Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
Comptia Security+ Sy0-601 Exam Cram
Taschenbuch von Martin Weiss
Sprache: Englisch

46,50 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Aktuell nicht verfügbar

Kategorien:
Beschreibung

CompTIA® Security+ SY0-601 Exam Cram
, is the perfect study guide to help you pass the newly updated version of the CompTIA Security+ exam. It provides coverage and practice questions for every exam topic. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time practice and feedback with two complete exams.

Covers the critical information you'll need to know to score higher on your Security+ SY0-601 exam!

  • Assess the different types of attacks, threats, and vulnerabilities organizations face
  • Understand security concepts across traditional, cloud, mobile, and IoT environments
  • Explain and implement security controls across multiple environments
  • Identify, analyze, and respond to operational needs and security incidents
  • Understand and explain the relevance of concepts related to governance, risk, and compliance

Exclusive State-of-the-Art Web-based Test Engine with Practice Questions

Make sure you're 100% ready for the real exam!

  • Detailed explanations of correct and incorrect answers
  • Multiple test modes
  • Random questions and order of answers
  • Coverage of each current Security+ exam objective

CompTIA® Security+ SY0-601 Exam Cram
, is the perfect study guide to help you pass the newly updated version of the CompTIA Security+ exam. It provides coverage and practice questions for every exam topic. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time practice and feedback with two complete exams.

Covers the critical information you'll need to know to score higher on your Security+ SY0-601 exam!

  • Assess the different types of attacks, threats, and vulnerabilities organizations face
  • Understand security concepts across traditional, cloud, mobile, and IoT environments
  • Explain and implement security controls across multiple environments
  • Identify, analyze, and respond to operational needs and security incidents
  • Understand and explain the relevance of concepts related to governance, risk, and compliance

Exclusive State-of-the-Art Web-based Test Engine with Practice Questions

Make sure you're 100% ready for the real exam!

  • Detailed explanations of correct and incorrect answers
  • Multiple test modes
  • Random questions and order of answers
  • Coverage of each current Security+ exam objective
Über den Autor

Marty M. Weiss has spent most of his career in information security and risk management, helping large organizations. Marty holds a bachelor of science degree in computer studies from the University of Maryland University College and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He holds several certifications, including CISSP, CISA, and Security+. Marty has authored and coauthored more than a half-dozen books on information technology, many that have been described as riveting and Dostoevsky-esque in reviews by his mother. A Florida native, he now lives in New England.

