CompTIA Security+ Study Guide

Emmett Dulaney is an Assistant Professor at Anderson University. He has written several certification books on Windows, security, IT project management, and UNIX, and was the co–author of CompTIA A+ Complete Study Guide (Sybex). Chuck Easttom is CEO and Chief Trainer for CEC–Security, which specializes in IT security training and CISP and Security+ exam preparation. He has over 18 years in the IT industry, 10 years teaching and training, and has authored 15 published books.

Foreword xxi
Introduction xxiii


Chapter 1 Measuring and Weighing Risk 1


Risk Assessment 3


Computing Risk Assessment 4


Acting on Your Risk Assessment 9


Risks Associated with Cloud Computing 17


Risks Associated with Virtualization 19


Developing Policies, Standards, and Guidelines 19


Implementing Policies 20


Understanding Control Types and


False Positives/Negatives 26


Risk Management Best Practices 28


Disaster Recovery 36


Tabletop Exercise 39


Summary 39


Exam Essentials 39


Review Questions 41


Chapter 2 Monitoring and Diagnosing Networks 45


Monitoring Networks 46


Network Monitors 46


Understanding Hardening 52


Working with Services 52


Patches 56


User Account Control 57


Filesystems 58


Securing the Network 60


Security Posture 61


Continuous Security Monitoring 61


Setting a Remediation Policy 62


Reporting Security Issues 63


Alarms 63


Alerts 63


Trends 63


Differentiating between Detection Controls and Prevention Controls 64


Summary 65


Exam Essentials 66


Review Questions 67


Chapter 3 Understanding Devices and Infrastructure 71


Mastering TCP/IP 73


OSI Relevance 74


Working with the TCP/IP Suite 74


IPv4 and IPv6 78


Understanding Encapsulation 79


Working with Protocols and Services 80


Designing a Secure Network 87


Demilitarized Zones 87


Subnetting 89


Virtual Local Area Networks 89


Remote Access 92


Network Address Translation 93


Telephony 94


Network Access Control 95


Understanding the Various Network Infrastructure Devices 95


Firewalls 96


Routers 100


Switches 102


Load Balancers 103


Proxies 103


Web Security Gateway 103


VPNs and VPN Concentrators 103


Intrusion Detection Systems 105


Understanding Intrusion Detection Systems 106


IDS vs. IPS 110


Working with a Network–Based IDS 111


Working with a Host–Based IDS 116


Working with NIPSs 117


Protocol Analyzers 118


Spam Filters 118


UTM Security Appliances 119


Summary 122


Exam Essentials 123


Review Questions 124


Chapter 4 Access Control, Authentication, and Authorization 129


Understanding Access Control Basics 131


Identification vs. Authentication 131


Authentication (Single Factor) and Authorization 132


Multifactor Authentication 133


Layered Security and Defense in Depth 133


Network Access Control 134


Tokens 135


Federations 135


Potential Authentication and Access Problems 136


Authentication Issues to Consider 137


Authentication Protocols 139


Account Policy Enforcement 139


Users with Multiple Accounts/Roles 141


Generic Account Prohibition 142


Group–based and User–assigned Privileges 142


Understanding Remote Access Connectivity 142


Using the Point–to–Point Protocol 143


Working with Tunneling Protocols 144


Working with RADIUS 145


TACACS/TACACS+/XTACACS 146


VLAN Management 146


SAML 147


Understanding Authentication Services 147


LDAP 147


Kerberos 148


Single Sign–On Initiatives 149


Understanding Access Control 150


Mandatory Access Control 151


Discretionary Access Control 151


Role–Based Access Control 152


Rule–Based Access Control 152


Implementing Access Controlling Best Practices 152


Least Privileges 153


Separation of Duties 153


Time of Day Restrictions 153


User Access Review 154


Smart Cards 154


Access Control Lists 156


Port Security 157


Working with 802.1X 158


Flood Guards and Loop Protection 158


Preventing Network Bridging 158


Log Analysis 159


Trusted OS 159


Secure Router Configuration 160


Summary 161


Exam Essentials 161


Review Questions 163


