You are previewing CompTIA Security+™: Study Guide, Third Edition.
O'Reilly logo
CompTIA Security+™: Study Guide, Third Edition

Book Description

Take charge of your career with certification that can increase your marketability. This new edition of the top-selling Guide is what you need to prepare for CompTIA's Security+ SY0-101 exam.

Developed to meet the exacting requirements of today's certification candidates and aspiring IT security professionals, this fully updated, comprehensive book features:

  • Clear and concise information on crucial security topics.

  • Practical examples and hands-on labs to prepare you for actual on-the-job situations.

  • Authoritative coverage of all key exam topics including general security concepts; communication, infrastructure, operational, and organizational security; and cryptography basics.

The Guide covers all exam objectives, demonstrates implementation of important instructional design principles, and provides instructional reviews to help you assess your readiness for the exam. Additionally, the Guide includes a CD-ROM with advanced testing software, all chapter review questions, and bonus exams as well as electronic flashcards that run on your PC, Pocket PC, or Palm handheld.

Join the more than 20,000 security professionals who have earned this certification with the CompTIA authorized Study Guide.

Table of Contents

  1. Copyright
  2. Introduction
    1. Before You Begin
    2. Why Become Security+ Certified?
    3. How to Become a Security+ Certified Professional
    4. Who Should Buy This Book?
    5. How to Use This Book and the CD
    6. Exam Objectives
      1. 1.0 General Security Concepts
      2. 2.0 Communication Security
      3. 3.0 Infrastructure Security
      4. 4.0 Basics of Cryptography
      5. 5.0 Operational/Organizational Security
    7. Tips for Taking the Security+ Exam
    8. About the Authors
  3. Assessment Test
    1. Answers to Assessment Test
  4. 1. General Security Concepts
    1. 1.1. Understanding Information Security
      1. 1.1.1. Securing the Physical Environment
      2. 1.1.2. Examining Operational Security
      3. 1.1.3. Working with Management and Policies
        1. 1.1.3.1. Administrative Policies
        2. 1.1.3.2. Software Design Requirements
        3. 1.1.3.3. Disaster Recovery Plans
        4. 1.1.3.4. Information Policies
        5. 1.1.3.5. Security Policies
        6. 1.1.3.6. Usage Policies
        7. 1.1.3.7. User Management Policies
    2. 1.2. Understanding the Goals of Information Security
    3. 1.3. Comprehending the Security Process
      1. 1.3.1. Appreciating Antivirus Software
      2. 1.3.2. Implementing Access Control
        1. 1.3.2.1. Mandatory Access Control (MAC)
        2. 1.3.2.2. Discretionary Access Control (DAC)
        3. 1.3.2.3. Role-Based Access Control (RBAC)
      3. 1.3.3. Understanding Authentication
        1. 1.3.3.1. Username/Password
        2. 1.3.3.2. Password Authentication Protocol (PAP)
        3. 1.3.3.3. Challenge Handshake Authentication Protocol (CHAP)
        4. 1.3.3.4. Certificates
        5. 1.3.3.5. Security Tokens
        6. 1.3.3.6. Kerberos
        7. 1.3.3.7. Multi-Factor Authentication
        8. 1.3.3.8. Smart Cards
        9. 1.3.3.9. Biometrics
        10. 1.3.3.10. Authentication Issues to Consider
      4. 1.3.4. Understanding Networking Services and Protocols
        1. 1.3.4.1. Common Protocols and Services
        2. 1.3.4.2. Nonessential Protocols and Services to Avoid
