Home Page Icon
Home Page
Table of Contents for
Contributor
Close
Contributor
by Ian Neil
CompTIA Security+ Certification Guide
Title Page
Ian Neil
Copyright and Credits
CompTIA Security+ Certification Guide
Packt Upsell
Why subscribe?
Packt.com
Contributor
About the author
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Understanding Security Fundamentals
CIA triad concept
Identifying security controls
Administrative controls
Technical controls
Physical controls
Preventative controls
Deterrent controls
Detective controls
Corrective controls
Compensating controls
Access controls
Discretionary access control
Least privilege
Mandatory access control
Linux permissions (not SELinux)
Role-based access control
Rule-based access control
Attribute-based access control
Group-based access
Hashing and data integrity
Hash practical
Hash exercise
Defense in depth model
Review questions
Answers and explanations
Conducting Risk Analysis
Risk management
Importance of policy, plans, and procedures
Standard operating procedures
Agreement types
Personnel management—policies and procedures
Role—based awareness training
General security policies
Business impact analysis concepts
Privacy threshold assessment/privacy impact assessment
Mission—essential functions/identification of critical systems
Example
Supply chain risk assessment
Example
Business impact analysis concepts
Calculating loss
Example
Risk procedures and concepts
Threat assessment
Threat actors
Risk treatment
Risk register
Qualitative/quantitative risk analysis
Review questions
Answers and explanations
Implementing Security Policies and Procedures
Industry standard frameworks and reference architecture
OSI reference model
TCP/IP model
Types of frameworks
Benchmarks/secure configuration guides
Policies and user guides
Security configuration guides – web servers
Network infrastructure device user guides
General purpose guides
Implementing data security and privacy practices
Destroying data and sanitizing media 
Data sensitivity labeling and handling
Data retention – legal and compliance
Data roles
Practical – creating a baseline
Review questions
Answers and explanations
Delving into Identity and Access Management
Understanding identity and access management concepts
Passwords
Default/administrator password
Passwords—group policy
Password recovery
Authentication factors
Number of factor examples
Transitive trust
Federation services
Shibboleth
Single sign-on
Installing and configuring identity and access services
LDAP
Kerberos
Internet-based open source authentication
Authentication, authorization, and accounting (AAA) servers
Authentication
Learning about Identity and access management controls
Biometrics
Security tokens and devices
Certification-based authentication
Port-based authentication
Common account management practices
Account types
Account creation
Employees moving departments
Disabling an account
Account recertification
Account maintenance
Account monitoring
Security Information and Event Management
Group based access control
Credential management
User account reviews
Practical exercise – password policy
Review questions
Answers and explanations
Understanding Network Components
OSI – reference model
Installing and configuring network components
Firewall
Router
Access control list– network devices
Intrusion-prevention system
Intrusion-detection system
Modes of detection
Modes of operation
Monitoring data
Switch
Layer 3 switch
Proxy server
Reverse proxy
Remote access
Virtual private network using L2TP/IPSec
IPSec
IPSec – handshake
VPN concentrator
Site-to-site VPN
VPN always on versus on-demand
SSL VPN
Split tunnelling
Load balancer
Clustering
Data-loss prevention
Security information and event management
Mail gateway
Cloud-based email
Media gateway
Hardware security module
Software-defined network
Secure network architecture concepts
Network address translation
Port address translation
Network access control (NAC)
Honeypot
Secure Socket Layer accelerators
SSL/TLS decryptor
Sensor/collector
Tap/port mirror
DDoS mitigator
Segregation/segmentation/isolation
Security device/technology placement
DMZ device placement
LAN device placement
Aggregation switches
Implementing secure protocols
Use case
File transfer – use case
Remote access – use case
Email – use case
Name resolution – use case
Hostname
DNSSEC
NETBIOS
Web – use case
Voice and video – use case
Network address allocation – use case
IP version 4
IP version 4 – lease process
IP version 4 lease process – troubleshooting
IP version 6 addressing
Subscription services – use case
Routing – use case
Time synchronization – use case
Directory services – use case
Active Directory
Switching – use case
Simple network management protocol – use case
Implementing wireless security
Wireless access points – controllers
Securing access to your wireless access point
Wireless bandwidth/band selection
Wireless channels
Wireless antenna types and signal strength
Wireless coverage
Wireless encryption
Wireless – open system authentication
Wireless – WPS
Wireless – captive portal
Wireless attacks
Wireless authentication protocols
Review questions
Answers and explanations
Understanding Cloud Models and Virtualization
Cloud computing
Implementing different cloud deployment models
Cloud service models
Disk resiliency and redundancy
Redundant array of independent disks
Storage area network
Understanding cloud storage concepts
Exploring virtual networks
Virtual desktop infrastructure
VDE
Heating, ventilation, and air-conditioning
Network environments
On-premises
Hosted services
Cloud-hosting services
Practical exercise – is the cloud cost-effective?
