As before, there are no actual pre-requisite requirements to be qualified to take the exam. However, CompTIA recommends having A+ certification and nine months of computer network related experience. So, what has changed? In a domain comparison between the new N10-005 exam and the previous N10-004 exam official certification exam objectives as published by CompTIA, I discovered a handful of changes to highlight in this post.

Fewer Domains

The N10-004 exam divided the exam into six targeted topical areas called domains. The new N10-005 exam has five domains, although only three domain names are the same.

As you can see, the percentage of the exam related to the various topics has not really shifted much. However, some people will see the increase in Network Security from 11% to 19% as an indication that the focus on security has significantly increased on Network+. I don’t think this the case. In fact, security has been an integral part of networking for decades, and this was reflected in all previous versions of Network+. The latest revision of this exam simply reorganized all the disparate security material under the security domain.

Don’t stress over this chart, the number of domains, or even the percentage of the exam covered by each domain. In reality, the exam presents questions to you in a random order. While the test is a flat test (as opposed to adaptive), you receive questions randomly pulled from the test pool. Then those questions are randomly ordered #1 — #100. You must approach each question on its own merits, with no knowledge of which domain it belongs to. You should always consider each question in light of the entire collection of Network+ material, not just a single domain. Now, let’s review the updated content for the latest Network+ exam.

Domain 1: Network Concepts

Domain Name System (DNS) records (A, MX, AAAA, CNAME, PTR) (Sub-objective of 1.7)

Five common DNS resource records (RR) are now specifically mentioned in the exam objectives where just generic DNS, DNS ports, DNS server, and wrong DNS were mentioned previously.

Identify Virtual Network Components (Objective 1.9)

If any objective in N10-005 could be labeled as new, this is the most likely candidate. N10-004 did not include the word virtual or cloud. N10-005 does not include the word cloud either, but the sub-objective of Network as a Service (NaaS) is a specific type of cloud computing service.

Domain 2: Network Installation and Configuration

Mismatched Maximum Transmission Unit (MTU/MUT) Black Hole (Sub-objective of 2.5)

MTU is the largest packet size allowed on a segment (MUT is a misspelling or alternate phrasing of MTU). If there is a mismatch between two devices’ interfaces (router, firewall, proxy, etc.) on the same segment, the traffic can be dropped (i.e., black-holed). This does not typically occur on current networks as modern devices support the same MTU for their supported protocols, and there is no practical or benign need to reduce the MTU.

Bad Modules Small Form-factor Pluggable (SFPs), GigaBit Interface Converter (GBICs) (Sub-objective of 2.5)

SFP and GBIC are Cisco hardware components known generically as transceivers. They provide a hot-swappable media interface between various cable types and networking devices. Generally, if a module is bad, you replace it.

Domain 3: Network Media and Topologies

T1 Crossover (Sub-objective of 3.1)

In the rare circumstance where you must directly link two Channel Service Unit/Data Service Unit (CSU/DSU) devices, a T1 crossover cable would be used. This cable is similar in nature to the Ethernet crossover cable used to connect two hubs, two switches, or two PCs directly together.

Synchronous Digital Hierarchy (SDH) (Sub-objective of 3.4)

SDH, which is nearly identical to SONET, is a fiber optic-based multiplexing technology supporting numerous high-speed connections or channels.

Dense Wavelength Division Multiplexing (DWDM) (Sub-objective of 3.4)

DWDM is a multiplexing technology that places multiple signals, connections, or channels on a single fiber optic cable, each using a different wavelength of light. Of note, this item was on the acronym list of N10-004.

Long-Term Evolution (LTE) and Evolved High Speed Packet Access (HSPA+) (Sub-objectives of 3.4)

LTE is the current name for the IEEE 802.20 standard and is a competitor to the WiMax or IEEE 802.16 concept. LTE is a wireless communications standard that is currently being used as the next advance in mobile phone technology. HSPA+ is an enhancement of the Wideband Code Division Multiple Access (WCDMA) 3G wireless technology which has the potential to offer data speeds similar to that of LTE.

Passive Optical Network (PON) (Sub-objectives of 3.4)

PON is the use of fiber optic cable to the premises. It uses unpowered optical splitters to serve multiple locations simultaneously (such as end-users).

Domain 4: Network Management

Common Address Redundancy Protocol (CARP) (Sub-objective of 4.6)

CARP allows for a set of IP addresses to be shared by a group of hosts on the same subnet. This is to support failover redundancy and is commonly supported by firewalls, proxies, and routers. CARP is a public domain version of Cisco’s proprietary Hot Standby Router Protocol (HSRP) that performs the same function.

Domain 5: Network Security

Independent Computing Architecture (ICA) (Sub-objective of 5.2)

ICA is a Citrix solution to support thin-client or terminal services such as remote control or remote access capabilities. This and other remote access/remote desktop/thin-client concepts were present in N10-004 materials and discussions as well.

