4.6 Given a scenario, troubleshoot security problems.
📘CompTIA Server+ (SK0-005)
Security tools help administrators detect, analyze, and fix security issues on servers and networks. For the exam, you must understand what each tool does, when to use it, and what problem it helps identify.
🧰 1. Port Scanners
📌 What it is:
A port scanner checks a system to see which network ports are open.
📌 Why it matters:
Open ports can expose services to attackers. Some ports should not be open.
📌 Common Tools:
- Nmap (very important for exam)
- Netcat
📌 What it detects:
- Unauthorized open ports
- Running services on ports
- Misconfigured firewall rules
📌 Example in IT environment:
- A server should only allow ports 80 (HTTP) and 443 (HTTPS)
- A scan shows port 22 (SSH) is open → possible security risk
📌 Exam Tip:
- Open ports = potential attack entry points
- Always verify if open ports are required or not
🌐 2. Sniffers (Packet Analyzers)
📌 What it is:
A sniffer captures and analyzes network traffic (data packets).
📌 Common Tool:
- Wireshark
📌 What it detects:
- Suspicious traffic
- Unencrypted data (like passwords in plain text)
- Network attacks (e.g., spoofing, unusual traffic spikes)
📌 Example in IT environment:
- Admin captures traffic and sees login credentials sent in plain text → security issue
📌 Exam Tip:
- Sniffers help in detecting attacks and troubleshooting network issues
- They can also be used maliciously, so secure your network
🔌 3. Telnet Clients
📌 What it is:
Telnet allows remote connection to systems over the network.
📌 Key Issue:
- Not secure (sends data in plain text)
📌 Why used in troubleshooting:
- Test if a port is open
- Check service availability
📌 Example in IT environment:
- Admin uses Telnet to check if a web server is responding on port 80
📌 Exam Tip:
- Telnet = insecure
- Prefer SSH instead
🛡️ 4. Anti-malware
📌 What it is:
Software designed to detect and remove:
- Spyware
- Ransomware
- Trojans
- Worms
📌 What it does:
- Scans system for malicious software
- Removes or quarantines threats
- Provides real-time protection
📌 Example in IT environment:
- Server infected with ransomware → anti-malware detects and isolates it
📌 Exam Tip:
- Covers all types of malware
- Should be updated regularly
🦠 5. Antivirus
📌 What it is:
A type of anti-malware focused mainly on viruses
📌 Key functions:
- Signature-based detection
- Heuristic analysis (detect unknown threats)
- Real-time scanning
📌 Example in IT environment:
- A file downloaded on server contains a virus → antivirus blocks it
📌 Exam Tip:
- Antivirus = subset of anti-malware
- Must keep virus definitions updated
📂 6. File Integrity Monitoring (FIM)
📌 What it is:
Checks whether files have been changed, modified, or tampered with
🔹 a. Checksums
📌 What it is:
A checksum is a value calculated from a file’s contents.
📌 Purpose:
- Detect file changes
📌 Example:
- Original file checksum = ABC123
- After modification = XYZ789 → file changed
🔹 b. Monitoring
📌 What it does:
- Continuously watches important files
- Alerts if changes occur
🔹 c. Detection
📌 What it does:
- Identifies unauthorized changes
- Compares current file state with baseline
🔹 d. Enforcement
📌 What it does:
- Automatically restores or blocks unauthorized changes
- Enforces security policies
📌 Example in IT environment:
- A system file is modified by malware
- FIM detects change → alerts admin → restores original file
📌 Exam Tip:
- FIM is critical for detecting unauthorized modifications
- Common in security compliance environments
👤 7. User Access Controls
Controls who can access what resources on a system.
🔹 a. SELinux (Security-Enhanced Linux)
📌 What it is:
A Linux security module that enforces strict access control policies
📌 Key concept:
- Even if a user has permission, SELinux can still deny access
📌 Modes:
- Enforcing (blocks violations)
- Permissive (logs only)
- Disabled
📌 Example in IT environment:
- A web server tries to access a restricted file → SELinux blocks it
📌 Exam Tip:
- SELinux = mandatory access control (MAC)
- More secure than basic permissions
🔹 b. User Account Control (UAC)
📌 What it is:
A Windows feature that controls privilege escalation
📌 Purpose:
- Prevent unauthorized system changes
- Ask for admin approval when needed
📌 Example in IT environment:
- Installing software requires admin approval → UAC prompt appears
📌 Exam Tip:
- Helps prevent malware from gaining admin rights
- Part of Windows security model
🧠 Quick Summary Table
| Tool | Purpose | Key Exam Point |
|---|---|---|
| Port Scanner | Finds open ports | Detects exposed services |
| Sniffer | Captures network traffic | Finds suspicious or unencrypted data |
| Telnet | Tests connectivity | Insecure (use SSH instead) |
| Anti-malware | Detects all malware | Broad protection |
| Antivirus | Detects viruses | Needs updates |
| File Integrity Monitoring | Detects file changes | Uses checksums |
| SELinux | Linux access control | Enforces strict policies |
| UAC | Windows privilege control | Prevents unauthorized admin actions |
🎯 Exam Tips (Very Important)
- Always relate tools to security problems they solve
- Know the difference:
- Antivirus vs Anti-malware
- SELinux vs standard permissions
- Remember:
- Telnet = insecure
- Open ports = risk
- Checksums = detect file changes
- Focus on troubleshooting scenarios, not just definitions
