COMPTIA SECURITY+ SY0-401 CERT

David L. Prowse is an author, a computer network specialist, and a technical trainer. Over the past several years he has authored several titles for Pearson Education, including the well-received CompTIA A+ Exam Cram . As a consultant, he installs and secures the latest in computer and networking technology. Over the past decade he has also taught CompTIA A+, Network+, and Security+ certification courses, both in the classroom and via the Internet. He runs the website davidlprowse.com , where he gladly answers questions from students and readers.

The Security+ certification is CompTIA's answer to the market's need for a baseline, vendor-neutral security certification. The IT industry recognizes there is a need to better train, staff, and empower those tasked with designing and implementing information security, and Security+ is an effort to meet this demand. Over 60,000 professionals currently hold the Security+ certification, with 2,000 new candidates taking the exam every month. CompTIA Security+ SY0-401 Authorized Cert Guide, Deluxe Edition, Third Edition is the most comprehensive core self-study tool for CompTIA's latest Security+ exam. Perfect for every candidate preparing for this challenging exam, its comprehensive coverage offers all the information and insight readers need to succeed. From start to finish, the book has been organized and edited to improve retention and to focus on areas where the student needs the most assistance.

Introduction xxii Chapter 1 Introduction to Security 3 Foundation Topics 3 Security 101 3 The CIA of Computer Security 3 The Basics of Information Security 5 Think Like a Hacker 8 Chapter Review Activities 10 Review Key Topics 10 Define Key Terms 11 Review Questions 11 Answers and Explanations 13 Chapter 2 Computer Systems Security 17 Foundation Topics 17 Computer Systems Security Threats 17 Malicious Software 18 Viruses 18 Worms 19 Trojan Horses 20 Ransomware 20 Spyware 21 Rootkits 22 Spam 22 Summary of Malware Threats 23 Ways to Deliver Malicious Software 24 Via Software, Messaging, and Media 24 Botnets and Zombies 25 Active Interception 26 Privilege Escalation 26 Backdoors 26 Logic Bombs 27 Preventing and Troubleshooting Malware 28 Preventing and Troubleshooting Viruses 28 Preventing and Troubleshooting Worms and Trojans 32 Preventing and Troubleshooting Spyware 33 Preventing and Troubleshooting Rootkits 35 Preventing and Troubleshooting Spam 36 You Can't Save Every Computer from Malware! 38 Summary of Malware Prevention Techniques 38 Implementing Security Applications 39 Personal Software Firewalls 39 Host-Based Intrusion Detection Systems 41 Pop-Up Blockers 43 Data Loss Prevention Systems 45 Securing Computer Hardware, Peripherals, and Mobile Devices 45 Securing the BIOS 46 Securing Storage Devices 47 Removable Storage 47 Network Attached Storage 48 Whole Disk Encryption 48 Hardware Security Modules 50 Securing Mobile Devices 50 Malware 51 Botnet Activity 52 SIM Cloning 52 Wireless Attacks 53 Theft 53 Application Security 54 BYOD Concerns 57 Chapter Summary 60 Chapter Review Activities 62 Review Key Topics 62 Define Key Terms 62 Review Questions 63 Answers and Explanations 71 Case Studies for Chapter 2 77 Case Study Solutions 79 Chapter 3 OS Hardening and Virtualization 83 Foundation Topics 83 Hardening Operating Systems 83 Removing Unnecessary Applications and Services 84 Service Packs 92 Windows Update, Patches, and Hotfixes 95 Patches and Hotfixes 96 Patch Management 99 Group Policies, Security Templates, and