You are previewing GSEC GIAC Security Essentials Certification All-in-One Exam Guide.
O'Reilly logo
GSEC GIAC Security Essentials Certification All-in-One Exam Guide

Book Description

"All-in-One Is All You Need."

Get complete coverage of all the objectives on Global Information Assurance Certification's Security Essentials (GSEC) exam inside this comprehensive resource. GSEC GIAC Security Essentials Certification All-in-One Exam Guide provides learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this authoritative resource also serves as an essential on-the-job reference.

COVERS ALL EXAM TOPICS, INCLUDING:

  • Networking fundamentals
  • Network design
  • Authentication and access control
  • Network security
  • Linux and Windows
  • Encryption
  • Risk management
  • Virtual machines
  • Vulnerability control
  • Malware
  • Physical security
  • Wireless technologies
  • VoIP

ELECTRONIC CONTENT FEATURES:

  • TWO PRACTICE EXAMS
  • AUTHOR VIDEOS
  • PDF eBOOK

Table of Contents

  1. Cover 
  2. Title Page
  3. Copyright Page
  4. About the Author
    1. About the Technical Editor
  5. Contents at a Glance
  6. Contents 
  7. Acknowledgments
  8. Introduction
  9. Chapter 1: Information Security and the GIAC Security Essentials Certification
    1. The Evolution and Importance of Security
    2. Types of Security Threats
      1. Malware
      2. Identity Theft
      3. Mobile Devices
      4. Denial of Service
      5. Insider Threats
    3. About SANS
    4. About the GSEC Certification
      1. Who the Exam Is For
      2. About the Exam
      3. The Purpose of This Book
  10. Chapter 2: Networking Fundamentals
    1. History of TCP/IP
    2. Networking Stacks
      1. The OSI Model
      2. TCP/IP Architecture
    3. Protocols
    4. Internet Protocol
      1. IP Version 4 Headers
      2. Addressing
      3. Fragmentation
      4. Internet Protocol Version 6
    5. Internet Control Message Protocol (ICMP)
    6. Transmission Control Protocol (TCP)
      1. Reliable Delivery
      2. The Mitnick–Shimomura Attack
    7. User Datagram Protocol (UDP)
    8. Domain Name System (DNS)
    9. Chapter Review
    10. Questions
    11. Answers
    12. Exercise Answers
  11. Chapter 3: Network Design
    1. Cable Types
      1. Coaxial Cable
      2. Twisted Pair
      3. Fiber Optics
    2. Topologies
      1. Bus Topology
      2. Star Topology
      3. Mesh Topology
      4. Full Mesh Topology
      5. Ring Topology
    3. Switching
      1. Ethernet
      2. Asynchronous Transfer Mode (ATM)
      3. Hubs, Bridges, and Switches
    4. Routing
      1. Distance Vector Routing
      2. Link-State Routing
    5. Security Mechanisms
      1. Routers
      2. Firewalls
      3. Intrusion Detection Systems
    6. Chapter Review
    7. Questions
    8. Answers
    9. Exercise 3-1 Answer
  12. Chapter 4: Authentication and Access Control
    1. Authentication
      1. Credentials
      2. Token-Based Authentication
      3. Biometrics
      4. RADIUS
      5. TACACS/TACACS+
      6. Web-Based Authentication
      7. Basic Authentication
      8. Multifactor Authentication
    2. Authorization
      1. Principle of Least Privilege
    3. Accounting
    4. Access Control
      1. Discretionary Access Control
      2. Mandatory Access Control
      3. Role-Based Access Control
      4. Attribute-Based Access Control
      5. Single Sign-On
    5. Chapter Review
    6. Questions
    7. Answers
    8. Exercise 4-1 Answer
  13. Chapter 5: Network Security
    1. Common Attacks
      1. Protocol Attacks
      2. Malware
      3. Network Attacks
      4. Web-Based Attacks
      5. Phishing and Drive-by Downloading
    2. Defense in Depth
      1. Security Through Obscurity
    3. Firewalls
      1. Network-Based Firewalls
      2. Host-Based Firewalls
    4. Intrusion Defense
      1. Intrusion Detection
      2. Intrusion Prevention
    5. Anti-Virus Software
    6. Vulnerability Management
      1. Honeypots
    7. Chapter Review
    8. Questions
    9. Answers
    10. Exercise 5-2 Answer
  14. Chapter 6: Linux
    1. UNIX History
      1. GNU
    2. The Kernel
    3. Filesystem Layout
    4. Using Linux
      1. General Utilities
      2. File Management
      3. Process Management
      4. Networking
    5. Software Management
      1. Debian
      2. RedHat/CentOS
      3. Slackware
    6. Boot Process
    7. Process Management
      1. Processes and Threads
      2. Process Tools
      3. Signals
    8. System Management
      1. Backups
      2. Patch Management
      3. Job Scheduling
    9. User Management
    10. Configuration
    11. Logging and Log Management
    12. Security Tools
      1. SELinux
      2. TripWire
      3. iptables
      4. AppArmor
    13. Chapter Review
    14. Questions
    15. Answers
    16. Exercise Answers
  15. Chapter 7: Windows
    1. Windows History
      1. Windows 3.x and Windows NT 3.x
      2. Windows 9x, NT 4.0, and Windows 2000
      3. Windows XP and Beyond
    2. Windows Networking
      1. Basic Configuration
      2. Networking Utilities
      3. Securing Windows Networking
    3. Resource Management
      1. Windows Workgroups vs. Windows Domains
      2. Active Directory
      3. Users and Groups
