CompTIA Security+ Study Guide Authorized Courseware: Exam SY0-301, 5th Edition

Foreword xxv

Introduction xxix

Assessment Test l

Chapter 1 Measuring and Weighing Risk 1

Risk Assessment 2

Computing Risk Assessment 3

Acting on Your Risk Assessment 5

Risks Associated with Cloud Computing 7

Risks Associated with Virtualization 8

Developing Policies, Standards, and Guidelines 9

Implementing Policies 9

Incorporating Standards 10

Following Guidelines 11

Business Policies 12

Understanding Control Types, False Positives, and Change and Incident Management 16

Summary 18

Exam Essentials 19

Review Questions 20

Answers to Review Questions 24

Chapter 2 Infrastructure and Connectivity 27

Mastering TCP/IP 29

Working with the TCP/IP Suite 30

IPv4 vs. IPv6 33

Understanding Encapsulation 34

Working with Protocols and Services 35

Distinguishing between Security Topologies 41

Setting Design Goals 41

Creating Security Zones 43

Working with Newer Technologies 48

Working with Business Requirements 53

Understanding Infrastructure Security 53

Working with Hardware Components 53

Working with Software Components 55

Understanding the Different Network Infrastructure Devices 56

Firewalls 56

Hubs 61

Modems 62

Remote Access Services 62

Routers 63

Switches 65

Load Balancers 66

Telecom/PBX Systems 66

Virtual Private Networks 68

Web Security Gateway 69

Spam Filters 69

Understanding Remote Access 70

Using Point-to-Point Protocol 70

Working with Tunneling Protocols 71

Summary 72

Exam Essentials 73

Review Questions 74

Answers to Review Questions 78

Chapter 3 Protecting Networks 81

Monitoring and Diagnosing Networks 83

Network Monitors 83

Intrusion Detection Systems 84

Understanding Intrusion Detection Systems 85

Working with a Network-Based IDS 89

Working with a Host-Based IDS 93

Working with NIPS 95

Utilizing Honeypots 96

Understanding Protocol Analyzers 97

Securing Workstations and Servers 98

Securing Internet Connections 100

Working with Ports and Sockets 101

Working with Email 102

Working with the Web 103

Working with File Transfer Protocol 108

Understanding Network Protocols 110

Summary 112

Exam Essentials 112

Review Questions 114

Answers to Review Questions 118

Chapter 4 Threats and Vulnerabilities 121

Understanding Software Exploitation 123

Surviving Malicious Code 131

Viruses 132

Trojan Horses 139

Logic Bombs 140

Worms 140

Antivirus Software 141

Calculating Attack Strategies 143

Understanding Access Attack Types 144

Recognizing Modification and Repudiation Attacks 146

Identifying Denial-of-Service and Distributed Denial-of-Service Attacks 147

Recognizing Botnets 149

Recognizing Common Attacks 150

Backdoor Attacks 150

Spoofing Attacks 151

Pharming Attacks 152

Phishing and Spear Phishing Attacks 152

Man-in-the-Middle Attacks 153

Replay Attacks 154

Password-Guessing Attacks 154

Privilege Escalation 155

Identifying TCP/IP Security Concerns 160

Recognizing TCP/IP Attacks 160

Summary 166

Exam Essentials 167

Review Questions 169

Answers to Review Questions 173

Chapter 5 Access Control and Identity Management 175

Access Control Basics 177

Identification vs. Authentication 177

Authentication (Single Factor) and Authorization 178

Multifactor Authentication 178

Operational Security 180

Tokens 180

Potential Authentication and Access Problems 181

Authentication Issues to Consider 182

Understanding Remote Access Connectivity 184

Using the Point-to-Point Protocol 184

Working with Tunneling Protocols 185

Working with RADIUS 186

TACACS/TACACS+/XTACACS 187

VLAN Management 187

Understanding Authentication Services 189

LDAP 189

Kerberos 189

Single Sign-On Initiatives 189

Understanding Access Control 191

Mandatory Access Control 192

Discretionary Access Control 192

Role-Based Access Control 193

Rule-Based Access Control 193

Implementing Access Control Best Practices 193

Smart Cards 193

Access Control Lists 195

Trusted OS 196

Secure Router Configuration 197

Summary 198

Exam Essentials 198

Review Questions 200

Answers to Review Questions 204

