Syngress knows what passing the exam means to you and to your career. And we know that you are often financing your own training and certification; therefore, you need a system that is comprehensive, affordable, and effective. Boasting one-of-a-kind integration of text, DVD-quality instructor-led training, and Web-based exam simulation, the

  

Syngress Study Guide & DVD Training System guarantees 100% coverage of exam

objectives. The Syngress Study Guide & DVD Training System includes:

  ■ Study Guide with 100% coverage of exam objectives By reading this study guide and following the corresponding objective list, you can be sure that you have studied 100% of the exam objectives.

  ■ Instructor-led DVD This DVD provides almost two hours of virtual classroom instruction.

  ■ Web-based practice exams Just visit us at www.syngress.com/ certification to access a complete exam simulation.

  Thank you for giving us the opportunity to serve your certification needs. And be sure to let us know if there’s anything else we can do to help you get the maximum value from your investment. We’re listening. www.syngress.com/certification www.syngress.com/certification SSCP Systems Security Certified Practitioner Study Guide & DVD Training System The need for qualified information security specialists is at an all-time high. This is the only announced book that shows network and security

administrators how to obtain the SSCP certification.

  ISBN: 1-931836-80-9 Price: $59.95 USA $92.95 CAN AVAILABLE AUGUST 2003! ORDER at _{www.syngress.com/certification}

  MCSE Installing, Configuring, and Administering Microsoft .NET Server (Exam 70-275) Study Guide & DVD Training System A fully integrated (Study Guide/Online Exam/DVD) learning system guaranteed to deliver 100% coverage of Microsoft’s learning objectives for MCSE Exam 70-275, one of four core requirements for MCSE .NET certification.

  ISBN: 1-931836-92-2 Price: $59.95 USA $92.95 CAN SYNGRESS STUDY GUIDES & DVD TRAINING SYSTEMS

  AVAILABLE NOW! ORDER at _{www.syngress.com/certification} Watch for our Study Guide and DVD Training Systems for .NET Certification! Coming… May, 2003

  Security+ Study Guide & DVD Training System The Security+ Study Guide & DVD Training System is a one-of-a-kind integration of text, DVD-quality instructor led training, and Web-based exam simulation and remediation. This system gives you 100% coverage of the official CompTIA ^® Security+ exam objectives plus test preparation software for the edge you need to pass the exam on your first try.

  ISBN: 1-931836-72-8 Price: $59.95 USA $92.95 CAN

AVAILABLE NOW!

ORDER at _{www.syngress.com/certification}

  Will Schmied Robert J. Shimonski Technical Editor

  Dr. Thomas W. Shinder Technical Editor

  Tony Piltzecker

  Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or

production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results

to be obtained from the Work.

There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work

is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state

to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some

states do not allow the exclusion or limitation of liability for consequential or incidental damages, the

above limitation may not apply to you.

  You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc. “Mission

Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress

Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.

KEY SERIAL NUMBER

  001 PV43KFU7GY 002 Q29T6CN7VA 003

  8C38A9HF5X 004 Z6TN247H9Y 005

  7PT5R3T8MS 006

  3SHX6BNC4E 007 G8PQND42AK 008

  9EU6BKM8D7 009 SU76W4KDFH 010

  5BVF397V2Z PUBLISHED BY Syngress Publishing, Inc.

  800 Hingham Street Rockland, MA 02370 MCSE Implementing and Administering Security in a Windows 2000 Network Study Guide & DVD Training System Copyright © 2003 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0

  ISBN: 1-931836-84-1 Technical Editor:Thomas W. Shinder M.D Cover Designer: Michael Kavish and Tony Piltzecker Page Layout and Art by: Shannon Tozier Technical Reviewer: Robert J. Shimonski Copy Editor: Darlene Bordwell and Judy Edy

  Acquisitions Editor: Jonathan Babcock Indexer: Rich Carlson DVD Production: Michael Donovan Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada.

  Acknowledgments We would like to acknowledge the following people for their kindness and support in making this book possible. Karen Cross, Lance Tilford, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin Votel, Kent Anderson, Frida Yara, Jon Mayes, John Mesjak, Peg O’Donnell, Sandra Patterson, Betty Redmond, Roy Remer, Ron Shapiro, Patricia Kelly, Andrea Tetrick, Jennifer Pascal, Doug Reil, David Dahl, Janis Carpenter, and Susan Fryer of Publishers Group West for sharing their incredible marketing experience and expertise.

