Introduction xxii
Chapter 1 Introduction to Security 2
Foundation Topics 3
Security 101 3
   The CIA of Computer Security 3
   The Basics of Information Security 4
Think Like a Hacker 6
Threat Actor Types and Attributes 7
Chapter Review Activities 9
Chapter 2 Computer Systems Security Part I 12
Foundation Topics 13
Malicious Software Types 13
   Viruses 13
   Worms 14
   Trojan Horses 14
   Ransomware 15
   Spyware 15
   Rootkits 16
   Spam 16
   Summary of Malware Threats 17
Delivery of Malware 17
   Via Software, Messaging, and Media 18
   Botnets and Zombies 19
   Active Interception 19
   Privilege Escalation 19
   Backdoors 19
   Logic Bombs 20
Preventing and Troubleshooting Malware 20
   Preventing and Troubleshooting Viruses 20
   Preventing and Troubleshooting Worms and Trojans 23
   Preventing and Troubleshooting Spyware 24
   Preventing and Troubleshooting Rootkits 25
   Preventing and Troubleshooting Spam 26
   You Can’t Save Every Computer from Malware! 27
   Summary of Malware Prevention Techniques 27
Chapter Review Activities 29
Chapter 3 Computer Systems Security Part II 34
Foundation Topics 35
Implementing Security Applications 35
   Personal Software Firewalls 35
   Host-Based Intrusion Detection Systems 36
   Pop-Up Blockers 38
   Data Loss Prevention Systems 38
Securing Computer Hardware and Peripherals 39
   Securing the BIOS 39
   Securing Storage Devices 41
       Removable Storage 41
       Network Attached Storage 41
       Whole Disk Encryption 42
       Hardware Security Modules 43
   Securing Wireless Peripherals 43
Securing Mobile Devices 44
   Malware 44
   Botnet Activity 45
   SIM Cloning and Carrier Unlocking 45
   Wireless Attacks 46
   Theft 46
   Application Security 47
   BYOD Concerns 49
Chapter Review Activities 53
Chapter 4 OS Hardening and Virtualization 58
Foundation Topics 59
Hardening Operating Systems 59
   Removing Unnecessary Applications and Services 59
   Windows Update, Patches, and Hotfixes 65
       Patches and Hotfixes 66
       Patch Management 68
   Group Policies, Security Templates, and Configuration Baselines 69
   Hardening File Systems and Hard Drives 71
Virtualization Technology 74
   Types of Virtualization and Their Purposes 74
   Hypervisor 75
   Securing Virtual Machines 76
Chapter Review Activities 79
Chapter 5 Application Security 86
Foundation Topics 87
Securing the Browser 87
   General Browser Security Procedures 88
       Implement Policies 88
       Train Your Users 90
       Use a Proxy and Content Filter 91
       Secure Against Malicious Code 92
   Web Browser Concerns and Security Methods 92
       Basic Browser Security 92
       Cookies 92
       LSOs 93
       Add-ons 94
       Advanced Browser Security 94
Securing Other Applications 95
Secure Programming 99
   Software Development Life Cycle 99
   Core SDLC and DevOps Principles 100
   Programming Testing Methods 102
       White-box and Black-box Testing 102
       Compile-Time Errors Versus Runtime Errors 102
       Input Validation 103
       Static and Dynamic Code Analysis 104
       Fuzz Testing 104
   Programming Vulnerabilities and Attacks 104
       Backdoors 105
       Memory/Buffer Vulnerabilities 105
       Arbitrary Code Execution/Remote Code Execution 106
       XSS and XSRF 107
       More Code Injection Examples 107
       Directory Traversal 109
       Zero Day Attack 109
Chapter Review Activities 111
Chapter 6 Network Design Elements 118
Foundation Topics 119
Network Design 119
   The OSI Model 119
   Network Devices 120
       Switch 120
       Bridge 122
       Router 122
   Network Address Translation, and Private Versus Public IP 123
   Network Zones and Interconnections 125
       LAN Versus WAN 125
       Internet 126
       Demilitarized Zone (DMZ) 126
       Intranets and Extranets 127
   Network Access Control (NAC) 128
   Subnetting 128
   Virtual Local Area Network (VLAN) 130
   Telephony 131
       Modems 131
       PBX Equipment 132
       VoIP 132
Cloud Security and Server Defense 133
   Cloud Computing 133
   Cloud Security 135
   Server Defense 137
       File Servers 137
       Network Controllers 137
       E-mail Servers 138
       Web Servers 139
       FTP Server 140
Chapter Review Activities 142
Chapter 7 Networking Protocols and Threats 148
Foundation Topics 149
Ports and Protocols 149
   Port Ranges, Inbound Versus Outbound, and Common Ports 149
   Protocols That Can Cause Anxiety on the Exam 155
Malicious Attacks 155
   DoS 155
   DDoS 158
   Sinkholes and Blackholes 158
   Spoofing 159
   Session Hijacking 159
   Replay 161
   Null Sessions 161
   Transitive Access and Client-Side Attacks 162
   DNS Poisoning and Other DNS Attacks 162
   ARP Poisoning 164
   Summary of Network Attacks 164
Chapter Review Activities 167
Chapter 8 Network Perimeter Security 174
Foundation Topics 175
Firewalls and Network Security 175
   Firewalls 175
   Proxy Servers 179
   Honeypots and Honeynets 181
   Data Loss Prevention (DLP) 182
NIDS Versus NIPS 183
   NIDS 183
   NIPS 184
   Summary of NIDS Versus NIPS 185
   The Protocol Analyzer’s Role in NIDS and NIPS 185
   Unified Threat Management 186
Chapter Review Activities 187
Chapter 9 Securing Network Media and Devices 194
Foundation Topics 195
Securing Wired Networks and Devices 195
   Network Device Vulnerabilities 195
       Default Accounts 195
       Weak Passwords 195
       Privilege Escalation 196
       Back Doors 197
       Network Attacks 197
       Other Network Device Considerations 197
   Cable Media Vulnerabilities 198
       Interference 198
       Crosstalk 199
       Data Emanation 199
       Tapping into Data and Conversations 200
Securing Wireless Networks 201
   Wireless Access Point Vulnerabilities 202
       The Administration Interface 202
       SSID Broadcast 202
       Rogue Access Points 202
       Evil Twin 203
       Weak Encryption 203
       Wi-Fi Protected Setup 205
       Ad Hoc Networks 205
       VPN over Open Wireless 205
   Wireless Access Point Security Strategies 205
   Wireless Transmission Vulnerabilities 208
   Bluetooth and Other Wireless Technology Vulnerabilities 209
       Bluejacking 209
       Bluesnarfing 210
   RFID and NFC 210
       More Wireless Technologies 210
Chapter Review Activities 212
Chapter 10 Physical Security and Authentication Models 218
Foundation Topics 219
Physical Security 219
   General Building and Server Room Security 219
   Door Access 220
   Biometric Readers 221
Authentication Models and Components 222
   Authentication Models 222
   Localized Authentication Technologies 224
       802.1X and EAP 224
       LDAP 226
       Kerberos and Mutual Authentication 227
       Remote Desktop Services 229
   Remote Authentication Technologies 230
       Remote Access Service 230
       Virtual Private Networks 231
       RADIUS Versus TACACS 234
Chapter Review Activities 236
Chapter 11 Access Control Methods and Models 244
Foundation Topics 245
Access Control Models Defined 245
   Discretionary Access Control 245
   Mandatory Access Control 246
   Role-Based Access Control (RBAC) 247
   Attribute-based Access Control (ABAC) 248
   Access Control Wise Practices 249
Rights, Permissions, and Policies 250
   Users, Groups, and Permissions 251
   Permission Inheritance and Propagation 255
   Moving and Copying Folders and Files 256
   Usernames and Passwords 256
   Policies 258
   User Account Control (UAC) 261
Chapter Review Activities 262
Chapter 12 Vulnerability and Risk Assessment 270
Foundation Topics 271
Conducting Risk Assessments 271
   Qualitative Risk Assessment 272
   Quantitative Risk Assessment 273
   Security Analysis Methodologies 274
   Security Controls 275
   Vulnerability Management 276
       Penetration Testing 277
       OVAL 279
       Additional Vulnerabilities 279
Assessing Vulnerability with Security Tools 280
   Network Mapping 280
   Vulnerability Scanning 282
   Network Sniffing 283
   Password Analysis 284
Chapter Review Activities 287
Chapter 13 Monitoring and Auditing 294
Foundation Topics 295
Monitoring Methodologies 295
   Signature-Based Monitoring 295
   Anomaly-Based Monitoring 295
   Behavior-Based Monitoring 296
