Buy New

or
Sign in to turn on 1-Click ordering.
Buy Used
Used - Good See details
Price: £12.67

or
 
   
More Buying Choices
Have one to sell? Sell yours here
Tell the Publisher!
I’d like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

CompTIA Security+ Study Guide: (Exam# SY0-301) [Paperback]

Emmett Dulaney
4.2 out of 5 stars  See all reviews (4 customer reviews)
RRP: £33.99
Price: £29.19 & FREE Delivery in the UK. Details
You Save: £4.80 (14%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 10 left in stock.
Dispatched from and sold by Amazon. Gift-wrap available.
Want it Monday, 22 Dec.? Choose Express delivery at checkout. Details
‹  Return to Product Overview

Table of Contents

Foreword xxv Introduction xxix Assessment Test l Chapter 1 Measuring and Weighing Risk 1 Risk Assessment 2 Computing Risk Assessment 3 Acting on Your Risk Assessment 5 Risks Associated with Cloud Computing 7 Risks Associated with Virtualization 8 Developing Policies, Standards, and Guidelines 9 Implementing Policies 9 Incorporating Standards 10 Following Guidelines 11 Business Policies 12 Understanding Control Types, False Positives, and Change and Incident Management 16 Summary 18 Exam Essentials 19 Review Questions 20 Answers to Review Questions 24 Chapter 2 Infrastructure and Connectivity 27 Mastering TCP/IP 29 Working with the TCP/IP Suite 30 IPv4 vs. IPv6 33 Understanding Encapsulation 34 Working with Protocols and Services 35 Distinguishing between Security Topologies 41 Setting Design Goals 41 Creating Security Zones 43 Working with Newer Technologies 48 Working with Business Requirements 53 Understanding Infrastructure Security 53 Working with Hardware Components 53 Working with Software Components 55 Understanding the Different Network Infrastructure Devices 56 Firewalls 56 Hubs 61 Modems 62 Remote Access Services 62 Routers 63 Switches 65 Load Balancers 66 Telecom/PBX Systems 66 Virtual Private Networks 68 Web Security Gateway 69 Spam Filters 69 Understanding Remote Access 70 Using Point–to–Point Protocol 70 Working with Tunneling Protocols 71 Summary 72 Exam Essentials 73 Review Questions 74 Answers to Review Questions 78 Chapter 3 Protecting Networks 81 Monitoring and Diagnosing Networks 83 Network Monitors 83 Intrusion Detection Systems 84 Understanding Intrusion Detection Systems 85 Working with a Network–Based IDS 89 Working with a Host–Based IDS 93 Working with NIPS 95 Utilizing Honeypots 96 Understanding Protocol Analyzers 97 Securing Workstations and Servers 98 Securing Internet Connections 100 Working with Ports and Sockets 101 Working with Email 102 Working with the Web 103 Working with File Transfer Protocol 108 Understanding Network Protocols 110 Summary 112 Exam Essentials 112 Review Questions 114 Answers to Review Questions 118 Chapter 4 Threats and Vulnerabilities 121 Understanding Software Exploitation 123 Surviving Malicious Code 131 Viruses 132 Trojan Horses 139 Logic Bombs 140 Worms 140 Antivirus Software 141 Calculating Attack Strategies 143 Understanding Access Attack Types 144 Recognizing Modification and Repudiation Attacks 146 Identifying Denial–of–Service and Distributed Denial–of–Service Attacks 147 Recognizing Botnets 149 Recognizing Common Attacks 150 Backdoor Attacks 150 Spoofing Attacks 151 Pharming Attacks 152 Phishing and Spear Phishing Attacks 152 Man–in–the–Middle Attacks 153 Replay Attacks 154 Password–Guessing Attacks 154 Privilege Escalation 155 Identifying TCP/IP Security Concerns 160 Recognizing TCP/IP Attacks 160 Summary 166 Exam Essentials 167 Review Questions 169 Answers to Review Questions 173 Chapter 5 Access Control and Identity Management 175 Access Control Basics 177 Identification vs. Authentication 177 Authentication (Single Factor) and Authorization 178 Multifactor Authentication 178 Operational Security 180 Tokens 180 Potential Authentication and Access Problems 181 Authentication Issues to Consider 182 Understanding Remote Access Connectivity 184 Using the Point–to–Point Protocol 184 Working with Tunneling Protocols 185 Working with RADIUS 186 TACACS/TACACS+/XTACACS 187 VLAN Management 187 Understanding Authentication Services 189 LDAP 189 Kerberos 189 Single Sign–On Initiatives 189 Understanding Access Control 191 Mandatory Access Control 192 Discretionary Access Control 192 Role–Based Access Control 193 Rule–Based Access Control 193 Implementing Access Control Best Practices 193 Smart Cards 193 Access Control Lists 195 Trusted OS 196 Secure Router Configuration 197 Summary 198 Exam Essentials 198 Review Questions 200 Answers to Review Questions 204 Chapter 6 Educating and Protecting the User 207 Understanding Security Awareness and Training 209 Communicating with Users to Raise Awareness 210 Providing Education and Training 210 Training Topics 211 Classifying Information 217 Public Information 218 Private Information 219 Information Access Controls 221 Complying with Privacy and Security Regulations 226 The Health Insurance Portability and Accountability Act 226 The Gramm–Leach–Bliley Act 227 The Computer Fraud and Abuse Act 227 The Family Educational Rights and Privacy Act 228 The Computer Security Act of 1987 228 The Cyberspace Electronic Security Act 228 The Cyber Security Enhancement Act 229 The Patriot Act 229 Familiarizing Yourself with International Efforts 229 Understanding Social Engineering 230 Types of Social Engineering Attacks 231 What Motivates an Attack? 