| |
| |
| Introduction | |
| |
| |
| |
| Introduction to Security | |
| |
| |
| Foundation Topics | |
| |
| |
| Security 101 | |
| |
| |
| The CIA of Computer Security | |
| |
| |
| The Basics of Information Security | |
| |
| |
| Think Like a Hacker | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Define Key Terms | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Computer Systems Security | |
| |
| |
| Foundation Topics | |
| |
| |
| Computer Systems Security Threats | |
| |
| |
| Malicious Software | |
| |
| |
| Viruses | |
| |
| |
| Worms | |
| |
| |
| Trojan Horses | |
| |
| |
| Spyware | |
| |
| |
| Rootkits | |
| |
| |
| Spam | |
| |
| |
| Summary of Malware Threats | |
| |
| |
| Ways to Deliver Malicious Software | |
| |
| |
| Via Software, Messaging, and Media | |
| |
| |
| Active Interception | |
| |
| |
| Privilege Escalation | |
| |
| |
| Backdoors | |
| |
| |
| Logic Bombs | |
| |
| |
| Botnets and Zombies | |
| |
| |
| Preventing and Troubleshooting Malware | |
| |
| |
| Preventing and Troubleshooting Viruses | |
| |
| |
| Preventing and Troubleshooting Worms and Trojans | |
| |
| |
| Preventing and Troubleshooting Spyware | |
| |
| |
| Preventing and Troubleshooting Rootkits | |
| |
| |
| Preventing and Troubleshooting Spam | |
| |
| |
| You Can't Save Every Computer from Malware! | |
| |
| |
| Summary of Malware Prevention Techniques | |
| |
| |
| Implementing Security Applications | |
| |
| |
| Personal Software Firewalls | |
| |
| |
| Host-Based Intrusion Detection Systems | |
| |
| |
| Pop-Up Blockers | |
| |
| |
| Data Loss Prevention Systems | |
| |
| |
| Securing Computer Hardware and Peripherals | |
| |
| |
| Securing the BIOS | |
| |
| |
| Securing Storage Devices | |
| |
| |
| Removable Storage | |
| |
| |
| Network Attached Storage | |
| |
| |
| Whole Disk Encryption | |
| |
| |
| Hardware Security Modules | |
| |
| |
| Securing Cell Phones and Smartphones | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 2-1: Using Free Malware Scanning Programs | |
| |
| |
| Lab 2-2: How to Secure the BIOS | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| OS Hardening and Virtualization | |
| |
| |
| Foundation Topics | |
| |
| |
| Hardening Operating Systems | |
| |
| |
| Removing Unnecessary Applications and Services | |
| |
| |
| Service Packs | |
| |
| |
| Windows Update, Patches, and Hotfixes | |
| |
| |
| Patches and Hotfixes | |
| |
| |
| Patch Management | |
| |
| |
| Group Policies, Security Templates, and Configuration Baselines | |
| |
| |
| Hardening File Systems and Hard Drives | |
| |
| |
| Virtualization Technology | |
| |
| |
| Types of Virtualization and Their Purposes | |
| |
| |
| Working with Virtual Machines | |
| |
| |
| Microsoft Virtual PC | |
| |
| |
| Microsoft Windows XP Mode | |
| |
| |
| Microsoft Virtual Server | |
| |
| |
| VMware | |
| |
| |
| Hypervisor | |
| |
| |
| Securing Virtual Machines | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 3-1: Discerning and Updating the Service Pack Level | |
| |
| |
| Lab 3-2: Creating a Virtual Machine in Virtual PC 2007 | |
| |
| |
| Lab 3-3: Securing a Virtual Machine | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Application Security | |
| |
| |
| Foundation Topics | |
| |
| |
| Securing the Browser | |
| |
| |
| General Browser Security Procedures | |
| |
| |
| Implement Policies | |
| |
| |
| Train Your Users | |
| |
| |
| Use a Proxy and Content Filter | |
| |
| |
| Secure Against Malicious Code | |
| |
| |
| Securing Internet Explorer | |
| |
| |
| Securing Firefox | |
| |
| |
| Securing Other Applications | |
| |
| |
| Secure Programming | |
| |
| |
| Systems Development Life Cycle | |
| |
| |
| Programming Testing Methods | |
| |
| |
| Programming Vulnerabilities and Attacks | |
