Table of Contents

Introduction

Chapter 1 Introduction to Security

Foundation Topics

Security 101

The CIA of Computer Security

The Basics of Information Security

Think Like a Hacker

Threat Actor Types and Attributes

Chapter Review Activities

Review Key Topics

Define Key Terms

Review Questions

Chapter 2 Computer Systems Security Part I

Foundation Topics

Malicious Software Types

Viruses

Worms

Trojan Horses

Ransomware

Spyware

Rootkits

Spam

Summary of Malware Threats

Delivery of Malware

Via Software, Messaging, and Media

Botnets and Zombies

Active Interception

Privilege Escalation

Backdoors

Logic Bombs

Preventing and Troubleshooting Malware

Preventing and Troubleshooting Viruses

Preventing and Troubleshooting Worms and Trojans

Preventing and Troubleshooting Spyware

Preventing and Troubleshooting Rootkits

Preventing and Troubleshooting Spam

You Can’t Save Every Computer from Malware!

Summary of Malware Prevention Techniques

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 3 Computer Systems Security Part II

Foundation Topics

Implementing Security Applications

Personal Software Firewalls

Host-Based Intrusion Detection Systems

Pop-Up Blockers

Data Loss Prevention Systems

Securing Computer Hardware and Peripherals

Securing the BIOS

Securing Storage Devices

Removable Storage

Network Attached Storage

Whole Disk Encryption

Hardware Security Modules

Securing Wireless Peripherals

Securing Mobile Devices

Malware

Botnet Activity

SIM Cloning and Carrier Unlocking

Wireless Attacks

Theft

Application Security

BYOD Concerns

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 4 OS Hardening and Virtualization

Foundation Topics

Hardening Operating Systems

Removing Unnecessary Applications and Services

Windows Update, Patches, and Hotfixes

Patches and Hotfixes

Patch Management

Group Policies, Security Templates, and Configuration Baselines

Hardening File Systems and Hard Drives

Virtualization Technology

Types of Virtualization and Their Purposes

Hypervisor

Securing Virtual Machines

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 5 Application Security

Foundation Topics

Securing the Browser

General Browser Security Procedures

Implement Policies

Train Your Users

Use a Proxy and Content Filter

Secure Against Malicious Code

Web Browser Concerns and Security Methods

Basic Browser Security

Cookies

LSOs

Add-ons

Advanced Browser Security

Securing Other Applications

Secure Programming

Software Development Life Cycle

Core SDLC and DevOps Principles

Programming Testing Methods

White-box and Black-box Testing

Compile-Time Errors Versus Runtime Errors

Input Validation

Static and Dynamic Code Analysis

Fuzz Testing

Programming Vulnerabilities and Attacks

Backdoors

Memory/Buffer Vulnerabilities

Arbitrary Code Execution/Remote Code Execution

XSS and XSRF

More Code Injection Examples

Directory Traversal

Zero Day Attack

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 6 Network Design Elements

Foundation Topics

Network Design

The OSI Model

Network Devices

Switch

Bridge

Router

Network Address Translation, and Private Versus Public IP

Network Zones and Interconnections

LAN Versus WAN

Internet

Demilitarized Zone (DMZ)

Intranets and Extranets

Network Access Control (NAC)

Subnetting

Virtual Local Area Network (VLAN)

Telephony

Modems

PBX Equipment

VoIP

Cloud Security and Server Defense

Cloud Computing

Cloud Security

Server Defense

File Servers

Network Controllers

E-mail Servers

Web Servers

FTP Server

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 7 Networking Protocols and Threats

Foundation Topics

Ports and Protocols

Port Ranges, Inbound Versus Outbound, and Common Ports

Protocols That Can Cause Anxiety on the Exam

Malicious Attacks

DoS

DDoS

Sinkholes and Blackholes

Spoofing

Session Hijacking

Replay

Null Sessions

Transitive Access and Client-Side Attacks

DNS Poisoning and Other DNS Attacks

ARP Poisoning

Summary of Network Attacks

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 8 Network Perimeter Security

Foundation Topics

Firewalls and Network Security

Firewalls

Proxy Servers

Honeypots and Honeynets

Data Loss Prevention (DLP)

NIDS Versus NIPS

NIDS

NIPS

Summary of NIDS Versus NIPS

The Protocol Analyzer’s Role in NIDS and NIPS

Unified Threat Management

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 9 Securing Network Media and Devices

Foundation Topics

Securing Wired Networks and Devices

Network Device Vulnerabilities

Default Accounts

Weak Passwords

Privilege Escalation

Back Doors

Network Attacks

Other Network Device Considerations

Cable Media Vulnerabilities

Interference

Crosstalk

Data Emanation

Tapping into Data and Conversations

Securing Wireless Networks

Wireless Access Point Vulnerabilities

The Administration Interface

SSID Broadcast

Rogue Access Points

Evil Twin

Weak Encryption

Wi-Fi Protected Setup

Ad Hoc Networks

VPN over Open Wireless

Wireless Access Point Security Strategies

Wireless Transmission Vulnerabilities

Bluetooth and Other Wireless Technology Vulnerabilities

Bluejacking

Bluesnarfing

RFID and NFC

More Wireless Technologies

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 10 Physical Security and Authentication Models

