Skip to content

Security+ Certification All-in-One Exam Guide

ISBN-10: 0072226331

ISBN-13: 9780072226331

Edition: 2003

Authors: Gregory White

List price: $62.99
Blue ribbon 30 day, 100% satisfaction guarantee!
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Description:

This All-In-One guide is a comprehensive exam guide covering the new foundation level security certification for networking professionals; Security+ from CompTIA. The book includes 100% coverage of all exam objectives for the Security+ Certification, and also serves as an in-depth reference for use in the workplace after the exams.
Customers also bought

Book details

List price: $62.99
Copyright year: 2003
Publisher: McGraw-Hill Osborne
Publication date: 6/25/2003
Binding: Hardcover
Pages: 592
Size: 7.50" wide x 9.25" long x 1.75" tall
Weight: 2.530
Language: English

Greg White (San Antonio, TX), Security+, CISSP, is an Associate Professor in the Department of Computer Science at the University of Texas at San Antonio. Dr. White is the Director of the Center for Infrastructure Assurance and Security at UTSA, and was the author of the first edition of the Security+ All-in-One Exam Guide from McGraw-Hill.

Acknowledgmentsp. xxiii
Prefacep. xxv
Introductionp. xxvii
Authenticationp. 1
General Security Conceptsp. 3
The Security+ Examp. 3
Basic Security Terminologyp. 4
Security Basicsp. 4
Access Controlp. 15
Authenticationp. 18
Malware and Attacksp. 27
Types of Attacks and Malicious Softwarep. 29
Avenues of Attackp. 29
The Steps in an Attackp. 30
Minimizing Possible Avenues of Attackp. 31
Attacking Computer Systems and Networksp. 31
Denial of Service Attacksp. 32
Backdoors and Trapdoorsp. 35
Sniffingp. 35
Spoofingp. 36
Man-in-the-Middle Attacksp. 40
Replay Attacksp. 41
TCP/IP Hijackingp. 41
Attacks on Encryptionp. 41
Password Guessingp. 43
Software Exploitationp. 44
Malicious Codep. 45
War-Dialing and War-Drivingp. 49
Social Engineeringp. 50
Auditingp. 51
Security in Transmissionsp. 59
Remote Accessp. 61
The Remote Access Processp. 61
Identificationp. 62
Authenticationp. 63
Authorizationp. 63
Telnetp. 64
SSHp. 64
L2TP and PPTPp. 65
PPTPp. 66
L2TPp. 68
IEEE 802.11p. 68
VPNp. 70
IPsecp. 71
IPsec Configurationsp. 72
IPsec Securityp. 72
IEEE 802.1xp. 77
RADIUSp. 77
RADIUS Authenticationp. 78
RADIUS Authorizationp. 78
RADIUS Accountingp. 78
DIAMETERp. 80
TACACS+p. 80
TACACS+ Authenticationp. 81
TACACS+ Authorizationp. 81
TACACS+ Accountingp. 82
Vulnerabilitiesp. 83
E-Mailp. 89
Security of E-Mail Transmissionsp. 89
Malicious Codep. 90
Hoax E-Mailsp. 92
Unsolicited Commercial E-Mail (Spam)p. 92
Mail Encryptionp. 94
Web Componentsp. 103
Current Web Components and Concernsp. 104
Protocolsp. 104
Encryption (SSL and TLS)p. 105
The Web (HTTP and HTTPS)p. 110
Directory Services (DAP and LDAP)p. 112
File Transfer (FTP and SFTP)p. 113
Vulnerabilitiesp. 114
Code-Based Vulnerabilitiesp. 114
Buffer Overflowsp. 115
Java and JavaScriptp. 115
ActiveXp. 119
CGIp. 120
Server-Side Scriptsp. 121
Cookiesp. 121
Signed Appletsp. 125
Browser Plug-Insp. 126
Wireless and Instant Messagingp. 133
Wirelessp. 133
WAP and WTLSp. 134
802.11p. 137
Instant Messagingp. 145
Security for the Infrastructurep. 153
Infrastructure Securityp. 155
Devicesp. 155
Workstationsp. 156
Serversp. 157
Network Interface Cards (NICs)p. 158
Hubsp. 159
Bridgesp. 159
Switchesp. 159
Routersp. 161
Firewallsp. 162
Wirelessp. 164
Modemsp. 166
RASp. 167
Telecom/PBXp. 167
VPNp. 168
IDSp. 168
Network Monitoring/Diagnosticp. 170