Using Tools to Monitor Systems and Networks 296
   Performance Baselining 297
   Protocol Analyzers 299
       Wireshark 299
   SNMP 301
   Analytical Tools 302
   Use Static and Dynamic Tools 304
Conducting Audits 304
   Auditing Files 305
   Logging 306
   Log File Maintenance and Security 310
   Auditing System Security Settings 311
   SIEM 314
Chapter Review Activities 315
Chapter 14 Encryption and Hashing Concepts 322
Foundation Topics 323
Cryptography Concepts 323
   Symmetric Versus Asymmetric Key Algorithms 326
       Symmetric Key Algorithms 326
   Asymmetric Key Algorithms 327
   Public Key Cryptography 327
   Key Management 328
   Steganography 328
Encryption Algorithms 329
   DES and 3DES 329
   AES 329
   RC 330
   Blowfish and Twofish 331
   Summary of Symmetric Algorithms 331
   RSA 331
   Diffie-Hellman 333
   Elliptic Curve 333
   More Encryption Types 334
       One-Time Pad 334
       PGP 335
       Pseudorandom Number Generators 336
Hashing Basics 336
   Cryptographic Hash Functions 337
       MD5 338
       SHA 338
       RIPEMD and HMAC 338
   LANMAN, NTLM, and NTLMv2 339
       LANMAN 339
       NTLM and NTLMv2 340
   Hashing Attacks 341
       Pass the Hash 341
       Happy Birthday! 341
   Additional Password Hashing Concepts 342
Chapter Review Activities 343
Chapter 15 PKI and Encryption Protocols 350
Foundation Topics 351
Public Key Infrastructure 351
   Certificates 351
       SSL Certificate Types 352
       Single-Sided and Dual-Sided Certificates 352
       Certificate Chain of Trust 352
       Certificate Formats 352
   Certificate Authorities 353
   Web of Trust 356
Security Protocols 356
   S/MIME 357
   SSL/TLS 357
   SSH 359
   PPTP, L2TP, and IPsec 359
       PPTP 359
       L2TP 359
       IPsec 360
Chapter Review Activities 361
Chapter 16 Redundancy and Disaster Recovery 368
Foundation Topics 369
Redundancy Planning 369
   Redundant Power 370
   Redundant Power Supplies 371
   Uninterruptible Power Supplies 371
   Backup Generators 372
   Redundant Data 374
   Redundant Networking 376
   Redundant Servers 377
   Redundant Sites 378
   Redundant People 379
Disaster Recovery Planning and Procedures 379
   Data Backup 379
   DR Planning 382
Chapter Review Activities 385
Chapter 17 Social Engineering, User Education, and Facilities Security 390
Foundation Topics 391
Social Engineering 391
   Pretexting 391
   Malicious Insider 391
   Diversion Theft 392
   Phishing 392
   Hoaxes 393
   Shoulder Surfing 394
   Eavesdropping 394
   Dumpster Diving 394
   Baiting 394
   Piggybacking/Tailgating 394
   Watering Hole Attack 395
   Summary of Social Engineering Types 395
User Education 396
   Facilities Security 398
   Fire Suppression 398
       Fire Extinguishers 398
       Sprinkler Systems 399
       Special Hazard Protection Systems 399
   HVAC 400
   Shielding 401
   Vehicles 402
Chapter Review Activities 404
Chapter 18 Policies and Procedures 410
Foundation Topics 411
Legislative and Organizational Policies 411
   Data Sensitivity and Classification of Information 411
   Personnel Security Policies 413
       Privacy Policies 414
       Acceptable Use 414
       Change Management 414
       Separation of Duties/Job Rotation 415
       Mandatory Vacations 415
       Onboarding and Offboarding 415
       Due Diligence 416
       Due Care 416
       Due Process 416
       User Education and Awareness Training 416
       Summary of Personnel Security Policies 417
   How to Deal with Vendors 417
   How to Dispose of Computers and Other IT Equipment Securely 419
Incident Response Procedures 420
IT Security Frameworks 424
Chapter Review Activities 426
Chapter 19 Taking the Real Exam 432
   Getting Ready and the Exam Preparation Checklist 432
   Tips for Taking the Real Exam 435
   Beyond the CompTIA Security+ Certification 438
Practice Exam 1: SY0-501 440
Glossary 458
Â
Elements Available Online
Appendix A: Answers to the Review Questions
Answers to Practice Exam 1
View Recommended Resources
Real-World Scenarios
Flash Cards
Â
Â
9780789759122Â Â TOCÂ Â 10/31/2017
Â
