Data Loading...
9781800564244 Flipbook PDF
No description
123 Views
82 Downloads
FLIP PDF 1.9MB
ms
U
th
xa
s
f or
NPEDAW TE
d
Rev i
& U p da
te
ed
e L atest
E
CompTIA Security+: SY0-601
Certification Guide Second Edition Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt
Ian Neil FOR SALE IN INDIA ONLY
CompTIA Security+: SY0-601 Certification Guide Second Edition Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt
Ian Neil
BIRMINGHAM—MUMBAI
CompTIA Security+: SY0-601 Certification Guide Second Edition Copyright © 2020 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Commissioning Editor: Vijin Boricha Acquisition Editor: Rahul Nair Senior Editor: Arun Nadar Content Development Editor: Pratik Andrade Technical Editor: Yoginee Marathe Copy Editor: Safis Editing Project Coordinator: Neil Dmello Proofreader: Safis Editing Indexer: Safis Editing Production Designer: Shantanu Zagade First published: September 2018 Second Edition published December 2020, updated November 2021 Production reference: 2031121 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-80056-424-4 www.packt.com
Packt.com
Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.
Why subscribe? • Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals • Improve your learning with Skill Plans built especially for you • Get a free eBook or video every month • Fully searchable for easy access to vital information • Copy and paste, print, and bookmark content Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.
Contributors About the author Ian Neil is one of the world's top trainers of Security+. He is able to break down information into manageable chunks so that people with no background knowledge can gain the skills required to become certified. He has recently worked for the US Army in Europe and designed a Security+ course that catered to people from all backgrounds (not just IT professionals), with an extremely successful pass rate. He is an MCT, MCSE, A+, Network+, Security+, CASP, and RESILIA practitioner, who, over the past 23 years, has worked with high-end training providers and was one of the first technical trainers to train Microsoft internal staff when they opened their Bucharest Office in 2006.
About the reviewers Crystal Voiles is an IT specialist with more than 30 years of IT experience ranging from help desk support, desktop support, system administration, and cyber security support. For the last 10 years, she has served as a cyber security specialist, managing several cyber security tools, including Assured Compliance Assessment Solution (ACAS), Host-Based Security System (HBSS), Tanium, System Center Configuration Manager (SCCM), and Enterprise Mission Assurance Support Service (eMASS). Currently serving as the Information Systems Security Manager (ISSM) for a small medical organization responsible for coordination and execution of security policies and controls, as well as assessing vulnerabilities within a medical company. She is responsible for data and network security processing, security systems management, and security violation investigations. She manages backup and security systems, employee training for approximately 900 end user accounts, security planning measures, and recovery of data in disaster testing situations. Her certifications include Certified Information Systems Security Professional (CISSP), CompTIA Advanced Security Practitioner (CASP+), Security +, Microsoft Certified Professional (MCP), SCCM, and ITIL Foundations.
Rebecca Moffitt is an experienced information security and risk consultant with 8 years of experience in the industry. Rebecca joined QA in October of 2018, and since then has been working as a cyber security technical specialist. Her areas of training have been primarily related to cyber security, information security, information assurance, and risk management. She most recently obtained her CISM via ISACA, and her CSRM via PECB. She is a certified Information Security Management Systems Lead Implementer and is proficient in ISO 27001, 27002, 27005, and has knowledge of ISO 31000, 27035, and 19011, as well as various cyber, information, and risk frameworks. Rebecca is passionate about her profession and has spent time working with the younger generations, raising their awareness of the field of cyber/information security and sparking enthusiasm in them about a potential career in cyber security.
On a personal level, Rebecca is Canadian. The country lifestyle is rooted within her. She loves all things related to the East Coast lifestyle: kitchen parties, country music, and fiddleheads. I would like to thank my family always, for their continual love and support. - Rebecca Moffitt
Sunil Gupta is an experienced computer programmer and cybersecurity expert and consults in Information Technology with a focus on cybersecurity. He is an invited speaker for, and a member of, many key organizations. Sunil has helped many organizations around the Globe, including Barclays Bank; Aviation College Qatar (QATAR); Ethiopian Airlines; Telecom Authority Tanzania; NCB Bank (Saudi Arabia); Accenture (India); Afghan Wireless (Afghanistan); and many more. Currently, he teaches online over 60,000 students in more than 170 countries and some of his best work has been published by major publishing houses. Some of his best courses include: End-to-End Penetration Testing with Kali Linux and Threat and Vulnerability Assessment for Enterprises. His cybersecurity certifications include SSCP Certification (Systems Security Certified Practitioner), Bug Bounty Program Certification, and more.
