Details

Subject(s)

• Computer networks—Security measures—Examinations [Browse]
• Computer security—Examinations—Study guides [Browse]
• Electronic data processing personnel—Certification—Study guides [Browse]

Series

McGraw-Hill's AccessEngineeringLibrary

Summary note

Fully updated computer security essentials-mapped to the CompTIA Security+ SY0-601 exam Save 10% on any CompTIA exam voucher! Coupon code inside. Learn IT security fundamentals while getting complete coverage of the objectives for the latest release of CompTIA Security+ certification exam SY0-601. This thoroughly revised, full-color textbook covers how to secure hardware, systems, and software. It addresses new threats and cloud environments, and provides additional coverage of governance, risk, compliance, and much more. Written by a team of highly respected security educators, Principles of Computer Security: CompTIA Security+? and Beyond, Sixth Edition (Exam SY0-601) will help you become a CompTIA-certified computer security expert while also preparing you for a successful career. Find out how to: Ensure operational, organizational, and physical security Use cryptography and public key infrastructures (PKIs) Secure remote access, wireless networks, and virtual private networks (VPNs) Authenticate users and lock down mobile devices Harden network devices, operating systems, and applications Prevent network attacks, such as denial of service, spoofing, hijacking, and password guessing Combat viruses, worms, Trojan horses, and rootkits Manage e-mail, instant messaging, and web security Explore secure software development requirements Implement disaster recovery and business continuity measures Handle computer forensics and incident response Understand legal, ethical, and privacy issues Online content features: Test engine that provides full-length practice exams and customized quizzes by chapter or exam objective Each chapter includes: Learning objectives Real-world examples Try This! and Cross Check exercises Tech Tips, Notes, and Warnings Exam Tips End-of-chapter quizzes and lab projects.

Bibliographic references

Includes bibliographical references and index.

Source of description

Description based on print version record.

Language note

In English.