Inhaltsverzeichnis

Introduction . . . . . . . . . . . . . . . . . . . . . . xxvii Part I: Attacks, Threats, and Vulnerabilities 1 CHAPTER 1: Social Engineering Techniques.. . . . . . . . . . . . . . . . 3 The Social Engineer.. . . . . . . . . . . . . . . . . . 4 Phishing and Related Attacks.. . . . . . . . . . . . . . . 6 Principles of Influence (Reasons for Effectiveness). . . . . . . . 10 What Next?.. . . . . . . . . . . . . . . . . . . . . 14 CHAPTER 2: Attack Basics.. . . . . . . . . . . . . . . . . . . . . . 15 Malware. . . . . . . . . . . . . . . . . . . . . . . 16 Physical Attacks.. . . . . . . . . . . . . . . . . . . . 26 Adversarial Artificial Intelligence (AI).. . . . . . . . . . . . 27 Password Attacks. . . . . . . . . . . . . . . . . . . . 28 Downgrade Attacks.. . . . . . . . . . . . . . . . . . . 31 What Next?.. . . . . . . . . . . . . . . . . . . . . 34 CHAPTER 3: Application Attacks.. . . . . . . . . . . . . . . . . . . . 35 Race Conditions.. . . . . . . . . . . . . . . . . . . . 36 Improper Software Handling.. . . . . . . . . . . . . . . 37 Resource Exhaustion.. . . . . . . . . . . . . . . . . . 37 Overflows.. . . . . . . . . . . . . . . . . . . . . . 38 Code Injections. . . . . . . . . . . . . . . . . . . . 39 Driver Manipulation.. . . . . . . . . . . . . . . . . . 40 Request Forgeries.. . . . . . . . . . . . . . . . . . . 41 Directory Traversal.. . . . . . . . . . . . . . . . . . . 44 Replay Attack.. . . . . . . . . . . . . . . . . . . . . 45 Secure Sockets Layer (SSL) Stripping.. . . . . . . . . . . . 45 Application Programming Interface (API) Attacks.. . . . . . . . 47 Pass-the-Hash Attack. . . . . . . . . . . . . . . . . . 49 What Next?.. . . . . . . . . . . . . . . . . . . . . 52 CHAPTER 4: Network Attacks.. . . . . . . . . . . . . . . . . . . . . 53 Wireless. . . . . . . . . . . . . . . . . . . . . . . 54 On-Path Attack. . . . . . . . . . . . . . . . . . . . 58 Layer 2 Attacks. . . . . . . . . . . . . . . . . . . . 59 Domain Name System (DNS) Attacks.. . . . . . . . . . . . 62 Denial of Service. . . . . . . . . . . . . . . . . . . . 64 Malicious Code and Script Execution.. . . . . . . . . . . . 68 What Next?.. . . . . . . . . . . . . . . . . . . . . 71 CHAPTER 5: Threat Actors, Vectors, and Intelligence Sources. . . . . . . . . . 73 Threat Actor Attributes.. . . . . . . . . . . . . . . . . 74 Threat Actor Types.. . . . . . . . . . . . . . . . . . . 75 Vectors.. . . . . . . . . . . . . . . . . . . . . . . 80 Threat Intelligence and Research Sources.. . . . . . . . . . . 81 What Next?.. . . . . . . . . . . . . . . . . . . . . 87 CHAPTER 6: Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . 89 Cloud-Based vs. On-Premises. . . . . . . . . . . . . . . 90 Zero-Day. . . . . . . . . . . . . . . . . . . . . . 90 Weak Configurations. . . . . . . . . . . . . . . . . . 91 Third-Party Risks.. . . . . . . . . . . . . . . . . . . 95 Impacts.. . . . . . . . . . . . . . . . . . . . . . . 96 What Next?.. . . . . . . . . . . . . . . . . . . . . 98 CHAPTER 7: Security Assessment Techniques.. . . . . . . . . . . . . . . 99 Vulnerability Scans.. . . . . . . . . . . . . . . . . . . 100 Threat Assessment.. . . . . . . . . . . . . . . . . . . 103 What Next?.. . . . . . . . . . . . . . . . . . . . . 110 CHAPTER 8: Penetration Testing Techniques.. . . . . . . . . . . . . . . . 