Transcription

CompTIASecurity SY0-401Fourth EditionDiane Barrett,Kalani K. Hausman,Martin Weiss800 East 96th Street, Indianapolis, Indiana 46240 USA

CompTIA Security SY0-401 Exam Cram, Fourth EditionCopyright 2015 by Pearson Education, Inc.Editor-in-ChiefDave DusthimerAll rights reserved. No part of this book shall be reproduced, stored ina retrieval system, or transmitted by any means, electronic, mechanical,photocopying, recording, or otherwise, without written permission fromthe publisher. No patent liability is assumed with respect to the use ofthe information contained herein. Although every precaution has beentaken in the preparation of this book, the publisher and author assumeno responsibility for errors or omissions. Nor is any liability assumed fordamages resulting from the use of the information contained herein.ISBN-13: 978-0-7897-5334-2ISBN-10: 0-7897-5334-0Library of Congress Control Number: 2015930248Printed in the United States of AmericaFirst Printing: February 2015AcquisitionsEditorBetsy BrownTrademarksCopy EditorKeith ClineAll terms mentioned in this book that are known to be trademarks or servicemarks have been appropriately capitalized. Que Publishing cannot attest tothe accuracy of this information. Use of a term in this book should not beregarded as affecting the validity of any trademark or service mark.Warning and DisclaimerEvery effort has been made to make this book as complete and as accurateas possible, but no warranty or fitness is implied. The information providedis on an “as is” basis. The authors and the publisher shall have neitherliability nor responsibility to any person or entity with respect to any loss ordamages arising from the information contained in this book or from the useof the CD or programs accompanying it.Special SalesFor information about buying this title in bulk quantities, or for special salesopportunities (which may include electronic versions; custom cover designs;and content particular to your business, training goals, marketing focus,or branding interests), please contact our corporate sales department [email protected] or (800) 382-3419.For government sales inquiries, please [email protected] questions about sales outside the U.S., please orEllie BruManaging EditorSandra SchroederSenior ProjectEditorTonya SimpsonIndexerErika MillenProofreaderMeganWade-TaxterTechnical EditorChris CraytonPublishingCoordinatorVanessa EvansMedia ProducerLisa MatthewsCover DesignerAlan ClementsCompositorStudio Galou

Contents at a GlanceIntroductionxxiiPart I: Network SecurityCHAPTER 1Secure Network Design1CHAPTER 2Network Implementation49Part II: Compliance and Operational SecurityCHAPTER 3Risk ManagementCHAPTER 4Response and Recovery83143Part III: Threats and VulnerabilitiesCHAPTER 5Attacks203CHAPTER 6Deterrents261Part IV: Application, Data, and Host SecurityCHAPTER 7Application Security291CHAPTER 8Host Security311CHAPTER 9Data SecurityPart V: Access Control and Identity ManagementCHAPTER 10Authentication, Authorization, and Access Control391CHAPTER 11Account Management421Part VI: CryptographyCHAPTER 12Cryptography Tools and Techniques439CHAPTER 13Public Key Infrastructure473Practice Exam 1491Index533On the CD:Practice Exam 2Glossary

ContentsIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiiPart I: Network SecurityCHAPTER 1Secure Network Design . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Implement Security Configuration Parameters on Network Devicesand Other Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Load Balancers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Proxies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Web Security Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7VPN Concentrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8NIDS and NIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Protocol Analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Spam Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12UTM Security Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Web Application Firewall Versus Network Firewall . . . . . . . . . . 14Application-Aware Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Cram Quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Cram Quiz Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Given a Scenario, Use Secure Network Administration Principles. . . . . 19Rule-Based Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20VLAN Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Secure Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 22Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23802.1X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Flood Guards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Loop Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Implicit Deny . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Network Separation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Log Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Unified Threat Management . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Cram Quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Cram Quiz Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Explain Network Design Elements and Components . . . . . . . . . . . . . 30DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Subnetting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Telephony . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37NAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Layered Security/Defense in Depth . . . . . . . . . . . . . . . . . . . . . 44Cram Quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Cram Quiz Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47CHAPTER 2Network Implementation. . . . . . . . . . . . . . . . . . . . . . . . . . 49Given a Scenario, Implement Common Protocols and Services . . . . . . 50Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65OSI Relevance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Cram Quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Cram Quiz Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Given a Scenario, Troubleshoot Security Issues Related toWireless Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70WPA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71WPA2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71WEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72EAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73PEAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73LEAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74MAC Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74Disable SSID Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75TKIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75CCMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Antenna Placement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

viCompTIA Security SY0-401 Exam CramPower-Level Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Captive Portals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Antenna Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Site Surveys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79VPN (Over Open Wireless). . . . . . . . . . . . . . . . . . . . . . . . . . . 80Cram Quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Cram Quiz Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Part II: Compliance and Operational SecurityCHAPTER 3Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Explain the Importance of Risk-Related Concepts . . . . . . . . . . . . . . . 84Control Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85False Positives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85False Negatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Importance of Policies in Reducing Risk . . . . . . . . . . . . . . . . . . 86Risk Calculation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90Qualitative Versus Quantitative Measures . . . . . . . . . . . . . . . . . 94Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Threat Vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Probability/Threat Likelihood . . . . . . . . . . . . . . . . . . . . . . . . . 95Risk-Avoidance, Transference, Acceptance, Mitigation,Deterrence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96Risks Associated with Cloud Computing and Virtualization . . . . . 96Recovery Time Objective and Recovery Point Objective . . . . . . . 97Cram Quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99Cram Quiz Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Summarize the Security Implications of Integrating Systems andData with Third Parties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101On-Boarding/Off-Boarding Business Partners . . . . . . . . . . . . . . 102Social Media Networks and/or Applications . . . . . . . . . . . . . . . . 103Interoperability Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . 104Privacy Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Risk Awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106Unauthorized Data Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Data Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Data Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

viiContentsFollow Security Policy and Procedures . . . . . . . . . . . . . . . . . . . 109Review Agreement Requirements to Verify Compliance andPerformance Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Cram Quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Cram Quiz Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Given a Scenario, Implement Appropriate Risk Mitigation Strategies . . 113Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Incident Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114User Rights and Permissions Reviews . . . . . . . . . . . . . . . . . . . . 115Perform Routine Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Enforce Policies and Procedures to Prevent Data Loss or Theft . . 117Enforce Technology Controls . . . . . . . . . . . . . . . . . . . . . . . . . 118Cram Quiz . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Cram Quiz Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Given a Scenario, Implement Basic Forensic Procedures . . . . . . . . . . . 122Order of Volatility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Capture System Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124Network Traffic and Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Capture Video . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Record Time Offset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126Take Hashes . . . . . . . . . . . . .