CompTIA Security+ Study Guide: Sy0–401

All the test prep you need for Exam SY0–401 In this highly anticipated new edition of the popular CompTIA Security+ Study Guide , top security authorities Emmett Dulaney and Chuck Easttom prepare you for the latest CompTIA Security+ exam, SY0–401. They cover exam essentials such as network security, compliance and operational security, threats and vulnerabilities, and application, data, and host securityand they offer vital insights from their decades of security experience. This CompTIA approved courseware includes: Full coverage of all exam objectives in a systematic approach, so you can be confident youre getting the instruction you need for the exam Practical written labs to reinforce critical skills Real–world scenarios that put what youve learned in the context of actual job roles Challenging review questions in each chapter to prepare you for exam day Exam Essentials, a key feature in each chapter that identifies critical areas you must become proficient in before taking the exam A handy section that maps every official exam objective to the corresponding chapter in the book so you can track your exam prep objective by objective A coupon that saves you 10% on CompTIA exam vouchers Sybex Exam Prep Tools Go to www.sybex.com/go/securityplus6e to access a full set of study tools to help you prepare for the exam, including: Chapter review questions A pre–assessment test Full–length practice exams Over 100 electronic flashcards Glossary of key terms Includes coverage of all exam objectives, including these key topics: Network security Compliance and operational security Threats and vulnerabilities Application, data, and host security Access control and identity management Cryptography

Foreword xxi Introduction xxiii Chapter 1 Measuring and Weighing Risk 1 Risk Assessment 3 Computing Risk Assessment 4 Acting on Your Risk Assessment 9 Risks Associated with Cloud Computing 17 Risks Associated with Virtualization 19 Developing Policies, Standards, and Guidelines 19 Implementing Policies 20 Understanding Control Types and False Positives/Negatives 26 Risk Management Best Practices 28 Disaster Recovery 36 Tabletop Exercise 39 Summary 39 Exam Essentials 39 Review Questions 41 Chapter 2 Monitoring and Diagnosing Networks 45 Monitoring Networks 46 Network Monitors 46 Understanding Hardening 52 Working with Services 52 Patches 56 User Account Control 57 Filesystems 58 Securing the Network 60 Security Posture 61 Continuous Security Monitoring 61 Setting a Remediation Policy 62 Reporting Security Issues 63 Alarms 63 Alerts 63 Trends 63 Differentiating between Detection Controls and Prevention Controls 64 Summary 65 Exam Essentials 66 Review Questions 67 Chapter 3 Understanding Devices and Infrastructure 71 Mastering TCP/IP 73 OSI Relevance 74 Working with the TCP/IP Suite 74 IPv4 and IPv6 78 Understanding Encapsulation 79 Working with Protocols and Services 80 Designing a Secure Network 87 Demilitarized Zones 87 Subnetting 89 Virtual Local Area Networks 89 Remote Access 92 Network Address Translation 93 Telephony 94 Network Access Control 95 Understanding the Various Network Infrastructure Devices 95 Firewalls 96 Routers 100 Switches 102 Load Balancers 103 Proxies 103 Web Security Gateway 103 VPNs and VPN Concentrators 103 Intrusion Detection Systems 105 Understanding Intrusion Detection Systems 106 IDS vs. IPS 110 Working with a Network–Based IDS 111 Working with a Host–Based IDS 116 Working with NIPSs 117 Protocol Analyzers 118 Spam Filters 118 UTM Security Appliances 119 Summary 122 Exam Essentials 123 Review Questions 124 Chapter 4 Access Control, Authentication, and Authorization 129 Understanding Access Control Basics 131 Identification vs. Authentication 131 Authentication (Single Factor) and Authorization 132 Multifactor Authentication 133 Layered Security and Defense in Depth 133 Network Access Control 134 Tokens 135 Federations 135 Potential Authentication and Access Problems 136 Authentication Issues to Consider 137 Authentication Protocols 139 Account Policy Enforcement 139 Users with Multiple Accounts/Roles 141 Generic Account Prohibition 142 Group–based and User–assigned Privileges 142 Understanding Remote Access Connectivity 142 Using the Point–to–Point Protocol 143 Working with Tunneling Protocols 144 Working with RADIUS 145 TACACS/TACACS+/XTACACS 146 VLAN Management 