|
|
|
| Tech Info List | |||||
| Hardware | Network | Security | Software | Tech Info Lists | Top of Page |
| Hardware | Software | Network | Security |
|
Motherboard Form Factors |
Operating Systems Upgrade Specifications |
Client/server networking model |
CIA Confidentiality Integrity Availability |
|
POST Hardware Diagnostic Message Groups |
Network Topology | Access Control | |
|
BIOS Setup Access Keys & POST codes |
Trouble-Shooting Minimum Processes to run in WinXP |
Glossary of Network Terms |
Methods of Authentication |
|
Bus Architecture Characteristics |
Windows XP Professional Product Documentation |
Cable / DSL Modem Diagnostics |
Attacks |
|
Default IRQ Assignments |
Place Windows XP's Kernel into RAM |
The 7 Layer OSI Model |
Remote Access |
|
Common I/O Address Assignments |
Wireless Standards | Tunneling, VPN & IPSec |
|
|
DMA Channel Assignments |
Windows XP AutoPlay Problems |
Cryptography | |
|
Logical Device Name Assignments |
Viruses Trojan Horses Worms |
||
|
Intel Microprocessors |
Firewalls | ||
|
AMD Microprocessors |
Networking Overview |
||
|
Memory Modules |
Private Key Cryptography |
||
| Video Displays |
Public Key Cryptography | ||
| Motherboard Chipsets |
|||
| Miscellaneous Q & A | |||
| Hardware | |||||
| Hardware | Network | Security | Software | Tech Info Lists | Top of Page |
Motherboard Form Factors |
|||
Form Factor |
Width (in inches) |
Length (in inches) |
Design Type |
IBM PC |
8.5 |
13 |
Motherboard |
IBM PC XT |
8.5 |
13 |
Motherboard |
AT |
12 |
11-13 |
Motherboard |
Baby AT |
8.5 |
10-13 |
Motherboard |
LPX |
9 |
11-13 |
Backplane |
Micro-AT |
8.5 |
8.5 |
Motherboard |
ATX |
12 |
9.6 |
Motherboard |
Mini-ATX |
11.2 |
8.2 |
Motherboard |
Mini-LPX |
8-9 |
10-11 |
Backplane |
Micro-ATX |
9.6 |
9.6 |
Motherboard |
NLX |
8-9 |
10-13.6 |
Backplane |
Flex-ATX |
9 |
7.5 |
Motherboard |
| picoBTX | 10.4 | 7.9 | Motherboard |
| microBTX | 10.4 | 10.3 | Motherboard |
| BTX | 10.4 | 12.7 | Motherboard |
Bus StructureInternal bus- The lines that move data within the computer on the motherboard.External bus - The lines that communicate with peripherals and other devices plugged into the motherboardPrimary bus structures on motherboardsAddress Bus:
| |||
| |
| Code | Description |
| 1xx | Motherboard errors |
| 2xx | Main Memory errors |
| 3xx | Keyboard errors |
| 5xx | Color Graphics Adaptor errors |
| 6xx | Floppy Disk Controller errors |
| 11xx | COM port errors |
| 14xx | Printer errors - lpt port |
| 17xx | Hard Drive Controller errors |
| 86xx | Mouse error |
| 3000 | Nick Card error |
| NOTE: After the POST (Power On Self Test) and boot sequence have advanced to the point at which they have use of the video to display messages, they can display a numerical error message to indicate a failure that occurred during the POST or boot sequence. | |
|
Motherboard
Setup Access Keys
|
||
|
|
|
|
| ALR Advanced Logic Research, Inc. ® PC / PCI | F2 | |
| ALR PC non / PCI | CTRL+ALT+ESC | |
| AMD® (Advanced Micro Devices, Inc.) BIOS | F1 | |
| AMI (American Megatrends, Inc.) BIOS | DEL | |
| Award™ BIOS | CTRL+ALT+ESC | |
| Award BIOS | DEL | |
| DTK® (Datatech Enterprises Co.) BIOS | ESC | |
| Phoenix™ BIOS |
CTRL+ALT+ESC |
|
| Phoenix BIOS | CTRL+ALT+S | |
| Phoenix BIOS | CTRL+ALT+INS | |
|
Computer Vendor |
Keyboard Commands |
|
| Acer® | F1, F2, CTRL+ALT+ESC | |
| ARI® | CTRL+ALT+ESC, CTRL+ALT+DEL | |
| AST® | CTRL+ALT+ESC, CTRL+ALT+DEL | |
| Compaq® 8700 | F10 | |
| CompUSA® | DEL | |
| Cybermax® | ESC | |
| Dell BIOS web site search links | For models not listed below. | |
| Dell® 400 | F3, F1 | |
| Dell 4400 | F12 | |
| Dell Dimension® | F2 or DEL | |
| Dell Inspiron® | F2 | |
| Dell Latitude | Fn+F1 (while booted) | |
| Dell Latitude | F2 (on boot) | |
| Dell Optiplex | DEL | |
| Dell Optiplex | F2 | |
| Dell Precision™ | F2 | |
| eMachine® | DEL , F 2 | |
| Fujutsu Manuals & BIOS | Manuals & BIOS Download | |
| Gateway® 2000 1440 | F1 | |
| Gateway 2000 Solo™ | F2 | |
| HP® (Hewlett-Packard) | F1, F2 (Laptop, ESC) | |
| IBM® | F1 | |
| E-pro Laptop | F2 | |
| IBM PS/2® | CTRL+ALT+INS after CTRL+ALT+DEL | |
| IBM Thinkpad® (newer) | Windows: Programs-Thinkpad CFG. | |
| Intel® Tangent | DEL | |
| Lenovo (formerly IBM) | Lenovo BIOS Access page | |
| Micron® | F1, F2, or DEL | |
| Packard Bell® | F1, F2, Del | |
| Seanix | DEL | |
| Sony® VAIO | F2 | |
| Sony VAIO | F3 | |
| Tiger | DEL | |
| Toshiba® 335 CDS | ESC | |
| Toshiba Protege |
ESC |
|
| Toshiba Satellite 205 CDS | F1 | |
| Toshiba Tecra | ESC then F1 or F2 | |
| Toshiba Notebook [Newer models] |
|
|
Bus Architecture Characteristics | Bus | Bus Width (bits) | Bus Speed (MHz) | How Configured |
| 8-bit | 8 | 8 | Jumpers and DIP switches |
| ISA | 8, 16 | 8 | Jumpers and DIP switches |
| MCA | 32 | 10 | Software |
| EISA | 32 | 32 | Software |
| VL-Bus | 32 | Processor speed (up to 40 MHz) |
Jumpers and DIP switches |
| PCI | 32/64 | Processor speed (up to 33 MHz) |
PnP |
| USB | Serial | Serial | PnP |
| AGP | 32 | 66 MHz | PnP |
|
|
|||||
| Bus | Data Rate | Type | Description | Topology | Voltage |
| RS-232 | 19.2 Kbps | Unbalanced | 20 meters, Single Ended | Point-to-Point | ~ 5V |
| AccessBus | 100 Kbps | Unbalanced | Similar to I2C, 10 meter | Multi-Point | ~ 5V |
| I2C Bus | 3.4 Mbps | Unbalanced | 2 Wire, 1 Data, 1 Clk-Access Bus | Multi-Point | ~ TTL |
| SMBus | 100 KHz | Unbalanced | 2 Wire, based on I2C/Access Bus | Multi-Point | TTL |
| 10Base2 | 10 Mbps | Unbalanced | 183 meters, IEEE-802 Thin Net | Multi-Point | ECL |
| 10Base5 | 10 Mbps | Unbalanced | 500 meters, IEEE-802 ThickNet | Multi-Point | ECL |
| 10Base-T | 10 Mbps | Balanced | 100 meters, Category 3 cable | Multi-Point | ECL |
| 100Base-T | 100 Mbps | Balanced | 100 meters, Category 5 cable | Multi-Point | +/- 1.0v |
| RapidIO | 10 Gbps | Balanced | Differential LVDS | Star / Mesh | LVDS |
| HyperTransport | 800Mbps/bit pair | Balanced | 2/4/8/16/32 bits | Daisy-Chained | LVDS |
| FireWire, 1394b | 800 Mbps | Differential | "...." 1394b | Point-to-Point | 0.6~0.8V |
| USB | 480 Mbps | Differential | USB 2.0 | Star Topology | 0.3~3.6V |
| ATA-7 | 133 Mbps | 16 Bits | Ultra ATA/133,Added CRC | Chained | TTL |
|
Serial ATA (SATA) |
150MBps | Differential | 2 differential pairs [Tx/Rx] | Point-to-Point | LVDS |
| SCSI-3 | 40 MBps | 8 / 16 Bit | "..", 16 devices | Chained | TTL |
| Ultra 640 SCSI | 640 MBps | 32 Bit | "..", 4 devices | Chained | TBD |
