CompTIA Security+ SY0-401 Cert Guide, Deluxe Edition

Introduction xxii Chapter 1 Introduction to Security 3 Foundation Topics 3 Security 101 3   The CIA of Computer Security 3   The Basics of Information Security 5 Think Like a Hacker 8 Chapter Review Activities 10   Review Key Topics 10   Define Key Terms 11   Review Questions 11 Answers and Explanations 13 Chapter 2 Computer Systems Security 17 Foundation Topics 17 Computer Systems Security Threats 17   Malicious Software 18   Viruses 18   Worms 19   Trojan Horses 20   Ransomware 20   Spyware 21   Rootkits 22   Spam 22   Summary of Malware Threats 23   Ways to Deliver Malicious Software 24   Via Software, Messaging, and Media 24      Botnets and Zombies 25   Active Interception 26   Privilege Escalation 26   Backdoors 26   Logic Bombs 27   Preventing and Troubleshooting Malware 28   Preventing and Troubleshooting Viruses 28   Preventing and Troubleshooting Worms and Trojans 32   Preventing and Troubleshooting Spyware 33   Preventing and Troubleshooting Rootkits 35   Preventing and Troubleshooting Spam 36   You Can't Save Every Computer from Malware! 38   Summary of Malware Prevention Techniques 38 Implementing Security Applications 39   Personal Software Firewalls 39   Host-Based Intrusion Detection Systems 41   Pop-Up Blockers 43   Data Loss Prevention Systems 45 Securing Computer Hardware, Peripherals, and Mobile Devices 45   Securing the BIOS 46   Securing Storage Devices 47 Removable Storage 47   Network Attached Storage 48   Whole Disk Encryption 48   Hardware Security Modules 50   Securing Mobile Devices 50   Malware 51   Botnet Activity 52   SIM Cloning 52   Wireless Attacks 53   Theft 53   Application Security 54   BYOD Concerns 57 Chapter Summary 60 Chapter Review Activities 62  Review Key Topics 62   Define Key Terms 62   Review Questions 63 Answers and Explanations 71   Case Studies for Chapter 2 77   Case Study Solutions 79 Chapter 3 OS Hardening and Virtualization 83 Foundation Topics 83 Hardening Operating Systems 83   Removing Unnecessary Applications and Services 84   Service Packs 92   Windows Update, Patches, and Hotfixes 95   Patches and Hotfixes 96   Patch Management 99   Group Policies, Security Templates, and Configuration Baselines 100   Hardening File Systems and Hard Drives 103 Virtualization Technology 107   Types of Virtualization and Their Purposes 107   Hypervisor 109   Securing Virtual Machines 110 Chapter Summary 112 Chapter Review Activities 113   Review Key Topics 113   Define Key Terms 114   Review Questions 114 Answers and Explanations 118   Case Studies for Chapter 3 121   Case Study Solutions 123 Chapter 4 Application Security 127 Foundation Topics 127 Securing the Browser 127   General Browser Security Procedures 129   Implement Policies 129   Train Your Users 132   Use a Proxy and Content Filter 133   Secure Against Malicious Code 135   Securing Internet Explorer 135   Securing Firefox 141   Securing Other Browsers 145 Securing Other Applications 147 Secure Programming 151   Systems Development Life Cycle 151   Programming Testing Methods 154   Programming Vulnerabilities and Attacks 156   Backdoors 157   Buffer Overflows 157   Arbitrary Code Execution/Remote Code Execution 158   XSS and XSRF 159   More Code Injection Examples 159   Directory Traversal 161   Zero Day Attack 161 Chapter Summary 163 Chapter Review Activities 164   Review Key Topics 164   Define Key Terms 165   Review Questions 165 Answers and Explanations 170   Case Studies for Chapter 4 174  Case Study Solutions 175 Chapter 5 Network Design Elements 179 Foundation Topics 179 Network Design 179   The OSI Model 180   Network Devices 182   Hub 182   Switch 182   Router 184   Network Address Translation, and Private Versus Public IP 185   Network Zones and Interconnections 188   LAN Versus WAN 188   Internet 189   Demilitarized Zone (DMZ) 189   Intranets and Extranets 190   Network Access Control (NAC) 192   Subnetting 192   Virtual Local Area Network (VLAN) 194   Telephony Devices 196   Modems 196   PBX Equipment 197   VoIP 197 Cloud Security and Server Defense 198   Cloud Computing 198   Cloud Security 200  Server Defense 203   File Servers 203   Network Controllers 204   E-mail Servers 204   Web Servers 205   FTP Server 207 Chapter Summary 208 Chapter Review Activities 210   Review Key Topics 210   Define Key Terms 210   Review Questions 210 Answers and Explanations 215   Case Studies for Chapter 5 219   Case Study Solutions 220 Chapter 6 Networking Protocols and