Schweitzer Fachinformationen
Wenn es um professionelles Wissen geht, ist Schweitzer Fachinformationen wegweisend. Kunden aus Recht und Beratung sowie Unternehmen, öffentliche Verwaltungen und Bibliotheken erhalten komplette Lösungen zum Beschaffen, Verwalten und Nutzen von digitalen und gedruckten Medien.
CompTIA® Security+ Exam Cram, Fourth Edition, is the perfect study guide to help you pass CompTIA's newly updated version of the Security+ exam. It provides coverage and practice questions for every exam topic. The book contains a set of 200 questions in two full practice exams. The CD-ROM contains the powerful Pearson IT Certification Practice Test engine that provides real-time practice and feedback with all the questions so you can simulate the exam.
Covers the critical information you need to know to score higher on your Security+ exam!
--Categorize types of attacks, threats, and risks to your systems
--Secure devices, communications, and network infrastructure
-- Troubleshoot issues related to networking components
-- Effectively manage risks associated with a global business environment
-- Differentiate between control methods used to secure the physical domain
-- Identify solutions to secure hosts, data, and applications
-- Compare techniques to mitigate risks in static environments
-- Determine relevant access control, authorization, and authentication procedures
-- Select appropriate mitigation techniques in response to attacks and vulnerabilities
-- Apply principles of cryptography and effectively deploy related solutions
--Implement security practices from both a technical and an organizational standpoint
Diane Barrett is the president of NextGard Technology and a professor for Bloomsburg University. She has done contract forensic and security assessment work for several years and has authored several other security and forensic books. She is a program director for ADFSL's Conference on Digital Forensics, Security, and Law; the DFCP certification chair for the Digital Forensic Certification Board; and a volunteer for the NIST Cloud Computing Forensic Science Challenges working group. She holds many industry certifications, including CISSP, ISSMP, DFCP, and PCME, along with several from CompTIA, including Security+. Diane's education includes a Ph.D. in business administration with a specialization in information security and a master of science degree in information technology with a specialization in information security.
Kalani Kirk Hausman is an author, GRC professional, enterprise and security architect, ISO, and consultant with experience that includes mediumto large-scale globally deployed networks in governmental, higher education, healthcare, and corporate settings. Kalani's professional certifications include the CISSP, CGEIT, CRISC, CISA, CISM, GIAC-GHSC, PMP, ITIL, and CCP. He is active within the InfraGard; Information Systems Audit and Control Association (ISACA); ISSA; and High Technology Crime Investigation Association (HTCIA). Kalani is currently employed at Texas A&M University and as an adjunct professor of InfoSec at UMUC and APU/AMU. Kalani can be reached at kkhausman@hotmail.com or followed on Twitter at @kkhausman.
Martin M. Weiss has years of experience in information security, risk management, and compliance. Marty holds a bachelor of science degree in computer studies from the University of Maryland University College and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He holds several certifications, including CISSP, CISA, and Security+. Marty has authored and co-authored more than a half dozen books on information technology. Occasionally, he molds minds as an adjunct professor with the University of Maryland University College. A Florida native, he now lives in New England somewhere between Boston and New York City.
Introduction
Part I: Network Security
Chapter 1 Secure Network Design
Implement Security Configuration Parameters on Network Devices and Other Technologies
Firewalls
Routers
Switches
Load Balancers
Proxies
Web Security Gateways
VPN Concentrators
NIDS and NIPS
Protocol Analyzers
Spam Filter
UTM Security Appliances
Web Application Firewall Versus Network Firewall
Application-Aware Devices
Cram Quiz
Cram Quiz Answers
Given a Scenario, Use Secure Network Administration Principles
Rule-Based Management
Firewall Rules
VLAN Management
Secure Router Configuration
Access Control Lists
Port Security
802.1X
Flood Guards
Loop Protection
Implicit Deny
Network Separation
Log Analysis
Unified Threat Management
Explain Network Design Elements and Components
DMZ
Subnetting
VLAN
NAT
Remote Access
Telephony
NAC
Virtualization
Cloud Computing
Layered Security/Defense in Depth
What Next?