Evil Twin (Sub-objective of 5.4)

Evil Twin is a wireless attack tool that will automatically duplicate the identity of a trusted wireless network. Each time the interface is turned back on, it will seek out known networks and attempt to reconnect. The reconnect request includes the original Station Set Identifier (SSID) and base station Media Access Controller (MAC) address. The Evil Twin attack tool captures these reconnect requests and replies with a spoofed identity of the known network.

Nessus and Nmap (Sub-objective of 5.6)

Nessus is an open source vulnerability scanner that has a commercial version known as Tenable Network Security. Nmap is a free network mapper, port scanner, network discovery, and OS/service identification tool crafted by hacker-extraordinaire Fyodor. Both are excellent tools for evaluating a network’s functionality and vulnerabilities as a user, administrator, penetration tester, or criminal.

A Few Final Items

If you have already studied for the N10-004 exam, and you are not comfortable taking a small risk in taking the N10-005 exam, you can still take the 2009 version of Network+ until August 1, 2012. At that time, the N10-004 version of Network+ will be fully retired. If you are already approaching that deadline, either bite the bullet and take the exam or obtain updated preparation material and fine-tune your knowledge for the N10-005 exam.

Please visit www.comptia.org. Here you will see CompTIA’s summary of the exam and can download the official CompTIA Network+ N10-005 Certification Exam Objectives. Take the time to read over each and every item listed on the exam objectives. This will help you grasp how much you may already know and how much you will need to learn in order to be properly prepared to have a positive outcome on the latest revision of CompTIA’s Network+ exam.

Excerpted and available for download from Global Knowledge: Network+ 2011 Exam N10-005 Updates

Related Post
The CompTIA/Cisco Roadmap

Related Courses
Network+ Prep Course
A+ Certification Prep Course

• Communication Security
• Cryptography
• IDS/IPS/IDP
• Logging and Monitoring
• Penetration Testing
• Remote Access

Communication Security

Communication security protects the pathways across which voice and data traverse. The goals of communication security include prevention of eavesdropping to protect confidentiality, assurances of integrity, and the maintenance of availability of the connection itself. All communication channels, whether between devices on the same network, across a VPN, over a remote connection, or wirelessly over radio waves, must be protected. A significant portion of communication security requires appropriate encryption. Encryption is used to protect the data itself while in storage and transit and provide a digital means of authentication. Without proper security, communication is subject to interception, manipulation, or denial of service. Communication security also includes planning for protection, as new technologies and data flow patterns are incorporated into the workplace.

Cryptography

Cryptography is the science of obfuscation and is used to protect data while in transit or in storage. Data encryption includes three common sub-divisions: symmetric ciphers, asymmetric ciphers, and hashing. Symmetric cryptography is used for bulk data encryption, protecting information while in transit or in storage. Asymmetric cryptography is used to prove the identity of endpoints (e.g., digital signatures), or provide secure symmetric key exchange (e.g., digital envelopes). Hashing is used to detect alterations or verify integrity of communications and stored data.

IDS/IPS/IDP

Intrusion Detection Systems (IDS) are designed to notify administrators of suspect activities in the computing environment. Intrusion Prevention Systems (IPS) detect suspect activities and alter the environment in attempt to thwart those activities. New Intrusion Detection and Prevention (IDP) solutions can perform deep packet inspection on cloud traffic. These tools supplement the security provided by firewalls, proxies, malicious code scanners, and other typical security mechanisms. IDS/IPS/IDP may be able to detect violations based on pattern matching, anomaly detection, and behavior analysis. However, these tools require expertise for proper deployment, configuration, and tuning.

Logging and Monitoring

Logging and monitoring, in addition to auditing, are essential parts of keeping track of all of the events that occur within an organization’s infrastructure. Each and every piece of equipment that can record a log file should be configured to do so, especially firewalls, proxies, DNS servers, DHCP servers, routers, and switches. Plus, every OS and application that can log events should be enabled as well. The more extensive the logging, monitoring, and auditing, the more evidence will be collected about benign and malicious situations. Other important issues related to event tracking include historical log archival, securing logs, time synchronization, monitoring performance, vector tracking, maintaining accuracy, and complying with rules of evidence and chain of custody.

Penetration Testing

Penetration testing is the third major phase in security assessment and management. Penetration testing is used to stress test a mature environment for issues that cannot be discovered by automated tools or by typical administrators. Penetration testers are skilled in the method and tools of criminal attacks, the art of reconnaissance, and are masters of systems, protocols, and other aspects of IT from the perspective of malicious hackers. Testers craft exploits, modify code, decompile executables, applications, debug scripts, uncover covert channels, and more. These are essential skills of the members of a penetration testing team. A complete understanding of the benefits and the mechanisms of black box security testing will enable an organization to benefit fully from hiring an ethical hacking consultant or developing their own in-house testing team.

