Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Comptia security+ guide to network security fundamentals 6th edition pdf

28/10/2020 Client: papadok01 Deadline: 10 Days

SE/CIAMPA, CompTIA Security+ Guide to Network Security Fundamentals, 6th Edition ISBN-978-1-337-28878-1 ©20XX Designer: XXX Text & Cover printer: Quad Graphics Binding: PB Trim: 7.375 x 9.125" CMYK

Security+ Guide to Network Security Fundamentals

To register or access your online learning solution or purchase materials for your course, visit www.cengagebrain.com.

Security+ Guide to Network Security Fundamentals

INFORMATION SECURITY

Sixth Edition

Mark Ciampa

Sixth Edition

CIAMPA

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

CompTIA Security+ SY0-501 Exam Objectives

Security+ Exam Domain/Objectives Chapter Bloom’s Taxonomy 1.0: Threats, Attacks, and Vulnerabilities 1.1 Given a scenario, analyze indicators of compromise and determine the type of

malware. 2 Analyze

1.2 Compare and contrast types of attacks. 2 3 5 8

11 15

Understand Analyze Understand Apply/Understand Create Apply

1.3 Explain threat actor types and attributes. 1 Analyze/Apply 1.4 Explain penetration testing concepts. 13 Apply 1.5 Explain vulnerability scanning concepts. 13 Apply 1.6 Explain the impact associated with types of vulnerabilities. 1

3 4 5 9

10

Understand Understand Understand Understand Understand Understand

2.0: Technologies and Tools 2.1 Install and configure network components, both hardware- and software-based,

to support organizational security. 4 6 7 8

Apply Analyze Apply Analyze/Evaluate

2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.

8 13 14

Evaluate Analyze/Evaluate Evaluate

2.3 Given a scenario, troubleshoot common security issues. 15 Analyze 2.4 Given a scenario, analyze and interpret output from security technologies. 6

7 9

Analyze Analyze Analyze

2.5 Given a scenario, deploy mobile devices securely. 8 10 11

Apply/Evaluate Analyze/Create Analyze

2.6 Given a scenario, implement secure protocols. 4 5

Apply Analyze

3.0: Architecture and Design 3.1 Explain use cases and purpose for frameworks, best practices and secure

configuration guides. 1

15 Analyze Understand

3.2 Given a scenario, implement secure network architecture concepts. 6 7 8

13

Analyze Apply Apply/Evaluate Apply

88781_ifc_hr.indd 2 8/9/17 3:41 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Australia • Brazil • Mexico • Singapore • United Kingdom • United States

INFORMATION SECURITY

Mark Ciampa, Ph.D.

Sixth Edition

SECURITY+ GUIDE TO NETWORK SECURITY

CompTIA ®

FUNDAMENTALS

88781_fm_hr_i-xxvi.indd 1 8/16/17 7:00 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

© 2018, 2015 Cengage Learning Unless otherwise noted, all content is © Cengage.

Security+ Guide to Network Security Fundamentals, Sixth Edition

Mark Ciampa

SVP, GM Skills: Jonathan Lau

Product Team Manager: Kristin McNary

Associate Product Manager: Amy Savino

Executive Director of Development: Marah Bellegarde

Senior Product Development Manager: Leigh Hefferon

Senior Content Developer: Michelle Ruelos Cannistraci

Product Assistant: Jake Toth

Marketing Director: Michelle McTighe

Production Director: Patty Stephan

Senior Content Project Manager: Brooke Greenhouse

Art Director: Diana Graham

Cover image(s): iStockPhoto.com/ supernitram

Printed in the United States of America Print Number: 01 Print Year: 2017

ALL RIGHTS RESERVED. No part of this work covered by the copy- right herein may be reproduced or distributed in any form or by any means, except as permitted by U.S. copyright law, without the prior written permission of the copyright owner.

