| |
| |
Introduction | |
| |
| |
| |
Introduction to Security | |
| |
| |
Foundation Topics | |
| |
| |
Security 101 | |
| |
| |
The CIA of Computer Security | |
| |
| |
The Basics of Information Security | |
| |
| |
Think Like a Hacker | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Define Key Terms | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Computer Systems Security | |
| |
| |
Foundation Topics | |
| |
| |
Computer Systems Security Threats | |
| |
| |
Malicious Software | |
| |
| |
Viruses | |
| |
| |
Worms | |
| |
| |
Trojan Horses | |
| |
| |
Spyware | |
| |
| |
Rootkits | |
| |
| |
Spam | |
| |
| |
Summary of Malware Threats | |
| |
| |
Ways to Deliver Malicious Software | |
| |
| |
Via Software, Messaging, and Media | |
| |
| |
Active Interception | |
| |
| |
Privilege Escalation | |
| |
| |
Backdoors | |
| |
| |
Logic Bombs | |
| |
| |
Botnets and Zombies | |
| |
| |
Preventing and Troubleshooting Malware | |
| |
| |
Preventing and Troubleshooting Viruses | |
| |
| |
Preventing and Troubleshooting Worms and Trojans | |
| |
| |
Preventing and Troubleshooting Spyware | |
| |
| |
Preventing and Troubleshooting Rootkits | |
| |
| |
Preventing and Troubleshooting Spam | |
| |
| |
You Can't Save Every Computer from Malware! | |
| |
| |
Summary of Malware Prevention Techniques | |
| |
| |
Implementing Security Applications | |
| |
| |
Personal Software Firewalls | |
| |
| |
Host-Based Intrusion Detection Systems | |
| |
| |
Pop-Up Blockers | |
| |
| |
Data Loss Prevention Systems | |
| |
| |
Securing Computer Hardware and Peripherals | |
| |
| |
Securing the BIOS | |
| |
| |
Securing Storage Devices | |
| |
| |
Removable Storage | |
| |
| |
Network Attached Storage | |
| |
| |
Whole Disk Encryption | |
| |
| |
Hardware Security Modules | |
| |
| |
Securing Cell Phones and Smartphones | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 2-1: Using Free Malware Scanning Programs | |
| |
| |
Lab 2-2: How to Secure the BIOS | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
OS Hardening and Virtualization | |
| |
| |
Foundation Topics | |
| |
| |
Hardening Operating Systems | |
| |
| |
Removing Unnecessary Applications and Services | |
| |
| |
Service Packs | |
| |
| |
Windows Update, Patches, and Hotfixes | |
| |
| |
Patches and Hotfixes | |
| |
| |
Patch Management | |
| |
| |
Group Policies, Security Templates, and Configuration Baselines | |
| |
| |
Hardening File Systems and Hard Drives | |
| |
| |
Virtualization Technology | |
| |
| |
Types of Virtualization and Their Purposes | |
| |
| |
Working with Virtual Machines | |
| |
| |
Microsoft Virtual PC | |
| |
| |
Microsoft Windows XP Mode | |
| |
| |
Microsoft Virtual Server | |
| |
| |
VMware | |
| |
| |
Hypervisor | |
| |
| |
Securing Virtual Machines | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 3-1: Discerning and Updating the Service Pack Level | |
| |
| |
Lab 3-2: Creating a Virtual Machine in Virtual PC 2007 | |
| |
| |
Lab 3-3: Securing a Virtual Machine | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Application Security | |
| |
| |
Foundation Topics | |
| |
| |
Securing the Browser | |
| |
| |
General Browser Security Procedures | |
| |
| |
Implement Policies | |
| |
| |
Train Your Users | |
| |
| |
Use a Proxy and Content Filter | |
| |
| |
Secure Against Malicious Code | |
| |
| |
Securing Internet Explorer | |
| |
| |
Securing Firefox | |
| |
| |
Securing Other Applications | |
| |
| |
Secure Programming | |
| |
| |
Systems Development Life Cycle | |
| |
| |
Programming Testing Methods | |
| |
| |
Programming Vulnerabilities and Attacks | |
