| About This Book | xv |
| Intended Audience | xv |
| Prerequisites | xv |
| Reference Materials | xvi |
| Features of This Book | xvi |
| Chapter and Appendix Overview | xix |
| Finding the Best Starting Point for You | xx |
| Getting Started | xxix |
| The Security+ Certification Program | xxxi |
| Technical Support | xxxvii |
| CHAPTER 1 General Networking and Security Concepts | 1 |
| About This Chapter | 1 |
| Before You Begin | 2 |
| Lesson 1: The Big Picture | 3 |
| What's at Stake | 4 |
| Valuing Your Assets | 4 |
| Understanding the Goal of Security | 5 |
| Managing Risk | 6 |
| Putting It All Together | 8 |
| Exercise: Creating a Risk Management Plan | 9 |
| Lesson Review | 10 |
| Lesson Summary | 11 |
| Lesson 2: Identifying Threats | 13 |
| Sources of Threat | 13 |
| Attacks | 16 |
| Malicious Code | 16 |
| Who Is Attacking? | 17 |
| Social Engineering | 18 |
| Lesson Review | 18 |
| Lesson Summary | 19 |
| Lesson 3: Intrusion Points | 20 |
| Network Infrastructure | 20 |
| Applications Used on the Internet | 21 |
| Communications Protocols | 21 |
| Lesson Review | 22 |
| Lesson Summary | 23 |
| Lesson 4: Defending Against Threats | 24 |
| Building a Defense | 24 |
| Securing the Network Infrastructure | 25 |
| User Authentication | 26 |
| Enabling Auditing | 27 |
| Lesson Review | 28 |
| Lesson Summary | 29 |
| Lesson 5: Organizational and Operational Security | 30 |
| Preserving Data | 30 |
| Chain of Custody | 30 |
| Human Resource Concerns and Privacy Issues | 31 |
| Lesson Review | 32 |
| Lesson Summary | 32 |
| CHAPTER 2 TCP/IP Basics | 33 |
| About This Chapter | 33 |
| Before You Begin | 33 |
| Lesson 1: Basic TCP/IP Principles | 34 |
| What Is TCP/IP? | 35 |
| Reviewing the Four-Layer DARPA Model | 37 |
| Reviewing the TCP/IP Communications Flow | 39 |
| Understanding Network Interface Frames | 41 |
| Understanding IP Datagrams | 43 |
| Understanding Fragmentation | 49 |
| Understanding Transport Layer Communications | 50 |
| Exercise 1: Following a Packet from Source to Destination | 53 |
| Exercise 2: Identifying Information Captured Using Network Monitor | 54 |
| Lesson Review | 55 |
| Lesson Summary | 57 |
| Lesson 2: TCP/IP Layers and Vulnerabilities | 58 |
| Identifying Possible Network Interface Layer Attacks | 58 |
| Identifying Possible Internet Layer Attacks | 59 |
| Identifying Possible Transport Layer Attacks | 59 |
| Identifying Possible Application Layer Attacks | 60 |
| Lesson Review | 61 |
| Lesson Summary | 61 |
| CHAPTER 3 Certificate Basics | 63 |
| About This Chapter | 63 |
| Before You Begin | 63 |
| Lesson 1: Understanding Cryptography | 64 |
| Understanding Cryptography and Keys | 64 |
| Standards and Protocols | 70 |
| Lesson Review | 71 |
| Lesson Summary | 72 |
| Lesson 2: Using Cryptography | 73 |
| Confidentiality | 73 |
| Integrity | 74 |
| Identification and Authentication | 75 |
| Providing Nonrepudiation | 76 |
| Lesson Review | 76 |
| Lesson Summary | 78 |
| Lesson 3: Identifying the Components of a Public Key Infrastructure | 79 |
| Components of a PKI | 79 |
| Lesson Review | 84 |
| Lesson Summary | 85 |
| Lesson 4: Understanding CA Trust Models | 86 |
| Trust Models | 86 |
| Mesh Architecture | 86 |
| Hierarchical Architecture | 88 |
| Bridge CA Architecture | 90 |
| Lesson Review | 92 |
| Lesson Summary | 93 |
| Lesson 5: Understanding Certificate Life Cycle and Key Management | 94 |
| Key Life Cycle | 94 |
| Key Management | 96 |
| Lesson Review | 98 |
| Lesson Summary | 98 |
| CHAPTER 4 Network Infrastructure Security | 99 |
| About This Chapter | 99 |
| Before You Begin | 99 |
| Lesson 1: Understanding Network Infrastructure Security | 100 |
| Infrastructure Security Overview | 100 |
| Securing Physical Equipment | 101 |
| Securing Equipment Configuration | 102 |
| Lesson Review | 103 |
| Lesson Summary | 103 |
| Lesson 2: Securing Network Cabling | 104 |
| Coaxial Cable | 104 |
| Twisted-Pair Cables | 105 |
