SECIAMPA, CompTIA Security+ Guide to Network Security Fundam

SE/CIAMPA, CompTIA Security+ Guide to Network Security
Fundamentals, 6th Edition ISBN-978-1-337-28878-1 ©20XX
Designer: XXX
Text & Cover printer: Quad Graphics Binding: PB Trim: 7.375
x 9.125" CMYK

Security+ Guide to
Network Security Fundam

entals

To register or access your online learning solution or purchase
materials
for your course, visit www.cengagebrain.com.

Security+ Guide to Network
Security Fundamentals

INFORMATION SECURITY

Sixth Edition

Mark Ciampa

Sixth
Edition

CIAMPA

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

CompTIA Security+ SY0-501 Exam Objectives

Security+ Exam Domain/Objectives Chapter Bloom’s Taxonomy
1.0: Threats, Attacks, and Vulnerabilities
1.1 Given a scenario, analyze indicators of compromise and
determine the type of

malware.
2 Analyze

1.2 Compare and contrast types of attacks. 2
3
5
8

11
15

Understand
Analyze
Understand
Apply/Understand
Create
Apply

1.3 Explain threat actor types and attributes. 1 Analyze/Apply
1.4 Explain penetration testing concepts. 13 Apply
1.5 Explain vulnerability scanning concepts. 13 Apply
1.6 Explain the impact associated with types of vulnerabilities.
1

3
4

5
9

10

Understand
Understand
Understand
Understand
Understand
Understand

2.0: Technologies and Tools
2.1 Install and configure network components, both hardware-
and software-based,

to support organizational security.
4
6
7
8

Apply
Analyze
Apply
Analyze/Evaluate

2.2 Given a scenario, use appropriate software tools to assess
the security posture of
an organization.

8
13
14

Evaluate

Analyze/Evaluate
Evaluate

2.3 Given a scenario, troubleshoot common security issues. 15
Analyze
2.4 Given a scenario, analyze and interpret output from
security technologies. 6

7
9

Analyze
Analyze
Analyze

2.5 Given a scenario, deploy mobile devices securely. 8
10
11

Apply/Evaluate
Analyze/Create
Analyze

2.6 Given a scenario, implement secure protocols. 4
5

Apply
Analyze

3.0: Architecture and Design
3.1 Explain use cases and purpose for frameworks, best
practices and secure

configuration guides.
1

15
Analyze
Understand

3.2 Given a scenario, implement secure network architecture
concepts. 6
7
8

13

Analyze
Apply
Apply/Evaluate
Apply

88781_ifc_hr.indd 2 8/9/17 3:41 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Australia • Brazil • Mexico • Singapore • United Kingdom •
United States

INFORMATION SECURITY

Mark Ciampa, Ph.D.

Sixth Edition

SECURITY+ GUIDE TO
NETWORK SECURITY

CompTIA ®

FUNDAMENTALS

88781_fm_hr_i-xxvi.indd 1 8/16/17 7:00 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

© 2018, 2015 Cengage Learning
Unless otherwise noted, all content is © Cengage.

Security+ Guide to Network
Security Fundamentals, Sixth
Edition

Mark Ciampa

SVP, GM Skills: Jonathan Lau

Product Team Manager: Kristin
McNary

Associate Product Manager: Amy
Savino

Executive Director of Development:
Marah Bellegarde

Senior Product Development
Manager: Leigh Hefferon

Senior Content Developer: Michelle

Ruelos Cannistraci

Product Assistant: Jake Toth

Marketing Director: Michelle McTighe

Production Director: Patty Stephan

Senior Content Project Manager:
Brooke Greenhouse

Art Director: Diana Graham

Cover image(s): iStockPhoto.com/
supernitram

Printed in the United States of America
Print Number: 01 Print Year: 2017

ALL RIGHTS RESERVED. No part of this work covered by the
copy-
right herein may be reproduced or distributed in any form or by
any means, except as permitted by U.S. copyright law, without
the
prior written permission of the copyright owner.

