CompTIA Security+ Guide to Network Security Fundamentals

Read more

Reflecting the latest developments and emerging trends from the field, Ciampa's COMPTIA SECURITY+ GUIDE TO NETWORK SECURITY FUNDAMENTALS, 8th Edition, helps you prepare for professional certification and career success. The text fully maps to the new CompTIA Security+ SY0-701 Certification Exam, providing thorough coverage of all domain objectives. In addition to its comprehensive coverage of the fundamental essentials of network and computer security, the 8th edition includes expanded coverage of information security management, artificial intelligence, compliance, cryptography and cloud and virtualization security. Practical, Hands-On Projects, case activities and online virtual labs help you put what you learn into real-world practice.

List of contents

I. SECURITY FOUNDATIONS.
1. Introduction to Information Security.
a. What is Information Security?
i. Understanding Security.
ii. Principles of Security.
iii. Cybersecurity Versus Information Security.
iv. Defining Information Security.
b. Threat actors and Their Motivations.
i. Unskilled Attackers.
ii. Shadow IT.
iii. Organized Crime.
iv. Insider Threats.
v. Hacktivists.
vi. Nation-state Actors.
vii. Other Threat Actors.
c. How Attacks Occur.
i. Threat Vectors and Attack Surfaces.
ii. Categories of Vulnerabilities.
iii. Impacts of Attacks.
d. Information Security Resources.
i. Frameworks.
ii. Regulations.
iii. Legislation.
iv. Standards.
v. Benchmarks/Secure Configuration Guides.
vi. Information Sources.
2. Pervasive Attack Surfaces and Controls.
a. Social Engineering Attacks.
i. Examples of Human Manipulation.
ii. Types of Social Engineering Attacks.
b. Physical Security Controls.
i. Perimeter Defenses.
ii. Preventing Data Leakage.
iii. Computer Hardware Security.
c. Data Controls.
i. Data Classifications.
ii. Types of Data.
iii. Data Breach Consequences.
iv. Protecting Data.
II. CRYPTOGRAPHY.
3. Fundamentals of Cryptography.
a. Defining Cryptography.
i. Steganography: Hiding the message.
ii. Cryptography: Hiding the meaning.
iii. Benefits of Cryptography.
b. Cryptographic Algorithms.
i. Variations of Algorithms.
ii. Hash Algorithms.
iii. Symmetric Cryptographic Algorithms.
iv. Asymmetric Cryptographic Algorithms.
c. Using Cryptography.
i. Encryption Through Software.
ii. Hardware Encryption.
iii. Blockchain.
d. Cryptographic Limitations and Attacks.
i. Limitations of Cryptography.
ii. Attacks on Cryptography.
4. Advanced Cryptography.
a. Digital Certificates.
i. Defining Digital Certificates.
ii. Managing Digital Certificates.
iii. Types of Digital Certificates.
b. Public Key Infrastructure (PKI).
i. What is Public Key Infrastructure (PKI)?
ii. Trust Models.
iii. Managing PKI.
iv. Key Management.
c. Secure Communication and Transport Protocols.
i. Transport Layer Security (TLS).
ii. IP Security (IPSec).
iii. Other Protocols.
d. Implementing Cryptography.
i. Key Strength.
ii. Secret Algorithms.
iii. Block Cipher Modes of Operation.
III. DEVICE SECURITY.
5. Endpoint Vulnerabilities, Attacks, and Defenses.
a. Malware Attacks.
i. Kidnap.
ii. Eavesdrop.
iii. Masquerade.
iv. Launch.
v. Sidestep.
vi. Indicator of Attack (IoA).
b. Application Vulnerabilities and Attacks.
i. Application Vulnerabilities.
ii. Application Attacks.
c. Securing Endpoint Devices.
i. Protecting Endpoints.
ii. Hardening Endpoints.
6. Mobile and Embedded Device Security.
a. Securing Mobile Devices.
i. Introduction to Mobile Devices.
ii. Mobile Device Risks.
iii. Protecting Mobile Devices.
b. Embedded Systems and Specialized Devices.
i. Types of Devices.
ii. Security Considerations.
c. Application Security.
i. Application Development Concepts.
ii. Secure Coding Techniques.
iii. Code Testing.
7. Identity and Access Management (IAM).
a. Types of Authentication Credentials.
i. Something You Know: Passwords.
ii. Something You Have: Tokens and Security Keys.
iii. Something You Are: Biometrics.
iv. Something You Do: Behavioral biometrics.
b. Authentication Best Practices.
i. Securing Passwords.
ii. Secure Authentication Technologies.
c. Access Controls.
i. Access Control Schemes.
ii. Access Control Lists.
IV. INFRASTRUCTURE AND ARCHITECTURES.
8. Infrastructure Threats and Security Monitoring.
a. Attacks on Networks.
i. On-Path Attacks.
ii. Domain Name System (DNS) Attacks.
iii. Distributed Denial of Service (DDoS).
iv. Malicious Coding and Scripting Attacks.
v. Layer 2 Attacks.
vi. Credential Relay Attacks.
b. Security Monitoring and Alerting.
i. Monitoring Methodologies.
ii. Monitoring Activities.
iii. Tools for Monitoring and Alerting.
c. Email Monitoring and Security.
i. How Email Works.
ii. Email Threats.
iii. Email Defenses.
9. Infrastructure Security.
a. Security Appliances.
i. Common Network Devices.
ii. Infrastructure Security Hardware.
b. Software Security

About the author

Dr. Mark Ciampa is a professor of information systems in the Gordon Ford College of Business at Western Kentucky University in Bowling Green, Kentucky. Prior to this current role, he served as an associate professor and the director of academic computing at Volunteer State Community College in Gallatin, Tennessee, for 20 years. Dr. Ciampa has worked in the IT industry as a computer consultant for businesses, government agencies and educational institutions. He has published more than 20 articles in peer-reviewed journals and has written more than 25 technology textbooks, including CompTIA CySA+ Guide to Cybersecurity Analyst, Security+ Guide to Network Security Fundamentals, Security Awareness: Applying Practical Security in Your World, CWNA Guide to Wireless LANS, and Guide to Wireless Communications. Dr. Ciampa holds a Ph.D. in technology management with a specialization in digital communication systems from Indiana State University and has certifications in security and healthcare.

Summary

Reflecting the latest developments and emerging trends from the field, Ciampa's COMPTIA SECURITY+ GUIDE TO NETWORK SECURITY FUNDAMENTALS, 8th Edition, helps you prepare for professional certification and career success. The text fully maps to the new CompTIA Security+ SY0-701 Certification Exam, providing thorough coverage of all domain objectives. In addition to its comprehensive coverage of the fundamental essentials of network and computer security, the 8th edition includes expanded coverage of information security management, artificial intelligence, compliance, cryptography and cloud and virtualization security. Practical, Hands-On Projects, case activities and online virtual labs help you put what you learn into real-world practice.