| Chapter 1: Introduction and Security Trends |
- The Security Problem
- Security Incidents
- Threats to Security
- Security Trends
- Avenues of Attack
- The Steps in an Attack
- Minimizing Possible Avenues of Attack
- Types of Attacks
- Chapter Review
|
| Chapter 2: General Security Concepts |
- Basic Security Terminology
- Security Basics
- Access Control
- Authentication
- Security Models
- Confidentiality Models
- Integrity Models
- Chapter Review
|
| Chapter 3: Operational/ Organizational Security |
- Security Operations in Your Organization
- Policies, Procedures, Standards, and Guidelines
- The Security Perimeter
- Physical Security
- Access Controls
- Physical Barriers
- Social Engineering
- Environment
- Wireless
- Electromagnetic Eavesdropping
- Location
- Chapter Review
|
| Chapter 4: The Role of People in Security |
- People-A Security Problem
- Poor Security Practices
- Social Engineering
- People as a Security Tool
- Chapter Review
|
| Chapter 5: Cryptography |
- Algorithms
- Hashing
- SHA
- Message Digest (MD)
- Hashing Summary
- Symmetric Encryption
- DES
- 3DES
- AES
- CAST
- RC
- Blowfish
- IDEA
- Symmetric Encryption Summary
- Asymmetric Encryption
- RSA
- Diffie-Hellman
- ElGamal
- ECC
- Asymmetric Encryption Summary
- Usage
- Confidentiality
- Integrity
- Nonrepudiation
- Authentication
- Digital Signatures
- Key Escrow
- Chapter Review
|
| Chapter 6: Public Key Infrastructure |
- The Basics of Public Key Infrastructures
- Certificate Authorities
- Registration Authorities
- Local Registration Authorities
- Certificate Repositories
- Trust and Certificate Verification
- Digital Certificates
- Certificate Attributes
- Certificate Extensions
- Certificate Lifecycles
- Centralized or Decentralized Infrastructures
- Private Key Protection
- Public Certificate Authorities
- In-House Certificate Authorities
- Outsourced Certificate Authorities
- Tying Different PKIs Together
- Certificate Usage
- Chapter Review
|
| Chapter 7: Standards and Protocols |
- PKIX/PKCS
- PKIX Standards
- PKCS
- Why You Need to Know
- X.509
- SSL/TLS
- ISAKMP
- CMP
- XKMS
- S/MIME
- IETF S/MIME v3 Specifications
- PGP
- How It Works
- Where Can You Use PGP?
- HTTPS
- IPSec
- CEP
- FIPS
- Common Criteria (CC)
- WTLS
- WEP
- ISO 17799
- Chapter Review
|
| Chapter 8: The Impact of Physical Security on Network Security |
- The Problem
- Physical Security Safeguards
- Policies and Procedures
- Access Controls
- Authentication
- Chapter Review
|
| Chapter 9: Network Fundamentals |
- Network Architectures
- Network Topology
- Network Protocols
- Packet Delivery
- Local Packet Delivery
- Remote Packet Delivery
- Subnetting
- Network Address Translation
- Chapter Review
|
| Chapter 10: Infrastructure Security |
- Devices
- Workstations
- Servers
- Network Interface Cards (NICs)
- Hubs
- Bridges
- Switches
- Routers
- Firewalls
- Wireless
- Modems
- RAS
- Telecom/PBX
- VPN
- IDS
- Network Monitoring/Diagnostic
- Mobile Devices
- Media
- Coax
- UTP/STP
- Fiber
- Unguided Media
- Security Concerns for Transmission Media
- Removable Media
- Magnetic Media
- Optical Media
- Electronic Media
- Security Topologies
- Tunneling
- Chapter Review
|
| Chapter 11: Remote Access |
- The Remote Access Process
- Identification
- Authentication
- Authorization
- Telnet
- SSH
- L2TP and PPTP
- IEEE 802.11
- VPN
- IPSec
- IPSec Configurations
- IPSec Security
- IEEE 802.1x
- RADIUS
- RADIUS Authentication
- RADIUS Authorization
- RADIUS Accounting
- DIAMETER
- TACACS+
- TACACS+ Authentication
- TACACS+ Authorization
- TACACS+ Accounting
- Vulnerabilities
- Connection Summary
- Chapter Review
|
| Chapter 12: Wireless and Instant Messaging |
- Wireless
- Instant Messaging
- Chapter Review
|
| Chapter 13: Intrusion Detection Systems |
- History of Intrusion Detection Systems
- IDS Overview
- Host-Based Intrusion Detection Systems
- Advantages of Host-Based IDSs
- Disadvantages of Host-Based IDSs
- Active vs. Passive Host-Based IDSs
- Network-Based Intrusion Detection Systems
- Advantages of a Network-Based IDS
- Disadvantages of a Network-Based IDS
- Active vs. Passive Network-Based IDSs
- Signatures
- False Positives and Negatives
- IDS Models
- Preventative Intrusion Detection Systems
- IDS Products and Vendors
- Honeypots
- Incident Response
- Chapter Review
|
| Chapter 14: Security Baselines |
- Overview Baselines
- Password Selection