Remote Access

Remote access is convenient, can reduce costs, and can make work tasks more flexible, but it also increases risk for an organization. Once remote connectivity of any type is enabled for valid user access to a private network, the benefits of physical security are greatly reduced. As soon as authorized outsiders can establish valid connections to internal resources, hackers from across the globe gain the ability to attempt to intrude into those same remote access channels. Remote access includes traditional PSTN modems, VPN connections over the Internet, wireless connections, and more. Remote access often benefits from the implementation of AAA (authentication, authorization, and accounting) servers exclusively for remote users. Adding filters and rigorous oversight, such as with auditing and IDS/IPS/IDP solutions, is essential. Secure remote connectivity is possible, but is more challenging and involved than most organizations realize when first launching telecommuting or remote access projects.

Related Courses
Cybersecurity Foundations
Security+ Prep Course
Certified Ethical Hacker v7

Ethical hacking can be used to help determine that your company created the safest environment possible for your most valuable data. Whether it’s a local network, web application, or even a SQL database that is used to store sensitive records, the safety of that information is extremely important. If you run any type of business or organization that depends on the safety and security of your information, as most of us do, making sure it’s always safe and protected from cyber criminals is incredibly important.

When it comes to keeping a secure network or securing database records, many companies employee ethical hackers or even hire private security consultants to find the potential security holes before attackers locate these vulnerabilities. It’s only after you’ve found these vulnerabilities that you can then “patch” or secure these potential intrusion areas and put a stop to the potential threats.

If you’re interested in this field, one good place to start is to increase your knowledge of the field. There are several good certifications to get started. One is the CEH (Certified Ethical Hacker). Certified Ethical Hackers are used to ethically hack into their clients’ networks to make sure they are completely secure. The CEH exam requires candidates to have a wide knowledge of ethical hacking techniques and understand networking protocols. You can learn more by checking their website at http://www.eccouncil.org.

Related Posts
Are You Interested in IT Security?
Securing Cyberspace: Are You Ready?
Hacking Back in Self-Defense: Is It Legal; Should It Be?

Related Courses
Certified Ethical Hacker v7
Cybersecurity Foundations
Foundstone Ultimate Hacking

Security Specialist Certifications

Cisco Firewall Security Specialist

The Cisco Firewall Security Specialist certification recognizes security professionals with the skills to design, implement, and maintain Cisco security appliance solutions, using the Cisco ASA adaptive security appliance and zone-based firewall solutions. The Cisco Firewall Security Specialist certification validates skills and knowledge in implementing perimeter security solutions using Cisco security appliances. These certified specialists are actively involved in developing secure business solutions and designing and delivering multiple levels of secure access to the network.

Prerequisite: Valid CCNA Security certification.

Required Cisco Exams:
642–617 FIREWALL v1.0
642–637 SECURE v1.0

Cisco IOS Security Specialist

The Cisco IOS Security Specialist certification recognizes security professionals who can demonstrate the hands-on knowledge and skills that are required to secure networks, using Cisco IOS Security features embedded in the latest Cisco routers and switches as well as the widely deployed Cisco security appliances. Cisco IOS Security Specialists are able to secure the network environment and provide security services that are based on Cisco IOS Software, such as zone-based policy firewall, Cisco IOS IPS, user-based firewall, secure tunnels using IPsec VPN technology—including PKI, VTI and DVTI, Group Encrypted Transport VPN, and DMVPN—and advanced switch security features.

Prerequisite: Valid CCNA Security certification.

Required Cisco Exam: 642–637 SECURE v1.0

Cisco VPN Security Specialist

The Cisco VPN Security Specialist certification recognizes security professionals with the skills and knowledge to configure, maintain, troubleshoot, and support various VPN solutions, using Cisco IOS Software and the robust Cisco ASA adaptive security appliance. Cisco VPN solutions are widely deployed in many networks today. Many enterprises and service providers deploy these numerous VPN solutions at any given time for their various customers and organizations—from simple point-to-point tunneling to multilayer dynamic high-availability VPNs.

Prerequisite: Valid CCNA Security certification.

Required Cisco Exams:
642–637 SECURE v1.0
642–647 VPN v1.0

Cisco ASA Specialist

The Cisco ASA Specialist certification recognizes security professionals who have attained specialized in-depth expertise and proven knowledge of the recommended best practices in designing, implementing, maintaining, and troubleshooting network security solutions using the Adaptive Security Appliance technologies.

The Cisco ASA specialization is recognized as the benchmark security product certification for engineers, consultants, and architects who configure advanced Cisco ASA firewalls and VPN solutions, including advanced protocol handling, remote-access VPN, secure socket layer (SSL) VPN, site-to-site VPNs, high-availability VPNs, and failover features.

Prerequisite: Valid CCNA Security certification.