Packt is searching for authors like you If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.
Table of Contents Preface Objectives for the CompTIA Security+ 601 exam
Section 1: Security Aims and Objectives
1
Understanding Security Fundamentals Security Fundamentals
4
CIA Triad Concept Least Privilege Defense in Depth Model
4 5 5
Comparing Control Types
6
Managerial Controls Operational Controls Technical Controls Deterrent Controls Detective Controls Corrective Controls Compensating Controls Preventative Controls Access Controls Discretionary Access Control Mandatory Access Control
7 7 8 8 9 9 9 10 10 11 12
Role-Based Access Control Rule-Based Access Control Attribute-Based Access Control Group-Based Access Control Linux-Based Access Control
12 13 13 13 13
Physical Security Controls
15
Perimeter Security Building Security Device Protection
15 17 18
Understanding Digital Forensics 19 Five-Minute Practical Collection of Evidence Cloud Forensics
21 21 26
Review Questions
27
ii Table of Contents
2
Implementing Public Key Infrastructure PKI Concepts
30
Certificate Hierarchy Certificate Trust Certificate Validity Certificate Management Concepts Types of Certificates
30 33 34 35 36
Asymmetric and Symmetric Encryption
39
Encryption Explained Digital Signatures Explained Cryptography Algorithms and Their Characteristics Symmetric Algorithms Asymmetric Algorithms Symmetric versus Asymmetric Analogy Lightweight Cryptography XOR Encryption
44 44 45 46 46 47
Key Stretching Algorithms Salting Passwords Cipher Modes
47 48 48
Stream versus Block Cipher Analogy Modes of Operation
48 48
Quantum Computing Blockchain and the Public Ledger Hashing and Data Integrity Comparing and Contrasting the Basic Concepts of Cryptography
50
Asymmetric – PKI Symmetric Algorithm – Modes of Operation Hashing Algorithms
39 42
50 51 51 51 52 53
Crypto Service Provider Crypto Module Data Protection
53 53 53
Basic Cryptographic Terminologies
55
Obfuscation Pseudo-Random Number Generator Nonce Perfect Forward Secrecy Security through Obscurity Collision Steganography Homomorphic Encryption Diffusion Implementation Decisions
55 55 55 55 55 56 56 56 56 56
Common Use Cases for Cryptography
56
Supporting Confidentiality Supporting Integrity Supporting Non-Repudiation Supporting Obfuscation Low-Power Devices High Resiliency Supporting Authentication Resource versus Security Constraints
57 57 57 57 58 58 58 58
Practical Exercises
58
Practical Exercise 1 – Building a Certificate Server Practical Exercise 2 – Encrypting Data with EFS and Stealing Certificates Practical Exercise 3 – Revoking the EFS Certificate
Review Questions
59 60 61
61
Table of Contents iii
3
Investigating Identity and Access Management Understanding Identity and Access Management Concepts Identity Types Account Types Authentication Types
66 66 68 70
Security Tokens and Devices Certificate-Based Authentication
70 71
Implementing Authentication and Authorization Solutions
73
Authentication Management Authentication Protocols Authentication, Authorization, and Accounting (AAA) Servers Access Control Schemes
Summarizing Authentication and Authorization Design Concepts
Directory Services
84
Cloud versus On-Premises Authentication
96
On-Premises In the Cloud
96 97
Common Account Management Policies
98
75 77
Account Creation Employees Moving Departments Account Recertification Account Maintenance Account Monitoring Security Information and Event Management
83
Practical Exercise – Password Policy Review Questions
73 74
98 98 99 100 100 100
107 107
4
Exploring Virtualization and Cloud Concepts Overview of Cloud Computing Implementing Different Cloud Deployment Models Understanding Cloud Service Models Infrastructure as a Service (IaaS) Software as a Service (SaaS) Platform as a Service (PaaS) Security as a Service (SECaaS) Anything as a Service (XaaS)
112 114 117 118 119 122 122 123
Understanding Cloud Computing Concepts Understanding Cloud Storage Concepts Selecting Cloud Security Controls High Availability Access Zones Resource Policies Secret Management Integration and Auditing Storage
123 126 128 128 128 128 128 129
iv Table of Contents Networks Compute Solutions
130 132 132
Exploring the Virtual Network Environments Review Questions
133 137