Duncan Enright, AnnHelen Lindeholm, David Burton, Febea Marinetti, and Rosie Moss

of Elsevier Science for making certain that our vision remains worldwide in scope. David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive our books. Kwon Sung June at Acorn Publishing for his support.

Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow,

Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates for all their help and enthusiasm representing our product in Canada. Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at Jaguar Book Group for their help with distribution of Syngress books in Canada. David Scott, Annette Scott, Geoff Ebbs, Hedley Partis, Bec Lowe, and Mark Langley of Woodslane for distributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.

Winston Lim of Global Publishing for his help and support with distribution of Syngress

books in the Philippines. v v

  Author Will Schmied (BSET, MCSE, CWNA, MCSA, Security+, Network+, A+) is a featured writer on Windows 2000 and Windows XP technologies for CramSession.com. He has also authored several works for various Microsoft certification exams.Will provides consulting and training on Microsoft prod- ucts to small and medium sized organizations in the Hampton Roads,VA area. He holds a bachelor’s degree in Mechanical Engineering Technology from Old Dominion University and is a member of the American Society of Mechanical Engineers and the National Society of Professional Engineers. Will currently resides in Newport News,VA with his wife, Allison, and their children, Christopher, Austin, Andrea, and Hannah.

  Contributors Dave Bixler is the Technology Services Manager and Information Security Officer for Siemens Business Systems Inc., one of the world’s leading IT ser- vice providers, where he heads a consulting group responsible for internal IT consulting, and is also responsible for information security company-wide. Dave has been working in the computer industry for longer than he cares to remember, working on everything from paper tape readers to Windows .NET servers. He currently focuses on Internet technologies, specifically thin client servers, transparent proxy servers, and information security. Dave’s industry certifications include Microsoft’s MCP and MCSE, and Novell’s MCNE.

  Martin Grasdal (MCSE+I, MCSE/W2K, MCT, CISSP, CTT, A+), Director of Web Sites and CTO at Brainbuzz.com, has worked in the computer industry for over nine years. He has been an MCT since 1995 and an MCSE since 1996. His training and networking experience covers a broad range of

products, including NetWare, Lotus Notes,Windows NT and 2000,

Exchange Server, IIS, Proxy Server, and ISA Server. Martin also works actively as a consultant. His recent consulting experience includes contract work for Microsoft as a Technical Contributor to the MCP Program on pro- jects related to server technologies. Martin has served as Technical Editor for

several Syngress books, including Configuring ISA Server 2000: Building

Firewalls for Windows 2000 (ISBN: 1-928994-29-6), and Configuring and Troubleshooting Windows XP Professional (ISBN: 1-928994-80-6). Martin lives in Edmonton, Alberta, Canada with his wife, Cathy, and their two sons.

  Technical Reviewer & Contributor Robert J. Shimonski (Sniffer SCP, Cisco CCDP, CCNP, Nortel NNCSS,

MCSE, MCP+I, Master CNE, CIP, CIBS, CWP, CIW, GSEC, GCIH,

Server+, Network+, i-Net+, A+, e-Biz+,TICSA, SPS) is the Lead Network Engineer and Security Analyst for Thomson Industries, a leading manufac-

turer and provider of linear motion products and engineering. One of

Robert’s responsibilities is to use multiple network analysis tools to monitor, baseline, and troubleshoot an enterprise network comprised of many proto- cols and media technologies.

  Robert currently hosts an online forum for TechTarget.com and is referred to as the “Network Management Answer Man,” where he offers

daily solutions to seekers of network analysis and management advice.

Robert’s other specialties include network infrastructure design with the Cisco and Nortel product line for enterprise networks. Robert also provides network and security analysis using Sniffer Pro, Etherpeek, the CiscoSecure

Platform (including PIX Firewalls), and Norton’s AntiVirus Enterprise

Software.

  Robert has contributed to many articles, study guides and certification preparation software,Web sites, and organizations worldwide, including MCP Magazine,TechTarget.com, BrainBuzz.com, and SANS.org. Robert’s back- ground includes positions as a Network Architect at Avis Rent A Car and Cendant Information Technology. Robert holds a bachelor’s degree from SUNY, NY and is a part time Licensed Technical Instructor for Computer Career Center in Garden City, NY teaching Windows-based and vii viii

Networking Technologies. Robert is also a contributing author for

Configuring and Troubleshooting Windows XP Professional (Syngress Publishing,

  

ISBN: 1-928994-80-6) BizTalk Server 2000 Developer’s Guide for .NET

(Syngress, ISBN: 1-928994-40-7), and Sniffer Pro Network Optimization & Troubleshooting Handbook (Syngress, ISBN: 1-931836-57-4).