    4. 1.4. Distinguishing Between Security Topologies
      1. 1.4.1. Setting Design Goals
        1. 1.4.1.1. Confidentiality
        2. 1.4.1.2. Integrity
        3. 1.4.1.3. Availability
        4. 1.4.1.4. Accountability
      2. 1.4.2. Creating Security Zones
        1. 1.4.2.1. The Internet
        2. 1.4.2.2. Intranets
        3. 1.4.2.3. Extranets
        4. 1.4.2.4. Demilitarized Zone (DMZ)
        5. 1.4.2.5. Designing Security Zones
      3. 1.4.3. Working with Newer Technologies
        1. 1.4.3.1. Virtual Local Area Networks (VLANs)
        2. 1.4.3.2. Network Address Translation (NAT)
        3. 1.4.3.3. Tunneling
      4. 1.4.4. Business Concerns to Be Aware Of
        1. 1.4.4.1. Asset Identification
        2. 1.4.4.2. Risk Assessment
        3. 1.4.4.3. Threat Identification
          1. 1.4.4.3.1. Internal Threats
          2. 1.4.4.3.2. External Threats
        4. 1.4.4.4. Vulnerabilities
    5. 1.5. Summary
    6. 1.6. Exam Essentials
    7. 1.7. Hands-On Labs
      1. 1.7.1. Lab 1.1: Update a Linux System
      2. 1.7.2. Lab 1.2: Update a Windows-Based System
    8. 1.8. Review Questions
    9. 1.9. Answers to Review Questions
  5. 2. Identifying Potential Risks
    1. 2.1. Calculating Attack Strategies
      1. 2.1.1. Types of Access Attacks
      2. 2.1.2. Recognizing Modification and Repudiation Attacks
      3. 2.1.3. Identifying Denial-of-Service (DoS) and Distributed DoS (DDoS) Attacks
    2. 2.2. Recognizing Common Attacks
      1. 2.2.1. Back Door Attacks
      2. 2.2.2. Spoofing Attacks
      3. 2.2.3. Man-in-the-Middle Attacks
      4. 2.2.4. Replay Attacks
      5. 2.2.5. Password-Guessing Attacks
    3. 2.3. Identifying TCP/IP Security Concerns
      1. 2.3.1. Working with the TCP/IP Protocol Suite
        1. 2.3.1.1. The Application Layer
        2. 2.3.1.2. The Host-to-Host or Transport Layer
        3. 2.3.1.3. The Internet Layer
        4. 2.3.1.4. The Network Interface Layer
      2. 2.3.2. Encapsulation
      3. 2.3.3. Working with Protocols and Services
        1. 2.3.3.1. Well-Known Ports
        2. 2.3.3.2. TCP Three-Way Handshake
        3. 2.3.3.3. Application Interfaces
      4. 2.3.4. Recognizing TCP/IP Attacks
        1. 2.3.4.1. Sniffing the Network
        2. 2.3.4.2. Scanning Ports
        3. 2.3.4.3. TCP Attacks
          1. 2.3.4.3.1. TCP SYN or TCP ACK Flood Attack
          2. 2.3.4.3.2. TCP Sequence Number Attack
          3. 2.3.4.3.3. TCP/IP Hijacking
        4. 2.3.4.4. UDP Attacks
          1. 2.3.4.4.1. ICMP Attacks
          2. 2.3.4.4.2. Smurf Attacks
          3. 2.3.4.4.3. ICMP Tunneling
    4. 2.4. Understanding Software Exploitation
    5. 2.5. Surviving Malicious Code
      1. 2.5.1. Viruses
        1. 2.5.1.1. Symptoms of a Virus Infection
        2. 2.5.1.2. How Viruses Work
        3. 2.5.1.3. Types of Viruses
          1. 2.5.1.3.1. Polymorphic Virus
          2. 2.5.1.3.2. Stealth Virus
          3. 2.5.1.3.3. Retrovirus
          4. 2.5.1.3.4. Multipartite Virus
          5. 2.5.1.3.5. Armored Virus
          6. 2.5.1.3.6. Companion Virus
          7. 2.5.1.3.7. Phage Virus
          8. 2.5.1.3.8. Macro Virus
        4. 2.5.1.4. Virus Transmission in a Network
        5. 2.5.1.5. Identifying Hoaxes
      2. 2.5.2. Trojan Horses
      3. 2.5.3. Logic Bombs
      4. 2.5.4. Worms
      5. 2.5.5. Antivirus Software
    6. 2.6. Understanding Social Engineering
    7. 2.7. An Introduction to Auditing Processes and Files
