CertiGuide to Security+ - 0.0 Introduction to Security

WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Like what you see? Get it in one document for easy printing!

Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!

Get It Here!

CertiGuide to Security+
9 Chapter 0: Read.Me

Chapter 0: Read.Me

0.1 You’re saved….If

0.0 Introduction to Security
(Page 4 of 5)

The Biggest Challenge in Security is People

There is a term for this challenge¹²: social engineering. There is one school of thought that suggests social engineering is not part of the security issue. The argument attempts to split technology from people. While your authors understand the difference, this is a work concerning security and we have kept in mind that people are parts of the security issue – a statement with which both the CompTIA’s exam objectives and a CompTIA survey agree¹³.

The first part of your effort here is ‘selling’ the idea that security is in the other person’s best interest. It was Samuel Clemens (also known as Mark Twain) who, in his essay “What Is Man?”¹⁴ stated that, “every one of us acts at all times in his own interest.” The trick is to supply the data to the users in a form through which security can be properly applied to suit their own best interests.

Your authors do not mean to imply that most workers don’t care about their jobs. Social engineering, which is the most successful form of attack used by the outside intruder, often specifically takes advantage of workers’ desire to be helpful to coworkers, vendors or other business partners while doing their jobs. For example, the intruders’ first phone call to an employee reveals the name of the person in charge of the phone system. The second phone call wants to know the make and model of the phone system. This gives the intruders the data to make the third phone call -- to get a person do perform some simple step, as requested by (insert obtained name from the first call). With this, the intruders just got an employee, who thought they were doing their job, to prop open a door on the phone system for the intruders. A perfect example for this attack is the Kevin Mitnick scandal.

We have carefully chosen one example to highlight as a typical method into your network that is not often thought of…..your modem. Modems tend to be forgotten because they are not as new and super fast as a network broadband connection.

Even at 28Kbps, a modem that is not monitored for a few days can be the loophole allowing a fair amount of data to slip out undetected.

__________________

12. http://www.comptia.org/pressroom/get_news_item.asp?id=207

13. http://www.theregister.co.uk/content/55/36706.html

14. http://users.telerama.com/~joseph/mantble.html

Chapter 0: Read.Me

0.1 You’re saved….If

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!

Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.