233 Social Engineering Attack Examples 233 Summary 237 Exam Essentials 237 Review Questions 239 Answers to Review Questions 243 Chapter 7 Operating System and Application Security 245 Hardening the Operating System 247 The Basics of OS Hardening 247 Hardening Filesystems 253 Updating Your Operating System 255 Application Hardening 256 Fuzzing 256 Cross–Site Request Forgery 257 Application Configuration Baselining 257 Application Patch Management 257 Making Your Network More Secure Through Hardening 258 Working with Data Repositories 264 Directory Services 264 Databases and Technologies 266 Injection Problems 267 SQL Injection 267 LDAP Injection 268 XML Injection 268 Directory Traversal/Command Injection 269 Host Security 269 Antimalware 269 Host Software Baselining 274 Mobile Devices 275 Best Practices for Security 276 URL Filtering 276 Content Inspection 277 Malware Inspection 278 Data Loss Prevention 280 Data Encryption 280 Hardware–Based Encryption Devices 281 Attack Types to Be Aware Of 282 Session Hijacking 282 Header Manipulation 282 Summary 283 Exam Essentials 284 Review Questions 285 Answers to Review Questions 289 Chapter 8 Cryptography Basics 291 An Overview of Cryptography 293 Understanding Non–mathematical Cryptography 293 Understanding Mathematical Cryptography 296 Working with Passwords 298 Understanding Quantum Cryptography 299 Uncovering the Myth of Unbreakable Codes 300 Understanding Cryptographic Algorithms 302 The Science of Hashing 302 Working with Symmetric Algorithms 304 Working with Asymmetric Algorithms 307 Wi–Fi Encryption 309 Using Cryptographic Systems 309 Confidentiality 310 Integrity 310 Digital Signatures 311 Authentication 312 Non–repudiation 314 Access Control 314 Key Features 315 Understanding Cryptography Standards and Protocols 315 The Origins of Encryption Standards 316 Public–Key Infrastructure X.509/Public–Key Cryptography Standards 320 X.509 321 SSL and TLS 321 Certificate Management Protocols 323 Secure Multipurpose Internet Mail Extensions 323 Secure Electronic Transaction 324 Secure Shell 325 Pretty Good Privacy 325 HTTP Secure 327 Secure HTTP 327 IP Security 327 Tunneling Protocols 330 Federal Information Processing Standard 330 Summary 331 Exam Essentials 331 Review Questions 333 Answers to Review Questions 337 Chapter 9 Cryptography Implementation 339 Using Public Key Infrastructure 340 Using a Certificate Authority 341 Working with Registration Authorities and Local Registration Authorities 342 Implementing Certificates 344 Understanding Certificate Revocation 347 Implementing Trust Models 348 Preparing for Cryptographic Attacks 355 Ways to Attack Cryptographic Systems 356 Three Types of Cryptographic Attacks 357 Understanding Key Management and the Key Life Cycle 358 Methods for Key Generation 359 Storing and Distributing Keys 361 Using Key Escrow 363 Identifying Key Expiration 364 Revoking Keys 364 Suspending Keys 364 Recovering and Archiving Keys 365 Renewing Keys 366 Destroying Keys 367 Identifying Key Usage 368 Summary 368 Exam Essentials 369 Review Questions 370 Answers to Review Questions 374 Chapter 10 Physical and Hardware–Based Security 375 Implementing Access Control 376 Physical Barriers 376 Security Zones 382 Partitioning 384 Biometrics 386 Maintaining Environmental and Power Controls 386 Environmental Monitoring 387 Power Systems 388 EMI Shielding 389 Hot and Cold Aisles 391 Fire Suppression 392 Fire Extinguishers 392 Fixed Systems 393 Summary 394 Exam Essentials 394 Review Questions 395 Answers to Review Questions 399 Chapter 11 Security and Vulnerability in the Network 401 Network Security Threats 403 Penetration Testing 404 Vulnerability Scanning 405 Ethical Hacking 407 Assessment Types and Techniques 408 Secure Network Administration Principles 409 Rule–Based Management 410 Port Security 410 Working with 802.1X 411 Flood Guards and Loop Protection 411 Preventing Network Bridging 411 Log Analysis 412 Mitigation and Deterrent Techniques 412 Manual Bypassing of Electronic Controls 412 Monitoring System Logs 413 Security Posture 419 Reporting 420 Detection/Prevention Controls 420 Summary 421 Exam Essentials 421 Review Questions 422 Answers to Review Questions 426 Chapter 12 Wireless Networking Security 429 Working with Wireless Systems 430 IEEE 802.11x Wireless Protocols 430 WEP/WAP/WPA/WPA2 432 Wireless Transport Layer Security 434 Understanding Mobile Devices 435 Wireless Access Points 436 Extensible Authentication Protocol 441 Lightweight Extensible Authentication Protocol 442 Protected Extensible Authentication Protocol 443 Wireless Vulnerabilities to Know 443 Summary 448 Exam Essentials 448 Review Questions 450 Answers to Review Questions 454 Chapter 13 Disaster Recovery and Incident Response 455 Understanding Business Continuity 456 Undertaking Business Impact Analysis 457 Utilities 458 High Availability 460 Disaster Recovery 464 Incident Response Policies 479 Understanding Incident Response 480 Succession Planning 487 Reinforcing Vendor Support 487 Service–Level Agreements 487 Code Escrow Agreements 489 Summary 490 Exam Essentials 491 Review Q...

‹  Return to Product Overview