Required Cisco Exams:
642–647 VPN v1.0
642–617 FIREWALL v1.0

Cisco IPS Specialist

INFOSEC and network professionals who have the skills to properly deploy and configure the Cisco IPS are in high demand. Cisco IPS Specialists are professionals who can deploy, configure, and troubleshoot this appliance to work well in a complete security solution. Cisco IPS Specialists can operate and monitor Cisco IOS Software and IPS technologies to prevent, understand, and respond to intrusion attempts.

Prerequisite: Valid CCNA Security certification, or any CCIE certification.

Required Cisco Exam: 642–627 IPS v7.0

Cisco Network Admission Control Specialist

The Cisco Network Admission Control (NAC) Specialist certification demonstrates the hands-on skills necessary to install, configure, and operate the Cisco NAC appliance. By applying their knowledge of the Cisco NAC solution, Cisco Network Admission Control Specialists demonstrate the skills and knowledge needed to effectively identify, isolate, and clean infected or vulnerable devices that attempt to access the network.

Prerequisite: Valid CCNA Security certification, or any CCIE certification.

Required Cisco Exam: 642–591 CANAC

Voice Specialist Certifications

Cisco IP Contact Center Express Specialist

The Cisco IP Contact Center (IPCC) Express Specialist certification validates the comprehensive set of skills and knowledge required to plan, design, implement, and operate Cisco Unified Contact Center Express (formerly Cisco IPCC Express Edition).

Prerequisite: None

Required Cisco Exam: 642–165 UCCX

Cisco MeetingPlace Design Specialist

The MeetingPlace Design Specialist has the skills and knowledge to design a Cisco Unified MeetingPlace solution, including the Cisco Unified MeetingPlace Application Server, Media servers and Web Conferencing on premise or with WebEx optional solution. The MeetingPlace

Design Specialist will be able to administer and maintain a Cisco Unified MeetingPlace implementation using user interfaces and procedures and to configure specific integrations with other applications.

Prerequisite: None

Required Cisco Exam: 642–272 DMPS

Cisco MeetingPlace Support Specialist

The MeetingPlace Support Specialist has the skills and knowledge to implement a Cisco Unified MeetingPlace solution, including the Cisco Unified MeetingPlace Application Server, Media servers and Web Conferencing on premise or with WebEx optional solution. The MeetingPlace Support Specialist will be able to administer and maintain a Cisco Unified MeetingPlace implementation using user interfaces and procedures and to configure specific integrations with other applications.

Prerequisite: None

Required Cisco Exam: 642–274 IMPS

Cisco Unity Design Specialist

Building upon a strong foundational knowledge of Microsoft Exchange 2000 or 2003, the Cisco Unity Design Specialist can install, configure, operate, and maintain a Cisco Unity 4.0 system in both stand-alone voice mail and unified messaging environments and possesses the knowledge and expertise necessary to create a variety of sustainable Cisco Unity design solutions tailored to specific customer requirements.

Prerequisite: Valid CCDA or any CCIE certification.

Required Cisco Exam: 642–072 CUDN

Cisco Unity Support Specialist

Building upon a strong foundational knowledge of Microsoft Exchange 2000 or 2003, the Cisco Unity Support Specialist can install, configure, operate, and maintain a Cisco Unity 4.0 system in both stand-alone voice mail and unified messaging environments.

Prerequisite: None

Required Cisco Exam: 642–262 IUC

Video & TelePresence Specialist Certifications

Cisco TelePresence Solutions Specialist

The Cisco TelePresence Solutions Specialist certification recognizes expertise in planning, design, implementation (PDI), and maintenance of Cisco TelePresence deployments. Designed especially for mid-career voice specialists and networking engineers, Cisco TelePresence Solutions Specialist certification recognizes your ability to assess network paths for rich media, evaluate call-control design options, and configure interoperability functions.

Prerequisite: Valid CCNA certification is required, and a working understanding of CVOICE, QOS, CIPT1, and CIPT2 is highly recommended.

Required Cisco Exam: 642–185 ITSI

Cisco TelePresence Installations Specialist

The Cisco TelePresence Installations Specialist certification designates installation professionals who have mastered the physical deployment and construction of single-screen Cisco TelePresence systems (500, 1000, 1100, and 1300).

Prerequisite: None

Required Cisco Exam: 642–188 ITI

Cisco Rich Media Communications Specialist

The Cisco Rich Media Communications Specialist certification validates an IT professional’s ability to successfully design, implement, and support integrated voice, video, and web collaboration in a converged network.

Prerequisite: Valid CCNA certification, or any CCIE certfication.

Required Cisco Exams: 642–481 CRMC and 642–437 CVOICE

Related Courses
Cisco Certifications

When designing and deploying security solutions, a thorough understanding of what you have to protect is important. Just as important is understanding the vulnerabilities within and around your assets and infrastructure. A threat analysis considers the range of currently known threats and the potential and likelihood that an attack will be attempted against your organization. Do you know what’s coming at you?

