Schweitzer Fachinformationen
Wenn es um professionelles Wissen geht, ist Schweitzer Fachinformationen wegweisend. Kunden aus Recht und Beratung sowie Unternehmen, öffentliche Verwaltungen und Bibliotheken erhalten komplette Lösungen zum Beschaffen, Verwalten und Nutzen von digitalen und gedruckten Medien.
ABOUT THE AUTHORS
MIKE CHAPPLE, PhD, SECURITY+, CYSA+, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, CertMike.com.
DAVID SEIDL, CYSA+, CISSP, PENTEST+, is Vice President for Information Technology and CIO at Miami University where he leads an award winning, nationally recognized IT organization. David is a bestselling author who has written over 20 books with a focus on cybersecurity certification and cyberwarfare.
Introduction xxxi
Chapter 1 Today's Security Professional 1
Cybersecurity Objectives 2
Data Breach Risks 3
The DAD Triad 4
Breach Impact 5
Implementing Security Controls 7
Gap Analysis 7
Security Control Categories 8
Security Control Types 9
Data Protection 10
Data Encryption 11
Data Loss Prevention 11
Data Minimization 12
Access Restrictions 13
Segmentation and Isolation 13
Summary 13
Exam Essentials 14
Review Questions 16
Chapter 2 Cybersecurity Threat Landscape 21
Exploring Cybersecurity Threats 23
Classifying Cybersecurity Threats 23
Threat Actors 25
Attacker Motivations 31
Threat Vectors and Attack Surfaces 32
Threat Data and Intelligence 35
Open Source Intelligence 35
Proprietary and Closed- Source Intelligence 38
Assessing Threat Intelligence 39
Threat Indicator Management and Exchange 40
Information Sharing Organizations 41
Conducting Your Own Research 42
Summary 42
Exam Essentials 43
Review Questions 45
Chapter 3 Malicious Code 49
Malware 50
Ransomware 51
Trojans 52
Worms 54
Spyware 55
Bloatware 56
Viruses 57
Keyloggers 59
Logic Bombs 60
Rootkits 60
Summary 62
Exam Essentials 62
Review Questions 64
Chapter 4 Social Engineering and Password Attacks 69
Social Engineering and Human Vectors 70
Social Engineering Techniques 71
Password Attacks 76
Summary 78
Exam Essentials 78
Review Questions 80
Chapter 5 Security Assessment and Testing 85
Vulnerability Management 87
Identifying Scan Targets 87
Determining Scan Frequency 89
Configuring Vulnerability Scans 91
Scanner Maintenance 95
Vulnerability Scanning Tools 98
Reviewing and Interpreting Scan Reports 101
Confirmation of Scan Results 111
Vulnerability Classification 112
Patch Management 112
Legacy Platforms 113
Weak Configurations 115
Error Messages 115
Insecure Protocols 116
Weak Encryption 117
Penetration Testing 118
Adopting the Hacker Mindset 119
Reasons for Penetration Testing 120
Benefits of Penetration Testing 120
Penetration Test Types 121
Rules of Engagement 123
Reconnaissance 125
Running the Test 125
Cleaning Up 126
Audits and Assessments 126
Security Tests 127
Security Assessments 128
Security Audits 129
Vulnerability Life Cycle 131
Vulnerability Identification 131
Vulnerability Analysis 132
Vulnerability Response and Remediation 132
Validation of Remediation 132
Reporting 133
Summary 133
Exam Essentials 134
Review Questions 136
Chapter 6 Application Security 141
Software Assurance Best Practices 143
The Software Development Life Cycle 143
Software Development Phases 144
DevSecOps and DevOps 146
Designing and Coding for Security 147
Secure Coding Practices 148
API Security 149
Software Security Testing 149
Analyzing and Testing Code 150
Injection Vulnerabilities 151
SQL Injection Attacks 151
Code Injection Attacks 155
Command Injection Attacks 155
Exploiting Authentication Vulnerabilities 156
Password Authentication 156
Session Attacks 157
Exploiting Authorization Vulnerabilities 160
Insecure Direct Object References 161
Directory Traversal 161
File Inclusion 163
Privilege Escalation 163
Exploiting Web Application Vulnerabilities 164
Cross- Site Scripting (XSS) 164
Request Forgery 167
Application Security Controls 168
Input Validation 168