Mobile Devicesp. 171
Mediap. 172
Coaxp. 172
UTP/STPp. 173
Fiberp. 174
Unguided Mediap. 176
Security Concerns for Transmission Mediap. 177
Physical Securityp. 177
Removable Mediap. 178
Magnetic Mediap. 179
Optical Mediap. 181
Electronic Mediap. 182
Security Topologiesp. 183
Security Zonesp. 183
VLANsp. 186
NATp. 188
Tunnelingp. 189
Intrusion Detection Systemsp. 195
History of Intrusion Detection Systemsp. 196
IDS Overviewp. 197
Host-Based Intrusion Detection Systemsp. 198
Advantages of Host-Based IDSsp. 203
Disadvantages of Host-Based IDSsp. 203
Active vs. Passive Host-Based IDSsp. 204
Network-Based Intrusion Detection Systemsp. 205
Advantages of a Network-Based IDSp. 209
Disadvantages of a Network-Based IDSp. 209
Active vs. Passive Network-Based IDSsp. 210
Signaturesp. 210
False Positives and Negativesp. 212
IDS Modelsp. 212
Preventative Intrusion Detection Systemsp. 213
IDS Products and Vendorsp. 214
Honeypotsp. 214
Incident Responsep. 216
Security Baselinesp. 223
Overviewp. 223
Password Selectionp. 224
Password Policy Guidelinesp. 224
Selecting a Passwordp. 225
Components of a Good Passwordp. 226
Password Agingp. 226
Operating System and Network Operating System Hardeningp. 227
Hardening Microsoft Operating Systemsp. 228
Hardening UNIX- or Linux-Based Operating Systemsp. 243
Network Hardeningp. 258
Software Updatesp. 259
Device Configurationp. 259
Ports and Servicesp. 261
Traffic Filteringp. 263
Application Hardeningp. 265
Application Patchesp. 266
Web Serversp. 266
Mail Serversp. 269
FTP Serversp. 271
DNS Serversp. 271
File and Print Servicesp. 272
Active Directoryp. 272
Cryptography and Applicationsp. 277
Cryptographyp. 279
Algorithmsp. 280
Hashingp. 283
SHAp. 283
Message Digest (MD)p. 284
Hashing Summaryp. 286
Symmetric Encryptionp. 286
DESp. 287
3DESp. 289
AESp. 290
CASTp. 291
RCp. 291
Blowfishp. 294
IDEAp. 295
Symmetric Encryption Summaryp. 296
Asymmetric Encryptionp. 296
RSAp. 297
Diffie-Hellmanp. 298
ElGamalp. 298
ECCp. 299
Asymmetric Encryption Summaryp. 300
Usagep. 300
Confidentialityp. 300
Integrityp. 301
Nonrepudiationp. 301
Authenticationp. 301
Digital Signaturesp. 302
Key Escrowp. 302
Public Key Infrastructurep. 307
The Basics of Public Key Infrastructuresp. 307
Certificate Authoritiesp. 310
Registration Authoritiesp. 311
Local Registration Authoritiesp. 314
Certificate Repositoriesp. 314
Trust and Certificate Verificationp. 315
Digital Certificatesp. 319
Certificate Attributesp. 321
Certificate Extensionsp. 322
Certificate Lifecyclesp. 323
Centralized or Decentralized Infrastructuresp. 330
Hardware Storage Devicesp. 332
Private Key Protectionp. 332
Key Recoveryp. 334
Key Escrowp. 335
Public Certificate Authoritiesp. 336
In-House Certificate Authoritiesp. 337
Outsourced Certificate Authoritiesp. 338
Tying Different PKIs Togetherp. 339
Trust Modelsp. 340
Standards and Protocolsp. 357
PKIX/PKCSp. 359
PKIX Standardsp. 360
PKCSp. 362
Why You Need to Knowp. 364
X.509p. 364
SSL/TLSp. 366
ISAKMPp. 368
CMPp. 369
XKMSp. 370
S/MIMEp. 372
IETF S/MIME v3 Specificationsp. 373
PGPp. 374
How It Worksp. 374
Where Can You Use PGP?p. 375
HTTPSp. 375
IPsecp. 375
CEPp. 376
FIPSp. 376
Common Criteria (CC)p. 377
WTLSp. 377
WEPp. 377
WEP Security Issuesp. 378
ISO 17799p. 378
Operational Securityp. 383
Operational/Organizational Securityp. 385
Security Operations in Your Organizationp. 385
Policies, Procedures, Standards, and Guidelinesp. 386
The Security Perimeterp. 386
Physical Securityp. 388
Access Controlsp. 388