Chapter 2 Network Implementation
Given a Scenario, Implement Common Protocols and Services
Protocols
Ports
OSI Relevance
Given a Scenario, Troubleshoot Security Issues Related to Wireless Networking
WPA
WPA2
WEP
EAP
PEAP
LEAP
MAC Filter
Disable SSID Broadcast
TKIP
CCMP
Antenna Placement
Power-Level Controls
Captive Portals
Antenna Types
Site Surveys
VPN (Over Open Wireless)
Part II: Compliance and Operational Security
Chapter 3 Risk Management
Explain the Importance of Risk-Related Concepts
Control Types
False Positives
False Negatives
Importance of Policies in Reducing Risk
Risk Calculation
Qualitative Versus Quantitative Measures
Vulnerabilities
Threat Vectors
Probability/Threat Likelihood
Risk-Avoidance, Transference, Acceptance, Mitigation, Deterrence
Risks Associated with Cloud Computing and Virtualization
Recovery Time Objective and Recovery Point Objective
Summarize the Security Implications of Integrating Systems and Data with Third Parties
On-Boarding/Off-Boarding Business Partners
Social Media Networks and/or Applications
Interoperability Agreements
Privacy Considerations
Risk Awareness
Unauthorized Data Sharing
Data Ownership
Data Backups
Follow Security Policy and Procedures
Review Agreement Requirements to Verify Compliance and Performance Standards
Given a Scenario, Implement Appropriate Risk Mitigation Strategies
Change Management
Incident Management
User Rights and Permissions Reviews
Perform Routine Audits
Enforce Policies and Procedures to Prevent Data Loss or Theft
Enforce Technology Controls
Given a Scenario, Implement Basic Forensic Procedures
Order of Volatility
Capture System Image
Network Traffic and Logs
Capture Video
Record Time Offset
Take Hashes
Screenshots
Witnesses
Track Man-Hours and Expense
Chain of Custody
Big Data Analysis
Summarize Common Incident Response Procedures
Preparation
Incident Identification
Escalation and Notification
Mitigation Steps
Lessons Learned
Reporting
Recovery/Reconstitution Procedures
First Responder
Incident Isolation
Data Breach
Damage and Loss Control
Chapter 4 Response and Recovery
Explain the Importance of Security-Related Awareness and Training
Security Policy Training and Procedures
Role-Based Training
Personally Identifiable Information
Information Classification
Public
Data Labeling, Handling, and Disposal
Compliance with Laws, Best Practices, and Standards
User Habits
New Threats and New Security Trends/Alerts
Use of Social Networking and Peer-to-Peer Services
Follow Up and Gather Training Metrics to Validate Compliance and Security Posture
Compare and Contrast Physical and Environmental Controls
Environmental Controls
Physical Security
Summarize Risk Management Best Practices
Business Continuity Concepts
Fault Tolerance
Disaster Recovery Concepts.
Given a Scenario, Select the Appropriate Control to Meet the Goals of Security
Confidentiality
Integrity
Availability
Safety
Part III: Threats and Vulnerabilities
Chapter 5 Attacks
Explain Types of Malware
Adware
Viruses
Worms
Spyware
Trojan Horses
Rootkits
Backdoors
Logic Bombs
Botnets
Ransomware
Polymorphic Malware
Armored Virus
Summarize Various Types of Attacks
Man-in-the-Middle
Denial of Service
Distributed DoS
Replay
DNS Poisoning
ARP Poisoning
Spoofing
Spam
Phishing and Related Attacks
Privilege Escalation
Malicious Insider Threat
Transitive Access and Client-Side Attacks
Password Attacks
Typo Squatting/URL Hijacking
Watering Hole Attack
Summarize Social Engineering Attacks and the Associated Effectiveness with Each Attack
Social Engineering
Shoulder Surfing
Dumpster Diving
Tailgating
Impersonation
Hoaxes
Principles (Reasons for Effectiveness)
Explain Types of Wireless Attacks
Jamming/Interference
Rogue Access Points
War Driving
Bluejacking/Bluesnarfing
Packet Sniffing
WEP/WPA Attacks
WPS Attacks
Near-Field Communication
Explain Types of Application Attacks
Browser Threats.
Code Injections
Directory Traversal
Header Manipulation
Zero-Day
Buffer Overflows
Integer Overflows.