| PC-AT (ISA) | 8MHz | 16 Bits | Personal Computer Bus | Card edge | TTL |
| EISA | 8MHz | 32 Bit | PC local bus | Card edge | TTL |
| Micro Channel | 10MHz | 32 Bits | Personal Computer Bus | Card edge | TTL |
| VESA (VLB) | 33MHz | 32/64 Bit | PC local bus | Card edge | TTL |
| PCI | 33/66MHz | 32/64 Bits | Chip-to-Chip, Multidrop PC Local Bus | Card edge | TTL |
| PC Card | 8MHz | 16 Bit | ISA in a PCMCIA form factor | Connector-ized | TTL |
| CardBus | 33MHz | 32 Bit | PCI in a PCMCIA form factor | Connector-ized | PCI |
| AGP 8x | 533MHz | 8/16/32 Bit | "....." 2.1GB/s | Point-to-Point | TTL |
| PCI Express | 2.5Gb/ps | up to 32 Bits | Serial PCI, differential pairs | Point-to-Point | LVDS |
Default IRQ Assignments | ||
| IRQ# | Default Use | Description |
| 0 | System timer | Reserved interrupt for the internal system timer. |
| 1 | Keyboard controller | Reserved interrupt for the keyboard controller. |
| 2 | Bridge to IRQs 8-15 | In cascaded interrupt systems, IRQ 2 is used as a link to IRQ 8-15, which means it's not available for general use; If needed by an older system, it's replaced by IRQ 9. You may also see IRQ 2 assigned to programmable interrupt control |
| 3 | COM2 and COM4 | Many modems are preconfigured for COM2 on IRQ 3. It's also used as the default interrupt for COM4, if a system has four serial ports in use. |
| 4 | COM1 and COM3 | Normally used by the serial mouse on IRQ 4. It's also the default interrupt for COM3 |
| 5 | LPT2 & Sound card | Often the default IRQ for network interface cards. Used on some older systems for the hard disk drive and is the default interrupt for LPT2 (the second parallel port). Most sound cards are preset to IRQ 5. |
| 6 | Floppy disk controller | Reserved for the floppy disk controller (FDC). |
| 7 | LPT1 | This interrupt is normally used for the first parallel port. |
| 8 | Real-time clock | Reserved for the real-time clock timer, which is used by software to track events to "real world" time, (IRQs 8-15 are not available on an 8-bit system). |
| 9 | None | A popular choice for network interface cards, but it's generally available for any use. It replaces IRQ 2 in cascading interrupt systems, so it should not be used if IRQ 2 is in use. Hardware MPEG2 cards and SCSI host adapters can also use it. |
| 10 | None | This IRQ has no specific default settings; it is commonly used for video cards and modems. |
| 11 | None | No default assignment; it is used by some SCSI host adapters, PCI video cards, IDE sound cards, and USB controllers |
| 12 | Motherboard mouse (PS/2) connector |
On motherboards supporting a PS/2 mouse (mini-DIN connection on the motherboard), this IRQ is reserved for the PS/2 mouse, A PS/2 mouse on this interrupt frees up IRQ 4 (and COM1/3) for other users. Some video cards may also use this IRQ. |
| 13 | Math coprocessor or floating point unit (FPU) |
Reserved for the integrated floating point unit (386DX and later) or a math coprocessor (386sx and earlier). |
| 14 | Primary IDE adapter | Reserved for the primary IDE controller, which controls the first two IDE (ATA) disk drivers. On PCs with no IDE devices, it can be reassigned in the BIOS setup for other users. |
| 15 | Secondary IDE adapter | Reserved for secondary IDE controller, if present. Can be reassigned in BIOS, if needed. |
Common I/O Address Assignment s |
|
| I/O Address Range | Device or Port Commonly Assigned |
| 000-00Fh | DMA channels 0-3 controller |
| 020-021h | IRQ 0-7 interrupt |
| 060h,061h | Keyboard |
| 0F8-0FFh | Math coprocessor |
| 130-14Fh | SCSI host adapter |
| 170-177h | Secondary hard drive controller |
| 1F0-1F7h | Primary hard drive controller |
| 200-207h | Game port |
| 220-22Fh | Sound cards |
| 278-27Fh | LPT2 or LPT3 |
| 2E8-2EFh | COM4 |
| 2F8-2FF | COM2 |
| 300-30Fh | Network cards |
| 3B0-3BBh | VGA video adapter |
| 3C0-3DF | VGA video adapter |
| 378-37Fh | LPT1 or LPT2 |
| 3E8-3EF | COM3 |
| 3F0-3F7h | Floppy disk controller |
| 3F8-3FFh | COM1 |
DMA Channel Assignments |
|
| DMA channel | Assignment |
| 0 | DRAM refresh |
| 1 | Sound card |
| 2 | Floppy disk drive |
| 3 | ECP or EPP parallel port |
| 4 | DMA controller |
| 5 | Sound card |
| 6 | Available |
| 7 | ISA IDE Hard Drive Controller |
Logical Device Name Assignments | ||
| Port | I/O Address | Default IRQ |
| COM1 | 3F8-3FFh | 4 |
| COM2 | 2F8-3FFh | 3 |
| COM3 | 3E8-3EFh | 4 |
| COM4 | 2E8-2EFh | 3 |
| LPT1 | 378-37Fh | 7 |
| LPT2 | 278-27Fh | 5 |
| CPU | Core Speed (MHz) |
Voltage (volts) |
L1 Cache (KB) |
L2 Cache (KB) |
Mounting |
| Pentium P5 | 60-66 | 5 | 8 WT/8 WB | - | Socket 5 |
| Pentium P5 | 75-333 | 3.3 | 8 WT/8 WB | - | Socket 7 |
| Pentium Pro | 166-200 | 3.3 | 16 | 512 | Socket 8 |
| Pentium II | 233-450 | 2.8 | 16 WT/16 WB | 512 | Slot 1 |
| Pentium II Xeon |
400-450 | 2 | 16 WT/16 WB | 512/1024/2048 | Slot 1 |
| Celeron | 266-300 | 2 | - | - | Slot 1 |
| Celeron | 300-533 | 2 | 16 WT/16 WB | 128 | Slot 1/ Socket 370 |
| Celeron | 533-700 | 1.7 | 16 WT/16 WB | 128 | Socket 478 |
| Pentium III | 450-1266 | 1.7-2 | 16 WT/16 WB | 256/512 | Slot 1/Socket 370 |
| Pentium III Xeon |
500-1000 | 2 | 16 WT/16 WB | 256/512/ 1024/2048 |
Slot 1 |
| Pentium 4 | 1300-2533 | 1.75 | Socket | 256 | Socket 478 P4 |
| AMD Microprocessors | |||||
| CPU | Core Speed (MHz) |
Voltage (volts) |
L1 Cache (KB) |
L2 Cache (KB) |
Mounting |
| K6 | 166-266 | 3.3 | 32 WT/32 WB | 256 | Socket 7 |
| K6 | 266-300 | 2.2 | 32 WT/32 WB | 256 | Socket 7 |
| K6-2 | 266-550 | 2.2/2.3 | 32 WT/32 WB | 256 | Socket 7 |
| Athlon | 500-1800 | 1.75 | 64 WT/64 WB | 512/256 | SlotA/Socket A |
| Duron | 600-1200 | 1.6 | 64 WT/64 WB | 64 | Socket A |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Video Graphic Displays
|
Recommended Resolutions for CRT and CRD Displays |
||
|
Resolution |
Minimum Recommended |
Minimum Recommended |
|
800 x 600 |
15" |
14" |
|
1024 x 768 |
17" |
15" |
|
1280 x 1024 |
19" |
17" |
|
1600 x 1200 |
21" |
19" |
|
Video Card GPU Like motherboards, today's cards have their own processor called Graphics Processing Unit (GPU). 3D graphics rendering need floating point calculations and GPUs are just what it need for the job. Like CPUs, GPUs have core clocks too, around 600 MHz. VRAM Memory Video RAM (VRAM) is at graphic cards as RAM is at motherboards. If cards would not have the RAM memory, it would use RAM installed on the motherboard. Like RAM, VRAM have a range of clock rates following the standard installed on the card.