Web Application Firewalls 170
Parameterized Queries 170
Sandboxing 171
Code Security 171
Secure Coding Practices 173
Source Code Comments 174
Error Handling 174
Hard- Coded Credentials 175
Package Monitoring 175
Memory Management 176
Race Conditions 177
Unprotected APIs 178
Automation and Orchestration 178
Use Cases of Automation and Scripting 179
Benefits of Automation and Scripting 179
Other Considerations 180
Summary 181
Exam Essentials 181
Review Questions 183
Chapter 7 Cryptography and the PKI 189
An Overview of Cryptography 190
Historical Cryptography 191
Goals of Cryptography 196
Confidentiality 197
Integrity 199
Authentication 200
Non-repudiation 200
Cryptographic Concepts 200
Cryptographic Keys 201
Ciphers 202
Modern Cryptography 202
Cryptographic Secrecy 202
Symmetric Key Algorithms 204
Asymmetric Key Algorithms 205
Hashing Algorithms 208
Symmetric Cryptography 208
Data Encryption Standard 208
Advanced Encryption Standard 209
Symmetric Key Management 209
Asymmetric Cryptography 211
RSA 212
Elliptic Curve 213
Hash Functions 214
Sha 215
md 5 216
Digital Signatures 216
HMAC 217
Public Key Infrastructure 218
Certificates 218
Certificate Authorities 219
Certificate Generation and Destruction 220
Certificate Formats 223
Asymmetric Key Management 224
Cryptographic Attacks 225
Brute Force 225
Frequency Analysis 225
Known Plain Text 226
Chosen Plain Text 226
Related Key Attack 226
Birthday Attack 226
Downgrade Attack 227
Hashing, Salting, and Key Stretching 227
Exploiting Weak Keys 228
Exploiting Human Error 228
Emerging Issues in Cryptography 229
Tor and the Dark Web 229
Blockchain 229
Lightweight Cryptography 230
Homomorphic Encryption 230
Quantum Computing 230
Summary 231
Exam Essentials 231
Review Questions 233
Chapter 8 Identity and Access Management 237
Identity 239
Authentication and Authorization 240
Authentication and Authorization Technologies 241
Authentication Methods 246
Passwords 247
Multifactor Authentication 251
One- Time Passwords 252
Biometrics 254
Accounts 256
Account Types 256
Provisioning and Deprovisioning Accounts 257
Access Control Schemes 259
Filesystem Permissions 260
Summary 262
Exam Essentials 262
Review Questions 264
Chapter 9 Resilience and Physical Security 269
Resilience and Recovery in Security Architectures 271
Architectural Considerations and Security 273
Storage Resiliency 274
Response and Recovery Controls 280
Capacity Planning for Resilience and Recovery 283
Testing Resilience and Recovery Controls and Designs 284
Physical Security Controls 285
Site Security 285
Detecting Physical Attacks 291
Summary 291
Exam Essentials 292
Review Questions 294
Chapter 10 Cloud and Virtualization Security 299
Exploring the Cloud 300
Benefits of the Cloud 301
Cloud Roles 303
Cloud Service Models 303
Cloud Deployment Models 307
Private Cloud 307
Shared Responsibility Model 309
Cloud Standards and Guidelines 312
Virtualization 314
Hypervisors 314
Cloud Infrastructure Components 316
Cloud Compute Resources 316
Cloud Storage Resources 319
Cloud Networking 322
Cloud Security Issues 325
Availability 325
Data Sovereignty 326
Virtualization Security 327
Application Security 327
Governance and Auditing of Third- Party Vendors 328
Hardening Cloud Infrastructure 328
Cloud Access Security Brokers 328
Resource Policies 329
Secrets Management 330
Summary 331
Exam Essentials 331
Review Questions 333
Chapter 11 Endpoint Security 337
Operating System Vulnerabilities 339
Hardware Vulnerabilities 340
Protecting Endpoints 341
Preserving Boot Integrity 342
Endpoint Security Tools 344
Hardening Techniques 350
Hardening 350
Service Hardening 350
Network Hardening 352
Default Passwords 352
Removing Unnecessary Software 353
Operating System Hardening 353
Configuration, Standards, and Schemas 356
Encryption 357
Securing Embedded and Specialized Systems 358
Embedded Systems 358
SCADA and ICS 361
Securing the Internet of Things 362
