-
DISPONIBILITÀ IMMEDIATA
{{/disponibilitaBox}}
-
{{speseGratisLibroBox}}
{{/noEbook}}
{{^noEbook}}
-
Libro
-
CompTIA Security+ Study Guide
dulaney emmett; easttom chuck
45,50 €
{{{disponibilita}}}
NOTE EDITORE
All the test prep you need for Exam SY0–401 In this highly anticipated new edition of the popular CompTIA Security+ Study Guide, top security authorities Emmett Dulaney and Chuck Easttom prepare you for the latest CompTIA Security+ exam, SY0–401. They cover exam essentials such as network security, compliance and operational security, threats and vulnerabilities, and application, data, and host security and they offer vital insights from their decades of security experience. This CompTIA approved courseware includes: Full coverage of all exam objectives in a systematic approach, so you can be confident you re getting the instruction you need for the exam Practical written labs to reinforce critical skills Real–world scenarios that put what you ve learned in the context of actual job roles Challenging review questions in each chapter to prepare you for exam day Exam Essentials, a key feature in each chapter that identifies critical areas you must become proficient in before taking the exam A handy section that maps every official exam objective to the corresponding chapter in the book so you can track your exam prep objective by objective A coupon that saves you 10% on CompTIA exam vouchers Sybex Exam Prep Tools Go to www.sybex.com/go/securityplus6e to access a full set of study tools to help you prepare for the exam, including: Chapter review questions A pre–assessment test Full–length practice exams Over 100 electronic flashcards Glossary of key terms Includes coverage of all exam objectives, including these key topics: Network security Compliance and operational security Threats and vulnerabilities Application, data, and host security Access control and identity management CryptographySOMMARIO
Foreword xxi Introduction xxiii Chapter 1 Measuring and Weighing Risk 1 Risk Assessment 3 Computing Risk Assessment 4 Acting on Your Risk Assessment 9 Risks Associated with Cloud Computing 17 Risks Associated with Virtualization 19 Developing Policies, Standards, and Guidelines 19 Implementing Policies 20 Understanding Control Types and False Positives/Negatives 26 Risk Management Best Practices 28 Disaster Recovery 36 Tabletop Exercise 39 Summary 39 Exam Essentials 39 Review Questions 41 Chapter 2 Monitoring and Diagnosing Networks 45 Monitoring Networks 46 Network Monitors 46 Understanding Hardening 52 Working with Services 52 Patches 56 User Account Control 57 Filesystems 58 Securing the Network 60 Security Posture 61 Continuous Security Monitoring 61 Setting a Remediation Policy 62 Reporting Security Issues 63 Alarms 63 Alerts 63 Trends 63 Differentiating between Detection Controls and Prevention Controls 64 Summary 65 Exam Essentials 66 Review Questions 67 Chapter 3 Understanding Devices and Infrastructure 71 Mastering TCP/IP 73 OSI Relevance 74 Working with the TCP/IP Suite 74 IPv4 and IPv6 78 Understanding Encapsulation 79 Working with Protocols and Services 80 Designing a Secure Network 87 Demilitarized Zones 87 Subnetting 89 Virtual Local Area Networks 89 Remote Access 92 Network Address Translation 93 Telephony 94 Network Access Control 95 Understanding the Various Network Infrastructure Devices 95 Firewalls 96 Routers 100 Switches 102 Load Balancers 103 Proxies 103 Web Security Gateway 103 VPNs and VPN Concentrators 103 Intrusion Detection Systems 105 Understanding Intrusion Detection Systems 106 IDS vs. IPS 110 Working with a Network–Based IDS 111 Working with a Host–Based IDS 116 Working with NIPSs 117 Protocol Analyzers 118 Spam Filters 118 UTM Security Appliances 119 Summary 122 Exam Essentials 123 Review Questions 124 Chapter 4 Access Control, Authentication, and Authorization 129 Understanding Access Control Basics 131 Identification vs. Authentication 131 Authentication (Single Factor) and Authorization 132 Multifactor Authentication 133 Layered Security and Defense in Depth 133 Network Access Control 134 Tokens 135 Federations 135 Potential Authentication and Access Problems 136 Authentication Issues to Consider 137 Authentication Protocols 139 Account Policy Enforcement 139 Users with Multiple Accounts/Roles 141 Generic Account Prohibition 142 Group–based and User–assigned Privileges 142 Understanding Remote Access Connectivity 142 Using the Point–to–Point