CompTIA Security+ Deluxe Study Guide Sy0–401

Includes Real–World Scenarios, Hands–on Exercises, and a Deluxe DVD Featuring:

+ Practice Test Environment

+ Hundreds of Sample Questions

+ Electronic Flashcards

+ Video for Each Topic

+ E–book Versions in Various Formats

Practical, comprehensive Security+ prep

The CompTIA Security+ Deluxe Study Guide takes exam prep to a whole new level, with over one hundred additional pages of questions, freeware and demo tools, and author videos demonstrating critical tasks for the SY0–401. New scenario–based questions exclusive to the Deluxe edition use real–world, on the job issues to test your skills, and you’ll gain practical insights into crucial issues facing IT security professionals as you explore everything this set has to offer:

Full coverage of all exam objectives in a systematic approach, so you can be confident you’re getting the instruction you need for the exam

Practical written labs to reinforce critical skills

Real–world scenarios that put what you’ve learned in the context of actual job roles

Challenging review questions in each chapter to prepare you for exam day

Exam Essentials, a key feature in each chapter that identifies critical areas you must become proficient in before taking the exam

Featured on the DVD

SYBEX TEST ENGINE

Test your knowledge with advanced testing software. Includes all chapter review questions and two practice exams.

ELECTRONIC FLASHCARDS

Reinforce your understanding with 200 electronic flashcards.

INSTRUCTIONAL VIDEO

Learn how to perform key tasks with over an hour of instructional video from the author.

Also on the DVD, you’ll find the entire book in ePDF, Mobi, and ePub formats.