Contents

• Cover
• About the Authors
• Title Page
• Copyright Page
• Acknowledgments
• About this Book
• Contents at a Glance
• Contents
• Foreword
• Preface
• Introduction
• Instructor Website
• Chapter 1 Introduction and Security Trends
• The Computer Security Problem
• Definition of Computer Security
• Historical Security Incidents
• The Current Threat Environment
• Infrastructure Attacks
• Ransomware
• Threats to Security
• Viruses and Worms
• Intruders
• Insiders
• Criminal Organizations
• Nation-States, Terrorists, and Information Warfare
• Brand-Name Attacks
• Attributes of Actors
• Internal/External
• Level of Sophistication
• Resources/Funding
• Intent/Motivation
• Security Trends
• Targets and Attacks
• Specific Target
• Opportunistic Target
• Minimizing Possible Avenues of Attack
• Approaches to Computer Security
• Cybersecurity Kill Chain
• Threat Intelligence
• Open Source Intelligence
• Ethics
• Additional References
• Chapter 1 Review
• Chapter 2 General Security Concepts
• Basic Security Terminology
• Security Basics
• Security Tenets
• Security Approaches
• Security Principles
• Formal Security Models
• Confidentiality Models
• Integrity Models
• Chapter 2 Review
• Chapter 3 Operational and Organizational Security
• Policies, Procedures, Standards, and Guidelines
• Organizational Policies
• Change Management Policy
• Change Control
• Asset Management
• Security Policies
• Data Policies
• Credential Policies
• Password and Account Policies
• Human Resources Policies
• Code of Ethics
• Job Rotation
• Separation of Duties
• Employee Hiring (Onboarding) and Promotions
• Retirement, Separation, or Termination (Offboarding)
• Exit Interviews
• Onboarding/Offboarding Business Partners
• Adverse Actions
• Mandatory Vacations
• Acceptable Use Policy.
• Internet Usage Policy
• E-mail Usage Policy
• Social Media Analysis
• Clean Desk Policy
• Bring-Your-Own-Device (BYOD) Policy
• Privacy Policy
• Due Care and Due Diligence
• Due Process
• Incident Response Policies and Procedures
• Security Awareness and Training
• Diversity of Training Techniques
• Security Policy Training and Procedures
• User Training
• Role-Based Training
• Continuing Education
• Compliance with Laws, Best Practices, and Standards
• User Habits
• Training Metrics and Compliance
• Standard Operating Procedures
• Third-Party Risk Management
• Vendors
• Supply Chain
• Business Partners
• Interoperability Agreements
• Service Level Agreement (SLA)
• Memorandum of Understanding (MOU)
• Measurement Systems Analysis (MSA)
• Business Partnership Agreement (BPA)
• Interconnection Security Agreement (ISA)
• NDA
• End of Service Life (EOSL)
• End of Life (EOL)
• Chapter 3 Review
• Chapter 4 The Role of People in Security
• People-A Security Problem
• Social Engineering
• Tools
• Principles (Reasons for Effectiveness)
• Defenses
• Attacks
• Impersonation
• Phishing
• Smishing
• Vishing
• Spam
• Spam over Internet Messaging (SPIM)
• Spear Phishing
• Whaling
• Pharming
• Dumpster Diving
• Shoulder Surfing
• Tailgating/Piggybacking
• Eliciting Information
• Prepending
• Identity Fraud
• Invoice Scams
• Credential Harvesting
• Reverse Social Engineering
• Reconnaissance
• Hoax
• Watering Hole Attack
• Typo Squatting
• Influence Campaigns
• Poor Security Practices
• Password Selection
• Piggybacking
• Installing Unauthorized Hardware and Software
• Data Handling
• Physical Access by Non-Employees
• Clean Desk Policies
• People as a Security Tool
• Security Awareness
• Chapter 4 Review.
• Chapter 5 Cryptography
• Cryptography in Practice
• Fundamental Methods
• Comparative Strengths and Performance of Algorithms
• Key Length
• Cryptographic Objectives
• Diffusion
• Confusion
• Obfuscation
• Perfect Forward Secrecy
• Security Through Obscurity
• Historical Perspectives
• Algorithms
• Substitution Ciphers
• One-Time Pads
• Key Management
• Random Numbers
• Salting
• Hashing Functions
• Message Digest
• SHA
• RIPEMD
• Hashing Summary
• Symmetric Encryption
• DES
• 3DES
• AES
• CAST
• RC
• Blowfish
• Twofish
• IDEA
• ChaCha20
• Cipher Modes
• Authenticated Encryption with Associated Data (AEAD)
• Block vs. Stream
• Symmetric Encryption Summary
• Asymmetric Encryption
• Diffie-Hellman
• RSA Algorithm
• ElGamal
• ECC
• Asymmetric Encryption Summary
• Symmetric vs. Asymmetric
• Quantum Cryptography
• Post-Quantum
• Lightweight Cryptography
• Homomorphic Encryption
• For More Information
• Chapter 5 Review
• Chapter 6 Applied Cryptography
• Cryptography Use
• Confidentiality
• Integrity
• Authentication
• Nonrepudiation