Threat management is the mitigation of recognized risk in an attempt to lower that risk to an acceptable level. These efforts require the use of auditing and analysis to confirm your efforts. Humans can be your weakest link. Ensure that they have received adequate training to stay a step or two ahead of potential attackers through:

• Audit & Analysis
• Risk Assessment and Mitigation
• Social Engineering
• Threat Assessment
• Vulnerability Assessment

Audit & Analysis

Audit and analysis are techniques to measure, record, and understand the threats facing an organization. Audit trails, log files, monitoring data, and other collected data points are used to construct a historical perspective of the infrastructure. Some auditing tools are native to any OS, application, or network service. ISO 27002 lists common controls an organization can use to defend infrastructures. ISACA’s COBIT framework provides ways to test these controls when auditing. Standards and frameworks must be understood to prove corporate governance is compliant with applicable government regulations, such as:  Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS).

Making a record of events occurring on the network and within a system, as caused by a process or user account, is only the first part. Recorded event details need to be assessed and evaluated in context of all other events, both digital and physical. Such analysis can reveal what actually occurred and whether or not such occurrences are compliant and in adherence with required/expected work tasks. Internal auditing and analysis helps show a company is taking due care of their environment and can lead to resolving employee issues, tracking down criminals, and providing continuous improvement to the organization’s security profile.

Risk Assessment and Mitigation

Risk assessment is the initial and ongoing evaluation of an organization’s security stance in light of their assets, threats, and risks. Generally, risk assessment is performed as a multi-step process. This process starts with an inventory of assets. Each asset is assigned a composite value based on both tangible and intangible considerations. Threats that could negatively affect each specific asset are listed. Each of these threats is then evaluated in terms of the potential exposure factor (i.e. amount of potential loss), likelihood of occurrence (i.e. probability of becoming real), and annualized rate of occurrence (i.e. how often in a given year is threat realization possible). These calculations are analyzed to determine the threat/asset combination that is expected to cause the most harm the most often, and thus represents the largest risk to the organization.

Once risks are determined and prioritized based on severity and/or occurrence rate, countermeasures are selected to address top priority threats. Mitigation strategies include risk avoidance (i.e. removing elements of the environment or adjusting work tasks to remove that risk), risk reduction (e.g. installing security products or reconfiguring existing products), risk transference (e.g. assigning risk to others via outsourcing or insurance purchase), and risk acceptance (i.e. choosing to let a risk exist as is due to poor countermeasure options, lack of budget, small loss potential, or infrequency of occurrence). Overall, risk assessment and mitigation aims at taking an organization’s original total risk and reducing it to a manageable and acceptable level. All risk is never eliminated (every new control carries new risks), and risk is not all bad; the ability to analyze risk concisely requires training and exercise.

Social Engineering

Social engineering is any attack focusing on the humans of an organization. Since humans are the weakest link in any security solution, it is important to address this growing concern. Social engineering attacks can occur through any means of communication, both real world and digital, whether real-time or not. Social engineering attacks often prey on new or undertrained employees but just as often focus attacks on high value targets such as administrators or C-level executives. Confidence games played by hackers can range from seemingly innocent conversations asking for general information, (e.g. a name, e-mail address, phone number), to specifically targeted ploys to trick a victim into revealing secret information or performing a risk task (e.g. opening an e-mail attachment, typing in commands, or visiting a URL).

Due to the nature of social engineering, there are no specific technology defenses that address it. Some filters for SPAM or phishing in e-mail and Web browsers can help, but the best countermeasure is employee education and awareness. Employees need to know they are targets. They need to be more suspicious of contacts they don’t automatically recognize or that fail to provide a provable identity. Information classification policy should identify how data is to be classified and labeled. Each strata of classification should clearly identify what content can be shared with whom. When necessary, procedures should dictate the means by which identities can be verified, before revealing information or performing tasks. A thorough understanding of the means of social engineering and the common tactics employed by criminals will assist organizations in designing a training program that equips their personnel with the tools needed to avoid the common traps.

Threat Assessment

A threat assessment is part of a comprehensive risk assessment and risk mitigation process. It is the profiling and evaluation of threats that loom over an organization and its assets. Only when you know the potential harm that could occur is it possible to design and deploy an appropriate and sufficient security response. Threats include Internet attacks, internal personnel, nature’s physical elements, unplanned downtime, hardware failures, over allocation of resources and capacity, oversights, mistakes, and more. All of these must all be considered when designing an organization’s security solution. Understanding threats (i.e., what they are, how they manifest, how situations are used by criminals, etc.) involves learning how criminal hackers work, the process and costs of incident response and forensic investigations, as well as a thorough understanding the underpinnings of IT infrastructure, including hardware, firmware, operating systems, applications, file storage, network resources, databases, networking protocols, etc.