Configuration Baselines 100 Hardening File Systems and Hard Drives 103 Virtualization Technology 107 Types of Virtualization and Their Purposes 107 Hypervisor 109 Securing Virtual Machines 110 Chapter Summary 112 Chapter Review Activities 113 Review Key Topics 113 Define Key Terms 114 Review Questions 114 Answers and Explanations 118 Case Studies for Chapter 3 121 Case Study Solutions 123 Chapter 4 Application Security 127 Foundation Topics 127 Securing the Browser 127 General Browser Security Procedures 129 Implement Policies 129 Train Your Users 132 Use a Proxy and Content Filter 133 Secure Against Malicious Code 135 Securing Internet Explorer 135 Securing Firefox 141 Securing Other Browsers 145 Securing Other Applications 147 Secure Programming 151 Systems Development Life Cycle 151 Programming Testing Methods 154 Programming Vulnerabilities and Attacks 156 Backdoors 157 Buffer Overflows 157 Arbitrary Code Execution/Remote Code Execution 158 XSS and XSRF 159 More Code Injection Examples 159 Directory Traversal 161 Zero Day Attack 161 Chapter Summary 163 Chapter Review Activities 164 Review Key Topics 164 Define Key Terms 165 Review Questions 165 Answers and Explanations 170 Case Studies for Chapter 4 174 Case Study Solutions 175 Chapter 5 Network Design Elements 179 Foundation Topics 179 Network Design 179 The OSI Model 180 Network Devices 182 Hub 182 Switch 182 Router 184 Network Address Translation, and Private Versus Public IP 185 Network Zones and Interconnections 188 LAN Versus WAN 188 Internet 189 Demilitarized Zone (DMZ) 189 Intranets and Extranets 190 Network Access Control (NAC) 192 Subnetting 192 Virtual Local Area Network (VLAN) 194 Telephony Devices 196 Modems 196 PBX Equipment 197 VoIP 197 Cloud Security and Server Defense 198 Cloud Computing 198 Cloud Security 200 Server Defense 203 File Servers 203 Network Controllers 204 E-mail Servers 204 Web Servers 205 FTP Server 207 Chapter Summary 208 Chapter Review Activities 210 Review Key Topics 210 Define Key Terms 210 Review Questions 210 Answers and Explanations 215 Case Studies for Chapter 5 219 Case Study Solutions 220 Chapter 6 Networking Protocols and Threats 225 Foundation Topics 225 Ports and Protocols 225 Ports Ranges, Inbound Versus Outbound, and Common Ports 225 Protocols That Can Cause Anxiety on the Exam 235 Malicious Attacks 236 DoS 236 DDoS 239 Sinkholes and Blackholes 239 Spoofing 240 Session Hijacking 241 Replay 243 Null Sessions 244 Transitive Access and Client-Side Attacks 244 DNS Poisoning and Other DNS Attacks 245 ARP Poisoning 247 Summary of Network Attacks 247 Chapter Summary 251 Chapter Review Activities 252 Review Key Topics 252 Define Key Terms 252 Review Questions 252 Answers and Explanations 258 Case Studies for Chapter 6 262 Case Study Solutions 263 Chapter 7 Network Perimeter Security 267 Foundation Topics 268 Firewalls and Network Security 268 Firewalls 268 Proxy Servers 274 Honeypots and Honeynets 277 Data Loss Prevention (DLP) 278 NIDS Versus NIPS 279 NIDS 279 NIPS 280 Summary of NIDS Versus NIPS 282 The Protocol Analyzer's Role in NIDS and NIPS 282 Unified Threat Management 283 Chapter Summary 283 Chapter Review Activities 284 Review Key Topics 284 Define Key Terms 285 Review Questions 285 Answers and Explanations 290 Case Studies for Chapter 7 294 Case Study Solutions 295 Chapter 8 Securing Network Media and Devices 299 Foundation Topics 299 Securing Wired Networks and Devices 299 Network Device Vulnerabilities 300 Default Accounts 300 Weak Passwords 300 Privilege Escalation 302 Back Doors 303 Network