CompTIA Security+ Deluxe Study Guide

Emmett Dulaney, Security+, A+, Network+, is an Assistant Professor at Anderson University. He has written certification books on Windows, Security, IT project management, and UNIX, and co–authored two of Sybex s leading certification titles: CompTIA Security+ Study Guide and CompTIA A+ Complete Study Guide.

Foreword xxvii
Introduction xxix
Chapter 1 Measuring and Weighing Risk 1
Risk Assessment 3
Computing Risk Assessment 4
Acting on Your Risk Assessment 9
Risks Associated with Cloud Computing 17
Risks Associated with Virtualization 19
Developing Policies, Standards, and Guidelines 19
Implementing Policies 20
Understanding Control Types and
False Positives/Negatives 26
Risk Management Best Practices 28
Disaster Recovery 36
Tabletop Exercise 39
Summary 39
Exam Essentials 39
Review Questions 41
Chapter 2 Monitoring and Diagnosing Networks 45
Monitoring Networks 46
Network Monitors 46
Understanding Hardening 52
Working with Services 52
Patches 56
User Account Control 57
Filesystems 58
Securing the Network 60
Security Posture 61
Continuous Security Monitoring 61
Setting a Remediation Policy 62
Reporting Security Issues 63
Alarms 63
Alerts 63
Trends 63
Differentiating between Detection Controls and
Prevention Controls 64
Summary 65
Exam Essentials 66
Review Questions 67
Chapter 3 Understanding Devices and Infrastructure 71
Mastering TCP/IP 73
OSI Relevance 74
Working with the TCP/IP Suite 74
IPv4 and IPv6 78
Understanding Encapsulation 79
Working with Protocols and Services 80
Designing a Secure Network 87
Demilitarized Zones 87
Subnetting 89
Virtual Local Area Networks 89
Remote Access 92
Network Address Translation 93
Telephony 94
Network Access Control 95
Understanding the Various Network Infrastructure Devices 95
Firewalls 96
Routers 100
Switches 102
Load Balancers 103
Proxies 103
Web Security Gateway 103
VPNs and VPN Concentrators 103
Intrusion Detection Systems 105
Understanding Intrusion Detection Systems 106
IDS vs. IPS 110
Working with a Network–Based IDS 111
Working with a Host–Based IDS 116
Working with NIPSs 117
Protocol Analyzers 118
Spam Filters 118
UTM Security Appliances 119
Summary 122
Exam Essentials 123
Review Questions 124
Chapter 4 Access Control, Authentication,
and Authorization 129
Understanding Access Control Basics 131
Identification vs. Authentication 131
Authentication (Single Factor) and Authorization 132
Multifactor Authentication 133
Layered Security and Defense in Depth 133
Network Access Control 134
Tokens 135
Federations 135
Potential Authentication and Access Problems 136
Authentication Issues to Consider 137
Authentication Protocols 139
Account Policy Enforcement 139
Users with Multiple Accounts/Roles 141
Generic Account Prohibition 142
Group–based and User–assigned Privileges 142
Understanding Remote Access Connectivity 142
Using the Point–to–Point Protocol 143
Working with Tunneling Protocols 144
Working with RADIUS 145
TACACS/TACACS+/XTACACS 146
VLAN Management 146
SAML 147
Understanding Authentication Services 147
LDAP 147
Kerberos 148
Single Sign–On Initiatives 149
Understanding Access Control 150
Mandatory Access Control 151
Discretionary Access Control 151
Role–Based Access Control 152
Rule–Based Access Control 152
Implementing Access Controlling Best Practices 152
Least Privileges 153
Separation of Duties 153
Time of Day Restrictions 153
User Access Review 154
Smart Cards 154
Access Control Lists 156
Port Security 157
Working with 802.1X 158
Flood Guards and Loop Protection 158
Preventing Network Bridging 158
Log Analysis 159
Trusted OS 159