Library of Congress Control Number: 2017950178

ISBN: 978-1-337-28878-1 LLF ISBN: 978-1-337-68585-6

Notice to the Reader Publisher does not warrant or guarantee any of the products described herein or perform any independent analysis in connection with any of the product information contained herein. Publisher does not assume, and expressly disclaims, any obligation to obtain and include information other than that provided to it by the manufacturer. The reader is expressly warned to consider and adopt all safety precautions that might be indicated by the activities described herein and to avoid all potential hazards. By following the instructions contained herein, the reader willingly assumes all risks in connection with such instructions. The publisher makes no representations or warranties of any kind, including but not limited to, the warranties of fitness for particular purpose or merchantability, nor are any such representations implied with respect to the material set forth herein, and the publisher takes no responsibility with respect to such material. The publisher shall not be liable for any special, consequential, or exemplary damages resulting, in whole or part, from the readers’ use of, or reliance upon, this material.

Cengage 20 Channel Center Street Boston, MA 02210 USA

Cengage is a leading provider of customized learning solutions with employees residing in nearly 40 different countries and sales in more than 125 countries around the world. Find your local representative at www.cengage.com.

Cengage products are represented in Canada by Nelson Education, Ltd.

To learn more about Cengage platforms and services, visit www.cengage.com

Purchase any of our products at your local college store or at our preferred online store www.cengagebrain.com

For product information and technology assistance, contact us at Cengage Learning Customer & Sales Support, 1-800-354-9706.

For permission to use material from this text or product, submit all requests online at www.cengage.com/permissions.

Further permissions questions can be e-mailed to permissionrequest@cengage.com.

Some of the product names and company names used in this book have been used for identification purposes only and may be trademarks or registered trademarks of their respective manufacturers and sellers. Windows® is a registered trademark of Microsoft Corporation. Microsoft.is registered trademark of Microsoft Corporation in the United States and/or other countries. Cengage is an independent entity from Microsoft Corporation and not affiliated with Microsoft in any manner.

88781_fm_hr_i-xxvi.indd 2 8/16/17 7:00 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Brief Contents INTRODUCTION.............................................................................................xv

PART 1

SECURITY AND ITS THREATS ..........................................................................1

CHAPTER 1

Introduction to Security ................................................................................3

CHAPTER 2

Malware and Social Engineering Attacks ................................................. 51

PART 2

CRYPTOGRAPHY .......................................................................................... 97

CHAPTER 3

Basic Cryptography ..................................................................................... 99

CHAPTER 4

Advanced Cryptography and PKI ............................................................ 145

PART 3

NETWORK ATTACKS AND DEFENSES ....................................................... 189

CHAPTER 5

Networking and Server Attacks .............................................................. 191

CHAPTER 6

Network Security Devices, Design, and Technology ............................. 233

CHAPTER 7

Administering a Secure Network ............................................................ 281

CHAPTER 8

Wireless Network Security ....................................................................... 321

PART 4

DEVICE SECURITY....................................................................................... 371

CHAPTER 9

Client and Application Security ............................................................... 373

iii

88781_fm_hr_i-xxvi.indd 3 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Brief Contents

CHAPTER 10

Mobile and Embedded Device Security ...................................................421

PART 5

IDENTITY AND ACCESS MANAGEMENT ....................................................469

CHAPTER 11

Authentication and Account Management ............................................471

CHAPTER 12

Access Management ..................................................................................521

PART 6

RISK MANAGEMENT ...................................................................................563

CHAPTER 13

Vulnerability Assessment and Data Security .........................................565

CHAPTER 14

Business Continuity ...................................................................................607

CHAPTER 15

Risk Mitigation ...........................................................................................651

APPENDIX A

CompTIA SY0-501 Certification Exam Objectives ...................................691

GLOSSARY ......................................................................................................... 713

INDEX .................................................................................................................741

iv

88781_fm_hr_i-xxvi.indd 4 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Table of Contents INTRODUCTION...........................................................................................................xv

PART 1

SECURITY AND ITS THREATS .....................................................1

CHAPTER 1

Introduction to Security ...........................................................3 Challenges of Securing Information .................................................................. 8

Today’s Security Attacks ....................................................................................8 Reasons for Successful Attacks ........................................................................12 Difficulties in Defending Against Attacks ....................................................... 14

What Is Information Security? .......................................................................... 17 Understanding Security ....................................................................................18 Defining Information Security .........................................................................18 Information Security Terminology ..................................................................21 Understanding the Importance of Information Security ................................ 24