Modern cards VRAM go up to 1 GB with a top core clock of 1.6
Ghz. Compared to RAM, VRAM has a technology call Z-buffer. Maybe the most
important as it is use in 3D graphics for coordination. |
Card
|
|
|
Separate Video (SVideo
- shown above in the middle),
is a circle like connector used to connect your TV, game console, DVD player
etc. |
|
Video Card Connectors |
 |
| Conventional VGA cards, CRTs, and analog-compatible LCDs use the standard VGA connector. Early digital LCDs and their matching video cards often used the DPP connector. Most recent digital LCD panels and LCD TVs use the DVI-D (also known as DVI-HDCP) connector, whereas video cards used with both analog and digital displays use the DVI-I connector. |
|
Video Card Technologies Modern pc graphic cards are design with a ton of features to help accelerate and sharpen 3D graphics. I will explain in general some of them only. I keep the more sophisticated details for a future advance guide. So here it is for the most used features to help you understand what modern cards are able to do in a 3D environment.
Anti-aliasing (AA),
make your graphics look smoother. Without AA, graphics looks like they have been
made from squares. Try to make a perfect circle with only squares as tool. A shader make 3D effect in such ways that sometime you almost believe it is real. Imagine a lake with a castle close by, the reflection of the castle in the water is the kind of visual effect shader technology can do. This is only a tinny part of what shader can do. |
TV PC Card NEW TV PC Tuner Video Capture PCI Card + remote |
|
|
Motherboard Chipsets - Pentium
4's back to 486's
|
Chipsets used from Pentium 4 |
||
|
Chipset Codename |
Commercial Name |
Segment |
|
Alderwood |
925 series |
|
|
Alviso |
910 and 915 series |
Mobile |
|
Bearlake |
31, 33, 35 and 38 series |
Desktop |
|
Bigby |
3200 and 3210 |
|
|
Blackford |
5000P, 5000V and 5000Z |
Server |
|
Broadwater |
963 and 965 series |
Desktop |
|
Brookdale |
845 series |
Desktop |
|
Calistoga |
940, 943 and 945 series |
Mobile |
|
Canterwood |
875P |
Desktop |
|
Clarksboro |
7300 |
Server |
|
Colusa |
860 |
Server |
|
Crestline |
960 and 965 series |
Mobile |
|
Glenwood |
955X and 975X |
Desktop |
|
Granite Bay |
E7205 |
Server |
|
Grantsdale |
910 and 915 series |
Desktop |
|
Greencreek |
5000X |
Server |
|
Lakeport |
945 and 946 series |
Desktop |
|
Lindenhurst |
E7320 and E7520 |
Server |
|
Montara |
852 and 855 series |
Mobile |
|
Mukilteo |
3000 |
Server |
|
Mukilteo 2 |
3010 |
Server |
|
Placer |
E7505 |
Server |
|
Plumas |
E7500 and E7501 |
Server |
|
San Clemente |
5100 |
Server |
|
Seaburg |
5400 |
Server |
|
Springdale |
865 series |
Desktop |
|
Tehama |
850 series |
Desktop |
|
Tumwater |
E7525 |
Server |
|
Tylersburg |
X48 |
Desktop |
|
Whitmore Lake |
3100 |
Embedded |
|
Chipsets for the Pentium Processor (PI) |
||
|
Chipset Codename |
Commercial Name |
Segment |
|
Mercury |
430LX |
Desktop |
|
Mobile Triton |
430MX |
Mobile |
|
Neptune |
430NX |
Desktop |
|
Triton |
430FX |
Desktop |
|
Triton 2 |
430HX |
Desktop |
|
Triton 3 |
430VX |
Desktop |
|
Triton 4 |
430TX |
Desktop |
|
Chipsets for the 486 Processor |
||
|
Chipset Codename |
Commercial Name |
Segment |
|
Aires |
420EX |
Desktop |
|
Saturn |
420TX |
Desktop |
|
Saturn II |
420ZX |
Desktop |
| Software | |||||
| Hardware | Network | Security | Software | Tech Info Lists | Top of Page |
Operating System Upgrade
Specifications
Windows 95 Minimum System Requirements |
||
Component |
Minimum |
Recommended |
Processor |
386DX/20 |
486DX/66 |
Memory |
4MB |
16MB |
Hard drive |
10MB |
500MB |
Video card |
VGA |
SVGA |
CD-ROM |
Optional (2X) |
Optional (2X) |
Mouse |
Required |
Required |
Windows 98 Minimum System Requirements |
||
Component |
Minimum |
Recommended |
Processor |
486DX/66 |
Pentium |
Memory |
16 |
24 |
Hard drive |
180MB |
295MB |
Video card |
VGA |
SVGA |
CD-ROM |
Required (2X) |
Required (2X) |
Mouse |
Required |
Required |
Windows ME Minimum System Requirements |
||
Component |
Minimum |
Recommended |
Processor |
Pentium/150 |
Pentium/150 |
Memory |
32MB |
32MB |
Hard drive |
480MB |
645MB |
Video card |
VGA |
SVGA |
CD-ROM |
Required (2X) |
Required (2X) |
Mouse |
Required |
Required |
Windows XP and 2000 Minimum System Requirements |
||
Component |
Windows XP Pro |
Windows 2000 Pro |
Processor |
233-MHz Pentium |
133-MHz Pentium |
Memory |
64MB |
64MB |
Hard drive capacity |
2GB |
2GB |
Hard drive free space |
1.5GB |
650GB |
required drive |
CD-ROM or DVD |
CD-ROM or DVD |
Video card |
SVGA or higher |
VGA or higher |
Input device required |
Keyboard and mouse |
Keyboard |
Windows Vista |
||
Component |
Home Basic |
Home Premium / Business / Ultimate |
Processor |
1 GHz 32-bit (x86) or 64-bit (x64) processor |
|
Memory |
512 MB |
1GB |
Hard drive capacity |
2GB |
|
Hard drive |
20 GB hard drive with at least 15 GB of available space |
40 GB hard drive with at least 15 GB of available space |
| DirectX 9 Graphics |
Support for DirectX 9 graphics and 32 MB of graphics memory
|
Support for DirectX 9 graphics with:
|
|
Additional
Requirements
|
Actual requirements and product functionality may vary based on your system
configuration.
Windows Vista Upgrade Advisor
can help you determine which features and edition of Windows Vista will run on
your computer. While all editions of Windows Vista can support multiple core CPUs, only Windows Vista Business, Ultimate, and Enterprise can support dual processors
|
|
Home Premium / UltimateTV tuner card required for TV functionality (compatible remote control optional). Home Premium / Business / UltimateWindows Tablet and Touch Technology requires a Tablet PC or a touch screen. UltimateWindows BitLocker Drive Encryption requires a USB Flash Drive and a system with a TPM 1.2 chip. |
||
|
Short-Cut Keys |
|||
|
Inside most Windows Programs |
|||
|
Key Sequence |
Description | ||
|
<Ctrl><Shift> |
Open a shortcut (right-click) menu | ||
|
<Ctrl> + A |
Select the entire current document |
||
|
<Ctrl> + B |
Turn bold on or off of selected text |
||
| <Ctrl> + C | Copies selected text to be Pasted using <Ctrl> + V | ||
| <Ctrl> + F | Launch a program's search or find tool | ||
|
<Ctrl> + I |
Turn italics on or off | ||
|
<Ctrl> + O |
Open a New document |
||
|
<Ctrl> + P |
Open the print dialog box |
||
|
<Ctrl> + S |
Saves the current file which has the focus |
||
|
<Ctrl> + U |
Turn underlining on or off of selected text |
||
|
<Ctrl> + V |
Paste previously copied / cut contents into the current program.
