You are previewing CompTIA Security+ All-in-One Exam Guide, Third Edition.
O'Reilly logo
CompTIA Security+ All-in-One Exam Guide, Third Edition

Book Description

Get complete coverage of all the objectives included on CompTIA Security+ exam inside this completely updated, comprehensive volume. Written by leading network security experts, this definitive guide covers exam SY0-301 in full detail. You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this practical resource also serves as an essential on-the-job reference.

Covers all exam topics, including:

• General security concepts

• Operational organizational security

• Legal issues, privacy, and ethics

• Cryptography

• Public key infrastructure

• Standards and protocols

• Physical security

• Infrastructure security

• Remote access and authentication

• Intrusion detection systems

• Security baselines

• Types of attacks and malicious software

• E-mail and instant messaging

• Web components

• Disaster recovery and business continuity

• Risk, change, and privilege management

• Computer forensics

CD-ROM features:

• Two full practice exams

• PDF copy of the book

The ebook version does not provide access to the companion files.

Table of Contents

  1. Title Page
  2. Copyright Page
  3. ABOUT THE AUTHORS
  4. Dedication
  5. CONTENTS AT A GLANCE
  6. CONTENTS
  7. PREFACE
  8. ACKNOWLEDGMENTS
  9. INTRODUCTION
  10. Part I Security Concepts
    1. Chapter 1 General Security Concepts
      1. The Security+ Exam
      2. Basic Security Terminology
      3. Chapter Review
    2. Chapter 2 Operational Organizational Security
      1. Policies, Standards, Guidelines, and Procedures
      2. The Security Perimeter
      3. Logical Access Controls
      4. Organizational Policies and Procedures
      5. Chapter Review
    3. Chapter 3 Legal Issues, Privacy, and Ethics
      1. Cybercrime
      2. Privacy
      3. Ethics
      4. Chapter Review
  11. Part II Cryptography and Applications
    1. Chapter 4 Cryptography
      1. Algorithms
      2. Hashing
      3. Symmetric Encryption
      4. Asymmetric Encryption
      5. Quantum Cryptography
      6. Steganography
      7. Cryptography Algorithm Use
      8. Chapter Review
    2. Chapter 5 Public Key Infrastructure
      1. The Basics of Public Key Infrastructures
      2. Certificate Authorities
      3. Registration Authorities
      4. Certificate Repositories
      5. Trust and Certificate Verification
      6. Digital Certificates
      7. Centralized or Decentralized Infrastructures
      8. Private Key Protection
      9. Public Certificate Authorities
      10. In-house Certificate Authorities
      11. Outsourced Certificate Authorities
      12. Tying Different PKIs Together
      13. Chapter Review
    3. Chapter 6 Standards and Protocols
      1. PKIX/PKCS
      2. X.509
      3. SSL/TLS
      4. ISAKMP
      5. CMP
      6. XKMS
      7. S/MIME
      8. PGP
      9. HTTPS
      10. IPsec
      11. CEP
      12. FIPS
      13. Common Criteria (CC)
      14. WTLS
      15. PPTP
      16. WEP
      17. ISO/IEC 27002 (Formerly ISO 17799)
      18. Chapter Review
  12. Part III Security in the Infrastructure
    1. Chapter 7 Physical Security
      1. The Security Problem
      2. Physical Security Safeguards
      3. Chapter Review
    2. Chapter 8 Infrastructure Security
      1. Devices
      2. Media
      3. Security Concerns for Transmission Media
      4. Removable Media
      5. The Cloud
      6. Security Topologies
      7. Tunneling
      8. Chapter Review
    3. Chapter 9 Authentication and Remote Access
      1. The Remote Access Process
      2. IEEE 802.1X
      3. RADIUS
      4. TACACS+
      5. L2TP and PPTP
      6. NT LAN Manager
      7. Telnet
      8. FTP/FTPS/SFTP
      9. SSH
      10. IEEE 802.11
      11. VPNs
      12. IPsec
      13. Vulnerabilities
      14. Chapter Review
    4. Chapter 10 Wireless Security
      1. Wireless Networking
      2. Chapter Review
  13. Part IV Security in Transmissions
    1. Chapter 11 Intrusion Detection Systems
      1. History of Intrusion Detection Systems
      2. IDS Overview
      3. Host-based IDSs
      4. PC-based Malware Protection
      5. Network-based IDSs
      6. Signatures
      7. False Positives and Negatives
      8. IDS Models
      9. Intrusion Prevention Systems
      10. Honeypots and Honeynets
      11. Firewalls
      12. Web Application Firewalls vs. Network Firewalls
      13. Proxy Servers
      14. Internet Content Filters
      15. Web Security Gateway
      16. Protocol Analyzers
      17. Network Mappers
      18. Anti-spam
      19. All-in-one Security Appliances
      20. Chapter Review
    2. Chapter 12 Security Baselines
      1. Overview Baselines
      2. Password Selection
      3. Operating System and Network Operating System Hardening
      4. Network Hardening
      5. Application Hardening
      6. Group Policies
      7. Chapter Review
    3. Chapter 13 Types of Attacks and Malicious Software
      1. Avenues of Attack
      2. Attacking Computer Systems and Networks
      3. Auditing
      4. Chapter Review
    4. Chapter 14 E-Mail and Instant Messaging
      1. Security of E-Mail
      2. Malicious Code
      3. Hoax E-Mails
      4. Unsolicited Commercial E-Mail (Spam)
      5. Mail Encryption
      6. Instant Messaging
      7. Chapter Review
    5. Chapter 15 Web Components
      1. Current Web Components and Concerns
      2. Protocols
      3. Code-Based Vulnerabilities
      4. Application-Based Weaknesses
      5. Chapter Review
  14. Part V Operational Security
    1. Chapter 16 Disaster Recovery and Business Continuity
      1. Disaster Recovery
      2. Chapter Review
    2. Chapter 17 Risk Management
      1. An Overview of Risk Management
      2. What Is Risk Management?
      3. Business Risks
      4. Risk Management Models
      5. Qualitatively Assessing Risk
      6. Quantitatively Assessing Risk
      7. Qualitative vs. Quantitative Risk Assessment
      8. Tools
      9. Chapter Review
    3. Chapter 18 Change Management
      1. Why Change Management?
      2. The Key Concept: Separation (Segregation) of Duties
      3. Elements of Change Management
      4. Implementing Change Management
      5. The Capability Maturity Model Integration
      6. Chapter Review
    4. Chapter 19 Privilege Management
      1. User, Group, and Role Management
      2. Password Policies
      3. Single Sign-On
      4. Centralized vs. Decentralized Management
      5. Auditing (Privilege, Usage, and Escalation)
      6. Logging and Auditing of Log Files
      7. Handling Access Control (MAC, DAC, and RBAC)
      8. Permissions and Rights in Windows Operating Systems
      9. Chapter Review
    5. Chapter 20 Computer Forensics
      1. Evidence
      2. Collecting Evidence
      3. Chain of Custody
      4. Free Space vs. Slack Space
      5. Message Digest and Hash
      6. Analysis
      7. Chapter Review
  15. Part VI Appendixes
    1. Appendix A OSI Model and Internet Protocols
      1. Networking Frameworks and Protocols
      2. OSI Model
      3. Internet Protocols
      4. Review
    2. Appendix B About the CD
      1. System Requirements
      2. LearnKey Online Training
      3. Installing and Running MasterExam
      4. Electronic Book
      5. Help
      6. Removing Installation(s)
      7. Technical Support
  16. GLOSSARY
  17. INDEX