CompTIA security+ exam guide (exam SYO-301) : all in one
Official CompTIA Content! Prepare for CompTIA Security+ Exam SY0-301 with McGraw-Hill—a Gold-Level CompTIA Authorized Partner offering Official CompTIA Approved Quality Content to give you the competitive edge on exam day. Get complete coverage of all the objectives included on CompTIA Security+ exa...
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
[Place of publication not identified]
McGraw Hill
2011
|
| Edición: | 3rd edition |
| Colección: | Official CompTIA Guide
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628633906719 |
Tabla de Contenidos:
- Cover
- Contents
- Preface
- Acknowledgments
- Introduction
- Part I Security Concepts
- Chapter 1 General Security Concepts
- The Security+ Exam
- Basic Security Terminology
- Security Basics
- Access Control
- Authentication
- Chapter Review
- Quick Tips
- Questions
- Answers
- Chapter 2 Operational Organizational Security
- Policies, Standards, Guidelines, and Procedures
- The Security Perimeter
- Logical Access Controls
- Access Control Policies
- Social Engineering
- Organizational Policies and Procedures
- Code of Ethics
- Chapter Review
- Questions
- Answers
- Chapter 3 Legal Issues, Privacy, and Ethics
- Cybercrime
- Common Internet Crime Schemes
- Sources of Laws
- Computer Trespass
- Significant U.S. Laws
- Payment Card Industry Data Security Standards (PCI DSS)
- Import/Export Encryption Restrictions
- Digital Signature Laws
- Digital Rights Management
- Privacy
- U.S. Privacy Laws
- European Laws
- Ethics
- SANS Institute IT Code of Ethics
- Chapter Review
- Questions
- Answers
- Part II Cryptography and Applications
- Chapter 4 Cryptography
- Algorithms
- Hashing
- SHA
- RIPEMD
- Message Digest
- Hashing Summary
- Symmetric Encryption
- DES
- 3DES
- AES
- CAST
- RC
- Blowfish
- Twofish
- IDEA
- Symmetric Encryption Summary
- Asymmetric Encryption
- RSA
- Diffie-Hellman
- ElGamal
- ECC
- Asymmetric Encryption Summary
- Quantum Cryptography
- Steganography
- Cryptography Algorithm Use
- Confidentiality
- Integrity
- Nonrepudiation
- Authentication
- Digital Signatures
- Key Escrow
- Transport Encryption
- Cryptographic Applications
- Chapter Review
- Questions
- Answers
- Chapter 5 Public Key Infrastructure
- The Basics of Public Key Infrastructures
- Certificate Authorities
- Registration Authorities
- Local Registration Authorities.
- Certificate Repositories
- Trust and Certificate Verification
- Digital Certificates
- Certificate Attributes
- Certificate Extensions
- Certificate Lifecycles
- Centralized or Decentralized Infrastructures
- Hardware Storage Devices
- Private Key Protection
- Key Recovery
- Key Escrow
- Public Certificate Authorities
- In-house Certificate Authorities
- Outsourced Certificate Authorities
- Tying Different PKIs Together
- Trust Models
- Chapter Review
- Questions
- Answers
- Chapter 6 Standards and Protocols
- PKIX/PKCS
- PKIX Standards
- PKCS
- Why You Need to Know the PKIX and PKCS Standards
- X. 509
- SSL/TLS
- ISAKMP
- CMP
- XKMS
- S/MIME
- IETF S/MIME v3 Specifications
- PGP
- How PGP Works
- HTTPS
- IPsec
- CEP
- FIPS
- Common Criteria (CC)
- WTLS
- PPTP
- WEP
- WEP Security Issues
- ISO/IEC 27002 (Formerly ISO 17799)
- Chapter Review
- Questions
- Answers
- Part III Security in the Infrastructure
- Chapter 7 Physical Security
- The Security Problem
- Physical Security Safeguards
- Walls and Guards
- Policies and Procedures
- Access Controls and Monitoring
- Environmental Controls
- Fire Suppression
- Authentication
- Chapter Review
- Questions
- Answers
- Chapter 8 Infrastructure Security
- Devices
- Workstations
- Servers
- Network Interface Cards
- Hubs
- Bridges
- Switches
- Routers
- Firewalls
- Wireless
- Modems
- Telecom/PBX
- RAS
- VPN
- Intrusion Detection Systems
- Network Access Control
- Network Monitoring/Diagnostic
- Virtualization
- Mobile Devices
- Media
- Coaxial Cable
- UTP/STP
- Fiber
- Unguided Media
- Security Concerns for Transmission Media
- Physical Security
- Removable Media
- Magnetic Media
- Optical Media
- Electronic Media
- The Cloud
- Software as a Service
- Platform as a Service
- Infrastructure as a Service.