Communication Considerations 363
Security Constraints of Embedded Systems 364
Asset Management 365
Summary 368
Exam Essentials 369
Review Questions 371
Chapter 12 Network Security 375
Designing Secure Networks 377
Infrastructure Considerations 380
Network Design Concepts 380
Network Segmentation 383
Zero Trust 385
Network Access Control 387
Port Security and Port- Level Protections 388
Virtual Private Networks and Remote Access 390
Network Appliances and Security Tools 392
Deception and Disruption Technology 399
Network Security, Services, and Management 400
Secure Protocols 406
Using Secure Protocols 406
Secure Protocols 407
Network Attacks 410
On- Path Attacks 411
Domain Name System Attacks 412
Credential Replay Attacks 414
Malicious Code 415
Distributed Denial- of- Service Attacks 415
Summary 418
Exam Essentials 419
Review Questions 421
Chapter 13 Wireless and Mobile Security 425
Building Secure Wireless Networks 426
Connection Methods 427
Wireless Network Models 431
Attacks Against Wireless Networks and Devices 432
Designing a Network 435
Controller and Access Point Security 438
Wi- Fi Security Standards 438
Wireless Authentication 440
Managing Secure Mobile Devices 442
Mobile Device Deployment Methods 442
Hardening Mobile Devices 444
Mobile Device Management 444
Summary 448
Exam Essentials 449
Review Questions 450
Chapter 14 Monitoring and Incident Response 455
Incident Response 457
The Incident Response Process 458
Training 462
Threat Hunting 463
Understanding Attacks and Incidents 464
Incident Response Data and Tools 466
Monitoring Computing Resources 466
Security Information and Event Management Systems 466
Alerts and Alarms 469
Log Aggregation, Correlation, and Analysis 470
Rules 471
Benchmarks and Logging 478
Reporting and Archiving 478
Mitigation and Recovery 479
Secure Orchestration, Automation, and Response (SOAR) 479
Containment, Mitigation, and Recovery Techniques 479
Root Cause Analysis 482
Summary 483
Exam Essentials 484
Review Questions 485
Chapter 15 Digital Forensics 489
Digital Forensic Concepts 490
Legal Holds and e- Discovery 491
Conducting Digital Forensics 493
Acquiring Forensic Data 493
Acquisition Tools 497
Validating Forensic Data Integrity 500
Data Recovery 502
Forensic Suites and a Forensic Case Example 503
Reporting 507
Digital Forensics and Intelligence 508
Summary 508
Exam Essentials 509
Review Questions 511
Chapter 16 Security Governance and Compliance 515
Security Governance 518
Corporate Governance 518
Governance, Risk, and Compliance Programs 520
Information Security Governance 520
Types of Governance Structures 521
Understanding Policy Documents 521
Policies 522
Standards 524
Procedures 526
Guidelines 528
Exceptions and Compensating Controls 529
Monitoring and Revision 530
Change Management 531
Change Management Processes and Controls 532
Version Control 534
Documentation 535
Personnel Management 535
Least Privilege 535
Separation of Duties 535
Job Rotation and Mandatory Vacations 536
Clean Desk Space 536
Onboarding and Offboarding 536
Nondisclosure Agreements 537
Social Media 537
Third- Party Risk Management 537
Vendor Selection 537
Vendor Assessment 538
Vendor Agreements 538
Vendor Monitoring 539
Winding Down Vendor Relationships 540
Complying with Laws and Regulations 540
Common Compliance Requirements 541
Compliance Reporting 541
Consequences of Noncompliance 542
Compliance Monitoring 543
Adopting Standard Frameworks 543
NIST Cybersecurity Framework 544
NIST Risk Management Framework 546
ISO Standards 547
Benchmarks and Secure Configuration Guides 549
Security Awareness and Training 550
User Training 551
Ongoing Awareness Efforts 553
Summary 554
Exam Essentials 555
Review Questions 557
Chapter 17 Risk Management and Privacy 561
Analyzing Risk 563
Risk Identification 564
Risk Assessment 565
Risk Analysis 567
Managing Risk 570
Risk Mitigation 571
Risk Avoidance 572
Risk Transference 572