Chapter 5 Protecting Wireless Networks 167


Working with Wireless Systems 169


IEEE 802.11x Wireless Protocols 169


WEP/WAP/WPA/WPA2 171


Wireless Transport Layer Security 173


Understanding Wireless Devices 174


Wireless Access Points 175


Extensible Authentication Protocol 181


Lightweight Extensible Authentication Protocol 182


Protected Extensible Authentication Protocol 182


Wireless Vulnerabilities to Know 183


Wireless Attack Analogy 187


Summary 188


Exam Essentials 189


Review Questions 190


Chapter 6 Securing the Cloud 195


Working with Cloud Computing 196


Software as a Service (SaaS) 197


Platform as a Service (PaaS) 198


Infrastructure as a Service (IaaS) 199


Private Cloud 200


Public Cloud 200


Community Cloud 200


Hybrid Cloud 201


Working with Virtualization 201


Snapshots 203


Patch Compatibility 203


Host Availability/Elasticity 204


Security Control Testing 204


Sandboxing 204


Security and the Cloud 205


Cloud Storage 206


Summary 207


Exam Essentials 207


Review Questions 208


Chapter 7 Host, Data, and Application Security 213


Application Hardening 215


Databases and Technologies 215


Fuzzing 218


Secure Coding 218


Application Configuration Baselining 219


Operating System Patch Management 220


Application Patch Management 220


Host Security 220


Permissions 220


Access Control Lists 221


Antimalware 221


Host Software Baselining 226


Hardening Web Servers 227


Hardening Email Servers 228


Hardening FTP Servers 229


Hardening DNS Servers 230


Hardening DHCP Services 231


Protecting Data Through Fault Tolerance 233


Backups 233


RAID 234


Clustering and Load Balancing 235


Application Security 235


Best Practices for Security 236


Data Loss Prevention 236


Hardware–Based Encryption Devices 237


Summary 238


Exam Essentials 238


Review Questions 239


Chapter 8 Cryptography 243


An Overview of Cryptography 245


Historical Cryptography 245


Modern Cryptography 249


Working with Symmetric Algorithms 249


Working with Asymmetric Algorithms 251


What Cryptography Should You Use? 254


Hashing Algorithms 255


Rainbow Tables and Salt 256


Key Stretching 256


Understanding Quantum Cryptography 257


Cryptanalysis Methods 257


Wi–Fi Encryption 258


Using Cryptographic Systems 258


Confidentiality and Strength 259


Integrity 259


Digital Signatures 261


Authentication 261


Nonrepudiation 262


Key Features 262


Understanding Cryptography Standards and Protocols 263


The Origins of Encryption Standards 263


Public–Key Infrastructure X.509/Public–Key Cryptography Standards 266


X.509 267


SSL and TLS 268


Certificate Management Protocols 270


Secure Multipurpose Internet Mail Extensions 270


Secure Electronic Transaction 270


Secure Shell 271


Pretty Good Privacy 272


HTTP Secure 274


Secure HTTP 274


IP Security 274


Tunneling Protocols 277


Federal Information Processing Standard 278


Using Public–Key Infrastructure 278


Using a Certificate Authority 279


Working with Registration Authorities and Local Registration Authorities 280


Implementing Certificates 281


Understanding Certificate Revocation 285


Implementing Trust Models 285


Hardware–Based Encryption Devices 290


Data Encryption 290


Summary 291


Exam Essentials 291


Review Questions 293


Chapter 9 Malware, Vulnerabilities, and Threats 297


Understanding Malware 300


Surviving Viruses 310


Symptoms of a Virus Infection 311


How Viruses Work 311


Types of Viruses 312


Managing Spam to Avoid Viruses 316


Antivirus Software 317


Understanding Various Types of Attacks 318


Identifying Denial–of–Service and


Distributed Denial–of–Service Attacks 319


Spoofing Attacks 321


Pharming Attacks 322


Phishing, Spear Phishing, and Vishing 323


Xmas Attack 324


Man–in–the–Middle Attacks 324


Replay Attacks 325


Smurf Attacks 326


Password Attacks 326


Privilege Escalation 328


Malicious Insider Threats 332


Transitive Access 332


Client–Side Attacks 333


Typo Squatting and URL Hijacking 333


Watering Hole Attack 334