Chapter 6 Educating and Protecting the User 207

Understanding Security Awareness and Training 209

Communicating with Users to Raise Awareness 210

Providing Education and Training 210

Training Topics 211

Classifying Information 217

Public Information 218

Private Information 219

Information Access Controls 221

Complying with Privacy and Security Regulations 226

The Health Insurance Portability and Accountability Act 226

The Gramm-Leach-Bliley Act 227

The Computer Fraud and Abuse Act 227

The Family Educational Rights and Privacy Act 228

The Computer Security Act of 1987 228

The Cyberspace Electronic Security Act 228

The Cyber Security Enhancement Act 229

The Patriot Act 229

Familiarizing Yourself with International Efforts 229

Understanding Social Engineering 230

Types of Social Engineering Attacks 231

What Motivates an Attack? 233

Social Engineering Attack Examples 233

Summary 237

Exam Essentials 237

Review Questions 239

Answers to Review Questions 243

Chapter 7 Operating System and Application Security 245

Hardening the Operating System 247

The Basics of OS Hardening 247

Hardening Filesystems 253

Updating Your Operating System 255

Application Hardening 256

Fuzzing 256

Cross-Site Request Forgery 257

Application Configuration Baselining 257

Application Patch Management 257

Making Your Network More Secure Through Hardening 258

Working with Data Repositories 264

Directory Services 264

Databases and Technologies 266

Injection Problems 267

SQL Injection 267

LDAP Injection 268

XML Injection 268

Directory Traversal/Command Injection 269

Host Security 269

Antimalware 269

Host Software Baselining 274

Mobile Devices 275

Best Practices for Security 276

URL Filtering 276

Content Inspection 277

Malware Inspection 278

Data Loss Prevention 280

Data Encryption 280

Hardware-Based Encryption Devices 281

Attack Types to Be Aware Of 282

Session Hijacking 282

Header Manipulation 282

Summary 283

Exam Essentials 284

Review Questions 285

Answers to Review Questions 289

Chapter 8 Cryptography Basics 291

An Overview of Cryptography 293

Understanding Non-mathematical Cryptography 293

Understanding Mathematical Cryptography 296

Working with Passwords 298

Understanding Quantum Cryptography 299

Uncovering the Myth of Unbreakable Codes 300

Understanding Cryptographic Algorithms 302

The Science of Hashing 302

Working with Symmetric Algorithms 304

Working with Asymmetric Algorithms 307

Wi-Fi Encryption 309

Using Cryptographic Systems 309

Confidentiality 310

Integrity 310

Digital Signatures 311

Authentication 312

Non-repudiation 314

Access Control 314

Key Features 315

Understanding Cryptography Standards and Protocols 315

The Origins of Encryption Standards 316

Public-Key Infrastructure X.509/Public-Key Cryptography Standards 320

X.509 321

SSL and TLS 321

Certificate Management Protocols 323

Secure Multipurpose Internet Mail Extensions 323

Secure Electronic Transaction 324

Secure Shell 325

Pretty Good Privacy 325

HTTP Secure 327

Secure HTTP 327

IP Security 327

Tunneling Protocols 330

Federal Information Processing Standard 330

Summary 331

Exam Essentials 331

Review Questions 333

Answers to Review Questions 337

Chapter 9 Cryptography Implementation 339

Using Public Key Infrastructure 340

Using a Certificate Authority 341

Working with Registration Authorities and Local Registration Authorities 342

Implementing Certificates 344

Understanding Certificate Revocation 347

Implementing Trust Models 348

Preparing for Cryptographic Attacks 355

Ways to Attack Cryptographic Systems 356

Three Types of Cryptographic Attacks 357

Understanding Key Management and the Key Life Cycle 358

Methods for Key Generation 359

Storing and Distributing Keys 361

Using Key Escrow 363

Identifying Key Expiration 364

Revoking Keys 364

Suspending Keys 364

Recovering and Archiving Keys 365

Renewing Keys 366

Destroying Keys 367

Identifying Key Usage 368

Summary 368

Exam Essentials 369

Review Questions 370

Answers to Review Questions 374

Chapter 10 Physical and Hardware-Based Security 375

Implementing Access Control 376

