More authentication and encryption!

Alright, another day, another day of learning. Exciting times.

Again, I fail to know enough about these technologies to provide an educated opinion.

Open ID Connect – OpenID Connect (OIDC) is an authentication layer on top of OAuth 2.0, an authorization framework.[1] The standard is controlled by the OpenID Foundation.
SAML – The single most important use case that SAML addresses is web-browser single sign-on (SSO). Single sign-on is relatively easy to accomplish within a security domain (using cookies, for example) but extending SSO across security domains is more difficult and resulted in the proliferation of non-interoperable proprietary technologies. The SAML Web Browser SSO profile was specified and standardized to promote interoperability.[2] (For comparison, the more recent OpenID Connect protocol[3] is an alternative approach to web browser SSO.)
XACML – “eXtensible Access Control Markup Language”. The standard defines a declarative fine-grained, attribute-based access control policy language,[2] an architecture, and a processing model describing how to evaluate access requests according to the rules defined in policies.
LDAP – Lightweight Directory Access Protocol (LDAP /’?ldæp/) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.[1] Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network
OAuth 2.0 – OAuth provides to clients a “secure delegated access” to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.[3]

So based on the answer Open ID Connect seems really obvious on account of the naming conventions. However normally with an authentication provider there is more detail as to how the process actually works and if the passwords are hashed. So on and so forth. Now, in regards to detail I’m finding my self wanting more. Now looking at SAML its saying that OpenID Connect is basically the same thing. Moving on to XACML, this is a big one. Its not SSO related but has a ton of information and complicated diagrams on how auth requests are processed but nothing about appropriate hashing or encryption. It’s almost like they are going into NAC type of strings. To be honest this is not very helpful other than knowing its not SSO focused and uses some sort of policies that seem overlapping. LDAP, here is says we can use TLS for cert based auth or kerberos. I’m starting to get a grasp on this. It’s honestly so much more fun to actually learn material rather than simply rush through it. Oauth is really straight forward. Inter platform SSO provider.

Well, for starters, anything is better than WEP. Im not really seeing any legacy choices right away but I did pick WPA2 Enterprise. However, I still want to go over this stuff.

WEP – a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.[1] WEP, recognizable by its key of 10 or 26 hexadecimal digits (40 or 104 bits), was at one time widely in use and was often the first security choice presented to users by router configuration tools.[2][3] In 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA). In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE declared that both WEP-40 and WEP-104 have been deprecated.[4] WEP was the only encryption protocol available to 802.11a and 802.11b devices built before the WPA standard, which was available for 802.11g devices. However, some 802.11b devices were later provided with firmware or software updates to enable WPA, and newer devices had it built in
WPA and TKIP – TKIP (the basis of WPA) has reached the end of its designed lifetime, has been partially broken, and had been officially deprecated
WPS with a pin – Created by the Wi-Fi Alliance and introduced in 2006, the goal of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases. Prior to the standard, several competing solutions were developed by different vendors to address the same need.[1] A major security flaw was revealed in December 2011 that affects wireless routers with the WPS PIN feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network’s WPA/WPA2 pre-shared key (a.k.a. PSK).[2] Users have been urged to turn off the WPS PIN feature,[3] although this may not be possible on some router models
WEP and RC4 – Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5,000 packets. In August 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir published a cryptanalysis of WEP[13] that exploits the way the RC4 ciphers and IV are used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network. Depending on the amount of network traffic, and thus the number of packets available for inspection, a successful key recovery could take as little as one minute
WPA2 Enterprise – IEEE 802.11i-2004, or 802.11i for short, is an amendment to the original IEEE 802.11, implemented as Wi-Fi Protected Access II (WPA2). The draft standard was ratified on 24 June 2004. This standard specifies security mechanisms for wireless networks, replacing the short Authentication and privacy clause of the original standard with a detailed Security clause. In the process, the amendment deprecated broken Wired Equivalent Privacy (WEP), while it was later incorporated into the published IEEE 802.11-2007 standard. 802.11i supersedes the previous security specification, Wired Equivalent Privacy (WEP), which was shown to have security vulnerabilities. Wi-Fi Protected Access (WPA) had previously been introduced by the Wi-Fi Alliance as an intermediate solution to WEP insecurities. WPA implemented a subset of a draft of 802.11i. The Wi-Fi Alliance refers to their approved, interoperable implementation of the full 802.11i as WPA2, also called RSN (Robust Security). 802.11i makes use of the Advanced Encryption Standard (AES) block cipher, whereas WEP and WPA use the RC4 stream cipher.[1]

Yeah, once your figure this one out WPS2 Enterprise, which uses AES is clearly the way to go. I guess it is good to learn about legacy stuff but its so much info!!!

I really don’t understand what file system or operating system uses this stuff and that would be super helpful information. Like, rather than learning random shit what if it was like so your using Solarus as a file share you need to connect over a network via ssh how do you set up the share and permissions. Just a thought. Anyway, lets take a look at this one.

SELinux mode set to enforcing- SELINUX: Set enforcing and permissive modes for SELinux
SELinux mode set to permissive – see previous link
FACL added –

Ok, so the answer does say Linux in it but there are so many flavors! To be honest it does look like something you would find in Linux but its not like a line of code. This is also kind of A cop out because that also would probably vary by flavor. Lots of variables here but it would be more helpful than running into work and describing some sort of completely useless theory of types of permissions.

Oh man, after looking at that last one they are selling me on a Linux+ because that is fun and relevant! Ok, so I was sort of wrong and that the answer is there if you know what your looking at and if you google stuff, there are answers! It’s amazing that research exists.

non-persistent configuration – Understanding nonpersistent vs. persistent VDI
continuous monitoring – see above
Firmware updates – im not defining this
Fault tolerance – meaning that you have a fail over cluster

This question doesn’t make any sense. It says nothing about VDIs but that’s what the answer loops back to. Is a VDI a ‘critical system’ not likely.

Thats just using infrastructure. Software as a service implies that your using like some application, like Salesforce. Software as a service is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. This answer is straight out wrong haha

Anyway, that’s all for today. Guess I should get some sleep.

02-07-2020 0

Wireless authentication ???

All right, spent a lot of time on some stuff last night and I’m still pretty sure that I still have a ways to go before really learning encryption, authentication and hashing. I haven’t made flash cards yet for this new fangled access control stuff (new to me haha). However, today’s a new day so lets get into these things again.