Risk Acceptance 573
Risk Tracking 574
Risk Register 575
Risk Reporting 576
Disaster Recovery Planning 577
Disaster Types 577
Business Impact Analysis 578
Privacy 578
Data Inventory 579
Information Classification 580
Data Roles and Responsibilities 581
Information Life Cycle 583
Privacy Enhancing Technologies 584
Privacy and Data Breach Notification 585
Summary 585
Exam Essentials 585
Review Questions 587
Appendix Answers to Review Questions 591
Chapter 1: Today's Security Professional 592
Chapter 2: Cybersecurity Threat Landscape 593
Chapter 3: Malicious Code 595
Chapter 4: Social Engineering and Password Attacks 597
Chapter 5: Security Assessment and Testing 600
Chapter 6: Application Security 602
Chapter 7: Cryptography and the PKI 604
Chapter 8: Identity and Access Management 605
Chapter 9: Resilience and Physical Security 607
Chapter 10: Cloud and Virtualization Security 609
Chapter 11: Endpoint Security 611
Chapter 12: Network Security 614
Chapter 13: Wireless and Mobile Security 616
Chapter 14: Monitoring and Incident Response 619
Chapter 15: Digital Forensics 621
Chapter 16: Security Governance and Compliance 623
Chapter 17: Risk Management and Privacy 626
Index 629
If you're preparing to take the Security+ exam, you'll undoubtedly want to find as much information as you can about computer and physical security. The more information you have at your disposal and the more hands-on experience you gain, the better off you'll be when attempting the exam. This study guide was written with that in mind. The goal was to provide enough information to prepare you for the test but not so much that you'll be overloaded with information that's outside the scope of the exam.
This book presents the material at an intermediate technical level. Experience with and knowledge of security concepts, operating systems, and application systems will help you get a full understanding of the challenges you'll face as a security professional.
We've included review questions at the end of each chapter to give you a taste of what it's like to take the exam. If you're already working in the security field, we recommend that you check out these questions first to gauge your level of expertise. You can then use the book mainly to fill in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam.
If you can answer 90 percent or more of the review questions correctly for a given chapter, you can feel safe moving on to the next chapter. If you're unable to answer that many correctly, reread the chapter and try the questions again. Your score should improve.
Don't just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book. The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objectives behind the questions.
The Security+ exam is designed to be a vendor-neutral certification for cybersecurity professionals and those seeking to enter the field. CompTIA recommends this certification for those currently working, or aspiring to work, in roles such as the following:
The exam covers five major domains:
These five areas include a range of topics, from firewall design to incident response and forensics, while focusing heavily on scenario-based learning. That's why CompTIA recommends that those attempting the exam have CompTIA Network+ and two years of experience working in a security/systems administrator job role, although many individuals pass the exam before moving into their first cybersecurity role.
CompTIA describes the Security+ exam as verifying that you have the knowledge and skills required to:
The Security+ exam is conducted in a format that CompTIA calls "performance-based assessment." This means that the exam combines standard multiple-choice questions with other, interactive question formats. Your exam may include several types of questions, such as multiple-choice, fill-in-the-blank, multiple-response, drag-and-drop, and image-based problems.