Review questions
Answer and explanations
Managing Hosts and Applications Deployment
Deploying mobile devices securely
Bring your own device
Choose your own device
Corporate-owned personally-enabled
Virtual desktop infrastructure
Mobile device connection methods
Mobile device management concepts
Accessing the device
Device management
Device protection
Device data
Mobile device enforcement and monitoring
Industrial control system
Supervisory control and data acquisition
Mobile devices – security implications of embedded systems
Special-purpose devices
Secure application development and deployment concepts
Development life cycle models – waterfall vs agile
Waterfall
Agile
Agile versus waterfall
DevOps
Secure DevOps
Secure coding techniques
Code quality and testing
Server-side versus client-side execution and validation
Review questions
Answers and explanations
Protecting Against Attacks and Vulnerabilities
Virus and malware attacks
Social engineering attacks
Common attacks
Application/service attacks
Programming attacks
Example 1—JavaScript—creating a money variable
Example 2—Javascript—setting the day of the month
Hijacking related attacks
Driver manipulation
Cryptographic attacks
Password attacks
Wireless attacks
Penetration testing
Penetration testing techniques
Vulnerability scanning concepts
Credentialed versus non-credentialed scans
Penetration testing versus vulnerability scanning
Practical exercise—running a vulnerability scanner
Review questions
Answers and explanations
Implementing Public Key Infrastructure
Public key infrastructure concepts
Certificate hierarchy
Certificate trust
Certificate validity
Certificate management concepts
Certificate types
Asymmetric and symmetric encryption
Encryption explained
Digital signature explained
Cryptography algorithms and their characteristics
Symmetric algorithms
Asymmetric algorithms
Symmetric versus asymmetric analogy
XOR encryption
Key stretching algorithms
Cipher modes
Stream versus block cipher analogy
Hashing and data integrity
Comparing and contrasting basic concepts of cryptography
Asymmetric – PKI
Asymmetric – weak/depreciated algorithms
Asymmetric – ephemeral keys
Symmetric algorithm – modes of operation
Symmetric encryption – stream versus block cipher
Symmetric encryption – confusion
Symmetric encryption – secret algorithm
Symmetric – session keys
Hashing algorithms
Crypto service provider
Crypto module
Protecting data
Basic cryptographic terminology
Obfuscation
Pseudo random number generator
Nonce
Perfect forward secrecy
Security through obscurity
Collision
Steganography
Diffusion
Implementation versus algorithm
Common use cases for cryptography
Supporting confidentiality
Supporting integrity
Supporting non-repudiation
Supporting obfuscation
Low-power devices
Low latency
High resiliency
Supporting authentication
Resource versus security constraints
Practical exercises
Practical exercise 1 – building a certificate server
Practical exercise 2—encrypting data with EFS and steal certificates
Practical exercise 3 – revoking the EFS certificate
Review questions
Answers and explanations
Responding to Security Incidents
Incident response procedures
Incident response process
Understanding the basic concepts of forensics
Five minute practical
Software tools to assess the security posture of an organization
Backup utilities
Backup types
Command-line tools
Analyzing and interpreting output from security technologies
Review questions
Answers and explanations
Managing Business Continuity
Implementing secure systems design
Hardware/firmware security
Operating systems
Securing IT systems
Peripherals
Importance of secure staging deployment concepts
Troubleshooting common security issues
Misconfigured devices
Personnel issues
Software issues
Disaster recovery and continuity of operations concepts
Review questions
Answers and explanations
Mock Exam 1
Mock Exam 2
Preparing for the CompTIA Security+ 501 Exam
Tips on taking the exam
Exam preparation
Practical 1—drag and drop—attacks
Practical 2—drag and drop—certificates
Practical 3—drag and drop—ports/protocol
Practical 4—drag and drop—authentication factors
Practical 5—drag and drop—general
Drag and drop—answers
Linux information
Acronyms
Assessment
Mock Exam 1
Mock Exam 2
Other Books You May Enjoy
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Packt.com
Next
Next Chapter
About the author
Contributor
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset