O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

GSEC GIAC Security Essentials Certification All-in-One Exam Guide, Second Edition, 2nd Edition

Book Description

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.



Fully updated coverage of every topic on the current version of the GSEC exam



Get complete coverage of all the objectives on Global Information Assurance Certification’s Security Essentials (GSEC) exam inside this comprehensive resource. GSEC GIAC Security Essentials Certification All-in-One Exam Guide, Second Edition provides learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the exam with ease, this authoritative resource also serves as an essential on-the-job reference.

Covers all exam topics, including:
•Networking fundamentals
•Network design
•Cloud computing
•Authentication and access control
•Unix/Linux
•Windows
•Encryption
•Risk management
•Virtual machines
•Vulnerability control
•Malware
•Incident response
•Wireless technologies
•Log Management
•IoT and embedded devices

Online content features:
•Two practice exams
•Test engine that provides full-length practice exams and customizable quizzes
•Author videos




Table of Contents

  1. Cover
  2. About the Author
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Contents at a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. Exam Objective Map: GSEC Exam
  11. Chapter 1 Information Security and the GIAC Security Essentials Certification
    1. The Evolution and Importance of Security
    2. Types of Security Threats
      1. Social Engineering
      2. Malware
      3. Identity Theft
      4. Mobile Device Threats
      5. Denial of Service
      6. Insider Threats
    3. About SANS
    4. About the GSEC Certification
      1. Accreditations
      2. Who the Exam Is For
      3. About the Exam
      4. The Purpose of This Book
      5. Test Tips
  12. Chapter 2 Networking Fundamentals
    1. History of TCP/IP
    2. Networking Stacks
      1. The OSI Model
      2. TCP/IP Architecture
    3. Protocols
    4. Internet Protocol
      1. IP Version 4 Headers
      2. Addressing
      3. Fragmentation
      4. Internet Protocol Version 6
    5. Internet Control Message Protocol (ICMP)
    6. Transmission Control Protocol (TCP)
      1. Reliable Delivery
      2. The Mitnick–Shimomura Attack
      3. User Datagram Protocol (UDP)
      4. Domain Name System (DNS)
      5. Chapter Review
      6. Questions
      7. Answers
      8. Exercise Answers
  13. Chapter 3 Network Design
    1. Cable Types
      1. Coaxial Cable
      2. Twisted Pair
      3. Fiber Optics
    2. Network Topologies
      1. Bus Topology
      2. Star Topology
      3. Mesh Topology
      4. Full Mesh Topology
      5. Ring Topology
    3. Switching
      1. Ethernet
      2. Asynchronous Transfer Mode (ATM)
      3. Hubs, Bridges, and Switches
    4. Routing
      1. Distance Vector Routing
      2. Link-State Routing
    5. Network Security Technologies
      1. Routers
      2. Firewalls
      3. Intrusion Detection Systems
    6. Chapter Review
    7. Questions
    8. Answers
    9. Exercise 3-1 Answer
  14. Chapter 4 Authentication and Access Control
    1. Authentication
      1. Credentials
      2. Token-Based Authentication
      3. Biometrics
      4. RADIUS
      5. TACACS/TACACS+
      6. Web-Based Authentication
      7. Multifactor Authentication
    2. Authorization
      1. Principle of Least Privilege
    3. Accounting
    4. Access Control
      1. Discretionary Access Control
      2. Mandatory Access Control
      3. Role-Based Access Control
      4. Attribute-Based Access Control
      5. Single Sign-On
    5. Chapter Review
    6. Questions
    7. Answers
    8. Exercise 4-1 Answer
  15. Chapter 5 Cloud Computing
    1. Cloud Computing Services
      1. Storage as a Service
      2. Software as a Service (SaaS)
      3. Infrastructure as a Service (IaaS)
      4. Platform as a Service (PaaS)
      5. Security Considerations
    2. Application Design
      1. Secure Software Development Lifecycle (S-SDLC)
      2. Agile Methodology
    3. Deployment Considerations
    4. Private Clouds
    5. Chapter Review
    6. Questions
    7. Answers
  16. Chapter 6 Unix/Linux
    1. Unix History
      1. GNU
    2. The Kernel
    3. Filesystem Layout
    4. Using Linux
      1. General Utilities
      2. File Management
      3. Process Management
      4. Networking
    5. Software Management
      1. Debian
      2. Red Hat Enterprise Linux/CentOS
      3. Slackware
    6. Boot Process
    7. Process Management
      1. Processes and Threads
      2. Process Tools
      3. Signals
    8. System Management
      1. Backups
      2. Patch Management
      3. Job Scheduling
    9. User Management
    10. Configuration
    11. Logging and Log Management
      1. Monitoring
      2. Auditing
    12. Security Tools
      1. SELinux
      2. Tripwire
      3. iptables
      4. firewalld
      5. AppArmor
    13. Hardening Linux
      1. Limiting the Number of Packages
      2. Removing Unnecessary Services
      3. Ensuring Permissions Are Set Appropriately
    14. Chapter Review
    15. Questions
    16. Answers
    17. Exercise Answers
  17. Chapter 7 Windows
    1. Windows History
      1. Windows 3.x and Windows NT 3.x
      2. Windows 9x, NT 4.0, and Windows 2000
      3. Windows XP Through Windows 10
      4. Windows 10 and Windows Server
    2. Windows Networking