| |
| |
Backdoors | |
| |
| |
Buffer Overflows | |
| |
| |
XSS and XSRF | |
| |
| |
More Code Injection Examples | |
| |
| |
Directory Traversal | |
| |
| |
Zero Day Attack | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 4-1: Securing the Browser | |
| |
| |
Lab 4-2: Disabling Applications with a Windows Server 2008 Policy | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Network Design Elements and Network Threats | |
| |
| |
Foundation Topics | |
| |
| |
Network Design | |
| |
| |
Network Devices | |
| |
| |
Hub | |
| |
| |
Switch | |
| |
| |
Router | |
| |
| |
Network Address Translation, and Private Versus Public IP | |
| |
| |
Network Zones and Interconnections | |
| |
| |
LAN Versus WAN | |
| |
| |
Internet | |
| |
| |
Demilitarized Zone (DMZ) | |
| |
| |
Intranets and Extranets | |
| |
| |
Cloud Computing | |
| |
| |
Network Access Control (NAC) | |
| |
| |
Subnetting | |
| |
| |
Virtual Local Area Network (VLAN) | |
| |
| |
Telephony Devices | |
| |
| |
Modems | |
| |
| |
PBX Equipment | |
| |
| |
VoIP | |
| |
| |
Ports and Protocols | |
| |
| |
Ports Ranges, Inbound Versus Outbound, and Common Ports | |
| |
| |
Protocols That Can Cause Anxiety on the Exam | |
| |
| |
Malicious Network Attacks | |
| |
| |
DoS | |
| |
| |
DDoS | |
| |
| |
Spoofing | |
| |
| |
Session Hijacking | |
| |
| |
Replay | |
| |
| |
Null Sessions | |
| |
| |
Transitive Access and Client-Side Attacks | |
| |
| |
DNS Poisoning and Other DNS Attacks | |
| |
| |
ARP Poisoning | |
| |
| |
Summary of Network Attacks | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 5-1: Port Scanning Basics | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Network Perimeter Security | |
| |
| |
Foundation Topics | |
| |
| |
Firewalls and Network Security | |
| |
| |
Firewalls | |
| |
| |
Proxy Servers | |
| |
| |
Honeypots and Honeynets | |
| |
| |
Data Loss Prevention (DLP) | |
| |
| |
NIDS Versus NIPS | |
| |
| |
NIDS | |
| |
| |
NIPS | |
| |
| |
Summary of NIDS Versus NIPS | |
| |
| |
The Protocol Analyzer's Role in NIDS and NIPS | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 6-1: Packet Filtering and NAT Firewalls | |
| |
| |
Lab 6-2: Configuring an Inbound Filter on a SOHO Router/Firewall | |
| |
| |
Lab 6-3: Enabling MAC Filtering | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Securing Network Media and Devices | |
| |
| |
Foundation Topics | |
| |
| |
Securing Wired Networks and Devices | |
| |
| |
Network Device Vulnerabilities | |
| |
| |
Default Accounts | |
| |
| |
Weak Passwords | |
| |
| |
Privilege Escalation | |
| |
| |
Back Doors | |
| |
| |
Network Attacks | |
| |
| |
Other Network Device Considerations | |
| |
| |
Cable Media Vulnerabilities | |
| |
| |
Interference | |
| |
| |
Crosstalk | |
| |
| |
Data Emanation | |
| |
| |
Tapping into Data and Conversations | |
| |
| |
Securing Wireless Networks | |
| |
| |
Wireless Access Point Vulnerabilities | |
| |
| |
Secure the Administration Interface | |
| |
| |
SSID Broadcast | |
| |
| |
Rogue Access Points | |
| |
| |
Evil Twin | |
| |
| |
Weak Encryption | |
| |
| |
Other Wireless Access Point Security Strategies | |
| |
| |
Wireless Transmission Vulnerabilities | |
| |
| |
Bluetooth Vulnerabilities | |
| |
| |
Bluejacking | |
| |
| |
Bluesnarfing | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 7-1: Securing a Wireless Device: 8 Steps to a Secure Network | |
| |
| |
Lab 7-2: Wardriving | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Physical Security and Authentication Models | |
| |
| |
Foundation Topics | |
| |
| |
Physical Security | |
| |
