4.6 Given a scenario, troubleshoot security problems.
📘CompTIA Server+ (SK0-005)
🔐 1. Open Ports
🔹 What are Open Ports?
Ports are communication endpoints on a server (e.g., port 80 for HTTP, 443 for HTTPS).
An open port means the server is listening and accepting connections.
🔹 Why They Cause Problems
- Unnecessary open ports increase the attack surface
- Attackers scan systems to find open ports and exploit services
🔹 Common Issues
- Ports left open after testing
- Default ports exposed to the internet
- No firewall restrictions
🔹 Troubleshooting
- Use tools:
netstat -anss(Linux)- Port scanners (e.g., Nmap)
- Close unused ports
- Restrict ports using firewall rules
🔹 Exam Tip
👉 “Too many open ports” = security misconfiguration + increased risk of attack
⚙️ 2. Services (Active, Inactive, Orphan/Zombie)
Services are background processes running on a server.
🔹 Active Services
- Running and consuming resources
- May expose ports
Problems:
- Unnecessary services increase risk
- Vulnerable services can be exploited
🔹 Inactive Services
- Installed but not running
Problems:
- May start automatically later
- Can be exploited if enabled without proper configuration
🔹 Orphan/Zombie Services
- Running without proper control or parent process
- Left behind after improper shutdown or uninstall
Problems:
- Hard to monitor
- May indicate malware or misconfiguration
🔹 Troubleshooting
- Windows:
services.msctasklist
- Linux:
systemctlps -ef
🔹 Exam Tip
👉 Disable/remove unnecessary services to reduce attack surface
🛡️ 3. Intrusion Detection Configuration (IDS)
🔹 What is IDS?
Monitors network/system activity for suspicious behavior.
Types:
- Network-based (NIDS)
- Host-based (HIDS)
🔹 Common Problems
- IDS not enabled
- Incorrect rules/signatures
- Too many false positives
- Not updated
🔹 Symptoms
- Attacks go undetected
- Alerts are ignored due to noise
🔹 Troubleshooting
- Update signatures
- Tune alert thresholds
- Review logs regularly
🔹 Exam Tip
👉 IDS misconfiguration = missed attacks OR alert overload
🦠 4. Anti-malware Configuration
🔹 Purpose
Detects and removes viruses, spyware, ransomware
🔹 Common Problems
- Disabled protection
- Outdated definitions
- No real-time scanning
- Exclusions too broad
🔹 Symptoms
- Slow system
- Unknown processes
- Unauthorized changes
🔹 Troubleshooting
- Update definitions
- Enable real-time protection
- Run full system scan
- Check quarantine logs
🔹 Exam Tip
👉 Outdated antivirus = high infection risk
📜 5. Improperly Configured Local/Group Policies
🔹 What are Policies?
Rules that control:
- User permissions
- Security settings
- System behavior
🔹 Common Issues
- Weak password policies
- Users given admin rights
- Disabled auditing
- Misconfigured login restrictions
🔹 Symptoms
- Unauthorized access
- Security rules not enforced
🔹 Troubleshooting
- Review Group Policy (
gpedit.msc,gpmc.msc) - Enforce least privilege
- Enable auditing/logging
🔹 Exam Tip
👉 Policy misconfiguration = security gaps across many systems
🔥 6. Improperly Configured Firewall Rules
🔹 What is a Firewall?
Controls incoming/outgoing traffic based on rules
🔹 Common Problems
- Allowing too much traffic
- Blocking legitimate traffic
- Rules in wrong order
- Any/Any rules (very insecure)
🔹 Symptoms
- Unauthorized access
- Applications cannot connect
- Network services unavailable
🔹 Troubleshooting
- Review firewall rules
- Check rule priority/order
- Use logs to identify blocked traffic
🔹 Exam Tip
👉 Overly permissive firewall = major security risk
🔐 7. Misconfigured Permissions
🔹 What are Permissions?
Control access to:
- Files
- Folders
- Resources
🔹 Common Problems
- Users have too much access
- Public/shared folders exposed
- Incorrect inheritance settings
🔹 Symptoms
- Unauthorized file access
- Data modification/deletion
🔹 Troubleshooting
- Apply least privilege principle
- Audit permissions
- Remove unnecessary access
🔹 Exam Tip
👉 “Everyone = Full Control” = ❌ critical security issue
🦠 8. Virus Infection
🔹 What is a Virus?
Malicious code that attaches to files and spreads
🔹 Symptoms
- Files corrupted
- System crashes
- Unexpected behavior
🔹 Troubleshooting
- Run antivirus scan
- Isolate infected system
- Restore from backup if needed
🔹 Exam Tip
👉 Virus = requires user action (e.g., opening file)
👾 9. Malware
🔹 What is Malware?
General term for:
- Viruses
- Worms
- Trojans
- Ransomware
- Spyware
🔹 Symptoms
- Slow performance
- Unauthorized access
- Data theft
- Pop-ups or unknown apps
🔹 Troubleshooting
- Use anti-malware tools
- Remove suspicious programs
- Patch vulnerabilities
🔹 Exam Tip
👉 Malware = broad category of malicious software
🕵️ 10. Rogue Processes/Services
🔹 What are They?
Unauthorized or unknown programs running on the system
🔹 Causes
- Malware
- Unauthorized installations
- Compromised accounts
🔹 Symptoms
- High CPU/memory usage
- Unknown processes
- Unexpected network activity
🔹 Troubleshooting
- Use:
- Task Manager
ps,top
- Identify process origin
- Kill process and remove source
🔹 Exam Tip
👉 Unknown process = potential compromise
🔒 11. Data Loss Prevention (DLP)
🔹 What is DLP?
Prevents sensitive data from leaving the organization
🔹 Common Problems
- Not configured
- Too strict → blocks legitimate work
- Too loose → allows data leaks
🔹 Symptoms
- Sensitive data exposure
- Users unable to transfer files
🔹 Troubleshooting
- Adjust DLP rules
- Monitor alerts/logs
- Classify sensitive data correctly
🔹 Exam Tip
👉 DLP balances security vs usability
🧠 Final Exam Summary (Must Remember)
🔥 High-Risk Misconfigurations:
- Open ports
- Weak firewall rules
- Excessive permissions
- Disabled security tools
🔍 Common Root Causes:
- Misconfiguration (most common in exams)
- Outdated systems
- Poor access control
- Unmonitored services
🛠️ Key Troubleshooting Approach:
- Identify symptoms (logs, alerts)
- Check configurations (firewall, policies, services)
- Scan for malware
- Review permissions and access
- Apply least privilege and security best practices
🎯 Golden Rule for Exam:
👉 Most security issues are caused by misconfiguration, not hardware failure
