Study Up: A look at IT security from a CompTIA Network+ perspective
A new version of the popular CompTIA Network+ certification exam is about to be released (to be numbered N10-006) and there is something quite noteworthy about it: the emphasis on security. There are so many security-related topics, in fact, that it is almost more of a security exam than its counterpart, CompTIA Security+ (SY0-401). The prominence may not be readily apparent from casual observation, but the discussion which follows should elucidate.
N10-006 versus N10-005
Network Security has been a domain on the Network+ exam for many years now, and if you compare the most recent version of the exam to the new one, then you’ll even see that the weighting of this domain has gone down (from 19 percent to 18 percent). What you need to look closer to see is that the number of topics has gone up. The topic areas increased from six to seven (it is now domain three instead of five) and the total number of individual items that you need to know beneath those areas has increased 73 percent.
Among the topics added are ARP cache poisoning and inspection, botnets, mantraps, bluejacking/bluesnarfing, forensics, zero day attacks, security guards, security policies, proximity readers and key fobs, and video monitoring. As the list illustrates, a number of these topics are related to physical (versus electronic) security and are somewhat surprising additions to this exam.
N10-006 versus SY0-401
The most recent version of the Security+ exam went live less than a year ago, and what is surprising is that there are now a number of topics beneath the Network Security domain on the Network+ exam that don’t even appear on that updated Security+ exam. Among the topics found here and not there: eDiscovery, legal hold, TEMPEST, DHCP snooping, Edge (versus access control), keypad/cipher locks, permanent DoS, persistent and non-persistent agents.
If the updates were years apart, or if it were possible to look at the list and dismiss all the topics as being of importance only to a network administrator, then this would make sense. Since neither of those conditions exist, the question one has to ask is where does the problem reside? Is it that the Security+ exam is missing topics of importance that should be there, or is it that Network+ has gone overboard and included too much? My analysis would be that it is a combination of both — the current Security+ exam is weaker than it should be, and Network+ is trying to cover too much.
So What Does this Mean?
From a certification standpoint, simply put, it means that you have a good head start on Security+ certification study after you successfully finish taking the Network+ exam. It also means that Network+ certification is more valuable than ever. From the standpoint of an employer, I would want to hire an administrator who knows as much as possible about security and has a current knowledge base from which to pull recommendations and solutions for the company network.
What You Should Know
Whether you are planning on taking the current version of the Network+ exam or not, the computing vernacular now includes more terms that administrators should be aware of and familiar with. Some of these appear specifically in the topics beneath the Network Security domain, while others are new entries to the acronym list accompanying the exam objectives. We will close this discussion with a list of key words/phrases and brief definitions:
AAAA: Authentication, authorization, accounting, and address. Authentication is the process to determine if someone is authorized to use the network — if he can log on to the network. Authorization refers to identifying the resources a user can access after he is authenticated. Accounting refers to the tracking methods used to identify who uses the network and what they do on the network. Address refers to the address of the machine in question.
APT (Advanced Persistent Protocol): Though CompTIA uses “Protocol,” most use “Threat” as the last word of the acronym. In either case, it is an unauthorized person in a network, undetected, for an exceedingly long period of time.
AS (Autonomous System): A collection of connected IP routing prefixes under the control of a network administrator or entity that offers a common and defined routing policy to the Internet.
ASIC (Application Specific Integrated Circuit): An integrated circuit designed for a particular use instead of for general-purpose uses.
COS (Class of Service): A parameter used in data and voice to differentiate the types of payloads being transmitted.
CWDM (Course Wave Division Multiplexing): Contrary to the CompTIA acronym, most in the industry use “Coarse” for the “C” portion and it is a method of multiplexing in which different signals operate at different speeds. The best example of this is cable modems, allowing for different speeds of uploading and downloading.
DCS (Distributed Computer System): A system in which the whole is divided into many parts. The best example of this is using multiple computers to work together and appear to the user as a single entity.
eDiscovery: The discovery process used in conjunction with the legal system as it pertains to data in an electronic format.
IDF: Many networks use multiple wiring closets. When this is the case, the wiring closet, known as the main distribution frame (MDF), connects to secondary wiring closets, or intermediate distribution frames (IDFs).
Legal hold: The process of securing all the data needed for legal proceedings.
LWAPP (Light Weight Access Point Protocol): More commonly known as “Lightweight”, this is a protocol simplifying communication with multiple access points at the same time.
MDF: The main distribution frame is a type of wiring closet. The primary wiring closet for a network typically holds the majority of the network gear, including routers, switches, wiring, servers, and more. This is also typically the wiring closet where outside lines run into the network. This main wiring closet is known as the MDF. One of the key components in the MDF is a primary patch panel. The network connector jacks attached to this patch panel lead out to the building for network connections.
MIMO (Multiple Input, Multiple Output): The use of multiple antennas — often at both the transmitter and receiver — to improve communications.
MUMIMO (Multiuser Multiple Input, Multiple Output): A set of advanced MIMO technologies intended to enhance communications.
SCADA (Supervisory Control and Data Acquisition): A system operating with coded signals to remotely control a device or equipment.
SIEM (Security Information and Event Manager): Any of a family of products that combine security information management and event management to achieve a more holistic approach to security.
TEMPEST: A project commenced by the U.S. government in the late 1950s that all administrators should be familiar with. TEMPEST was concerned with reducing electronic noise from devices that would divulge intelligence about systems and information. This program has become a standard for computer systems certification. TEMPEST shielding protection means that a computer system doesn’t emit any significant amounts of EMI or RFI (RF emanation).
For a device to be approved as a TEMPEST, it must undergo extensive testing, done to exacting standards that the U.S. government dictates. Today, control zones and white noise are used to accomplish the shielding. TEMPEST-certified equipment frequently costs twice as much as non-TEMPEST equipment.
UC (Unified Communications): A combination of real-time (instant messaging, VoIP, etc.) with non-real-time (email, SMS, etc.) on the same platform.
UTM (Unified Threat Management): An approach to threat management that combines multiple security-related products (anti-virus software, IPS, etc.) into a single management console.