146 SAML 147 Understanding Authentication Services 147 LDAP 147 Kerberos 148 Single Sign–On Initiatives 149 Understanding Access Control 150 Mandatory Access Control 151 Discretionary Access Control 151 Role–Based Access Control 152 Rule–Based Access Control 152 Implementing Access Controlling Best Practices 152 Least Privileges 153 Separation of Duties 153 Time of Day Restrictions 153 User Access Review 154 Smart Cards 154 Access Control Lists 156 Port Security 157 Working with 802.1X 158 Flood Guards and Loop Protection 158 Preventing Network Bridging 158 Log Analysis 159 Trusted OS 159 Secure Router Configuration 160 Summary 161 Exam Essentials 161 Review Questions 163 Chapter 5 Protecting Wireless Networks 167 Working with Wireless Systems 169 IEEE 802.11x Wireless Protocols 169 WEP/WAP/WPA/WPA2 171 Wireless Transport Layer Security 173 Understanding Wireless Devices 174 Wireless Access Points 175 Extensible Authentication Protocol 181 Lightweight Extensible Authentication Protocol 182 Protected Extensible Authentication Protocol 182 Wireless Vulnerabilities to Know 183 Wireless Attack Analogy 187 Summary 188 Exam Essentials 189 Review Questions 190 Chapter 6 Securing the Cloud 195 Working with Cloud Computing 196 Software as a Service (SaaS) 197 Platform as a Service (PaaS) 198 Infrastructure as a Service (IaaS) 199 Private Cloud 200 Public Cloud 200 Community Cloud 200 Hybrid Cloud 201 Working with Virtualization 201 Snapshots 203 Patch Compatibility 203 Host Availability/Elasticity 204 Security Control Testing 204 Sandboxing 204 Security and the Cloud 205 Cloud Storage 206 Summary 207 Exam Essentials 207 Review Questions 208 Chapter 7 Host, Data, and Application Security 213 Application Hardening 215 Databases and Technologies 215 Fuzzing 218 Secure Coding 218 Application Configuration Baselining 219 Operating System Patch Management 220 Application Patch Management 220 Host Security 220 Permissions 220 Access Control Lists 221 Antimalware 221 Host Software Baselining 226 Hardening Web Servers 227 Hardening Email Servers 228 Hardening FTP Servers 229 Hardening DNS Servers 230 Hardening DHCP Services 231 Protecting Data Through Fault Tolerance 233 Backups 233 RAID 234 Clustering and Load Balancing 235 Application Security 235 Best Practices for Security 236 Data Loss Prevention 236 Hardware–Based Encryption Devices 237 Summary 238 Exam Essentials 238 Review Questions 239 Chapter 8 Cryptography 243 An Overview of Cryptography 245 Historical Cryptography 245 Modern Cryptography 249 Working with Symmetric Algorithms 249 Working with Asymmetric Algorithms 251 What Cryptography Should You Use? 254 Hashing Algorithms 255 Rainbow Tables and Salt 256 Key Stretching 256 Understanding Quantum Cryptography 257 Cryptanalysis Methods 257 Wi–Fi Encryption 258 Using Cryptographic Systems 258 Confidentiality and Strength 259 Integrity 259 Digital Signatures 261 Authentication 261 Nonrepudiation 262 Key Features 262 Understanding Cryptography Standards and Protocols 263 The Origins of Encryption Standards 263 Public–Key Infrastructure X.509/Public–Key Cryptography Standards 266 X.509 267 SSL and TLS 268 Certificate Management Protocols 270 Secure Multipurpose Internet Mail Extensions 270 Secure Electronic Transaction 270 Secure Shell 271 Pretty Good Privacy 272 HTTP Secure 274 Secure HTTP 274 IP Security 274 Tunneling Protocols 277 Federal Information Processing Standard 278 Using Public–Key Infrastructure 278 Using a Certificate Authority 279 Working with Registration Authorities and Local Registration Authorities 280 Implementing Certificates 281 Understanding Certificate Revocation 285 Implementing Trust Models 285 Hardware–Based Encryption Devices 290 Data Encryption 290 Summary 291 Exam Essentials 291 Review Questions 293 Chapter 9 Malware, Vulnerabilities, and Threats 297 Understanding Malware 300 Surviving Viruses 310 Symptoms of a Virus Infection 311 How Viruses Work 311 Types of Viruses 312 Managing Spam to Avoid Viruses 316 Antivirus Software 317 Understanding Various Types of Attacks 318 Identifying Denial–of–Service and Distributed Denial–of–Service Attacks 319 Spoofing Attacks 321 Pharming Attacks 322 Phishing, Spear Phishing, and Vishing 323 Xmas Attack 324 Man–in–the–Middle Attacks 324 Replay Attacks 325 Smurf Attacks 326 Password Attacks 326 Privilege Escalation 328 Malicious Insider Threats 332 Transitive