Join over 250,000 IT professionals who've earned Security+certification If you're an IT professional hoping to progress in your career,then you know that the CompTIA Security+ exam is one of the mostvaluable certifications available. Since its introduction in 2002,over a quarter million professionals have achieved Security+certification, itself a springboard to prestigious certificationslike the CASP, CISSP, and CISA. The CompTIA Security+ StudyGuide: SY0-401 covers 100% of the Security+ exam objectives,with clear and concise information on crucial security topics.
You'll find everything you need to prepare for the 2014 versionof the Security+ certification exam, including insight fromindustry experts on a wide range of IT security topics. Readersalso get access to a robust set of learning tools, featuringelectronic flashcards, assessment tests, robust practice testenvironment, with hundreds of practice questions, and electronicflashcards.
- CompTIA authorized and endorsed
- Includes updates covering the latest changes to the exam,including better preparation for real-world applications
- Covers key topics like network security, compliance andoperational security, threats and vulnerabilities, access controland identity management, and cryptography
- Employs practical examples and insights to provide real-worldcontext from two leading certification experts
- Provides the necessary tools to take that first important steptoward advanced security certs like CASP, CISSP, and CISA, inaddition to satisfying the DoD's 8570 directive
If you're serious about jump-starting your security career, youneed the kind of thorough preparation included in the CompTIASecurity+ Study Guide: SY0-401.
Table of Contents:
Foreword xxiIntroduction xxiii
Chapter 1 Measuring and Weighing Risk 1
Risk Assessment 3
Computing Risk Assessment 4
Acting on Your Risk Assessment 9
Risks Associated with Cloud Computing 17
Risks Associated with Virtualization 19
Developing Policies, Standards, and Guidelines 19
Implementing Policies 20
Understanding Control Types and
False Positives/Negatives 26
Risk Management Best Practices 28
Disaster Recovery 36
Tabletop Exercise 39
Summary 39
Exam Essentials 39
Review Questions 41
Chapter 2 Monitoring and Diagnosing Networks 45
Monitoring Networks 46
Network Monitors 46
Understanding Hardening 52
Working with Services 52
Patches 56
User Account Control 57
Filesystems 58
Securing the Network 60
Security Posture 61
Continuous Security Monitoring 61
Setting a Remediation Policy 62
Reporting Security Issues 63
Alarms 63
Alerts 63
Trends 63
Differentiating between Detection Controls and Prevention Controls 64
Summary 65
Exam Essentials 66
Review Questions 67
Chapter 3 Understanding Devices and Infrastructure 71
Mastering TCP/IP 73
OSI Relevance 74
Working with the TCP/IP Suite 74
IPv4 and IPv6 78
Understanding Encapsulation 79
Working with Protocols and Services 80
Designing a Secure Network 87
Demilitarized Zones 87
Subnetting 89
Virtual Local Area Networks 89
Remote Access 92
Network Address Translation 93
Telephony 94
Network Access Control 95
Understanding the Various Network Infrastructure Devices 95
Firewalls 96
Routers 100
Switches 102
Load Balancers 103
Proxies 103
Web Security Gateway 103
VPNs and VPN Concentrators 103
Intrusion Detection Systems 105
Understanding Intrusion Detection Systems 106
IDS vs. IPS 110
Working with a Network-Based IDS 111
Working with a Host-Based IDS 116
Working with NIPSs 117
Protocol Analyzers 118
Spam Filters 118
UTM Security Appliances 119
Summary 122
Exam Essentials 123
Review Questions 124
Chapter 4 Access Control, Authentication, and Authorization 129
Understanding Access Control Basics 131
Identification vs. Authentication 131
Authentication (Single Factor) and Authorization 132
Multifactor Authentication 133
Layered Security and Defense in Depth 133
Network Access Control 134
Tokens 135
Federations 135
Potential Authentication and Access Problems 136
Authentication Issues to Consider 137
Authentication Protocols 139
Account Policy Enforcement 139
Users with Multiple Accounts/Roles 141
Generic Account Prohibition 142
Group-based and User-assigned Privileges 142
Understanding Remote Access Connectivity 142
Using the Point-to-Point Protocol 143
Working with Tunneling Protocols 144
Working with RADIUS 145
TACACS/TACACS+/XTACACS 146
VLAN Management 146
SAML 147