| |
General Building and Server Room Security | |
| |
| |
Door Access | |
| |
| |
Biometric Readers | |
| |
| |
Authentication Models and Components | |
| |
| |
Authentication Models | |
| |
| |
Localized Authentication Technologies | |
| |
| |
802.1X and EAP | |
| |
| |
LDAP | |
| |
| |
Kerberos and Mutual Authentication | |
| |
| |
Terminal Services | |
| |
| |
Remote Authentication Technologies | |
| |
| |
Remote Access Service | |
| |
| |
Virtual Private Networks | |
| |
| |
RADIUS Versus TACACS | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 8-1: Enabling 802.1X on a Network Adapter | |
| |
| |
Lab 8-2: Setting Up a VPN | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Access Control Methods and Models | |
| |
| |
Foundation Topics | |
| |
| |
Access Control Models Defined | |
| |
| |
Discretionary Access Control | |
| |
| |
Mandatory Access Control | |
| |
| |
Role-Based Access Control (RBAC) | |
| |
| |
Access Control Wise Practices | |
| |
| |
Rights, Permissions, and Policies | |
| |
| |
Users, Groups, and Permissions | |
| |
| |
Permission Inheritance and Propagation | |
| |
| |
Moving and Copying Folders and Files | |
| |
| |
Usernames and Passwords | |
| |
| |
Policies | |
| |
| |
User Account Control (UAC) | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 9-1: Configuring Password Policies and User Account Restrictions | |
| |
| |
Lab 9-2: Configuring User and Group Permissions | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Vulnerability and Risk Assessment | |
| |
| |
Foundation Topics | |
| |
| |
Conducting Risk Assessments | |
| |
| |
Qualitative Risk Assessment | |
| |
| |
Quantitative Risk Assessment | |
| |
| |
Security Analysis Methodologies | |
| |
| |
Security Controls | |
| |
| |
Vulnerability Management | |
| |
| |
Penetration Testing | |
| |
| |
OVAL | |
| |
| |
Assessing Vulnerability with Security Tools | |
| |
| |
Network Mapping | |
| |
| |
Vulnerability Scanning | |
| |
| |
Network Sniffing | |
| |
| |
Password Analysis | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 10-1: Mapping and Scanning the Network | |
| |
| |
Lab 10-2: Password Cracking and Defense | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Monitoring and Auditing | |
| |
| |
Foundation Topics | |
| |
| |
Monitoring Methodologies | |
| |
| |
Signature-Based Monitoring | |
| |
| |
Anomaly-Based Monitoring | |
| |
| |
Behavior-Based Monitoring | |
| |
| |
Using Tools to Monitor Systems and Networks | |
| |
| |
Performance Baselining | |
| |
| |
Protocol Analyzers | |
| |
| |
Wireshark | |
| |
| |
Network Monitor | |
| |
| |
SNMP | |
| |
| |
Conducting Audits | |
| |
| |
Auditing Files | |
| |
| |
Logging | |
| |
| |
Log File Maintenance and Security | |
| |
| |
Auditing System Security Settings | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 11-1: Using Protocol Analyzers | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Encryption and Hashing Concepts | |
| |
| |
Foundation Topics | |
| |
| |
Cryptography Concepts | |
| |
| |
Symmetric Versus Asymmetric Key Algorithms | |
| |
| |
Symmetric Key Algorithms | |
| |
| |
Asymmetric Key Algorithms | |
| |
| |
Public Key Cryptography | |
| |
| |
Key Management | |
| |
| |
Steganography | |
| |
| |
Encryption Algorithms | |
| |
| |
DES and 3DES | |
| |
| |
AES | |
| |
| |
RC | |
| |
| |
Summary of Symmetric Algorithms | |
| |
| |
RSA | |
| |
| |
Diffie-Hellman | |
| |
| |
Elliptic Curve | |
| |
| |
More Encryption Types | |
| |
| |
One-Time Pad | |
| |
| |
PGP | |
| |
| |
Hashing Basics | |
| |
| |
Cryptographic Hash Functions | |
| |
| |
MD5 | |
| |
