ebook img

Comptia Security+ Guide to Network Security Fundamentals PDF

786 Pages·2017·18.109 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Comptia Security+ Guide to Network Security Fundamentals

INFORMATION SECURITY CIAMPA Security+ Guide to Network Security Fundamentals N e t w o rS Sixth Edition k e Sc u e cri ut ry i+ t y G F u u i nd de a t mo e n t a l s Sixth Edition To register or access your online learning solution or purchase materials for your course, visit www.cengagebrain.com. Mark Ciampa Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 SE/CIAMPA, CompTIA Security+ Guide to Network Security Fundamentals, 6th Edition ISBN-978-1-337-28878-1 ©20XX Designer: XXX Text & Cover printer: Quad Graphics Binding: PB Trim: 7.375 x 9.125" CMYK CompTIA Security+ SY0-501 Exam Objectives Security+ Exam Domain/Objectives Chapter Bloom’s Taxonomy 1.0: Threats, Attacks, and Vulnerabilities 1.1 G iven a scenario, analyze indicators of compromise and determine the type of 2 Analyze malware. 1.2 C ompare and contrast types of attacks. 2 Understand 3 Analyze 5 Understand 8 Apply/Understand 11 Create 15 Apply 1.3 E xplain threat actor types and attributes. 1 Analyze/Apply 1.4 E xplain penetration testing concepts. 13 Apply 1.5 E xplain vulnerability scanning concepts. 13 Apply 1.6 E xplain the impact associated with types of vulnerabilities. 1 Understand 3 Understand 4 Understand 5 Understand 9 Understand 10 Understand 2.0: Technologies and Tools 2.1 I nstall and configure network components, both hardware- and software-based, 4 Apply to support organizational security. 6 Analyze 7 Apply 8 Analyze/Evaluate 2.2 G iven a scenario, use appropriate software tools to assess the security posture of 8 Evaluate an organization. 13 Analyze/Evaluate 14 Evaluate 2.3 G iven a scenario, troubleshoot common security issues. 15 Analyze 2.4 G iven a scenario, analyze and interpret output from security technologies. 6 Analyze 7 Analyze 9 Analyze 2.5 G iven a scenario, deploy mobile devices securely. 8 Apply/Evaluate 10 Analyze/Create 11 Analyze 2.6 G iven a scenario, implement secure protocols. 4 Apply 5 Analyze 3.0: Architecture and Design 3.1 E xplain use cases and purpose for frameworks, best practices and secure 1 Analyze configuration guides. 15 Understand 3.2 Given a scenario, implement secure network architecture concepts. 6 Analyze 7 Apply 8 Apply/Evaluate 13 Apply Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 88781_ifc_hr.indd 2 8/9/17 3:41 PM INFORMATION SECURITY Sixth Edition CompTIA ® SECURITY+ GUIDE TO NETWORK SECURITY FUNDAMENTALS Mark Ciampa, Ph.D. Australia • Brazil • Mexico • Singapore • United Kingdom • United States Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 88781_fm_hr_i-xxvi.indd 1 8/16/17 7:00 PM Security+ Guide to Network © 2018, 2015 Cengage Learning Security Fundamentals, Sixth Unless otherwise noted, all content is © Cengage. Edition ALL RIGHTS RESERVED. No part of this work covered by the copy- Mark Ciampa right herein may be reproduced or distributed in any form or by any means, except as permitted by U.S. copyright law, without the prior written permission of the copyright owner. SVP, GM Skills: Jonathan Lau Product Team Manager: Kristin For product information and technology assistance, contact us at McNary Cengage Learning Customer & Sales Support, 1-800-354-9706. Associate Product Manager: Amy For permission to use material from this text or product, submit all Savino requests online at www.cengage.com/permissions. Further permissions questions can be e-mailed to Executive Director of Development: [email protected]. Marah Bellegarde Senior Product Development Library of Congress Control Number: 2017950178 Manager: Leigh Hefferon ISBN: 978-1-337-28878-1 Senior Content Developer: Michelle LLF ISBN: 978-1-337-68585-6 Ruelos Cannistraci Cengage Product Assistant: Jake Toth 20 Channel Center Street Boston, MA 02210 Marketing Director: Michelle McTighe USA Production Director: Patty Stephan Cengage is a leading provider of customized learning solutions with employees residing in nearly 40 different countries and sales Senior Content Project Manager: in more than 125 countries around the world. Find your local Brooke Greenhouse representative at www.cengage.com. Art Director: Diana Graham Cengage products are represented in Canada by Nelson Education, Ltd. Cover image(s): iStockPhoto.com/ To learn more about Cengage platforms and services, supernitram visit www.cengage.com Purchase any of our products at your local college store or at our preferred online store www.cengagebrain.com Notice to the Reader Publisher does not warrant or guarantee any of the products described herein or perform any independent analysis in connection with any of the product information contained herein. Publisher does not assume, and expressly disclaims, any obligation to obtain and include information other than that provided to it by the manufacturer. The reader is expressly warned to consider and adopt all safety precautions that might be indicated by the activities described herein and to avoid all potential hazards. By following the instructions contained herein, the reader willingly assumes all risks in connection with such instructions. The publisher makes no representations or warranties of any kind, including but not limited to, the warranties of fitness for particular purpose or merchantability, nor are any such representations implied with respect to the material set forth herein, and the publisher takes no responsibility with respect to such material. The publisher shall not be liable for any special, consequential, or exemplary damages resulting, in whole or part, from the readers’ use of, or reliance upon, this material. Some of the product names and company names used in this book have been used for identification purposes only and may be trademarks or registered trademarks of their respective manufacturers and sellers. Windows® is a registered trademark of Microsoft Corporation. Microsoft.is registered trademark of Microsoft Corporation in the United States and/or other countries. Cengage is an independent entity from Microsoft Corporation and not a ffiliated with Microsoft in any manner. Printed in the United States of America Print Number: 01 Print Year: 2017 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 88781_fm_hr_i-xxvi.indd 2 8/16/17 7:00 PM Brief Contents INTRODUCTION.............................................................................................xv PART 1 SECURITY AND ITS THREATS ..........................................................................1 CHAPTER 1 Introduction to Security ................................................................................3 CHAPTER 2 Malware and Social Engineering Attacks .................................................51 PART 2 CRYPTOGRAPHY ..........................................................................................97 CHAPTER 3 Basic Cryptography .....................................................................................99 CHAPTER 4 Advanced Cryptography and PKI ............................................................145 PART 3 NETWORK ATTACKS AND DEFENSES .......................................................189 CHAPTER 5 Networking and Server Attacks ..............................................................191 CHAPTER 6 Network Security Devices, Design, and Technology .............................233 CHAPTER 7 Administering a Secure Network ............................................................281 CHAPTER 8 Wireless Network Security .......................................................................321 PART 4 DEVICE SECURITY.......................................................................................371 CHAPTER 9 Client and Application Security ...............................................................373 iii Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 88781_fm_hr_i-xxvi.indd 3 8/16/17 7:01 PM iv Brief Contents CHAPTER 10 Mobile and Embedded Device Security ...................................................421 PART 5 IDENTITY AND ACCESS MANAGEMENT ....................................................469 CHAPTER 11 Authentication and Account Management ............................................471 CHAPTER 12 Access Management ..................................................................................521 PART 6 RISK MANAGEMENT ...................................................................................563 CHAPTER 13 Vulnerability Assessment and Data Security .........................................565 CHAPTER 14 Business Continuity ...................................................................................607 CHAPTER 15 Risk Mitigation ...........................................................................................651 APPENDIX A CompTIA SY0-501 Certification Exam Objectives ...................................691 GLOSSARY .........................................................................................................713 INDEX .................................................................................................................741 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 88781_fm_hr_i-xxvi.indd 4 8/16/17 7:01 PM Table of Contents INTRODUCTION...........................................................................................................xv PART 1 SECURITY AND ITS THREATS .....................................................1 CHAPTER 1 Introduction to Security ...........................................................3 Challenges of Securing Information ..................................................................8 Today’s Security Attacks ....................................................................................8 Reasons for Successful Attacks ........................................................................12 Difficulties in Defending Against Attacks .......................................................14 What Is Information Security? ..........................................................................17 Understanding Security ....................................................................................18 Defining Information Security .........................................................................18 Information Security Terminology ..................................................................21 Understanding the Importance of Information Security ................................24 Who Are the Threat Actors? ..............................................................................28 Script Kiddies ...................................................................................................29 Hactivists .........................................................................................................29 Nation State Actors ..........................................................................................30 Insiders ............................................................................................................30 Other Threat Actors ..........................................................................................31 Defending Against Attacks ...............................................................................32 Fundamental Security Principles ....................................................................32 Frameworks and Reference Architectures ......................................................35 Chapter Summary ..............................................................................................35 Key Terms ...........................................................................................................37 Review Questions...............................................................................................37 Case Projects ......................................................................................................46 CHAPTER 2 Malware and Social Engineering Attacks .............................51 Attacks Using Malware ......................................................................................53 Circulation........................................................................................................55 Infection ...........................................................................................................61 v Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 88781_fm_hr_i-xxvi.indd 5 8/16/17 7:01 PM vi Table of Contents Concealment ....................................................................................................65 Payload Capabilities .........................................................................................66 Social Engineering Attacks ................................................................................73 Psychological Approaches ...............................................................................74 Physical Procedures .........................................................................................80 Chapter Summary ..............................................................................................82 Key Terms ...........................................................................................................84 Review Questions ..............................................................................................84 Case Projects ......................................................................................................92 PART 2 CRYPTOGRAPHY ......................................................................97 CHAPTER 3 Basic Cryptography .................................................................99 Defining Cryptography ....................................................................................101 What Is Cryptography? ...................................................................................101 Cryptography and Security ............................................................................105 Cryptography Constraints ...............................................................................107 Cryptographic Algorithms ...............................................................................108 Hash Algorithms .............................................................................................110 Symmetric Cryptographic Algorithms ...........................................................113 Asymmetric Cryptographic Algorithms .........................................................116 Cryptographic Attacks .....................................................................................123 Algorithm Attacks ...........................................................................................123 Collision Attacks .............................................................................................125 Using Cryptography .........................................................................................126 Encryption through Software .........................................................................127 Hardware Encryption .....................................................................................128 Chapter Summary ............................................................................................130 Key Terms .........................................................................................................132 Review Questions.............................................................................................133 Case Projects ....................................................................................................142 CHAPTER 4 Advanced Cryptography and PKI ........................................145 Implementing Cryptography ..........................................................................147 Key Strength ....................................................................................................147 Secret Algorithms ...........................................................................................148 