|
||
|
<Ctrl> + X |
Cuts (Delete the selection) and move it to the clipboard to be Pasted using <Ctrl> + V from clipboard |
||
|
<Ctrl> + Y |
Re-do the last undo | ||
|
<Ctrl> + Z |
Undo the last thing you did |
||
|
<Ctrl> + <End> |
Move the cursor to end of document | ||
|
<Ctrl> + <Home> |
Move the cursor to beginning of document | ||
| Outside Windows Programs | |||
 |
Start Menu | ||
|
|
+ |
 |
View information in the System Properties dialog box |
|
|
+ |
 |
Windows Help and Support Center |
|
|
+ |
 |
Show the Desktop |
|
|
+ |
 |
Open My Computer (XP) or Windows Explorer (Vista) |
|
|
+ |
 | Open the Windows Search utility |
|
|
+ |
 | Locks the computer session |
|
|
+ |
 |
Minimize all open windows |
|
|
 |
|
Maximizes all open windows |
|
|
+ |
 | Open the 'Run' dialog box |
 | Open a shortcut (right-click) menu | ||
| Keyboard F-Keys | |||
| F1 |
Start Help (Supported in most applications). |
||
|
F2 |
Rename selected icon or file in Windows Explorer or on the Desktop |
||
| F3 |
Open Search (in Windows Explorer or on the Desktop only). |
||
| F4 |
Open a drop-down list (supported in many dialog boxes)-for example; press F4 in |
||
| F5 |
Refresh the view in Windows Explorer, or the Desktop, in the Registry Editor, and some other applications. |
||
|
F6 |
Move the focus between panes in Windows Explorer. |
||
|
F10 |
Send focus to the current applications menu. |
||
|
|
|
||
|
Internet Explorer |
|||
| <Alt> + D | Go to the address bar | ||
| <Alt> + <Home> | Go to your Home page | ||
|
<Ctrl> + B |
Organize Favorites | ||
|
<Ctrl> + E or <F3> |
Show or hide the Search bar | ||
| <Ctrl> + <F5> |
Refresh current Web page regardless of time-stamps |
||
| <Ctrl> + F | Open the Find Dialog box | ||
| <Ctrl> + H | Show or Hide the History bar | ||
| <Ctrl> + I | Show or hide the Favorites bar | ||
|
<Ctrl> + O
or L |
Open the Open dialog box to go to another Web site |
||
| <Ctrl> + N | Open a new browser window with contents of current browser | ||
|
<Ctrl> + R
or <F5> |
Refresh the current Web page | ||
| <Ctrl> + T | Open a new browser Tab (Explore 7) with no webpage selected | ||
| <Ctrl> + <Tab> | Change Tabs in Explorer 7 | ||
| <Ctrl> + <Enter> |
Add www. before and .com after, what you're typing in the Address bar and go to that site |
||
| <Ctrl> + <F5> |
Refresh current Web page regardless of time-stamps |
||
| <Esc> | Stop downloading a Web page | ||
| <F11> | Toggle full-screen mode on or off | ||
|
|
Place Windows XP's Kernel into RAM |
|
Note:
Only do this
if the system has
256 MB or more of installed
memory... |
| It's a given that anything that runs in RAM will be faster than an item that has to access the hard drive and virtual memory. Rather than have the kernel that is the foundation of XP using the slower Paging Executive functions, use this to set the DisablePagingExecutive DWORD to a value of 1 so the kernel runs in RAM. |
| Open the Registry Editor (Start_Run_regedit) Find and Edit the Registry key HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ Memory Management in the window on the right side find "DisablePagingExecutive" and click on it. Place a 1 to disable paging and have the kernel run in RAM (set the value back to 0 to undo this change) Exit the Registry Editor and reboot. |
<Windows Key> + BREAKTechnical Info Listings
|
Find
XP's Product ID (PID) in the registry
Now, don't go
changing this number...
|
Technical Info Listings
Windows XP Autoplay Problems
AutoFix Download
Technical Info Listings
| Network | |||||
| Hardware | Network | Security | Software | Tech Info Lists | Top of Page |
Network Stuff
Comparison of Networking Models | ||
Attribute |
Peer-to-Peer Network |
Client/Server Network |
Size |
Restricted to a maximum of 10 computers |
Te size of the network is limited only by server size and network hardware, and it can have thousands of connected systems. |
Administration |
Each individual is responsible for the administration of his or her own system. A dedicated administrator is not needed. |
A skilled network administrator is often required to maintain and manage the network |
Security |
Each individual is responsible for maintaining security for shared files or resources connected to the system. |
Security is managed from a central location but often requires a skilled administrator to correctly configure. |
Cost |
Minimal startup and implementation cost. |
Requires dedicated equipment and specialized hardware and administration increasing the cost of the network. |
Implementation |
Easy to configure and set up. |
Often requires complex setup procedures and skilled staff to set up. |
Network Topology
Bus Topology
Advantages
Disadvantages
Compared to other topologies, a bus is
cheap and easy to implement.
There might be network disruption when
computers are added or removed.
Requires less cable than other
topologies.
Because all systems on the network
connect to a single backbone, a break in the cable will prevent all systems from
accessing the network
Does not use any specialized network
equipment.
Difficult to troubleshoot.
Ring Topology
Advantages
Disadvantages
Cable faults are easily located, making
troubleshooting easier.
Expansion to the network can cause
network disruption.
Ring networks are moderately easy to
install.
A single break in the cable can disrupt
the entire network
Star Topology
Advantages
Disadvantages
Star networks are easily expanded
without disruption to the network.
Requires more cable than most of the
other topologies.
Cable failure affects only a single
user.
A central connecting device allows for
a single point of failure.
Easy to troubleshoot and isolate
problems.
More difficult than other topologies to
implement.
Mesh Topology
Advantages
Disadvantages
Provide redundant paths between
devices.
Requires more cable than the other LAN
topologies.
The network can be expanded without
disruption to current users.
Complicated implementation.
Wireless Topology
Advantages
Disadvantages
Allows for wireless remote access.
Potential security issues associated
with wireless transmissions.
Network can be expanded without
disruption to current users.
Limited speed in comparison to other
network topologies.
Technical Info Listings
Bus Topology
| |
Advantages |
Disadvantages |
Compared to other topologies, a bus is cheap and easy to implement. |
There might be network disruption when computers are added or removed. |
Requires less cable than other topologies. |
Because all systems on the network connect to a single backbone, a break in the cable will prevent all systems from accessing the network |
Does not use any specialized network equipment. |
Difficult to troubleshoot. |
Ring Topology
|
|
Advantages |
Disadvantages |
Cable faults are easily located, making troubleshooting easier. |
Expansion to the network can cause network disruption. |
Ring networks are moderately easy to install. |
A single break in the cable can disrupt the entire network |
Star Topology
|
|
Advantages |
Disadvantages |
Star networks are easily expanded without disruption to the network. |
Requires more cable than most of the other topologies. |
Cable failure affects only a single user. |
A central connecting device allows for a single point of failure. |
Easy to troubleshoot and isolate problems. |
More difficult than other topologies to implement. |
Mesh Topology
| |
Advantages |
Disadvantages |
Provide redundant paths between devices. |
Requires more cable than the other LAN topologies. |
The network can be expanded without disruption to current users. |
Complicated implementation. |
Wireless Topology | |
Advantages |
Disadvantages |
Allows for wireless remote access. |
Potential security issues associated with wireless transmissions. |
Network can be expanded without disruption to current users. |
Limited speed in comparison to other network topologies. |
Glossary of Network Terms |
|
IP Address 192.168.x.x
(where x is anything between 0 and 255.)
Subnet Mask DNS DHCP Local Domain Name
Dynamic IP
Static IP PPPoE PPTP
Telstra BigPond MTU Setting
Disconnect after X... MAC Address
Channel and SSID
Broadcast SSID
USE as Access Point
Protected Mode
Turbo Mode
Virtual Servers
Client IP filters
MAC Address Filtering DMZ
Block ICMP Ping
Administrator Password Time
and Time Zone
Remote Management AT Enabling UPnP
Automatic Firmware Update Notification Wireless Security 5) WPA - Radius Server. (This mode is accessed from the Advanced Button). WPA server is only for networks using a Radius Server. All parameters for this mode should be obtained from the administrator of your Radius Server. Unlike WPA PSK, WPA server passes the key from the server to the clients instead of generating it automatically.
|
|
The 7 Layer OSI ModelThe modular networking architecture of Windows is based on two industry standard models for a layered networking architecture, namely the International Organization for Standardization (ISO) model for computer networking, called the Open Systems Interconnect (OSI) Reference Model, and the Institute of Electrical and Electronic Engineers (IEEE) 802 model. Windows NT, Windows 2000 and Windows XP are all designed according to these standard models. The ISO OSI and IEEE 802 models define a modular approach to networking, with each layer responsible for some discrete aspect of the networking process. The OSI model describes the flow of data in a network, from the lowest layer (the physical connections) up to the layer containing the user’s applications. Data going to and from the network is passed layer to layer. Each layer is able to communicate with the layer immediately above it and the layer immediately below it. This way, each layer is written as an efficient, streamlined software component. When a layer receives a packet of information, it checks the destination address, and if its own address is not there, it passes the packet to the next layer. When two computers communicate on a network, the software at each layer on one computer assumes it is communicating with the same layer on the other computer. For example, the Transport layer of one computer communicates with the Transport layer on the other computer. The Transport layer on the first computer has no regard for how the communication actually passes through the lower layers of the first computer, across the physical media, and then up through the lower layers of the second computer. Note: The OSI Model was originally developed in the early 1980s by the ISO, which continues to maintain the standard. The application block is made up of the upper three layers: Application, Presentation, and Session. It is responsible for connecting software programs to the network. The network block consists of the lower four layers: Transport, Network, Data-link, and Physical. This block is responsible for moving data on the network. It can be difficult to remember the order of the layers, so in the past, a lot of schools taught them from the top down, using the mnemonic device "All People Seem To Need Data Processing."