Section 2: Monitoring the Security Infrastructure
5
Monitoring, Scanning, and Penetration Testing Penetration Testing Concepts Rules of Engagement (ROE) Network Exploitation Techniques
142 142 143
Passive and Active Reconnaissance
144
Reconnaissance Tools
144
Exercise Types 145 Vulnerability Scanning Concepts 146 Credentialed versus Non-Credentialed Scans Intrusive versus Non-Intrusive
Vulnerability Scans Other Types of Scans That Can Be Performed Penetration Testing versus Vulnerability Scanning
Syslog/Security Information and Event Management Security Orchestration, Automation, and Response Threat Hunting
148
Review Questions
148 149 149
150 153 154
155
6
Understanding Secure and Insecure Protocols Introduction to Protocols Insecure Protocols and Their Use Cases Secure Protocols and Their Use Cases Additional Use Cases and Their Protocols
158 159 164 167
Subscription Services and Their Protocols Routing and Its Protocols Switching and Its Protocols Active Directory (Directory Services) and Its Protocols
Review Questions
168 168 170 171
171
Table of Contents v
7
Delving into Network and Security Concepts Installing and Configuring Network Components Firewall Network Address Translation Gateway Router Access Control List – Network Devices Switch Tap/Port Mirror Aggregation Switches Honeypot Honeyfile Fake Telemetry Proxy Server Jump Servers Load Balancer
Remote Access Capabilities IPSec VPN Concentrator Split Tunneling Remote Support
174 174 177 177 178 179 181 181 181 182 182 182 185 185
187 188 189 191 191
Secure Network Architecture Concepts
192
Software-Defined Network
192
Network Segmentation Intrusion Prevention System Intrusion Detection System Modes of Operation Sensor/Collector Monitoring Data Network Access Control Domain Name System DNS Poisoning DNS Sinkhole
Network Reconnaissance and Discovery Exploitation Frameworks
Forensic Tools IP Addressing IP Schema IP Version 4 Subnet Mask CIDR Mask Network Address Allocation IP Version 6 Addressing
Review Questions
194 196 196 197 197 197 198 199 201 202
203 217
217 219 219 219 220 220 221 223
224
8
Securing Wireless and Mobile Solutions Implementing Wireless Security Wireless Access Point Controllers Securing Access to Your WAP Wireless Bandwidth/Band Selection
228 229 229 231
Wireless Channels Wireless Antenna Types Wireless Coverage Wireless – Open System Authentication Wireless Encryption
232 232 232 234 234
vi Table of Contents Wireless Captive Portals Wireless Attacks Wireless Authentication Protocols
Deploying Mobile Devices Securely Mobile Device Management Bring Your Own Device Choose Your Own Device Corporate-Owned Personally-Enabled
236 236 237
238 238 238 239 239
Mobile Device Connection Methods Mobile Device Management Concepts Device Management Device Protection Device Data Mobile Device Enforcement and Monitoring
Review Questions
240 242 243 244 244 245
248
Section 3: Protecting the Security Environment
9
Identifying Threats, Attacks, and Vulnerabilities Virus and Malware Attacks Social Engineering Attacks Threat Actors Advanced Attacks Password Attacks Physical Attacks On-Path Attacks Network Attacks
254 257 263 264 264 268 270 271
Application/Programming Attacks Hijacking-Related Attacks Driver Manipulation Cryptographic Attacks Security Concerns with Various Type of Vulnerabilities Cloud vs. On-Premises Vulnerabilities Third-Party Risks
Review Questions
276 285 286 287 287 288 289
292
10
Governance, Risk, and Compliance Risk Management Processes and Concepts Risk Types Risk Management Strategies Risk Analysis Calculating Loss
296 297 298 299 302
Disasters Business Impact Analysis Concepts
Threat Actors, Vectors, and Intelligence Concepts Threat Actors Attack Vectors
303 303
305 305 307
Table of Contents vii Threat Intelligence Sources Research Sources
308 312
The Importance of Policies for Organizational Security
313
Personnel Diversity of Training Techniques Third-Party Risk Management Data Credential Policies Organizational Policies
313 316 317 318 319 320
Regulations, Standards, and Legislation Key Frameworks Benchmarks/Secure Configuration Guides
320 321 324