| |
| |
| Backdoors | |
| |
| |
| Buffer Overflows | |
| |
| |
| XSS and XSRF | |
| |
| |
| More Code Injection Examples | |
| |
| |
| Directory Traversal | |
| |
| |
| Zero Day Attack | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 4-1: Securing the Browser | |
| |
| |
| Lab 4-2: Disabling Applications with a Windows Server 2008 Policy | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Network Design Elements and Network Threats | |
| |
| |
| Foundation Topics | |
| |
| |
| Network Design | |
| |
| |
| Network Devices | |
| |
| |
| Hub | |
| |
| |
| Switch | |
| |
| |
| Router | |
| |
| |
| Network Address Translation, and Private Versus Public IP | |
| |
| |
| Network Zones and Interconnections | |
| |
| |
| LAN Versus WAN | |
| |
| |
| Internet | |
| |
| |
| Demilitarized Zone (DMZ) | |
| |
| |
| Intranets and Extranets | |
| |
| |
| Cloud Computing | |
| |
| |
| Network Access Control (NAC) | |
| |
| |
| Subnetting | |
| |
| |
| Virtual Local Area Network (VLAN) | |
| |
| |
| Telephony Devices | |
| |
| |
| Modems | |
| |
| |
| PBX Equipment | |
| |
| |
| VoIP | |
| |
| |
| Ports and Protocols | |
| |
| |
| Ports Ranges, Inbound Versus Outbound, and Common Ports | |
| |
| |
| Protocols That Can Cause Anxiety on the Exam | |
| |
| |
| Malicious Network Attacks | |
| |
| |
| DoS | |
| |
| |
| DDoS | |
| |
| |
| Spoofing | |
| |
| |
| Session Hijacking | |
| |
| |
| Replay | |
| |
| |
| Null Sessions | |
| |
| |
| Transitive Access and Client-Side Attacks | |
| |
| |
| DNS Poisoning and Other DNS Attacks | |
| |
| |
| ARP Poisoning | |
| |
| |
| Summary of Network Attacks | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 5-1: Port Scanning Basics | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Network Perimeter Security | |
| |
| |
| Foundation Topics | |
| |
| |
| Firewalls and Network Security | |
| |
| |
| Firewalls | |
| |
| |
| Proxy Servers | |
| |
| |
| Honeypots and Honeynets | |
| |
| |
| Data Loss Prevention (DLP) | |
| |
| |
| NIDS Versus NIPS | |
| |
| |
| NIDS | |
| |
| |
| NIPS | |
| |
| |
| Summary of NIDS Versus NIPS | |
| |
| |
| The Protocol Analyzer's Role in NIDS and NIPS | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 6-1: Packet Filtering and NAT Firewalls | |
| |
| |
| Lab 6-2: Configuring an Inbound Filter on a SOHO Router/Firewall | |
| |
| |
| Lab 6-3: Enabling MAC Filtering | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Securing Network Media and Devices | |
| |
| |
| Foundation Topics | |
| |
| |
| Securing Wired Networks and Devices | |
| |
| |
| Network Device Vulnerabilities | |
| |
| |
| Default Accounts | |
| |
| |
| Weak Passwords | |
| |
| |
| Privilege Escalation | |
| |
| |
| Back Doors | |
| |
| |
| Network Attacks | |
| |
| |
| Other Network Device Considerations | |
| |
| |
| Cable Media Vulnerabilities | |
| |
| |
| Interference | |
| |
| |
| Crosstalk | |
| |
| |
| Data Emanation | |
| |
| |
| Tapping into Data and Conversations | |
| |
| |
| Securing Wireless Networks | |
| |
| |
| Wireless Access Point Vulnerabilities | |
| |
| |
| Secure the Administration Interface | |
| |
| |
| SSID Broadcast | |
| |
| |
| Rogue Access Points | |
| |
| |
| Evil Twin | |
| |
| |
| Weak Encryption | |
| |
| |
| Other Wireless Access Point Security Strategies | |
| |
| |
| Wireless Transmission Vulnerabilities | |
| |
| |
| Bluetooth Vulnerabilities | |
| |
| |
| Bluejacking | |
| |
| |
| Bluesnarfing | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 7-1: Securing a Wireless Device: 8 Steps to a Secure Network | |
| |
| |
| Lab 7-2: Wardriving | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Physical Security and Authentication Models | |
| |
| |
| Foundation Topics | |
| |
| |
| Physical Security | |
| |
| |
