| |
| |
Acknowledgments | |
| |
| |
Foreword | |
| |
| |
Preface | |
| |
| |
Introduction | |
| |
| |
| |
Introduction and Security Trends | |
| |
| |
The Security Problem | |
| |
| |
Avenues of Attack | |
| |
| |
Chapter Review | |
| |
| |
| |
General Security Concepts | |
| |
| |
Basic Security Terminology | |
| |
| |
Security Models | |
| |
| |
Chapter Review | |
| |
| |
| |
Operational/ Organizational Security | |
| |
| |
Security Operations in Your Organization | |
| |
| |
Physical Security | |
| |
| |
Social Engineering | |
| |
| |
Environment | |
| |
| |
Wireless | |
| |
| |
Electromagnetic Eavesdropping | |
| |
| |
Location | |
| |
| |
Chapter Review | |
| |
| |
| |
The Role of People in Security | |
| |
| |
People--A Security Problem | |
| |
| |
People as a Security Tool | |
| |
| |
Chapter Review | |
| |
| |
| |
Cryptography | |
| |
| |
Algorithms | |
| |
| |
Hashing | |
| |
| |
Symmetric Encryption | |
| |
| |
Asymmetric Encryption | |
| |
| |
Usage | |
| |
| |
Chapter Review | |
| |
| |
| |
Public Key Infrastructure | |
| |
| |
The Basics of Public Key Infrastructures | |
| |
| |
Certificate Authorities | |
| |
| |
Registration Authorities | |
| |
| |
Certificate Repositories | |
| |
| |
Trust and Certificate Verification | |
| |
| |
Digital Certificates | |
| |
| |
Centralized or Decentralized Infrastructures | |
| |
| |
Private Key Protection | |
| |
| |
Public Certificate Authorities | |
| |
| |
In-House Certificate Authorities | |
| |
| |
Outsourced Certificate Authorities | |
| |
| |
Tying Different PKIs Together | |
| |
| |
Certificate Usage | |
| |
| |
Chapter Review | |
| |
| |
| |
Standards and Protocols | |
| |
| |
PKIX/PKCS | |
| |
| |
X.509 | |
| |
| |
SSL/TLS | |
| |
| |
ISAKMP | |
| |
| |
CMP | |
| |
| |
XKMS | |
| |
| |
S/MIME | |
| |
| |
PGP | |
| |
| |
HTTPS | |
| |
| |
IPSec | |
| |
| |
CEP | |
| |
| |
FIPS | |
| |
| |
Common Criteria (CC) | |
| |
| |
WTLS | |
| |
| |
WEP | |
| |
| |
ISO 17799 | |
| |
| |
Chapter Review | |
| |
| |
| |
The Impact of Physical Security on Network Security | |
| |
| |
The Problem | |
| |
| |
Physical Security Safeguards | |
| |
| |
Chapter Review | |
| |
| |
| |
Network Fundamentals | |
| |
| |
Network Architectures | |
| |
| |
Network Topology | |
| |
| |
Network Protocols | |
| |
| |
Packet Delivery | |
| |
| |
Chapter Review | |
| |
| |
| |
Infrastructure Security | |
| |
| |
Devices | |
| |
| |
Media | |
| |
| |
Security Concerns for Transmission Media | |
| |
| |
Removable Media | |
| |
| |
Security Topologies | |
| |
| |
Tunneling | |
| |
| |
Chapter Review | |
| |
| |
| |
Remote Access | |
| |
| |
The Remote Access Process | |
| |
| |
Telnet | |
| |
| |
SSH | |
| |
| |
L2TP and PPTP | |
| |
| |
IEEE 802.11 | |
| |
| |
VPN | |
| |
| |
IPSec | |
| |
| |
IEEE 802.1x | |
| |
| |
RADIUS | |
| |
| |
TACACS+ | |
| |
| |
Vulnerabilities | |
| |
| |
Connection Summary | |
| |
| |
Chapter Review | |
| |
| |
| |
Wireless and Instant Messaging | |
| |
| |
Wireless | |
| |
| |
Instant Messaging | |
| |
| |
Chapter Review | |
| |
| |
| |
Intrusion Detection Systems | |
| |
| |
History of Intrusion Detection Systems | |
| |
| |
