CertCities.com -- The Ultimate Site for Certified IT Professionals
Listen, See, Win! Register for a Free Tech Library Webcast Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets


CertCities.com
Let us know what you
think! E-mail us at:



 
 
...Home ... Editorial ... Tips ..Tips Article Friday: April 4, 2014


My Top 10 Tips for Passing the CIW Security Professional Exam
If you want to pass this Prosoft exam, here's what you need to know (Hint: TCP/IP, TCP/IP and more TCP/IP!).

by James Michael Stewart

7/31/2002 -- ProsoftTraining.com's Certified Internet Webmaster (CIW) Security Professional exam is for IT professionals who have proficiencies in network administration and want to expand their professional credentials to include security. This exam, in combination with your existing Microsoft, Cisco, Sair or LPI title, earns you Prosoft's CIW Security Analyst certification (more information here).

The exam itself (#1D0-170) favors students who have hands-on experience deploying a security policy and configuring security on various operating systems. However, anyone with sufficient knowledge should be able to pass this exam.

I consider the CIW Security Professional exam an entry-level security exam. While I did find it moderately challenging, it's not as extensive or difficult as other security certifications. To aid in focusing your studies, here are my top 10 study tips for this exam. (Note: These tips are for version 4 of this exam. Check that the version hasn't changed before you start studying. To download current objectives from the CIW Web site, click here.)

Tip # 1: Get Your TCP/IP Basics Down
TCP/IP is the basis of all life. Well, if you listen to most networking and security professionals, it certainly seems as if this is true. The CIW Security Professional exam relies heavily on a solid and functional understanding of TCP/IP.

I was surprised by the amount of TCP/IP specific information on the exam. In fact, thorough knowledge of TCP/IP pretty much guarantees you a great score! If you are rusty or hazy on TCP/IP basics such as addressing, subnetting, routing, etc, then you'll need to spend time getting up to speed.

For example, know the standard TCP/IP address classes:

Class A 1 - 126.x.y.z 255.0.0.0
Class B 128 - 191.x.y.z 255.255.0.0
Class C 192 - 223.x.y.z 255.255.255.0
Class D 224 - 239.x.y.z (multicast)
Class E 240 - 255.x.y.z (experimental)

Know the private IP addresses defined in RFC 1819:

Class A: 10.0.0.0 - 10.255.255.255
Class B: 172.16.0.0 - 172.31.255.255
Class C: 192.168.0.0 - 192.168.255.255

Know the TCP/UDP ports for common protocols, services, and applications, such as FTP, SMTP, DNS, POP3, Telnet, HTTP, NNTP, etc. A general familiarity with ports 1 through 1023 is also a good idea. The IANA maintains a port assignment listing at http://www.iana.org/assignments/port-numbers.

Tip #2: Know the OSI Model and How TCP/IP Maps To It
Yep, another tip on TCP/IP. After all, a thorough understanding of TCP/IP will help you know how to protect a network, right? Well, if you didn't think so before, you should now. In addition to knowing TCP/IP, this exam expects you to understand how it compares with the OSI model for networking protocols.

As you probably know, the OSI model is the ideal design standard against which all protocols are compared and contrasted. It consists of seven levels:

1. Application
2. Presentation
3. Session
4. Transport
5. Network
6. Data Link
7. Physical

The TCP/IP protocol has only four layers that map against the OSI model:

TCP/IP OSI
1. Application 1,2,3
2. Host to Host 4
3. Internet 5
4. Network Access 6,7

Tip #3: Yep, You Guessed It: More TCP/IP!
I'm not kidding about this TCP/IP thing! TCP/IP is the most widely used protocol on the planet (probably even in the universe). So, if you understand where it has weaknesses, you can protect yourself by installing countermeasures against exploitations.

TCP/IP communications are established using the three-way handshake process:

1. The client sends a SYN packet to the server.
2. The server responds with a SYN/ACK packet to the client.
3. The client responds with an ACK packet to the server.

Once this process is complete, the client and server have an open communications channel. Once their communication is completed, they close the connection using a similar process that employs a FIN packet instead of a SYN packet.

The SYN/ACK process of TCP/IP is often attacked. The most common attack is the SYN flood. This attack involves a malicious client sending numerous SYN packets to a server, but never responding to the server's SYN/ACK packet with the expected ACK. This usually results in a denial-of-service (DoS) since the server will keep listening ports open waiting for a response. If a sufficient number of SYN packets flood the server, no legitimate traffic will occur.

Tip #4: Where Are You Vulnerable?
Most attacks don't focus on TCP/IP directly, but rather focus on individual application or service protocols, such as FTP, SMTP, HTTP, Telnet, SNMP, DNS and ICMP. You'll need to be aware of the limitations and vulnerabilities of each of these various protocols.