Vulnerability Assessment

When crafting and maintaining a secure infrastructure there are three primary phases or elements: risk assessment/analysis, vulnerability assessment/analysis, and penetration testing. Security starts with a risk assessment to establish a foundational security policy. Risk assessments are repeated on a regular basis to incrementally improve upon a security solution. Generally, risk assessments are more paper based methods of security assessment an analysis.

Vulnerability assessment is then possible once an initial security policy has been implemented into the deployed infrastructure. Vulnerability assessment seeks to confirm that all necessary patches and upgrades are installed, that reasonable configuration settings are in place, and that known flaws and vulnerabilities are addressed. This assessment is usually performing using mostly automated analysis tools which include an updatable database of checks, tests, and threat probes. Most vulnerability assessment tools can be run by a well-rounded network or security administrator. These assessment tools are generally safe to use and do not pose a serious risk to the infrastructure.

Once the administrative staff has responded to all issues uncovered by risk assessment and vulnerability assessment, the third phase of security assessment can be performed — namely penetration testing (a.k.a. ethical hacking). Penetration testing is when a highly skilled team of security experts use the tools and techniques of criminal hackers to test the resiliency of the deployed security infrastructure, the methods of detection, and human response. The goal of such testing is to reveal vulnerabilities and other issues that automated tools overlook and which skilled and focused criminal hackers may be able to uncover. If you are able to find these concerns before they are abused, defenses can be implemented to prevent those esoteric breaches which may have been unknown prior to the penetration test.

Related Courses
Cybersecurity Foundations
Security+ Prep Course
Certified Ethical Hacker v7

1. Stateful active/standby failover
2. Global Access Control Lists
3. Cluster load balancing
4. Server load balancing

The correct answers are 1, 3, and 4.

With Stateful Active/Standby failover, VPN users do not have to reconnect or reauthenticate should the Active ASA fail. With Cluster Load balancing a group of ASAs will work cooperatively to share the VPN load. With Server Based Load Balancing a Cisco Application Control Engine (ACE) is installed in a Cisco 7600/6500 series device and is used as an SSL VPN front end to multiple ASA servers running in parallel.

Security

Most enterprises considering BYOD think of security first. Securing the mobile device is important for different reasons, such as:

• Preventing access to the enterprise network by an unauthorized user of an authorized device
• Preventing unauthorized access to sensitive enterprise data that may be stored on the mobile device
• Preventing any malware from infecting the mobile device and then the enterprise network
• Preventing unauthorized access to the user’s personal information

Inventory

Today’s users often carry multiple mobile devices, such as a laptop, a notebook, a netbook, a tablet, and/or a Smartphone. Each mobile device has been on the market long enough to have seen multiple changes or upgrades to the operating system and other specifications. When adding devices to the enterprise network inventory, consider including the following items:

• User
• Storage
• User e-mail
• Wi-Fi versions supported
• Operating System
• Software applications

Registration

After adding the mobile devices to an inventory and deciding which of them are eligible to access the enterprise network, there must be a registration procedure. The enterprise IT department may choose to develop this software in-house, though most will find it easier to use a Mobile Device Manager (MDM) package to support this process.

Estimates

There is a finite limit to the number of mobile devices and applications that any enterprise network can support. BYOD dramatically increases the strain on the enterprise network, and it is, therefore, paramount to analyze potential bandwidth needs and possible challenges.

Bandwidth

Controlling the amount of network bandwidth used by mobile devices works in much the same way as with wired devices; therefore, there are some choices to be made regarding how best to proceed for optimal bandwidth.

Tracking

Keeping track of mobile device uses and usage improves the accuracy of traffic estimates as well as bandwidth planning. Knowing where mobile users are going and what they are doing in the enterprise network makes proactive network troubleshooting, network planning, and infrastructure adjustment more accurate and effective.

Compliance

Many of the regulations relating to enterprise computing and networking came into effect before the rush of mobile devices occurred. The challenges are to follow those regulations without having control over all the BYOD communications. Separately, some states and countries (such as the UK’s Data Protection Act 3) require written notification to users that you are monitoring their online activities and why. Adding this notification to the AUP that the user signs before accessing the enterprise network is just one more way to help maintain compliance.

Storage

In the best of all worlds, the expanded storage on a mobile device would be clear of any enterprise data, or sensitive or public knowledge. It is in the users’ best interest to be sure this is true. Many enterprise IT departments require a “force wipe” program to remove any enterprise data from the users’ mobile devices upon an employee leaving the enterprise or when the device is lost or stolen. This program may also wipe all personal data.

Financial

When an enterprise decides to allow BYOD access, some financial questions are bound to arise. Is this mobile device access a business cost or a convenience to the user? Will this apply to all employees or only a select group? Does the enterprise compensate the user for purchase, for monthly carrier charges, for insurance, for replacement…? How does the enterprise decide?