Library of Congress Control Number: 2017950178

ISBN: 978-1-337-28878-1
LLF ISBN: 978-1-337-68585-6

Notice to the Reader
Publisher does not warrant or guarantee any of the products
described herein or perform any independent analysis in
connection with any of the product information contained
herein. Publisher does not assume, and expressly disclaims, any

obligation to obtain and include information other than that
provided to it by the manufacturer. The reader is expressly
warned to consider and adopt all safety precautions that might
be indicated by the activities described herein and to avoid all
potential hazards. By following the instructions contained
herein, the reader willingly assumes all risks in connection with
such
instructions. The publisher makes no representations or
warranties of any kind, including but not limited to, the
warranties of
fitness for particular purpose or merchantability, nor are any
such representations implied with respect to the material set
forth
herein, and the publisher takes no responsibility with respect to
such material. The publisher shall not be liable for any special,
consequential, or exemplary damages resulting, in whole or
part, from the readers’ use of, or reliance upon, this material.

Cengage
20 Channel Center Street
Boston, MA 02210
USA

Cengage is a leading provider of customized learning solutions
with employees residing in nearly 40 different countries and
sales
in more than 125 countries around the world. Find your local
representative at www.cengage.com.

Cengage products are represented in Canada by
Nelson Education, Ltd.

To learn more about Cengage platforms and services,
visit www.cengage.com

Purchase any of our products at your local college store or at

our
preferred online store www.cengagebrain.com

For product information and technology assistance, contact us at
Cengage Learning Customer & Sales Support, 1-800-354-9706.

For permission to use material from this text or product, submit
all
requests online at www.cengage.com/permissions.

Further permissions questions can be e-mailed to
[email protected]
Some of the product names and company names used in this
book have been used for identification purposes only
and may be trademarks or registered trademarks of their
respective manufacturers and sellers.
Windows® is a registered trademark of Microsoft Corporation.
Microsoft.is registered trademark of Microsoft
Corporation in the United States and/or other countries.
Cengage is an independent entity from Microsoft Corporation
and not affiliated with Microsoft in any manner.

88781_fm_hr_i-xxvi.indd 2 8/16/17 7:00 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Brief Contents
INTRODUCTION....................................................................
.........................xv

PART 1

SECURITY AND ITS THREATS
..........................................................................1

CHAPTER 1

Introduction to Security
................................................................................3

CHAPTER 2

Malware and Social Engineering Attacks
................................................. 51

PART 2

CRYPTOGRAPHY
.......................................................................................... 97

CHAPTER 3

Basic Cryptography
..................................................................................... 99

CHAPTER 4

Advanced Cryptography and PKI
............................................................ 145

PART 3

NETWORK ATTACKS AND DEFENSES
....................................................... 189

CHAPTER 5

Networking and Server Attacks

.............................................................. 191

CHAPTER 6

Network Security Devices, Design, and Technology
............................. 233

CHAPTER 7

Administering a Secure Network
............................................................ 281

CHAPTER 8

Wireless Network Security
....................................................................... 321

PART 4

DEVICE
SECURITY.............................................................................
.......... 371

CHAPTER 9

Client and Application Security
............................................................... 373

iii

88781_fm_hr_i-xxvi.indd 3 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Brief Contents

CHAPTER 10

Mobile and Embedded Device Security
...................................................421

PART 5

IDENTITY AND ACCESS MANAGEMENT
....................................................469

CHAPTER 11

Authentication and Account Management
............................................471

CHAPTER 12

Access Management
..................................................................................521

PART 6

RISK MANAGEMENT
...................................................................................563

CHAPTER 13

Vulnerability Assessment and Data Security
.........................................565

CHAPTER 14

Business Continuity
...................................................................................607

CHAPTER 15

Risk Mitigation
...........................................................................................65
1

APPENDIX A

CompTIA SY0-501 Certification Exam Objectives
...................................691

GLOSSARY
...............................................................................................
.......... 713

INDEX
...............................................................................................
..................741

iv

88781_fm_hr_i-xxvi.indd 4 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Table of Contents
INTRODUCTION....................................................................
.......................................xv

PART 1

SECURITY AND ITS THREATS
..................................................... 1

CHAPTER 1

Introduction to Security
........................................................... 3
Challenges of Securing Information
.................................................................. 8

Today’s Security Attacks
....................................................................................8
Reasons for Successful Attacks
........................................................................12
Difficulties in Defending Against Attacks
....................................................... 14

What Is Information Security?
.......................................................................... 17
Understanding Security
....................................................................................18
Defining Information Security
.........................................................................18
Information Security Terminology
..................................................................21
Understanding the Importance of Information Security
................................ 24

Who Are the Threat Actors?
.............................................................................. 28
Script Kiddies
...............................................................................................
.... 29
Hactivists

...............................................................................................
.......... 29
Nation State Actors
..........................................................................................30
Insiders
...............................................................................................
.............30
Other Threat Actors
..........................................................................................31