Physical Barriersp. 390
Social Engineeringp. 390
Environmentp. 391
Fire Suppressionp. 392
Wirelessp. 396
Electromagnetic Eavesdroppingp. 397
Shieldingp. 398
Locationp. 398
Disaster Recovery, Business Continuity, and Organizational Policiesp. 405
Disaster Recoveryp. 405
Disaster Recovery Plans/Processp. 406
Backupsp. 408
Utilitiesp. 413
Secure Recoveryp. 414
High Availability and Fault Tolerancep. 414
Policies and Proceduresp. 415
Security Policiesp. 415
Privacyp. 419
Service Level Agreementsp. 420
Human Resources Policiesp. 420
Code of Ethicsp. 422
Incident Response Policiesp. 422
Administrative Controlsp. 431
Security and Lawp. 433
Import/Export Encryption Restrictionsp. 433
United States Lawp. 434
Non-U.S. Lawsp. 436
Digital Signature Lawsp. 436
Non-U.S. Lawsp. 437
Digital Rights Managementp. 438
Privacy Lawsp. 440
United States Lawsp. 440
European Lawsp. 441
Computer Trespassp. 442
Convention on Cybercrimep. 442
Privilege Managementp. 447
User, Group, and Role Managementp. 448
Userp. 448
Groupsp. 449
Rolep. 450
Single Sign-Onp. 451
Centralized vs. Decentralized Managementp. 452
Centralized Managementp. 452
Decentralized Managementp. 453
The Decentralized, Centralized Modelp. 454
Auditing (Privilege, Usage, and Escalation)p. 454
Privilege Auditingp. 454
Usage Auditingp. 455
Escalation Auditingp. 456
Handling Access Control (MAC, DAC, and RBAC)p. 457
Mandatory Access Control (MAC)p. 457
Discretionary Access Control (DAC)p. 458
Role-Based Access Control (RBAC)p. 459
Computer Forensicsp. 463
Evidencep. 464
Standards for Evidencep. 464
Types of Evidencep. 464
Three Rules Regarding Evidencep. 465
Collecting Evidencep. 465
Acquiring Evidencep. 466
Identifying Evidencep. 467
Protecting Evidencep. 468
Transporting Evidencep. 468
Storing Evidencep. 468
Conducting the Investigationp. 468
Chain of Custodyp. 470
Free Space vs. Slack Spacep. 470
Free Spacep. 470
Slack Spacep. 471
What's This Message Digest and Hash?p. 471
Analysisp. 472
Risk Managementp. 477
An Overview of Risk Managementp. 477
Example of Risk Management at the International Banking Levelp. 478
Key Terms Essential to Understanding Risk Managementp. 478
What Is Risk Management?p. 479
Business Risksp. 480
Examples of Business Risksp. 480
Examples of Technology Risksp. 481
Risk Management Modelsp. 481
General Risk Management Modelp. 482
Software Engineering Institute Modelp. 484
Qualitatively Assessing Riskp. 485
Quantitatively Assessing Riskp. 487
Qualitative vs. Quantitative Risk Assessmentp. 489
Toolsp. 490
Change Managementp. 495
Why Change Management?p. 495
The Key Concept: Segregation of Dutiesp. 497
Elements of Change Managementp. 498
Implementing Change Managementp. 500
The Purpose of a Change Control Boardp. 501
Code Integrityp. 503
The Capability Maturity Modelp. 503
Appendixesp. 509
About the CD-ROMp. 511
System Requirementsp. 511
LearnKey Online Trainingp. 511
Installing and Running MasterExamp. 511
MasterExamp. 512
Electronic Bookp. 512
Helpp. 512
Removing Installation(s)p. 512
Technical Supportp. 512
LearnKey Technical Supportp. 512
OSI Model and Internet Protocolsp. 513
Networking Frameworks and Protocolsp. 513
OSI Modelp. 514
Application Layerp. 516
Presentation Layerp. 517
Session Layerp. 517
Transport Layerp. 517
Network Layerp. 517
Data-Link Layerp. 518
Physical Layerp. 518
Internet Protocolsp. 518
TCPp. 518
UDPp. 519
IPp. 519
Message Encapsulationp. 520
Reviewp. 521
Glossaryp. 523
Indexp. 537
Table of Contents provided by Ingram. All Rights Reserved.