Identifying Types of Application Attacks 334


Cross–Site Scripting and Forgery 334


SQL Injection 335


LDAP Injection 336


XML Injection 337


Directory Traversal/Command Injection 337


Buffer Overflow 338


Integer Overflow 338


Zero–Day Exploits 338


Cookies and Attachments 338


Locally Shared Objects and Flash Cookies 339


Malicious Add–Ons 339


Session Hijacking 340


Header Manipulation 340


Arbitrary Code and Remote Code Execution 341


Tools for Finding Threats 341


Interpreting Assessment Results 341


Tools to Know 342


Risk Calculations and Assessment Types 344


Summary 346


Exam Essentials 346


Review Questions 348


Chapter 10 Social Engineering and Other Foes 353


Understanding Social Engineering 355


Types of Social Engineering Attacks 356


What Motivates an Attack? 361


The Principles Behind Social Engineering 362


Social Engineering Attack Examples 363


Understanding Physical Security 366


Hardware Locks and Security 369


Mantraps 371


Video Surveillance 371


Fencing 372


Access List 373


Proper Lighting 374


Signs 374


Guards 374


Barricades 375


Biometrics 375


Protected Distribution 376


Alarms 376


Motion Detection 376


Environmental Controls 377


HVAC 378


Fire Suppression 378


EMI Shielding 380


Hot and Cold Aisles 382


Environmental Monitoring 383


Temperature and Humidity Controls 383


Control Types 384


A Control Type Analogy 385


Data Policies 385


Destroying a Flash Drive 386


Some Considerations 387


Optical Discs 388


Summary 389


Exam Essentials 389


Review Questions 391


Chapter 11 Security Administration 395


Third–Party Integration 397


Transitioning 397


Ongoing Operations 398


Understanding Security Awareness and Training 399


Communicating with Users to Raise Awareness 399


Providing Education and Training 399


Safety Topics 401


Training Topics 402


Classifying Information 409


Public Information 410


Private Information 411


Information Access Controls 413


Security Concepts 413


Complying with Privacy and Security Regulations 414


The Health Insurance Portability and


Accountability Act 415


The Gramm–Leach–Bliley Act 415


The Computer Fraud and Abuse Act 416


The Family Educational Rights and Privacy Act 416


The Computer Security Act of 1987 416


The Cyberspace Electronic Security Act 417


The Cyber Security Enhancement Act 417


The Patriot Act 417


Familiarizing Yourself with International Efforts 418


Mobile Devices 418


BYOD Issues 419


Alternative Methods to Mitigate Security Risks 420


Summary 422


Exam Essentials 422


Review Questions 424


Chapter 12 Disaster Recovery and Incident Response 429


Issues Associated with Business Continuity 431


Types of Storage Mechanisms 432


Crafting a Disaster–Recovery Plan 433


Incident Response Policies 445


Understanding Incident Response 446


Succession Planning 454


Tabletop Exercises 454


Reinforcing Vendor Support 455


Service–Level Agreements 455


Code Escrow Agreements 457


Penetration Testing 458


What Should You Test? 458


Vulnerability Scanning 459


Summary 460


Exam Essentials 461


Review Questions 462


Appendix A Answers to Review Questions 467


Chapter 1: Measuring and Weighing Risk 468


Chapter 2: Monitoring and Diagnosing Networks 469


Chapter 3: Understanding Devices and Infrastructure 470


Chapter 4: Access Control, Authentication, and Authorization 471


Chapter 5: Protecting Wireless Networks 473


Chapter 6: Securing the Cloud 474


Chapter 7: Host, Data, and Application Security 475


Chapter 8: Cryptography 476


Chapter 9: Malware, Vulnerabilities, and Threats 477


Chapter 10: Social Engineering and Other Foes 478


Chapter 11: Security Administration 480


Chapter 12: Disaster Recovery and Incident Response 481


Appendix B About the Additional Study Tools 483


Additional Study Tools 484


Sybex Test Engine 484


Electronic Flashcards 484


PDF of Glossary of Terms 484


Adobe Reader 484


System Requirements 485


Using the Study Tools 485


Troubleshooting 485


Customer Care 486


Index 487