CompTIA Security+ Certification Kit

Emmett Dulaney (Indianapolis, IN) is an Assistant Professor at Anderson University. He has written Sybex's CompTIA Security+ Study Guide, and co-authored CompTIA A+ Complete Deluxe Study Guide, CompTIA A+ Complete Study Guide, and CompTIA A+ Complete Review Guide.

CompTIA Security+ Deluxe Study Guide: SY0–401


Foreword xxvii


Introduction xxix


Chapter 1 Measuring and Weighing Risk 1


Risk Assessment 3


Computing Risk Assessment 4


Acting on Your Risk Assessment 9


Risks Associated with Cloud Computing 17


Risks Associated with Virtualization 19


Developing Policies, Standards, and Guidelines 19


Implementing Policies 20


Understanding Control Types and


False Positives/Negatives 26


Risk Management Best Practices 28


Disaster Recovery 36


Tabletop Exercise 39


Summary 39


Exam Essentials 39


Review Questions 41


Chapter 2 Monitoring and Diagnosing Networks 45


Monitoring Networks 46


Network Monitors 46


Understanding Hardening 52


Working with Services 52


Patches 56


User Account Control 57


Filesystems 58


Securing the Network 60


Security Posture 61


Continuous Security Monitoring 61


Setting a Remediation Policy 62


Reporting Security Issues 63


Alarms 63


Alerts 63


Trends 63


Differentiating between Detection Controls and


Prevention Controls 64


Summary 65


Exam Essentials 66


Review Questions 67


Chapter 3 Understanding Devices and Infrastructure 71


Mastering TCP/IP 73


OSI Relevance 74


Working with the TCP/IP Suite 74


IPv4 and IPv6 78


Understanding Encapsulation 79


Working with Protocols and Services 80


Designing a Secure Network 87


Demilitarized Zones 87


Subnetting 89


Virtual Local Area Networks 89


Remote Access 92


Network Address Translation 93


Telephony 94


Network Access Control 95


Understanding the Various Network Infrastructure Devices 95


Firewalls 96


Routers 100


Switches 102


Load Balancers 103


Proxies 103


Web Security Gateway 103


VPNs and VPN Concentrators 103


Intrusion Detection Systems 105


Understanding Intrusion Detection Systems 106


IDS vs. IPS 110


Working with a Network–Based IDS 111


Working with a Host–Based IDS 116


Working with NIPSs 117


Protocol Analyzers 118


Spam Filters 118


UTM Security Appliances 119


Summary 122


Exam Essentials 123


Review Questions 124


Chapter 4 Access Control, Authentication, and Authorization 129


Understanding Access Control Basics 131


Identification vs. Authentication 131


Authentication (Single Factor) and Authorization 132


Multifactor Authentication 133


Layered Security and Defense in Depth 133


Network Access Control 134


Tokens 135


Federations 135


Potential Authentication and Access Problems 136


Authentication Issues to Consider 137


Authentication Protocols 139


Account Policy Enforcement 139


Users with Multiple Accounts/Roles 141


Generic Account Prohibition 142


Group–based and User–assigned Privileges 142


Understanding Remote Access Connectivity 142


Using the Point–to–Point Protocol 143


Working with Tunneling Protocols 144


Working with RADIUS 145


TACACS/TACACS+/XTACACS 146


VLAN Management 146


SAML 147


Understanding Authentication Services 147


LDAP 147


Kerberos 148


Single Sign–On Initiatives 149


Understanding Access Control 150


Mandatory Access Control 151


Discretionary Access Control 151


Role–Based Access Control 152


Rule–Based Access Control 152


Implementing Access Controlling Best Practices 152


Least Privileges 153


Separation of Duties 153


Time of Day Restrictions 153


User Access Review 154


Smart Cards 154


Access Control Lists 156


Port Security 157


Working with 802.1X 158


Flood Guards and Loop Protection 158


Preventing Network Bridging 158


Log Analysis 159


Trusted OS 159


Secure Router Configuration 160


Summary 161


Exam Essentials 161


Review Questions 163


Chapter 5 Protecting Wireless Networks 167


Working with Wireless Systems 169


IEEE 802.11x Wireless Protocols 169


WEP/WAP/WPA/WPA2 171


Wireless Transport Layer Security 173


Understanding Wireless Devices 174


Wireless Access Points 175


Extensible Authentication Protocol 181


Lightweight Extensible Authentication Protocol 182


Protected Extensible Authentication Protocol 182


Wireless Vulnerabilities to Know 183


Wireless Attack Analogy 187


Summary 188


Exam Essentials 189


Review Questions 190


Chapter 6 Securing the Cloud 195