The Presentation layer translates data from the Application layer into an intermediary format and will change at lower layers. This layer also manages security issues by providing services such as data encryption, and compresses data so that fewer bits need to be transferred. The Session layer allows two applications on different computers to establish, use, and end a session. This layer establishes dialog control between the two computers in a session, regulating which side transmits, plus when and how long it transmits. The Transport layer handles error recognition and recovery. It also repackages long messages when necessary into small packets for transmission and, at the receiving end, rebuilds packets into the original message. The receiving Transport layer also sends receipt acknowledgments. The Network layer addresses messages and translates logical addresses and names into physical addresses. It also determines the route from the source to the destination computer and manages traffic problems, such as switching, routing, and controlling the congestion of data packets. The Data Link layer packages raw bits from the Physical layer into frames (logical, structured packets for data). This layer is responsible for transferring frames from one computer to another, without errors. After sending a frame, it waits for an acknowledgment from the receiving computer. IEEE 802.2: General standard for the data link layer in the OSI Reference Model. The IEEE divides this layer into two sublayers -- the logical link control (LLC) layer and the media access control (MAC) layer. The MAC layer varies for different network types and is defined by standards IEEE 802.3 through IEEE 802.5. IEEE 802.3: Defines the MAC layer for bus networks that use CSMA/CD. This is the basis of the Ethernet standard. IEEE 802.4: Defines the MAC layer for bus networks that use a token-passing mechanism ( token bus networks). IEEE 802.5: Defines the MAC layer for token-ring networks.The Physical layer transmits bits from one computer to another and regulates the transmission of a stream of bits over a physical medium. This layer defines how the cable is attached to the network adapter and what transmission technique is used to send data over the cable. |
|
Wireless Standards |
||||
| Standard | Frequency Range |
Theoretical Maximum Throughput |
Effective Throughput (Approximate) |
Average Geographic Range |
| 802.11b ("Wi-Fi") |
2.4 GHz | 11 Mbps | 5 Mbps | 100 meters (or about 330 feet) |
| 802.11a | 5 GHz | 54 Mbps | 11-18 Mbps | 20 meters (or about 66 feet) |
| 802.11g | 2.4 GHz | 54 Mbps | 20-25 Mbps | 100 meters (or about 330 feet) |
| Bluetooth (version 1.x) |
2.4 GHz | 1 Mbps | 723 Kbps | 10 meters (or about 33 feet) |
| Bluetooth (version. 2.x) |
2.4 GHz | 2.1 Mbps | 1.5 Mbps | 30 meters (or about 100 feet) |
| IrDA | 300-300,000 GHz | 4 Mbps | 3.5 Mbps | 1 meters (or about 3.3 feet) |
| Security | |||||
| Hardware | Network | Security | Software | Tech Info Lists | Top of Page |
|
What is CIA? CIA (in this
context, of course) stands for Confidentiality, Integrity, and
Availability. These are the three tenets or cornerstones of information
security objectives. Virtually all practices within the umbrella called
“Information Security” are designed to provide these objectives. They
are relatively simple to understand and are common-sense notions. |
|
Confidentiality
Confidentiality refers to the idea that information should only be accessible to its intended recipients and those authorized to receive the information. All other parties should not be able to access the information. This is a pretty common and straight-forward idea; the US government for example marks certain items “Top Secret,” which means that only those who are cleared to see that information can actually view it. In this way, the government is achieving information confidentiality. Another common example is the sharing of a secret between two friends. When the friends tell each other the secret, they usually whisper so that nobody else can hear what they are saying. The friends are also achieving confidentiality. |
|
Integrity Integrity is the idea that information should arrive at a destination as it was sent. In other words, the information should not be tampered with or otherwise altered. Sometimes, secret information may be sent in a locked box. This is to ensure both confidentiality and integrity: it ensures confidentiality by assuring that only those with a key can open it; it ensures integrity by assuring that the information is not able to be altered during delivery. Similarly, government documents are often sealed with some sort of special stamp that is unique to an office or branch of government. In this way, the government ensures that the people reading the documents know that the document is in fact a government document and not a phony. |
|
Availability / Accessibility
Imagine that a terrorist blocks the entrance to the Library of Congress. Though he did not necessarily destroy the integrity of the books inside nor did he breach confidentiality, he did do something to negatively affect the security of the Library. We deem his actions a “denial of service,” or more appropriately, a denial of availability. Availability refers to the idea that information should be available to those authorized to use it. When a hacker floods a web server with erroneous requests and the web server goes down as a result of it, he denied availability to the users of the server, and thus, one of the major tenets of information security have been compromised. |
|
Access Control |
| One of
the most crucial areas of information security that dates back to its
origins is the idea of access control. Access control is the ability of
a system to limit access to only certain users. When you think access
control, think “password.” Of course, there are many ways to
authenticate users than just passwords, but passwords are probably the
most well-known way of controlling access to resources, especially to
information security laymen. We’ll now look into the specifics of access
control. |
| Types of
Access Control Factors |
|
One of the key questions associated with access control is: How do you
ensure that a user is in fact who he claims to be? There are many ways
to do so, and so they have been categorized into three types of factors: |
|
|
|
|
The best authentication systems use more than one factor (Type) to
ensure a user’s identity; this is known as “multi-factor
authentication.” |
| The
Workings behind Access Control |
| There are
essentially three steps to any access control process. 1. Identification: Who is the user? 2. Authentication: Is the user who he says he is? 3. Authorization: What does the user have permission to do? Authentication is achieved through the factors discussed above, but Authorization is actually achieved between the reference model and the Kernel of the operating system. The reference model is the system that directs the Kernel what it can and cannot access. A request to access information would be sent through the reference model to verify that the user requesting access should actually have access to what he/she is requesting. The kernel then acts only if the reference model directs it do so. |
| Methods
of Access Control |
| Another very
important question that should be raised when considering access control
is: “Who determines which users have access to information?” The
Security+ exam suggests three different methods of determining this:
|
|
|
|
|
Methods of
Authentication |
| Kerberos Kerberos is an open-source and widely-accepted method of authentication that works on a shared secret key system with a trusted third party. Before you begin to understand how Kerberos actually works, you should consider this analogy: two people are in love and want to deliver messages of their affection to each other. The problem is that they cannot express their love for each other openly because of a family feud. So, they entrust a mutual friend to deliver their secrets to each other. In essence, Kerberos does much of the same. If two users wish to communicate with each other, they must first contact a trusted Kerberos server to obtain a shared secret key. Only the users that have this key can communicate with each other because the key encrypts and decrypts messages. The logical part of the Kerberos server that governs key distribution is aptly called the Key Distribution Center, or KDC. Once keys have been distributed to the two parties wishing to communicate, Kerberos then issues what are known as “tickets” through the TGS or Ticket Granting Server. These tickets allow for the actual communication between the clients by storing authentication information. Kerberos has a wide variety of applications, especially in open source software, but is not without vulnerabilities. One is that Kerberos makes extensive use of that trusted third party. If the third party is compromised, information confidentiality and integrity may be breached. If the third party simply fails, availability is lost. Kerberos also uses time stamps in order to “time out” communications. If two hosts are on different times, communication may be difficult or impossible. Remember that Kerberos is associated with SSO (single sign-on) technology |
| Biometric As discussed before, biometric factors are factors of authentication that utilize the biological factors of a user. Biometric authentication and identification is considered the most secure. Typical biometric factors include fingerprint and retinal scans as well as photo-comparison technology. |