      1. Basic Configuration
      2. Networking Utilities
      3. Securing Windows Networking
    3. Resource Management
      1. Windows Workgroups vs. Windows Domains
      2. Active Directory
      3. Users and Groups
      4. Resource Sharing
      5. Policies and Policy Management
    4. Windows Management
      1. Automation
      2. Configuration
      3. Auditing
      4. User Rights
      5. Permissions
      6. Registry
      7. PowerShell
    5. Windows Security
      1. EFS and BitLocker
      2. Updates and Hotfixes
      3. Service Packs
      4. Backups
      5. Security Templates
      6. Securing Windows Services
    6. Securing Windows Services
      1. IIS
      2. SQL Server
      3. Terminal Services
    7. Windows as a Service
    8. Chapter Review
    9. Questions
    10. Answers
    11. Exercise Answers
  18. Chapter 8 Encryption
    1. Foundations
      1. Security Principles
      2. Diffie-Hellman
      3. RSA
      4. Digest Algorithms
      5. Cryptographic Attacks
    2. X.509 Certificates
    3. Public Key Infrastructure
      1. S/MIME
    4. Pretty Good Privacy
    5. Symmetric Encryption
      1. DES and Triple DES
      2. AES
    6. Asymmetric Encryption
    7. SSL and TLS
    8. Virtual Private Networks
      1. IPSec
    9. Steganography
    10. Kerberos
    11. Chapter Review
    12. Questions
    13. Answers
    14. Exercise Answers
  19. Chapter 9 Risk Management
    1. Regulatory and Compliance
    2. Risk Management
      1. Cost-Benefit Analysis
      2. Quantitative Risk Assessment
      3. Qualitative Risk Assessment
      4. Risk Management Strategies
    3. Security Policies
    4. Data at Rest
    5. Contingency Plans
      1. Disaster Recovery
    6. Incident Handling
      1. The Legal Impact of Incidents
    7. Information Warfare
    8. OPSEC
    9. Chapter Review
    10. Questions
    11. Answers
    12. Exercise 9-1 Answer
  20. Chapter 10 Virtual Machines
    1. Virtual Machine History
      1. Emulation and the PC Era
      2. Application Virtualization
    2. Virtual Memory
      1. Paging Algorithms
      2. Security Implications
    3. Reasons for Virtualizing
    4. Hypervisors
    5. Virtual Resources
      1. Break Outs
      2. Malware and Virtualized Resources
    6. Containers
      1. Security Implications of Containers
    7. Other Virtual Machines
    8. Chapter Review
    9. Questions
    10. Answers
    11. Exercise 10-1 Answer
  21. Chapter 11 Vulnerability Control
    1. Network Mapping/Scanning
      1. Different Types of Mapping
      2. Nmap
      3. Application Mapping
    2. Vulnerability Scanning
    3. Vulnerability Management
    4. Vulnerability Exploitation
    5. Web Application Security
      1. Common Web Vulnerabilities
      2. SSL/TLS
      3. Cookies
      4. CGI
      5. AJAX
      6. Web Vulnerability Scanning
      7. Web Application Firewalls
    6. Chapter Review
    7. Questions
    8. Answers
    9. Exercise 11-1 Answer
  22. Chapter 12 Malware
    1. Types of Malware
      1. Virus
      2. Worm
      3. Trojan Horse
      4. Ransomware
      5. Rootkit
      6. Botnet Client
      7. Spyware/Adware
      8. Droppers
    2. Anti-Virus
    3. Anti-Virus Evasion
      1. Packing
      2. Encryption
      3. Code Modifications
      4. Domain Generation
    4. Infection Vectors
      1. “Sneaker Net”
      2. E-mail
      3. Network
      4. Drive-by Attacks
      5. Boot Sector/MBR
      6. Virus Infections
      7. Persistence
    5. Malware Analysis
      1. Static Analysis
      2. Dynamic Analysis
    6. Malware Policies
    7. Chapter Review
    8. Questions
    9. Answers
    10. Exercise 12-1 Answer
  23. Chapter 13 Incident Response
    1. Mapping the Attack
    2. Preparation
      1. Intelligence
      2. Policy and Plans
      3. Computer Security Incident Response Team
    3. Managing the Response
      1. Forensic Teams
      2. Collecting Data
      3. Evidence Handling
    4. Communications
    5. Legal Implications
    6. Chapter Review
    7. Questions
    8. Answers
  24. Chapter 14 Wireless Technologies
    1. Radio Transmission
      1. Frequency and Spectrum
      2. Modulation and Carrier Waves
      3. Antennas and Transmissions
      4. Receiver
      5. Frequency Hopping
    2. 802.11
      1. Encryption
      2. Wi-Fi Attacks
      3. Cracking and Analysis Utilities
      4. MiFi
    3. WiMAX
    4. Bluetooth
      1. Encryption
      2. Bluetooth Attacks
    5. RFID
      1. Near Field Communication
    6. Zigbee
    7. Chapter Review
    8. Questions
    9. Answers
    10. Exercise 14-1 Answer
  25. Chapter 15 Log Management
    1. Log Types
      1. Syslog
      2. Windows Event Logs
      3. Network Device Logs
      4. Network Infrastructure Logs
      5. Application Logs
    2. Security Information and Event Manager
    3. Chapter Review
    4. Questions
    5. Answers
  26. Chapter 16 Internet of Things (IoT) and Embedded Devices
    1. The Internet of Things
      1. IoT Device Types
      2. Finding the “Things”
      3. Managing the Things
      4. Protocols
    2. Industrial Control Systems
    3. Chapter Review
    4. Questions
    5. Answers
  27. Appendix  About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
      1. Privacy Notice
    3. Single User License Terms and Conditions
    4. TotalTester Online
    5. Video Training from the Author
    6. Technical Support
  28. Permissions
  29. Index