Who Are the Threat Actors? .............................................................................. 28 Script Kiddies ................................................................................................... 29 Hactivists ......................................................................................................... 29 Nation State Actors ..........................................................................................30 Insiders ............................................................................................................30 Other Threat Actors ..........................................................................................31

Defending Against Attacks ............................................................................... 32 Fundamental Security Principles .................................................................... 32 Frameworks and Reference Architectures ...................................................... 35

Chapter Summary .............................................................................................. 35

Key Terms ........................................................................................................... 37

Review Questions............................................................................................... 37

Case Projects ...................................................................................................... 46

CHAPTER 2

Malware and Social Engineering Attacks .............................51 Attacks Using Malware ...................................................................................... 53

Circulation........................................................................................................ 55 Infection ........................................................................................................... 61

v

88781_fm_hr_i-xxvi.indd 5 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Table of Contentsvi

Concealment .................................................................................................... 65 Payload Capabilities .........................................................................................66

Social Engineering Attacks ................................................................................ 73 Psychological Approaches ............................................................................... 74 Physical Procedures .........................................................................................80

Chapter Summary .............................................................................................. 82

Key Terms ........................................................................................................... 84

Review Questions .............................................................................................. 84

Case Projects ...................................................................................................... 92

PART 2

CRYPTOGRAPHY ......................................................................97

CHAPTER 3

Basic Cryptography .................................................................99 Defining Cryptography .................................................................................... 101

What Is Cryptography? ................................................................................... 101 Cryptography and Security ............................................................................ 105 Cryptography Constraints ...............................................................................107

Cryptographic Algorithms ............................................................................... 108 Hash Algorithms .............................................................................................110 Symmetric Cryptographic Algorithms ........................................................... 113 Asymmetric Cryptographic Algorithms ......................................................... 116

Cryptographic Attacks ..................................................................................... 123 Algorithm Attacks ........................................................................................... 123 Collision Attacks ............................................................................................. 125

Using Cryptography ......................................................................................... 126 Encryption through Software ......................................................................... 127 Hardware Encryption .....................................................................................128

Chapter Summary ............................................................................................ 130

Key Terms ......................................................................................................... 132

Review Questions............................................................................................. 133

Case Projects .................................................................................................... 142

CHAPTER 4

Advanced Cryptography and PKI ........................................145 Implementing Cryptography .......................................................................... 147

Key Strength ....................................................................................................147 Secret Algorithms ...........................................................................................148

88781_fm_hr_i-xxvi.indd 6 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Table of Contents vii

Block Cipher Modes of Operation ................................................................. 149 Crypto Service Providers................................................................................ 150 Algorithm Input Values .................................................................................. 151

Digital Certificates ........................................................................................... 152 Defining Digital Certificates ............................................................................ 152 Managing Digital Certificates .........................................................................154 Types of Digital Certificates ............................................................................158

Public Key Infrastructure (PKI) ....................................................................... 165 What Is Public Key Infrastructure (PKI)? ....................................................... 166 Trust Models .................................................................................................. 166 Managing PKI ..................................................................................................168 Key Management ............................................................................................ 171

Cryptographic Transport Protocols ............................................................... 174 Secure Sockets Layer (SSL) .............................................................................. 174 Transport Layer Security (TLS) ....................................................................... 175 Secure Shell (SSH) ...........................................................................................176 Hypertext Transport Protocol Secure (HTTPS) ...............................................176 Secure/Multipurpose Internet Mail Extensions (S/MIME) ............................ 177 Secure Real-time Transport Protocol (SRTP) .................................................. 177 IP Security (IPsec) ........................................................................................... 177

Chapter Summary ............................................................................................ 179

Key Terms ......................................................................................................... 181

Review Questions............................................................................................. 181

Case Projects .................................................................................................... 187

PART 3

NETWORK ATTACKS AND DEFENSES ....................................189

CHAPTER 5

Networking and Server Attacks ..........................................191 Networking-Based Attacks ............................................................................. 193

Interception ....................................................................................................194 Poisoning ....................................................................................................... 196