The exam costs $392 in the United States, with roughly equivalent prices in other locations around the globe. You can find more details about the Security+ exam and how to take it at
www.comptia.org/certifications/security
You'll have 90 minutes to take the exam and will be asked to answer up to 90 questions during that time period. Your exam will be scored on a scale ranging from 100 to 900, with a passing score of 750.
You should also know that CompTIA is notorious for including vague questions on all of its exams. You might see a question for which two of the possible four answers are correct-but you can choose only one. Use your knowledge, logic, and intuition to choose the best answer and then move on. Sometimes, the questions are worded in ways that would make English majors cringe-a typo here, an incorrect verb there. Don't let this frustrate you; answer the question and move on to the next one.
CompTIA frequently does what is called item seeding, which is the practice of including unscored questions on exams. It does so to gather psychometric data, which is then used when developing new versions of the exam. Before you take the exam, you will be told that your exam may include these unscored questions. So, if you come across a question that does not appear to map to any of the exam objectives-or for that matter, does not appear to belong in the exam-it is likely a seeded question. You never really know whether or not a question is seeded, however, so always make your best effort to answer every question.
Once you are fully prepared to take the exam, you can visit the CompTIA website to purchase your exam voucher:
http://store.comptia.org
Currently, CompTIA offers two options for taking the exam: an in-person exam at a testing center and an at-home exam that you take on your own computer.
This book includes a coupon that you may use to save 10 percent on your CompTIA exam registration.
CompTIA partners with Pearson VUE's testing centers, so your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, while non-U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson VUE website, where you will need to navigate to "Find a test center."
www.pearsonvue.com/comptia
Now that you know where you'd like to take the exam, you'll need to create a CompTIA account then schedule via Pearson VUE.
On the day of the test, take two forms of identification, and be sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic devices (including smartphones and watches), or other materials in with you.
CompTIA began offering online exam proctoring in 2020 in response to the coronavirus pandemic. As of the time this book went to press, the at-home testing option was still available and appears likely to continue. Candidates using this approach will take the exam at their home or office and be proctored over a webcam by a remote proctor.
Due to the rapidly changing nature of the at-home testing experience, candidates wishing to pursue this option should check the CompTIA website for the latest details.
Once you have taken the exam, you will be notified of your score immediately, so you'll know if you passed the test right away. You should keep track of your score report with your exam registration records and the email address you used to register for the exam.
Like many other CompTIA certifications, the Security+ credential must be renewed on a periodic basis. To renew your certification, you can either pass the most current version of the exam, earn a qualifying higher-level CompTIA or industry certification, complete a CompTIA Certmaster CE course, or complete sufficient continuing education activities to earn enough continuing education units (CEUs) to renew it.
CompTIA provides information on renewals via their website at
www.comptia.org/continuing-education
When you sign up to renew your certification, you will be asked to agree to the CE program's Code of Ethics, to pay a renewal fee, and to submit the materials required for your chosen renewal method.
A full list of the industry certifications you can use to acquire CEUs toward renewing the Security+ can be found at
www.comptia.org/continuing-education/choose/renew-with-a-single-activity/earn-non-comptia-it-industry-certifications
This book covers everything you need to know to understand the job role and basic responsibilities of a security administrator and also to pass the Security+ exam.
Dateiformat: ePUBKopierschutz: Adobe-DRM (Digital Rights Management)
Systemvoraussetzungen:
Das Dateiformat ePUB ist sehr gut für Romane und Sachbücher geeignet – also für „fließenden” Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein „harter” Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.Bitte beachten Sie: Wir empfehlen Ihnen unbedingt nach Installation der Lese-Software diese mit Ihrer persönlichen Adobe-ID zu autorisieren!
Weitere Informationen finden Sie in unserer E-Book Hilfe.