Secure Router Configuration 160
Summary 161
Exam Essentials 161
Review Questions 163
xvi Contents
Chapter 5 Protecting Wireless Networks 167
Working with Wireless Systems 169
IEEE 802.11x Wireless Protocols 169
WEP/WAP/WPA/WPA2 171
Wireless Transport Layer Security 173
Understanding Wireless Devices 174
Wireless Access Points 175
Extensible Authentication Protocol 181
Lightweight Extensible Authentication Protocol 182
Protected Extensible Authentication Protocol 182
Wireless Vulnerabilities to Know 183
Wireless Attack Analogy 187
Summary 188
Exam Essentials 189
Review Questions 190
Chapter 6 Securing the Cloud 195
Working with Cloud Computing 196
Software as a Service (SaaS) 197
Platform as a Service (PaaS) 198
Infrastructure as a Service (IaaS) 199
Private Cloud 200
Public Cloud 200
Community Cloud 200
Hybrid Cloud 201
Working with Virtualization 201
Snapshots 203
Patch Compatibility 203
Host Availability/Elasticity 204
Security Control Testing 204
Sandboxing 204
Security and the Cloud 205
Cloud Storage 206
Summary 207
Exam Essentials 207
Review Questions 208
Chapter 7 Host, Data, and Application Security 213
Application Hardening 215
Databases and Technologies 215
Fuzzing 218
Secure Coding 218
Application Configuration Baselining 219
Operating System Patch Management 220
Application Patch Management 220
Host Security 220
Permissions 220
Access Control Lists 221
Antimalware 221
Host Software Baselining 226
Hardening Web Servers 227
Hardening Email Servers 228
Hardening FTP Servers 229
Hardening DNS Servers 230
Hardening DHCP Services 231
Protecting Data Through Fault Tolerance 233
Backups 233
RAID 234
Clustering and Load Balancing 235
Application Security 235
Best Practices for Security 236
Data Loss Prevention 236
Hardware–Based Encryption Devices 237
Summary 238
Exam Essentials 238
Review Questions 239
Chapter 8 Cryptography 243
An Overview of Cryptography 245
Historical Cryptography 245
Modern Cryptography 249
Working with Symmetric Algorithms 249
Working with Asymmetric Algorithms 251
What Cryptography Should You Use? 254
Hashing Algorithms 255
Rainbow Tables and Salt 256
Key Stretching 256
Understanding Quantum Cryptography 257
Cryptanalysis Methods 257
Wi–Fi Encryption 258
Using Cryptographic Systems 258
Confidentiality and Strength 259
Integrity 259
Digital Signatures 261
Authentication 261
Nonrepudiation 262
Key Features 262
Understanding Cryptography Standards and Protocols 263
The Origins of Encryption Standards 263
Public–Key Infrastructure X.509
/Public–Key Cryptography Standards 266
X.509 267
SSL and TLS 268
Certificate Management Protocols 270
Secure Multipurpose Internet Mail Extensions 270
Secure Electronic Transaction 270
Secure Shell 271
Pretty Good Privacy 272
HTTP Secure 274
Secure HTTP 274
IP Security 274
Tunneling Protocols 277
Federal Information Processing Standard 278
Using Public–Key Infrastructure 278
Using a Certificate Authority 279
Working with Registration Authorities and
Local Registration Authorities 280
Implementing Certificates 281
Understanding Certificate Revocation 285
Implementing Trust Models 285
Hardware–Based Encryption Devices 290
Data Encryption 290
Summary 291
Exam Essentials 291
Review Questions 293
Chapter 9 Malware, Vulnerabilities, and Threats 297
Understanding Malware 300
Surviving Viruses 310
Symptoms of a Virus Infection 311
How Viruses Work 311
Types of Viruses 312
Managing Spam to Avoid Viruses 316
Antivirus Software 317
Understanding Various Types of Attacks 318
Identifying Denial–of–Service and
Distributed Denial–of–Service Attacks 319
Spoofing Attacks 321