Server Attacks .................................................................................................. 201 Denial of Service (DoS) ...................................................................................201 Web Server Application Attacks .................................................................... 203 Hijacking ........................................................................................................209 Overflow Attacks ............................................................................................ 213 Advertising Attacks ......................................................................................... 215 Browser Vulnerabilities ..................................................................................218

Chapter Summary ............................................................................................ 222

88781_fm_hr_i-xxvi.indd 7 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Table of Contentsviii

Key Terms ......................................................................................................... 223

Review Questions............................................................................................. 223

Case Projects .................................................................................................... 229

CHAPTER 6

Network Security Devices, Design, and Technology .........233 Security Through Network Devices ............................................................... 235

Standard Network Devices ............................................................................ 236 Network Security Hardware .......................................................................... 246

Security Through Network Architecture ....................................................... 260 Security Zones ...............................................................................................260 Network Segregation ..................................................................................... 263

Security Through Network Technologies ...................................................... 265 Network Access Control (NAC) ...................................................................... 265 Data Loss Prevention (DLP)............................................................................ 267

Chapter Summary ............................................................................................ 269

Key Terms ......................................................................................................... 271

Review Questions............................................................................................. 271

Case Projects .................................................................................................... 279

CHAPTER 7

Administering a Secure Network ........................................281 Secure Network Protocols .............................................................................. 283

Simple Network Management Protocol (SNMP) ........................................... 285 Domain Name System (DNS) ........................................................................ 286 File Transfer Protocol (FTP)............................................................................ 288 Secure Email Protocols ..................................................................................290 Using Secure Network Protocols ....................................................................291

Placement of Security Devices and Technologies ........................................ 292

Analyzing Security Data .................................................................................. 295 Data from Security Devices ........................................................................... 296 Data from Security Software ......................................................................... 297 Data from Security Tools ............................................................................... 298 Issues in Analyzing Security Data ................................................................. 298

Managing and Securing Network Platforms ................................................ 300 Virtualization .................................................................................................300 Cloud Computing ...........................................................................................304 Software Defined Network (SDN) ..................................................................306

Chapter Summary ............................................................................................ 309

88781_fm_hr_i-xxvi.indd 8 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Table of Contents ix

Key Terms ......................................................................................................... 310

Review Questions............................................................................................. 311

Case Projects .................................................................................................... 318

CHAPTER 8

Wireless Network Security ..................................................321 Wireless Attacks ............................................................................................... 324

Bluetooth Attacks........................................................................................... 324 Near Field Communication (NFC) Attacks .....................................................327 Radio Frequency Identification (RFID) Attacks ............................................. 330 Wireless Local Area Network Attacks .............................................................332

Vulnerabilities of IEEE Wireless Security ....................................................... 341 Wired Equivalent Privacy .............................................................................. 342 Wi-Fi Protected Setup .................................................................................... 343 MAC Address Filtering ................................................................................... 344 SSID Broadcasting .......................................................................................... 345

Wireless Security Solutions ............................................................................ 346 Wi-Fi Protected Access (WPA) ....................................................................... 347 Wi-Fi Protected Access 2 (WPA2) ................................................................... 349 Additional Wireless Security Protections .......................................................352

Chapter Summary ............................................................................................ 356

Key Terms ......................................................................................................... 359

Review Questions............................................................................................. 359

Case Projects .................................................................................................... 368

PART 4

DEVICE SECURITY ...................................................................371

CHAPTER 9

Client and Application Security ...........................................373 Client Security .................................................................................................. 375

Hardware System Security .............................................................................375 Securing the Operating System Software ...................................................... 379 Peripheral Device Security ............................................................................. 388

Physical Security .............................................................................................. 392 External Perimeter Defenses ......................................................................... 393 Internal Physical Access Security .................................................................. 395 Computer Hardware Security ....................................................................... 400

Application Security ......................................................................................... 401 Application Development Concepts ..............................................................402

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Instant Assignments
Calculation Guru
Writer Writer Name Offer Chat
Instant Assignments

ONLINE

Instant Assignments

Hey, I can write about your given topic according to the provided requirements. I have a few more questions to ask as if there is any specific instructions or deadline issue. I have already completed more than 250 academic papers, articles, and technical articles. I can provide you samples. I believe my capabilities would be perfect for your project. I can finish this job within the necessary interval. I have four years of experience in this field. If you want to give me the project I had be very happy to discuss this further and get started for you as soon as possible.