Working with Cloud Computing 196


Software as a Service (SaaS) 197


Platform as a Service (PaaS) 198


Infrastructure as a Service (IaaS) 199


Private Cloud 200


Public Cloud 200


Community Cloud 200


Hybrid Cloud 201


Working with Virtualization 201


Snapshots 203


Patch Compatibility 203


Host Availability/Elasticity 204


Security Control Testing 204


Sandboxing 204


Security and the Cloud 205


Cloud Storage 206


Summary 207


Exam Essentials 207


Review Questions 208


Chapter 7 Host, Data, and Application Security 213


Application Hardening 215


Databases and Technologies 215


Fuzzing 218


Secure Coding 218


Application Configuration Baselining 219


Operating System Patch Management 220


Application Patch Management 220


Host Security 220


Permissions 220


Access Control Lists 221


Antimalware 221


Host Software Baselining 226


Hardening Web Servers 227


Hardening Email Servers 228


Hardening FTP Servers 229


Hardening DNS Servers 230


Hardening DHCP Services 231


Protecting Data Through Fault Tolerance 233


Backups 233


RAID 234


Clustering and Load Balancing 235


Application Security 235


Best Practices for Security 236


Data Loss Prevention 236


Hardware–Based Encryption Devices 237


Summary 238


Exam Essentials 238


Review Questions 239


Chapter 8 Cryptography 243


An Overview of Cryptography 245


Historical Cryptography 245


Modern Cryptography 249


Working with Symmetric Algorithms 249


Working with Asymmetric Algorithms 251


What Cryptography Should You Use? 254


Hashing Algorithms 255


Rainbow Tables and Salt 256


Key Stretching 256


Understanding Quantum Cryptography 257


Cryptanalysis Methods 257


Wi–Fi Encryption 258


Using Cryptographic Systems 258


Confidentiality and Strength 259


Integrity 259


Digital Signatures 261


Authentication 261


Nonrepudiation 262


Key Features 262


Understanding Cryptography Standards and Protocols 263


The Origins of Encryption Standards 263


Public–Key Infrastructure X.509


/Public–Key Cryptography Standards 266


X.509 267


SSL and TLS 268


Certificate Management Protocols 270


Secure Multipurpose Internet Mail Extensions 270


Secure Electronic Transaction 270


Secure Shell 271


Pretty Good Privacy 272


HTTP Secure 274


Secure HTTP 274


IP Security 274


Tunneling Protocols 277


Federal Information Processing Standard 278


Using Public–Key Infrastructure 278


Using a Certificate Authority 279


Working with Registration Authorities and


Local Registration Authorities 280


Implementing Certificates 281


Understanding Certificate Revocation 285


Implementing Trust Models 285


Hardware–Based Encryption Devices 290


Data Encryption 290


Summary 291


Exam Essentials 291


Review Questions 293


Chapter 9 Malware, Vulnerabilities, and Threats 297


Understanding Malware 300


Surviving Viruses 310


Symptoms of a Virus Infection 311


How Viruses Work 311


Types of Viruses 312


Managing Spam to Avoid Viruses 316


Antivirus Software 317


Understanding Various Types of Attacks 318


Identifying Denial–of–Service and


Distributed Denial–of–Service Attacks 319


Spoofing Attacks 321


Pharming Attacks 322


Phishing, Spear Phishing, and Vishing 323


Xmas Attack 324


Man–in–the–Middle Attacks 324


Replay Attacks 325


Smurf Attacks 326


Password Attacks 326


Privilege Escalation 328


Malicious Insider Threats 332


Transitive Access 332


Client–Side Attacks 333


Typo Squatting and URL Hijacking 333


Watering Hole Attack 334


Identifying Types of Application Attacks 334


Cross–Site Scripting and Forgery 334


SQL Injection 335


LDAP Injection 336


XML Injection 337


Directory Traversal/Command Injection 337


Buffer Overflow 338


Integer Overflow 338


Zero–Day Exploits 338


Cookies and Attachments 338


Locally Shared Objects and Flash Cookies 339


Malicious Add–Ons 339


Session Hijacking 340


Header Manipulation 340


Arbitrary Code and Remote Code Execution 341


Tools for Finding Threats 341


Interpreting Assessment Results 341


Tools to Know 342


Risk Calculations and Assessment Types 344


Summary 346


Exam Essentials 346


Review Questions 348


Chapter 10 Social Engineering and Other Foes 353


Understanding Social Engineering 355


Types of Social Engineering Attacks 356


What Motivates an Attack? 361


The Principles Behind Social Engineering 362


Social Engineering Attack Examples 363


Understanding Physical Security 366


Hardware Locks and Security 369