111 Testing Methodology. . . . . . . . . . . . . . . . . . 112 Team Exercises.. . . . . . . . . . . . . . . . . . . . 118 What Next?.. . . . . . . . . . . . . . . . . . . . . 120 Part II: Architecture and Design 121 CHAPTER 9: Enterprise Security Concepts.. . . . . . . . . . . . . . . . . 123 Configuration Management.. . . . . . . . . . . . . . . . 124 Data Confidentiality.. . . . . . . . . . . . . . . . . . 126 Deception and Disruption.. . . . . . . . . . . . . . . . 139 What Next?.. . . . . . . . . . . . . . . . . . . . . 143 CHAPTER 10: Virtualization and Cloud Computing.. . . . . . . . . . . . . . 145 Virtualization.. . . . . . . . . . . . . . . . . . . . . 145 On-Premises vs. Off-Premises. . . . . . . . . . . . . . . 154 Cloud Models. . . . . . . . . . . . . . . . . . . . . 155 What Next?.. . . . . . . . . . . . . . . . . . . . . 164 CHAPTER 11: Secure Application Development, Deployment, and Automation.. . . . 165 Application Environment.. . . . . . . . . . . . . . . . . 166 Integrity Measurement.. . . . . . . . . . . . . . . . . 168 Change Management and Version Control.. . . . . . . . . . . 169 Secure Coding Techniques.. . . . . . . . . . . . . . . . 170 Automation and Scripting.. . . . . . . . . . . . . . . . 180 Scalability and Elasticity. . . . . . . . . . . . . . . . . 184 What Next?.. . . . . . . . . . . . . . . . . . . . . 187 CHAPTER 12: Authentication and Authorization Design. . . . . . . . . . . . . 189 Identification and Authentication, Authorization, and Accounting (AAA).. . . . . . . . . . . . . . . . . . . 189 Multifactor Authentication.. . . . . . . . . . . . . . . . 190 Single Sign-on.. . . . . . . . . . . . . . . . . . . . 192 Authentication Technologies. . . . . . . . . . . . . . . . 195 What Next?.. . . . . . . . . . . . . . . . . . . . . 204 CHAPTER 13: Cybersecurity Resilience.. . . . . . . . . . . . . . . . . . 205 Redundancy.. . . . . . . . . . . . . . . . . . . . . 205 Backups.. . . . . . . . . . . . . . . . . . . . . . . 214 Defense in Depth.. . . . . . . . . . . . . . . . . . . 221 What Next?.. . . . . . . . . . . . . . . . . . . . . 224 CHAPTER 14: Embedded and Specialized Systems. . . . . . . . . . . . . . 225 Embedded Systems.. . . . . . . . . . . . . . . . . . . 225 SCADA and ICS. . . . . . . . . . . . . . . . . . . . 227 Smart Devices and IoT.. . . . . . . . . . . . . . . . . 229 What Next?.. . . . . . . . . . . . . . . . . . . . . 238 CHAPTER 15: Physical Security Controls.. . . . . . . . . . . . . . . . . . 239 Perimeter Security.. . . . . . . . . . . . . . . . . . . 239 Internal Security.. . . . . . . . . . . . . . . . . . . . 243 Equipment Security. . . . . . . . . . . . . . . . . . . 246 Environmental Controls.. . . . . . . . . . . . . . . . . 249 Secure Data Destruction.. . . . . . . . . . . . . . . . . 255 What Next?.. . . . . . . . . . . . . . . . . . . . . 259 CHAPTER 16: Cryptographic Concepts. . . . . . . . . . . . . . . . . . . 261 Cryptosystems.. . . . . . . . . . . . . . . . . . . . 262 Use of Proven Technologies and Implementation.. . . . . . . . 272 Steganography.. . . . . . . . . . . . . . . . . . . . 273 Cryptography Use Cases.. . . . . . . . . . . . . . . . . 274 Cryptography Constraints.. . . . . . . . . . . . . . . . 276 What Next?.. . . . . . . . . . . . . . . . . . . . . 