Security+™
S t u d y G u i d e S e c o n d E d i t i o n
Mike Pastore and Emmett Dulaney
Associate Publisher: Neil Edde
Acquisitions and Developmental Editor: Jeff Kellum
Production Editor: Susan Berge
Technical Editors: J. Kevin Lundy, Jay Stephen Leeds
Copyeditor: Tiffany Taylor
Compositor: Craig Woods, Happenstance Type-O-Rama
Graphic Illustrator: Happenstance Type-O-Rama
CD Coordinator: Dan Mummert
CD Technician: Kevin Ly
Proofreaders: Laurie O’Connell, Nancy Riddiough
Indexer: Ted Laux
Book Designers: Bill Gibson, Judy Fung
Cover Designer: Archer Design
Cover Photograph: Photodisc and Victor Arre
 |
| SecurityPLUS Study Guide, Second Edition |
Mike Pastore is an MCP, A+, Net+, Security+ certified professional. He has over 25 years of
experience in IT, including management, administration, and development. He has consulted
with a number of organizations on computer and computer security issues. Mike has been
involved in CompTIA certifications for several years, and he has worked with CompTIA on
several exams. He also teaches computer and management topics at several colleges. You can
e-mail him at mikepast@aol.com.
Emmett Dulaney holds, or has held, 18 vendor certifications and is the author of over 30
books. The former Director of Training for Mercury Technical Solutions, he specializes in certification
and cross-platform integration. Emmett can be reached at edulaney@iquest.net.
Acknowledgments
I would like to thank Michael Pastore for creating this text in the first place and for
providing such good material to work with. Thanks also to Jeff Kellum, Susan Berge, Kevin
Lundy, Tiffany Taylor, Steve Leeds, Kevin Ly, Dan Mummert, Laurie O’Connell, Nancy
Riddiough, Happenstance Type-O-Rama, and Ted Laux for having a vision and making
certain that it was met.
Introduction
If you’re preparing to take the Security+ exam,
you’ll undoubtedly want to find as much information
as you can concerning computer and physical security.
The more information you have at your disposal and the more hands-on experience you gain, the better off you’ll be when attempting the exam. This study guide was written with that in mind.
We have attempted to dispense as much information as we can about computer security.
The key was to provide enough information that
you’ll be prepared for the test but not so much that you’ll be overloaded with information outside the scope of the exam.
This book presents the material at an intermediate technical level. Experience with and
understanding of security concepts, operating systems, and applications systems will help you
get a full understanding of the challenges facing you as a security professional.
We’ve included review questions at the end of each chapter to give you a taste of what it’s
like to take the exam. If you’re already working in the security field, we recommend that you
check out these questions first to gauge your level of expertise. You can then use the book
mainly to fill in the gaps in your current knowledge. This study guide will help you round out
your knowledge base before tackling the exam.
If you can answer 80 percent or more of the review questions correctly for a given chapter,
you can probably feel safe moving on to the next chapter. If you’re unable to answer that many
correctly, reread the chapter and try the questions again. Your score should improve.
Before You Begin
Before you begin studying for the exam, it’s imperative that you understand a few things about
the Security+ certification. Security+ is a certification-for-life from CompTIA granted to those
who obtain a passing score on a single entry-level exam. In addition to being a stand-alone certification
that can be added to the bottom of your resume, Security+ can also be used as an elective
in Microsoft’s MCSA and MCSE tracks, and it counts as credit toward the security
specializations Microsoft offers.
When you’re studying for any exam, the first step in preparation should always be to find out
as much as possible about the test; the more you know up front, the better you can plan your
study. The current exam number, and the one this book is written to, is SY0-101; it consists of
100 questions. You have 90 minutes to take the exam, and the passing score is 764 on a scale
from 100 to 900. Both Pearson VUE and Thompson Prometric testing centers administer the
exam throughout the United States and several other countries.
The exam is multiple choice, with short, terse questions followed by four possible answers.
If you expect lengthy scenarios and complex solutions, you’re mistaken. This is an entry-level
exam of knowledge-level topics; it expects you to know a great deal about security topics from
an overview perspective, not in implementation. In many books, the glossary is filler added to
the back of the text; this book’s glossary should be considered necessary reading. You’re likely
to see a question on the exam about what reverse DNS is, not how to implement it. Spend your
study time learning the different security solutions and identifying potential security vulnerabilities
and where they would be applicable. Don’t get bogged down in step-by-step details;
those are saved for certification exams beyond the scope of Security+.
