O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Mike Meyers' CompTIA Security+ Certification Guide, Second Edition (Exam SY0-501), 2nd Edition

Book Description

A fully updated CompTIA Security+ exam guide from training and exam preparation expert Mike Meyers

Take the CompTIA Security+ exam (exam SY0-501) with confidence using the comprehensive information contained in this highly effective study resource. Like the exam, the guide goes beyond knowledge application and is designed to ensure that security personnel anticipate security risks and guard against them.

In Mike Meyers’ CompTIA Security+ Certification Guide, Second Edition (Exam SY0-501), the bestselling author and leading authority on CompTIA A+ certification brings his proven methodology to IT security. Mike covers all exam objectives in small, digestible modules that allow you to focus on individual skills as you move through a broad and complex set of skills and concepts. The book features hundreds of accurate practice questions as well as a toolbox of the author’s favorite network security related freeware/shareware.

• Provides complete coverage of every objective on exam SY0-501
• Electronic content includes 20+ lab simulations, video training, and hundreds of practice exam questions
• Written by computer security and certification guru Mike Meyers


Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About the Authors
  6. Contents at a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. Chapter 1 Risk Management
    1. Module 1-1: Defining Risk
      1. Asset
      2. Probability
      3. Threat Actor
      4. Vulnerability and Threat
      5. Circling Back to the Risk Definition
      6. The Risk “Formula”
      7. Risk and Threat Mitigation
    2. Module 1-2: Risk Management Concepts
      1. Infrastructure
      2. Security Controls
      3. Risk Management Framework
      4. Industry-Standard Frameworks and Reference Architectures
    3. Module 1-3: Security Controls
      1. Phase Controls
      2. Control Types
      3. Security Control Strategies
    4. Module 1-4: Risk Assessment
      1. Concepts of Risk Assessment
      2. Quantitative Assessment
      3. Qualitative Assessment
      4. Putting It All Together: Determining Risk
      5. Risk Response
    5. Module 1-5: Business Impact Analysis
      1. BIA Basics
      2. Types of Impact
      3. Locating Critical Resources
      4. Calculating Impact
      5. Calculating Downtime
    6. Module 1-6: Data Security and Privacy Policies
      1. Organizing Data
      2. Legal and Compliance
      3. Data Destruction
    7. Module 1-7: Personnel Risks
      1. Hiring
      2. Onboarding
      3. Personnel Management Policies
      4. Training
      5. Policies
      6. User Habits
      7. Offboarding
    8. Module 1-8: Third-Party Risk
      1. What’s the Risk?
      2. Agreement Types
    9. Questions
    10. Answers
  11. Chapter 2 Cryptography
    1. Module 2-1: Cryptography Basics
      1. Essential Building Blocks
      2. Early Cryptography
      3. Cryptography Components
    2. Module 2-2: Cryptographic Methods
      1. Symmetric Cryptography
      2. Asymmetric Cryptography
      3. Hashing
      4. Hybrid Cryptography
      5. The Perfect Cryptosystem
    3. Module 2-3: Symmetric Cryptosystems
      1. DES
      2. 3DES
      3. AES
      4. Blowfish
      5. Twofish
      6. RC4
      7. Summary of Symmetric Algorithm Characteristics
    4. Module 2-4: Asymmetric Cryptosystems
      1. RSA
      2. Diffie-Hellman
      3. PGP/GPG
      4. ECC
      5. ElGamal
    5. Module 2-5: Hashing Algorithms
      1. Hashing Process
      2. MD5
      3. SHA
      4. RIPEMD
      5. HMAC
    6. Module 2-6: Digital Signatures and Certificates
      1. Digital Signatures
      2. Digital Certificates
    7. Module 2-7: Public Key Infrastructure
      1. Keys, Algorithms, and Standards
      2. PKI Services
      3. Digital Certificates and PKI Structure
      4. PKI Considerations
      5. Trust Models
    8. Module 2-8: Cryptographic Attacks
      1. Attack Strategies
      2. Attackable Data