Physical Barriers 376

Security Zones 382

Partitioning 384

Biometrics 386

Maintaining Environmental and Power Controls 386

Environmental Monitoring 387

Power Systems 388

EMI Shielding 389

Hot and Cold Aisles 391

Fire Suppression 392

Fire Extinguishers 392

Fixed Systems 393

Summary 394

Exam Essentials 394

Review Questions 395

Answers to Review Questions 399

Chapter 11 Security and Vulnerability in the Network 401

Network Security Threats 403

Penetration Testing 404

Vulnerability Scanning 405

Ethical Hacking 407

Assessment Types and Techniques 408

Secure Network Administration Principles 409

Rule-Based Management 410

Port Security 410

Working with 802.1X 411

Flood Guards and Loop Protection 411

Preventing Network Bridging 411

Log Analysis 412

Mitigation and Deterrent Techniques 412

Manual Bypassing of Electronic Controls 412

Monitoring System Logs 413

Security Posture 419

Reporting 420

Detection/Prevention Controls 420

Summary 421

Exam Essentials 421

Review Questions 422

Answers to Review Questions 426

Chapter 12 Wireless Networking Security 429

Working with Wireless Systems 430

IEEE 802.11x Wireless Protocols 430

WEP/WAP/WPA/WPA2 432

Wireless Transport Layer Security 434

Understanding Mobile Devices 435

Wireless Access Points 436

Extensible Authentication Protocol 441

Lightweight Extensible Authentication Protocol 442

Protected Extensible Authentication Protocol 443

Wireless Vulnerabilities to Know 443

Summary 448

Exam Essentials 448

Review Questions 450

Answers to Review Questions 454

Chapter 13 Disaster Recovery and Incident Response 455

Understanding Business Continuity 456

Undertaking Business Impact Analysis 457

Utilities 458

High Availability 460

Disaster Recovery 464

Incident Response Policies 479

Understanding Incident Response 480

Succession Planning 487

Reinforcing Vendor Support 487

Service-Level Agreements 487

Code Escrow Agreements 489

Summary 490

Exam Essentials 491

Review Questions 492

Answers to Review Questions 496

Chapter 14 Security-Related Policies and Procedures 499

Policies You Must Have 500

Data Loss/Theft Policies 500

Least Privilege 501

Separation of Duties 502

Time of Day Restrictions 502

Mandatory Vacations and Job Rotation 504

Policies You Should Have 504

Human Resource Policies 504

Certificate Policies 508

Security Controls for Account Management 510

User and Group Role Management 510

Users with Multiple Accounts/Roles 512

Auditing 512

Account Policy Enforcement 519

Summary 521

Exam Essentials 522

Review Questions 523

Answers to Review Questions 527

Chapter 15 Security Administration 529

Security Administrator’s Troubleshooting Guide 530

Getting Started 531

Creating a Home Lab 531

In the Workplace 532

Which OS Should You Use? 533

Creating a Security Solution 533

Access Control Issues 534

Accountability Concerns 534

Auditing 535

Authentication Schemes 536

Authentication Factors 536

Mutual Authentication 537

Authentication Protection 538

Backup Management 538

Baselining Security 539

Certificate Management 540

Communications Security 541

Preauthentication 541

Remote Control/Remote Shell 542

Virtual Private Networks 543

Directory Services Protection 543

Disaster Planning 544

Documenting Your Environment 545

Email Issues 545

File-Sharing Basics 547

Working with IDSs and Honey Pots 548

Incident Handling 548

Internet Common Sense 549

Key Management Conventions 550

Preventing Common Malicious Events 551

Constructing a Line of Defense 552

Types of Attacks 553

Antivirus Protection 554

Making Stronger Passwords 555

Managing Personnel 557

Keeping Physical Security Meaningful 558

Securing the Infrastructure 560

Working with Security Zones 562

Social Engineering Risks 562

System Hardening Basics 563

Securing the Wireless Environment 565

Summary 566

Appendix A About the Companion CD 567

What You’ll Find on the CD 568

Sybex Test Engine 568

Electronic Flashcards 568

PDF of the Glossary 568

System Requirements 569

Using the CD 569

Troubleshooting 570

Customer Care 570

Glossary 571

Index 613