    8. 2.8. Summary
    9. 2.9. Exam Essentials
    10. 2.10. Hands-On Labs
      1. 2.10.1. Lab 2.1: Identify Running Processes on a Windows-Based Machine
      2. 2.10.2. Lab 2.2: Identify Running Processes on a Linux-Based Machine
    11. 2.11. Review Questions
    12. 2.12. Answers to Review Questions
  6. 3. Infrastructure and Connectivity
    1. 3.1. Understanding Infrastructure Security
      1. 3.1.1. Working with Hardware Components
      2. 3.1.2. Working with Software Components
    2. 3.2. Understanding the Different Network Infrastructure Devices
      1. 3.2.1. Firewalls
        1. 3.2.1.1. Packet Filter Firewalls
        2. 3.2.1.2. Proxy Firewalls
        3. 3.2.1.3. Stateful Inspection Firewalls
      2. 3.2.2. Hubs
      3. 3.2.3. Routers
      4. 3.2.4. Switches
      5. 3.2.5. Wireless Access Points
      6. 3.2.6. Modems
      7. 3.2.7. Remote Access Services
      8. 3.2.8. Telecom/PBX Systems
      9. 3.2.9. Virtual Private Networks
    3. 3.3. Monitoring and Diagnosing Networks
      1. 3.3.1. Network Monitors
        1. 3.3.1.1. Intrusion Detection Systems (IDSs)
    4. 3.4. Securing Workstations and Servers
    5. 3.5. Understanding Mobile Devices
    6. 3.6. Understanding Remote Access
      1. 3.6.1. Using the Point-to-Point Protocol
      2. 3.6.2. Tunneling Protocols
      3. 3.6.3. 802.1x Wireless Protocols
      4. 3.6.4. RADIUS
      5. 3.6.5. TACACS/+
    7. 3.7. Securing Internet Connections
      1. 3.7.1. Working with Ports and Sockets
      2. 3.7.2. Working with E-mail
      3. 3.7.3. Working with the Web
        1. 3.7.3.1. Secure Web Connections
        2. 3.7.3.2. Vulnerabilities of Web Add-ins
          1. 3.7.3.2.1. JavaScript
          2. 3.7.3.2.2. Java Applets
          3. 3.7.3.2.3. Signed Applets
          4. 3.7.3.2.4. ActiveX
          5. 3.7.3.2.5. Buffer Overflows
          6. 3.7.3.2.6. Cookies
          7. 3.7.3.2.7. Common Gateway Interface (CGI)
          8. 3.7.3.2.8. SMTP Relay
      4. 3.7.4. Working with the File Transfer Protocol
        1. 3.7.4.1. Blind/Anonymous FTP
        2. 3.7.4.2. Secure FTP (S/FTP)
        3. 3.7.4.3. Sharing Files
        4. 3.7.4.4. FTP's Vulnerability
    8. 3.8. Understanding SNMP and Other TCP/IP Protocols
    9. 3.9. The Basics of Cabling, Wires, and Communications
      1. 3.9.1. Coax
      2. 3.9.2. Unshielded Twisted Pair and Shielded Twisted Pair
      3. 3.9.3. Fiber Optic
      4. 3.9.4. Infrared
      5. 3.9.5. Radio Frequencies
      6. 3.9.6. Microwave Systems
    10. 3.10. Employing Removable Media
      1. 3.10.1. Tape
      2. 3.10.2. CD-R
      3. 3.10.3. Hard Drives
      4. 3.10.4. Diskettes
      5. 3.10.5. Flash Cards
      6. 3.10.6. Smart Cards
    11. 3.11. Summary
    12. 3.12. Exam Essentials
    13. 3.13. Hands-On Labs
      1. 3.13.1. Lab 3.1: Examine the Windows Routing Table
      2. 3.13.2. Lab 3.2: Examine the Linux Routing Table
    14. 3.14. Review Questions
    15. 3.15. Answers to Review Questions
  7. 4. Monitoring Activity and Intrusion Detection
    1. 4.1. Monitoring the Network
      1. 4.1.1. Recognizing the Different Types of Network Traffic
        1. 4.1.1.1. TCP/IP
        2. 4.1.1.2. Novell Protocols
        3. 4.1.1.3. Microsoft Protocols
          1. 4.1.1.3.1. NetBIOS
          2. 4.1.1.3.2. NetBEUI
          3. 4.1.1.3.3. WINS Service
        4. 4.1.1.4. Network File System Protocol
        5. 4.1.1.5. The Apple Protocol
      2. 4.1.2. Monitoring Network Systems