277 Part III: Implementation 279 CHAPTER 17: Secure Protocols.. . . . . . . . . . . . . . . . . . . . . 281 Secure Web Protocols.. . . . . . . . . . . . . . . . . . 282 Secure File Transfer Protocols.. . . . . . . . . . . . . . . 286 Secure Email Protocols.. . . . . . . . . . . . . . . . . 287 Secure Internet Protocols. . . . . . . . . . . . . . . . . 288 Secure Protocol Use Cases.. . . . . . . . . . . . . . . . 293 What Next?.. . . . . . . . . . . . . . . . . . . . . 305 CHAPTER 18: Host and Application Security Solutions.. . . . . . . . . . . . . 307 Endpoint Protection.. . . . . . . . . . . . . . . . . . 308 Firewalls and HIPS/HIDS Solutions.. . . . . . . . . . . 308 Anti-Malware and Other Host Protections. . . . . . . . . 310 Application Security.. . . . . . . . . . . . . . . . . . 318 Hardware and Firmware Security.. . . . . . . . . . . . . . 322 Operating System Security.. . . . . . . . . . . . . . . . 330 What Next?.. . . . . . . . . . . . . . . . . . . . . 338 CHAPTER 19: Secure Network Design.. . . . . . . . . . . . . . . . . . . 339 Network Devices and Segmentation.. . . . . . . . . . . . . 340 Security Devices and Boundaries. . . . . . . . . . . . . . 347 What Next?.. . . . . . . . . . . . . . . . . . . . . 369 CHAPTER 20: Wireless Security Settings.. . . . . . . . . . . . . . . . . . 371 Access Methods.. . . . . . . . . . . . . . . . . . . . 372 Wireless Cryptographic Protocols.. . . . . . . . . . . . . . 373 Authentication Protocols.. . . . . . . . . . . . . . . . . 377 Wireless Access Installations. . . . . . . . . . . . . . . . 379 What Next?.. . . . . . . . . . . . . . . . . . . . . 387 CHAPTER 21: Secure Mobile Solutions. . . . . . . . . . . . . . . . . . . 389 Communication Methods. . . . . . . . . . . . . . . . . 389 Mobile Device Management Concepts. . . . . . . . . . . . 393 Enforcement and Monitoring.. . . . . . . . . . . . . . . 405 Deployment Models.. . . . . . . . . . . . . . . . . . 412 What Next?.. . . . . . . . . . . . . . . . . . . . . 420 CHAPTER 22: Cloud Cybersecurity Solutions.. . . . . . . . . . . . . . . . 421 Cloud Workloads.. . . . . . . . . . . . . . . . . . . 422 Third-Party Cloud Security Solutions.. . . . . . . . . . . . 428 What Next?.. . . . . . . . . . . . . . . . . . . . . 431 CHAPTER 23: Identity and Account Management Controls.. . . . . . . . . . . 433 Account Types.. . . . . . . . . . . . . . . . . . . . 433 Account Management.. . . . . . . . . . . . . . . . . . 435 Account Policy Enforcement.. . . . . . . . . . . . . . . 441 What Next?.. . . . . . . . . . . . . . . . . . . . . 448 CHAPTER 24: Authentication and Authorization Solutions.. . . . . . . . . . . . 449 Authentication.. . . . . . . . . . . . . . . . . . . . 450 Access Control.. . . . . . . . . . . . . . . . . . . . 466 What Next?.. . . . . . . . . . . . . . . . . . . . . 472 CHAPTER 25: Public Key Infrastructure.. . . . . . . . . . . . . . . . . . 473 What Next?.. . . . . . . . . . . . . . . . . . . . . 489 Part IV: Operations and Incident Response 491 CHAPTER 26: Organizational Security.. . . . . . . . . . . . . . . . . . . 493 Shell and Script Environments.. . . . . . . . . . . . . . . 494 Network Reconnaissance and Discovery. . . . . . . . . . . . 496 Packet Capture and Replay. . . . . . . . . . . . . . . . 502 Password Crackers.. . . . . . . . . . . . . . . . . . . 504 Forensics and Data Sanitization.. . ....