| General Building and Server Room Security | |
| |
| |
| Door Access | |
| |
| |
| Biometric Readers | |
| |
| |
| Authentication Models and Components | |
| |
| |
| Authentication Models | |
| |
| |
| Localized Authentication Technologies | |
| |
| |
| 802.1X and EAP | |
| |
| |
| LDAP | |
| |
| |
| Kerberos and Mutual Authentication | |
| |
| |
| Terminal Services | |
| |
| |
| Remote Authentication Technologies | |
| |
| |
| Remote Access Service | |
| |
| |
| Virtual Private Networks | |
| |
| |
| RADIUS Versus TACACS | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 8-1: Enabling 802.1X on a Network Adapter | |
| |
| |
| Lab 8-2: Setting Up a VPN | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Access Control Methods and Models | |
| |
| |
| Foundation Topics | |
| |
| |
| Access Control Models Defined | |
| |
| |
| Discretionary Access Control | |
| |
| |
| Mandatory Access Control | |
| |
| |
| Role-Based Access Control (RBAC) | |
| |
| |
| Access Control Wise Practices | |
| |
| |
| Rights, Permissions, and Policies | |
| |
| |
| Users, Groups, and Permissions | |
| |
| |
| Permission Inheritance and Propagation | |
| |
| |
| Moving and Copying Folders and Files | |
| |
| |
| Usernames and Passwords | |
| |
| |
| Policies | |
| |
| |
| User Account Control (UAC) | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 9-1: Configuring Password Policies and User Account Restrictions | |
| |
| |
| Lab 9-2: Configuring User and Group Permissions | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Vulnerability and Risk Assessment | |
| |
| |
| Foundation Topics | |
| |
| |
| Conducting Risk Assessments | |
| |
| |
| Qualitative Risk Assessment | |
| |
| |
| Quantitative Risk Assessment | |
| |
| |
| Security Analysis Methodologies | |
| |
| |
| Security Controls | |
| |
| |
| Vulnerability Management | |
| |
| |
| Penetration Testing | |
| |
| |
| OVAL | |
| |
| |
| Assessing Vulnerability with Security Tools | |
| |
| |
| Network Mapping | |
| |
| |
| Vulnerability Scanning | |
| |
| |
| Network Sniffing | |
| |
| |
| Password Analysis | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 10-1: Mapping and Scanning the Network | |
| |
| |
| Lab 10-2: Password Cracking and Defense | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Monitoring and Auditing | |
| |
| |
| Foundation Topics | |
| |
| |
| Monitoring Methodologies | |
| |
| |
| Signature-Based Monitoring | |
| |
| |
| Anomaly-Based Monitoring | |
| |
| |
| Behavior-Based Monitoring | |
| |
| |
| Using Tools to Monitor Systems and Networks | |
| |
| |
| Performance Baselining | |
| |
| |
| Protocol Analyzers | |
| |
| |
| Wireshark | |
| |
| |
| Network Monitor | |
| |
| |
| SNMP | |
| |
| |
| Conducting Audits | |
| |
| |
| Auditing Files | |
| |
| |
| Logging | |
| |
| |
| Log File Maintenance and Security | |
| |
| |
| Auditing System Security Settings | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 11-1: Using Protocol Analyzers | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Encryption and Hashing Concepts | |
| |
| |
| Foundation Topics | |
| |
| |
| Cryptography Concepts | |
| |
| |
| Symmetric Versus Asymmetric Key Algorithms | |
| |
| |
| Symmetric Key Algorithms | |
| |
| |
| Asymmetric Key Algorithms | |
| |
| |
| Public Key Cryptography | |
| |
| |
| Key Management | |
| |
| |
| Steganography | |
| |
| |
| Encryption Algorithms | |
| |
| |
| DES and 3DES | |
| |
| |
| AES | |
| |
| |
| RC | |
| |
| |
| Summary of Symmetric Algorithms | |
| |
| |
| RSA | |
| |
| |
| Diffie-Hellman | |
| |
| |
| Elliptic Curve | |
| |
| |
| More Encryption Types | |
| |
| |
| One-Time Pad | |
| |
| |
| PGP | |
| |
| |
| Hashing Basics | |
| |
| |
| Cryptographic Hash Functions | |
| |
| |
| MD5 | |
| |
| |
| SHA | |
| |
| |