Pharming Attacks 322
Phishing, Spear Phishing, and Vishing 323
Xmas Attack 324
Contents xix
Man–in–the–Middle Attacks 324
Replay Attacks 325
Smurf Attacks 326
Password Attacks 326
Privilege Escalation 328
Malicious Insider Threats 332
Transitive Access 332
Client–Side Attacks 333
Typo Squatting and URL Hijacking 333
Watering Hole Attack 334
Identifying Types of Application Attacks 334
Cross–Site Scripting and Forgery 334
SQL Injection 335
LDAP Injection 336
XML Injection 337
Directory Traversal/Command Injection 337
Buffer Overflow 338
Integer Overflow 338
Zero–Day Exploits 338
Cookies and Attachments 338
Locally Shared Objects and Flash Cookies 339
Malicious Add–Ons 339
Session Hijacking 340
Header Manipulation 340
Arbitrary Code and Remote Code Execution 341
Tools for Finding Threats 341
Interpreting Assessment Results 341
Tools to Know 342
Risk Calculations and Assessment Types 344
Summary 346
Exam Essentials 346
Review Questions 348
Chapter 10 Social Engineering and Other Foes 353
Understanding Social Engineering 355
Types of Social Engineering Attacks 356
What Motivates an Attack? 361
The Principles Behind Social Engineering 362
Social Engineering Attack Examples 363
Understanding Physical Security 366
Hardware Locks and Security 369
Mantraps 371
Video Surveillance 371
Fencing 372
Access List 373
Proper Lighting 374
Signs 374
Guards 374
Barricades 375
Biometrics 375
Protected Distribution 376
Alarms 376
Motion Detection 376
Environmental Controls 377
HVAC 378
Fire Suppression 378
EMI Shielding 380
Hot and Cold Aisles 382
Environmental Monitoring 383
Temperature and Humidity Controls 383
Control Types 384
A Control Type Analogy 385
Data Policies 385
Destroying a Flash Drive 386
Some Considerations 387
Optical Discs 388
Summary 389
Exam Essentials 389
Review Questions 391
Chapter 11 Security Administration 395
Third–Party Integration 397
Transitioning 397
Ongoing Operations 398
Understanding Security Awareness and Training 399
Communicating with Users to Raise Awareness 399
Providing Education and Training 399
Safety Topics 401
Training Topics 402
Classifying Information 409
Public Information 410
Private Information 411
Information Access Controls 413
Security Concepts 413
Complying with Privacy and Security Regulations 414
The Health Insurance Portability and
Accountability Act 415
The Gramm–Leach–Bliley Act 415
Contents xxi
The Computer Fraud and Abuse Act 416
The Family Educational Rights and Privacy Act 416
The Computer Security Act of 1987 416
The Cyberspace Electronic Security Act 417
The Cyber Security Enhancement Act 417
The Patriot Act 417
Familiarizing Yourself with International Efforts 418
Mobile Devices 418
BYOD Issues 419
Alternative Methods to Mitigate Security Risks 420
Summary 422
Exam Essentials 422
Review Questions 424
Chapter 12 Disaster Recovery and Incident Response 429
Issues Associated with Business Continuity 431
Types of Storage Mechanisms 432
Crafting a Disaster–Recovery Plan 433
Incident Response Policies 445
Understanding Incident Response 446
Succession Planning 454
Tabletop Exercises 454
Reinforcing Vendor Support 455
Service–Level Agreements 455
Code Escrow Agreements 457
Penetration Testing 458
What Should You Test? 458
Vulnerability Scanning 459
Summary 460
Exam Essentials 461
Review Questions 462
Appendix A Answers to Review Questions 467
Chapter 1: Measuring and Weighing Risk 468
Chapter 2: Monitoring and Diagnosing Networks 469
Chapter 3: Understanding Devices and Infrastructure 470
Chapter 4: Access Control, Authentication, and
Authorization 471