- Password Policy Guidelines
- Selecting a Password
- Components of a Good Password
- Password Aging
- Operating System and Network Operating System Hardening
- Hardening Microsoft Operating Systems
- Hardening UNIX- or Linux-Based Operating Systems
- Network Hardening
- Software Updates
- Device Configuration
- Ports and Services
- Traffic Filtering
- Application Hardening
- Application Patches
- Web Servers
- Mail Servers
- FTP Servers
- DNS Servers
- File and Print Services
- Active Directory
- Chapter Review
|
| Chapter 15: Attacks and Malware |
- Attacking Computer Systems and Networks
- Denial-of-Service Attacks
- Backdoors and Trapdoors
- Sniffing
- Spoofing
- Man-in-the-Middle Attacks
- Replay Attacks
- TCP/IP Hijacking
- Attacks on Encryption
- Password Guessing
- Software Exploitation
- Wardialing and WarDriving
- Social Engineering
- Malware
- Auditing
- Chapter Review
|
| Chapter 16: E-mail |
- Security of E-mail Transmissions
- Malicious Code
- Hoax E-mails
- Unsolicited Commercial E-mail (Spam)
- Mail Encryption
- Chapter Review
|
| Chapter 17: Web Components |
- Current Web Components and Concerns
- Protocols
- Encryption (SSL and TLS)
- The Web (HTTP and HTTPS)
- Web Services
- Directory Services (DAP and LDAP)
- File Transfer (FTP and SFTP)
- Vulnerabilities
- Code-Based Vulnerabilities
- Buffer Overflows
- Java and JavaScript
- ActiveX
- CGI
- Server-Side Scripts
- Cookies
- Signed Applets
- Browser Plug-Ins
- Chapter Review
|
| Chapter 18: Software Development |
- The Software Engineering Process
- Process Models
- ROI and Error Correction
- Secure Code Techniques
- Good Practices
- Chapter Review
|
| Chapter 19: Disaster Recovery, Business Continuity, and Organizational Policies |
- Disaster Recovery
- Disaster Recovery Plans/Process
- Backups
- Utilities
- Secure Recovery
- High Availability and Fault Tolerance
- Computer Incident Response Teams
- Test, Exercise, and Rehearse
- Policies and Procedures
- Security Policies
- Privacy
- Service Level Agreements
- Human Resources Policies
- Code of Ethics
- Incident Response Policies
- Chapter Review
|
| Chapter 20: Risk Management |
- An Overview of Risk Management
- Macro-Level Example of Risk Management:
- International Banking
- Key Terms Essential to Understanding Risk Management
- What Is Risk Management?
- Business Risks
- Examples of Business Risks
- Examples of Technology Risks
- Risk Management Models
- General Risk Management Model
- Software Engineering Institute Model
- Qualitatively Assessing Risk
- Quantitatively Assessing Risk
- Qualitative vs. Quantitative Risk Assessment
- Tools
- Chapter Review
|
| Chapter 21: Change Management |
- Why Change Management?
- The Key Concept: Segregation of Duties
- Elements of Change Management
- Implementing Change Management
- The Purpose of a Change Control Board
- Code Integrity
- The Capability Maturity Model
- Chapter Review
|
| Chapter 22: Privilege Management |
- User, Group, and Role Management
- Single Sign-On
- Centralized vs. Decentralized Management
- Centralized Management
- Decentralized Management
- The Decentralized, Centralized Model
- Auditing (Privilege, Usage, and Escalation)
- Privilege Auditing
- Usage Auditing
- Escalation Auditing
- Handling Access Control (MAC, DAC, and RBAC)
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
- Role-Based Access Control (RBAC)
- Chapter Review
|
| Chapter 23: Computer Forensics |
- Evidence
- Standards for Evidence
- Types of Evidence
- Three Rules Regarding Evidence
- Collecting Evidence
- Acquiring Evidence
- Identifying Evidence
- Protecting Evidence
- Transporting Evidence
- Storing Evidence
- Conducting the Investigation
- Chain of Custody
- Free Space vs. Slack Space
- What's This Message Digest and Hash?
- Analysis
- Chapter Review
|
| Chapter 24: Security and Law |
- Import/Export Encryption Restrictions
- United States Law
- Non-U.S. Laws
- Digital Signature Laws
- Digital Rights Management
- Privacy Laws
- United States Laws
- European Laws
- Computer Trespass
- Ethics
- Chapter Review
|
| Appendix A: About the CD-ROM |
- System Requirements
- LearnKey Online Training
- Installing and Running MasterExam
- Help
- Removing Installation(s)
- Technical Support
- LearnKey Technical Support
|
| Appendix B: About the Security+ Exam |
- SSCP Exam
- SSCP Body of Knowledge
|
| Glossary |
|
2005 McGraw-Hill Higher Education