Principles of computer security CompTIA Security+ and beyond
Fully updated computer security essentials-mapped to the CompTIA Security+ SY0-601 exam Save 10% on any CompTIA exam voucher! Coupon code inside. Learn IT security fundamentals while getting complete coverage of the objectives for the latest release of CompTIA Security+ certification exam SY0-601. T...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
New York :
McGraw-Hill
[2022]
|
| Edición: | Sixth edition |
| Colección: | McGraw-Hill's AccessEngineeringLibrary
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009633579506719 |
Tabla de Contenidos:
- Cover
- About the Authors
- Title Page
- Copyright Page
- Acknowledgments
- About this Book
- Contents at a Glance
- Contents
- Foreword
- Preface
- Introduction
- Instructor Website
- Chapter 1 Introduction and Security Trends
- The Computer Security Problem
- Definition of Computer Security
- Historical Security Incidents
- The Current Threat Environment
- Infrastructure Attacks
- Ransomware
- Threats to Security
- Viruses and Worms
- Intruders
- Insiders
- Criminal Organizations
- Nation-States, Terrorists, and Information Warfare
- Brand-Name Attacks
- Attributes of Actors
- Internal/External
- Level of Sophistication
- Resources/Funding
- Intent/Motivation
- Security Trends
- Targets and Attacks
- Specific Target
- Opportunistic Target
- Minimizing Possible Avenues of Attack
- Approaches to Computer Security
- Cybersecurity Kill Chain
- Threat Intelligence
- Open Source Intelligence
- Ethics
- Additional References
- Chapter 1 Review
- Chapter 2 General Security Concepts
- Basic Security Terminology
- Security Basics
- Security Tenets
- Security Approaches
- Security Principles
- Formal Security Models
- Confidentiality Models
- Integrity Models
- Additional References
- Chapter 2 Review
- Chapter 3 Operational and Organizational Security
- Policies, Procedures, Standards, and Guidelines
- Organizational Policies
- Change Management Policy
- Change Control
- Asset Management
- Security Policies
- Data Policies
- Credential Policies
- Password and Account Policies
- Human Resources Policies
- Code of Ethics
- Job Rotation
- Separation of Duties
- Employee Hiring (Onboarding) and Promotions
- Retirement, Separation, or Termination (Offboarding)
- Exit Interviews
- Onboarding/Offboarding Business Partners
- Adverse Actions
- Mandatory Vacations
- Acceptable Use Policy.
- Internet Usage Policy
- E-mail Usage Policy
- Social Media Analysis
- Clean Desk Policy
- Bring-Your-Own-Device (BYOD) Policy
- Privacy Policy
- Due Care and Due Diligence
- Due Process
- Incident Response Policies and Procedures
- Security Awareness and Training
- Diversity of Training Techniques
- Security Policy Training and Procedures
- User Training
- Role-Based Training
- Continuing Education
- Compliance with Laws, Best Practices, and Standards
- User Habits
- Training Metrics and Compliance
- Standard Operating Procedures
- Third-Party Risk Management
- Vendors
- Supply Chain
- Business Partners
- Interoperability Agreements
- Service Level Agreement (SLA)
- Memorandum of Understanding (MOU)
- Measurement Systems Analysis (MSA)
- Business Partnership Agreement (BPA)
- Interconnection Security Agreement (ISA)
- NDA
- End of Service Life (EOSL)
- End of Life (EOL)
- Chapter 3 Review
- Chapter 4 The Role of People in Security
- People-A Security Problem
- Social Engineering
- Tools
- Principles (Reasons for Effectiveness)
- Defenses
- Attacks
- Impersonation
- Phishing
- Smishing
- Vishing
- Spam
- Spam over Internet Messaging (SPIM)
- Spear Phishing
- Whaling
- Pharming
- Dumpster Diving
- Shoulder Surfing
- Tailgating/Piggybacking
- Eliciting Information
- Prepending
- Identity Fraud
- Invoice Scams
- Credential Harvesting
- Reverse Social Engineering
- Reconnaissance
- Hoax
- Watering Hole Attack
- Typo Squatting
- Influence Campaigns
- Poor Security Practices
- Password Selection
- Shoulder Surfing
- Piggybacking
- Dumpster Diving
- Installing Unauthorized Hardware and Software
- Data Handling
- Physical Access by Non-Employees
- Clean Desk Policies
- People as a Security Tool
- Security Awareness
- Security Policy Training and Procedures
- Chapter 4 Review.