This one is confusing to me. Clearly TLS is encryption, as we figured out yesterday haha so that’s wrong but I was under the assumption that FTPS would use encryption so lets check that out

In explicit mode (also known as FTPES), an FTPS client must “explicitly request” security from an FTPS server and then step up to a mutually agreed encryption method. If a client does not request security, the FTPS server can either allow the client to continue in insecure mode or refuse the connection. The mechanism for negotiating authentication and security with FTP was added under RFC 2228, which included the new FTP command AUTH. While this RFC does not explicitly define any required security mechanisms, e.g. SSL or TLS, it does require the FTPS client to challenge the FTPS server with a mutually known mechanism. If the FTPS client challenges the FTPS server with an unknown security mechanism, the FTPS server will respond to the AUTH command with error code 504 (not supported). Clients may determine which mechanisms are supported by querying the FTPS server with the FEAT command, although servers are not necessarily required to be honest in disclosing what levels of security they support. Common methods of invoking FTPS security included AUTH TLS and AUTH SSL. The explicit method is defined in RFC 4217. In the later versions of the document, FTPS compliance required that clients always negotiate using the AUTH TLS method.

Lol so the term explicit means it asks if you want to encrypt traffic or not. Got it.

Honestly, I picked the right answer but I think what amounts to running red team exercises as preventative maintenance is not ideal. You should have computer accounts for every PC in your domain and use NAC. Rogue system detection is also a really good idea. The thing that some of these questions seem to imply is that your not using an AD environment, and I get that, but in most companies your not going to be able to authenticate to a WAP without an account. NAC with health checks also solve the issue of patching.

Pretty sure I know what obfuscation is but I wanted to go over that one again.

You know, I was hoping to put a simple definition here in italics but that isn’t working so here is a detailed account A question of security: What is obfuscation and how does it work?

Since we are here, lets go over XOR 0xFF, if we can

Nowhere to Hide: Three methods of XOR obfuscation

This is really good and somehow while doing this I’m reminded that I love doing this kind of work and that I’ve been doing it with art and music my entire life. I love research and learning that this points to this which points to this and somehow makes this work. Do you see that there? Looks like this over here, doesn’t it? It makes the world less random to me.

Anyway, it looks like this basically a method of encrypting code. I’m not a coder or anything close to that so I could be misinterpreting.

First off Diffie-Hellman has nothing to do with this, what so ever. Second, I’m not really sure what the other stuff is haha

BCRYPT – Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.
Substitution cipher – basically you shift letters, not a hashing method for passwords
Elliptic-curve Diffie–Hellman (ECDHE) – key agreement protocol that allows two parties, each having an elliptic-curve public–private key pair, to establish a shared secret over an insecure channel.[1][2][3] This shared secret may be directly used as a key, or to derive another key. The key, or the derived key, can then be used to encrypt subsequent communications using a symmetric-key cipher. It is a variant of the Diffie–Hellman protocol using elliptic-curve cryptography. again, “diffie-hellman has nothing to do with this”
PBKDF2 – In cryptography, PBKDF1 and PBKDF2 (Password-Based Key Derivation Function 2) are key derivation functions with a sliding computational cost, used to reduce vulnerabilities to brute force attacks.

Ok, hopefully I can remember these things because if you know what they are its obvious.

Shew, this isn’t as bad as, shit, this is authentication isn’t it? yep. ok. So, at first I was all “i’m not learning all this because I don’t really think I’ll need it but I’m realizing its better to take the time with it to actually learn it.

Not sure if this will really work to individually define these things with links but lets see what we can dig up.

WPA+CCMP
WPA2+CCMP
WPA+TKIP
WPA2+TKIP

lol, ok so I made a list and then found this which is super helpful and I’m saving it to my book marks bar as it answers a lot of questions and gets me going down the road to learning all these combinations.

WEP, WPA, WPA2, TKIP, AES, CCMP, EAP.

There is still a lot to learn and its 9 years old. However, its a solid start. You would think I would be further along with some of this stuff but I’m not.

Well, once again this proved to be more work that I thought it would be. Which might be why I was avoiding doing it and hoping that I would mysteriously know the answers without putting effort in. Unfortunately, that’s not real life.

02-06-2020 0

Back to blogging

I took some time off from this and thought I would be fine to go through the questions I didn’t know and sort of work my way through them. I found that when I got to the part where I didn’t review all of my wrong answers, shockingly, I still didn’t know the right answer so now I have roughly 50 slides that I need to blog. I was kind of feeling tired of going through them but after realizing I probably needed to in order to pass I seemed to have regained my muster to go through them. Going through a bunch of questions and getting them wrong is discouraging and somehow that proves to be a motivator to do a better job as I would actually like to have this cert for a myriad of reasons. Who knows, it isn’t TV and having a lot of certs at the top of a resume seems to be helpful in my case. I’m not saying that’s always the truth or that you have to have them to know what your doing but they sure don’t hurt. The gym is going pretty good but I did sort of start smoking again. So I need to keep up motivation on that. I started playing WoW some too. I seriously miss it but it can be a huge time sink. I guess its all about balance. Anyway, I feel like 5 is maybe too few so I’ll do like 5 sets of 10 for this go round and then finish out the final 80% of the 250 questions that I missed and then go through the ones I missed out of that set again then the entire 250 and see where am at and possibly at that point go through all 700 questions again and hope to be in the mid 90s and then attempt to take the test. I’m feeling like I might fail this one the first go round which is a little scary but I’ll pass it eventually. Honestly, its constant work on keeping up with certs as after this one i’d like to do another but I’m not sure what. Was thinking the CySA+ but maybe not. Anyway, lets get into it.

I find these hella confusing for some reason and I also find my self wondering what file system uses these because you talk to a windows system admin about this they are going to have no idea what your talking about and ask who needs permissions to what and if they all work together.

RBAC – In computer systems security, role-based access control or role-based security is an approach to restricting system access to authorized users.
MAC – In computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target
ABAC – Attribute-based access control, also known as policy-based access control, defines an access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.
DAC – In computer security, discretionary access control is a type of access control defined by the Trusted Computer System Evaluation Criteria “as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong”

Maybe if I look at enough questions and answers this will make sense because the question does have a compound component to it which does actually makes sense for being ABAC. However the differences between DAC and RBAC seem like the same thing.