      4. Resource Sharing
      5. Policies and Policy Management
    4. Windows Management
      1. Automation
      2. Configuration
      3. Auditing
      4. User Rights
      5. Permissions
      6. Registry
    5. Windows Security
      1. EFS and BitLocker
      2. Updates and Hotfixes
      3. Service Packs
      4. Backups
      5. Security Templates
      6. Securing Windows Services
    6. Securing Windows Services
      1. IIS
      2. SQL Server
      3. Terminal Services
    7. Chapter Review
    8. Questions
    9. Answers
    10. Answers to Exercises
  16. Chapter 8: Encryption
    1. Important Dates in Cryptography History
    2. Foundations
      1. Diffie-Hellman
      2. RSA
      3. Digest Algorithms
      4. Cryptographic Attacks
    3. X.509 Certificates
    4. Public Key Infrastructure (PKI)
      1. S/MIME
    5. Pretty Good Privacy (PGP)
    6. Symmetric Encryption
      1. DES and Triple DES
      2. AES
    7. Asymmetric Encryption
    8. SSL and TLS
    9. Virtual Private Networks (VPNs)
      1. IPSec
    10. Steganography
    11. Kerberos
    12. Chapter Review
    13. Questions
    14. Answers
    15. Exercise Answers
  17. Chapter 9: Risk Management
    1. Regulatory
    2. Risk Management
      1. Cost-Benefit Analysis
      2. Quantitative Risk Assessment
      3. Qualitative Risk Assessment
      4. Risk Management Strategies
    3. Security Policies
    4. Data at Rest
    5. Contingency Plans
      1. Disaster Recovery
    6. Incident Handling
      1. The Legal Impact of Incidents
    7. Information Warfare
    8. OPSEC
    9. Chapter Review
    10. Questions
    11. Answers
    12. Exercise 9-1 Answer
  18. Chapter 10: Virtual Machines
    1. Virtual Machine History
      1. Emulation and the PC Era
      2. Application Virtualization
    2. Virtual Memory
      1. Paging Algorithms
      2. Security Implications
    3. Reasons for Virtualizing
    4. Hypervisors
    5. Virtual Resources
    6. Other Virtual Machines
    7. Chapter Review
    8. Questions
    9. Answers
    10. Exercise 10-1 Answer
  19. Chapter 11: Vulnerability Control
    1. Network Mapping/Scanning
      1. Different Types of Mapping
      2. Nmap
      3. Application Mapping—AMAP
    2. Vulnerability Scanning
    3. Vulnerability Management
    4. Vulnerability Exploitation
    5. Web Application Security
      1. Common Web Vulnerabilities
      2. SSL/TLS
      3. Cookies
      4. CGI
      5. AJAX
      6. Web Vulnerability Scanning
      7. Web Application Firewalls
    6. Chapter Review
    7. Questions
    8. Answers
    9. Exercise 11-1 Answer
  20. Chapter 12: Malware
    1. Types of Malware
      1. Virus
      2. Worm
      3. Trojan Horse
      4. Rootkit
      5. Botnet Client
      6. Spyware/Adware
    2. Anti-Virus
    3. Anti-Virus Evasion
      1. Packing
      2. Encryption
      3. Code Modifications
    4. Malware Vectors
      1. “Sneaker Net”
      2. E-mail
      3. Network
      4. Drive-by Attacks
      5. Boot Sector/MBR
      6. Infection Vectors
    5. Malware Analysis
      1. Static Analysis
      2. Dynamic Analysis
    6. Malware Policy
    7. Chapter Review
    8. Questions
    9. Answers
    10. Exercise 12-1 Answer
  21. Chapter 13: Physical Security
    1. Deterrent Controls
    2. Prevention Controls
      1. Fences and Gates
      2. Locks
      3. Construction
      4. Access Control
      5. Exterior Lighting
      6. Barriers and Impediments
      7. Electrical Power
    3. Detection Controls
      1. Video Monitoring
      2. Fire Detection
      3. Motion Sensors
      4. Water Sensors
    4. Corrective Controls
      1. Fire Suppression
      2. Policies and Procedures
      3. Toxic Cleanup
    5. Chapter Review
    6. Questions
    7. Answers
    8. Exercise 13-1 Answer
  22. Chapter 14: Wireless Technologies
    1. Radio Transmission
      1. Frequency and Spectrum
      2. Modulation and Carrier Waves
      3. Antennas and Transmissions
      4. Receiver
      5. Frequency Hopping
    2. 802.11
      1. Encryption
      2. Cracking and Analysis Utilities
      3. MiFi
    3. WiMAX
    4. Bluetooth
      1. Encryption
      2. Bluetooth Attacks
    5. RFID
      1. Near Field Communication
    6. ZigBee
    7. Chapter Review
    8. Questions
    9. Answers
    10. Exercise 14-1 Answer
  23. Chapter 15: VoIP
    1. A (Very Brief) History of Telephony
      1. In-Band vs. Out-of-Band Signaling
      2. Signaling System 7
    2. H.323
      1. Security Considerations
    3. Real-Time Transport Protocol (RTP)
    4. The Session Initiation Protocol (SIP)
      1. Messaging
      2. User Agents
      3. NAT Traversal
      4. Attacks on SIP
    5. The Skinny Call Control Protocol (SCCP)
    6. Skype
    7. The Benefits of VoIP
    8. Chapter Review
    9. Questions
    10. Answers
    11. Exercise 15-1 Answer
  24. Appendix A: About the Download
    1. System Requirements
    2. Downloadable MasterExam
      1. MasterExam
      2. Help
      3. Removing Installation
    3. Technical Support
      1. LearnKey Technical Support
      2. McGraw-Hill Education Technical Support and Customer Service
  25. Appendix B: Practice Exam
    1. Questions
    2. Answers
  26. Permissions
  27. Index