Page 20 - StudyBook.pdf
P. 20

4      Chapter 1 • General Security Concepts: Access Control, Authentication, and Auditing

             Introduction


             Security+ is a security fundamentals and concepts exam. No security concepts
             exam would be complete without questions on Access Control,Authentication, and
             Auditing (AAA).AAA comprises the most basic fundamentals of work in the
             Information Technology (IT) security field, and is critical to understand for any IT
             security practitioner. In this chapter, you will study CompTIA’s test objectives for
             Section 1,“General Security Concepts.”You will be introduced to AAA and its
             finer details, as well as the concepts and terminology that will be explored and
             developed in later chapters.We end this chapter with a discussion on removing
             non-essential services to secure any platform you may be working on.



              EXAM WARNING
                  It is important to remember that the Security+ exam is based on general
                  IT security best practices, and requires an understanding of a wide range
                  of IT security concepts. This means that most of the information that
                  you need to pass the exam can be gained through research of the var-
                  ious Requests for Comments (RFCs) published by the Internet
                  Engineering Steering Group (IESG). While this book contains the infor-
                  mation necessary to pass the exam, if you need more details on any spe-
                  cific subject, the RFCs are a great resource. All of the RFCs can be found
                  at the IESG RFC page located at http://tools.ietf.org/rfc/ or searched for
                  using the search engine located at www.rfc.net.






             Introduction to AAA

             AAA are a set of primary concepts that aid in understanding computer and net-
             work security as well as access control.These concepts are used daily to protect
             property, data, and systems from intentional or even unintentional damage.AAA is
             used to support the Confidentiality, Integrity, and Availability (CIA) security con-
             cept, in addition to providing the framework for access to networks and equipment
             using Remote Authentication Dial-In User Service (RADIUS) and Terminal
             Access Controller Access Control System (TACACS/TACACS+) .
                 A more detailed description of AAA is discussed in RFC 3127, which can be
             found at http://tools.ietf.org/html/rfc3127.This RFC contains an evaluation of
             various existing protocols against the AAA requirements, and can help you under-



          www.syngress.com
   15   16   17   18   19   20   21   22   23   24   25