Defending Against Attacks
............................................................................... 32
Fundamental Security Principles
.................................................................... 32
Frameworks and Reference Architectures
...................................................... 35

Chapter Summary
..............................................................................................
35

Key Terms
...............................................................................................
............ 37

Review
Questions................................................................................
............... 37

Case Projects
...............................................................................................
....... 46

CHAPTER 2

Malware and Social Engineering Attacks ............................. 51

Attacks Using Malware
...................................................................................... 53

Circulation..............................................................................
.......................... 55
Infection
...............................................................................................
............ 61

v

88781_fm_hr_i-xxvi.indd 5 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Table of Contentsvi

Concealment
...............................................................................................
..... 65
Payload Capabilities
.........................................................................................66

Social Engineering Attacks
................................................................................ 73
Psychological Approaches
............................................................................... 74
Physical Procedures
.........................................................................................80

Chapter Summary
..............................................................................................

82

Key Terms
...............................................................................................
............ 84

Review Questions
..............................................................................................
84

Case Projects
...............................................................................................
....... 92

PART 2

CRYPTOGRAPHY
...................................................................... 97

CHAPTER 3

Basic Cryptography
................................................................. 99
Defining Cryptography
.................................................................................... 101

What Is Cryptography?
................................................................................... 101
Cryptography and Security
............................................................................ 105
Cryptography Constraints
...............................................................................107

Cryptographic Algorithms
............................................................................... 108
Hash Algorithms

.............................................................................................1
10
Symmetric Cryptographic Algorithms
........................................................... 113
Asymmetric Cryptographic Algorithms
......................................................... 116

Cryptographic Attacks
..................................................................................... 123
Algorithm Attacks
...........................................................................................
123
Collision Attacks
.............................................................................................
125

Using Cryptography
.........................................................................................
126
Encryption through Software
......................................................................... 127
Hardware Encryption
.....................................................................................128

Chapter Summary
............................................................................................
130

Key Terms
...............................................................................................
.......... 132

Review
Questions................................................................................
............. 133

Case Projects
...............................................................................................
..... 142

CHAPTER 4

Advanced Cryptography and PKI ........................................
145
Implementing Cryptography
.......................................................................... 147

Key Strength
...............................................................................................
.....147
Secret Algorithms
...........................................................................................14
8

88781_fm_hr_i-xxvi.indd 6 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Table of Contents vii

Block Cipher Modes of Operation
................................................................. 149
Crypto Service
Providers................................................................................
150
Algorithm Input Values
.................................................................................. 151

Digital Certificates
...........................................................................................
152
Defining Digital Certificates
............................................................................ 152
Managing Digital Certificates
.........................................................................154
Types of Digital Certificates
............................................................................158

Public Key Infrastructure (PKI)
....................................................................... 165
What Is Public Key Infrastructure (PKI)?
....................................................... 166
Trust Models
...............................................................................................
... 166
Managing PKI
...............................................................................................
...168
Key Management
............................................................................................
171

Cryptographic Transport Protocols
............................................................... 174
Secure Sockets Layer (SSL)
.............................................................................. 174
Transport Layer Security (TLS)
....................................................................... 175
Secure Shell (SSH)
...........................................................................................17
6
Hypertext Transport Protocol Secure (HTTPS)
...............................................176
Secure/Multipurpose Internet Mail Extensions (S/MIME)

............................ 177
Secure Real-time Transport Protocol (SRTP)
.................................................. 177
IP Security (IPsec)
...........................................................................................
177

Chapter Summary
............................................................................................
179

Key Terms
...............................................................................................
.......... 181

Review
Questions................................................................................
............. 181

Case Projects
...............................................................................................
..... 187

PART 3

NETWORK ATTACKS AND DEFENSES
.................................... 189

CHAPTER 5

Networking and Server Attacks ..........................................
191
Networking-Based Attacks
............................................................................. 193

Interception

...............................................................................................
.....194
Poisoning
...............................................................................................
........ 196

Server Attacks
...............................................................................................
... 201
Denial of Service (DoS)
...................................................................................201
Web Server Application Attacks
.................................................................... 203
Hijacking
...............................................................................................
......... 209
Overflow Attacks
............................................................................................
213
Advertising Attacks
.........................................................................................
215
Browser Vulnerabilities
.................................................................................. 218

Chapter Summary
............................................................................................
222

88781_fm_hr_i-xxvi.indd 7 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Table of Contentsviii