Chapter 5: Protecting Wireless Networks 473
Chapter 6: Securing the Cloud 474
Chapter 7: Host, Data, and Application Security 475
Chapter 8: Cryptography 476
Chapter 9: Malware, Vulnerabilities, and Threats 477
Chapter 10: Social Engineering and Other Foes 478
Chapter 11: Security Administration 480
Chapter 12: Disaster Recovery and Incident Response 481
Appendix B Labs, Questions, and Exam Preparation Miscellany 483
The Challenges 485
See Hidden Shares 485
Choose Problem Reporting Defaults 485
Open the Add/Remove Programs Applet 485
Delete Cookies 485
Remove All Currently Allowed Pop–ups 485
Synchronize Files 486
Configure the Crash File 486
Limit Computer Time 486
Hide Extensions 486
Allow Remote Desktop Connections 487
Display Statistics 488
MISC: Fire Extinguisher Types 488
Restore Connections 488
Open the Security Center Applet 489
Identify the Issue #1 489
Display All Information 489
MISC: Compute CIDR #1 490
Turn On the Archive Bit 490
Repair Damaged Files 490
MISC: Identify the Tool #1 490
Generate a System Health Report 491
Change Permissions for a File 491
Create a Legal Notice 492
Open the System Configuration Utility 492
Turn On the SmartScreen Filter 492
Prevent Sites from Knowing Your Location 493
Register with Websites 493
Create a Restore Point 494
Add Encrypted Files 494
Renew a DHCP Address 494
MISC: Algorithm Types 495
Enable Encryption 495
Identify the Issue #2 496
View Configuration for a Service 496
View Current Audit Policy 497
Display Network Path 497
MISC: Identify the Tool #2 497
Change Ownership on a File 498
Enable Drive Compression 498
Configure Program Compatibility 498
Configure Immediate Deletion 499
Change the Registered Organization for Windows 499
Display Disk Quota 499
Allow Pop–Ups from a Site 499
Turn On DEP 499
Enable Protection 500
Require Wake–Up Password 500
Open a Port in Windows Firewall 501
Open the User Accounts 501
Identify the Issue #3 501
Open the System Properties 502
View Group Policy Settings 502
MISC: Attack Types 502
Secure the Database 502
Call Up the Security Policy Manager 503
MISC: Identify the Tool #3 503
View Effective Permissions for a File 503
Create a Quota on Disk Space 504
Optimize a Folder 504
Choose Firewall Notifications 504
MISC: Identify the Tool #4 504
Turn Off Windows Firewall 505
Disable Toolbars 505
Reinstall Windows 505
Change UAC Settings 506
Synchronize Time 506
View All Processes Currently Running 507
Configure a Firewall 507
Display ARP Table 507
Display Windows Version 507
MISC: Compute CIDR #2 508
Summon the Event Viewer 508
Identify the Issue #4 508
Enable ReadyBoost 508
Encrypt Folder Contents 509
Clear Index Scores 509
Turn On BitLocker 509
Turn Off All AutoPlay 509
Choose Default Programs 510
Enable Shutdown Without Login 510
Open System Configuration Editor 510
Override Cookie Handling 511
Software Updates 511
Prohibit Remote Desktop 511
Uninstall 512
Change Notification Settings 512
Display Network Name 512
Flush the Cache 512
Backup and Recover Passwords 513
MISC: Identify the Tool #5 513
MISC: Identify the Tool #6 514
Restart Windows 515
Identify the Issue #5 515
Reduce the Number of Recently Used Programs 515
File Properties 516
Audit Views of a File 516
Configure Sharing of a Folder 516
Don t Display Last User 516
The Answers 517
See Hidden Shares: Answer 517
Choose Problem Reporting Defaults: Answer 517
Open the Add/Remove Programs Applet: Answer 518
Delete Cookies: Answer 518
Remove All Currently Allowed Pop–ups: Answer 518
Synchronize Files: Answer 519
Configure the Crash File: Answer 519
Limit Computer Time: Answer 520
Hide Extensions: Answer 520