You know, looking at this one and realizing that I don’t understand certificates that well makes me think that I should group them into categories to stay consistent. This would require a significant amount of admin overhead however I might keep a running count of what posts are where. Anyway, this one seems like “im not really sure what kind of research I can do with it” but for me there are still some missing pieces. Like I really don’t have this thing nailed down of how encryption and authentication protocols work together? It seems like it should be really obvious but some how I’m still confused. Like SFTP encrypts both authentication information and transmitted information but obviously its not what your using to login with. You use Kerberos to authenticate and the question clearly says ‘data in transit’ implying an encryption protocol and here I’ve selected an authentication protocol clearly indicating I don’t know the difference between the two. Perhaps as I go through these types of authentication and encryption questions I should note if its authentication or encryption and possibly note what type of encryption works with what encryption. I think overtime I’ll understand this but IMO this is the trickiest part of this exam. So, I’m going to make a list of links to these and read about them again. My favorite part is combining the hash functions with the encryption types. woooh boy. This is fun…

S/MIME – S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced electronic signature. S/MIME provides the following cryptographic security services for electronic messaging applications: Authentication Message integrity Non-repudiation of origin (using digital signatures) Privacy Data security (using encryption) S/MIME specifies the MIME type application/pkcs7-mime[2] (smime-type “enveloped-data”) for data enveloping (encrypting) where the whole (prepared) MIME entity to be enveloped is encrypted and packed into an object which subsequently is inserted into an application/pkcs7-mime MIME entity.
TLS – its now-deprecated predecessor, Secure Sockets Layer (SSL),[1] are cryptographic protocols designed to provide communications security over a computer network.[2] Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites can use TLS to secure all communications between their servers and web browsers.
SFTP – loops back to SSH and no where is PKI mentioned haha
SAML – Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. Used with SSO but has nothing really to do with encryption? Teaching myself this stuff gets confusing

This is the most amount of reading I have spent on a single subject in a while haha

I’m not really sure what a sponsored guest account is and to be frank, I’m not going to look it up as I understand the idea of it being a short term account that gets cycled out.

The answer appears to be totally random as I have no idea what Spim is. The obvious choice for me is Impersonation as they are pretending to be the HD however the combo of vishing and impersonation i would accept.

Vishing – is the telephone equivalent of phishing. It is described as the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft.
Impersonation – The social engineer “impersonates” or plays the role of someone you are likely to trust or obey convincingly enough to fool you into allowing access to your office, to information, or to your information systems.
Scareware – malware tactic that manipulates users into believing they need to download or buy malicious, sometimes useless, software. Most often initiated using a pop-up ad, scareware uses social engineering to take advantage of a user’s fear, coaxing them into installing fake anti-virus software

Again, kind of grey area buy honestly how do you vish without pretending to be reliable source?

I’m not entirely sure I understand the question outside of realizing its been issues to an IP but I think the problem is with understanding the answer choices. So i’m going to get into those

OSCP – Internet protocol used for obtaining the revocation status of an X.509 digital certificate
OID – an identifier mechanism standardized by the International Telecommunications Union (ITU) and ISO/IEC for naming any object, concept, or “thing” with a globally unambiguous persistent name
PEM – is a de facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining “privacy-enhanced mail.”
SAN – an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field.[1] These values are called Subject Alternative Names (SANs). Names include

The first choice is the best thing to check. However, how you check with a CRL is another process.

I have gone over these a million times and should honestly probably make my self flash cards at this point as I;m still unclear on the subtleties however abac stands for access based account control

Ok, I did an unusual amount of reading for this. Usually at this point in my cert studies I can spend about 5 mins on something and get a grasp on it however with access controls and encryption, authentication and hashing (which seems like it should be encryption but it isn’t) things get a little muddy. That said, I am actually trying to learn the material so its worth it to invest in an actual understanding. So I guess what I’m getting at is that my brain is full for the day and I should rest in spite of my goal to get many more than 10 questions done haha.

02-05-2020 0

15 Security questions I had to research

Its Wednesday, currently, it may not be by the time this is done. In fact I’m almost certain that it will be after midnight. I would be shocked If I got all this done in 55 mins. Any way, what did you guys think and about The Shadow and Tom Waits. Super cool stuff right. Totally some thing that like Jack White would be into right lol. Anyway. Moving forward. The Deftones are pretty cool. Man, they sure have been a band for a while. Did you guys ever hear that White Pony album. Here, Ill hum a few bars from one of the tracks:

For some reason, that weirdly reminds me of my last relationship. Wow, was that too personal. Ultimately, I feel like I would be cheating my self if i didnt get slightly personal lol

Hey you guys see that new Slipknot? Damn that shit is hard.

Anyway… I guess we could get into some actual work and learning instead of being generic and attmepting to sk8 to prove we are cool

You know, this is uha, as previously noted these can be tricky so lets go through the definitions.

SHA1 – typically rendered as a hexadecimal number, 40 digits long. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard
RIPEMD -a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of which RIPEMD-160 is the most common.
The original RIPEMD, as well as RIPEMD-128, is not considered secure because 128-bit result is too small and also (for the original RIPEMD) because of design weaknesses. The 256- and 320-bit versions of RIPEMD provide the same level of security as RIPEMD-128 and RIPEMD-160, respectively; they are designed for applications where the security level is sufficient but longer hash result is necessary.
While RIPEMD functions are less popular than SHA-1 and SHA-2, they are used, among others, in Bitcoin and other cryptocurrencies based on Bitcoin.
MD5 – it has been found to suffer from extensive vulnerabilities
DES -Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits—criticized from the beginning—makes it too insecure for most current applications, it has been highly influential in the advancement of modern cryptography

Lots of options but per wikipedia MD5 is terrible.

I can’t figure this one out are they saying the traffic is dropping at the 192.168 address? There are some things going on here that I’m not clear on. Honestly I would have to run a tracert to figure this out. The internet isnt going to be helpful and I have no idea what the hell kind of information that is.

I got this right but it was kind of an obvious guess but I have no idea what an AAA system and I wanted to figure out what that is refers to Authentication, Authorization and Accounting. It is used to refer to a family of protocols that mediate network access. Two network protocols providing this functionality are particularly popular: the RADIUS protocol, and its newer Diameter counterpart.

Well, I guess I didnt really need to know that but its good to find out those sorts of things I suppose?

I’m not sure what an IGAP packet is or where its getting that. Its clear that its sending a packed and that there is an issue with it though. IGMP is an integral part of IP multicast. so I think its safe to assume its a multicast packet but the other part of this is IGAP packets are part of IGMP which is the indicator that its not a TCP.

Wow, I can actually figure out some of this stuff and maybe I’ll get a cert out of this. Awesome haha, only tie will tell.