• Digital Signatures
• Digital Rights Management
• Cryptographic Applications
• Use of Proven Technologies
• Cipher Suites
• Secret Algorithms
• Key Exchange
• Key Escrow
• Session Keys
• Ephemeral Keys
• Key Stretching
• Transport Encryption
• TLS v1.3
• Data in Transit/Motion
• Data at Rest
• Data in Use/Processing
• Implementation vs. Algorithm Selection
• Common Use Cases
• HMAC
• S/MIME
• IETF S/MIME History
• IETF S/MIME v3 Specifications
• PGP
• How PGP Works
• Steganography
• Secure Protocols
• DNSSEC
• SSH
• SRTP
• LDAPS
• FTPS
• SFTP
• SNMPv3
• TLS
• HTTPS
• Secure POP/IMAP
• IPSec
• Secure Protocol Use Cases
• Voice and Video
• Time Synchronization
• E-mail and Web
• File Transfer
• Directory Services.
• Remote Access
• Domain Name Resolution
• Routing and Switching
• Network Address Allocation
• Subscription Services
• Cryptographic Attacks
• Birthday
• Known Plaintext/Ciphertext
• Chosen Cipher Text Attack
• Weak Implementations
• Meet-in-the-Middle Attacks
• Replay
• Downgrade
• Collision
• Password Attacks
• Other Standards
• FIPS
• Common Criteria
• ISO/IEC 27002 (Formerly ISO 17799)
• Chapter 6 Review
• Chapter 7 Public Key Infrastructure
• The Basics of Public Key Infrastructures
• Certificate Authorities
• Registration Authorities
• Local Registration Authorities
• Public Certificate Authorities
• In-house Certificate Authorities
• Choosing Between a Public CA and an In-house CA
• Outsourced Certificate Authorities
• Online vs. Offline CA
• Stapling
• Pinning
• Trust Models
• Certificate Chaining
• Hierarchical Trust Model
• Peer-to-Peer Model
• Hybrid Trust Model
• Walking the Certificate Path
• Digital Certificates
• Certificate Classes
• Certificate Extensions
• Certificate Attributes
• Certificate Formats
• Certificate Lifecycles
• Registration and Generation
• CSR
• Renewal
• Suspension
• Certificate Revocation
• Key Destruction
• Certificate Repositories
• Sharing Key Stores
• Trust and Certificate Verification
• Centralized and Decentralized Infrastructures
• Hardware Security Modules
• Private Key Protection
• Key Recovery
• Certificate-Based Threats
• PKIX and PKCS
• PKIX Standards
• PKCS
• Why You Need to Know the PKIX and PKCS Standards
• Stolen Certificates
• ISAKMP
• CMP
• XKMS
• CEP
• Chapter 7 Review
• Chapter 8 Physical Security
• The Security Problem
• Physical Security Safeguards
• Walls and Guards
• Lights and Signage
• Physical Access Controls and Monitoring
• Electronic Access Control Systems
• Policies and Procedures.
• Environmental Controls
• Hot and Cold Aisles
• Fire Suppression
• Water-Based Fire Suppression Systems
• Halon-Based Fire Suppression Systems
• Clean-Agent Fire Suppression Systems
• Handheld Fire Extinguishers
• Fire Detection Devices
• Electromagnetic Environment
• Power Protection
• UPS
• Backup Power and Cable Shielding
• Generator
• Dual Supply
• Managed Power Distribution Units (PDUs)
• Drones/UAVs
• Chapter 8 Review
• Chapter 9 Network Fundamentals
• Network Architectures
• Network Topology
• Wireless
• Ad Hoc
• Segregation/Segmentation/Isolation
• Physical Separation
• Enclaves
• Logical (VLAN)
• Virtualization
• Airgaps
• Zones and Conduits
• Zero Trust
• Security Zones
• DMZ
• Internet
• East-West Traffic
• Intranet
• Extranet
• Guest
• Honeynets
• Flat Networks
• Network Protocols
• Protocols
• Packets
• Internet Protocol
• IP Packets
• TCP vs. UDP
• ICMP
• IPv4 vs. IPv6
• Expanded Address Space
• Neighbor Discovery
• Benefits of IPv6
• Packet Delivery
• Ethernet
• Local Packet Delivery
• ARP Attacks
• Remote Packet Delivery
• IP Addresses and Subnetting
• Network Address Translation
• Inter-Networking
• MPLS
• Software-Defined Networking (SDN)
• Software-Defined Visibility (SDV)
• Quality of Service (QoS)
• Traffic Engineering
• Route Security
• Chapter 9 Review
• Chapter 10 Infrastructure Security
• Devices
• Workstations
• Servers
• Mobile Devices
• Device Security, Common Concerns
• Network-Attached Storage
• Removable Storage
• Hypervisor
• Application Cells/Containers
• VM Sprawl Avoidance
• VM Escape Protection
• Snapshots
• Patch Compatibility
• Host Availability/Elasticity
• Security Control Testing
• Sandboxing
• Networking
• Network Interface Cards
• Hubs
• Bridges
• Switches.
• Port Security.

Show 407 more Contents items

ISBN

1-260-47432-1

OCLC

1281715169

Statement on language in description

Princeton University Library aims to describe library materials in a manner that is respectful to the individuals and communities who create, use, and are represented in the collections we manage. Read more...