Key Terms
...............................................................................................
.......... 223

Review
Questions................................................................................
............. 223

Case Projects
...............................................................................................
..... 229

CHAPTER 6

Network Security Devices, Design, and Technology ......... 233
Security Through Network Devices
............................................................... 235

Standard Network Devices
............................................................................ 236
Network Security Hardware
.......................................................................... 246

Security Through Network Architecture
....................................................... 260
Security Zones
...............................................................................................
260
Network Segregation
..................................................................................... 263

Security Through Network Technologies
...................................................... 265

Network Access Control (NAC)
...................................................................... 265
Data Loss Prevention
(DLP)............................................................................ 267

Chapter Summary
............................................................................................
269

Key Terms
...............................................................................................
.......... 271

Review
Questions................................................................................
............. 271

Case Projects
...............................................................................................
..... 279

CHAPTER 7

Administering a Secure Network ........................................
281
Secure Network Protocols
.............................................................................. 283

Simple Network Management Protocol (SNMP)
........................................... 285
Domain Name System (DNS)
........................................................................ 286
File Transfer Protocol
(FTP)............................................................................ 288
Secure Email Protocols
.................................................................................. 290

Using Secure Network Protocols
....................................................................291

Placement of Security Devices and Technologies
........................................ 292

Analyzing Security Data
.................................................................................. 295
Data from Security Devices
........................................................................... 296
Data from Security Software
......................................................................... 297
Data from Security Tools
............................................................................... 298
Issues in Analyzing Security Data
................................................................. 298

Managing and Securing Network Platforms
................................................ 300
Virtualization
...............................................................................................
..300
Cloud Computing
...........................................................................................
304
Software Defined Network (SDN)
.................................................................. 306

Chapter Summary
............................................................................................
309

88781_fm_hr_i-xxvi.indd 8 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.

WCN 02-200-203

Table of Contents ix

Key Terms
...............................................................................................
.......... 310

Review
Questions................................................................................
............. 311

Case Projects
...............................................................................................
..... 318

CHAPTER 8

Wireless Network Security ..................................................
321
Wireless Attacks
...............................................................................................
324

Bluetooth
Attacks...................................................................................
........ 324
Near Field Communication (NFC) Attacks
.....................................................327
Radio Frequency Identification (RFID) Attacks
............................................. 330
Wireless Local Area Network Attacks
.............................................................332

Vulnerabilities of IEEE Wireless Security
....................................................... 341
Wired Equivalent Privacy
.............................................................................. 342
Wi-Fi Protected Setup
.................................................................................... 343
MAC Address Filtering
................................................................................... 344
SSID Broadcasting
..........................................................................................
345

Wireless Security

Solution

s ............................................................................ 346
Wi-Fi Protected Access (WPA)
....................................................................... 347
Wi-Fi Protected Access 2 (WPA2)
................................................................... 349
Additional Wireless Security Protections
.......................................................352

Chapter Summary
............................................................................................
356

Key Terms
...............................................................................................
.......... 359

Review
Questions................................................................................
............. 359

Case Projects
...............................................................................................
..... 368

PART 4

DEVICE SECURITY
................................................................... 371

CHAPTER 9

Client and Application Security ...........................................
373
Client Security
...............................................................................................
... 375

Hardware System Security
.............................................................................375
Securing the Operating System Software
...................................................... 379
Peripheral Device Security
............................................................................. 388

Physical Security
..............................................................................................
392
External Perimeter Defenses
......................................................................... 393
Internal Physical Access Security
.................................................................. 395
Computer Hardware Security
....................................................................... 400

Application Security
.........................................................................................
401
Application Development Concepts
.............................................................. 402

88781_fm_hr_i-xxvi.indd 9 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Table of Contentsx

Secure Coding Techniques
.............................................................................404
Code Testing
...............................................................................................
.... 405

Chapter Summary
............................................................................................
406

Key Terms
...............................................................................................
.......... 409

Review
Questions................................................................................
............. 410

Case Projects
...............................................................................................
..... 417

CHAPTER 10

Mobile and Embedded Device Security .............................. 421
Mobile Device Types and Deployment
.......................................................... 423

Types of Mobile Devices
................................................................................ 424

Mobile Device Risks
.........................................................................................
432
Mobile Device
Vulnerabilities........................................................................
432
Connection Vulnerabilities
............................................................................ 436
Accessing Untrusted Content
........................................................................ 436
Deployment Model Risks

............................................................................... 438