Attacks 303 Other Network Device Considerations 303 Cable Media Vulnerabilities 304 Interference 305 Crosstalk 305 Data Emanation 306 Tapping into Data and Conversations 307 Securing Wireless Networks 309 Wireless Access Point Vulnerabilities 309 The Administration Interface 310 SSID Broadcast 310 Rogue Access Points 311 Evil Twin 311 Weak Encryption 311 Wi-Fi Protected Setup 313 VPN over Open Wireless 314 Wireless Access Point Security Strategies 314 Wireless Transmission Vulnerabilities 317 Bluetooth Vulnerabilities 318 Bluejacking 319 Bluesnarfing 319 Chapter Summary 321 Chapter Review Activities 323 Review Key Topics 323 Define Key Terms 323 Review Questions 324 Answers and Explanations 328 Case Studies for Chapter 8 330 Case Study Solutions 333 Chapter 9 Physical Security and Authentication Models 339 Foundation Topics 340 Physical Security 340 General Building and Server Room Security 340 Door Access 342 Biometric Readers 344 Authentication Models and Components 345 Authentication Models 345 Localized Authentication Technologies 348 802.1X and EAP 348 LDAP 351 Kerberos and Mutual Authentication 352 Remote Desktop Services 354 Remote Authentication Technologies 356 Remote Access Service 356 Virtual Private Networks 358 RADIUS Versus TACACS 360 Chapter Summary 362 Chapter Review Activities 363 Review Key Topics 363 Define Key Terms 364 Review Questions 365 Answers and Explanations 372 Case Studies for Chapter 9 376 Case Study Solutions 379 Chapter 10 Access Control Methods and Models 383 Foundation Topics 383 Access Control Models Defined 383 Discretionary Access Control 384 Mandatory Access Control 386 Role-Based Access Control (RBAC) 387 Access Control Wise Practices 388 Rights, Permissions, and Policies 391 Users, Groups, and Permissions 391 Permission Inheritance and Propagation 396 Moving and Copying Folders and Files 397 Usernames and Passwords 397 Policies 400 User Account Control (UAC) 403 Chapter Summary 404 Chapter Review Activities 405 Review Key Topics 405 Define Key Terms 406 Review Questions 406 Answers and Explanations 412 Case Studies for Chapter 10 416 Case Study Solutions 417 Chapter 11 Vulnerability and Risk Assessment 423 Foundation Topics 423 Conducting Risk Assessments 423 Qualitative Risk Assessment 425 Quantitative Risk Assessment 426 Security Analysis Methodologies 429 Security Controls 430 Vulnerability Management 431 Penetration Testing 433 OVAL 434 Assessing Vulnerability with Security Tools 435 Network Mapping 435 Vulnerability Scanning 438 Network Sniffing 441 Password Analysis 443 Chapter Summary 446 Chapter Review Activities 447 Review Key Topics 447 Define Key Terms 448 Review Questions 448 Answers and Explanations 454 Case Studies for Chapter 11 459 Case Study Solutions 460 Chapter 12 Monitoring and Auditing 465 Foundation Topics 465 Monitoring Methodologies 465 Signature-Based Monitoring 466 Anomaly-Based Monitoring 466 Behavior-Based Monitoring 467 Using Tools to Monitor Systems and Networks 467 Performance Baselining 468 Protocol Analyzers 470 Wireshark 471 Network Monitor 472 SNMP 474 Analytical Tools 475 Conducting Audits 478 Auditing Files 478 Logging 481 Log File Maintenance and Security 485 Auditing System Security Settings 486 Chapter Summary 490 Chapter Review Activities 491 Review Key Topics 491 Define Key Terms 492 Review Questions 492 Answers and Explanations 498 Case Studies for Chapter 12 503 Case Study Solutions 504 Chapter 13 Encryption and Hashing Concepts 507 Foundation Topics 507 Cryptography Concepts 507 Symmetric Versus Asymmetric Key Algorithms 512 Symmetric Key Algorithms 512 Asymmetric Key Algorithms 513 Public Key Cryptography 513 Key Management 515 Steganography 515 Encryption Algorithms 516 DES and 3DES 516 AES 517 RC 518 Blowfish and Twofish 518 Summary of Symmetric Algorithms 519 RSA 519 Diffie-Hellman 521 Elliptic Curve 521 More Encryption Types 523 One-Time Pad 523 PGP 524 Hashing Basics 526 Cryptographic Hash Functions 527 MD5 527 SHA 527 RIPEMD and HMAC 528 Happy Birthday! 