    2. 4.2. Understanding Intrusion Detection Systems
      1. 4.2.1. Working with a Network-Based IDS
        1. 4.2.1.1. Implementing a Passive Response
        2. 4.2.1.2. Implementing an Active Response
      2. 4.2.2. Working with a Host-Based IDS
      3. 4.2.3. Utilizing Honey Pots
      4. 4.2.4. Understanding Incident Response
        1. 4.2.4.1. Step One: Identifying the Incident
        2. 4.2.4.2. Step Two: Investigating the Incident
        3. 4.2.4.3. Step Three: Repairing the Damage
        4. 4.2.4.4. Step Four: Documenting the Response
        5. 4.2.4.5. Step Five: Adjusting Procedures
    3. 4.3. Working with Wireless Systems
      1. 4.3.1. Wireless Transport Layer Security
      2. 4.3.2. IEEE 802.11x Wireless Protocols
      3. 4.3.3. WEP/WAP
        1. 4.3.3.1. WAP
        2. 4.3.3.2. WEP
      4. 4.3.4. Wireless Vulnerabilities to Know
    4. 4.4. Understanding Instant Messaging's Features
      1. 4.4.1. IM Vulnerabilities
      2. 4.4.2. Controlling Privacy
    5. 4.5. Working with 8.3 File Naming
    6. 4.6. Understanding Packet Sniffing
    7. 4.7. Understanding Signal Analysis and Intelligence
      1. 4.7.1. Footprinting
      2. 4.7.2. Scanning
    8. 4.8. Summary
    9. 4.9. Exam Essentials
    10. 4.10. Hands-On Labs
      1. 4.10.1. Lab 4.1: View the Active TCP and UDP Ports
      2. 4.10.2. Lab 4.2: Run Windows Network Monitor
      3. 4.10.3. Lab 4.3: Install snort in Linux
      4. 4.10.4. Lab 4.4: Make File Extensions Visible in Windows XP
      5. 4.10.5. Lab 4.5: Monitor Network Traffic in Linux
    11. 4.11. Review Questions
    12. 4.12. Answers to Review Questions
  8. 5. Implementing and Maintaining a Secure Network
    1. 5.1. Overview of Network Security Threats
    2. 5.2. Defining Security Baselines
    3. 5.3. Hardening the OS and NOS
      1. 5.3.1. Configuring Network Protocols
        1. 5.3.1.1. Network Binding
        2. 5.3.1.2. NetBEUI
        3. 5.3.1.3. TCP/IP
        4. 5.3.1.4. IPX/SPX
      2. 5.3.2. Hardening Microsoft Windows 2000
      3. 5.3.3. Hardening Microsoft Windows XP
      4. 5.3.4. Hardening Windows Server 2003
      5. 5.3.5. Hardening Unix/Linux
      6. 5.3.6. Hardening Novell NetWare
      7. 5.3.7. Hardening Apple Macintosh
      8. 5.3.8. Hardening Filesystems
      9. 5.3.9. Updating Your Operating System
        1. 5.3.9.1. Hotfixes
        2. 5.3.9.2. Service Packs and Support Packs
        3. 5.3.9.3. Patches
    4. 5.4. Hardening Network Devices
      1. 5.4.1. Updating Network Devices
      2. 5.4.2. Configuring Routers and Firewalls
        1. 5.4.2.1. Enabling and Disabling Services and Protocols
        2. 5.4.2.2. Working with Access Control Lists
    5. 5.5. Hardening Applications
      1. 5.5.1. Hardening Web Servers
      2. 5.5.2. Hardening E-Mail Servers
      3. 5.5.3. Hardening FTP Servers
      4. 5.5.4. Hardening DNS Servers
      5. 5.5.5. Hardening NNTP Servers
      6. 5.5.6. Hardening File and Print Servers and Services
      7. 5.5.7. Hardening DHCP Services
      8. 5.5.8. Working with Data Repositories
        1. 5.5.8.1. Directory Services
          1. 5.5.8.1.1. LDAP
          2. 5.5.8.1.2. Active Directory
          3. 5.5.8.1.3. X.500
          4. 5.5.8.1.4. eDirectory
        2. 5.5.8.2. Databases
          1. 5.5.8.2.1. Database Technologies
    6. 5.6. Summary
    7. 5.7. Exam Essentials
    8. 5.8. Hands-On Labs
      1. 5.8.1. Lab 5.1: Install OpenLDAP on a SuSE Server
      2. 5.8.2. Lab 5.2: Work with Performance Monitor and Windows