FTP requires user authentication, but logon credentials are passed in the clear, thus making packet sniffing for passwords worthwhile. Also, FTP does not comply with account lockout policies, so a brute force attack can be waged against an FTP logon prompt. For these reasons, FTP servers should be housed in a DMZ, and users should have different usernames and passwords for the FTP server and not re-use the same ones from the internal network. When FTP services are compromised, intruders often deposit Trojans, viruses or hacker tools for later use.

E-mail (SMTP, POP3, IMAP) is now the most common distribution medium for viruses. Scanning for viruses or blocking suspect attachments is a necessity. A key element in establishing and maintaining e-mail security is end-user education. Users should never open attachments on unsolicited and unverified e-mail, even from known sources.

Web (HTTP) servers are another common vulnerable spot on systems and networks. Always locate public Web servers in a DMZ. All active content (such as CGI scripts) should be thoroughly scanned for malicious code. Keep current on OS and Web server patches to lock down any known security holes.

Telnet is insecure since it transmits all data in clear text. Avoid using telent -- instead, use a secure remote connection service, such as SSH. SNMP, while useful for network management, also transmits in clear text and employs commonly known default community names. Both Telent and SNMP should be blocked at your firewall.

DNS is vulnerable due to how zone file transfers are managed. If a malicious entity can update a DNS zone with invalid data, they can redirect traffic or just block access. Internal DNS information should not be broadcast to the Internet. Zone transfers to your internal DNS servers should not originate from the Internet.

Tip #5: OS Savvy
I found that familiarity with Windows NT and UNIX operating systems essential for this exam. If you don't have hands-on experience with these operating systems, I suggest you spend a little time obtaining some. You don't need to memorize syntax, but a working understanding of the top commands and utilities will help you in life as well as on the exam.

Some of the commands you should know include nslookup, whois, host, traceroute/tracert, ping scanner, port scanner, share scanner, chage, umask, chmod, rlogin and passwd.

In addition, you must also know common or standard directory structures on both Windows NT and Unix systems. On Windows NT, know the paths for the default system folder (\%systemroot%), user profiles folder (\%systemroot%\profiles), Registry file storage folder (\%systemroot%\System32\config), and main IIS folder (\Iispub). On Unixsystems, know the paths for the root (\), administrative commands (/sbin), user commands (/bin), O/S files (/usr), system commands (/usr/bin), locally installed software (/usr/local), log files (/var/log), and user home directories (/home).

Tip #6: Encryption Basics and Cryptographic Mechanisms
Encryption is used to protect the secrecy of logon credentials as well as transmission of data. Kerberos is an encryption mechanism used to protect logon credentials and verify identity. Kerberos uses a system of tickets and a trusted third-party server (known as the Kerberos Distribution Center or KDC) to support secured client/server interactions. However, the trusted KDC is a single point of failure. If the KDC is offline, the network is unable to function normally.

One-time passwords (OTP) are password that are only used once before they expire. OTP systems are immune to sniffing since passwords are useless after their one use.

SSL or Secure Sockets Layer is an encryption protocol developed by Netscape to protect the transfer of data over the Web. Most popular Web servers support SSL. SSL uses private keys to encrypt transmitted data, such as credit card numbers.

Tip #7: Attack Types
Many different attacks can be waged against individual systems and entire networks. Not surprisingly, knowing these attacks is a key part of this exam. Some of the attacks you should know about are:

  • Brute Force Attack: Attempting to guess an account's password through a systematic trial of every possible character combination
  • Buffer Overflow Attack: An attack where too much information is sent to a server. If the server is not programmed properly, the extra data that does not fit into the input buffer may overflow into another area of memory. The extra overflowed data can often be comprised of malicious code that can compromise the security of a system.
  • Denial of Service (DoS): An attack that sends so much malicious or useless data to a server that it is unable to process legitimate traffic.
  • Dictionary Attack: Attempting to guess an account's password through a systematic trial of a long list of common passwords.
  • Land Attack: Sending out IP packets with the same spoofed source and destination IP address of the victim, causes DoS or system crash of the victim.
  • Hijacking: An attack where a malicious entity takes over the communications session from a victim. The client/victim's communication is terminated, but the server continues to communicate with the new entity because it thinks it is still the original client.
  • Man in the Middle: Any type of attack where the malicious entity intercepts data by positioning themselves between the client and server of a communications link.
  • Ping of Death: Sending a victim system a ping packet larger than 65,536 bytes, this causes a buffer overflow and crashes the system.
  • Root Kit: A collection of tools often deposited to compromised systems that grant the hacker the ability to easily regain access to the system. The root kit often contains tools to hide malicious activities, scan for data, capture passwords, etc.
  • Smurf Attack: Sending numerous ping packets to a system with a spoofed IP address of the intended victim. The victim received numerous ping replies that often result in a DoS.
  • Spoofing: Any number of attacks that use constructed TCP/IP packets to fake source or destination IP addresses. Spoofing makes tracking down the actual source of attacks extremely difficult.
  • SYN Attack: Sending a server SYN packets without completing the handshake process often results in a DoS.
  • Teardrop Attack: Sending a server a TCP/IP packet that has an invalid offset value in its header. This invalid code causes the server to crash.
  • Trojan: Any program that hides code that may be automatically or remotely enabled to perform malicious actions.

