Eleventh Hour Security+

Ido Dubrawsky (CISSP, CCNA, CCDA) is the Chief Security Advisor for Microsoft’s Communication Sector North America, a division of the Mobile and Embedded Devices Group. Prior to working at Microsoft, Ido was the acting Security Consulting Practice Lead at AT&T’s Callisma subsidiary and a Senior Security Consultant. Before joining AT&T, Ido was a Network Security Architect for Cisco Systems, Inc., SAFE Architecture Team. He has worked in the systems and network administration field for almost 20 years in a variety of environments from government to academia to private enterprise. He has a wide range of experience in various networks, from small to large and relatively simple to complex. Ido is the primary author of three major SAFE white papers and has written, and spoken, extensively on security topics. He is a regular contributor to the SecurityFocus website on a variety of topics covering security issues. Previously, he worked in Cisco Systems, Inc. Secure Consulting Group, providing network security posture assessments and consulting services for a wide range of clients. In addition to providing penetration-testing consultation, he also conducted security architecture reviews and policy and process reviews. He holds a B.Sc. and a M.Sc. in Aerospace Engineering from the University of Texas at Austin.

About the Authors
Chapter 1 Systems Security
Systems security threats
Privilege escalation
Viruses and worms
Trojan
Spyware and adware
Rootkits and botnets
Logic bombs
Host intrusion detection system
Behavior-based vs. signature-based IDS characteristics
Anti-SPAM
Pop-up blockers
Hardware and peripheral security risks
BIOS
USB devices
Cell phones
Removable storage devices
Network attached storage
Summary of exam objectives
Top five toughest questions
Answers
Chapter 2 OS Hardening
General OS hardening
Services
File system
Removing unnecessary programs
Hotfixes/patches
Service packs/maintenance updates
Patch management
Windows group policies
Security templates
Configuration baselines
Server OS hardening
Enabling and disabling services and protocols
FTP servers
DNS servers
NNTP servers
File and print servers
DHCP servers
Data repositories
Workstation OS
User rights and groups
Summary of exam objectives
Top five toughest questions
Answers
Chapter 3 Application Security
Threats are moving “up the stack”
Rationale
Threat modeling
Application security threats
Browser
Buffer overflows
Packet sniffers and instant messaging
Instant messaging
Peer-to-peer
SMTP open relays
Summary of exam objectives
Top five toughest questions
Answers
Chapter 4 Virtualization Technologies
The purpose of virtualization
Benefits of virtualization
Types of virtualization
Designing a virtual environment
System virtualization
Management of virtual servers
Application virtualization
Application streaming
Summary of exam objectives
Top five toughest questions
Answers
Chapter 5 Network Security
General network security
Network services and risks associated with them
Network design elements
Network security tools
Network ports, services, and threats
Network ports and protocols
Network threats
Network design elements and components
Firewalls
What is a DMZ?
VLANs
Network address translation
Network access control/network access protection
Telephony
Network security tools
Intrusion detection and preventions systems
Honeypots
Content filters
Protocol analyzers
Summary of exam objectives
Top five toughest questions
Answers
Chapter 6 Wireless Networks
Wireless network design
Wireless communications
Spread spectrum technology
Wireless network architecture
CSMA/CD and CSMA/CA
Service set ID broadcast
Wireless security standards
The failure of WEP
WPA and WPA2
WAP
WTLS
Authentication
Rogue access points
Data emanation
Bluetooth
Summary of exam objectives
Top five toughest questions
Answers
References
Chapter 7 Network Access
General network access
Access control
Access control models
Authentication models and components
Identity
Access control methods and models
Separation of duties
Least privilege
Job rotation
Mandatory access control
Discretionary access control
Role- and rule-based access control
Access control organization
Security groups
Security controls
Logical access control methods
Access control lists
Group policies
Domain policies
Time of day restrictions
Account expiration
Logical tokens
Physical access security methods
Access lists and logs
Hardware locks
ID badges
Door access systems
Man-trap
Video surveillance
Summary of exam objectives
Top five toughest questions
Answers
Chapter 8 Network Authentication
Authentication methods
Access control
Authentication
Auditing
Authentication methods
One-factor
Two-factor
Three-factor
Single sign-on
Authentication systems
Remote access policies and authentication
Biometrics
Summary of exam objectives
Top five toughest questions
Answers
Chapter 9 Risk Assessment and Risk Mitigation
Conduct risk assessments and implement risk mitigation
Vulnerability assessment tools
Password crackers
Network mapping tools
Use monitoring tools on systems and networks
Workstations
Intrusion detection systems
Logging and auditing
Auditing systems
System Logs
Performance Logs
Access Logs
Audits
Summary of exam objectives
Top five toughest questions
Answers
Chapter 10 General Cryptographic Concepts
General cryptography
Symmetric key cryptography
Asymmetric key cryptography
Hashes and applications
Digital signatures
Certificates
CIA—For all your security needs
Non-repudiation
Key management
Encryption algorithms
DES
3DES
RSA
AES
Elliptic curve cryptography
One-time pads
Transmission encryption
WEP
TKIP
Protocols
SSL/TLS
HTTP vs. HTTPS vs. SHTTP
Other protocols with TLS
S/MIME
SSH
IPSec
PPTP
L2TP
Cryptography in operating systems
File and folder encryption
E-mail
Whole disk encryption
Trusted platform module
Summary of exam objectives
Top five toughest questions
Answers
Chapter 11 Public Key Infrastructure
PKI overview
PKI encryption
PKI Standards
PKI solutions
Components of PKI
Digital certificates
Certification authority
Certificate revocation list
Recovery agents
Certificate authority
Certificate revocation list
Key escrow
Registration
Recovery agents
Implementation
Certificate management
Summary of exam objectives
Top five toughest questions
Answers
Chapter 12 Redundancy Planning
Alternate sites
Hot site
Warm site
Cold site
Redundant systems
Servers
Connections
ISP
RAID
Spare parts
Backup generator
UPS
Summary of exam objectives
Top five toughest questions
Answers
Chapter 13 Controls and Procedures
Environmental controls
Fire suppression
HVAC
Shielding
Implementing disaster recovery and incident response procedures
Disaster recovery
Incident response
Defending against social engineering
Summary of exam objectives
Top five toughest questions
Answers
Chapter 14 Legislation and Organizational Policies
Secure disposal of systems
Retention/storage
Destruction
Acceptable use policies
Password complexity
Strong passwords
Password changes and restrictions
Administrator accounts
Change management
Information classification
Vacations
Separation of duties
Personally identifiable information
Privacy
Due care
Due process
Due diligence
SLAs
User education and awareness training
Communication
User awareness
Education
Online resources
Security-related HR policies
Code of Ethics
Summary of exam objectives
Top five toughest questions
Answers
Index