Allow Remote Desktop Connections: Answer 521
Display Statistics: Answer 522
MISC: Fire Extinguisher Types: Answer 522
Restore Connections: Answer 523
Open the Security Center Applet: Answer 523
Identify the Issue #1: Answer 523
Display All Information: Answer 524
MISC: Compute CIDR #1: Answer 524
Turn On the Archive Bit: Answer 525
Repair Damaged Files: Answer 525
MISC: Identify the Tool #1: Answer 525
Generate a System Health Report: Answer 526
Change Permissions for a File: Answer 527
Create a Legal Notice: Answer 528
Open the System Configuration Utility: Answer 529
Turn On the SmartScreen Filter: Answer 529
Prevent Sites from Knowing Your Location: Answer 530
Register with Websites: Answer 530
Create a Restore Point: Answer 531
Add Encrypted Files: Answer 531
Renew a DHCP Address: Answer 532
MISC: Algorithm Types: Answer 532
Enable Encryption: Answer 533
Identify the Issue #2: Answer 534
View Configuration for a Service: Answer 535
View Current Audit Policy: Answer 535
Display Network Path: Answer 535
MISC: Identify the Tool #2: Answer 536
Change Ownership on a File: Answer 536
Enable Drive Compression: Answer 537
Configure Program Compatibility: Answer 537
Configure Immediate Deletion: Answer 538
Change the Registered Organization for Windows: Answer 538
Display Disk Quota: Answer 539
Allow Pop–Ups from a Site: Answer 539
Turn On DEP: Answer 540
Enable Protection: Answer 540
Require Wake–Up Password: Answer 541
Open a Port in Windows Firewall: Answer 542
Open the User Accounts: Answer 543
Identify the Issue #3: Answer 543
Open the System Properties: Answer 543
View Group Policy Settings: Answer 543
MISC: Attack Types: Answer 544
Secure the Database: Answer 544
Call Up the Security Policy Manager: Answer 545
MISC: Identify the Tool #3: Answer 545
View Effective Permissions for a File: Answer 546
Create a Quota on Disk Space: Answer 546
Optimize a Folder: Answer 547
Choose Firewall Notifications: Answer 547
MISC: Identify the Tool #4: Answer 548
Turn Off Windows Firewall: Answer 549
Disable Toolbars: Answer 549
Reinstall Windows: Answer 550
Change UAC Settings: Answer 550
Synchronize Time: Answer 551
View All Processes Currently Running: Answer 551
Configure a Firewall: Answer 552
Display ARP Table: Answer 552
Display Windows Version: Answer 552
MISC: Compute CIDR #2: Answer 553
Summon the Event Viewer: Answer 553
Identify the Issue #4: Answer 553
Enable ReadyBoost: Answer 554
Encrypt Folder Contents: Answer 555
Clear Index Scores: Answer 555
Turn On BitLocker: Answer 556
Turn Off All AutoPlay: Answer 556
Choose Default Programs: Answer 556
Enable Shutdown Without Login: Answer 557
Open System Configuration Editor: Answer 557
Override Cookie Handling: Answer 558
Software Updates: Answer 559
Prohibit Remote Desktop: Answer 559
Uninstall: Answer 560
Change Notification Settings: Answer 560
Display Network Name: Answer 561
Flush the Cache: Answer 561
Backup and Recover Passwords: Answer 561
MISC: Identify the Tool #5: Answer 562
MISC: Identify the Tool #6: Answer 563
Restart Windows: Answer 564
Identify the Issue #5: Answer 564
Reduce the Number of Recently Used Programs: Answer 565
File Properties: Answer 566
Audit Views of a File: Answer 566
Configure Sharing of a Folder: Answer 567
Don t Display Last User: Answer 567
Appendix C About the Companion CD 569
What You ll Find on the CD 570
Test Engine 570
Electronic Flashcards 570
E–book in All Formats 570
Videos 571
PDF of Glossary of Terms 571
Adobe Reader 571
System Requirements 571
Using the Study Tools 572
Troubleshooting 572
Customer Care 572
Index