Foundation Topics

Physical Security

General Building and Server Room Security

Door Access

Biometric Readers

Authentication Models and Components

Authentication Models

Localized Authentication Technologies

802.1X and EAP

LDAP

Kerberos and Mutual Authentication

Remote Desktop Services

Remote Authentication Technologies

Remote Access Service

Virtual Private Networks

RADIUS Versus TACACS

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 11 Access Control Methods and Models

Foundation Topics

Access Control Models Defined

Discretionary Access Control

Mandatory Access Control

Role-Based Access Control (RBAC)

Attribute-based Access Control (ABAC)

Access Control Wise Practices

Rights, Permissions, and Policies

Users, Groups, and Permissions

Permission Inheritance and Propagation

Moving and Copying Folders and Files

Usernames and Passwords

Policies

User Account Control (UAC)

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 12 Vulnerability and Risk Assessment

Foundation Topics

Conducting Risk Assessments

Qualitative Risk Assessment

Quantitative Risk Assessment

Security Analysis Methodologies

Security Controls

Vulnerability Management

Penetration Testing

OVAL

Additional Vulnerabilities

Assessing Vulnerability with Security Tools

Network Mapping

Vulnerability Scanning

Network Sniffing

Password Analysis

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 13 Monitoring and Auditing

Foundation Topics

Monitoring Methodologies

Signature-Based Monitoring

Anomaly-Based Monitoring

Behavior-Based Monitoring

Using Tools to Monitor Systems and Networks

Performance Baselining

Protocol Analyzers

Wireshark

SNMP

Analytical Tools

Use Static and Dynamic Tools

Conducting Audits

Auditing Files

Logging

Log File Maintenance and Security

Auditing System Security Settings

SIEM

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 14 Encryption and Hashing Concepts

Foundation Topics

Cryptography Concepts

Symmetric Versus Asymmetric Key Algorithms

Symmetric Key Algorithms

Asymmetric Key Algorithms

Public Key Cryptography

Key Management

Steganography

Encryption Algorithms

DES and 3DES

AES

RC

Blowfish and Twofish

Summary of Symmetric Algorithms

RSA

Diffie-Hellman

Elliptic Curve

More Encryption Types

One-Time Pad

PGP

Pseudorandom Number Generators

Hashing Basics

Cryptographic Hash Functions

MD5

SHA

RIPEMD and HMAC

LANMAN, NTLM, and NTLMv2

LANMAN

NTLM and NTLMv2

Hashing Attacks

Pass the Hash

Happy Birthday!

Additional Password Hashing Concepts

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 15 PKI and Encryption Protocols

Foundation Topics

Public Key Infrastructure

Certificates

SSL Certificate Types

Single-Sided and Dual-Sided Certificates

Certificate Chain of Trust

Certificate Formats

Certificate Authorities

Web of Trust

Security Protocols

S/MIME

SSL/TLS

SSH

PPTP, L2TP, and IPsec

PPTP

L2TP

IPsec

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 16 Redundancy and Disaster Recovery

Foundation Topics

Redundancy Planning

Redundant Power

Redundant Power Supplies

Uninterruptible Power Supplies

Backup Generators

Redundant Data

Redundant Networking

Redundant Servers

Redundant Sites

Redundant People

Disaster Recovery Planning and Procedures

Data Backup

DR Planning

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 17 Social Engineering, User Education, and Facilities Security

Foundation Topics

Social Engineering

Pretexting

Malicious Insider

Diversion Theft

Phishing

Hoaxes

Shoulder Surfing

Eavesdropping

Dumpster Diving

Baiting

Piggybacking/Tailgating

Watering Hole Attack

Summary of Social Engineering Types

User Education

Facilities Security

Fire Suppression

Fire Extinguishers

Sprinkler Systems

Special Hazard Protection Systems

HVAC

Shielding

Vehicles

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 18 Policies and Procedures

Foundation Topics

Legislative and Organizational Policies

Data Sensitivity and Classification of Information

Personnel Security Policies

Privacy Policies

Acceptable Use

Change Management

Separation of Duties/Job Rotation

Mandatory Vacations

Onboarding and Offboarding

Due Diligence

Due Care

Due Process

User Education and Awareness Training

Summary of Personnel Security Policies

How to Deal with Vendors

How to Dispose of Computers and Other IT Equipment Securely

Incident Response Procedures

IT Security Frameworks

Chapter Review Activities

Chapter Summary

Review Key Topics

Define Key Terms

Complete the Real-World Scenarios

Review Questions

Chapter 19 Taking the Real Exam

Getting Ready and the Exam Preparation Checklist

Tips for Taking the Real Exam

Beyond the CompTIA Security+ Certification

Practice Exam 1: SY0-501

Glossary

Index

Elements Available Online

Appendix A: Answers to the Review Questions

Answers to Practice Exam

View Recommended Resources

Real-World Scenarios

Flash Cards

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.238.228.237