      3. 5.8.3. Lab 5.3: Work with Unix/Linux Networking
      4. 5.8.4. Lab 5.4: Install and Configure the E-mail Service on a SuSE Server
    9. 5.9. Review Questions
    10. 5.10. Answers to Review Questions
  9. 6. Securing the Network and Environment
    1. 6.1. Understanding Physical and Network Security
      1. 6.1.1. Implementing Access Control
        1. 6.1.1.1. Physical Barriers
          1. 6.1.1.1.1. Perimeter Security
          2. 6.1.1.1.2. Security Zones
          3. 6.1.1.1.3. Partitioning
        2. 6.1.1.2. Biometrics
      2. 6.1.2. Understanding Social Engineering
      3. 6.1.3. Scanning the Environment
        1. 6.1.3.1. Wireless Cells
        2. 6.1.3.2. Location
          1. 6.1.3.2.1. Environmental Systems
          2. 6.1.3.2.2. Power Systems
        3. 6.1.3.3. Shielding
          1. 6.1.3.3.1. Electromagnetic Interference and Radio Frequency Interference
        4. 6.1.3.4. Fire Suppression
          1. 6.1.3.4.1. Fire Extinguishers
          2. 6.1.3.4.2. Fixed Systems
    2. 6.2. Understanding Business Continuity Planning
      1. 6.2.1. Undertaking Business Impact Analysis
      2. 6.2.2. Assessing Risk
    3. 6.3. Developing Policies, Standards, and Guidelines
      1. 6.3.1. Implementing Policies
      2. 6.3.2. Incorporating Standards
      3. 6.3.3. Following Guidelines
    4. 6.4. Working with Security Standards and ISO 17799
    5. 6.5. Classifying Information
      1. 6.5.1. Public Information
        1. 6.5.1.1. Limited Distribution
        2. 6.5.1.2. Full Distribution
      2. 6.5.2. Private Information
        1. 6.5.2.1. Internal Information
        2. 6.5.2.2. Restricted Information
      3. 6.5.3. Roles in the Security Process
      4. 6.5.4. Information Access Controls
        1. 6.5.4.1. Bell La-Padula Model
        2. 6.5.4.2. The Biba Model
        3. 6.5.4.3. The Clark-Wilson Model
        4. 6.5.4.4. Information Flow Model
        5. 6.5.4.5. Noninterference Model
    6. 6.6. Summary
    7. 6.7. Exam Essentials
    8. 6.8. Hands-On Lab
      1. 6.8.1. Lab 6.1: Test Social Engineering
    9. 6.9. Review Questions
    10. 6.10. Answers to Review Questions
  10. 7. Cryptography Basics, Methods, and Standards
    1. 7.1. An Overview of Cryptography
      1. 7.1.1. Understanding Physical Cryptography
        1. 7.1.1.1. Substitution Ciphers
        2. 7.1.1.2. Transposition Ciphers
        3. 7.1.1.3. Steganography
        4. 7.1.1.4. Hybrid Systems
      2. 7.1.2. Understanding Mathematical Cryptography
        1. 7.1.2.1. Working with Passwords
      3. 7.1.3. Understanding Quantum Cryptography
      4. 7.1.4. Uncovering the Myth of Unbreakable Codes
    2. 7.2. Understanding Cryptographic Algorithms
      1. 7.2.1. The Science of Hashing
      2. 7.2.2. Working with Symmetric Algorithms
      3. 7.2.3. Working with Asymmetric Algorithms
    3. 7.3. Using Cryptographic Systems
      1. 7.3.1. Confidentiality
      2. 7.3.2. Integrity
        1. 7.3.2.1. Using Digital Signatures
      3. 7.3.3. Authentication
      4. 7.3.4. Nonrepudiation
      5. 7.3.5. Access Control
    4. 7.4. Using Public Key Infrastructure
      1. 7.4.1. Using a Certificate Authority
      2. 7.4.2. Working with Registration Authorities and Local Registration Authorities
      3. 7.4.3. Implementing Certificates
        1. 7.4.3.1. X.509
        2. 7.4.3.2. Certificate Policies
        3. 7.4.3.3. Certificate Practice Statements
      4. 7.4.4. Understanding Certificate Revocation