LOL, I totally forgot what these are and took a guess again. Humm, I just put on this show about people using computers and its some how more helpful in my level of focus than watching other shows haha

ROI – Return on investment
ARO – Annualized Rate of Occurrence
ALE – Annualized loss expectancy
MTBF – Mean time between failures
MTTF – Mean time to failure
TCO – Total cost of ownership

Single Loss Expectancy The Dollar Amount of what it would cost to replace the device if it malfunctioned or was lost, damaged or stolen. SLE x ARO = ALE ALE = Annual Loss Expectancy in dollars ARO = Annual Rate of Occurrence

Clearly I got this one totally wrong. I’m not sure what CSRF is and apparently how XSS works. Personally, I think of it like pivoting which may be wrong. It seems like you have to be authenticated to something though dosent it? Or atleast connected.

Anyway, lets get a look at what CSFR is , also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.[2] There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidden forms, and JavaScript XMLHttpRequests, for example, can all work without the user’s interaction or even knowledge. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser. So its basically the same thing but it does use a trusted connection. Honestly, that makes it cut and dry but I’m still confused about running java on a web app your not connected to? You know, this type of specific terminology gets really hazy, every time. There are specific ideas that people have behind it but as already noted in another question there isn’t much point to nailing down brass tacks on this if it works and its loosely within a idea. The crazy thing is that music genres work the same way.

lol what the hell is this and why would use a single tier solution that’s completely internal. I can understand having a DC that replicates but having one internal point failure seems less than ideal.

Input validation on an FTP site would amount to fuzzing which is not what they are talking about. It says transferring or transport protection. Not generic breaking and entering haha but ok though. I mean, your not fooling me with this FTP site shit its a storage server.

I think I got this wrong because I don’t know what IAM is so I guess I should figure out what that is Identity management, also known as identity and access management, is a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and Data Management.

There is no information about radius that I can find quickly so I’m just going with it.

I should have known this one but any way, here is a link on EAP-TLS certs

I actually looked this one up at the time and as previously noted MD5 is not great and AES was the correct answer.

This is so crazy, it selects a color and then mixes the two colors and that’s the key. Interesting, Diffie-Hellman key exchange

lol sick

This isn’t wrong but both of these are right given that there are thousands or hundreds of thousands of companies that manufacture IoT devices proving that they are all falling under one umbrella is kind of tough…

I’m not really sure why I put this here given that I got it right but there are a lot of factors and I feel its cut and dry.

This one seems opinion based changing the length would also be a good idea. That was my first answer.

All right, that’s all for now. I got a new phone yesterday and I might set it up before going to bed to let every thing sync. Who knows, wild adventure. I was waiting till a case I ordered came up but I’m not sure I really want to wait haha

01-16-2020 0

Tom Waits! The Shadow! Incorrect Answers! All this and more!

Alright, about half way through. The first time. As you know it takes me more than one go around and then I seem to pass real sketchy and right on the money like but thats ok. If you can read this put 2 dollars into into my paypal its Nickrbarnes@gmail.com thanks for your contributions. This is independently maintained and its a vital part of my existence so thanks for not reading it future employers. Please contact me via my text message. Thank you. Is this making any sense? I didn’t think so. I haven’t really been too personal lately and theres sometimes a guy, that comes along and does this thing. Some folks call him Bob Dylan other folks call him Tom Waits. Personally, I’m pretty sure hes the drummer for Megadeath but the world may never know without extensive research into the modern principles of why people buy watches with diamonds on them as if accurate time keeping was ever a reason to spend 50k on a watch especially given that literally if you dont have a cell phone what are you even doing. Unless your poor then I will DM you 5 dollars from my cash app for the troubles of insulting your given level of poverty. I live with my aunt for reasons but mostly its on acccount of the cost and convince.

Anyway for all you songsters out there that are not reading this here is song, its about driving a truck but its a ghost truck. You want to talk about shocking and spooky to be honest its too much to even photograph something like that. Did you know if you take a photo of a lockness monster you turn into a rat guy right away and thats not even a good thing at all.

I’m not really sure what “HA in a web application server” I took at stab at it and wasn’t terribly fora off but lets start with

Ok, Properly designing high-availability (HA) web applications on the Cloud is a difficult task due to the overwhelming number of components and failure scenarios that can arise. In the real world, there is a large variance between deployments because virtually every web application has its own set of requirements.

So that’s pretty clear. You know, I should have figured that one out but I don’t think I did. The ALF for DDOS curbing and a load balancer makes sense. Reverse proxy servers do not

You know, upon re-reading the question what they are getting at is that people that work on “the firewall team” can implement vulnerabilities without having to have them approved by management. And you know, Ill be hones t here, that is troublesome. Or even worse, they could break currently working infrastructure.

Realizing what rhosts is, I’m not really sure why I picked that one. To be honest, knowing what TTY is and without a long line of syntax I’m not sure that really makes sense either

Humm… is this right? me thinks no..

This is for sure a coding question that is over my head. I’m not sure of the difference. I can tell you that planning and learning for expected test questions works much better than randomly doing weird shit to be attention seeking though. Wait, that’s not what this was about. What this is about is an abstrcation of a concept that doesnt have a hard definition to begin with. Basically this is some bull shit, you can XSS with Java and Java is not a machine language, as I understand it. To be honest, my answer is correct.

This one is a little tougher as it was my assumption that 802.1x was done on the router and what they are describing is not on a router. And wow was I wrong

Overview of 802.1x Authentication

802.1x authentication consists of three components:

The supplicant, or client, is the device attempting to gain access to the network. You can configure the Arubauser-centric network to support 802.1x authentication for wired users as well as wireless users.
The authenticator is the gatekeeper to the network and permits or denies access to the supplicants.
The Aruba controller acts as the authenticator, relaying information between the authentication server and supplicant. The EAP type must be consistent between the authentication server and supplicant and is transparent to the controller.

The authentication server provides a database of information required for authentication and informs the authenticator to deny or permit access to the supplicant.

The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS) server which can authenticate either users (through passwords or certificates) or the client computer.

An example of an 802.1x authentication server is the Internet Authentication Service (IAS) in Windows (seehttp://technet.microsoft.com/en-us/library/cc759077(WS.10).aspx).

Arubauser-centric networks, you can terminate the 802.1x authentication on the controller . The controller passes user authentication to its internal database or to a “backend” non-802.1x server. This feature, also called “AAA FastConnect,” is useful for deployments where an 802.1x EAP-compliant RADIUS server is not available or required for authentication.