Protocol 143 Working with Tunneling Protocols 144 Working with RADIUS 145 TACACS/TACACS+/XTACACS 146 VLAN Management 146 SAML 147 Understanding Authentication Services 147 LDAP 147 Kerberos 148 Single Sign–On Initiatives 149 Understanding Access Control 150 Mandatory Access Control 151 Discretionary Access Control 151 Role–Based Access Control 152 Rule–Based Access Control 152 Implementing Access Controlling Best Practices 152 Least Privileges 153 Separation of Duties 153 Time of Day Restrictions 153 User Access Review 154 Smart Cards 154 Access Control Lists 156 Port Security 157 Working with 802.1X 158 Flood Guards and Loop Protection 158 Preventing Network Bridging 158 Log Analysis 159 Trusted OS 159 Secure Router Configuration 160 Summary 161 Exam Essentials 161 Review Questions 163 Chapter 5 Protecting Wireless Networks 167 Working with Wireless Systems 169 IEEE 802.11x Wireless Protocols 169 WEP/WAP/WPA/WPA2 171 Wireless Transport Layer Security 173 Understanding Wireless Devices 174 Wireless Access Points 175 Extensible Authentication Protocol 181 Lightweight Extensible Authentication Protocol 182 Protected Extensible Authentication Protocol 182 Wireless Vulnerabilities to Know 183 Wireless Attack Analogy 187 Summary 188 Exam Essentials 189 Review Questions 190 Chapter 6 Securing the Cloud 195 Working with Cloud Computing 196 Software as a Service (SaaS) 197 Platform as a Service (PaaS) 198 Infrastructure as a Service (IaaS) 199 Private Cloud 200 Public Cloud 200 Community Cloud 200 Hybrid Cloud 201 Working with Virtualization 201 Snapshots 203 Patch Compatibility 203 Host Availability/Elasticity 204 Security Control Testing 204 Sandboxing 204 Security and the Cloud 205 Cloud Storage 206 Summary 207 Exam Essentials 207 Review Questions 208 Chapter 7 Host, Data, and Application Security 213 Application Hardening 215 Databases and Technologies 215 Fuzzing 218 Secure Coding 218 Application Configuration Baselining 219 Operating System Patch Management 220 Application Patch Management 220 Host Security 220 Permissions 220 Access Control Lists 221 Antimalware 221 Host Software Baselining 226 Hardening Web Servers 227 Hardening Email Servers 228 Hardening FTP Servers 229 Hardening DNS Servers 230 Hardening DHCP Services 231 Protecting Data Through Fault Tolerance 233 Backups 233 RAID 234 Clustering and Load Balancing 235 Application Security 235 Best Practices for Security 236 Data Loss Prevention 236 Hardware–Based Encryption Devices 237 Summary 238 Exam Essentials 238 Review Questions 239 Chapter 8 Cryptography 243 An Overview of Cryptography 245 Historical Cryptography 245 Modern Cryptography 249 Working with Symmetric Algorithms 249 Working with Asymmetric Algorithms 251 What Cryptography Should You Use? 254 Hashing Algorithms 255 Rainbow Tables and Salt 256 Key Stretching 256 Understanding Quantum Cryptography 257 Cryptanalysis Methods 257 Wi–Fi Encryption 258 Using Cryptographic Systems 258 Confidentiality and Strength 259 Integrity 259 Digital Signatures 261 Authentication 261 Nonrepudiation 262 Key Features 262 Understanding Cryptography Standards and Protocols 263 The Origins of Encryption Standards 263 Public–Key Infrastructure X.509/Public–Key Cryptography Standards 266 X.509 267 SSL and TLS 268 Certificate Management Protocols 270 Secure Multipurpose Internet Mail Extensions 270 Secure Electronic Transaction 270 Secure Shell 271 Pretty Good Privacy 272 HTTP Secure 274 Secure HTTP 274 IP Security 274 Tunneling Protocols 277 Federal Information Processing Standard 278 Using Public–Key Infrastructure 278 Using a Certificate Authority 279 Working with Registration Authorities and Local Registration Authorities 280 Implementing Certificates 281 Understanding Certificate Revocation 285 Implementing Trust Models 285 Hardware–Based Encryption Devices 290 DAUTORE
Emmett Dulaney is an Assistant Professor at Anderson University. He has written several certification books on Windows, security, IT project management, and UNIX, and was the co–author of CompTIA A+ Complete Study Guide (Sybex). Chuck Easttom is CEO and Chief Trainer for CEC–Security, which specializes in IT security training and CISP and Security+ exam preparation. He has over 18 years in the IT industry, 10 years teaching and training, and has authored 15 published books.ALTRE INFORMAZIONI
- Condizione: Nuovo
- ISBN: 9781118875070
- Dimensioni: 192 x 26.4 x 187 mm Ø 732 gr
- Formato: Brossura
- Pagine Arabe: 552