| Username / Password The most common form of authentication system is a username and password system. This is a Type I system and therefore relies on the difficulty of guessing the password for effectiveness. There may be questions on the Security+ exam about what constitutes a good password. Use common sense here! A good password would obviously consist of numbers and letters, lower and upper case, and symbols. In other words, the general rule of thumb is that a good password is complex. Another rule of thumb is that a good password should be at least six characters and probably eight. In fact, eight or more is the standard at the moment. Systems that allow for lost password retrieval should not allow a malicious user to learn information about the users of a system; in addition, systems should not elaborate as to whether a username or password is incorrect as this would aid potential attackers. |
| Multifactor Multifactor authentication refers to using more than one factor to authenticate a user. Multifactor authentication is more secure than single factor authentication in most cases. An example of multifactor authentication would be an authentication system that required a user to have both a password and a fingerprint |
| CHAP CHAP is an authentication protocol that uses username and password combinations that authenticate users. It is used in PPP, so its most common application is dial-up internet access user authentication. All you really need to know about it is that it uses a three-way handshake to prevent replay attacks. Microsoft has a version of CHAP known as MS-CHAP. |
| SSO Single sign-on, or SSO, refers to the ability for a user to only be authenticated once to be provided authorization to multiple services. |
|
Attacks
|
| Social Engineering This kind of attack is probably the most commonly successful and damaging of all attacks, yet it requires no technical ability. Social engineering is an attack by which the attacker manipulates people who work in a capacity of some authority so that the attacker can get those people to do something that he desires. For example, if an attacker calls into a business posing as a bank representative who is reporting foul activity on an account and then proceeds to ask for a routing number, that attacker is engaged in a social engineering attack. Remember, social engineering means manipulating people. |
| Dumpster Diving This is another low-tech attack. All you have to remember about this attack is that the name is very indicative of the nature of this attack – a dumpster diver would look through trash and other unsecured materials to find pertinent information to either launch an attack or carry out some other maliciously intended action. |
| Password Cracking This is an attack by which the attacker wishes to gain authentication (and authorization) to network resources by guessing the correct password. There are two basic kinds of password cracking attacks: |
|
|
| Most of the time when password cracking is
attempted, the cracker has some means of entering username and password
combinations quickly. Usually this is through a cracking program such as
Brutus. One way to defend against cracking attacks is to put a mandatory
wait time before login attempts. 11Another way is to lock out the login
system after a certain number of attempts. Finally, limiting the
number of concurrent connections to a login system can slow down a
cracking attack. |
| Flooding Just like a flood can overwhelm the infrastructure of a locale, a flooding attack can overwhelm the processing and memory capabilities of a network system or server. In a flooding attack, the attacker sends an inordinate amount of packets to a server or a group of hosts in order to overwhelm the network or server. This would, of course, cause a denial of service to the hosts who demand whatever network resource has been overwhelmed. Some special kinds of flooding attacks: |
|
|
| Spoofing Spoofing is not always a form of attack but can be used in conjunction with an attack. Spoofing is any attempt to hide the true address information of a node and is usually associated with IP spoofing, or the practice of hiding the IP address of a node and replacing it with another (false) IP address. One implication of a successful spoof is that investigators cannot trace the attack easily because the IP address is false. Spoofing can be achieved through proxy servers, anonymous Internet services, or TCP/IP vulnerabilities. |
| Birthday Attack Any attack based on favorable probability is known as a birthday attack. This comes from the statistical truth that it is far more likely in a room of 100 people to find two people who have the same birthday than it is to find a person with a specific birthday. You can just associate birthday attack with probability. |
| Buffer Overflow A buffer overflow attack is a very specific kind of attack that is very common when attacking Application level servers and services. Basically, a buffer is a memory stack that has a certain holding size. Through a specifically and maliciously crafted packet, information can overflow in that stack, causing a number of problems. Some buffer overflow attacks result in a simple denial of service while others can allow for system compromise and remote takeover of a system. Patches are usually issued to defend against specific buffer overflow issues. |
| Sniffing A sniffing attack is one in which an attacker “sniffs” information, either off the media directly or from regular network traffic, in order to compromise the confidentiality or integrity of information. Un-switched Ethernet traffic can easily be sniffed when the NIC operates in “promiscuous” mode, the mode in which the NIC reads all traffic regardless of the destination IP address. Sniffing can be thwarted by careful attention to media security and switched networks. |
| Overview While there is certainly a dearth of space here to list all of the wonderful tricks that hackers have up their collective sleeves, it is safe to say that the attacks that you will see on the Security+ have been covered above. Study each one carefully and try to associate one word with the attack that will help you remember what it’s all about; after a while, the distinction between attacks will become more obvious and clear to you. |
|
Remote Access |
| One of the most ever-present and ancient
uses of the Internet and networking has been to provide remote access to
networks or network resources. Since the early 1980’s, different remote
access protocols have existed to allow users to remotely “dial in” to a
network of choice; while some of these protocols have come and gone,
many of them remain widely in use even today in dial-up WAN access and
business VPN networks. The information in in this section will help you
in your ability to identify the security features, benefits, and costs
of several types of remote access protocols and services. |
| RAS RAS, or Remote Access Service, is a rarely-used, insecure, and outdated Microsoft offering in the area of remote access technology. You should know that RAS provides dial-up access and once was the protocol of choice for connecting to the Internet. |
| PPP RAS was eventually replaced by PPP, the most common dial-up networking protocol today. PPP, or point-to-point protocol, utilizes a direct connection from a client to WAN over TCP/IP. This is advantageous for dial-up networking services as most people today wish to be able to use the Internet, which of course requires TCP/IP networking. When you think dial-up access, think PPP. |
| Secure Connection The next group of technologies is considered “secure” in that the technologies set up an encrypted, sometimes “tunneled,” and difficult-to-intercept connection. These are the technologies typically employed in VPN (Virtual Private Network) applications and corporate remote networks. |
| PPTP Point-to-point tunneling protocol, or PPTP, is a tunneling protocol that can encapsulate connection-oriented PPP packets (which are simple remote access packets) into connectionless IP packets. In doing so, the data remains within the “IP capsule,” which prevents sniffing and other outside manipulation. PPTP is a client-server system that requires a PPTP client, a PPTP server, and a special network access server to provide normal PPP service. PPTP is commonly used to set up “Virtual Private Networks,” which are like LAN’s that are spread across the Internet so that multiple remote clients can connect to one logical network. |
|
L2TP PPTP, L2TP utilizes a tunneling protocol, but unlike PPTP, L2TP utilizes IPSec (IP Security) to encrypt data all the way from the client to the server. Because of this, L2TP data is difficult to intercept. L2TP can accommodate for protocols other than IP to send datagrams and is therefore more versatile; it is also common in VPN applications.
Implementation of L2TP, a popular tunneling protocol |
| SSL SSL, or Secure Sockets Layer, is a technology employed to allow for transport-layer security via public-key encryption. What you should know about this for the exam is that SSL is typically employed over HTTP, FTP, and other Application-layer protocols to provide security. HTTPS (HTTP over SSL) is particularly used by web merchants, credit card validation companies, and banks to ensure data security (think: lock icon) |
| Kerberos Kerberos is a *Nix technology that is also being implemented in Microsoft technology to allow for client-server authentication over a network based on a shared key system. Kerberos is a public-key encryption technology and therefore is considered quite modern. |
|
Tunneling, VPN & IPSec
|
| Remote access protocol allows remote access to a network or host
and is usually employed in dial-up networking.