Access 332 Client–Side Attacks 333 Typo Squatting and URL Hijacking 333 Watering Hole Attack 334 Identifying Types of Application Attacks 334 Cross–Site Scripting and Forgery 334 SQL Injection 335 LDAP Injection 336 XML Injection 337 Directory Traversal/Command Injection 337 Buffer Overflow 338 Integer Overflow 338 Zero–Day Exploits 338 Cookies and Attachments 338 Locally Shared Objects and Flash Cookies 339 Malicious Add–Ons 339 Session Hijacking 340 Header Manipulation 340 Arbitrary Code and Remote Code Execution 341 Tools for Finding Threats 341 Interpreting Assessment Results 341 Tools to Know 342 Risk Calculations and Assessment Types 344 Summary 346 Exam Essentials 346 Review Questions 348 Chapter 10 Social Engineering and Other Foes 353 Understanding Social Engineering 355 Types of Social Engineering Attacks 356 What Motivates an Attack? 361 The Principles Behind Social Engineering 362 Social Engineering Attack Examples 363 Understanding Physical Security 366 Hardware Locks and Security 369 Mantraps 371 Video Surveillance 371 Fencing 372 Access List 373 Proper Lighting 374 Signs 374 Guards 374 Barricades 375 Biometrics 375 Protected Distribution 376 Alarms 376 Motion Detection 376 Environmental Controls 377 HVAC 378 Fire Suppression 378 EMI Shielding 380 Hot and Cold Aisles 382 Environmental Monitoring 383 Temperature and Humidity Controls 383 Control Types 384 A Control Type Analogy 385 Data Policies 385 Destroying a Flash Drive 386 Some Considerations 387 Optical Discs 388 Summary 389 Exam Essentials 389 Review Questions 391 Chapter 11 Security Administration 395 Third–Party Integration 397 Transitioning 397 Ongoing Operations 398 Understanding Security Awareness and Training 399 Communicating with Users to Raise Awareness 399 Providing Education and Training 399 Safety Topics 401 Training Topics 402 Classifying Information 409 Public Information 410 Private Information 411 Information Access Controls 413 Security Concepts 413 Complying with Privacy and Security Regulations 414 The Health Insurance Portability and Accountability Act 415 The Gramm–Leach–Bliley Act 415 The Computer Fraud and Abuse Act 416 The Family Educational Rights and Privacy Act 416 The Computer Security Act of 1987 416 The Cyberspace Electronic Security Act 417 The Cyber Security Enhancement Act 417 The Patriot Act 417 Familiarizing Yourself with International Efforts 418 Mobile Devices 418 BYOD Issues 419 Alternative Methods to Mitigate Security Risks 420 Summary 422 Exam Essentials 422 Review Questions 424 Chapter 12 Disaster Recovery and Incident Response 429 Issues Associated with Business Continuity 431 Types of Storage Mechanisms 432 Crafting a Disaster–Recovery Plan 433 Incident Response Policies 445 Understanding Incident Response 446 Succession Planning 454 Tabletop Exercises 454 Reinforcing Vendor Support 455 Service–Level Agreements 455 Code Escrow Agreements 457 Penetration Testing 458 What Should You Test? 458 Vulnerability Scanning 459 Summary 460 Exam Essentials 461 Review Questions 462 Appendix A Answers to Review Questions 467 Chapter 1: Measuring and Weighing Risk 468 Chapter 2: Monitoring and Diagnosing Networks 469 Chapter 3: Understanding Devices and Infrastructure 470 Chapter 4: Access Control, Authentication, and Authorization 471 Chapter 5: Protecting Wireless Networks 473 Chapter 6: Securing the Cloud 474 Chapter 7: Host, Data, and Application Security 475 Chapter 8: Cryptography 476 Chapter 9: Malware, Vulnerabilities, and Threats 477 Chapter 10: Social Engineering and Other Foes 478 Chapter 11: Security Administration 480 Chapter 12: Disaster Recovery and Incident Response 481 Appendix B About the Additional Study Tools 483 Additional Study Tools 484 Sybex Test Engine 484 Electronic Flashcards 484 PDF of Glossary of Terms 484 Adobe Reader 484 System Requirements 485 Using the Study Tools 485 Troubleshooting 485 Customer Care 486 Index 487

Emmett Dulaney is an Assistant Professor at Anderson University. He has written several certification books on Windows, security, IT project management, and UNIX, and was the co–author of CompTIA A+ Complete Study Guide (Sybex). Chuck Easttom is CEO and Chief Trainer for CEC–Security, which specializes in IT security training and CISP and Security+ exam preparation. He has over 18 years in the IT industry, 10 years teaching and training, and has authored 15 published books.