Securing Mobile Devices
................................................................................. 439
Device Configuration
..................................................................................... 439
Mobile Management Tools
............................................................................ 446
Mobile Device App Security
.......................................................................... 448

Embedded Systems and the Internet of Things
........................................... 449
Embedded
Systems...................................................................................
..... 449
Internet of Things
...........................................................................................45
1
Security Implications
..................................................................................... 452

Chapter Summary
............................................................................................
455

Key Terms
...............................................................................................
.......... 457

Review
Questions................................................................................
............. 457

Case Projects
...............................................................................................
..... 465

PART 5

IDENTITY AND ACCESS MANAGEMENT
................................ 469

CHAPTER 11

Authentication and Account Management ....................... 471
Authentication Credentials
............................................................................ 473

What You Know: Passwords

.......................................................................... 475
What You Have: Tokens, Cards, and Cell Phones
.......................................... 489
What You Are: Biometrics
............................................................................. 492
What You Do: Behavioral Biometrics
............................................................ 498

88781_fm_hr_i-xxvi.indd 10 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Table of Contents xi

Where You Are: Geolocation
......................................................................... 499

Single Sign-on
...............................................................................................
.... 500

Account Management
..................................................................................... 502

Chapter Summary
............................................................................................
505

Key Terms
...............................................................................................
........... 506

Review
Questions................................................................................
............. 507

Case Projects
...............................................................................................
..... 517

CHAPTER 12

Access Management .............................................................
521
What Is Access Control?
.................................................................................. 523

Access Control Terminology
.......................................................................... 524
Access Control Models
....................................................................................527

Managing Access Through Account
Management....................................... 533
Account Setup
...............................................................................................
..533
Account Auditing
...........................................................................................
539

Best Practices for Access Control
................................................................... 540
Separation of Duties
...................................................................................... 540
Job Rotation
...............................................................................................
.... 540
Mandatory
Vacations................................................................................
......541

Clean Desk Policy
............................................................................................5
41

Implementing Access Control
........................................................................ 542
Access Control Lists (ACLs)
............................................................................ 542
Group-Based Access Control
......................................................................... 543

Identity and Access Services
.......................................................................... 544
RADIUS
...............................................................................................
............ 545
Kerberos
...............................................................................................
.......... 547
Terminal Access Control Access Control System+ (TACACS+)
...................... 548
Lightweight Directory Access Protocol (LDAP)
.............................................. 549
Security Assertion Markup Language (SAML)
............................................... 550

Authentication Framework Protocols
............................................................ 551

Chapter Summary
............................................................................................
552

Key Terms
...............................................................................................
.......... 554

Review
Questions................................................................................
............. 554

Case Projects
...............................................................................................
..... 561

88781_fm_hr_i-xxvi.indd 11 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Table of Contentsxii

PART 6

RISK MANAGEMENT
.............................................................. 563

CHAPTER 13

Vulnerability Assessment and Data Security .................... 565
Assessing the Security Posture
...................................................................... 567

What Is Vulnerability Assessment?
............................................................... 567
Vulnerability Assessment Tools
.....................................................................573

Vulnerability Scanning
.................................................................................... 584

Penetration Testing
.........................................................................................

586

Practicing Data Privacy and Security
............................................................. 588
What Is Privacy?
.............................................................................................
589
Risks Associated with Private Data
............................................................... 590
Maintaining Data Privacy and Security
......................................................... 592

Chapter Summary
............................................................................................
596

Key Terms
...............................................................................................
.......... 598

Review
Questions................................................................................
............. 598

Case Projects

...............................................................................................
..... 604

CHAPTER 14

Business Continuity ..............................................................
607
What Is Business Continuity?
......................................................................... 609

Business Continuity Planning (BCP)
.............................................................609
Business Impact Analysis (BIA)
...................................................................... 611
Disaster Recovery Plan (DRP)
.........................................................................612

Fault Tolerance Through Redundancy
.......................................................... 615
Servers
...............................................................................................
............ 616
Storage
...............................................................................................
.............617

Networks
...............................................................................................
..........621
Power
...............................................................................................
.............. 622
Recovery Sites
...............................................................................................
. 622
Data
...............................................................................................
................. 623

Environmental Controls
.................................................................................. 628
Fire Suppression
............................................................................................
628
Electromagnetic Disruption Protection
..........................................................631
HVAC
...............................................................................................
................631

Incident Response

...........................................................................................
633
What Is Forensics?
.........................................................................................
633