      5. 7.4.5. Implementing Trust Models
        1. 7.4.5.1. Hierarchical Trust Models
        2. 7.4.5.2. Bridge Trust Models
        3. 7.4.5.3. Mesh Trust Models
        4. 7.4.5.4. Hybrid Trust Model
    5. 7.5. Preparing for Cryptographic Attacks
    6. 7.6. Understanding Cryptography Standards and Protocols
      1. 7.6.1. The Origins of Encryption Standards
        1. 7.6.1.1. The Role of Governmental Agencies
          1. 7.6.1.1.1. NSA
          2. 7.6.1.1.2. NSA/CSS
          3. 7.6.1.1.3. NIST
        2. 7.6.1.2. Industry Associations and the Development Process
          1. 7.6.1.2.1. ABA
          2. 7.6.1.2.2. IETF
          3. 7.6.1.2.3. ISOC
          4. 7.6.1.2.4. W3C
          5. 7.6.1.2.5. ITU
          6. 7.6.1.2.6. CCITT
          7. 7.6.1.2.7. IEEE
        3. 7.6.1.3. Using Public Domain Cryptography
      2. 7.6.2. PKIX/PKCS
      3. 7.6.3. X.509
      4. 7.6.4. SSL and TLS
      5. 7.6.5. CMP
      6. 7.6.6. S/MIME
      7. 7.6.7. SET
      8. 7.6.8. SSH
      9. 7.6.9. PGP
      10. 7.6.10. HTTPS
      11. 7.6.11. S-HTTP
      12. 7.6.12. IPSec
      13. 7.6.13. FIPS
      14. 7.6.14. Common Criteria
      15. 7.6.15. WTLS
      16. 7.6.16. WEP
      17. 7.6.17. ISO 17799
    7. 7.7. Understanding Key Management and the Key Life Cycle
      1. 7.7.1. Comparing Centralized and Decentralized Key Generation
        1. 7.7.1.1. Centralized Key Generation
        2. 7.7.1.2. Decentralized Key Generation
        3. 7.7.1.3. Comprising with Split-System Key Generation
      2. 7.7.2. Storing and Distributing Keys
        1. 7.7.2.1. Private Key Protection
      3. 7.7.3. Using Key Escrow
      4. 7.7.4. Key Expiration
      5. 7.7.5. Revoking Keys
      6. 7.7.6. Suspending Keys
      7. 7.7.7. Recovering and Archiving Keys
      8. 7.7.8. Renewing Keys
      9. 7.7.9. Destroying Keys
      10. 7.7.10. Key Usage
    8. 7.8. Summary
    9. 7.9. Exam Essentials
    10. 7.10. Hands-On Labs
      1. 7.10.1. Lab 7.1: Hash Rules in Windows Server 2003
      2. 7.10.2. Lab 7.2: SSL Settings in Windows Server 2003
      3. 7.10.3. Lab 7.3: Encrypting a File System in Linux
      4. 7.10.4. Lab 7.4: Look for Errors in IPSec Performance Statistics
    11. 7.11. Review Questions
    12. 7.12. Answers to Review Questions
  11. 8. Security Policies and Procedures
    1. 8.1. Understanding Business Continuity
      1. 8.1.1. Utilities
      2. 8.1.2. High Availability
        1. 8.1.2.1. Redundancy
        2. 8.1.2.2. Fault Tolerance
        3. 8.1.2.3. Redundant Arrays of Independent Disks (RAID)
      3. 8.1.3. Disaster Recovery
        1. 8.1.3.1. Depending On Backups
        2. 8.1.3.2. Crafting a Disaster-Recovery Plan
          1. 8.1.3.2.1. Backup Plan Issues
          2. 8.1.3.2.2. Knowing the Backup Types
          3. 8.1.3.2.3. Developing a Backup Plan
          4. 8.1.3.2.4. Recovering a System
          5. 8.1.3.2.5. Planning for Alternate Sites
    2. 8.2. Reinforcing Vendor Support
      1. 8.2.1. Service-Level Agreements (SLAs)
      2. 8.2.2. Code Escrow
    3. 8.3. Generating Policies and Procedures
      1. 8.3.1. Human Resource Policies
        1. 8.3.1.1. Hiring Policies
        2. 8.3.1.2. Termination Policies
        3. 8.3.1.3. Ethics Policies
        4. 8.3.1.4. Acceptable-Use Policies
        5. 8.3.1.5. Privacy and Compartmentalized Information Policies
        6. 8.3.1.6. Need-to-Know Policies
        7. 8.3.1.7. Conducting Background Investigations
      2. 8.3.2. Business Policies