Privacy and Sensitive Data Concepts Data Sovereignty Legal implications Geographic considerations Organizational Consequences of Privacy Breaches Notifications of Breaches Data Types Privacy-Enhancing Technologies Data Roles and Responsibilities Information Life Cycle Impact Assessment Terms of Agreement Privacy Notice
Review Questions
325 325 325 325 326 326 327 328 329 330 331 331 331
332
11
Managing Application Security Implementing Host or Application Security Boot Integrity Endpoint Protection Databases Application Security Hardening Full Disk Encryption (FDE) Self-Encrypting Drives (SEDs)
Understanding the Security Implications of Embedded and Specialist Systems Internet of Things (IoT) Real-Time Operating System (RTOS) Multifunctional Printers (MFPs) Surveillance Systems System on a Chip (SoC)
336 336 337 338 340 342 344 344
345 345 348 348 348 348
Heating, Ventilation, and Air Conditioning (HVAC) Specialized Devices Embedded Systems Supervisory Control and Data Acquisition (SCADA) Industrial Control System Communication Considerations Constraints
Understanding Secure Application Development, Deployment, and Automation Software Diversity Elasticity Scalability Environment Automation/Scripting
349 350 351 352 353 353 354
355 355 355 355 356 357
viii Table of Contents Provisioning and Deprovisioning Version Control Integrity Measurement Secure Coding Techniques
357 358 358 358
Open Web Application Security Project (OWASP)
Review Questions
362
363
12
Dealing with Incident Response Procedures Incident Response Procedures 366 Response and Recovery Controls Disaster Recovery Exercises Attack Frameworks Stakeholder Management Continuity of Operations Planning (COOP)
Utilizing Data Sources to Support Investigations Vulnerability Scan Output SIEM Dashboards Log Files Log Managers journalctl NXLog Bandwidth Monitors Metadata Network Monitoring Protocol Analyzer Output
367 367 368 370 372
373 373 374 374 376 376 376 377 377 378 378
Knowing How to Apply Mitigation Techniques or Controls to Secure an Environment Reconfigure Endpoint Security Solutions Application Approved List Application Block List/Deny List Quarantine Configuration Management Isolation Containment Segmentation Security Orchestration, Automation, and Response (SOAR)
Implementing Cybersecurity Resilience Redundancy
Review Questions
378 378 379 379 379 379 380 381 381 381
382 382
393
Table of Contents ix
Section 4: Mock Tests
13
Mock Exam 1 Mock Exam 1 Solutions
14
Mock Exam 2 Mock Exam 2 Solutions Chapter Review Solutions Other Books You May Enjoy Index
CompTIA Security+: SY0-601 Certification Guide Second Edition The CompTIA Security+ certification confirms that you have the fundamental knowledge required to perform core security functions and pursue a career in IT security. Authored by Ian Neil, a world-class CompTIA Security+ 601 trainer, this book is a best-in-class study guide that fully covers the CompTIA Security+ 601 exam objectives. Complete with self-assessment scenarios and realistic exam questions, this guide will help you master the core concepts to pass the exam the first time you take it. With the help of relevant examples, you'll learn about fundamental security concepts, from certificates and encryption to identity and access management (IAM). You'll then delve into the important domains of the exam, namely, cloud security, threats, attacks and vulnerabilities, technologies and tools, architecture and design, risk management, and cryptography and public key infrastructure (PKI). This book comes with over 600 practice questions with detailed explanations and includes two mock exams to help you test yourself. By the end of this book, you will understand the application of core Security+ concepts in the real world and be ready to take the exam with confidence.
Things you will learn: • • • •
Get to grips with security fundamentals, from the CIA triad through to IAM Explore cloud security and techniques used in penetration testing Discover different authentication methods and troubleshoot security issues Secure the devices and applications that are used by your company
• • • •
Identify and protect against various types of malware and virus Protect your environment against social engineering and advanced attacks Understand and implement PKI concepts Delve into secure application development, deployment, and automation concepts
FOR SALE IN INDIA ONLY