Mantraps 371


Video Surveillance 371


Fencing 372


Access List 373


Proper Lighting 374


Signs 374


Guards 374


Barricades 375


Biometrics 375


Protected Distribution 376


Alarms 376


Motion Detection 376


Environmental Controls 377


HVAC 378


Fire Suppression 378


EMI Shielding 380


Hot and Cold Aisles 382


Environmental Monitoring 383


Temperature and Humidity Controls 383


Control Types 384


A Control Type Analogy 385


Data Policies 385


Destroying a Flash Drive 386


Some Considerations 387


Optical Discs 388


Summary 389


Exam Essentials 389


Review Questions 391


Chapter 11 Security Administration 395


Third–Party Integration 397


Transitioning 397


Ongoing Operations 398


Understanding Security Awareness and Training 399


Communicating with Users to Raise Awareness 399


Providing Education and Training 399


Safety Topics 401


Training Topics 402


Classifying Information 409


Public Information 410


Private Information 411


Information Access Controls 413


Security Concepts 413


Complying with Privacy and Security Regulations 414


The Health Insurance Portability and


Accountability Act 415


The Gramm–Leach–Bliley Act 415


Contents xxi


The Computer Fraud and Abuse Act 416


The Family Educational Rights and Privacy Act 416


The Computer Security Act of 1987 416


The Cyberspace Electronic Security Act 417


The Cyber Security Enhancement Act 417


The Patriot Act 417


Familiarizing Yourself with International Efforts 418


Mobile Devices 418


BYOD Issues 419


Alternative Methods to Mitigate Security Risks 420


Summary 422


Exam Essentials 422


Review Questions 424


Chapter 12 Disaster Recovery and Incident Response 429


Issues Associated with Business Continuity 431


Types of Storage Mechanisms 432


Crafting a Disaster–Recovery Plan 433


Incident Response Policies 445


Understanding Incident Response 446


Succession Planning 454


Tabletop Exercises 454


Reinforcing Vendor Support 455


Service–Level Agreements 455


Code Escrow Agreements 457


Penetration Testing 458


What Should You Test? 458


Vulnerability Scanning 459


Summary 460


Exam Essentials 461


Review Questions 462


Appendix A Answers to Review Questions 467


Chapter 1: Measuring and Weighing Risk 468


Chapter 2: Monitoring and Diagnosing Networks 469


Chapter 3: Understanding Devices and Infrastructure 470


Chapter 4: Access Control, Authentication, and


Authorization 471


Chapter 5: Protecting Wireless Networks 473


Chapter 6: Securing the Cloud 474


Chapter 7: Host, Data, and Application Security 475


Chapter 8: Cryptography 476


Chapter 9: Malware, Vulnerabilities, and Threats 477


Chapter 10: Social Engineering and Other Foes 478


Chapter 11: Security Administration 480


Chapter 12: Disaster Recovery and Incident Response 481


Appendix B Labs, Questions, and Exam Preparation Miscellany 483


The Challenges 485


See Hidden Shares 485


Choose Problem Reporting Defaults 485


Open the Add/Remove Programs Applet 485


Delete Cookies 485


Remove All Currently Allowed Pop–ups 485


Synchronize Files 486


Configure the Crash File 486


Limit Computer Time 486


Hide Extensions 486


Allow Remote Desktop Connections 487


Display Statistics 488


MISC: Fire Extinguisher Types 488


Restore Connections 488


Open the Security Center Applet 489


Identify the Issue #1 489


Display All Information 489


MISC: Compute CIDR #1 490


Turn On the Archive Bit 490


Repair Damaged Files 490


MISC: Identify the Tool #1 490


Generate a System Health Report 491


Change Permissions for a File 491


Create a Legal Notice 492


Open the System Configuration Utility 492


Turn On the SmartScreen Filter 492


Prevent Sites from Knowing Your Location 493


Register with Websites 493


Create a Restore Point 494


Add Encrypted Files 494


Renew a DHCP Address 494


MISC: Algorithm Types 495


Enable Encryption 495


Identify the Issue #2 496


View Configuration for a Service 496


View Current Audit Policy 497


Display Network Path 497


MISC: Identify the Tool #2 497


Change Ownership on a File 498


Enable Drive Compression 498


Configure Program Compatibility 498


Configure Immediate Deletion 499


Change the Registered Organization for Windows 499


Display Disk Quota 499


Allow Pop–Ups from a Site 499


Turn On DEP 499


Enable Protection 500


Require Wake–Up Password 500


Open a Port in Windows Firewall 501


Open the User Accounts 501


Identify the Issue #3 501