- Chapter 5 Cryptography
- Cryptography in Practice
- Fundamental Methods
- Comparative Strengths and Performance of Algorithms
- Key Length
- Cryptographic Objectives
- Diffusion
- Confusion
- Obfuscation
- Perfect Forward Secrecy
- Security Through Obscurity
- Historical Perspectives
- Algorithms
- Substitution Ciphers
- One-Time Pads
- Key Management
- Random Numbers
- Salting
- Hashing Functions
- Message Digest
- SHA
- RIPEMD
- Hashing Summary
- Symmetric Encryption
- DES
- 3DES
- AES
- CAST
- RC
- Blowfish
- Twofish
- IDEA
- ChaCha20
- Cipher Modes
- Authenticated Encryption with Associated Data (AEAD)
- Block vs. Stream
- Symmetric Encryption Summary
- Asymmetric Encryption
- Diffie-Hellman
- RSA Algorithm
- ElGamal
- ECC
- Asymmetric Encryption Summary
- Symmetric vs. Asymmetric
- Quantum Cryptography
- Post-Quantum
- Lightweight Cryptography
- Homomorphic Encryption
- For More Information
- Chapter 5 Review
- Chapter 6 Applied Cryptography
- Cryptography Use
- Confidentiality
- Integrity
- Authentication
- Nonrepudiation
- Digital Signatures
- Digital Rights Management
- Cryptographic Applications
- Use of Proven Technologies
- Cipher Suites
- Secret Algorithms
- Key Exchange
- Key Escrow
- Session Keys
- Ephemeral Keys
- Key Stretching
- Transport Encryption
- TLS v1.3
- Data in Transit/Motion
- Data at Rest
- Data in Use/Processing
- Implementation vs. Algorithm Selection
- Common Use Cases
- HMAC
- S/MIME
- IETF S/MIME History
- IETF S/MIME v3 Specifications
- PGP
- How PGP Works
- Steganography
- Secure Protocols
- DNSSEC
- SSH
- S/MIME
- SRTP
- LDAPS
- FTPS
- SFTP
- SNMPv3
- TLS
- HTTPS
- Secure POP/IMAP
- IPSec
- Secure Protocol Use Cases
- Voice and Video
- Time Synchronization
- E-mail and Web
- File Transfer
- Directory Services.
- Remote Access
- Domain Name Resolution
- Routing and Switching
- Network Address Allocation
- Subscription Services
- Cryptographic Attacks
- Birthday
- Known Plaintext/Ciphertext
- Chosen Cipher Text Attack
- Weak Implementations
- Meet-in-the-Middle Attacks
- Replay
- Downgrade
- Collision
- Password Attacks
- Other Standards
- FIPS
- Common Criteria
- ISO/IEC 27002 (Formerly ISO 17799)
- Chapter 6 Review
- Chapter 7 Public Key Infrastructure
- The Basics of Public Key Infrastructures
- Certificate Authorities
- Registration Authorities
- Local Registration Authorities
- Public Certificate Authorities
- In-house Certificate Authorities
- Choosing Between a Public CA and an In-house CA
- Outsourced Certificate Authorities
- Online vs. Offline CA
- Stapling
- Pinning
- Trust Models
- Certificate Chaining
- Hierarchical Trust Model
- Peer-to-Peer Model
- Hybrid Trust Model
- Walking the Certificate Path
- Digital Certificates
- Certificate Classes
- Certificate Extensions
- Certificate Attributes
- Certificate Formats
- Certificate Lifecycles
- Registration and Generation
- CSR
- Renewal
- Suspension
- Certificate Revocation
- Key Destruction
- Certificate Repositories
- Sharing Key Stores
- Trust and Certificate Verification
- Centralized and Decentralized Infrastructures
- Hardware Security Modules
- Private Key Protection
- Key Recovery
- Key Escrow
- Certificate-Based Threats
- PKIX and PKCS
- PKIX Standards
- PKCS
- Why You Need to Know the PKIX and PKCS Standards
- Stolen Certificates
- ISAKMP
- CMP
- XKMS
- CEP
- Chapter 7 Review
- Chapter 8 Physical Security
- The Security Problem
- Physical Security Safeguards
- Walls and Guards
- Lights and Signage
- Physical Access Controls and Monitoring
- Electronic Access Control Systems
- Policies and Procedures.
- Environmental Controls
- Hot and Cold Aisles
- Fire Suppression
- Water-Based Fire Suppression Systems
- Halon-Based Fire Suppression Systems
- Clean-Agent Fire Suppression Systems
- Handheld Fire Extinguishers
- Fire Detection Devices
- Electromagnetic Environment
- Power Protection
- UPS
- Backup Power and Cable Shielding
- Generator
- Dual Supply
- Managed Power Distribution Units (PDUs)
- Drones/UAVs
- Chapter 8 Review
- Chapter 9 Network Fundamentals
- Network Architectures
- Network Topology
- Wireless
- Ad Hoc
- Segregation/Segmentation/Isolation
- Physical Separation
- Enclaves
- Logical (VLAN)
- Virtualization
- Airgaps
- Zones and Conduits
- Zero Trust
- Security Zones
- DMZ
- Internet
- East-West Traffic
- Intranet
- Extranet
- Wireless
- Guest
- Honeynets
- Flat Networks
- Network Protocols
- Protocols
- Packets
- Internet Protocol
- IP Packets
- TCP vs. UDP
- ICMP
- IPv4 vs. IPv6
- Expanded Address Space
- Neighbor Discovery
- Benefits of IPv6
- Packet Delivery
- Ethernet
- Local Packet Delivery
- ARP Attacks
- Remote Packet Delivery
- IP Addresses and Subnetting
- Network Address Translation
- Inter-Networking
- MPLS
- Software-Defined Networking (SDN)
- Software-Defined Visibility (SDV)
- Quality of Service (QoS)
- Traffic Engineering
- Route Security
- For More Information
- Chapter 9 Review
- Chapter 10 Infrastructure Security
- Devices
- Workstations
- Servers
- Mobile Devices
- Device Security, Common Concerns
- Network-Attached Storage
- Removable Storage
- Virtualization
- Hypervisor
- Application Cells/Containers
- VM Sprawl Avoidance
- VM Escape Protection
- Snapshots
- Patch Compatibility
- Host Availability/Elasticity
- Security Control Testing
- Sandboxing
- Networking
- Network Interface Cards
- Hubs
- Bridges
- Switches.
- Port Security.