You should also know that CompTIA is notorious for including vague questions on all its
exams. You might see a question for which two of the possible four answers are correct—but
you can only choose one. Use your knowledge, logic, and intuition to choose the best answer,
and then move on. Sometimes the questions are worded in ways that would make English
majors cringe—a typo here, an incorrect verb there. Don’t let this frustrate you; answer the
question, and go to the next. Although we haven’t intentionally added typos or other grammatical
errors, the questions throughout this book make every attempt to re-create the structure and
appearance of the real exam questions.
Who Should Buy This Book?
If you want to acquire a solid foundation in computer security and your goal is to prepare for
the exam by learning how to develop and improve security, this book is for you. You’ll find
clear explanations of the concepts you need to grasp and plenty of help to achieve the high level
of professional competency you need in order to succeed in your chosen field.
If you want to become certified as a Security+
holder, this book is definitely what you need.
However, if you just want to attempt to pass the exam without really understanding security,
this study guide isn’t for you. It’s written for people who want to acquire hands-on skills and
in-depth knowledge of computer security.
Table of Exercises
Exercise 1.1
Survey Your Physical Environment . . . . . . . . . . . . . . . . .6
Exercise 1.2
Survey Your Operational Environment . . . . . . . . . . . . . . . .7
Exercise 1.3
Assemble and Examine Your Procedures . . . . . . . . . . . . . . 10
Exercise 1.4
Compute Availability . . . . . . . . . . . . . . . . . . . . . . 24
Exercise 1.5
Assign a Value to Data Assets . . . . . . . . . . . . . . . . . . 33
Exercise 2.1
Survey Your Surroundings . . . . . . . . . . . . . . . . . . . . 50
Exercise 2.2
Responding to an Attack . . . . . . . . . . . . . . . . . . . . . 58
Exercise 3.1
Compile an Infrastructure List . . . . . . . . . . . . . . . . . . 99
Exercise 3.2
Decide Which Traffic to Allow Through. . . . . . . . . . . . . . .102
Exercise 3.3
Examine the Routing Table. . . . . . . . . . . . . . . . . . . .107
Exercise 3.4
Look for Ways to Harden your Servers . . . . . . . . . . . . . . .117
Exercise 3.5
Understanding Tape Rotation Schemes . . . . . . . . . . . . . .141
Exercise 4.1
View the Active TCP and UDP Ports . . . . . . . . . . . . . . . .156
Exercise 4.2
Run Network Monitor . . . . . . . . . . . . . . . . . . . . . .160
Exercise 4.3
Run a Practice Incident-Response Plan . . . . . . . . . . . . . . .176
Exercise 4.4
Make File Extensions Visible . . . . . . . . . . . . . . . . . . .183
Exercise 5.1
EAL from a Windows 2000 Administrator’s View . . . . . . . . . . .200
Exercise 5.2
Working with Performance Monitor . . . . . . . . . . . . . . . .207
Exercise 5.3
Working with Unix/Linux Networking . . . . . . . . . . . . . . .210
Exercise 6.1
Security Zones in the Physical Environment. . . . . . . . . . . . .240
Exercise 6.2
Testing Social Engineering . . . . . . . . . . . . . . . . . . . .245
Exercise 6.3
Risk Assessment Computations . . . . . . . . . . . . . . . . . .256
Exercise 7.1
Working with rot13 . . . . . . . . . . . . . . . . . . . . . . .284
Exercise 7.2
Hash Rules in Windows Server 2003 . . . . . . . . . . . . . . . .287
Exercise 8.1
SSL Settings in Windows Server 2003 . . . . . . . . . . . . . . .329
Exercise 8.2
Looking for Errors in IPSec Performance Statistics . . . . . . . . . .334
Exercise 9.1
Formulating Business Continuity Plans . . . . . . . . . . . . . . .358
Exercise 9.2
How Many Disks Does RAID Need? . . . . . . . . . . . . . . . .363
Exercise 9.3
Automated System Recovery in Windows Server 2003 . . . . . . . .369
Exercise 9.4
Recovering a System . . . . . . . . . . . . . . . . . . . . . .373
Exercise 10.1
Thinking Through a Chain of Custody . . . . . . . . . . . . . . .407
Exercise 10.2
Applying Education Appropriately . . . . . . . . . . . . . . . . .418
Exercise 10.3
Configuring Windows Automatic Updates . . . . . . . . . . . . .419
Screenshot
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 13,081 KB |
Pages
|
540 p |
File Type
|
PDF format |
ISBN
| 0-7821-4350-4 |
Copyright
| 2003 SYBEX Inc |
Contents at a Glance
Introduction xix
Assessment Test xxxiii
Chapter 1 General Security Concepts 1
Chapter 2 Identifying Potential Risks 47
Chapter 3 Infrastructure and Connectivity 95