Alternatively, some remote access technologies are involved in remote
control of a host, such as through secure shell or Telnet. Another class of remote access technologies does exist. This class is related to two of the fundamental aspects of information security: confidentiality and availability. This type of remote access technology allows a user to securely dial in or otherwise access a remote network over an encrypted and difficult-to-intercept connection known as a “tunnel.” These protocols are therefore usually referred to as tunneling or secure remote access protocols. |
| VPN A virtual private network is a pseudo-LAN that is defined as a private network that operates over a public network. It allows remote hosts to dial into a network and join the network basically as if it were a local host, gaining access to network resources and information as well as other VPN hosts. Understanding VPMs relies on your ability to recognize different applications of VPN networks. Use common sense here! Obviously, VPN networks would likely be employed in settings in which information security is essential and local access to the network is not available. For example, a VPN might be utilized by a telecommuting employee who dials into the office network. |
| PPTP PPTP, or Point-to-point tunneling protocol, is a commonly implemented remote access protocol that allows for secure dial-up access to a remote network. In other words, PPTP is a VPN protocol. PPTP utilizes a similar framework as PPP (point-to-point protocol) for the remote access component but encapsulates data into undecipherable packets during transmission. It is as its name implies: an implementation of PPP that utilizes tunneling by encapsulating data. |
| IPSec IPSec is a heavily utilized area of the IT Security. It will be your benefit to understand IPSec well. IPSec allows for the encryption of data being transmitted from host-to-host (or router-to-router, or router-to-host… you get the idea) and is basically standardized within the TCP/IP suite. IPSec is utilized in several protocols such as SSL and TLS. You should know that IPSec operates in two basic modes. We will now study these modes in greater detail. |
|
|
| IPSec is comprised of two basic components
that provide different functionality: |
|
|
|
IPSec implementation |
| L2TP L2TP, or Layer 2 Tunneling Protocol, is an alternative protocol to PPTP that offers the capability for VPN functionality in a more secure and efficient manner. Rather than actually replacing PPP as a remote access protocol or IPSec as a security protocol, L2TP simply acts as an encapsulation protocol on a very low level of the OSI model – the Data Link layer. L2TP, therefore, commonly utilizes PPP for the actual remote access service and IPSec for security. Note that L2TP operates on a client/server model with the LAC (L2TP Access Concentrator) being the client and the LNS (L2TP Network Server) acting as the server. |
|
Cryptography |
|
What is
Cryptography? |
 AES, one of many cryptographic algorithms |
|
How
Cryptography Works |
| Public Key and Private
Key Systems A key is the password of sorts used to encrypt and decrypt data. When an encryption key is made available to any host, it's known as a public key. In contrast, a private key is confidentially shared between two hosts or entities. A symmetric encryption algorithm. uses the same key for encryption and decryption. When an different key is used for encryption and decryption this known as asymmetric encryption. More complex, systems require both a public key and a private key to operate. |
| Cryptanalysis and
cracking Cryptanalysis is the act of breaking the cipher or attempting to understand the cipher text. Cracking is often associated with cryptanalysis as cracking a shared key is often essential to cryptanalysis attempts. Not every cipher is decipherable – for example, some encryption algorithms are mathematically unbreakable (they operate on randomness) and other encryption algorithms are hashes that do not provide one-to-one functionality (that is, more than one input can result in the same output, making reverse-encryption or cryptanalysis impossible). However, most cryptographic algorithms can theoretically be cracked but require extraordinary amounts of computational power to do so. For example, RSA can take millennia to crack, hardly the amount of time that a potential attacker or cryptanalyst has available. |
| Applications and
Functions of Cryptography The Security+ exam will test you on your ability to recognize situations in which cryptography might be employed. The general rule here is that cryptography is employed in settings in which data confidentiality and integrity are desirable. For example, you would not use cryptography when transferring MP3 files (unless those files were highly sensitive for some reason) but you would certainly employ cryptographic methods when transferring health information. In addition to data confidentiality and integrity, cryptography can provide non-repudiation, which is the idea that a sender of information would not be able to refute the fact that he or she did send that information or data. Here is a sample laundry list of some well-known functions of cryptography: Certificates |
|
|
|
|
|
|
|
Malicious Software: |
| Viruses A computer virus is malicious software that propagates itself upon the action of a user. For example, some viruses send emails promising great information on how to get rich quickly or pleasant images. The user then opens some sort of executable attachment (that is almost certainly not what is promised) and the virus either immediately acts or waits as a dormant drone to act, either upon the request of a master host or some sort of time period. Viruses typically inflict damage by either destroying files categorically or installing new files that drastically affect the performance of the computer. Most viruses also act to “insert” themselves into various executable files, increasing the likelihood that a user will re-run the malicious executable file. One of the core tendencies of any computer virus is propagation. Most viruses include some mechanism for both local and network propagation, including the sending of instant messages, the setting up of web servers, and of course, emails. However, viruses are not truly “self-propagating” in the sense that the virus is actually incapable of “forcing” itself on another host machine in most cases. A virus typically needs user interaction to act (such as opening an attachment). This need for user interaction is usually seen as what separates a virus from a worm. |
| Worms Unlike the friendly creatures that crawl beneath the crust, computer worms can be extremely destructive and costly malicious programs that self-propagate to cause unbelievable damage to computer networks across the world. Alternatively, worms can help provide us the wonders of Google and Yahoo search engines. How can a worm be so good and yet so bad? Actually, worms are not inherently evil. Worms are simply pieces of software that are able to (through various means) self-propagate about the Internet. In many cases, computer worms provide various services that we all love and utilize. One such worm is the World Wide Web Worm, which “crawls” the Internet to pick up data from web pages for categorization and indexing that we later utilize through popular search engines. Other “friendly” worms work to quickly patch software that is vulnerable to attacks by – you guessed it – other worms! However, some worms also do irreparable damage to computers. Many of these worms, which carry malicious payloads, install self-destructive software or a backdoor into the PC. Remote control of infected hosts is often a primary goal of worm writers who seek to crash high-profile websites and services through “Denial of Service” attacks. |
|
Trojan Horses and
Backdoors |
| A Trojan horse or backdoor is any software
that attempts to give a remote user unauthorized access to a host
machine or user account. Some backdoors actually serve a legitimate
purpose (SSH, for example, might be classified as a “backdoor”) but in
general, the terms “backdoor” and especially “Trojan horse” are
associated with malicious intent. Some popular Trojan horses include: |
|
|
|
|
|
Firewalls |
|
What is a Firewall? |
 |
Types of Firewalls Each type of firewall has abilities, advantages, and drawbacks; to do well on the Security+ exam, you should understand these. |
| Packet Filtering Firewall A packet filtering firewall polices traffic on the basis of packet headers. IP, UDP, TCP, and even ICMP have enough header information for a packet filtering firewall to make an informed decision as to whether to accept or reject that packet. You can think of a packet filtering firewall as a bouncer at a party. The bouncer may have a list of people that are allowed to come in (a white list) or a list of people to specifically exclude (a blacklist). The bouncer may even check a guest’s identification to assure that the guest is above 18. Similarly, a packet filtering firewall simply inspects the source and destination of traffic in making a decision on whether to allow the packet to pass through. For example, some traffic may be addressed to a sensitive recipient and would therefore be blocked. A packet filtering firewall can also filter traffic on the basis of port numbers. For example, many companies now block traffic on port 27374 because it is well-known to be a port used by the Trojan horse “SubSeven.” Note that a packet filtering firewall basically operates through a special ACL (access control list) in which both the white and black list of IP addresses and port numbers are listed. In essence, this firewall operates at the Network and Transport layers of the OSI Model. This model is notable for its simplicity, speed, and transparency – however, traffic is not inspected for malicious content. In addition, IP addresses and DNS addresses can be hidden or “spoofed,” as discussed in the Attacks lesson |
| Circuit-Level Gateway A circuit-level gateway is a type of firewall that operates on the Session layer of the OSI model. Instead of inspecting packets by header/source or port information, it instead maintains a connection between two hosts that is approved to be safe. This is something akin to a parent who approves the people that their children can speak with on the phone once they trust those people. In this scenario, the parent does not have to listen into the conversation because they know they can trust the two communicating children. Similarly, a circuit-level gateway establishes a secure connection between two hosts that have been authenticated and trust each other. |
| Application-Level Gateway As the name suggests, an application-level gateway operates in the Application layer of the OSI model and actively inspects the contents of packets that are passed through to the gateway. It is for this reason that application-level gateways are considered the most secure as they can actively scan for malformed packets or malicious content. Think of an application-level gateway as the eavesdropping parent. An eavesdropping parent has the most complete knowledge of his or her child’s activities because he or she can listen into all of the child’s conversations. An application-level gateway does have drawbacks, however, including speed and routing problems. Application-level gateways are notorious for the amount of time it can take to inspect packets. A special kind of application-level gateway is a proxy server, which is a server that serves as the “middle man” between two hosts that wish to communicate. In the proxy server model, the host wishing to communicate sends a packet to the application-level gateway (proxy server), which then makes the decision whether to forward the packet to the intended recipient or to deny the request to send the packet. |