Details
Erscheinungsjahr: 2020
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
ISBN-13: 9780136798675
ISBN-10: 0136798675
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Weiss, Martin
Auflage: 6th edition
Hersteller: Pearson Education
Pearson Education Limited
Maße: 227 x 152 x 37 mm
Von/Mit: Martin Weiss
Erscheinungsdatum: 15.12.2020
Gewicht: 1,026 kg
Artikel-ID: 118866553
Über den Autor

Marty M. Weiss has spent most of his career in information security and risk management, helping large organizations. Marty holds a bachelor of science degree in computer studies from the University of Maryland University College and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He holds several certifications, including CISSP, CISA, and Security+. Marty has authored and coauthored more than a half-dozen books on information technology, many that have been described as riveting and Dostoevsky-esque in reviews by his mother. A Florida native, he now lives in New England.

Inhaltsverzeichnis

Introduction . . . . . . . . . . . . . . . . . . . . . . xxvii Part I: Attacks, Threats, and Vulnerabilities 1 CHAPTER 1: Social Engineering Techniques.. . . . . . . . . . . . . . . . 3 The Social Engineer.. . . . . . . . . . . . . . . . . . 4 Phishing and Related Attacks.. . . . . . . . . . . . . . . 6 Principles of Influence (Reasons for Effectiveness). . . . . . . . 10 What Next?.. . . . . . . . . . . . . . . . . . . . . 14 CHAPTER 2: Attack Basics.. . . . . . . . . . . . . . . . . . . . . . 15 Malware. . . . . . . . . . . . . . . . . . . . . . . 16 Physical Attacks.. . . . . . . . . . . . . . . . . . . . 26 Adversarial Artificial Intelligence (AI).. . . . . . . . . . . . 27 Password Attacks. . . . . . . . . . . . . . . . . . . . 28 Downgrade Attacks.. . . . . . . . . . . . . . . . . . . 31 What Next?.. . . . . . . . . . . . . . . . . . . . . 34 CHAPTER 3: Application Attacks.. . . . . . . . . . . . . . . . . . . . 35 Race Conditions.. . . . . . . . . . . . . . . . . . . . 36 Improper Software Handling.. . . . . . . . . . . . . . . 37 Resource Exhaustion.. . . . . . . . . . . . . . . . . . 37 Overflows.. . . . . . . . . . . . . . . . . . . . . . 38 Code Injections. . . . . . . . . . . . . . . . . . . . 39 Driver Manipulation.. . . . . . . . . . . . . . . . . . 40 Request Forgeries.. . . . . . . . . . . . . . . . . . . 41 Directory Traversal.. . . . . . . . . . . . . . . . . . . 44 Replay Attack.. . . . . . . . . . . . . . . . . . . . . 45 Secure Sockets Layer (SSL) Stripping.. . . . . . . . . . . . 45 Application Programming Interface (API) Attacks.. . . . . . . . 47 Pass-the-Hash Attack. . . . . . . . . . . . . . . . . . 49 What Next?.. . . . . . . . . . . . . . . . . . . . . 52 CHAPTER 4: Network Attacks.. . . . . . . . . . . . . . . . . . . . . 53 Wireless. . . . . . . . . . . . . . . . . . . . . . . 54 On-Path Attack. . . . . . . . . . . . . . . . . . . . 58 Layer 2 Attacks. . . . . . . . . . . . . . . . . . . . 59 Domain Name System (DNS) Attacks.. . . . . . . . . . . . 62 Denial of Service. . . . . . . . . . . . . . . . . . . . 64 Malicious Code and Script Execution.. . . . . . . . . . . . 68 What Next?.. . . . . . . . . . . . . . . . . . . . . 71 CHAPTER 5: Threat Actors, Vectors, and Intelligence Sources. . . . . . . . . . 73 Threat Actor Attributes.. . . . . . . . . . . . . . . . . 74 Threat Actor Types.. . . . . . . . . . . . . . . . . . . 75 Vectors.. . . . . . . . . . . . . . . . . . . . . . . 80 Threat Intelligence and Research Sources.. . . . . . . . . . . 81 What Next?.. . . . . . . . . . . . . . . . . . . . . 87 CHAPTER 6: Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . 89 Cloud-Based vs. On-Premises. . . . . . . . . . . . . . . 90 Zero-Day. . . . . . . . . . . . . . . . . . . . . . 90 Weak Configurations. . . . . . . . . . . . . . . . . . 