  Thomas W. Shinder M.D. (MVP, MCSE) is a computing industry vet- eran who has worked as a trainer, writer, and a consultant for Fortune 500 companies including FINA Oil, Lucent Technologies, and Sealand Container Corporation.Tom was a Series Editor of the Syngress/Osborne Series of Windows 2000 Certification Study Guides and is author of the best selling book Configuring ISA Server 2000: Building Firewalls with Windows 2000

(Syngress Publishing, ISBN: 1-928994-29-6).Tom is the editor of the

Brainbuzz.com Win2k News newsletter and is a regular contributor to

  TechProGuild. He is also content editor, contributor, and moderator for the World’s leading site on ISA Server 2000, www.isaserver.org. Microsoft recog- nized Tom’s leadership in the ISA Server community and awarded him their Most Valued Professional (MVP) award in December of 2001.

  Tony Piltzecker (CISSP, MCSE, CCNA, Check Point CCSA, Citrix CCA,

Security+) is author of the CCSA Exam Cram and co-author of the

Security+ Study Guide and DVD Training System (Syngress Publishing, ISBN: 1-931836-72-8). He is a Network Architect with Planning Systems Inc., pro- viding network design and support for federal and state agencies.Tony’s spe- cialties include network security design, implementation, and testing.Tony’s

background includes positions as a senior networking consultant with

Integrated Information Systems and a senior engineer with Private

Networks, Inc. He holds a bachelor’s degree in Business Administration and is a member of ISSA.Tony resides in Leominster, MA with his wife, Melanie, and his daughter, Kaitlyn.

  Technical Editors ix

In this book, you’ll find lots of interesting sidebars designed to highlight the most impor-

tant concepts being presented in the main text.These include the following:

  ■ Exam Warnings focus on specific elements on which the reader needs to focus in order to pass the exam.

  ■ Test Day Tips are short tips that will help you in organizing and remembering information for the exam.

  ■ Notes from the Underground contain background information that goes beyond what you need to know from the exam, providing a deep foundation for understanding the security concepts discussed in the text.

  ■ Damage and Defense relate real-world experiences to security exploits while outlining defensive strategies.

  ■ Head of the Class discussions are based on the author’s interactions with stu- dents in live classrooms and the topics covered here are the ones students have the most problems with.

  Each chapter also includes hands-on exercises. It is important that you work through these exercises in order to be confident you know how to apply the concepts you have just read about.

  You will find a number of helpful elements at the end of each chapter. For example, each chapter contains a Summary of Exam Objectives that ties the topics discussed in that chapter to the published objectives. Each chapter also contains an Exam Objectives Fast Track, which boils all exam objectives down to manageable summaries that are perfect

for last minute review. The Exam Objectives Frequently Asked Questions answers those ques-

tions that most often arise from readers and students regarding the topics covered in the

chapter. Finally, in the Self Test section, you will find a set of practice questions written in

a multiple-choice form similar to those you will encounter on the exam.You can use the

Self Test Quick Answer Key that follows the Self Test questions to quickly determine what

information you need to review again.The Self Test Appendix at the end of the book pro-

vides detailed explanations of both the correct and incorrect answers.

  About the Study Guide & DVD Training System

  Additional Resources

There are two other important exam preparation tools included with this Study Guide.

  

One is the DVD included in the back of this book.The other is the practice exam avail-

able from our website.

  ■ Instructor-led training DVD provides you with almost two hours of virtual classroom instruction. Sit back and watch as an author and trainer reviews all the key exam concepts from the perspective of someone taking the exam for the first time. Here, you’ll cut through all of the noise to prepare you for exactly what to expect when you take the exam for the first time.You will

want to watch this DVD just before you head out to the testing center!