| Fiber Optic Cable | 106 |
| Exercise: Identifying Cable Vulnerabilities | 107 |
| Lesson Review | 107 |
| Lesson Summary | 108 |
| Lesson 3: Securing Connectivity Devices | 109 |
| Hubs | 109 |
| Switches and Bridges | 110 |
| Routers | 112 |
| Firewalls | 114 |
| Remote Access | 118 |
| Telecommunications Hacking | 121 |
| Modems | 123 |
| Wireless | 124 |
| Exercise: Identifying Network Infrastructure Exploits | 125 |
| Lesson Review | 125 |
| Lesson Summary | 126 |
| Lesson 4: Exploring Secure Topologies | 127 |
| Security Zones | 127 |
| Implementing NAT | 134 |
| Using VLANs | 136 |
| Exercise: Selecting Infrastructure Security Measures | 137 |
| Lesson Review | 137 |
| Lesson Summary | 138 |
| Lesson 5: Securing and Monitoring Network Resources | 139 |
| Securing and Monitoring Workstations | 139 |
| Protecting Mobile Devices | 140 |
| Securing and Monitoring Servers | 141 |
| Monitoring Connectivity Devices | 141 |
| Implementing Intrusion Detection | 142 |
| Using Honeypots and Honeynets | 142 |
| Exercise: Identifying Security Devices | 144 |
| Lesson Review | 144 |
| Lesson Summary | 145 |
| CHAPTER 5 Communications Security | 147 |
| About This Chapter | 147 |
| Before You Begin | 147 |
| Lesson 1: Understanding Remote Access Connectivity | 148 |
| Remote Connections | 148 |
| Remote Connection Mediums | 149 |
| Exercise: Configuring a Remote Access Connection | 153 |
| Lesson Review | 154 |
| Lesson Summary | 155 |
| Lesson 2: Providing Secure Remote Access | 156 |
| Remote Connection Requirements | 156 |
| Centralized Authentication | 158 |
| Virtual Private Networks | 163 |
| Secure Shell Protocol | 169 |
| Exercise: Configuring the Authentication Method for a Dial-Up Connection | 170 |
| Lesson Review | 171 |
| Lesson Summary | 173 |
| Lesson 3: Understanding Wireless Standards and Protocols | 174 |
| How Wireless Networking Works | 175 |
| Wireless Application Protocol | 177 |
| Wired Equivalent Privacy | 178 |
| Security in the WLAN | 181 |
| Understanding 802.1x | 182 |
| Exercise 1: Identifying Maximum Wireless Speeds | 184 |
| Exercise 2: Identifying Key Wireless Access Terms | 185 |
| Lesson Review | 185 |
| Lesson Summary | 186 |
| CHAPTER 6 Application Security | 187 |
| About This Chapter | 187 |
| Before You Begin | 187 |
| Lesson 1: E-Mail Security | 188 |
| Secure Electronic Messaging | 188 |
| E-Mail Vulnerabilities | 191 |
| Exercise 1: Downloading and Installing PGP Freeware | 196 |
| Exercise 2: Creating PGP Keys | 198 |
| Lesson Review | 199 |
| Lesson Summary | 200 |
| Lesson 2: Web Security | 201 |
| SSL/TLS | 201 |
| HTTPS | 203 |
| Buffer Overflows | 204 |
| Active Content | 205 |
| Cookies | 209 |
| CGI | 210 |
| Instant Messaging | 212 |
| Exercise 1: Application Security Solutions | 214 |
| Lesson Review | 214 |
| Lesson Summary | 215 |
| Lesson 3: File Transfer | 216 |
| FTP Client Security Issues | 216 |
| Secure FTP | 217 |
| Kerberized FTP | 217 |
| File Sharing | 218 |
| Lesson Review | 220 |
| Lesson Summary | 221 |
| CHAPTER 7 User Security | 223 |
| About This Chapter | 223 |
| Before You Begin | 223 |
| Lesson 1: Understanding Authentication | 224 |
| User Name and Password Authentication | 224 |
| Kerberos Authentication | 226 |
| Remote Authentication with CHAP | 232 |
| Tokens | 232 |
| Biometrics | 233 |
| Combining Authentication Methods | 235 |
| Exercise 1: Following a Cross-Realm Authentication | 237 |
| Exercise 2: Reviewing Kerberos Terminology | 237 |
| Lesson Review | 238 |
| Lesson Summary | 239 |
| Lesson 2: Understanding Access Control Models | 240 |
| DAC | 241 |
| MAC | 242 |
| RBAC | 242 |
| Exercise: Identifying Authentication Methods | 243 |
| Lesson Review | 243 |
| Lesson Summary | 244 |
| CHAPTER 8 Security Baselines | 245 |
| About This Chapter | 245 |
| Before You Begin | 245 |
| Lesson 1: Network Device and Operating System Hardening | 246 |
| Network Device Updates | 247 |