So thats pretty straight forward and makes it quite plain that I did not understand 802.1x

This one I just fucked up and its probably a good idea to cover the definitions again

Botnet – a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection.
Ransomware – type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them
Polymorphic malware – a type of malware that constantly changes its identifiable features in order to evade detection. Many of the common forms of malware can be polymorphic, including viruses, worms, bots, trojans, or keyloggers
Armored virus – A type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult. An Armored Virus may also protect itself from antivirus programs, making it more difficult to trace.

Yeah thats for sure describing a botnet.

This is another one of those questions where I want to say “thats really tough” but honestly a little more basic info should clear this one up… lol and the wikipedia pages for these say nothing about use or computation times. Which is totally fine given that you know some times experience makes things like this more clear and we have to take the answer at face value.

WPA2 does not use TLS being the key factor in this case.

The thing about this is that dropping an OS revision is absolutely an indicator of banner grabbing however i’m not sure if thats client or host and there is a connection attempting to be made here. That said I dont know why the host would drop info on the OS and the PC does appear to be at root which makes the pivot option seem a bit odd without further information but you are on one machine trying to connect to another.

This was a thing I learned and then remembered PII data is confidential. Note taken.

I had hoped to get 10-15 more questions done tonight but I think that’s all. More to come tomorrow and in the following days. I’m sure your super excited to tune in!

01-15-2020 0

More Security+, shocking!

Still going on Security, obviously, however getting back to the previous posts. I found some networking stuff that I thought was helpful. I went through several videos and this one, while long, is a really good baseline. I’m still slightly confused as to why they set up subnets when defining the IP but I’m sure eventually I’ll catch on to how that’s possibly transmitted with the packet.

So if you want some network info thats a good spot to start, for the uha firewall situation. Anyway, still unclear about the subnet? Is that indicating any thing in that range? I think that’s a safe assumption.

Anyway, lets start into the next set of questions.

Honestly, either of these work and it might be a good idea to do literally any or all of these things however B and D are fairly similar. Anyway, this one is kind of subjective but the thing is I’m kind of wondering what SCADA is exactly. I should probably know this and I’m not too proud to admit that I don’t. SCADA is an acronym for supervisory control and data acquisition, a computer system for gathering and analyzing real time data. SCADA systems are used to monitor and control a plant or equipment in industries such as telecommunications, water and waste control, energy, oil and gas refining and transportation. ok, that’s not that weird that I didn’t what that was and I cant promise that I will remember it 6 months from now when it hasn’t come up again in my normal existence.

Unrelated but that’s the Moody Blues. yeah,

To be honest, this is another one that I probably didn’t need to blog but is one of the millions of testable variables on this test. Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. TACACS+ have largely replaced their predecessors.

This isn’t on the the wiki page so good luck to me with spending hours researching one obscure question for what amounts to a baseline exam.

Ok this one is legit, BYOD is the only thing I know what it is and I’m betting VDI (virtual desktop infrastructure?)and COPE are bull shit but lets find out.

VDI – Virtual desktop infrastructure
COPE – Company Owned/Personally Enabled (device)
CYOD – Choose Your Own Device

Ok this is kind of some bull shit but but BYOD is for sure not the right answer.

I have no idea what an xmas attack is but I thought it sounded cool so lets take a look at these things.

MAC Spoofing – MAC spoofing is a technique for changing a factory-assigned Media Access Control (MAC) address of a network interface on a networked device. The MAC address that is hard-coded on a network interface controller (NIC) cannot be changed. However, many drivers allow the MAC address to be changed (use a VM?)
Pharming – a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
Xmas attack – Christmas Tree Attack is a very well known attack that is designed to send a very specifically crafted TCP packet to a device on the network. This crafting of the packet is one that turns on a bunch of flags. There is some space set up in the TCP header, called flags.
ARP poisoning – a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker’s MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

You know, the question says nothing about MAC authentication so this is kind of a throw away question.

I mean its right but fuck that’s a lot of variables that they are not talking about in the question I.E.

I don’t know what NC or pskill does so lets look that up, oh on nc is netcat and the -p is port that its connecting to, man page. haha this is msft, it kills a process.

Thinking about Extended validation doesn’t make sense but to be honest it was the only one I knew what it was so lets look at the others.

Wildcard certificate – a digital certificate that is applied to a domain and all its subdomains. Wildcard notation consists of an asterisk and a period before the domain name. Secure Sockets Layer (SSL) certificates often use wildcards to extend SSL encryption to subdomains.
Certificate chaining – A certificate chain is an ordered list of certificates, containing an SSL Certificate and Certificate Authority (CA) Certificates, that enable the receiver to verify that the sender and all CA’s are trustworthy
Certificate utilizing the SAN file – lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate.

You know, I should have known this and I’ve covered this before.

I don’t know what any of this shit is haha

MOU – memorandum of understanding is a type of agreement between two or more parties ?
BPA – No idea, online doesn’t know
ITCP – Information Technology Certified Professional ? (unclear)
BCP – Business continuity plan

Lol there is really only one viable option here and clearly i just clicked a circle.

Yeah, the print command would indicate buffer overflow perl is clearly not java so I should have been able to figure this out out without being a coder haha

What the heck is DHCPOFFER/DHCPACK, MAC spoofing is faking your mac address and I don’t think that would have any thing to do with DHCP but I could be wrong also the question says im right so I’m pretty sure its the first one. Anyway the offer/acknowledge thing is done by a server so that’s kind of crazy

Well, that’s all for today. Tomorrow night I need to try to get through 100 questions again and map out some stuff to learn about

01-12-2020 0

Variations on a theme..it can be tough, Security+

Keeping a good pace with the security stuff. I think I might have it done sooner than expected at this rate. Depending on how testing goes. I started studying this material at the start of last year and I guess made more headway than I realized. There are still somethings that escape me such as code samples that ask what kind of an attack it is. Like this first question!

I’m not sure what DEP is but hopefully it will provide some information as none of the other stuff is really helpful as to why it would be vulnerable. I guess in this case it isn’t a code sample but a set of information that didn’t come from a scanner.

DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there has been an increasing amount of research and discussion on the subject of bypassing DEP and ASL Source

Data Execution Prevention does make sense as something you would want to have running on a web server so that clears that up. I feel like I should have been aware of that by now haha

Theses types of questions are particularly tricky when they don’t ask what they do but what technology they work with. I think its a natural assumption that over time you develop a sense of that but at first its quite an overwhelming data set to dig through that many variables. I think its fair to say that there doesn’t really need to be further research beyond notating that SAML tokenizes passwords for authentication. I mean, for me. That may not be your case but I find it unlikely that your reading this blog for research haha

You know, this is where non proprietary stuff gets tricky. With MSFT things its fairly reasonable to assume you can find and article with specific information. In this case it gets a little trickier.