88781_fm_hr_i-xxvi.indd 12 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Table of Contents xiii

Incident Response Plan
................................................................................. 633
Forensics Procedures
..................................................................................... 634

Chapter Summary
............................................................................................
640

Key Terms
...............................................................................................
.......... 642

Review
Questions................................................................................
............. 643

Case Projects
...............................................................................................
..... 649

CHAPTER 15

Risk Mitigation ......................................................................
651
Managing Risk
...............................................................................................
... 653

Threat Assessment
........................................................................................ 654
Risk Assessment
............................................................................................
656

Strategies for Reducing Risk
........................................................................... 664
Using Control
Types......................................................................................
. 664
Distributing Allocation
..................................................................................666
Implementing Technology
............................................................................666

Practices for Reducing
Risk............................................................................. 668
Security Policies
.............................................................................................
669
Awareness and Training
................................................................................ 675
Agreements
...............................................................................................
..... 677
Personnel Management
................................................................................. 679

Troubleshooting Common Security Issues

................................................... 679

Chapter Summary
............................................................................................
680

Key Terms
...............................................................................................
.......... 682

Review
Questions................................................................................
............. 682

Case Projects
...............................................................................................
..... 688

APPENDIX A

CompTIA SY0-501 Certification Exam Objectives ..............
691

GLOSSARY
...............................................................................................

.......... 713

INDEX
...............................................................................................
.................. 741

88781_fm_hr_i-xxvi.indd 13 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

88781_fm_hr_i-xxvi.indd 14 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

The number one concern of computer professionals today
continues to
be information security, and with good reason. Consider the

evidence:
over 1.5 billion Yahoo user accounts were compromised in just
two
separate attacks.1 A ransom of $1 million dollars was paid to
unlock
files that had been encrypted by ransomware.2 A global
payment sys-
tem used to transfer money between countries was compromised
by
attackers who stole $81 billion from the central bank of
Bangladesh.3 It
is estimated that global spending on products and services to
prevent
these attacks will exceed $1 trillion cumulatively between 2017
and
2021. But despite the huge sum spent on protection, cybercrime
will
still cost businesses over $6 trillion by 2021.4

As attacks continue to escalate, the need for trained security
per-
sonnel also increases. It is estimated that there are currently
over
1.5 million unfilled security jobs worldwide and this will grow
by 20

percent to 1.8 million by the year 2022.5 According to the U.S.
Bureau of
Labor Statistics (BLS) “Occupational Outlook Handbook,” the
job out-
look for information security analysts through 2024 is expected
to grow
by 18 percent, faster than the average growth rate.6

To verify security competency, most organizations use the
Comput-
ing Technology Industry Association (CompTIA) Security+
certification,
a vendor-neutral credential. Security+ is one of the most widely
recog-
nized security certifications and has become the security
foundation
for today’s IT professionals. It is internationally recognized as
validat-
ing a foundation level of security skills and knowledge. A
successful
Security+ candidate has the knowledge and skills required to
identify
threats, attacks and vulnerabilities; use security technologies
and tools;
understand security architecture and design; perform identity

and access
management; know about risk management; and use
cryptography.

Security+ Guide to Network Security Fundamentals, Sixth
Edition is
designed to equip learners with the knowledge and skills needed
to
be information security professionals. Yet it is more than an
“exam
prep” book. While teaching the fundamentals of information
security
by using the CompTIA Security+ exam objectives as its
framework, it
takes a comprehensive view of security by examining in-depth
the
attacks against networks and computer systems and the
necessary
defense mechanisms. Security+ Guide to Network Security
Fundamen-
tals, Sixth Edition is a valuable tool for those who want to learn
about
security and who desire to enter the field of information
security. It
also provides the foundation that will help prepare for the

CompTIA
Security+ certification exam.

xv

INTRODUCTION

88781_fm_hr_i-xxvi.indd 15 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Introductionxvi

Intended Audience
This book is designed to meet the needs of students and
professionals who want to
master basic information security. A fundamental knowledge of
computers and net-
works is all that is required to use this book. Those seeking to
pass the CompTIA Secu-
rity+ certification exam will find the text’s approach and

content especially helpful; all
Security+ SY0-501 exam objectives are covered in the text (see
Appendix A). Security+
Guide to Network Security Fundamentals, Sixth Edition covers
all aspects of network and
computer security while satisfying the Security+ objectives.

