 Twisted Pair 48 Fiber Optics 49 Topologies 51 Bus Topology 52 Star Topology 54 Mesh Topology 56 Full Mesh Topology 58 Ring Topology 60 Switching 62 Ethernet 63 Asynchronous Transfer Mode (ATM) 65 Hubs, Bridges, and Switches 66 Routing 68 Distance Vector Routing 71 Link-State Routing 72 Security Mechanisms 73 Routers 74 Firewalls 76 Intrusion Detection Systems 82 Chapter Review 85 Questions 86 Answers 87 Exercise 3-1 Answer 88 Chapter 4 Authentication and Access Control 89 Authentication 90 Credentials 91 Token-Based Authentication 97 Biometrics 99 RADIUS 103 TACACS/TACACS+ 104 Web-Based Authentication 105 Basic Authentication 105 Multifactor Authentication 110 Authorization Ill Principle of Least Privilege 112 Accounting 112 Access Control 114 Discretionary Access Control 114 Mandatory Access Control 115 Role-Based Access Control 116 Attribute-Based Access Control 117 Single Sign-On 118

4 " Contents IX Chapter Review 120 Questions 120 Answers 122 Exercise 4-1 Answer 123 Chapter 5 Network Security 125 Common Attacks 126 Protocol Attacks 127 Maiware 130 Network Attacks 131 Web-Based Attacks 134 Phishing and Drive-by Downloading 136 Defense in Depth 137 Security Through Obscurity 138 Firewalls 139 Network-Based Firewalls 141 Host-Based Firewalls 141 Intrusion Defense 144 Intrusion Detection 145 Intrusion Prevention 147 Anti-Virus Software 148 Vulnerability Management 149 Honeypots 153 Chapter Review 154 Questions 155 Answers 156 Exercise 5-2 Answer 157 Chapter 6 Linux '59 UNIX History 160 GNU I61 The Kernel 162 Filesystem Layout 165 Using Linux 168 General Utilities 168 File Management 169 Process Management 170 Networking 170 Software Management 170 Debian 171 RedHat/CentOS 172 Slackware Boot Process 174 Process Management *76 Processes and Threads I77 Process Tools 178 Signals 180

5 GSEC GIAC Security Essentials Certification All-in-One Exam Guide X System Management 182 Backups 182 Patch Management 183 Job Scheduling 184 User Management 185 Configuration 188 Logging and Log Management 190 Security Tools 192 SELinux 194 TripWire 194 iptables 196 AppArmor 198 Chapter Review 198 Questions 199 Answers 200 Exercise Answers 201 Chapter 7 Windows 203 Windows History 204 Windows 3.x and Windows NT 3.x 204 Windows 9x, NT 4.0, and Windows Windows XP and Beyond 208 Windows Networking 210 Basic Configuration 210 Networking Utilities 212 Securing Windows Networking 214 Resource Management 220 Windows Workgroups vs. Windows Domains 220 Active Directory 222 Users and Groups 224 Resource Sharing 225 Policies and Policy Management 226 Windows Management 229 Automation 231 Configuration 233 Auditing 234 User Rights 236 Permissions 240 Registry 241 Windows Security 242 EFS and BitLocker 243 Updates and Hotfixes 244 Service Packs 245 Backups 246 Security Templates 247 Securing Windows Services 248

6 Contents ^ Securing Windows Services 250 US 250 SQL Server 251 Terminal Services 252 Chapter Review 253 Questions 254 Answers 256 Answers to Exercises 257 Chapter 8 Encryption 259 Important Dates in Cryptography History 260 Foundations 260 Diffie-Hellman 262 RSA 264 Digest Algorithms 264 Cryptographic Attacks 265 X.509 Certificates 266 Public Key Infrastructure (PKI) 269 S/MIME 274 Pretty Good Privacy (PGP) 275 Symmetric Encryption 278 DES and Triple DES 279 AES 2S0 Asymmetric Encryption 281 SSLandTLS 282 Virtual Private Networks (VPNs) 284 IPSec 287 Steganography 289 Kerberos 291 Chapter Review 291 Questions 292 Answers 29 4 Exercise Answers 295 Chapter 9 Risk Management 297 Regulatory 297 Risk Management 300 Cost-Benefit Analysis 303 Quantitative Risk Assessment 305 Qualitative Risk Assessment 306 Risk Management Strategics 307 Security Policies 308 Data at Rest 310 Contingency Plans 311 Disaster Recovery 312