Cookies
Arbitrary/Remote Code Execution
Chapter 6 Deterrents
Analyze a Scenario and Select the Appropriate Type of Mitigation and Deterrent Techniques
Monitoring System Logs
Hardening
Network Security
Security Posture
Detection Controls Versus Prevention Controls
Given a Scenario, Use Appropriate Tools and Techniques to Discover Security Threats and Vulnerabilities
Interpret Results of Security Assessment Tools
Tools
Assessment Technique
Explain the Proper Use of Penetration Testing Versus Vulnerability Scanning
Penetration Testing
Vulnerability Scanning
Testing
Part IV: Application, Data, and Host Security
Chapter 7 Application Security
Explain the Importance of Application Security Controls and Techniques
Fuzzing
Secure Coding Concepts
Cross-Site Scripting Prevention
Cross-Site Request Forgery Prevention
Application Configuration Baseline (Proper Settings)
Application Hardening
Application Patch Management
NoSQL Databases Versus SQL Databases
Server-Side Versus Client-Side Validation
Chapter 8 Host Security
Summarize Mobile Security Concepts and Technologies
Device Security
Application Security
BYOD Concerns
Given a Scenario, Select the Appropriate Solution to Establish Host Security
Operating System Security and Settings
OS Hardening
Anti-malware
Patch Management
White Listing Versus Black Listing Applications
Trusted OS
Host-Based Firewalls
Host-Based Intrusion Detection
Hardware Security
Host Software Baselining
Chapter 9 Data Security
Implement the Appropriate Controls to Ensure Data Security
Cloud Storage
SAN
Handling Big Data
Data Encryption
Hardware-Based Encryption Devices
Data In-Transit, Data At-Rest, Data In-Use
Permissions/ACL
Data Policies
Cram Quiz Answer
Compare and Contrast Alternative Methods to Mitigate Security Risks in Static Environments
Environments
Methods
Part V: Access Control and Identity Management
Chapter 10 Authentication, Authorization, and Access Control
Compare and Contrast the Function and Purpose of Authentication Services
RADIUS
TACACS+
Kerberos
LDAP
XTACACS
SAML
Secure LDAP
Given a Scenario, Select the Appropriate Authentication, Authorization, or Access Control
Identification Versus Authentication Versus Authorization
Authorization
Authentication
Authentication Factors
Identification
Federation
Transitive Trust/Authentication
Chapter 11 Account Management
Install and Configure Security Controls When Performing Account Management, Based on Best Practices
Mitigate Issues Associated with Users with Multiple Account/Roles and/or Shared Accounts
Account Policy Enforcement
Group-Based Privileges
User-Assigned Privileges
User Access Reviews
Continuous Monitoring
Part VI: Cryptography
Chapter 12 Cryptography Tools and Techniques
Given a Scenario, Utilize General Cryptography Concepts
Symmetric Versus Asymmetric
Elliptic Curve and Quantum Cryptography
In-Band Versus Out-of-Band Key Exchange
Session Keys
Transport Encryption
Nonrepudiation and Digital Signatures
Hashing
Key Escrow
Steganography
Use of Proven Technologies
Given a Scenario, Use Appropriate Cryptographic Methods
Wireless Encryption Functions
Cryptographic Hash Functions
HMAC
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
One-Time Pads
PGP
Use of Algorithms with Transport Encryption
Cipher Suites
Key Stretching
Chapter 13 Public Key Infrastructure
Given a Scenario, Use Appropriate PKI, Certificate Management, and Associated Components
Public Key Infrastructure Standards
PKI
Certificate Policies
Public and Private Key Usage
Revocation
Trust Models
Practice Exam 1
Exam Questions
Answers at a Glance
Answers with Explanations
On the CD:
Practice Exam 2
Glossary
9780789753342 TOC 1/29/2015
Dateiformat: PDFKopierschutz: Adobe-DRM (Digital Rights Management)
Systemvoraussetzungen:
Das Dateiformat PDF zeigt auf jeder Hardware eine Buchseite stets identisch an. Daher ist eine PDF auch für ein komplexes Layout geeignet, wie es bei Lehr- und Fachbüchern verwendet wird (Bilder, Tabellen, Spalten, Fußnoten). Bei kleinen Displays von E-Readern oder Smartphones sind PDF leider eher nervig, weil zu viel Scrollen notwendig ist. Mit Adobe-DRM wird hier ein „harter” Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.
Bitte beachten Sie: Wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!
Weitere Informationen finden Sie in unserer E-Book Hilfe.
Dateiformat: PDFKopierschutz: Wasserzeichen-DRM (Digital Rights Management)
Das Dateiformat PDF zeigt auf jeder Hardware eine Buchseite stets identisch an. Daher ist eine PDF auch für ein komplexes Layout geeignet, wie es bei Lehr- und Fachbüchern verwendet wird (Bilder, Tabellen, Spalten, Fußnoten). Bei kleinen Displays von E-Readern oder Smartphones sind PDF leider eher nervig, weil zu viel Scrollen notwendig ist. Mit Wasserzeichen-DRM wird hier ein „weicher” Kopierschutz verwendet. Daher ist technisch zwar alles möglich – sogar eine unzulässige Weitergabe. Aber an sichtbaren und unsichtbaren Stellen wird der Käufer des E-Books als Wasserzeichen hinterlegt, sodass im Falle eines Missbrauchs die Spur zurückverfolgt werden kann.