Chapter 4 Monitoring Communications Activity 153
Chapter 5 Implementing and Maintaining a Secure Network 195
Chapter 6 Securing the Network and Environment 235
Chapter 7 Cryptography Basics and Methods 281
Chapter 8 Cryptography Standards 321
Chapter 9 Security Policies and Procedures 355
Chapter 10 Security Management 403
Glossary 437
Index 477
Table of Contents
Introduction xix
Assessment Test xxxiii
Chapter 1 General Security Concepts 1
Understanding Information Security 3
Securing the Physical Environment 5
Examining Operational Security 6
Working with Management and Policies 8
Understanding the Goals of Information Security 11
Comprehending the Security Process 12
Appreciating Antivirus Software 12
Implementing Access Control 12
Understanding Authentication 14
Understanding Networking Services and Protocols 20
Distinguishing Between Security Topologies 22
Setting Design Goals 22
Creating Security Zones 24
Working with Newer Technologies 29
Business Concerns to Be Aware Of 32
Summary 36
Exam Essentials 38
Review Questions 40
Answers to Review Questions 44
Chapter 2 Identifying Potential Risks 47
Calculating Attack Strategies 48
Types of Access Attacks 49
Recognizing Modification and Repudiation Attacks 50
Identifying Denial of Service (DoS) and
Distributed DoS (DDoS) Attacks 51
Recognizing Common Attacks 53
Back Door Attacks 53
Spoofing Attacks 54
Man-in-the-Middle Attacks 55
Replay Attacks 56
Password-Guessing Attacks 57
Identifying TCP/IP Security Concerns 58
Working with the TCP/IP Protocol Suite 59
Encapsulation 62
Working with Protocols and Services 63
Recognizing TCP/IP Attacks 66
Understanding Software Exploitation 72
Surviving Malicious Code 73
Viruses 74
Trojan Horses 80
Logic Bombs 80
Worms 80
Antivirus Software 81
Understanding Social Engineering 82
An Introduction to Auditing Processes and Files 84
Summary 84
Exam Essentials 85
Review Questions 88
Answers to Review Questions 92
Chapter 3 Infrastructure and Connectivity 95
Understanding Infrastructure Security 97
Working with Hardware Components 98
Working with Software Components 99
Understanding the Different Network Infrastructure Devices 100
Firewalls 100
Hubs 104
Routers 105
Switches 107
Wireless Access Points 108
Modems 109
Remote Access Services 110
Telecom/PBX Systems 110
Virtual Private Networks 112
Monitoring and Diagnosing Networks 114
Network Monitors 114
Securing Workstations and Servers 115
Understanding Mobile Devices 117
Understanding Remote Access 118
Using the Serial Line Internet Protocol 119
Using the Point-to-Point Protocol 119
Tunneling Protocols 120
802.1X Wireless Protocols 121
Securing Internet Connections 122
Working with Ports and Sockets 123
The Principles of E-Mail 124
Working with the Web 124
Working with the File Transfer Protocol 129
Understanding SNMP and Other TCP/IP Protocols 130
The Basics of Cabling, Wires, and Communications 132
Coax 132
Unshielded Twisted Pair and Shielded Twisted Pair 135
Fiber Optic 137
Infrared 138
Radio Frequencies 138
Microwave Systems 139
Employing Removable Media 140
Tape 141
CD-R 142
Hard Drives 142
Diskettes 142
Flash Cards 143
Smart Cards 143
Summary 144
Exam Essentials 145
Review Questions 147
Answers to Review Questions 151
Chapter 4 Monitoring Communications Activity 153
Monitoring the Network 155
Recognizing the Different Types of Network Traffic 156
Monitoring Network Systems 161
Understanding Intrusion Detection Systems 162
Working with a Network-Based IDS 165
Working with a Host-Based IDS 170
Utilizing Honey Pots 171
Understanding Incident Response 172
Working with Wireless Systems 177
Wireless Transport Layer Security 177
IEEE 802.11x Wireless Protocols 178
WEP/WAP 179
Wireless Vulnerabilities to Know 180
Understanding Instant Messaging’s Features 180
IM Vulnerabilities 181
Controlling Privacy 181
Working with 8.3 File Naming 182
Understanding Packet Sniffing 183
Understanding Signal Analysis and Intelligence 184
Footprinting 184
Scanning 185
Summary 185
Exam Essentials 186
Review Questions 188
Answers to Review Questions 192
Chapter 5 Implementing and Maintaining a Secure Network 195
Overview of Network Security Threats 197
Defining Security Baselines 199
Hardening the OS and NOS 201
Configuring Network Protocols 201
Microsoft Windows 9x 204
Hardening Microsoft Windows NT 4 204
Hardening Microsoft Windows 2000 205
Hardening Microsoft Windows XP 207
Hardening Windows Server 2003 208
Hardening Unix/Linux 208
Hardening Novell NetWare 209