Open the System Properties 502


View Group Policy Settings 502


MISC: Attack Types 502


Secure the Database 502


Call Up the Security Policy Manager 503


MISC: Identify the Tool #3 503


View Effective Permissions for a File 503


Create a Quota on Disk Space 504


Optimize a Folder 504


Choose Firewall Notifications 504


MISC: Identify the Tool #4 504


Turn Off Windows Firewall 505


Disable Toolbars 505


Reinstall Windows 505


Change UAC Settings 506


Synchronize Time 506


View All Processes Currently Running 507


Configure a Firewall 507


Display ARP Table 507


Display Windows Version 507


MISC: Compute CIDR #2 508


Summon the Event Viewer 508


Identify the Issue #4 508


Enable ReadyBoost 508


Encrypt Folder Contents 509


Clear Index Scores 509


Turn On BitLocker 509


Turn Off All AutoPlay 509


Choose Default Programs 510


Enable Shutdown Without Login 510


Open System Configuration Editor 510


Override Cookie Handling 511


Software Updates 511


Prohibit Remote Desktop 511


Uninstall 512


Change Notification Settings 512


Display Network Name 512


Flush the Cache 512


Backup and Recover Passwords 513


MISC: Identify the Tool #5 513


MISC: Identify the Tool #6 514


Restart Windows 515


Identify the Issue #5 515


Reduce the Number of Recently Used Programs 515


File Properties 516


Audit Views of a File 516


Configure Sharing of a Folder 516


Don t Display Last User 516


The Answers 517


See Hidden Shares: Answer 517


Choose Problem Reporting Defaults: Answer 517


Open the Add/Remove Programs Applet: Answer 518


Delete Cookies: Answer 518


Remove All Currently Allowed Pop–ups: Answer 518


Synchronize Files: Answer 519


Configure the Crash File: Answer 519


Limit Computer Time: Answer 520


Hide Extensions: Answer 520


Allow Remote Desktop Connections: Answer 521


Display Statistics: Answer 522


MISC: Fire Extinguisher Types: Answer 522


Restore Connections: Answer 523


Open the Security Center Applet: Answer 523


Identify the Issue #1: Answer 523


Display All Information: Answer 524


MISC: Compute CIDR #1: Answer 524


Turn On the Archive Bit: Answer 525


Repair Damaged Files: Answer 525


MISC: Identify the Tool #1: Answer 525


Generate a System Health Report: Answer 526


Change Permissions for a File: Answer 527


Create a Legal Notice: Answer 528


Open the System Configuration Utility: Answer 529


Turn On the SmartScreen Filter: Answer 529


Prevent Sites from Knowing Your Location: Answer 530


Register with Websites: Answer 530


Create a Restore Point: Answer 531


Add Encrypted Files: Answer 531


Renew a DHCP Address: Answer 532


MISC: Algorithm Types: Answer 532


Enable Encryption: Answer 533


Identify the Issue #2: Answer 534


View Configuration for a Service: Answer 535


View Current Audit Policy: Answer 535


Display Network Path: Answer 535


MISC: Identify the Tool #2: Answer 536


Change Ownership on a File: Answer 536


Enable Drive Compression: Answer 537


Configure Program Compatibility: Answer 537


Configure Immediate Deletion: Answer 538


Change the Registered Organization for Windows: Answer 538


Display Disk Quota: Answer 539


Allow Pop–Ups from a Site: Answer 539


Turn On DEP: Answer 540


Enable Protection: Answer 540


Require Wake–Up Password: Answer 541


Open a Port in Windows Firewall: Answer 542


Open the User Accounts: Answer 543


Identify the Issue #3: Answer 543


Open the System Properties: Answer 543


View Group Policy Settings: Answer 543


MISC: Attack Types: Answer 544


Secure the Database: Answer 544


Call Up the Security Policy Manager: Answer 545


MISC: Identify the Tool #3: Answer 545


View Effective Permissions for a File: Answer 546


Create a Quota on Disk Space: Answer 546


Optimize a Folder: Answer 547


Choose Firewall Notifications: Answer 547


MISC: Identify the Tool #4: Answer 548


Turn Off Windows Firewall: Answer 549


Disable Toolbars: Answer 549


Reinstall Windows: Answer 550


Change UAC Settings: Answer 550


Synchronize Time: Answer 551


View All Processes Currently Running: Answer 551


Configure a Firewall: Answer 552


Display ARP Table: Answer 552


Display Windows Version: Answer 552


MISC: Compute CIDR #2: Answer 553


Summon the Event Viewer: Answer 553


Identify the Issue #4: Answer 553


Enable ReadyBoost: Answer 554


Encrypt Folder Contents: Answer 555


Clear Index Scores: Answer 555


Turn On BitLocker: Answer 556


Turn Off All AutoPlay: Answer 556