91 Third-Party Risks.. . . . . . . . . . . . . . . . . . . 95 Impacts.. . . . . . . . . . . . . . . . . . . . . . . 96 What Next?.. . . . . . . . . . . . . . . . . . . . . 98 CHAPTER 7: Security Assessment Techniques.. . . . . . . . . . . . . . . 99 Vulnerability Scans.. . . . . . . . . . . . . . . . . . . 100 Threat Assessment.. . . . . . . . . . . . . . . . . . . 103 What Next?.. . . . . . . . . . . . . . . . . . . . . 110 CHAPTER 8: Penetration Testing Techniques.. . . . . . . . . . . . . . . . 111 Testing Methodology. . . . . . . . . . . . . . . . . . 112 Team Exercises.. . . . . . . . . . . . . . . . . . . . 118 What Next?.. . . . . . . . . . . . . . . . . . . . . 120 Part II: Architecture and Design 121 CHAPTER 9: Enterprise Security Concepts.. . . . . . . . . . . . . . . . . 123 Configuration Management.. . . . . . . . . . . . . . . . 124 Data Confidentiality.. . . . . . . . . . . . . . . . . . 126 Deception and Disruption.. . . . . . . . . . . . . . . . 139 What Next?.. . . . . . . . . . . . . . . . . . . . . 143 CHAPTER 10: Virtualization and Cloud Computing.. . . . . . . . . . . . . . 145 Virtualization.. . . . . . . . . . . . . . . . . . . . . 145 On-Premises vs. Off-Premises. . . . . . . . . . . . . . . 154 Cloud Models. . . . . . . . . . . . . . . . . . . . . 155 What Next?.. . . . . . . . . . . . . . . . . . . . . 164 CHAPTER 11: Secure Application Development, Deployment, and Automation.. . . . 165 Application Environment.. . . . . . . . . . . . . . . . . 166 Integrity Measurement.. . . . . . . . . . . . . . . . . 168 Change Management and Version Control.. . . . . . . . . . . 169 Secure Coding Techniques.. . . . . . . . . . . . . . . . 170 Automation and Scripting.. . . . . . . . . . . . . . . . 180 Scalability and Elasticity. . . . . . . . . . . . . . . . . 184 What Next?.. . . . . . . . . . . . . . . . . . . . . 187 CHAPTER 12: Authentication and Authorization Design. . . . . . . . . . . . . 189 Identification and Authentication, Authorization, and Accounting (AAA).. . . . . . . . . . . . . . . . . . . 189 Multifactor Authentication.. . . . . . . . . . . . . . . . 190 Single Sign-on.. . . . . . . . . . . . . . . . . . . . 192 Authentication Technologies. . . . . . . . . . . . . . . . 195 What Next?.. . . . . . . . . . . . . . . . . . . . . 204 CHAPTER 13: Cybersecurity Resilience.. . . . . . . . . . . . . . . . . . 205 Redundancy.. . . . . . . . . . . . . . . . . . . . . 205 Backups.. . . . . . . . . . . . . . . . . . . . . . . 214 Defense in Depth.. . . . . . . . . . . . . . . . . . . 221 What Next?.. . . . . . . . . . . . . . . . . . . . . 224 CHAPTER 14: Embedded and Specialized Systems. . . . . . . . . . . . . . 225 Embedded Systems.. . . . . . . . . . . . . . . . . . . 225 SCADA and ICS. . . . . . . . . . . . . . . . . . . . 227 Smart Devices and IoT.. . . . . . . . . . . . . . . . . 229 What Next?.. . . . . . . . . . . . . . . . . . . . . 238 CHAPTER 15: Physical Security Controls.. . . . . . . . . . . . . . . . . . 239 Perimeter Security.. . . . . . . . . . . . . . . . . . . 239 Internal Security.. . . . . . . . . . . . . . . . . . . . 243 Equipment Security. . . . . . . . . . . . . . . . . . . 246 Environmental Controls.. . . . . . . . . . . . . . . . . 249 Secure Data Destruction.. . . . . . . . . . . . . . . . . 255 What Next?.. . . . . . . . . . . . . . . . . . . . . 259 CHAPTER 16: Cryptographic Concepts. . . . . . . . . . . . . . . . . . . 261 Cryptosystems.. . . . . . . . . . . . . . . . . . . . 262 Use of Proven Technologies and Implementation.. . . . . . . . 272 Steganography.. . . . . . . . . . . . . . . . . . . . 273 Cryptography Use Cases.. . . . . . . . . . . . . . . . . 274 Cryptography Constraints.. . . . . . . . . . . . . . . . 276 What Next?.. . . . . . . . . . . . . . . . . . . . . 