Threats 225 Foundation Topics 225 Ports and Protocols 225   Ports Ranges, Inbound Versus Outbound, and Common Ports 225   Protocols That Can Cause Anxiety on the Exam 235 Malicious Attacks 236   DoS 236   DDoS 239   Sinkholes and Blackholes 239   Spoofing 240   Session Hijacking 241   Replay 243   Null Sessions 244   Transitive Access and Client-Side Attacks 244   DNS Poisoning and Other DNS Attacks 245   ARP Poisoning 247   Summary of Network Attacks 247 Chapter Summary 251 Chapter Review Activities 252   Review Key Topics 252   Define Key Terms 252   Review Questions 252 Answers and Explanations 258   Case Studies for Chapter 6 262   Case Study Solutions 263 Chapter 7 Network Perimeter Security 267 Foundation Topics 268 Firewalls and Network Security 268   Firewalls 268   Proxy Servers 274   Honeypots and Honeynets 277   Data Loss Prevention (DLP) 278 NIDS Versus NIPS 279   NIDS 279   NIPS 280   Summary of NIDS Versus NIPS 282   The Protocol Analyzer's Role in NIDS and NIPS 282   Unified Threat Management 283 Chapter Summary 283 Chapter Review Activities 284   Review Key Topics 284   Define Key Terms 285   Review Questions 285 Answers and Explanations 290   Case Studies for Chapter 7 294   Case Study Solutions 295 Chapter 8 Securing Network Media and Devices 299 Foundation Topics 299 Securing Wired Networks and Devices 299   Network Device Vulnerabilities 300   Default Accounts 300   Weak Passwords 300   Privilege Escalation 302   Back Doors 303   Network Attacks 303   Other Network Device Considerations 303   Cable Media Vulnerabilities 304   Interference 305   Crosstalk 305   Data Emanation 306   Tapping into Data and Conversations 307   Securing Wireless Networks 309   Wireless Access Point Vulnerabilities 309   The Administration Interface 310   SSID Broadcast 310   Rogue Access Points 311   Evil Twin 311   Weak Encryption 311   Wi-Fi Protected Setup 313   VPN over Open Wireless 314   Wireless Access Point Security Strategies 314   Wireless Transmission Vulnerabilities 317   Bluetooth Vulnerabilities 318   Bluejacking 319   Bluesnarfing 319 Chapter Summary 321 Chapter Review Activities 323   Review Key Topics 323   Define Key Terms 323   Review Questions 324     Answers and Explanations 328   Case Studies for Chapter 8 330   Case Study Solutions 333 Chapter 9 Physical Security and Authentication Models 339 Foundation Topics 340 Physical Security 340   General Building and Server Room Security 340   Door Access 342   Biometric Readers 344 Authentication Models and Components 345   Authentication Models 345   Localized Authentication Technologies 348   802.1X and EAP 348   LDAP 351   Kerberos and Mutual Authentication 352   Remote Desktop Services 354   Remote Authentication Technologies 356   Remote Access Service 356   Virtual Private Networks 358   RADIUS Versus TACACS 360 Chapter Summary 362 Chapter Review Activities 363   Review Key Topics 363   Define Key Terms 364   Review Questions 365   Answers and Explanations 372   Case Studies for Chapter 9 376   Case Study Solutions 379 Chapter 10 Access Control Methods and Models 383 Foundation Topics 383 Access Control Models Defined 383   Discretionary Access Control 384   Mandatory Access Control 386   Role-Based Access Control (RBAC) 387   Access Control Wise Practices 388 Rights, Permissions, and Policies 391   Users, Groups, and Permissions 391   Permission Inheritance and Propagation 396   Moving and Copying Folders and Files 397   Usernames and Passwords 397   Policies 400   User Account Control (UAC) 403 Chapter Summary 404 Chapter Review Activities 405   Review Key Topics 405   Define Key Terms 406   Review Questions 406   Answers and Explanations 412   Case Studies for Chapter 10 416   Case Study Solutions 417 Chapter 11 Vulnerability and Risk Assessment 423 Foundation Topics 423 Conducting Risk Assessments 423   Qualitative Risk Assessment 425   Quantitative Risk Assessment 426   Security Analysis Methodologies 429   Security Controls 430   Vulnerability Management 431   Penetration Testing 433   OVAL 434 Assessing Vulnerability with Security Tools 435   Network Mapping 435   Vulnerability Scanning 438   Network Sniffing 441   Password Analysis 443 Chapter Summary 446 Chapter Review Activities 447   Review Key Topics 447   Define Key Terms 448   Review Questions 448   Answers and Explanations 454   Case Studies for Chapter 11 459   Case Study Solutions 460 Chapter 12 Monitoring and Auditing 465 Foundation Topics 465 Monitoring Methodologies 465   Signature-Based