The book’s pedagogical features are designed to provide a truly
interactive learning
experience to help prepare you for the challenges of network
and computer security.
In addition to the information presented in the text, each chapter
includes Hands-On
Projects that guide you through implementing practical
hardware, software, network,
and Internet security configurations step by step. Each chapter
also contains case stud-
ies that place you in the role of problem solver, requiring you to
apply concepts pre-
sented in the chapter to achieve successful solutions.

Chapter Descriptions
Here is a summary of the topics covered in each chapter of this
book:

Chapter 1, “Introduction to Security,” introduces the network
security fundamen-
tals that form the basis of the Security+ certification. It begins
by examining the cur-
rent challenges in computer security and why security is so
difficult to achieve. It then
defines information security in detail and explores why it is
important. Finally, the
chapter looks at the fundamental attacks, including who is
responsible for them, and
defenses.

Chapter 2, “Malware and Social Engineering Attacks,” examines
attacks that use
different types of malware, such as viruses, worms, Trojans, and
botnets. It also looks
at the different types of social engineering attacks.

Chapter 3, “Basic Cryptography,” explores how encryption can
be used to protect
data. It covers what cryptography is and how it can be used for
protection, and then
examines how to protect data using three common types of
encryption algorithms:
hashing, symmetric encryption, and asymmetric encryption. It

also covers how to use
cryptography on files and disks to keep data secure.

Chapter 4, “Advanced Cryptography and PKI,” examines how to
implement cryp-
tography and use digital certificates. It also looks at public key
infrastructure and key
management. This chapter covers different transport
cryptographic algorithms to see
how cryptography is used on data that is being transported.

Chapter 5, “Networking and Server Attacks,” explores the
different attacks that
are directed at enterprises. It includes networking-based attacks
as well as server
attacks.

88781_fm_hr_i-xxvi.indd 16 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Introduction xvii

Chapter 6, “Network Security Devices, Design, and
Technology,” examines how
to protect networks through standard network devices and
network security hard-
ware. It also covers implementing security through network
architectures and network
technologies.

Chapter 7, “Administering a Secure Network,” looks at the
techniques for admin-
istering a network. This includes understanding common
network protocols and the
proper placement of security devices and technologies. It also
looks at analyzing secu-
rity data and securing network platforms such as virtualization,
cloud computing, and
software defined networks.

Chapter 8, “Wireless Network Security,” investigates the
attacks on wireless
devices that are common today and explores different wireless
security mechanisms
that have proven to be vulnerable. It also covers several secure

wireless protections.

Chapter 9, “Client and Application Security,” examines
securing the client
through hardware and peripherals through hardware and the
operating system. It also
looks at physical security to create external perimeter defenses
and internal physical
access security. This chapter also covers application security
vulnerabilities and the
development of secure apps.

Chapter 10, “Mobile and Embedded Device Security,” looks at
the different types
of mobile devices and the risks associated with these devices. It
also explores how to
secure these devices and the applications running on them.
Finally, it examines how
embedded systems and the Internet of Things devices can be
secured.

Chapter 11, “Authentication and Account Management,” looks
at authentication
and the secure management of user accounts to enforce
authentication. It covers the

different types of authentication credentials that can be used to
verify a user’s identity
and how a single sign-on might be used. It also examines the
techniques and technol-
ogy used to manage user accounts in a secure fashion.

Chapter 12, “Access Management,” introduces the principles
and practices of
access control by examining access control terminology, the
standard control mod-
els, and managing access through account management. It also
covers best practices,
implementing access control, and identity and access services.

Chapter 13, “Vulnerability Assessment and Data Security,”
explains what vulner-
ability assessment is and examines the tools and techniques
associated with it. It also
explores the differences between vulnerability scanning and
penetration testing. The
chapter concludes with an examination of data privacy.

Chapter 14, “Business Continuity,” covers the importance of
keeping business
processes and communications operating normally in the face of

threats and disrup-
tions. It explores business continuity, fault tolerance,
environmental controls, and inci-
dent response.

Chapter 15, “Risk Mitigation,” looks at how organizations can
establish and main-
tain security in the face of risk. It defines risk and the strategies
to control it. This chap-
ter also covers practices for reducing risk and troubleshooting
common security issues.

88781_fm_hr_i-xxvi.indd 17 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Introductionxviii

Appendix A, “CompTIA SY0-501 Certification Examination
Objectives,” provides
a complete listing of the latest CompTIA Security+ certification

exam objectives and
shows the chapters and headings in the book that cover material
associated with each
objective, as well as the Bloom’s Taxonomy level of that
coverage.