- Security Topologies
- Security Zones
- Telephony
- VLANs
- NAT
- Tunneling
- Chapter Review
- Questions
- Answers
- Chapter 9 Authentication and Remote Access
- The Remote Access Process
- Identification
- Authentication
- Authorization
- IEEE 802. 1X
- RADIUS
- RADIUS Authentication
- RADIUS Authorization
- RADIUS Accounting
- DIAMETER
- TACACS+
- TACACS+ Authentication
- TACACS+ Authorization
- TACACS+ Accounting
- L2TP and PPTP
- PPTP
- PPP
- CHAP
- PAP
- EAP
- L2TP
- NT LAN Manager
- Telnet
- FTP/FTPS/SFTP
- SSH
- IEEE 802.11
- VPNs
- IPsec
- Security Associations
- IPsec Configurations
- IPsec Security
- Vulnerabilities
- Chapter Review
- Questions
- Answers
- Chapter 10 Wireless Security
- Wireless Networking
- Mobile Phones
- Bluetooth
- 802. 11
- Chapter Review
- Questions
- Answers
- Part IV Security in Transmissions
- Chapter 11 Intrusion Detection Systems
- History of Intrusion Detection Systems
- IDS Overview
- Host-based IDSs
- Advantages of HIDSs
- Disadvantages of HIDSs
- Active vs. Passive HIDSs
- Resurgence and Advancement of HIDSs
- PC-based Malware Protection
- Antivirus Products
- Personal Software Firewalls
- Pop-up Blocker
- Windows Defender
- Network-based IDSs
- Advantages of a NIDS
- Disadvantages of a NIDS
- Active vsPassive NIDSs
- Signatures
- False Positives and Negatives
- IDS Models
- Intrusion Prevention Systems
- Detection Controls vs. Prevention Controls
- Honeypots and Honeynets
- Firewalls
- Web Application Firewalls vs. Network Firewalls
- Proxy Servers
- Internet Content Filters
- Web Security Gateway
- Protocol Analyzers
- Network Mappers
- Anti-spam
- All-in-one Security Appliances
- Chapter Review
- Questions
- Answers
- Chapter 12 Security Baselines
- Overview Baselines
- Password Selection
- Password Policy Guidelines.
- Selecting a Password
- Components of a Good Password
- Password Aging
- Operating System and Network Operating System Hardening
- Hardening Microsoft Operating Systems
- Hardening UNIX- or Linux-Based Operating Systems
- Network Hardening
- Software Updates
- Device Configuration
- Ports and Services
- Traffic Filtering
- Securing Management Interfaces
- VLAN Management
- IPv4 vsIPv6
- Application Hardening
- Application Configuration Baseline
- Application Patches
- Patch Management
- Web Servers
- Mail Servers
- FTP Servers
- DNS Servers
- File and Print Services
- Active Directory
- Host Software Baselining
- Group Policies
- Security Templates
- Chapter Review
- Questions
- Answers
- Chapter 13 Types of Attacks and Malicious Software
- Avenues of Attack
- The Steps in an Attack
- Minimizing Possible Avenues of Attack
- Attacking Computer Systems and Networks
- Denial-of-Service Attacks
- Backdoors and Trapdoors
- Null Sessions
- Sniffing
- Spoofing
- Man-in-the-Middle Attacks
- Replay Attacks
- TCP/IP Hijacking
- Attacks on Encryption
- Address System Attacks
- Password Guessing
- Software Exploitation
- Client-Side Attacks
- Malicious Code
- Secure Software Development Lifecycle
- War-Dialing and War-Driving
- Social Engineering
- Auditing
- Chapter Review
- Questions
- Answers
- Chapter 14 E-Mail and Instant Messaging
- Security of E-Mail
- Malicious Code
- Hoax E-Mails
- Unsolicited Commercial E-Mail (Spam)
- Mail Encryption
- Instant Messaging
- Chapter Review
- Questions
- Answers
- Chapter 15 Web Components
- Current Web Components and Concerns
- Protocols
- Encryption (SSL and TLS)
- The Web (HTTP and HTTPS)
- Directory Services (DAP and LDAP)
- File Transfer (FTP and SFTP)
- Vulnerabilities
- Code-Based Vulnerabilities
- Buffer Overflows
- Java and JavaScript.
- ActiveX
- Securing the Browser
- CGI
- Server-Side Scripts
- Cookies
- Signed Applets
- Browser Plug-ins
- Application-Based Weaknesses
- Open Vulnerability and Assessment Language (OVAL)
- Chapter Review
- Questions
- Answers
- Part V Operational Security
- Chapter 16 Disaster Recovery and Business Continuity
- Disaster Recovery
- Disaster Recovery Plans/Process
- Backups
- Utilities
- Secure Recovery
- High Availability and Fault Tolerance
- Failure and Recovery Timing
- Chapter Review
- Questions
- Answers
- Chapter 17 Risk Management
- An Overview of Risk Management
- Example of Risk Management at the International Banking Level
- Key Terms for Understanding Risk Management
- What Is Risk Management?
- Business Risks
- Examples of Business Risks
- Examples of Technology Risks
- Risk Management Models
- General Risk Management Model
- Software Engineering Institute Model
- Model Application
- Qualitatively Assessing Risk
- Quantitatively Assessing Risk
- Qualitative vsQuantitative Risk Assessment
- Tools
- Chapter Review
- Questions
- Answers
- Chapter 18 Change Management
- Why Change Management?
- The Key Concept: Separation (Segregation) of Duties
- Elements of Change Management
- Implementing Change Management
- The Purpose of a Change Control Board
- Code Integrity
- The Capability Maturity Model Integration
- Chapter Review
- Questions
- Answers
- Chapter 19 Privilege Management
- User, Group, and Role Management
- User
- Groups
- Role
- Password Policies
- Domain Password Policy
- Single Sign-On
- Centralized vsDecentralized Management
- Centralized Management
- Decentralized Management
- The Decentralized, Centralized Model
- Auditing (Privilege, Usage, and Escalation)
- Privilege Auditing
- Usage Auditing
- Escalation Auditing
- Logging and Auditing of Log Files.
- Common Logs.