Multiples

More and more users will own two or three mobile devices that will be used in the enterprise. Unlike single location desktop computers, these mobile devices may access the enterprise network simultaneously. Accurate and complete tracking and logging of each device supports security, network monitoring, and network traffic flow.

Ownership

While most organizations have left mobile device ownership to the users, some have taken other routes. A few have purchased the devices for a minimal fee so that they may have legal control of the device and then resell it to the user at a future date for the same minimal amount.

Revocation

There will come a time that the mobile device (or the user) will need to have access revoked. In the case of the user, it could come from an AUP violation or departure from the enterprise or changing jobs in the organization. With the monitoring, tracking, and logging of each device, it is much easier to know if data may be stored on the device and to what extent so a limited wipe of enterprise data and configurations may be all that is required before user departure.

IT departments have multiple opportunities and challenges as a result of the BYOD invasion. The most common opportunity is to reinforce enterprise network security from both the inside and the outside. Supporting BYOD also offers more monitoring and tracking of activities that provides a more detailed view of network traffic flow. Beyond that, IT will gain valuable insight into which devices work best with the layout of the enterprise network.

Excerpted from Global Knowledge White Paper: 12 Steps to Bring Your Own Device (BYOD) Success

Related Post
Are You Ready for Mobile Learning?

Related Courses
Understanding Networking Fundamentals
TCP/IP Networking
Troubleshooting TCP/IP Networks with Wireshark

In order to protect your assets, you must first know what they are, where they are, and understand how they are tracked and managed. Are they secured? Who has access to them? Who tracks and manages them? Do you have functional procedures in place to respond and recover from a security breach quickly? Do you have a process improvement cycle to prevent re-occurrence?

These are all important issues related to assets. It’s important to remember what an asset is — it’s anything used in a business task. Generally, asset protection involves identification of assets, assessment of an asset’s value, and a determination of the technologies needed to provide sufficient security for that asset. There are many facets to the job of asset security including:

• Cloud Computing
• Virtualization
• Secure Coding
• Identity Management
• Information Assurance
• Public Key Infrastructure

Cloud Computing

The cloud offers computing services as a commodity. This involves a wide range of capabilities including online storage and backup, virtual/remote desktop, collaboration services, software as a service, platform as a service, and infrastructure as a service. Popular services include online office productivity (such as Google Docs or Office 365), computing services for custom applications (such as Engine Yard or Windows Azure), or complete back-end scalable datacenters (such as GoGrid or Rackspace). While cloud computing can greatly benefit an organization, it also introduces new and unique security concerns.

Cloud services are at odds with some regulations and security standards. Each organization is responsible for their own compliance of issues like prohibition of comingling of certain data types, hardware types, or data locations. Also, traffic flow must be understood. Is your sensitive and critical data encrypted in transit and while stored/processed in the cloud? Who has access to the encryption keys? What procedures are in place to manage ease of access, recovery options, downtime concerns, backup, privacy protections, and speed of interaction and throughput? Cloud computing revolutionizes technology. The benefits and drawbacks need to be considered carefully before shifting aspects of your infrastructure into the cloud.

Virtualization

Virtualization is the creation and/or support of the simulated copy of a real machine or environment. Virtualization can be used to provide virtual hardware platforms, operating systems/platforms, storage capacity, network resources, and applications. Virtualization can also be used to host applications on a different OS than they were originally designed or allow a single set of server hardware to host several server operating systems in memory simultaneously. Virtualization offers benefits of lower hardware costs, reducing operating costs, efficient backups/restoration, high-availability, portability of services, faster deployment, expandable/scalable, and more. Virtualization adds security to the computing environment by permitting servers to be logically separated from each other. However, virtualization can cause problems with licensing, patch management, and regulation compliance which may cause slower performance of services, greater potential of single point of failure, and potential security concerns due to hardware re-use or sharing.

Secure Coding

Secure coding practices are essential to reducing the threat caused by the exploitation of processes, bad/poor coding, and flaws in design. Secure coding includes the consideration of appropriate controls at the onset of development, proper consideration given to design, robust code and error routines, minimizing verbose error messages, eliminating programmer back doors, bounds checking, input validation, separation of duties, and comprehensive change management. Failure to use secure coding practices leads to software that is susceptible to buffer overflow attacks, DoS attacks, and malicious code injection attacks. Non-robust code can also provide a path for database and command injection attacks.

Secure coding practices can include many aspects of secure design integration and attack prevention. For example, software can be designed to authenticate all resource requests and processing actions before allowing a task to operate. Additionally, software needs to limit and sanitize input to prevent scripting, meta-characters, and/or command injection are essential parts of secure coding. Secure coding is more than just a few extra lines of code; it is an entire process and architecture of software development.