| Operating System and Application Updates | 249 |
| Securing Networking Components | 250 |
| File System Security | 257 |
| Operating System Hardening | 258 |
| Exercise: Using MD5 | 260 |
| Lesson Review | 260 |
| Lesson Summary | 261 |
| Lesson 2: Server Application Hardening | 262 |
| Web Servers | 263 |
| FTP Servers | 266 |
| E-Mail Servers | 267 |
| DNS Servers | 268 |
| File and Print Servers | 270 |
| DHCP Servers | 271 |
| NNTP Servers | 272 |
| Data Repositories | 273 |
| Exercise: Port Matching | 275 |
| Lesson Review | 275 |
| Lesson Summary | 276 |
| CHAPTER 9 Operational Security | 279 |
| About This Chapter | 279 |
| Before You Begin | 279 |
| Lesson 1: Physical Security | 280 |
| Access Control | 280 |
| Social Engineering | 284 |
| Environment | 285 |
| Disaster Recovery | 287 |
| Lesson Review | 290 |
| Lesson Summary | 291 |
| Lesson 2: Privilege Management | 292 |
| Understanding User, Group, and Role Management | 292 |
| Centralized and Decentralized Management | 294 |
| Auditing | 295 |
| Lesson Review | 296 |
| Lesson Summary | 297 |
| Lesson 3: Removable Media | 298 |
| Magnetic Tape | 298 |
| Writable CD-ROMs | 300 |
| Hard Disks | 302 |
| Floppy Disks | 304 |
| Flashcards | 304 |
| Smart Cards | 305 |
| Exercise: Identifying Removable Storage Media Types | 305 |
| Lesson Review | 306 |
| Lesson Summary | 307 |
| Lesson 4: Protecting Business Continuity | 308 |
| Creating a Business Continuity Plan | 309 |
| Implementing Business Continuity Preparations | 310 |
| Lesson Review | 311 |
| Lesson Summary | 312 |
| CHAPTER 10 Organizational Security | 313 |
| About This Chapter | 313 |
| Before You Begin | 313 |
| Lesson 1: Documentation | 314 |
| Standards, Guidelines, and the Common Criteria | 314 |
| Policies and Procedures | 315 |
| Service Level Agreement | 320 |
| Human Resources Policy | 321 |
| Due Care | 322 |
| Separation of Duties | 323 |
| Need to Know | 323 |
| Systems Architecture Documentation | 323 |
| Change and Configuration Management Policy | 324 |
| Logs | 324 |
| Inventories | 324 |
| Classification Policy | 324 |
| Exercise: Policy Purposes | 327 |
| Lesson Review | 327 |
| Lesson Summary | 328 |
| Lesson 2: Risk Assessment | 329 |
| Calculating Risk | 329 |
| Asset Identification and Valuation | 330 |
| Threat Assessment | 331 |
| Impact Assessment | 332 |
| Vulnerability Assessment | 333 |
| Exercise 1: Checking Security Statistics | 334 |
| Exercise 2: Calculating Risk Discussion | 334 |
| Lesson Review | 335 |
| Lesson Summary | 336 |
| Lesson 3: Security Education | 337 |
| Communication | 337 |
| User Awareness | 338 |
| Training | 338 |
| Education | 339 |
| Online Resources | 339 |
| Exercise: Stages and Delivery Types | 340 |
| Lesson Review | 341 |
| Lesson Summary | 341 |
| CHAPTER 11 Incident Detection and Response | 343 |
| About This Chapter | 343 |
| Before You Begin | 343 |
| Lesson 1: Attacks and Malicious Code | 344 |
| Scanning | 344 |
| DoS/DDoS | 352 |
| Spoofing | 352 |
| Source Routing | 355 |
| Man-in-the-Middle | 356 |
| Back Door | 356 |
| Password Guessing | 357 |
| Replay Attack | 359 |
| Encryption Breaking | 360 |
| Hijacking | 361 |
| Software Exploitation | 361 |
| Social Engineering | 361 |
| Malicious Code | 363 |
| Exercise: Attacks and Scans | 364 |
| Lesson Review | 365 |
| Lesson Summary | 366 |
| Lesson 2: Intrusion Detection Systems | 367 |
| Network-Based IDS | 368 |
| Host-Based IDS | 370 |
| Detection Methods | 373 |
| Response Types | 374 |
| Exercise: IDS Staged Deployment Steps | 378 |
| Lesson Review | 378 |
| Lesson Summary | 379 |
| Lesson 3: Incident Response | 380 |
| CSIRT | 380 |
| Incident Response Basics | 381 |
| Forensics | 381 |
| Legal Action | 384 |
| Exercise: Incident Response Priority | 385 |
| Lesson Review | 385 |
| Lesson Summary | 386 |
| APPENDIX A Questions and Answers | 387 |
| APPENDIX B Ports and Protocol IDs | 425 |
| GLOSSARY | 429 |
| INDEX | 447 |