Tip #8: Know Common Security Practices and Implementations
To have good security, you must start with a security policy. I know, I know, you're just the hands-on guy. But a solid security policy is the foundation of a solid security solution. Without a security policy, you won't have a complete solution and therefore won't have worthwhile security.

The security policy must address security for every aspect of an organization from physical access to logical/technical controls to user education. Once security is deployed, it must be tested, audited and tuned regularly.

Be familiar with common security practices, such as applying relevant security patches to OSes and software, removing unneeded services and applications, and not relying on the default settings of any security control.

Tip #9: Understand Firewall Basics
To establish a secure environment, you're probably going to need a firewall. But a firewall is only secure as its configuration (never use the defaults) and the OS or hardware supporting it. You should be familiar with the basic uses of firewalls and the general strengths and weaknesses of deploying them.

Also be familiar with the various types of firewalls: packet-filtering, circuit-level gateway, application-level gateway and stateful inspection. Some firewalls can also serve as proxies using NAT.

Tip #10: Find a Good Study Guide
Even if you can say that you already have a solid grasp on all the concepts, issues, and topics covered in this article, it still pays to study. I highly recommend using practice exams. There are numerous free and for-a-price practice exams available on the Internet -- just do a search on Google on "CIW Security" to find them. Plus, many study guides include practice exams at the end of each chapter, at the end of the book, and on the included CD. I found working through a handful of practice exams prepares me for the exam better than any other activity. I usually take a "final" practice exam the night before the real exam as my last study effort before dinner and sleeping.

Be selective when choosing a study guide; don't just by one because you like the cover or someone else recommended it. Take the time to read a chapter, scan for details, review the table of contents, etc. There are already several great CIW Security Professional exam study guides available (I chose "CIW Security Professional Certification Bible" -- but again, make your own choice).

Have you taken this exam? What did you think? Post your comments and tips below!


James Michael Stewart is a writer and trainer focusing on Windows NT/2000/XP/.NET, security, and certification. He has contributed to over 50 books and numerous print publications and online communities. He develops certification courseware and is a regular instructor at Networld+Interop. Michael holds the following certifications: CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, and iNet+. You can reach Michael by e-mail at
More articles by James Michael Stewart:


There are 64 CertCities.com user Comments for “My Top 10 Tips for Passing the CIW Security Professional Exam”
Page 1 of 7
8/31/02: VAL from USA says: I passed the CIW SP Exam the second time! after I brought and read the CIW Security Professional Bible. I knew TCP/IP - have my CCNA. Security is hard! Buy the book and learn it. Read the chapters and do the end of chapter quizzes. Then you can pass by LEARNING!!!!!!!!!!!
2/28/03: mk from MI says: I started studying for security plus, but it seems to basic for me. (MCSE-NT, MCSA, CNA,CCA). It looks like to me CIW SP goes deeper... Does anyone know what is worth of this certification? THANKS.
4/26/03: mahmoud from ali says: i want to protect my e_mail
6/20/11: Boog from GiCCQWInahxJo says: At last! Someone who understands! Thkans for posting!
6/30/13: louis vuitton outlet from [email protected] says: ths louis vuitton outlet http://www.louisvuittonttoutlet.com
7/4/13: manolo blahnik sale from [email protected] says: Find Out MORE manolo blahnik sale http://www.manoloblahniks-shoes.com/
7/5/13: gucci outlet from [email protected] says: nice articles gucci outlet http://www.guccioutletstore-online.com
7/5/13: louboutin outlet from [email protected] says: nice articles louboutin outlet http://www.christianlouboutinoutleta.com
7/16/13: replica watches from [email protected] says: I want to thank the blogger very much not only for this post but also for his all previous efforts. I found thesimpleyoga.com to be greatly interesting. replica watches http://www.tellwatchesuk.co.uk/
7/20/13: Fake Oakleys from [email protected] says: Get hold of : This Includes Almost everything involving sunglass Fake Oakleys http://www.usa-fakeoakleys.com
First Page   Next Page   Last Page
Your comment about: “My Top 10 Tips for Passing the CIW Security Professional Exam”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top