Features
To aid you in fully understanding computer and network
security, this book includes
many features designed to enhance your learning experience.

• Maps to CompTIA Objectives. The material in this text covers
all the CompTIA
Security+ SY0-501 exam objectives.

• Chapter Objectives. Each chapter begins with a detailed list of
the concepts to be
mastered in that chapter. This list provides you with both a
quick reference to the
chapter’s contents and a useful study aid.

• Today’s Attacks and Defenses. Each chapter opens with a
vignette of an actual
security attack or defense mechanism that helps to introduce the
material covered

in that chapter.

• Illustrations and Tables. Numerous illustrations of security
vulnerabilities,
attacks, and defenses help you visualize security elements,
theories, and concepts.
In addition, the many tables provide details and comparisons of
practical and
theoretical information.

• Chapter Summaries. Each chapter’s text is followed by a
summary of the concepts
introduced in that chapter. These summaries provide a helpful
way to review the
ideas covered in each chapter.

• Key Terms. All the terms in each chapter that were introduced
with bold text are
gathered in a Key Terms list, providing additional review and
highlighting key con-
cepts. Key Term definitions are included in the Glossary at the
end of the text.

• Review Questions. The end-of-chapter assessment begins with
a set of review

questions that reinforce the ideas introduced in each chapter.
These questions help
you evaluate and apply the material you have learned.
Answering these questions
will ensure that you have mastered the important concepts and
provide valuable
practice for taking CompTIA’s Security+ exam.

• Hands-On Projects. Although it is important to understand the
theory behind
network security, nothing can improve on real-world
experience. To this end,
each chapter provides several Hands-On Projects aimed at
providing you with
practical security software and hardware implementation
experience. These proj-
ects use the Windows 10 operating system, as well as software
downloaded from
the Internet.

• Case Projects. Located at the end of each chapter are several
Case Projects. In these
extensive exercises, you implement the skills and knowledge
gained in the chapter
through real design and implementation scenarios.

88781_fm_hr_i-xxvi.indd 18 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Introduction xix

New to This Edition
• Maps fully to the latest CompTIA Security+ exam SY0-501
• Completely revised and updated with expanded coverage on
attacks and defenses
• New chapter units: Security and Its Threats, Cryptography,
Network Attacks and

Defenses, Device Security, Identity and Access Management,
and Risk Management
• Earlier coverage of cryptography and advanced cryptography
• All new “Today’s Attacks and Defenses” opener in each
chapter
• New and updated Hands-On Projects in each chapter covering
some of the latest

security software
• More Case Projects in each chapter
• Expanded Information Security Community Site activity in
each chapter allows

learners to interact with other learners and security
professionals from around the
world

• All SY0-501 exam topics fully defined
• Linking of each exam sub-domain to Bloom’s Taxonomy (see
Appendix A)

Text and Graphic Conventions
Wherever appropriate, additional information and exercises
have been added to this
book to help you better understand the topic at hand. Icons
throughout the text alert
you to additional materials. The following icons are0 used in
this textbook:

The Note icon draws your attention to additional helpful
material
related to the subject being described.

Tips based on the author’s experience provide extra informa-
tion about how to attack a problem or what to do in real-world
situations.

The Caution icons warn you about potential mistakes or prob-
lems, and explain how to avoid them.

Hands-On Projects help you understand the theory behind
network
security with activities using the latest security software and
hardware.

The Case Projects icon marks Case Projects, which are scenario-
based assignments. In these extensive case examples, you are
asked to implement independently what you have learned.

Certification icons indicate CompTIA Security+ objectives
covered
under major chapter headings.

Hands-On Projects

Case Projects

Certification

Note

Tip

Caution

88781_fm_hr_i-xxvi.indd 19 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May
not be copied, scanned, or duplicated, in whole or in part.
WCN 02-200-203

Introductionxx

Instructor’s Materials
Everything you need for your course in one place. This
collection of book-specific
lecture and class tools is available online. Please visit
login.cengage.com and log in to
access instructor-specific resources on the Instructor

Companion Site, which includes
the Instructor’s Manual,

SECIAMPA, CompTIA Security+ Guide to Network Security Fundam

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

SECIAMPA, CompTIA Security+ Guide to Network Security Fundam

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf

EUNITED_Advocacy and Public Engagement through Visual Media

DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx

DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx

Hinduism and Its History - PowerPoint Slides.pptx