  ■ Web based practice exams. Just visit us at www.syngress.com/certification to access a complete Exam Simulation.These exams are written to test you on all of the published certification objectives.The exam simulator runs in both “live” and “practice” mode. Use “live” mode first to get an accurate gauge of your knowledge and skills, and then use practice mode to launch an extensive review of the questions that gave you trouble. x

  Table of Contents and Security+ Exam Objectives All of CompTIA’s published objectives for the Security+ exam are covered in this book. To help you easily find the sections that directly support particular objectives, we’ve referenced the domain and objective number next to the corresponding text in the following Table of Contents. In some chap- ters, we’ve made the judgment that it is probably easier for the student to cover objectives in a slightly different sequence than the order of the published CompTIA objectives. By reading this study guide and following the corresponding exam objective list, you can be sure that you have studied 100% of CompTIA’s Security+ exam objectives. xv

  ™ Domain 1.0 General Security Concepts …………………………1

Chapter 1 Access Control, Authentication, and Auditing ……3 Introduction…………………………………………………………4 Introduction to AAA ………………………………………………4 What is AAA? …………………………………………………5 Access Control ………………………………………………6 Authentication ………………………………………………6 Auditing ……………………………………………………7

1.1 Access Control………………………………………………………7

1.1.1 MAC/DAC/RBAC ……………………………………………8

  MAC…………………………………………………………8 DAC …………………………………………………………9 RBAC………………………………………………………10

1.2 Authentication ……………………………………………………12

  1.2.1 Kerberos ………………………………………………………17

  1.2.2 CHAP …………………………………………………………20

  1.2.3 Certificates ……………………………………………………21

  1.2.4 Username/Password……………………………………………22

  1.2.5 Tokens …………………………………………………………23

  1.2.6 Multi-Factor …………………………………………………24

  xvi Contents

  

1.2.7 Mutual Authentication…………………………………………25

  1.2.8 Biometrics ……………………………………………………26

  Auditing ……………………………………………………………27 Auditing Systems ………………………………………………27 Logging ………………………………………………………32 System Scanning ………………………………………………32

1.3 Disabling Non-Essential Services, Protocols, Systems

  and Processes ……………………………………………………34 Non-Essential Services…………………………………………34 Non-Essential Protocols ………………………………………35 Disabling Non-Essential Systems ………………………………36 Disabling Non-Essential Processes ……………………………36 Disabling Non-Essential Programs ……………………………36

  Summary of Exam Objectives ……………………………………40 Exam Objectives Fast Track ………………………………………41 Exam Objectives Frequently Asked Questions ……………………43 Self Test ……………………………………………………………44 Self Test Quick Answer Key ………………………………………52

Chapter 2 Attacks …………………………………………………53

1.4 Attacks ……………………………………………………………54

  Active Attacks ……………………………………………………55

  

1.4.1 DoS/DDoS ……………………………………………………56

  Resource Consumption Attacks ……………………………57

  

1.4.1 DDoS Attacks ………………………………………………58

  1.4.12 Software Exploitation and Buffer Overflows …………………63

  SYN Attacks …………………………………………………64

  1.4.3 Spoofing ………………………………………………………65

  

1.4.4 Man in the Middle Attacks ……………………………………69

  1.4.5 Replay Attacks …………………………………………………70

  

1.4.6 TCP/IP Hijacking ……………………………………………71

  Wardialing ……………………………………………………71 Dumpster Diving ………………………………………………72

  1.6 Social Engineering ……………………………………………72

  Passive Attacks ……………………………………………………73

  1.7 Vulnerability Scanning …………………………………………74

  Sniffing and Eavesdropping ……………………………………75

1.4.11 Password Attacks …………………………………………………76

  Contents xvii

  1.4.11.2 Dictionary-Based Attacks………………………………………77

1.5 Malicous Code Attacks ……………………………………………77

  Malware ………………………………………………………77

  1.5.1 Viruses ……………………………………………………78

  1.5.2 Trojan Horses ………………………………………………80

  1.5.3 Logic Bombs ………………………………………………83

  1.5.4 Worms ……………………………………………………83

  1.4.2 Back Door ……………………………………………………84

  Summary of Exam Objectives ……………………………………86 Exam Objectives Fast Track ………………………………………87 Exam Objectives Frequently Asked Questions ……………………89 Self Test ……………………………………………………………90 Self Test Quick Answer Key ………………………………………94

  ™ Domain 2.0 Communication Security …………………………95

  1.4.11.1 Brute Force Attacks ……………………………………………76

Chapter 3 Remote Access and E-mail …………………………97 Introduction ………………………………………………………98 The Need for Communication Security …………………………98 Communications-Based Security………………………………99

1.1 Remote Access Security …………………………………………100

  Site-to-Site VPN …………………………………………105 Remote Access VPN………………………………………107

  1.1.3 RADIUS ……………………………………………………108

  Authentication Process ……………………………………109 Vulnerabilities ……………………………………………109

  1.1.4 TACACS/+ …………………………………………………110

  TACACS …………………………………………………110

  XTACACS ………………………………………………110 TACACS+ ………………………………………………111 Vulnerabilities ……………………………………………112