| Happy Birthday! | |
| |
| |
| LANMAN, NTLM, and NTLM2 | |
| |
| |
| LANMAN | |
| |
| |
| NTLM and NTLM2 | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Lab | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 12-1: Disabling the LM Hash in Windows Server 2003 | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| PKI and Encryption Protocols | |
| |
| |
| Foundation Topics | |
| |
| |
| Public Key Infrastructure | |
| |
| |
| Certificates | |
| |
| |
| Certificate Authorities | |
| |
| |
| Single-Sided and Dual-Sided Certificates | |
| |
| |
| Web of Trust | |
| |
| |
| Security Protocols | |
| |
| |
| S/MIME | |
| |
| |
| SSL/TLS | |
| |
| |
| SSH | |
| |
| |
| PPTP, L2TP, and IPsec | |
| |
| |
| PPTP | |
| |
| |
| L2TP | |
| |
| |
| IPsec | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 13-1: A Basic Example of PKI | |
| |
| |
| Lab 13-2: Making an SSH Connection | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| R edundancy and Disaster Recovery | |
| |
| |
| Foundation Topics | |
| |
| |
| Redundancy Planning | |
| |
| |
| Redundant Power | |
| |
| |
| Redundant Power Supplies | |
| |
| |
| Uninterruptible Power Supplies | |
| |
| |
| Backup Generators | |
| |
| |
| Redundant Data | |
| |
| |
| Redundant Networking | |
| |
| |
| Redundant Servers | |
| |
| |
| Redundant Sites | |
| |
| |
| Disaster Recovery Planning and Procedures | |
| |
| |
| Data Backup | |
| |
| |
| DR Planning | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| Hands-On Labs | |
| |
| |
| Equipment Needed | |
| |
| |
| Lab 14-1: Configuring RAID 1 and 5 | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Policies, Procedures, and People | |
| |
| |
| Foundation Topics | |
| |
| |
| Environmental Controls | |
| |
| |
| Fire Suppression | |
| |
| |
| Fire Extinguishers | |
| |
| |
| Sprinkler Systems | |
| |
| |
| Special Hazard Protection Systems | |
| |
| |
| HVAC | |
| |
| |
| Shielding | |
| |
| |
| Social Engineering | |
| |
| |
| Pretexting | |
| |
| |
| Diversion Theft | |
| |
| |
| Phishing | |
| |
| |
| Hoaxes | |
| |
| |
| Shoulder Surfing | |
| |
| |
| Eavesdropping | |
| |
| |
| Dumpster Diving | |
| |
| |
| Baiting | |
| |
| |
| Piggybacking/Tailgating | |
| |
| |
| Summary of Social Engineering Types | |
| |
| |
| User Education and Awareness | |
| |
| |
| Legislative and Organizational Policies | |
| |
| |
| Data Sensitivity and Classification of Information | |
| |
| |
| Personnel Security Policies | |
| |
| |
| Privacy Policies | |
| |
| |
| Acceptable Use | |
| |
| |
| Change Management | |
| |
| |
| Separation of Duties/Job Rotation | |
| |
| |
| Mandatory Vacations | |
| |
| |
| Due Diligence | |
| |
| |
| Due Care | |
| |
| |
| Due Process | |
| |
| |
| User Education and Awareness Training | |
| |
| |
| Summary of Personnel Security Policies | |
| |
| |
| How to Deal with Vendors | |
| |
| |
| How to Dispose of Computers and Other IT Equipment Securely | |
| |
| |
| Incident Response Procedures | |
| |
| |
| Exam Preparation Tasks | |
| |
| |
| Review Key Topics | |
| |
| |
| Complete Tables and Lists from Memory | |
| |
| |
| Define Key Terms | |
| |
| |
| View Recommended Resources | |
| |
| |
| Answer Review Questions | |
| |
| |
| Answers and Explanations | |
| |
| |
| |
| Taking the Real Exam | |
| |
| |
| Foundation Topics | |
| |
| |
| Getting Ready and the Exam Preparation Checklist | |
| |
| |
| Tips for Taking the Real Exam | |
| |
| |
| Beyond the CompTIA Security+ Certification | |
| |
| |
| Hands-On Lab | |
| |
| |
| Practice Exam 1 | |
| |
| |
| Practice Exam 2 | |
| |
| |
| Glossary | |
| |
| |
| Master List of Key Topics | |
| |
| |
| On the DVD | |
| |
| |
| |
| Memory Tables | |
| |
| |
| |
| Memory Tables Answer Key | |
| |
| |
| 9780789749215 TOC 11/29/2011 | |