Secure coding is an essential security practice not just for vendors that sell/release products to the world-wide market but also for internal software developers that develop code for use exclusively by internal users or which is exposed to the world via an Internet service. One of the biggest mistakes companies make in relationship to the Internet is assuming their Internet servers are secure and cannot be compromised, and if they were ever compromised it would not lead to serious consequences or a breach of their private network. This is usually a poor assumption. With the growing popularity of fuzzing tools to find coding errors, the proliferation and distribution of buffer overflow exploit code, and with several variants of code injection attacks (including SQL, command, XML, LDAP, SIP, etc.), no Internet service can ever be assumed to be immune from breach.

Identity Management

Companies collect a lot of customer and employee data. Identity management involves the protection of all personally identifiable information (PII). This protection includes proper classification of information, delineation of the lines of communication, and strict policies and procedures for access control. Accountability is a key requirement to hold all information requestors (‘subjects’, both internal users and outside attackers) liable for their actions.

Credentials are a popular form of PII subject to attack. All repositories of personal information, access channels to those repositories, and exchange of information with those repositories needs to be protected with strong authentication and encryption. Today’s sharing of information, transient locations of data repositories, and society’s acceptance of weak authentication set the stage for transitive attacks. Transitive attacks occur when a trust is allowed without realizing that it included other trusts that you were unaware of, and that can defeat your security.

Information Assurance

Information assurance satisfies management’s desire for a given security profile, indicating that all data is properly protected and able to be accepted as accurate and readily available. The set of processes needed to support this assurance requires the establishment of a reliable means to lock down assets and track their usage. Specifically, information assurance is focused on the security of data or information typically stored in files. It is important to properly manage the risk of using, processing, transmitting, and storing these data files. Secure data management addresses not just electronic or digital issues, but physical storage media (especially portable media) as well.

Public Key Infrastructure

Public Key Infrastructure (PKI) is a security framework and is generally comprised of four main components: symmetric encryption, asymmetric encryption (often public key cryptography), hashing, and a reliable method of authentication. Symmetric encryption is used for bulk encryption for storage or transmission of information. Asymmetric encryption is used for digital signatures and digital envelopes (i.e., secure exchange of symmetric keys). Hashing is used to check and verify integrity.

How will you assure reliable authentication is used to ensure that only valid entities participate in the PKI environment, secure key delivery, secure key use, and key revocation? Customers’ belief in the credibility of certificates, and therefore security of transactions with your website, depend on the reputation and reliability of the CA. Due to recent events by hackers, blind use of digital certificates has been called into question. As with any protection measure, companies need to understand what PKI technology affords us in terms of protection, as well as to be cognizant of the technology’s limitations and vulnerabilities.

Related Courses
Cybersecurity Foundations
Security+ Prep Course
Certified Ethical Hacker v7

Earlier this year at the RSA conference, RSA chief Arthur Coviello stated that, “never have the attacks been as targeted, with the aim of breaching one organization as a stepping stone to breaching others.” The last few years have seen a real increase in the rate and magnitude of cyber attacks. While there are several bills in congress slated to address cyber security, there is still much more work to be done. Most of this work will be done by employees and contractors.

If you are interested in making the move to IT security, the best way to start is to increase your security skill set. This can include classroom training, college classes, and reading online security sites and blogs. Some of the areas that I would expect to see growth in include hands-on technical skills, security management practices, risk management, applications development, and cloud security.

Increasingly, the Internet interconnects individuals and businesses which also grants unfettered access by criminals and those who wish to abuse these systems. “Cyber threats” define the attacks that compromise computers, networks, data-sets, and/or their communications. “Cyber attacks” can reach a target from local sources (ie, already on your network) or from across a wide area network link (ie, the Internet). A compromise of IT infrastructure, communications, or data stores can result in serious economic and financial losses. Additionally, security breaches can lead to privacy violations, negative publicity, a depletion of public trust, a reduction of consumer confidence, and loss of market share. Security compromises can cause a violation of regulations, place the organization at risk of losing their license to operate, cause bankruptcy, and potentially trigger criminal or civil penalties for the organization and its officers.

Organizations must take the threat and risk of computer hacking seriously. A well-trained and prepared cyber-work-force is imperative. All personnel in the organization, from the C-level executives to new interns, require cyber-awareness. All organizations benefit from having some personnel trained as cyber warriors. A well-prepared organization is able to build sufficient defenses to ward off most attacks, tune detection systems to discover attempted attacks, and respond to compromises promptly in order to contain and eradicate the violation. The best defense starts with information, knowledge, and education. You need the right-people with the right skills and expertise to counter the ever present onslaught to cyber threats and attacks. Six main security disciplines and their corresponding competencies include:

• Asset Protection
• Threat Management
• Access Control
• Incident Management
• Configuration Management
• Contingency Planning

Continuing next week, this seven part series will teach you to use and understand each of these disciplines to better protect you and your company.

Related Courses
Cybersecurity Foundations
Security+ Prep Course
Certified Ethical Hacker v7