        1. 8.3.2.1. Separation-of-Duties Policies
        2. 8.3.2.2. Due Care Policies
        3. 8.3.2.3. Physical Access Control Policies
        4. 8.3.2.4. Document Disposal and Destruction Policies
      3. 8.3.3. Certificate Policies
      4. 8.3.4. Incident-Response Policies
    4. 8.4. Enforcing Privilege Management
      1. 8.4.1. User and Group Role Management
      2. 8.4.2. Privilege Escalation
      3. 8.4.3. Single Sign-On
      4. 8.4.4. Privilege Decision Making
      5. 8.4.5. Auditing
        1. 8.4.3.1. Privilege Auditing
        2. 8.4.3.2. Usage Auditing
        3. 8.4.3.3. Escalation Audits
        4. 8.4.3.4. Reporting to Management
      6. 8.4.6. Access Control
        1. 8.4.6.1. Mandatory Access Control
        2. 8.4.6.2. Discretionary Access Control
        3. 8.4.6.3. Role-Based Access Control
    5. 8.5. Summary
    6. 8.6. Exam Essentials
    7. 8.7. Hands-On Labs
      1. 8.7.1. Lab 8.1: Use Automated System Recovery in Windows Server 2003
      2. 8.7.2. Lab 8.2: Create a Rescue Disk in Linux
      3. 8.7.3. Lab 8.3: Create a Backup with SuSE Linux
    8. 8.8. Review Questions
    9. 8.9. Answers to Review Questions
  12. 9. Security Management
    1. 9.1. Understanding Computer Forensics
      1. 9.1.1. Methodology of a Forensic Investigation
        1. 9.1.1.1. Acquiring the Evidence
        2. 9.1.1.2. Authenticating the Evidence
        3. 9.1.1.3. Analyzing the Evidence
      2. 9.1.2. Enforcing the Chain of Custody
      3. 9.1.3. Preserving Evidence
      4. 9.1.4. Collecting Evidence
    2. 9.2. Understanding Security Management
      1. 9.2.1. Drafting Best Practices and Documentation
        1. 9.2.1.1. Using Policies and Procedures
          1. 9.2.1.1.1. Information Classification and Notification Policies
          2. 9.2.1.1.2. Information Retention and Storage Policies
          3. 9.2.1.1.3. Information Destruction Policies
          4. 9.2.1.1.4. Security Policy
          5. 9.2.1.1.5. Use Policy
          6. 9.2.1.1.6. Backup Policy
          7. 9.2.1.1.7. Configuration Management Policies
          8. 9.2.1.1.8. Logs and Inventories
          9. 9.2.1.1.9. System Architecture
          10. 9.2.1.1.10. Change Documentation
          11. 9.2.1.1.11. User Management
        2. 9.2.1.2. Allocating Resources
        3. 9.2.1.3. Defining Responsibility
        4. 9.2.1.4. Minimizing Mistakes
        5. 9.2.1.5. Enforcing the Policies and Procedures
    3. 9.3. Understanding Security Awareness and Education
      1. 9.3.1. Using Communication and Awareness
      2. 9.3.2. Providing Education
    4. 9.4. Staying on Top of Security
      1. 9.4.1. Websites
      2. 9.4.2. Trade Publications
    5. 9.5. Regulating Privacy and Security
      1. 9.5.1. Health Insurance Portability and Accountability Act
      2. 9.5.2. Gramm-Leach-Bliley Act of 1999
      3. 9.5.3. Computer Fraud and Abuse Act
      4. 9.5.4. Family Educational Rights and Privacy Act
      5. 9.5.5. Computer Security Act of 1987
      6. 9.5.6. Cyberspace Electronic Security Act
      7. 9.5.7. Cyber Security Enhancement Act
      8. 9.5.8. Patriot Act
      9. 9.5.9. Familiarizing Yourself with International Efforts
    6. 9.6. Summary
    7. 9.7. Exam Essentials
    8. 9.8. Hands-On Labs
      1. 9.8.1. Lab 9.1: Configure Windows Automatic Updates
      2. 9.8.2. Lab 9.2: Configure Linux Automatic Updates
    9. 9.9. Review Questions
    10. 9.10. Answers to Review Questions
  13. Glossary