Choose Default Programs: Answer 556


Enable Shutdown Without Login: Answer 557


Open System Configuration Editor: Answer 557


Override Cookie Handling: Answer 558


Software Updates: Answer 559


Prohibit Remote Desktop: Answer 559


Uninstall: Answer 560


Change Notification Settings: Answer 560


Display Network Name: Answer 561


Flush the Cache: Answer 561


Backup and Recover Passwords: Answer 561


MISC: Identify the Tool #5: Answer 562


MISC: Identify the Tool #6: Answer 563


Restart Windows: Answer 564


Identify the Issue #5: Answer 564


Reduce the Number of Recently Used Programs: Answer 565


File Properties: Answer 566


Audit Views of a File: Answer 566


Configure Sharing of a Folder: Answer 567


Don t Display Last User: Answer 567


Appendix C About the Companion CD 569


What You ll Find on the CD 570


Test Engine 570


Electronic Flashcards 570


E–book in All Formats 570


Videos 571


PDF of Glossary of Terms 571


Adobe Reader 571


System Requirements 571


Using the Study Tools 572


Troubleshooting 572


Customer Care 572


Index


CompTIA Security+ Review Guide: Exam SY0–401


Introduction xxv


Chapter 1 Network Security 1


1.1 Implement security configuration parameters on network devices and other technologies 5


1.2 Given a scenario, use secure network administration principles 22


1.3 Explain network design elements and components 27


1.4 Given a scenario, implement common protocols and services 40


1.5 Given a scenario, troubleshoot security issues related to wireless networking 56


Chapter 2 Compliance and Operational Security 69


2.1 Explain the importance of risk–related concepts 76


2.2 Summarize the security implications of integrating systems and data with third parties 92


2.3 Given a scenario, implement appropriate riskmitigation strategies 96


2.4 Given a scenario, implement basic forensic procedures 101


2.5 Summarize common incident response procedures 106


2.6 Explain the importance of security–related awareness and training 111


2.7 Compare and contrast physical security and environmental controls 123


2.8 Summarize risk–management best practices 135


2.9 Given a scenario, select the appropriate control to meet the goals of security 148


Chapter 3 Threats and Vulnerabilities 155


3.1 Explain types of malware 161


3.2 Summarize various types of attacks 167


3.3 Summarize social engineering attacks and the associated effectiveness with each attack 184


3.4 Explain types of wireless attacks 188


3.5 Explain types of application attacks 194


3.6 Analyze a scenario and select the appropriate type of mitigation and deterrent techniques 201


3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities 211


3.8 Explain the proper use of penetration testing versus vulnerability scanning 217


Chapter 4 Application, Data, and Host Security 225


4.1 Explain the importance of application security controls and techniques 229


4.2 Summarize mobile security concepts and technologies 235


4.3 Given a scenario, select the appropriate solution to establish host security 244


4.4 Implement the appropriate controls to ensure data security 251


4.5 Compare and contrast alternative methods to mitigate security risks in static environments 257


Chapter 5 Access Control and Identity Management 267


5.1 Compare and contrast the function and purpose of authentication services 270


5.2 Given a scenario, select the appropriate authentication, authorization, or access control 275


5.3 Install and configure security controls when performing account management, based on best practices 289


Chapter 6 Cryptography 299


6.1 Given a scenario, utilize general cryptography concepts 302


6.2 Given a scenario, use appropriate cryptographic methods 331


6.3 Given a scenario, use appropriate PKI, certificate management, and associated components 344


Appendix A Answers to Review Questions 359


Chapter 1: Network Security 360


Chapter 2: Compliance and Operational Security 360


Chapter 3: Threats and Vulnerabilities 361


Chapter 4: Application, Data, and Host Security 362


Chapter 5: Access Control and Identity Management 363


Chapter 6: Cryptography 364


Appendix B About the Additional Study Tools 367


Additional Study Tools 368


Sybex Test Engine 368


Electronic Flashcards 368


PDF of Glossary of Terms 368


Adobe Reader 368


System Requirements 369


Using the Study Tools 369


Troubleshooting 369


Customer Care 370


Index 371