      3. Attack Scenarios
      4. Defending Password Storage
      5. Other Attack Options
    9. Questions
    10. Answers
  12. Chapter 3 Identity and Access Management
    1. Module 3-1: Understanding Authentication
      1. Identification and AAA
      2. Identification and Authentication
      3. Authorization
      4. Accounting
      5. Trust
    2. Module 3-2: Access Management Controls
      1. Access Control Models
      2. Access Control Mechanisms
    3. Module 3-3: Account Management
      1. User Accounts
      2. Account Types
      3. Mingling Accounts
      4. Managing Permissions and Rights with User Accounts
      5. Account Administration
      6. Account Policies
    4. Module 3-4: Point-to-Point Authentication
      1. PAP
      2. CHAP/MS-CHAP
      3. Remote Access Connection and Authentication Services
    5. Module 3-5: Network Authentication
      1. The Challenge of LAN Access Management
      2. Microsoft Networking
      3. LDAP and Secure LDAP
    6. Module 3-6: Identity Management Systems
      1. Trust
      2. Shared Authentication Schemes
    7. Questions
    8. Answers
  13. Chapter 4 Tools of the Trade
    1. Module 4-1: Operating System Utilities
      1. ping
      2. ipconfig
      3. ifconfig
      4. ip
      5. arp
      6. netstat
      7. netcat
      8. tracert
      9. Going Graphical
      10. About DHCP
      11. DNS Tools
    2. Module 4-2: Network Scanners
      1. Scanning Methods
      2. Scanning Targets
      3. Scanner Types
    3. Module 4-3: Protocol Analyzers
      1. Why Protocol Analyze?
      2. Wireshark
      3. tcpdump
    4. Module 4-4: Monitoring Networks
      1. Log File Management
      2. Log Analysis
      3. Continuous Monitoring
    5. Questions
    6. Answers
  14. Chapter 5 Securing Individual Systems
    1. Module 5-1: Types of System Attacks
      1. Attacking Applications
      2. Attacking the Operating System
      3. Attacking Network Stacks
      4. Attacking Drivers
      5. Denial of Service
    2. Module 5-2: System Resiliency
      1. Non-persistence
      2. Redundancy
    3. Module 5-3: Securing Hardware
      1. Avoiding Interference
      2. Securing the Boot Process
    4. Module 5-4: Securing Operating Systems
      1. Operating System Types
      2. Hardening Operating Systems
      3. Patch Management
    5. Module 5-5: Securing Peripherals
      1. Locating Vulnerabilities
      2. Wireless Peripherals
      3. Embedded Systems
      4. USB Ports
      5. External Storage
      6. Physical Security
    6. Module 5-6: Malware
      1. Virus
      2. Crypto-malware/Ransomware
      3. Worm
      4. Trojan Horse
      5. Rootkit
      6. Keylogger
      7. Adware
      8. Spyware
      9. Bots/Botnet
      10. Logic Bomb
      11. Backdoor
      12. RAT
    7. Module 5-7: Securing Network Access
      1. Anti-malware
      2. Data Execution Prevention
      3. File Integrity Check
      4. Data Loss Prevention
      5. Application Whitelisting
      6. Firewalls
      7. Intrusion Detection
    8. Module 5-8: System Recycling
      1. Clear
      2. Purge
      3. Destroy
    9. Questions
    10. Answers
  15. Chapter 6 The Basic LAN
    1. Module 6-1: Organizing LANs
      1. It All Begins with Topology
      2. Switches
      3. Routers
      4. Network Firewalls
      5. The ’Nets
      6. DMZ
      7. NAT
      8. Wireless
      9. Segregation
      10. VLANs
      11. Load Balancers
      12. NAC
    2. Module 6-2: Securing LANs
      1. Securing the LAN
      2. Internet Connection
      3. Servers
    3. Module 6-3: Virtual Private Networks
      1. How VPNs Work
      2. Early VPNs
      3. IPsec VPNs
      4. TLS VPNs
    4. Module 6-4: Network-Based Intrusion Detection/Prevention
      1. Detection vs. Prevention
      2. Detecting Attacks
      3. Configuring Network IDS/IPS
      4. Monitoring NIDS/NIPS
    5. Questions
    6. Answers
  16. Chapter 7 Beyond the Basic LAN
    1. Module 7-1: Networking with 802.11
      1. Wireless Cryptographic Protocols
      2. Wireless Authentication Protocols
    2. Module 7-2: Attacking 802.11