$55 Chat With Writer
Calculation Guru

ONLINE

Calculation Guru

I see that your standard of work is to get content for articles. Well, you are in the right place because I am a professional content writer holding a PhD. in English, as well as having immense experience in writing articles for a vast variety of niches and category such as newest trends, health issues, entertainment, technology, etc and I will make sure your article has all the key pointers and relevant information, Pros, Cons and basically all the information that a perfect article needs with good research. Your article is guaranteed to be appealing, attractive, engaging, original and passed through Copyscape for the audience so once they start reading they keep asking for more and stay interested.

$55 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Assistant principal salary nsw - Creac legal writing example - Experiment 2 measurement instruments mass volume density answers - HE005 - How to calculate total budgeted selling and administrative expenses - Certificate 3 in air conditioning and refrigeration - 11kv transformer tap settings - World's most reputable companies for corporate responsibility - Beautiful soup 4 documentation - Monochronic vs polychronic test - Disadvantages of zoos essay - Lyrics firework katy perry meaning - Floor cheers for basketball - Week 1 discussion cloud computing - Due to service _____, services cannot be stored, warehoused, or inventoried. - Financial instit acct - Michelin fleet solutions case study pdf - Hw 3 - Tarsal bones mnemonic dirty - Billed customers for fees earned for managing rental property - Cosmo energy holdings london - Peter pollywog patrol frog - Ascia anaphylaxis e training for pharmacists - Limiting and excess reactants worksheet - Hot tapping gas pipeline - 27th sunday year a - Preparation of standard potassium permanganate solution - Count basie real name - Standardization of naoh with khp lab report - Cadburys aztec bar advert - Quantitative Methods Case Study - Ethics - Kennedy half dollar facing west - Iso 5817 level d - Biology - Short stories about being an outsider - 1 what is an it risk assessment's goal or objective - Microeconomics karlan morduch answers - 4.2 Reading Reflection Discussion - Middle passage robert hayden analysis - St david family practice - Worldview and nursing process personal statement - The oasdi taxable wage base is correctly defined as - Clothing boutique case study - For a cyclic process the condition is - Java Solution needed - Mini lathe saddle adjustment - S2 magic monitor download - Define sound bites ap gov - Module 05 Quiz - Care certificate standard 5 answers - The way we live now susan sontag - Developmental Milestones Brochure - How to prepare a cash budget managerial accounting - Borat kidnaps anderson real - Twitter's organizational culture most resembles a - Gcu lesson plan template - Digital Transformation - Week 3 Assignment - Physics formula sheet hsc - Emperor constantine's vision - The norm of voluntary participation threatens the social research goal of generalizability. - Brainstorm/ essay - Datatronics Case Study - Zinn chapter 1 study questions answers - Enzymatic browning of apples experiment - How to open command prompt in cisco packet tracer - Domain of cube root - Royal glamorgan hospital map - Clinical trial protocol template australia - Cambridge latin course book 2 stage 15 - Annual probable sunlight hours - Discussion question need only a paragraph will be great - Supply chain management - 5 promotion mix tools for communicating customer value - Loftus job centre number - On earth i am dead - Got lactase the co evolution of genes and culture answers - SECURITY ARCHITECTURE AND DESIGN (ISOL-536-M31) PHD IN IT - Blank p46 car form - Common investment banking questions - How to calculate trade discount and cash discount - Lagrange four square theorem calculator - Frito lay company cracker jack case analysis - Discussion: Case Conceptualization Part III - Anderson greenwood 81 series catalog - Biology chapter 18 assessment answers page 465 - IISP DISCUSSION-5-dumm - Broadmeadows multicultural early learning centre - Teaching assistant courses huddersfield - Two student responses - Snhu fin 320 final project part 3 - Torque on a dipole in a nonuniform electric field - He paid the debt lyrics paul williams - Rite aid pharmacy mission statement - 5e lesson plan examples math - 17th edition amendments free download - Schedules of reinforcement meaning - Is 300 mg of lamotrigine a lot - Malcolm sargent primary school