528 LANMAN, NTLM, and NTLMv2 529 LANMAN 529 NTLM and NTLMv2 531 Additional Password Hashing Concepts 531 Chapter Summary 533 Chapter Review Activities 534 Review Key Topics 534 Define Key Terms 535 Review Questions 535 Answers and Explanations 542 Case Studies for Chapter 13 546 Case Study Solutions 547 Chapter 14 PKI and Encryption Protocols 551 Foundation Topics 551 Public Key Infrastructure 551 Certificates 552 Certificate Authorities 552 Single-Sided and Dual-Sided Certificates 556 Web of Trust 556 Security Protocols 557 S/MIME 557 SSL/TLS 558 SSH 559 PPTP, L2TP, and IPsec 560 PPTP 560 L2TP 560 IPsec 561 Chapter Summary 561 Chapter Review Activities 562 Review Key Topics 562 Define Key Terms 563 Review Questions 563 Answers and Explanations 568 Case Studies for Chapter 14 571 Case Study Solutions 571 Chapter 15 Redundancy and Disaster Recovery 575 Foundation Topics 575 Redundancy Planning 575 Redundant Power 577 Redundant Power Supplies 579 Uninterruptible Power Supplies 579 Backup Generators 581 Redundant Data 582 Redundant Networking 586 Redundant Servers 587 Redundant Sites 588 Redundant People 589 Disaster Recovery Planning and Procedures 590 Data Backup 590 DR Planning 594 Chapter Summary 598 Chapter Review Activities 598 Review Key Topics 598 Define Key Terms 599 Review Questions 599 Answers and Explanations 604 Case Study for Chapter 15 607 Case Study Solution 607 Chapter 16 Policies, Procedures, and People 611 Foundation Topics 611 Environmental Controls 611 Fire Suppression 611 Fire Extinguishers 612 Sprinkler Systems 613 Special Hazard Protection Systems 614 HVAC 615 Shielding 616 Social Engineering 617 Pretexting 618 Malicious Insider 618 Diversion Theft 619 Phishing 619 Hoaxes 621 Shoulder Surfing 621 Eavesdropping 622 Dumpster Diving 622 Baiting 622 Piggybacking/Tailgating 622 Summary of Social Engineering Types 623 User Education and Awareness 624 Legislative and Organizational Policies 625 Data Sensitivity and Classification of Information 626 Personnel Security Policies 628 Privacy Policies 628 Acceptable Use 629 Change Management 629 Separation of Duties/Job Rotation 630 Mandatory Vacations 630 Onboarding and Offboarding 631 Due Diligence 631 Due Care 631 Due Process 632 User Education and Awareness Training 632 Summary of Personnel Security Policies 633 How to Deal with Vendors 633 How to Dispose of Computers and Other IT Equipment Securely 634 Incident Response Procedures 636 Chapter Summary 642 Chapter Review Activities 643 Review Key Topics 643 Review Questions 644 Answers and Explanations 653 Case Studies for Chapter 16 658 Case Study Solutions 659 Chapter 17 Taking the Real Exam 663 Getting Ready and the Exam Preparation Checklist 663 Tips for Taking the Real Exam 667 Beyond the CompTIA Security+ Certification 670 Case Study for Chapter 17 671 Case Study 17-1: Analyzing Test Questions 671 Practice Exam 1: SY0-401 673 Glossary 725 On the DVD: APPENDIX A View Recommended Resources APPENDIX B Master List of Key Topics Acronyms Case Studies Case Study Solutions (Video and Simulations) Table 6-2 TOC, 978078975335, 6/19/2014