Security+: Implementing Secure Systems Design
The Sy0-501 exam seeks to test a candidate’s knowledge about a wide range of protocols throughout its structure, and we will take a look at how Domain 2.6 seeks to test this knowledge. Having a real world understanding about how 32 bit addressing schemes is a good idea, such as IPV4, but the exam also tests out IPV6 knowledge in the test taker as well. Below is a breakdown of the exam objectives of Domain 2.6, and the key points that it raises. A copy of the official Exam Objectives can be found on the CompTIA website in PDF format, the direct link can be found here.
When a candidate is thinking about getting ready for the Security+ Sy0-501 exam they should be familiar with secure protocols such as DNSSEC, SSH, S/MIME, SRTP, LDAPS, FTPS, SFTP, SNMPv3, SSL, HTTPS and Secure POP/IMAP. There is a lot to take in for this section, but we won’t be diving into the inner workings of each protocol. Instead, we will look at what you need to know about the protocols in relation to the exam, and more specifically, the Sy0-501.
Having said that, it is important to remember that TCP/IP is the primary protocol that is used in communications today, especially over the internet. It is therefore very important for candidates to be familiar with TCP/IP for the exam. Understand what the differences are between the v4 and v6 implementations of this protocol, and general usage and operation. If you find that these concepts are a bit too advanced for you, then you may have to look at revising the information that you learned from your Network+.
DNSSEC – You must understand the basic operational behaviour and requirements of DNS for this content in the exam, and know that it uses port 53 on TCP and port 53 UDP. Further to that, you should be familiar with what DNSSEC was created for in the first place, how it is used, and where it is used. Remember that DNS was designed to resolve names to IP addresses.
SSH – SSH has been around for a long time, and because of this most people have had exposure to it at some point during their studies. For the exam, candidates must know that SSH uses port 22 by default, and that it uses encryption when transmitting data, unlike telnet. Candidates should also know what applications and scenarios SSH would be used for.
S/MIME – If you are preparing to write your SY0-501 exam, you should be familiar with secure email protocols like S/MIME and PGP. Emails are encrypted and digitally signed, and you will be asked questions that will test your understanding of how it all works.
SRTP –Candidates have to be able to show that they can implement VoIP encrypted protocols for voice and video communications. They should also be able to show that they have a functional knowledge of authentication integrity and replay protection can be viewed using HMAC-SHA1.
LDAPS – Candidates must understand how to secure LDAP, how to configure it, and not let it run in a plain text mode, as well as the dangers of not implementing such security steps. The x.500 specification is emphasised quite a bit in the Security+ Sy0-501 exam, and you should understand that it is necessary to allow different operating systems to communicate with one another. You can also make LDAP more secure by adding an SSL component to it. Simple Authentication and Security Layer (SASL) and LDAP Secure (LDAPS) are required learning as well.
FTP/FTPS – A basic understanding of FTP should be held by prospective candidates, as well as the encrypted version, FTPS. That it communicates over SSH, making it port 22, and that it is a secure protocol. SFTP – Candidates should be wary of questions that could be confusing that relate to FTP, FTPS and SFTP, as well as their specific uses and differences between one another. Remember that SFTP allows downloads to be resumed, and that it operates over SSH so it is encrypted. The content here is very similar to the Sy0-401 exam.
SNMPv3 – SNMP is prevalent in many network management tools, so understanding how it works is not just valuable for the exam, but for real world applications as well. For the exam, remember that SNMP operates over UDP, and also which ports it uses to communicate. Older versions of SNMP did not use encryption, so remember that the latest version of SNMP uses encryption to communicate.
HTTPS – For the exam, remember that HTTP (port 80) is not encrypted, and that HTTPS (port 443) is encrypted. Be sure that you remember which protocols use which port, as well as how a user can tell if the webpage that they are visiting is secure or not.
Secure POP/IMAP – These email protocols use port 143 for IMAP and POP uses 110, however they can be secured by using other technologies like SSL /TTL thus changing the port numbers, so encrypted IMAP uses port 993 and encrypted POP uses port 995. Candidates should also understand how SMTP, POP and IMAP act under different encryptions.
SSL/TLS – Learn and remember which layer of the OSI model these run on. Remember ports above for this protocol as well as its basic functionality for the exam, where you would use them and why.
The Security+ wants to contextualize some of the theory that you have already learned with real applications and use cases, so what follows is a list of possible examples that could come up in the exam that show cases how some of these technologies are put to use out in the field.
Voice and Video
Be aware of the declining prevalence of traditional telephony systems and analogue circuits, and the increasing use of VoIP technologies. Learn how VoIP systems encrypt data, and how in some instances they cannot encrypt data, creating potential security issues.
For the exam ensure that you are aware of the importance of time synchronization systems, and how services like NTP are essential for device time management across a network, or the internet. There are some NTP based attacks that occur occasionally, so learn about what those entail in preparation for your Security+ exam.
Email and Web
Be mindful of the encryption methods that are available that protect these vital communications channels. Understand how they work, and what ports they use.
As we have seen, there are plenty of file transfer methods that can be employed over the internet, from FTP to P2P technologies. The Security+ goes into detail about internet based file transfers, but it doesn’t end there. Internal file transfer operations are also open for discussion. Windows File Sharing, SMB shares, NFS and other transfer tools are all potentially in the exam, so be sure that you understand how they work.
Real world examples range from Windows Active Directory, to Novell Directory Services, so be sure to understand them, and encrypted versions as well.
Remote access is a lot more common than it used to be, and although RAS is still a main focus, bear in mind that there are many different remote access technologies, and not just for computers. Learn all of the remote access system technologies that are outlined in the study guide that you are working from, as there are many to go through.
Domain Name Resolution
DNS is present in all IP based networks, make sure that you understand how it works, and where it operates within the OSI model.
Routing and Switching
The Security+ is keen to see your knowledge of potential attacks via your network infrastructure such as routers and switches. Be familiar with text book scenarios of attacks, what the attacks do to cause damage to the network, and how you could potentially prevent or mitigate such an occurrence.
Network Address Allocation
This section deals with subnet and binary value conversions. Be sure that you understand how to convert 32 bit IPv4 addresses into binary, as well as fundamental subnet theory. The exam doesn’t delve too deeply into this subject, but a working knowledge is needed if you are going to cope with such questions if they come up.
Most major software vendors have converted their license models into one form or another of subscription services. There are security considerations that need to be taken into account if you are to ensure that the transmission, storing and usage of highly valuable license information is to remain safe on your network.
We have covered quite a lot through this Exam Objective, but the essential information that you should know is a mixture of technologies and protocols. Infosec is running a Security+ bootcamp that deals with the new Sy0-501 version of the exam, and it is a highly valuable resource that will help you to make the most of your exam attempt +. More information can be found here about this comprehensive learning experience.