      1. Wireless Survey/Stumbler
      2. Packet Grabber
      3. Attack Tools
      4. Rogue Access Points
      5. Jamming and Interference
      6. Packet Sniffing
      7. Deauthentication Attack
      8. Near Field Communication
      9. Replay Attacks
      10. WEP/WPA Attacks
      11. WPS Attacks
    3. Module 7-3: Securing 802.11
      1. Designing Wi-Fi
      2. Wireless Configuration
      3. Security Posture Assessment
    4. Module 7-4: Virtualization Security
      1. Virtualization Architecture
      2. Application Cells/Containers
      3. Virtualization Risks
      4. Using Virtualization for Security
    5. Module 7-5: Cloud Security
      1. Cloud Deployment Models
      2. Cloud Architecture Models
      3. Cloud Computing Risks and Virtualization
      4. Appropriate Controls to Ensure Data Security
    6. Module 7-6: Embedded System Security
      1. Embedded Systems
      2. Securing Embedded Systems
    7. Module 7-7: Mobile Devices
      1. Mobile Connections
      2. Mobile Devices in the Business World
    8. Module 7-8: Physical Security
      1. Classifying Controls
      2. Physical Controls
    9. Module 7-9: Environmental Controls
      1. EMI and RFI Shielding
      2. Fire Suppression
      3. HVAC
      4. Temperature and Humidity Controls
      5. Hot and Cold Aisles
      6. Environmental Monitoring
    10. Questions
    11. Answers
  17. Chapter 8 Secure Protocols
    1. Module 8-1: Secure Internet Protocols
      1. DNSSEC
      2. SNMP
      3. SSH
      4. FTP
      5. SRTP
    2. Module 8-2: Secure Web and E-mail
      1. HTTP
      2. HTTPS
      3. E-mail
    3. Module 8-3: Web Application Attacks
      1. Injection Attacks
      2. Hijacking and Related Attacks
      3. Other Web Application Attacks
    4. Module 8-4: Secure Applications
      1. Development
      2. Code Quality and Testing
      3. Staging
      4. Production
      5. Getting Organized
    5. Module 8-5: Certificates in Security
      1. Certificate Concepts and Components
      2. PKI Concepts
      3. Online vs. Offline CA
      4. PKI TLS Scenario
      5. Types of Certificates
      6. Certificate Formats
      7. Key Escrow
    6. Questions
    7. Answers
  18. Chapter 9 Testing Your Infrastructure
    1. Module 9-1: Vulnerability Impact
      1. Device/Hardware Vulnerabilities
      2. Configuration Vulnerabilities
      3. Application Vulnerabilities
      4. Management/Design Vulnerabilities
    2. Module 9-2: Social Engineering
      1. Targets and Goals
      2. Types of Attacks
      3. Social Engineering Principles
    3. Module 9-3: Security Assessment
      1. Assessment Types
      2. Risk Calculations
      3. Assessment Techniques
      4. Tools
      5. Interpreting Security Assessment Tool Results
    4. Questions
    5. Answers
  19. Chapter 10 Dealing with Incidents
    1. Module 10-1: Incident Response
      1. Incident Response Concepts
      2. Incident Response Procedures
    2. Module 10-2: Forensics
      1. Forensic Concepts
      2. Data Volatility
      3. Critical Forensic Practices
      4. Data Acquisition
      5. Analyzing Evidence
    3. Module 10-3: Continuity of Operations and Disaster Recovery
      1. Risk Management Best Practices
      2. Business Continuity Concepts
      3. Business Continuity Planning
      4. Exercises and Testing
      5. Disaster Recovery
    4. Questions
    5. Answers
  20. Appendix A Exam Objectives Map
    1. Exam SY0-501
  21. Appendix B About the Download
    1. System Requirements
    2. Downloading Total Tester Practice Exam Software
      1. Installing and Running Total Tester
      2. Total Tester Practice Exam Software
    3. Accessing the Online Content
      1. Mike Meyers’ CompTIA Security+ Video Training
      2. Mike Meyers’ TotalSims Simulations
      3. Mike Meyer’s Cool Tools
    4. McGraw-Hill Professional Media Center Download
      1. Playing the Mike Meyers Introduction Videos
    5. Technical Support
      1. Total Seminars Technical Support
      2. McGraw-Hill Education Content Support
    6. Glossary
    7. Index