7 GSEC GIAC Security Essentials Certification All-in-One Exam Guide xii Incident Handling 313 The Legal Impact of Incidents 317 Information Warfare 318 OPSEC 319 Chapter Review 321 Questions 322 Answers 323 Exercise 9-1 Answer 324 Chapter 10 Virtual Machines 325 Virtual Machine History 325 Emulation and the PC Era 327 Application Virtualization 328 Virtual Memory 328 Paging Algorithms 332 Security Implications 333 Reasons for Virtualizing 334 Hypervisors 336 Virtual Resources 339 Other Virtual Machines 341 Chapter Review 343 Questions 344 Answers 346 Exercise 10-1 Answer 347 Chapter 11 Vulnerability Control 349 Network Mapping/Scanning 350 Different Types of Mapping 350 Nmap 357 Application Mapping AMAP 361 Vulnerability Scanning 362 Vulnerability Management 366 Vulnerability Exploitation 370 Web Application Security 372 Common Web Vulnerabilities 372 SSL/TLS 373 Cookies 374 CGI 376 AJAX 376 Web Vulnerability Scanning 377 Web Application Firewalls 378 Chapter Review 379 Questions 379 Answers 381 Exercise 11-1 Answer 382

8 XIII Chapter 12 Malware 385 Types of Malware 385 Virus 386 Worm 387 Trojan Horse 388 Rootkit 389 Botnet Client 391 Spyware/Adware 392 Anti-Virus 393 Anti-Virus Evasion 395 Packing 395 Encryption 396 Code Modifications 396 Malware Vectors 397 "Sneaker Net" Network 399 Drive-by Attacks 400 Boot Sector/MBR 401 Infection Vectors 401 Malware Analysis 402 Static Analysis 403 Dynamic Analysis 407 Malware Policy 409 Chapter Review 410 Questions 411 Answers 413 Exercise 12-1 Answer 414 Chapter 13 Physical Security 415 Deterrent Controls 416 Prevention Controls 417 Fences and Gates 417 Locks 422 Construction 424 Access Control 428 Exterior Lighting 429 Barriers and Impediments 430 Electrical Power 433 Detection Controls 434 Video Monitoring 434 Fire Detection 436 Motion Sensors 438 Water Sensors 438

9 GSEC GIAC Security Essentials Certification All-in-One Exam Guide xiv Corrective Controls 439 Fire Suppression 439 Policies and Procedures 442 Toxic Cleanup 443 Chapter Review 444 Questions 445 Answers 44<^ Exercise 13-1 Answer 447 Chapter 14 Wireless Technologies 449 Radio Transmission 450 Frequency and Spectrum 451 Modulation and Carrier Waves 452 Antennas and Transmissions 452 Receiver 454 Frequency Hopping WiMAX Bluetooth RFID Encryption 459 Cracking and Analysis Utilities 461 MiFi 463 Encryption 469 Bluetooth Attacks Near Field Communication 472 ZigBee 472 Chapter Review 473 Questions 473 Answers Exercise 14-1 Answer Chapter 15 VoIP 477 A (Very Brief) History of Telephony 477 In-Band vs. Out-of-Band Signaling 482 Signaling System H Security Considerations 487 Real-Time Transport Protocol (RTP) 487 The Session Initiation Protocol (SIP) 488 Messaging 489 User Agents 492 NAT Traversal Attacks on SIP

10 Contents XV The Skinny Call Control Protocol (SCCP) 497 Skype 497 The Benefits ofvoip 498 Chapter Review 499 Questions 500 Answers 502 Exercise 15-1 Answer 502 Appendix About the CD-ROM 503 System Requirements 503 Installing and Running MasterExam 503 MasterExam 503 Help 503 Removing Installation(s) 504 Author Video 504 Electronic Book 504 Technical Support 504 LearnKey Technical Support 504 McGraw-Hill Content Support 504 Permissions 505 Index 507