CompTIA Security + SY0-401 In DepthКНИГИ » ОС И БД
Название: CompTIA Security+ SY0-401 In Depth Издательство: Cengage Learning Автор:Mark Ciampa Год: 2015 Количество страниц:576 Язык: English Формат:pdf Размер:19 Mb
COMPTIA SECURITY+ SY0-401 IN DEPTH will prepare you to pass CompTIA's new Security+ certification exam and earn this important credential in the field of computer security. This book offers in-depth coverage of all relevant topics, from handling malware to advanced cryptography, wireless and mobile security, and much more. Using the proven In Depth certification training method, this comprehensive, up-to-date, user-friendly test-prep guide covers exam objectives for the new Security+ SY0-401 certification exam; features end-of-chapter quizzes to test your mastery of each new skill you're learning; maps completely to the Security+ SY0-401 exam objectives; and includes a full glossary and helpful appendixes. Computer and network security is a crucially important and ever-growing field, and IT professionals must keep up with the latest challenges and technologies. The CompTIA Security+ SY0-401 certification exam validates the knowledge and best practices required of professionals responsible for securing computer networks and managing risk. The coaching and test-prep resources contained in COMPTIA SECURITY+ SY0-401 IN DEPTH will give you the skills and confidence you'll need to succeed on exam day.
Title Page Copyright Page Brief Contents Table of Contents INTRODUCTION CHAPTER 1 Introduction to Security Challenges of Securing Information Today’s Security Attacks Difficulties in Defending Against Attacks What Is Information Security? Understanding Security Defining Information Security Information Security Terminology Understanding the Importance of Information Security Who Are the Attackers? Cybercriminals Script Kiddies Brokers Insiders Cyberterrorists Hactivists State-Sponsored Attackers Attacks and Defenses Steps of an Attack Defenses Against Attacks Chapter Summary Key Terms Review Questions PART I Threats CHAPTER 2 Malware and Social Engineering Attacks Attacks Using Malware Circulation/Infection Concealment Payload Capabilities Social Engineering Attacks Psychological Approaches Physical Procedures Chapter Summary Key Terms Review Questions CHAPTER 3 Application and Networking-Based Attacks Application Attacks Server-Side Web Application Attacks Client-Side Application Attacks Impartial Overflow Attacks Networking-Based Attacks Denial of Service (DoS) Interception Poisoning Attacks on Access Rights Chapter Summary Key Terms Review Questions PART II Application, Data, and Host Security CHAPTER 4 Host, Application, and Data Security Securing the Host Securing Devices Securing the Operating System Software Securing with Antimalware Securing Static Environments Application Security Application Development Security Application Hardening and Patch Management Securing Data Chapter Summary Key Terms Review Questions PART III Cryptography CHAPTER 5 Basic Cryptography Defining Cryptography What Is Cryptography? Cryptography and Security Cryptographic Algorithms Hash Algorithms Symmetric Cryptographic Algorithms Asymmetric Cryptographic Algorithms Using Cryptography Encryption Through Software Hardware Encryption Chapter Summary Key Terms Review Questions CHAPTER 6 Advanced Cryptography Digital Certificates Defining Digital Certificates Managing Digital Certificates Types of Digital Certificates Public Key Infrastructure (PKI) What Is Public Key Infrastructure (PKI)? Public Key Cryptography Standards (PKCS) Trust Models Managing PKI Key Management Key Storage Key Usage Key Handling Procedures Cryptographic Transport Protocols Secure Sockets Layer (SSL) Transport Layer Security (TLS) Secure Shell (SSH) Hypertext Transport Protocol Secure (HTTPS) IP Security (IPsec) Chapter Summary Key Terms Review Questions PART IV Network Security CHAPTER 7 Network Security Fundamentals Security Through Network Devices Standard Network Devices Network Security Hardware Security Through Network Technologies Network Address Translation (NAT) Network Access