  1.1.5 PPTP/L2TP …………………………………………………113

  PPTP ……………………………………………………113

  1.1.2 VPN …………………………………………………………105

  1.1.1 802.1x ………………………………………………………100

  EAP ………………………………………………………102 Vulnerabilities ……………………………………………103

  xviii Contents

  L2TP………………………………………………………116

  1.1.6 SSH …………………………………………………………118

  How SSH Works …………………………………………118

  1.1.7 IPSec …………………………………………………………118

  IPSec Authentication ……………………………………121

  ISAKMP …………………………………………………121

  

1.1.8 Vulnerabilities…………………………………………………122

  Eavesdropping ……………………………………………122 Data Modification…………………………………………122 Identity Spoofing …………………………………………123 User Vulnerabilities and Errors ……………………………123 Administrator Vulnerabilities and Errors …………………123

1.2 E-mail Security …………………………………………………124

  1.2.1 MIME ………………………………………………………127

  

1.2.1 S/MIME ……………………………………………………127

  1.2.2 PGP …………………………………………………………128

  How PGP Works …………………………………………129 PGP Interface Integration…………………………………129

  

1.2.3 Vulnerabilities…………………………………………………135

  SMTP Relay ………………………………………………136 E-mail and Viruses ………………………………………139

  1.2.3.1 Spam ………………………………………………………141

  

1.2.3.2 Hoaxes ……………………………………………………142

  Summary of Exam Objectives ……………………………………144 Exam Objectives Fast Track ………………………………………147 Exam Objectives Frequently Asked Questions …………………149 Self Test …………………………………………………………151 Self Test Quick Answer Key………………………………………158

Chapter 4 Wireless ………………………………………………159 Introduction ………………………………………………………160

1.6 Wireless Concepts ………………………………………………160

  Understanding Wireless Networks……………………………160 Overview of Wireless Communication in a

  Wireless Network …………………………………………161 Radio Frequency Communications ………………………161 Spread Spectrum Technology ……………………………163

  Contents xix

  WAP Vulnerabilities …………………………………………192 WEP Vulnerabilities …………………………………………193

  Additional Security Measures for Wireless Networks ………219 Using a Separate Subnet for Wireless Networks …………220 Using VPNs for Wireless Access to Wired Network ………220

  IEEE 802.1x Vulnerabilities …………………………………218

  Denial of Service and Flooding Attacks………………………215 Protecting Against DoS and Flooding Attacks ……………218

  Network Hijacking and Modification ………………………213 Protection against Network Hijacking and Modification…215

  Spoofing (Interception) and Unauthorized Access …………211 Protecting Against Spoofing and Unauthorized Attacks …213

  Sniffing ………………………………………………………208 Protecting Against Sniffing and Eavesdropping……………211

  Addressing Common Risks and Threats ……………………202 Finding a Target …………………………………………202 Finding Weaknesses in a Target ……………………………206 Exploiting Those Weaknesses ……………………………207

  Security of 64-Bit versus 128-Bit Keys …………………197 Acquiring a WEP Key ……………………………………198

  1.6.4 Wireless Vulnerabilities ………………………………………191

  Wireless Network Architecture……………………………165 CSMA/CD and CSMA/CA ……………………………166

  Common Exploits of Wireless Networks ……………………184 Passive Attacks on Wireless Networks ……………………184 Active Attacks on Wireless Networks ……………………190 MITM Attacks on Wireless Networks ……………………191

  Creating Privacy with WEP ………………………………176 Authentication ……………………………………………178

  1.6.3 WEP …………………………………………………………174

  IEEE 802.11b ……………………………………………171 Ad-Hoc and Infrastructure Network Configuration …………173

  1.6.2 IEEE 802.11 …………………………………………………170

  1.6.1 WTLS ………………………………………………………170

  1.6.3 WAP …………………………………………………………169

  Wireless Local Area Networks ………………………………168

1.6.4.1 Site Surveys …………………………………………………219

  xx Contents

  Temporal Key Integrity Protocol …………………………223 Message Integrity Code (MIC) …………………………223

  IEEE 802.11i Standard ……………………………………224 Summary …………………………………………………………228 Exam Objectives Fast Track ………………………………………231 Exam Objectives Frequently Asked Questions …………………234 Self Test …………………………………………………………237 Self Test Quick Answer Key………………………………………242