Introduction xxix

Chapter 1 Measuring and Weighing Risk 1

Risk Assessment 3

Computing Risk Assessment 4

Acting on Your Risk Assessment 9

Risks Associated with Cloud Computing 17

Risks Associated with Virtualization 19

Developing Policies, Standards, and Guidelines 19

Implementing Policies 20

Understanding Control Types and

False Positives/Negatives 26

Risk Management Best Practices 28

Disaster Recovery 36

Tabletop Exercise 39

Summary 39

Exam Essentials 39

Review Questions 41

Chapter 2 Monitoring and Diagnosing Networks 45

Monitoring Networks 46

Network Monitors 46

Understanding Hardening 52

Working with Services 52

Patches 56

User Account Control 57

Filesystems 58

Securing the Network 60

Security Posture 61

Continuous Security Monitoring 61

Setting a Remediation Policy 62

Reporting Security Issues 63

Alarms 63

Alerts 63

Trends 63

Differentiating between Detection Controls and

Prevention Controls 64

Summary 65

Exam Essentials 66

Review Questions 67

Chapter 3 Understanding Devices and Infrastructure 71

Mastering TCP/IP 73

OSI Relevance 74

Working with the TCP/IP Suite 74

IPv4 and IPv6 78

Understanding Encapsulation 79

Working with Protocols and Services 80

Designing a Secure Network 87

Demilitarized Zones 87

Subnetting 89

Virtual Local Area Networks 89

Remote Access 92

Network Address Translation 93

Telephony 94

Network Access Control 95

Understanding the Various Network Infrastructure Devices 95

Firewalls 96

Routers 100

Switches 102

Load Balancers 103

Proxies 103

Web Security Gateway 103

VPNs and VPN Concentrators 103

Intrusion Detection Systems 105

Understanding Intrusion Detection Systems 106

IDS vs. IPS 110

Working with a Network–Based IDS 111

Working with a Host–Based IDS 116

Working with NIPSs 117

Protocol Analyzers 118

Spam Filters 118

UTM Security Appliances 119

Summary 122

Exam Essentials 123

Review Questions 124

Chapter 4 Access Control, Authentication,

and Authorization 129

Understanding Access Control Basics 131

Identification vs. Authentication 131

Authentication (Single Factor) and Authorization 132

Multifactor Authentication 133

Layered Security and Defense in Depth 133

Network Access Control 134

Tokens 135

Federations 135

Potential Authentication and Access Problems 136

Authentication Issues to Consider 137

Authentication Protocols 139

Account Policy Enforcement 139

Users with Multiple Accounts/Roles 141

Generic Account Prohibition 142

Group–based and User–assigned Privileges 142

Understanding Remote Access Connectivity 142

Using the Point–to–Point Protocol 143

Working with Tunneling Protocols 144

Working with RADIUS 145

TACACS/TACACS+/XTACACS 146

VLAN Management 146

SAML 147

Understanding Authentication Services 147

LDAP 147

Kerberos 148

Single Sign–On Initiatives 149

Understanding Access Control 150

Mandatory Access Control 151

Discretionary Access Control 151

Role–Based Access Control 152

Rule–Based Access Control 152

Implementing Access Controlling Best Practices 152

Least Privileges 153

Separation of Duties 153

Time of Day Restrictions 153

User Access Review 154

Smart Cards 154

Access Control Lists 156

Port Security 157

Working with 802.1X 158

Flood Guards and Loop Protection 158

Preventing Network Bridging 158

Log Analysis 159

Trusted OS 159

Secure Router Configuration 160

Summary 161

Exam Essentials 161

Review Questions 163

xvi Contents

Chapter 5 Protecting Wireless Networks 167

Working with Wireless Systems 169

IEEE 802.11x Wireless Protocols 169

WEP/WAP/WPA/WPA2 171

Wireless Transport Layer Security 173

Understanding Wireless Devices 174

Wireless Access Points 175

Extensible Authentication Protocol 181

Lightweight Extensible Authentication Protocol 182

Protected Extensible Authentication Protocol 182

Wireless Vulnerabilities to Know 183

Wireless Attack Analogy 187

Summary 188

Exam Essentials 189

Review Questions 190

Chapter 6 Securing the Cloud 195

Working with Cloud Computing 196

Software as a Service (SaaS) 197

Platform as a Service (PaaS) 198

Infrastructure as a Service (IaaS) 199

Private Cloud 200

Public Cloud 200

Community Cloud 200

Hybrid Cloud 201

Working with Virtualization 201

Snapshots 203

Patch Compatibility 203

Host Availability/Elasticity 204

Security Control Testing 204

Sandboxing 204

Security and the Cloud 205

Cloud Storage 206

Summary 207

Exam Essentials 207

Review Questions 208

Chapter 7 Host, Data, and Application Security 213

Application Hardening 215

Databases and Technologies 215

Fuzzing 218

Secure Coding 218

Application Configuration Baselining 219

Operating System Patch Management 220

Application Patch Management 220

Host Security 220

Permissions 220

Access Control Lists 221

Antimalware 221

Host Software Baselining 226

Hardening Web Servers 227

Hardening Email Servers 228

Hardening FTP Servers 229

Hardening DNS Servers 230

Hardening DHCP Services 231

Protecting Data Through Fault Tolerance 233

Backups 233

RAID 234

Clustering and Load Balancing 235

Application Security 235

Best Practices for Security 236

Data Loss Prevention 236

Hardware–Based Encryption Devices 237

Summary 238

Exam Essentials 238

Review Questions 239

Chapter 8 Cryptography 243

An Overview of Cryptography 245

Historical Cryptography 245

Modern Cryptography 249

Working with Symmetric Algorithms 249

Working with Asymmetric Algorithms 251

What Cryptography Should You Use? 254

Hashing Algorithms 255

Rainbow Tables and Salt 256

Key Stretching 256

Understanding Quantum Cryptography 257

Cryptanalysis Methods 257

Wi–Fi Encryption 258

Using Cryptographic Systems 258

Confidentiality and Strength 259

Integrity 259

Digital Signatures 261

Authentication 261

Nonrepudiation 262

Key Features 262

Understanding Cryptography Standards and Protocols 263

The Origins of Encryption Standards 263

Public–Key Infrastructure X.509

/Public–Key Cryptography Standards 266

X.509 267

SSL and TLS 268

Certificate Management Protocols 270

Secure Multipurpose Internet Mail Extensions 270

Secure Electronic Transaction 270

Secure Shell 271

Pretty Good Privacy 272

HTTP Secure 274

Secure HTTP 274

IP Security 274

Tunneling Protocols 277

Federal Information Processing Standard 278

Using Public–Key Infrastructure 278

Using a Certificate Authority 279

Working with Registration Authorities and

Local Registration Authorities 280

Implementing Certificates 281

Understanding Certificate Revocation 285

Implementing Trust Models 285

Hardware–Based Encryption Devices 290

Data En

Emmett Dulaney, Security+, A+, Network+, is an Assistant Professor at Anderson University. He has written certification books on Windows, Security, IT project management, and UNIX, and co–authored two of Sybex’s leading certification titles: CompTIA Security+ Study Guide and CompTIA A+ Complete Study Guide.