Hardening Apple Macintosh 211
Hardening Filesystems 211
Updating Your Operating System 213
Hardening Network Devices 215
Updating Network Devices 215
Configuring Routers and Firewalls 216
Hardening Applications 217
Hardening Web Servers 217
Hardening E-Mail Servers 218
Hardening FTP Servers 218
Hardening DNS Servers 219
Hardening NNTP Servers 220
Hardening File and Print Servers and Services 221
Hardening DHCP Services 222
Working with Data Repositories 222
Summary 226
Exam Essentials 228
Review Questions 229
Answers to Review Questions 233
Chapter 6 Securing the Network and Environment 235
Understanding Physical and Network Security 236
Implementing Access Control 236
Understanding Social Engineering 243
Scanning the Environment 245
Understanding Business Continuity Planning 253
Undertaking Business Impact Analysis 254
Assessing Risk 255
Developing Policies, Standards, and Guidelines 257
Implementing Policies 257
Incorporating Standards 258
Following Guidelines 259
Working with Security Standards and ISO 17799 260
Classifying Information 261
Public Information 262
Private Information 263
Roles in the Security Process 265
Information Access Controls 266
Summary 270
Exam Essentials 272
Review Questions 274
Answers to Review Questions 278
Chapter 7 Cryptography Basics and Methods 281
An Overview of Cryptography 282
Understanding Physical Cryptography 283
Understanding Mathematical Cryptography 285
Understanding Quantum Cryptography 287
Uncovering the Myth of Unbreakable Codes 289
Understanding Cryptographic Algorithms 291
The Science of Hashing 291
Working with Symmetric Algorithms 292
Working with Asymmetric Algorithms 294
Using Cryptographic Systems 295
Confidentiality 295
Integrity 296
Authentication 297
Non-Repudiation 299
Access Control 299
Using Public Key Infrastructure 300
Using a Certificate Authority 301
Working with Registration Authorities and
Local Registration Authorities 302
Implementing Certificates 304
Understanding Certificate Revocation 305
Implementing Trust Models 306
Preparing for Cryptographic Attacks 311
Summary 312
Exam Essentials 313
Review Questions 315
Answers to Review Questions 319
Chapter 8 Cryptography Standards 321
Understanding Cryptography Standards and Protocols 322
The Origins of Encryption Standards 323
PKIX/PKCS 326
X.509 327
SSL and TLS 328
CMP 330
S/MIME 330
SET 330
SSH 331
PGP 332
HTTPS 333
S-HTTP 334
IPSec 334
FIPS 335
Common Criteria 335
WTLS 335
WEP 335
ISO 17799 335
Understanding Key Management and the Key Life Cycle 336
Comparing Centralized and Decentralized Key Generation 337
Storing and Distributing Keys 339
Using Key Escrow 341
Key Expiration 341
Revoking Keys 341
Suspending Keys 342
Recovering and Archiving Keys 342
Renewing Keys 344
Destroying Keys 344
Summary 345
Exam Essentials 347
Review Questions 349
Answers to Review Questions 353
Chapter 9 Security Policies and Procedures 355
Understanding Business Continuity 357
Utilities 357
High Availability 359
Disaster Recovery 363
Reinforcing Vendor Support 376
Service Level Agreements (SLAs) 376
Code Escrow 378
Generating Policies and Procedures 379
Human Resource Policies 379
Business Policies 382
Certificate Policies 384
Incident Response Policies 385
Enforcing Privilege Management 386
User and Group Role Management 386
Privilege Escalation 388
Single Sign-On 388
Privilege Decision Making 389
Auditing 390
Access Control 392
Summary 393
Exam Essentials 394
Review Questions 396
Answers to Review Questions 400
Chapter 10 Security Management 403
Understanding Computer Forensics 404
Methodology of a Forensic Investigation 405
Enforcing the Chain of Custody 406
Preserving Evidence 408
Collecting Evidence 408
Understanding Security Management 409
Drafting Best Practices and Documentation 410
Understanding Security Awareness and Education 416
Using Communication and Awareness 416
Providing Education 417
Staying on Top of Security 419
Websites 421
Trade Publications 422
Regulating Privacy and Security 423
Health Insurance Portability and Accountability Act 423
Gramm-Leach Bliley Act of 1999 424
Computer Fraud and Abuse Act 424
Family Educational Rights and Privacy Act 425
Computer Security Act of 1987 425
Cyberspace Electronic Security Act 425
Cyber Security Enhancement Act 426
Patriot Act 426
Familiarizing Yourself with International Efforts 426
Summary 427
Exam Essentials 428
Review Questions 430
Answers to Review Questions 434
Glossary 437
Index 477
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