Understanding Authentication Services 147
LDAP 147
Kerberos 148
Single Sign-On Initiatives 149
Understanding Access Control 150
Mandatory Access Control 151
Discretionary Access Control 151
Role-Based Access Control 152
Rule-Based Access Control 152
Implementing Access Controlling Best Practices 152
Least Privileges 153
Separation of Duties 153
Time of Day Restrictions 153
User Access Review 154
Smart Cards 154
Access Control Lists 156
Port Security 157
Working with 802.1X 158
Flood Guards and Loop Protection 158
Preventing Network Bridging 158
Log Analysis 159
Trusted OS 159
Secure Router Configuration 160
Summary 161
Exam Essentials 161
Review Questions 163
Chapter 5 Protecting Wireless Networks 167
Working with Wireless Systems 169
IEEE 802.11x Wireless Protocols 169
WEP/WAP/WPA/WPA2 171
Wireless Transport Layer Security 173
Understanding Wireless Devices 174
Wireless Access Points 175
Extensible Authentication Protocol 181
Lightweight Extensible Authentication Protocol 182
Protected Extensible Authentication Protocol 182
Wireless Vulnerabilities to Know 183
Wireless Attack Analogy 187
Summary 188
Exam Essentials 189
Review Questions 190
Chapter 6 Securing the Cloud 195
Working with Cloud Computing 196
Software as a Service (SaaS) 197
Platform as a Service (PaaS) 198
Infrastructure as a Service (IaaS) 199
Private Cloud 200
Public Cloud 200
Community Cloud 200
Hybrid Cloud 201
Working with Virtualization 201
Snapshots 203
Patch Compatibility 203
Host Availability/Elasticity 204
Security Control Testing 204
Sandboxing 204
Security and the Cloud 205
Cloud Storage 206
Summary 207
Exam Essentials 207
Review Questions 208
Chapter 7 Host, Data, and Application Security 213
Application Hardening 215
Databases and Technologies 215
Fuzzing 218
Secure Coding 218
Application Configuration Baselining 219
Operating System Patch Management 220
Application Patch Management 220
Host Security 220
Permissions 220
Access Control Lists 221
Antimalware 221
Host Software Baselining 226
Hardening Web Servers 227
Hardening Email Servers 228
Hardening FTP Servers 229
Hardening DNS Servers 230
Hardening DHCP Services 231
Protecting Data Through Fault Tolerance 233
Backups 233
RAID 234
Clustering and Load Balancing 235
Application Security 235
Best Practices for Security 236
Data Loss Prevention 236
Hardware-Based Encryption Devices 237
Summary 238
Exam Essentials 238
Review Questions 239
Chapter 8 Cryptography 243
An Overview of Cryptography 245
Historical Cryptography 245
Modern Cryptography 249
Working with Symmetric Algorithms 249
Working with Asymmetric Algorithms 251
What Cryptography Should You Use? 254
Hashing Algorithms 255
Rainbow Tables and Salt 256
Key Stretching 256
Understanding Quantum Cryptography 257
Cryptanalysis Methods 257
Wi-Fi Encryption 258
Using Cryptographic Systems 258
Confidentiality and Strength 259
Integrity 259
Digital Signatures 261
Authentication 261
Nonrepudiation 262
Key Features 262
Understanding Cryptography Standards and Protocols 263
The Origins of Encryption Standards 263
Public-Key Infrastructure X.509/Public-Key Cryptography Standards 266
X.509 267
SSL and TLS 268
Certificate Management Protocols 270
Secure Multipurpose Internet Mail Extensions 270
Secure Electronic Transaction 270
Secure Shell 271
Pretty Good Privacy 272
HTTP Secure 274
Secure HTTP 274
IP Security 274
Tunneling Protocols 277
Federal Information Processing Standard 278
Using Public-Key Infrastructure 278
Using a Certificate Authority 279
Working with Registration Authorities and Local Registration Authorities 280
Implementing Certificates 281
Understanding Certificate Revocation 285
Implementing Trust Models 285
Hardware-Based Encryption Devices 290
Data Encryption 290
Summary 291
Exam Essentials 291
Review Questions 293
Chapter 9 Malware, Vulnerabilities, and Threats 297
Understanding Malware 300
Surviving Viruses 310
Symptoms of a Virus Infection 311
How Viruses Work 311
Types of Viruses 312
Managing Spam to Avoid Viruses 316
Antivirus Software 317
Understanding Various Types of Attacks 318
Identifying Denial-of-Service and
Distributed Denial-of-Service Attacks 319
Spoofing Attacks 321
Pharming Attacks 322
Phishing, Spear Phishing, and Vishing 323
Xmas Attack 324
Man-in-the-Middle Attacks 324
Replay Attacks 325
Smurf Attacks 326
Password Attacks 326
Privilege Escalation 328
Malicious Insider Threats 332
Transitive Access 332