277 Part III: Implementation 279 CHAPTER 17: Secure Protocols.. . . . . . . . . . . . . . . . . . . . . 281 Secure Web Protocols.. . . . . . . . . . . . . . . . . . 282 Secure File Transfer Protocols.. . . . . . . . . . . . . . . 286 Secure Email Protocols.. . . . . . . . . . . . . . . . . 287 Secure Internet Protocols. . . . . . . . . . . . . . . . . 288 Secure Protocol Use Cases.. . . . . . . . . . . . . . . . 293 What Next?.. . . . . . . . . . . . . . . . . . . . . 305 CHAPTER 18: Host and Application Security Solutions.. . . . . . . . . . . . . 307 Endpoint Protection.. . . . . . . . . . . . . . . . . . 308 Firewalls and HIPS/HIDS Solutions.. . . . . . . . . . . 308 Anti-Malware and Other Host Protections. . . . . . . . . 310 Application Security.. . . . . . . . . . . . . . . . . . 318 Hardware and Firmware Security.. . . . . . . . . . . . . . 322 Operating System Security.. . . . . . . . . . . . . . . . 330 What Next?.. . . . . . . . . . . . . . . . . . . . . 338 CHAPTER 19: Secure Network Design.. . . . . . . . . . . . . . . . . . . 339 Network Devices and Segmentation.. . . . . . . . . . . . . 340 Security Devices and Boundaries. . . . . . . . . . . . . . 347 What Next?.. . . . . . . . . . . . . . . . . . . . . 369 CHAPTER 20: Wireless Security Settings.. . . . . . . . . . . . . . . . . . 371 Access Methods.. . . . . . . . . . . . . . . . . . . . 372 Wireless Cryptographic Protocols.. . . . . . . . . . . . . . 373 Authentication Protocols.. . . . . . . . . . . . . . . . . 377 Wireless Access Installations. . . . . . . . . . . . . . . . 379 What Next?.. . . . . . . . . . . . . . . . . . . . . 387 CHAPTER 21: Secure Mobile Solutions. . . . . . . . . . . . . . . . . . . 389 Communication Methods. . . . . . . . . . . . . . . . . 389 Mobile Device Management Concepts. . . . . . . . . . . . 393 Enforcement and Monitoring.. . . . . . . . . . . . . . . 405 Deployment Models.. . . . . . . . . . . . . . . . . . 412 What Next?.. . . . . . . . . . . . . . . . . . . . . 420 CHAPTER 22: Cloud Cybersecurity Solutions.. . . . . . . . . . . . . . . . 421 Cloud Workloads.. . . . . . . . . . . . . . . . . . . 422 Third-Party Cloud Security Solutions.. . . . . . . . . . . . 428 What Next?.. . . . . . . . . . . . . . . . . . . . . 431 CHAPTER 23: Identity and Account Management Controls.. . . . . . . . . . . 433 Account Types.. . . . . . . . . . . . . . . . . . . . 433 Account Management.. . . . . . . . . . . . . . . . . . 435 Account Policy Enforcement.. . . . . . . . . . . . . . . 441 What Next?.. . . . . . . . . . . . . . . . . . . . . 448 CHAPTER 24: Authentication and Authorization Solutions.. . . . . . . . . . . . 449 Authentication.. . . . . . . . . . . . . . . . . . . . 450 Access Control.. . . . . . . . . . . . . . . . . . . . 466 What Next?.. . . . . . . . . . . . . . . . . . . . . 472 CHAPTER 25: Public Key Infrastructure.. . . . . . . . . . . . . . . . . . 473 What Next?.. . . . . . . . . . . . . . . . . . . . . 489 Part IV: Operations and Incident Response 491 CHAPTER 26: Organizational Security.. . . . . . . . . . . . . . . . . . . 493 Shell and Script Environments.. . . . . . . . . . . . . . . 494 Network Reconnaissance and Discovery. . . . . . . . . . . . 496 Packet Capture and Replay. . . . . . . . . . . . . . . . 502 Password Crackers.. . . . . . . . . . . . . . . . . . . 504 Forensics and Data Sanitization.. . ....

Details
Erscheinungsjahr: 2020
Fachbereich: Datenkommunikation, Netze & Mailboxen
Genre: Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
ISBN-13: 9780136798675
ISBN-10: 0136798675
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Weiss, Martin
Auflage: 6th edition
Hersteller: Pearson Education
Pearson Education Limited
Maße: 227 x 152 x 37 mm
Von/Mit: Martin Weiss
Erscheinungsdatum: 15.12.2020
Gewicht: 1,026 kg
Artikel-ID: 118866553
Warnhinweis