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 88781_fm_hr_i-xxvi.indd 6 8/16/17 7:01 PM Table of Contents vii Block Cipher Modes of Operation .................................................................149 Crypto Service Providers................................................................................150 Algorithm Input Values ..................................................................................151 Digital Certificates ...........................................................................................152 Defining Digital Certificates ............................................................................152 Managing Digital Certificates .........................................................................154 Types of Digital Certificates ............................................................................158 Public Key Infrastructure (PKI) .......................................................................165 What Is Public Key Infrastructure (PKI)? .......................................................166 Trust Models ..................................................................................................166 Managing PKI ..................................................................................................168 Key Management ............................................................................................171 Cryptographic Transport Protocols ...............................................................174 Secure Sockets Layer (SSL) ..............................................................................174 Transport Layer Security (TLS) .......................................................................175 Secure Shell (SSH) ...........................................................................................176 Hypertext Transport Protocol Secure (HTTPS) ...............................................176 Secure/Multipurpose Internet Mail Extensions (S/MIME) ............................177 Secure Real-time Transport Protocol (SRTP) ..................................................177 IP Security (IPsec) ...........................................................................................177 Chapter Summary ............................................................................................179 Key Terms .........................................................................................................181 Review Questions.............................................................................................181 Case Projects ....................................................................................................187 PART 3 NETWORK ATTACKS AND DEFENSES ....................................189 CHAPTER 5 Networking and Server Attacks ..........................................191 Networking-Based Attacks .............................................................................193 Interception ....................................................................................................194 Poisoning .......................................................................................................196 Server Attacks ..................................................................................................201 Denial of Service (DoS) ...................................................................................201 Web Server Application Attacks ....................................................................203 Hijacking ........................................................................................................209 Overflow Attacks ............................................................................................213 Advertising Attacks .........................................................................................215 Browser Vulnerabilities ..................................................................................218 Chapter Summary ............................................................................................222 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 88781_fm_hr_i-xxvi.indd 7 8/16/17 7:01 PM viii Table of Contents Key Terms .........................................................................................................223 Review Questions.............................................................................................223 Case Projects ....................................................................................................229 CHAPTER 6 Network Security Devices, Design, and Technology .........233 Security Through Network Devices ...............................................................235 Standard Network Devices ............................................................................236 Network Security Hardware ..........................................................................246 Security Through Network Architecture .......................................................260 Security Zones ...............................................................................................260 Network Segregation .....................................................................................263 Security Through Network Technologies ......................................................265 Network Access Control (NAC) ......................................................................265 Data Loss Prevention (DLP)............................................................................267 Chapter Summary ............................................................................................269 Key Terms .........................................................................................................271 Review Questions.............................................................................................271 Case Projects ....................................................................................................279 CHAPTER 7 Administering a Secure Network ........................................281 Secure Network Protocols ..............................................................................283 Simple Network Management Protocol (SNMP) ...........................................285 Domain Name System (DNS) ........................................................................286 File Transfer Protocol (FTP)............................................................................288 Secure Email Protocols ..................................................................................290 Using Secure Network Protocols ....................................................................291 Placement of Security Devices and Technologies ........................................292 Analyzing Security Data ..................................................................................295 Data from Security Devices ...........................................................................296 Data from Security Software .........................................................................297 Data from Security Tools ...............................................................................298 Issues in Analyzing Security Data .................................................................298 Managing and Securing Network Platforms ................................................300 Virtualization .................................................................................................300 Cloud Computing ...........................................................................................304 Software Defined Network (SDN) ..................................................................306 Chapter Summary ............................................................................................309 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203 88781_fm_hr_i-xxvi.indd 8 8/16/17 7:01 PM

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.