However, with this one it seems pretty clear that you would want to block IP traffic however notating the subnet in the rule kind of throws me off. At this time I’m not sure why that is and ill probably check with a friend that works specifically with networking stuff.

Maybe this is a better example of the specific tech thing. Again, not really any point in looking up every feature of every one of these and listing them out however it is worth taking it in one bit at a time in knowing that a symmetric algorithm uses a stream cipher.

First of all, pay attention to type-os because I through that said ‘remove’ and second of all even if it did 636 is correct and why would you remove LDAP if you where using LDAP?

I didn’t even take a stab at this because I know nothing of the types of certificates there are. I guess a good place to start would be defining that.

.pfx certificate –
.cer certificate
.der certificate
.crt certificate

Lol well, this is a nightmare and to be honest, rightfully so. This is some deep magic putting into the hands of the general internet may not be a good idea and I feel like learning about this would be a good idea and maybe I can find a book. For now, im accepting the answer at face value.

Wow, not a lot of information here however its safe to assume they are sending email To better protect sensitive/personal information and to comply with federal regulations, AES / PHEAA is encrypting email containing protected personal information

Yeah, radius federation still requires authentication to a domain though. I mean, not wrong but its not just going to magically authenticate. My answer was not correct either though haha

Yeah, I didn’t really think about that but honestly looking back a CRL makes way more sense than a recovery agent.

Well, that’s it for today. Thats about half the questions from this set of 100 that I went through. As I said, studying is going pretty good. The road blocks are obvious.

01-11-2020 0

Security+…its similar to the last one, pt. 5

Back again with more…questions. Shocking. I know. Anyway, progress is going good. I’m finding that the portion of material I don’t know is about a quarter of it so honestly, that’s really good news as far as lead time to testing. How will the test go? Who knows. I seem to be hitting right on the money lately and eventually if I keep doing that I’m going to fail. I hope I don’t because these test are expensive and I’m going to end up paying a gym a whole bunch of money to get out of a contract on something that they can provide yet offer as a service and refuse to let me out of the contract. Kind of bull shit but you know, I’m just going to keep showing up and making fun of them and explain the situation to the outlandishly cocky people that work there as if I were completely in the wrong and state the facts haha. Which makes it overwhelmingly obvious that they run a bad business or have no idea what they are doing. Regardless they are stealing money from me.

This is tough, I have no idea what someone of this coding stuff is and take my best guess. Lets get some definitions going.

Cross-site request forgery – an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated
Buffer overflow – Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending carefully crafted input to a web application, an attacker can cause the web application to execute arbitrary code, possibly taking over the machine. Attackers have managed to identify buffer overflows in a staggering array of products and components.
SQL injection – attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system
JavaScript data insertion – Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user’s browser.
Firewall evasion script – This is possible through NMAP

The thing is some of this stuff I still dont know what the code looks like but I have a basic idea. I think I should be able to recognize SQL but I’m unclear on the JAVA for sure, which happens to be the answer in this case. Am I going to have to completely learn JAVA or is there some basic stuff I can do to get a quick idea about what XSS looks like? I’ll have to do some digging but the info on the OWSAP site for now, ill stick with that and see where it gets me.

The thing I don’t understand about this is, why would I dig the workstation I’m on? Why is the workstation a .com I have so many questions. The workstation isn’t a domain.

Honestly, I’m unclear on why a web application firewall would do this. There isnt any thing in this that clearly indicates what layer its functioning at and the OWASP site isn’t clear either but I guess I can remember that one. Honestly, with the Network+ there where not many questions from the pretest on the actual test so when you see questions like this and the previous one, your kind of just screwed.

Ok, so here’s the thing. Clearly SHA is the right answer as seen here here but how do I learn about all the other types of certificates and what hashing algorithms they use? No clear answer to that but I can promise you this exact question will not be on the test. Maybe the pretest will go over the rest of them.

I’m not sure what open relay is on an email server, An open relay is a Simple Transfer Mail Protocol (SMTP) server that is improperly configured to allow the unauthenticated relay of email. oh so that shits misconfigured and it just sends mail. Got it.

Why TLS is more important than a CRL is unclear to me. I’m going to look into that. lol I guess I should realize that one as TLS is SSLs replacement. Still, seems like a good idea to use a CRL as well. Just saying.

I don’t know what 3 of these things are so I’m going to look them up.

MTBF – (mean time between failures) is a measure of how reliable a hardware product or component is.
ALE – Annualized loss expectancy. Used to measure risk with annualized rate of occurrence (ARO) and single loss expectancy (SLE). The ALE identifies the total amount of loss expected for a given risk. The calculation is SLE x ARO = ALE
ARO – annualized rate of occurrence

Lol so ARO is factored into ALE but its not a complete answer.

I’m very used to AD terms and this is new terminology to get used to these concepts as they seem to come up again and again so I may have covered this before but I’m going to go through it again.

Time based – this one seems obvious in that its a time of day restriction to resources
Manditory – mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target
Rule-based – Rules Based Access Control (RBAC), access is allowed or denied to resource objects based on a set of rules defined by a system administrator, I think this is what im used to. How could an OS with no administration perform this task?
Discretionary – In computer security, discretionary access control is a type of access control defined by the Trusted Computer System Evaluation Criteria “as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong, isn’t this the same as role-based? They are technically both user based

To be honest I think that I picked those since they are directly mentioned in the question. I do struggle with these questions however I’m kind of surprised by the MSCHAP answer. ok, lol, according this the answer is the obvious one answer which seems correct.

This is one is pretty straight forward and the answer could go either way because trojans do by pass authentication to install root kits essentially and then spread themselves. However, to be clear I’m 100% certain on what a RAT is: Remote Access Trojan (RAT) is a type of malware that allows hackers to monitor and control your computer or network lol so…a backdor.

A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields. A Faraday shield may be formed by a continuous covering of conductive material, or in the case of a Faraday cage, by a mesh of such materials

I dont really know what these terms are

MTBF – (mean time between failures) is a measure of how reliable a hardware product or component is. For most components, the measure is typically in thousands or even tens of thousands of hours between failures (we just did this one)
MTTR – Mean time to repair
RTO – recovery time objective
RPO – recovery point objective

I feel like the wording in the question is a little confusing but I understand what they are getting at and agree with it.