| |
SHA | |
| |
| |
Happy Birthday! | |
| |
| |
LANMAN, NTLM, and NTLM2 | |
| |
| |
LANMAN | |
| |
| |
NTLM and NTLM2 | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Lab | |
| |
| |
Equipment Needed | |
| |
| |
Lab 12-1: Disabling the LM Hash in Windows Server 2003 | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
PKI and Encryption Protocols | |
| |
| |
Foundation Topics | |
| |
| |
Public Key Infrastructure | |
| |
| |
Certificates | |
| |
| |
Certificate Authorities | |
| |
| |
Single-Sided and Dual-Sided Certificates | |
| |
| |
Web of Trust | |
| |
| |
Security Protocols | |
| |
| |
S/MIME | |
| |
| |
SSL/TLS | |
| |
| |
SSH | |
| |
| |
PPTP, L2TP, and IPsec | |
| |
| |
PPTP | |
| |
| |
L2TP | |
| |
| |
IPsec | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 13-1: A Basic Example of PKI | |
| |
| |
Lab 13-2: Making an SSH Connection | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
R edundancy and Disaster Recovery | |
| |
| |
Foundation Topics | |
| |
| |
Redundancy Planning | |
| |
| |
Redundant Power | |
| |
| |
Redundant Power Supplies | |
| |
| |
Uninterruptible Power Supplies | |
| |
| |
Backup Generators | |
| |
| |
Redundant Data | |
| |
| |
Redundant Networking | |
| |
| |
Redundant Servers | |
| |
| |
Redundant Sites | |
| |
| |
Disaster Recovery Planning and Procedures | |
| |
| |
Data Backup | |
| |
| |
DR Planning | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
Hands-On Labs | |
| |
| |
Equipment Needed | |
| |
| |
Lab 14-1: Configuring RAID 1 and 5 | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Policies, Procedures, and People | |
| |
| |
Foundation Topics | |
| |
| |
Environmental Controls | |
| |
| |
Fire Suppression | |
| |
| |
Fire Extinguishers | |
| |
| |
Sprinkler Systems | |
| |
| |
Special Hazard Protection Systems | |
| |
| |
HVAC | |
| |
| |
Shielding | |
| |
| |
Social Engineering | |
| |
| |
Pretexting | |
| |
| |
Diversion Theft | |
| |
| |
Phishing | |
| |
| |
Hoaxes | |
| |
| |
Shoulder Surfing | |
| |
| |
Eavesdropping | |
| |
| |
Dumpster Diving | |
| |
| |
Baiting | |
| |
| |
Piggybacking/Tailgating | |
| |
| |
Summary of Social Engineering Types | |
| |
| |
User Education and Awareness | |
| |
| |
Legislative and Organizational Policies | |
| |
| |
Data Sensitivity and Classification of Information | |
| |
| |
Personnel Security Policies | |
| |
| |
Privacy Policies | |
| |
| |
Acceptable Use | |
| |
| |
Change Management | |
| |
| |
Separation of Duties/Job Rotation | |
| |
| |
Mandatory Vacations | |
| |
| |
Due Diligence | |
| |
| |
Due Care | |
| |
| |
Due Process | |
| |
| |
User Education and Awareness Training | |
| |
| |
Summary of Personnel Security Policies | |
| |
| |
How to Deal with Vendors | |
| |
| |
How to Dispose of Computers and Other IT Equipment Securely | |
| |
| |
Incident Response Procedures | |
| |
| |
Exam Preparation Tasks | |
| |
| |
Review Key Topics | |
| |
| |
Complete Tables and Lists from Memory | |
| |
| |
Define Key Terms | |
| |
| |
View Recommended Resources | |
| |
| |
Answer Review Questions | |
| |
| |
Answers and Explanations | |
| |
| |
| |
Taking the Real Exam | |
| |
| |
Foundation Topics | |
| |
| |
Getting Ready and the Exam Preparation Checklist | |
| |
| |
Tips for Taking the Real Exam | |
| |
| |
Beyond the CompTIA Security+ Certification | |
| |
| |
Hands-On Lab | |
| |
| |
Practice Exam 1 | |
| |
| |
Practice Exam 2 | |
| |
| |
Glossary | |
| |
| |
Master List of Key Topics | |
| |
| |
On the DVD | |
| |
| |
| |
Memory Tables | |
| |
| |
| |
Memory Tables Answer Key | |
| |
| |
9780789749215 TOC 11/29/2011 | |