OBJECTIVES
This chapter covers the following TruSecure-specified objectives for the TICSA exam:
Describe, recognize, or select basic weaknesses in TCP/IP networking.
TCP/IP is the foundation for any traffic passed on the Internet and most internal networks today. Understanding how TCP/IP functions and what vulnerabilities and security features to watch for is imperative to understanding network security as a whole. This includes how packets are designed, the TCP/IP handshaking process, and the OSI/DARPA models.
Identify the basic security issues associated with system/network design and configuration.
Understanding the vulnerabilities and possible issues that can arise with major TCP/IP protocols and services can help you understand other security techniques. It is also important to determine what kind of security vulnerabilities and attacks are possible at each layer of the OSI model to consider what software and services you want to install or implement on your critical servers and workstations.
OUTLINE
Structure of an IP Datagram 46
Network Reference Models and TCP/IP 47
Simple Mail Transfer Protocol 53
STUDY STRATEGIES
The TICSA exam may contain questions relating to both the TCP/IP and OSI models and how various security elements work with those. For instance, at what level do Web servers work? Take some time to come up with a reliable way to remember which layer goes where, how each corresponds with one another, and what you will typically find working on each layer. It may be worth your while to spend a little time reading some TCP/IP primers on Microsoft.com or even just doing a search on your favorite Internet search engine for information on the deeper, inner workings of TCP/IP.
You will probably not see many questions relating to TCP/IP headers and how packets are laid out, but it would be worthwhile to know how they are built. Another important scheme to memorize is how the handshake process goes. Making up a rhyme or acronym for this will help you remember it when you invariably get a question on it during the exam.