I had gone through about 100 questions this night and I have no idea why I picked that. Client side has nothing to do with executing a sql injection. input validation is what comes into play.

The thing is, I don’t have any clue how data deduplication could have any thing to do with this and to be honest I doubt ill find a solid answer. Data deduplication should, in theory be run, and then done with the number of files reduced.

lol SMPT is clearly wrong, FTPS I would have picked, SCP is what I’m confused on secure copy is a command-line utility that allows you to securely copy files and directories between two locations. and ive seen that before lol

All right, well that’s all for now and now to keep going with these pretest questions. 29% of the way through round 1 haha

01-06-2020 0

Security+ pt 4

All right, first post of the year. Here’s to having goals, making them realistic and following up with them. You know, thinking about naming conventions, is this really the best idea? I mean its the first thing people see. Anyway, I had hoped to finish this cert last year. I started on it but clearly did not get anywhere close to finishing it but I did get the Network+ so I mean its close. I also underestimated this one. Just to be honest I didn’t think it would be the tremendous amount of work that it absolutely is. And should be. However I was not expecting to see 700 questions haha. Initially I was supplied with a fairly small book and a slide deck. I was pretty sure that wasn’t going to cut it. Glad I didn’t try but to be honest I studded that stuff and learned from it so it was not a waste of time.

I know we covered this at least once before and I mentioned ‘did we talk about this already’ but here we are. Is this James Bond lol? Honestly, I’m not sure what they are talking about, for the reason, of transferring hidden data. Anyway, Steganography.

This is the stuff that will kill me on the test. I don’t think there is any way around getting a string of these looped together wrong given the margin for definitional argument. Given that, ill try.

EAP-TLS – EAP is an authentication framework, not a specific authentication mechanism.[1] It provides some common functions and negotiation of authentication methods called EAP methods. There are currently about 40 different methods defined. Methods defined in IETF RFCs include EAP-MD5, EAP-POTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, EAP-AKA, and EAP-AKA’. Additionally, a number of vendor-specific methods and new proposals exist. Commonly used modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAP-AKA, LEAP and EAP-TTLS. Requirements for EAP methods used in wireless LAN authentication are described in RFC 4017. The list of type and packets codes used in EAP is available from the IANA EAP Registry. It also uses certificates.
WPS – WPS stands for Wi-Fi Protected Setup. It is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS works only for wireless networks that use a password that is encrypted with the WPA Personal or WPA2 Personal security protocols
PSK – In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.
PEAP – PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server’s public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.

Yeah, i was close but PEAP doesn’t use a certificate.

Im going to be real honest, I got this right but I’m not really sure why haha

RIPEMD – RIPEMD (RIPE Message Digest) is a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of which RIPEMD-160 is the most common.
ECDHE – ECDHE stands for Elliptic Curve Diffie-Hellman Ephemeral. We recall that the purpose of Diffie-Hellman is to exchange a secret over an insecure channel; both sides build their own secret key from a value they received from the other participant: this is key exchange
Diffie-Hellman – method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman.[1][2] DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography.
HTTPS – HyperText Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet.

I guess we should look up that IKE phase thing too, In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.[1] IKE uses X.509 certificates for authentication ? either pre-shared or distributed using DNS (preferably with DNSSEC) ? and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived.[2][3] In addition, a security policy for every peer which will connect must be manually maintained.[2]. lol, well there we have it in plain text that it clearly uses that and only that.

photo missing null check_zpsjghqnybd.png

Honestly, this is a good one as I don’t know what these are. The answer is correct but I’m not a coder by any stretch and at some point feel like I should learn a little bit. Is now the right time to learn this? Unclear

Page exception – The exception is normally an object that is thrown at runtime. Exception Handling is the process to handle the runtime errors. There may occur exception any time in your web application. So handling exceptions is a safer side for the web developer.
Pointer dereference – The dereference operator or indirection operator, sometimes denoted by “*”, is a unary operator found in C-like languages that include pointer variables. It operates on a pointer variable, and returns an l-value equivalent to the value at the pointer address. This is called “dereferencing” the pointer
NullPointerException – In Java, a special null value can be assigned to an object reference. NullPointerException is thrown when an application attempts to use an object reference that has the null value
Missing null check – The program can dereference a null-pointer because it does not check the return value of a function that might return null.

/p>

photo smart card kerberos_zpshbos7nac.png

The real kicker here is what I think they are calling ‘mutual authentication’ which in the case of kerberos would occur with ticket creation process. I dont think you can use a smart card with CHAP or LDAP as they are both a little older and basic.

All right, I think that’s all for tonight folks. Tomorrow I’m off but being that ill be up all night I’m sure I’ll be going through test prep questions. Hopefully I can get 150 done over ‘the weekend’ which would put me at 250/700 for the first go around. wow, this thing is an absolute bugger.

01-02-2020 0

Security+ part 3…

Trying to get 15 questions into this post. Hopefully I can get that done. Will have to possibly take a few breaks in between doing that much work. Anyway, lets get into this. Trying to get this certification done quick lol. Oh I called CompTIA today and got alot of clarification on their recert process. Its not as bad as it seems. You just have to basically either do research or get a new, usually harder cert. I can handle that. I mean, my next 3-4 are booked up which should take about a year half to two years. Through that process at the end of two years I will have basically a break for about 2 years before I have to start stressing again to get my stuff renewed. I was really hoping the whole thing that was explained of get one, 3 years, the next one add 3 years and so on but but it only extends it from the date you get the cert so like if you get something in december then get a harder one in april then it only extends it to three years from april instead of being close to like a 6 year cert. However a server MCSA will renew a Network+ so thats cool. I like getting those. Man, what a lifestyle. Anyway, lets get into some questions.

I think im confused by what they mean when they say ‘web domain’ I mean honestly that could be any database. Are they saying it has to be housed on the webserver? Regardless lets look up what these things are. I mean, I mostly know but to be honest it seems good to be very clear on exact definitions.

TACACS+ – (Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user’s logon password to an authentication server to determine whether access can be allowed to a given system.
RADIUS – a networking protocol, operating on port 1812[1] that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport. Network access servers, the gateways that control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server.[4] RADIUS is often the back-end of choice for 802.1X authentication as well.[5]
Kerberos – Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner
SAML – Security Assertion Markup Language (SAML, pronounced SAM-el) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

Yep, its honestly pretty cut and dry. It uses XML and is for web SSO and I honestly was unaware of what it was. Kerberos confuses me slightly but the tickets are based on a time stamp so it is extremely secure. However with SAML I’m wondering where they store logins and passwords.