|
Networking Overview |
| In subsequent chapters of this study guide, we will take a look at different security topologies or ways that networks can be set up with security in mind. Before we can do this, however, we must have a clear understanding of different networking devices and concepts. We will now very briefly describe different key networking components to help you understand how they are related to information security and the exam. |
|
|
| IP Address An IP address is a unique numeric identifier of a host machine within the scope of a TCP/IP network. Public IP addresses are unique and individual to each host in the world, while private IP addresses are often duplicated among different private networks. You can think of a public IP address as a sort of telephone number and the private IP address as a sort of extension system that operates “in-house.” All IP addresses are formed as four octets separated by a dot: for example, 192.168.1.1 is a commonly-used private IP address. |
| NAT NAT, or Network Address Translation, is a service in which a gateway can allow multiple private hosts to operate under the guise of a single public IP address. One of the implications of NAT is that hosts “behind” the NAT are effectively “hidden” from the rest of the Internet, with the NAT acting as a sort of packet filtering firewall. |
| Router A router can forward packets of information based on the IP address of the header of the packet. Think of the header of the packet as a sort of shipping label for the packet in which the contents (the package) are contained. A router can quickly examine the shipping label and send it off to the appropriate destination. |
| Gateway A gateway serves as a sort of middle-man between two networks, usually the Internet and a private network. Many routers also serve as gateways, and many gateways have NAT functionality built into them. |
| Media The term “media” in networking refers to the physical medium of communication that the network utilizes. In many Ethernet networks CAT-5 cabling is employed. In high-speed applications, fiber optic media is used. |
| Applications and Ports Applications, in the networking sense, refer to specific Application-layer services that hosts provide over specific ports, or gateways into the system. For example, a web server is an application server that provides web pages over the port TCP 80. Other Application servers include FTP, Telnet, SSH, and Media servers. |
| Firewall A firewall is a device that can selectively filter communications between two hosts. Although we have an entire article dedicated to firewalls, it never hurts to reinforce the concept of what a firewall is for your own extended understanding. |
| Switch/Hub Hosts are connected to each other via a switch or a hub. The difference between a switch and a hub is that a hub forwards all packets to all connected hosts whereas a switch forwards packets only to selected recipients via MAC address, increasing information confidentiality. |
| DMZ Host A DMZ host is basically a “catch-all” host for requests on non-configured ports. Through a DMZ host, undesirable network traffic can be sent to single safe host rather than any host that would be in danger from malicious traffic. |
|
Private (Symmetric)
Key Cryptography |
| Here you will learn about different
symmetric key algorithms and their key features. More importantly, we
will learn about some more key concepts related to cryptography as it
applies to both symmetric and asymmetric algorithms. Finally, we will
learn the advantages and disadvantages of symmetric and asymmetric
algorithms. First, let’s learn a bit about the differences between block
and stream ciphers. |
| Block v. Stream Ciphers The difference between a block and a stream cipher is rather simple. A block cipher would break up a clear text into fixed-length blocks and then proceed to encrypt those blocks into fixed-length ciphers. Because the blocks are of a fixed length, keys can be re-used, making key management a breeze. Typically, computer software uses block ciphers. Stream ciphers operate on continuous (read: non-discrete) portions of data that arrives “in real time.” In other words, stream ciphers work on information “bit-by-bit” rather than “block-by-block.” Because the data does not need to broken down, stream ciphers are generally faster than block ciphers, but keys are not re-usable in stream ciphers, making key management a real pain. For this reason, stream ciphers are usually employed at the hardware level. |
| End-to-End Encryption End-to-End encryption refers to a situation in which data is encrypted when it is sent and decrypted only by the recipient. Of course, in order for the packets to be routed, the relevant TCP/IP headers must be present and unencrypted on the packet. |
| Link Encryption In Link encryption, every packet is encrypted at every point between two communicating hosts. In this formulation, information sent to one router is encrypted by the host and decrypted by the router, which then re-encrypts the information with a different key and sends it to the next point. Of course, in this formulation, the headers are also encrypted. The obvious drawbacks include speed and vulnerability to “man-in-the-middle” attacks. |
| Key Strength A cryptovariable, or key, is the value applied to encrypted or clear text in order to decrypt or encrypt the text. The length of the key, in bits, is usually a good indicator of the strength of the key. A 128-bit key is, for example, much stronger than a 32-bit key. |
| Symmetric Key Cryptography
In a symmetric key cryptosystem, a single key is used to encrypt and decrypt data between two communicating hosts. In order to break the system, an attacker must either: A) discover the key through trial-and-error, or discover the key during the initial “key agreement.” |
|
|
| Symmetric key protocols are known to be
faster and stronger than their asymmetric counterparts but do possess unique disadvantages that we will discuss later. We will now look at some common symmetric algorithms. |
| DES DES is an outdated 64-bit block cipher that uses a 56-bit key. It is a symmetric algorithm that splits the 64-bit block into two separate blocks under the control of the same key. It is considered highly insecure and unreliable and has been replaced by 3DES. |
| 3DES Triple DES or 3DES is the partial successor to DES but is still considered outdated and slow. It uses three separate 56-bit keys for an effective key length of 168 bits. However, a vulnerability exists that would allow a hacker to reduce the length of the key, reducing the time it would take to crack the key. In addition, 3DES is very slow by today’s standards and would not be practical to use in encrypting large files. |
| AES AES is the true successor to DES and uses a strong algorithm with a strong key. It is based on the Rijndael Block Cipher. The Rijndael Block Cipher can utilize different block and key lengths (including 128, 192, and 256 bit keys) to produce a fast and secure symmetric block cipher. The Twofish algorithm, an alternative to Rijndael, utilizes 128-bit blocks for keys up to 256 bits. |
| IDEA All you have to remember about IDEA is that: |
|
| RC5 RSA Security developed RC5, a fast, variable-length, variable-block symmetric cipher. It can accommodate a block size of up to 128 bits and a key up to 2048 bits. |
| Symmetric v. Asymmetric Here is a quick run-down of the advantages of symmetric and asymmetric algorithms: Symmetric Symmetric |
|
| Asymmetric |
|
|
Public (Asymmetric)
Key Cryptography |
| Public Key Cryptography is a widely-applied
form of cryptography commonly utilized in many network transactions. The
Security+ exam will test you on your both your understanding of how
public key systems work as well as your ability to discern between
different types of public key algorithms. The exam will also cover PKI,
or public-key infrastructure. |
| The workings of Public Key
Cryptography Unlike private key systems, in which two communicating users share a secret key for encryption and decryption, public key systems utilize widely-available and unique “public keys,” as well as “private keys,” to securely transmit confidential data. Here’s how a public key transaction works: Assume we have two users, Pat and Jane, and that Pat wishes to send Jane a secret love note. Pat encrypts the love note using Jane’s public key. The message is sent via email to Jane. Jane then can read the message by decrypting the message with her private key. Note that in order for this transaction to take place, only Jane has to know her private key. This is the beauty of a public key (or asymmetric) system. Through this transaction, known as secure message format, the confidentiality of the message is assured: only Jane can read it! Public-key cryptography can also be applied to validate the authenticity of a message. In this formulation, Pat would send Jill a message using his private key (therefore encrypting the message). To read the message, Jill would use Pat’s public key. In doing so, Jill has affirmed that the message was in fact sent by Pat. This is known as open message format. In order to ensure both information authenticity and confidentiality, signed and secure message format may be employed. Extending the love note example, Pat would first encrypt the message with Jill’s public key and then encrypt that encrypted message with his own private key. When the message is sent to Jill, she can use Pat’s public key to verify the message was indeed from Pat. But the message is still encrypted! To overcome this, she can use her own private key to decrypt the message. |
| Public Key Protocols |
|
|
|
| Message Digesting A message digest is something of an unreadable, condensed version of a message. More specifically, a message digest utilizes a one-way hash function to calculate a set-length version of a message that cannot be deciphered into clear text. Message digests are usually employed in situations in which it would be undesirable to be able to decrypt the message. One such application is in modern username/password systems, in which the password is stored using a hash function or digest. After the password has been hashed, it cannot be un-hashed. When a user attempts to login with a password, the password he types is also hashed so that the two hashes (rather than the two passwords) are compared against each other. Note that the hash assumes that a hashed value cannot be deciphered and that no two messages will produce the same hash. |
| Hashing Protocols |
|
|
Technical Info Listings
Q & A | |
What |
Where |
| Microsoft Product Information |
http://www.microsoft.com/products/info/default.aspx?View=22 |
Last Update:
Saturday, July 31, 2010 at
05:55 PM
Copyright ©
2010, All rights
reserved.
Home
Download Links
Search Area
Tech Info