Control (NAC) Security Through Network Design Elements Demilitarized Zone (DMZ) Subnetting Virtual LANs (VLANs) Remote Access Chapter Summary Key Terms Review Questions CHAPTER 8 Administering a Secure Network Common Network Protocols Internet Control Message Protocol (ICMP) Simple Network Management Protocol (SNMP) Domain Name System (DNS) File Transfer Protocols Storage Protocols NetBIOS Telnet IPv6 Network Administration Principles Device Security Monitoring and Analyzing Logs Network Design Management Port Security Securing Network Applications and Platforms IP Telephony Virtualization Cloud Computing Chapter Summary Key Terms Review Questions PART V Mobile Security CHAPTER 9 Wireless Network Security Wireless Attacks Bluetooth Attacks Near Field Communication (NFC) Attacks Wireless Local Area Network (WLAN) Attacks Vulnerabilities of IEEE Wireless Security Wired Equivalent Privacy (WEP) Wi-Fi Protected Setup (WPS) MAC Address Filtering Disabling SSID Broadcasts Wireless Security Solutions Wi-Fi Protected Access (WPA) Wi-Fi Protected Access 2 (WPA2) Additional Wireless Security Protections Chapter Summary Key Terms Review Questions CHAPTER 10 Mobile Device Security Types of Mobile Devices Portable Computers Tablets Smartphones Wearable Technology Legacy Devices Mobile Device Removable Storage Mobile Device Risks Limited Physical Security Connecting to Public Networks Location Tracking Installing Unsecured Applications Accessing Untrusted Content Bring Your Own Device (BYOD) Risks Securing Mobile Devices Device Setup Device and App Management Device Loss or Theft Mobile Device App Security BYOD Security Chapter Summary Key Terms Review Questions PART VI Access Control and Identity Management CHAPTER 11 Access Control Fundamentals What Is Access Control? Access Control Terminology Access Control Models Best Practices for Access Control Implementing Access Control Access Control Lists (ACLs) Group Policies Account Restrictions Authentication Services RADIUS Kerberos Terminal Access Control Access Control System (TACACS) Lightweight Directory Access Protocol (LDAP) Security Assertion Markup Language (SAML) Chapter Summary Key Terms Review Questions CHAPTER 12 Authentication and Account Management Authentication Credentials What You Know: Passwords What You Have: Tokens, Cards, and Cell Phones What You Are: Biometrics What You Do: Behavioral Biometrics Where You Are: Geolocation Single Sign-On Microsoft Account OpenID Open Authorization (OAuth) Account Management Chapter Summary Key Terms Review Questions PART VII Compliance and Operational Security CHAPTER 13 Business Continuity What Is Business Continuity? Disaster Recovery Disaster Recovery Plan (DRP) Redundancy and Fault Tolerance Data Backups Environmental Controls Fire Suppression Electromagnetic Interference (EMI) Shielding HVAC Incident Response Forensics Incident Response Procedures Chapter Summary Key Terms Review Questions CHAPTER 14 Risk Mitigation Controlling Risk Privilege Management Change Management Incident Management Risk Calculation Reducing Risk Through Policies What Is a Security Policy? Balancing Trust and Control Designing a Security Policy Types of Security Policies Awareness and Training Compliance User Practices Threat Awareness Training Techniques Chapter Summary Key Terms Review Questions CHAPTER 15 Vulnerability Assessment Assessing Vulnerabilities What Is Vulnerability Assessment? Assessment Techniques Assessment Tools Vulnerability Scanning vs. Penetration Testing Vulnerability Scanning Penetration Testing Third-Party Integration Mitigating and Deterring Attacks Creating a Security Posture Selecting Appropriate Controls Configuring Controls Hardening Reporting Chapter Summary Key Terms Review Questions APPENDIX A CompTIA SY0-401 Certification Exam Objectives APPENDIX B Answers to Chapter Review Questions APPENDIX C Security Websites Security Organizations Vendor Security Websites Threat Analysis Standards Organizations and Regulatory Agencies Laws Protecting Private Information Blogs APPENDIX D Selected TCP/IP Ports and Their Threats APPENDIX E References GLOSSARY INDEX