I got this question right but I did want to go over the definitions for the various ‘box colors’ just to be clear.

Black box – refers to a method where an ethical hacker has no knowledge of the system being attacked
Gray box – technique where the hacker has to use limited information to identify the strengths and weaknesses of a target’s security network.
White box – a method of testing the application at the level of the source code. These test cases are derived through the use of the design techniques mentioned above: control flow testing, data flow testing, branch testing, path testing, statement coverage and decision coverage as well as modified condition/decision coverage. White-box testing is the use of these techniques as guidelines to create an error-free environment by examining any fragile code.

Again, not clear on the definitions of these technologies for use as file transfer.

HTTPS – uses an easy and secure connection to their managed file transfer (MFT) platform to support browser-based transfers without having to install a web server. MFT is primarily a file transfer server, not a web server.
LDAPS – open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.[1] Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network
SCP – (linux but can install on windows) (secure copy) is a command-line utility that allows you to securely copy files and directories between two locations. With scp , you can copy a file or directory: From your local system to a remote system using SSH.
SNMPv3 – Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more. Used for network monitoring.

I still think HTTPS fits the bill however I may be missing something here.

I got this right but I wanted to go over SAM name as it pertains to a certificate. Subject Alternative Name field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL Certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain Certificate. So generally it extends to sub domains is how I’m understanding it.

Yep, going to need to hit those definitions.

NIPS – network-based intrusion prevention system (NIPS) is a system used to monitor a network as well as protect the confidentiality, integrity, and availability of a network. Its main functions include protecting the network from threats, such as denial of service (DoS) and unauthorized usage.
HIDS – A host-based intrusion detection system (HIDS) is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces, similar to the way a network-based intrusion detection system (NIDS) operates.
Web proxy – a proxy server is a server application or appliance that acts as an intermediary for requests from clients seeking resources from servers that provide those resources./li>
Elastic load balancer – I think we covered this one
NAC – Network access control, or NAC, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks.

Kind of a toss up on the NIPS or HIDS based on what I’m understanding. NIPS it is!

photo forensecs preservation_zpsdm0edzms.png

photo forensecs preservation pt 2_zpsvdccaaam.png

The weighting process on this is a bit confusing for me on this one. There is the definition below and to be honest i’m well aware of what’s involved in forensics but rabbit holes aside, it does seem like there should be some basic ideas on this.

It does match with this perfectly though so I’m good with it.

This seems like a question of definition too.

Virtual desktop infrastructure – defined as the hosting of desktop environments on a central server
WS-security and geo-fencing – Geofencing is a service that triggers an action when a device enters a set location, message-level standard that is based on securing SOAP messages through XML digital signature, confidentiality through XML encryption, and credential propagation through security tokens
A hardware security module (HSM) – a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing
RFID tagging system – type of tracking system that uses smart barcodes in order to identify items. RFID is short for “radio frequency identification,” and as such, RFID tags utilize radio frequency technology. … An RFID tag may also be called an RFID chip< /li>
MDM software – Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization.
Security Requirements Traceabiity Matric (SRTM) – s a document that maps and traces user requirement with test cases. It captures all requirements proposed by the client and requirement traceability in a single document, delivered at the conclusion of the Software devlopement life cycle

I guess MDM is the only thing that makes sense. I was thinking HSM also offered identification but that appears to be untrue.

This is the stuff that really gets me as it gets super confusing. At least for me. DNS uses TCP Port 53 for zone transfers, for maintaining coherence between the DNS database and the server. The UDP protocol is used when a client sends a query to the DNS server. The TCP protocol should not be used for queries as it gives a lot of information, which is useful to attackers. Honestly, not super clear on why a zone transfer port would be helpful in this case but ok.

photo cell phone encryption_zpscqkdkww8.png

No idea what type of encryption you would use on a cell phone so lets define these things.

Elliptic curve – a plane algebraic curve defined by an equation of the form. which is non-singular; that is, the curve has no cusps or self-intersections
one-time pad – an encryption technique that cannot be cracked, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent.
3des – a cryptographic cipher. It is a symmetric key block cipher, meaning that the same key is used to encrypt and decrypt data in fixed-length groups of bits called blocks
AES-256 – The Advanced Encryption Standard, also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology in 2001

You know, out of the choices AES for sure makes the most sense.

photo access control types_zpsqklvkfiz.png

I’m not sure which of these uses data classification labels and to be honest, it must be that mandatory is the only one. I highly doubt that its worth learning more than that.

This is another type of question that worries me as you need to know every single thing about every type of encryption. Clearly the answer is PEAP for the authentication of the device to the auth server and then passing the user name and password. Thats a very specific scenario based on how it works which leads me to believe that I basically need to know every thing about every auth type. I’m not going to stress too much about encryption because to be honest there are so many ways to encrypt things and to be honest they all seem kind of the same.

photo active-passive configuration_zpsixcncw2e.png

Honestly, I have no idea what active/passive configuration is referring to so I guess we should start there. Appears to have something to do with fail over clustering which makes sense with availability per this

What the fuck is war chalking? Honestly, I didn’t even think that was real. Warchalking is the drawing of symbols in public places to advertise an open Wi-Fi network. Inspired by hobo symbols, the warchalking marks were conceived by a group of friends in June 2002 and publicised by Matt Jones who designed the set of icons and produced a downloadable document containing them. lol, ok well now I know.

Yeah, ok. I totally fucked this one up. Lots to learn here, apparently. Why I picked steganography, I have no clue. ok so lets do a little reading. Ok, reading done and I appear to have added in ’email’ however so far I’ve learned nothing. However, this page is helpful but it doesn’t say any thing about message integrity. I guess that’s what we are going with.

Well, in the previous question I learned that it means that it absolutely came from the source that it says it came from due to the use of encryption keys so thats really all I need to know about this one.

Some times, in my opinion, the ideas surrounding cloud services get a little confusing. This seems like platform as a service to me but maybe that doesnt offer ‘back end environmental controls’. Seriously fucking, docker, azure. Done. cloud access security broker (CASB) is an on-premises or cloud-based security policy enforcement point that is placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. THIS QUESTION SAYS NOTHING ABOUT SECURITY BUT OK.

Ok, I have 5 more questions to do out of the first lot of 100 to get through every thing I had questions about and I may get to that tonight or I may not. Either way, obviously just starting on this but making really good progress. I think I kind of took it slow with Network+ but I did pass on the first try, luckily. Anyway, reached my initial goal of 15 questions on this post

12-31-2019 0