IDS Overview | |
| |
| |
Host-Based Intrusion Detection Systems | |
| |
| |
Network-Based Intrusion Detection Systems | |
| |
| |
Signatures | |
| |
| |
False Positives and Negatives | |
| |
| |
IDS Models | |
| |
| |
Chapter Review | |
| |
| |
| |
Security Baselines | |
| |
| |
Overview Baselines | |
| |
| |
Password Selection | |
| |
| |
Operating System and Network Operating System Hardening | |
| |
| |
Network Hardening | |
| |
| |
Application Hardening | |
| |
| |
Chapter Review | |
| |
| |
| |
Attacks and Malware | |
| |
| |
Attacking Computer Systems and Networks | |
| |
| |
Auditing | |
| |
| |
Chapter Review | |
| |
| |
| |
E-mail | |
| |
| |
Security of E-mail Transmissions | |
| |
| |
Malicious Code | |
| |
| |
Hoax E-mails | |
| |
| |
Unsolicited Commercial E-mail (Spam) | |
| |
| |
Mail Encryption | |
| |
| |
Chapter Review | |
| |
| |
| |
Web Components | |
| |
| |
Current Web Components and Concerns | |
| |
| |
Protocols | |
| |
| |
Code-Based Vulnerabilities | |
| |
| |
Chapter Review | |
| |
| |
| |
Software Development | |
| |
| |
The Software Engineering Process | |
| |
| |
Good Practices | |
| |
| |
Chapter Review | |
| |
| |
| |
Disaster Recovery, Business Continuity, and Organizational Policies | |
| |
| |
Disaster Recovery | |
| |
| |
Policies and Procedures | |
| |
| |
Chapter Review | |
| |
| |
| |
Risk Management | |
| |
| |
An Overview of Risk Management | |
| |
| |
What Is Risk Management? | |
| |
| |
Business Risks | |
| |
| |
Risk Management Models | |
| |
| |
Qualitatively Assessing Risk | |
| |
| |
Quantitatively Assessing Risk | |
| |
| |
Qualitative vs. Quantitative Risk Assessment | |
| |
| |
Tools | |
| |
| |
Chapter Review | |
| |
| |
| |
Change Management | |
| |
| |
Why Change Management? | |
| |
| |
The Key Concept: Segregation of Duties | |
| |
| |
Elements of Change Management | |
| |
| |
Implementing Change Management | |
| |
| |
The Capability Maturity Model | |
| |
| |
Chapter Review | |
| |
| |
| |
Privilege Management | |
| |
| |
User, Group, and Role Management | |
| |
| |
Single Sign-On | |
| |
| |
Centralized vs. Decentralized Management | |
| |
| |
Auditing (Privilege, Usage, and Escalation) | |
| |
| |
Handling Access Control (MAC, DAC, and RBAC) | |
| |
| |
Chapter Review | |
| |
| |
| |
Computer Forensics | |
| |
| |
Evidence | |
| |
| |
Collecting Evidence | |
| |
| |
Chain of Custody | |
| |
| |
Free Space vs. Slack Space | |
| |
| |
What's This Message Digest and Hash? | |
| |
| |
Analysis | |
| |
| |
Chapter Review | |
| |
| |
| |
Security and Law | |
| |
| |
Import/Export Encryption Restrictions | |
| |
| |
Digital Signature Laws | |
| |
| |
Digital Rights Management | |
| |
| |
Privacy Laws | |
| |
| |
Computer Trespass | |
| |
| |
Ethics | |
| |
| |
Chapter Review | |
| |
| |
| |
About the CD-ROM | |
| |
| |
System Requirements | |
| |
| |
LearnKey Online Training | |
| |
| |
Installing and Running MasterExam | |
| |
| |
Help | |
| |
| |
Removing Installation(s) | |
| |
| |
Technical Support | |
| |
| |
| |
About the Security+ Exam | |
| |
| |
SSCP Exam | |
| |
| |
SSCP Body of Knowledge | |
| |
| |
Glossary | |
| |
| |
Index | |