Monitoring 466   Anomaly-Based Monitoring 466   Behavior-Based Monitoring 467 Using Tools to Monitor Systems and Networks 467   Performance Baselining 468   Protocol Analyzers 470   Wireshark 471   Network Monitor 472   SNMP 474   Analytical Tools 475 Conducting Audits 478   Auditing Files 478   Logging 481   Log File Maintenance and Security 485   Auditing System Security Settings 486 Chapter Summary 490 Chapter Review Activities 491   Review Key Topics 491   Define Key Terms 492   Review Questions 492   Answers and Explanations 498   Case Studies for Chapter 12 503   Case Study Solutions 504 Chapter 13 Encryption and Hashing Concepts 507 Foundation Topics 507 Cryptography Concepts 507   Symmetric Versus Asymmetric Key Algorithms 512   Symmetric Key Algorithms 512   Asymmetric Key Algorithms 513   Public Key Cryptography 513   Key Management 515   Steganography 515 Encryption Algorithms 516   DES and 3DES 516   AES 517   RC 518   Blowfish and Twofish 518   Summary of Symmetric Algorithms 519   RSA 519   Diffie-Hellman 521   Elliptic Curve 521   More Encryption Types 523   One-Time Pad 523   PGP 524 Hashing Basics 526   Cryptographic Hash Functions 527   MD5 527   SHA 527   RIPEMD and HMAC 528   Happy Birthday! 528   LANMAN, NTLM, and NTLMv2 529   LANMAN 529   NTLM and NTLMv2 531   Additional Password Hashing Concepts 531 Chapter Summary 533 Chapter Review Activities 534   Review Key Topics 534   Define Key Terms 535   Review Questions 535   Answers and Explanations 542   Case Studies for Chapter 13 546   Case Study Solutions 547 Chapter 14 PKI and Encryption Protocols 551 Foundation Topics 551 Public Key Infrastructure 551   Certificates 552   Certificate Authorities 552   Single-Sided and Dual-Sided Certificates 556 Web of Trust 556 Security Protocols 557   S/MIME 557   SSL/TLS 558   SSH 559   PPTP, L2TP, and IPsec 560   PPTP 560   L2TP 560   IPsec 561 Chapter Summary 561 Chapter Review Activities 562   Review Key Topics 562   Define Key Terms 563   Review Questions 563   Answers and Explanations 568   Case Studies for Chapter 14 571   Case Study Solutions 571 Chapter 15 Redundancy and Disaster Recovery 575 Foundation Topics 575 Redundancy Planning 575   Redundant Power 577   Redundant Power Supplies 579   Uninterruptible Power Supplies 579   Backup Generators 581   Redundant Data 582   Redundant Networking 586   Redundant Servers 587   Redundant Sites 588   Redundant People 589 Disaster Recovery Planning and Procedures 590   Data Backup 590   DR Planning 594 Chapter Summary 598 Chapter Review Activities 598   Review Key Topics 598   Define Key Terms 599   Review Questions 599   Answers and Explanations 604   Case Study for Chapter 15 607   Case Study Solution 607 Chapter 16 Policies, Procedures, and People 611 Foundation Topics 611 Environmental Controls 611   Fire Suppression 611   Fire Extinguishers 612   Sprinkler Systems 613   Special Hazard Protection Systems 614   HVAC 615   Shielding 616 Social Engineering 617   Pretexting 618   Malicious Insider 618   Diversion Theft 619   Phishing 619   Hoaxes 621   Shoulder Surfing 621   Eavesdropping 622   Dumpster Diving 622   Baiting 622   Piggybacking/Tailgating 622   Summary of Social Engineering Types 623   User Education and Awareness 624 Legislative and Organizational Policies 625   Data Sensitivity and Classification of Information 626   Personnel Security Policies 628   Privacy Policies 628   Acceptable Use 629   Change Management 629   Separation of Duties/Job Rotation 630   Mandatory Vacations 630   Onboarding and Offboarding 631   Due Diligence 631   Due Care 631   Due Process 632   User Education and Awareness Training 632 Summary of Personnel Security Policies 633   How to Deal with Vendors 633   How to Dispose of Computers and Other IT Equipment Securely 634   Incident Response Procedures 636   Chapter Summary 642 Chapter Review Activities 643 Review Key Topics 643   Review Questions 644   Answers and Explanations 653   Case Studies for Chapter 16 658   Case Study Solutions 659 Chapter 17 Taking the Real Exam 663 Getting Ready and the Exam Preparation Checklist 663 Tips for Taking the Real Exam 667 Beyond the CompTIA Security+ Certification 670 Case Study for Chapter 17 671   Case Study 17-1: Analyzing Test Questions 671 Practice Exam 1: SY0-401 673 Glossary 725 On the DVD: APPENDIX A View Recommended Resources APPENDIX B Master List of Key Topics Acronyms Case Studies Case Study Solutions (Video and Simulations) Table 6-2 TOC, 978078975335, 6/19/2014