Client-Side Attacks 333
Typo Squatting and URL Hijacking 333
Watering Hole Attack 334
Identifying Types of Application Attacks 334
Cross-Site Scripting and Forgery 334
SQL Injection 335
LDAP Injection 336
XML Injection 337
Directory Traversal/Command Injection 337
Buffer Overflow 338
Integer Overflow 338
Zero-Day Exploits 338
Cookies and Attachments 338
Locally Shared Objects and Flash Cookies 339
Malicious Add-Ons 339
Session Hijacking 340
Header Manipulation 340
Arbitrary Code and Remote Code Execution 341
Tools for Finding Threats 341
Interpreting Assessment Results 341
Tools to Know 342
Risk Calculations and Assessment Types 344
Summary 346
Exam Essentials 346
Review Questions 348
Chapter 10 Social Engineering and Other Foes 353
Understanding Social Engineering 355
Types of Social Engineering Attacks 356
What Motivates an Attack? 361
The Principles Behind Social Engineering 362
Social Engineering Attack Examples 363
Understanding Physical Security 366
Hardware Locks and Security 369
Mantraps 371
Video Surveillance 371
Fencing 372
Access List 373
Proper Lighting 374
Signs 374
Guards 374
Barricades 375
Biometrics 375
Protected Distribution 376
Alarms 376
Motion Detection 376
Environmental Controls 377
HVAC 378
Fire Suppression 378
EMI Shielding 380
Hot and Cold Aisles 382
Environmental Monitoring 383
Temperature and Humidity Controls 383
Control Types 384
A Control Type Analogy 385
Data Policies 385
Destroying a Flash Drive 386
Some Considerations 387
Optical Discs 388
Summary 389
Exam Essentials 389
Review Questions 391
Chapter 11 Security Administration 395
Third-Party Integration 397
Transitioning 397
Ongoing Operations 398
Understanding Security Awareness and Training 399
Communicating with Users to Raise Awareness 399
Providing Education and Training 399
Safety Topics 401
Training Topics 402
Classifying Information 409
Public Information 410
Private Information 411
Information Access Controls 413
Security Concepts 413
Complying with Privacy and Security Regulations 414
The Health Insurance Portability and
Accountability Act 415
The Gramm-Leach-Bliley Act 415
The Computer Fraud and Abuse Act 416
The Family Educational Rights and Privacy Act 416
The Computer Security Act of 1987 416
The Cyberspace Electronic Security Act 417
The Cyber Security Enhancement Act 417
The Patriot Act 417
Familiarizing Yourself with International Efforts 418
Mobile Devices 418
BYOD Issues 419
Alternative Methods to Mitigate Security Risks 420
Summary 422
Exam Essentials 422
Review Questions 424
Chapter 12 Disaster Recovery and Incident Response 429
Issues Associated with Business Continuity 431
Types of Storage Mechanisms 432
Crafting a Disaster-Recovery Plan 433
Incident Response Policies 445
Understanding Incident Response 446
Succession Planning 454
Tabletop Exercises 454
Reinforcing Vendor Support 455
Service-Level Agreements 455
Code Escrow Agreements 457
Penetration Testing 458
What Should You Test? 458
Vulnerability Scanning 459
Summary 460
Exam Essentials 461
Review Questions 462
Appendix A Answers to Review Questions 467
Chapter 1: Measuring and Weighing Risk 468
Chapter 2: Monitoring and Diagnosing Networks 469
Chapter 3: Understanding Devices and Infrastructure 470
Chapter 4: Access Control, Authentication, and Authorization 471
Chapter 5: Protecting Wireless Networks 473
Chapter 6: Securing the Cloud 474
Chapter 7: Host, Data, and Application Security 475
Chapter 8: Cryptography 476
Chapter 9: Malware, Vulnerabilities, and Threats 477
Chapter 10: Social Engineering and Other Foes 478
Chapter 11: Security Administration 480
Chapter 12: Disaster Recovery and Incident Response 481
Appendix B About the Additional Study Tools 483
Additional Study Tools 484
Sybex Test Engine 484
Electronic Flashcards 484
PDF of Glossary of Terms 484
Adobe Reader 484
System Requirements 485
Using the Study Tools 485
Troubleshooting 485
Customer Care 486
Index 487
About the Author :
Emmett Dulaney is an Assistant Professor at AndersonUniversity. He has written several certification books on Windows,security, IT project management, and UNIX, and was the co-author ofCompTIA A+ Complete Study Guide (Sybex).
Chuck Easttom is CEO and Chief Trainer for CEC-Security,which specializes in IT security training and CISP and Security+exam preparation. He has over 18 years in the IT industry, 10 yearsteaching and training, and has authored 15 published books.
