Książki

Reflecting the latest developments and emerging trends from the field, COMPTIA SECURITY+ GUIDE TO NETWORK SECURITY FUNDAMENTALS, Seventh Edition, helps you prepare for professional certification -- and career success. The text fully maps to the new CompTIA Security+ SY0-601 Certification Exam, providing thorough coverage of all domain objectives. In addition to its comprehensive coverage of the fundamental essentials of network and computer security, the seventh edition includes expanded coverage of security evaluations, embedded device and Internet of Things (IoT) security, and cloud and virtualization security. Practical, Hands-On Projects, case activities and online virtual labs help you put what you learn into real-world practice, while the innovative Information Security Community Site connects you to up-to-the-minute news and insights from the information security field.

CompTIA Security+ Guide to Network Security Fundamentals

I. SECURITY FUNDAMENTALS

1.Introduction to Security

a.Who are the attackers?

i.Categories of threat actors

ii.Attributes of actors

b.Attack vectors and their causes

i.Avenues of attacks

ii.Vulnerabilities that create attack vectors

iii.Social engineering attacks

c.Cybersecurity standards

i.Regulations and standards

ii.Frameworks

iii.Configuration guidelines

d.Sources of information

i.Threat intelligence sources

ii.Research sources

2.Security Evaluations

a.Security assessments

i.Threat hunting

ii.Vulnerability scans

iii.Security information and event management (SIEM)

iv.Security orchestration, automation, response (SOAR)

b.Penetration testing

i.What is penetration testing?

ii.Types of reconnaissance

iii.Exercise types (

II. DEVICE SECURITY

3.Threats and Attacks on Devices

a.Attacks using malware

i.Circulation

ii.Infection

iii.Concealment

iv.Payload capabilities

b.Adversarial AI attacks

c.Application attacks

i.Web server application attacks

ii.Hijacking

iii.Overflow attacks

iv.Advertising attacks

v.Browser vulnerabilities

4.Client and Application Security

a.Securing client devices

i.Endpoint protection

ii.Boot integrity

iii.Database protection

iv.Hardware and software protection

b.Creating and deploying SecDevOps

i.Application development

ii.Secure coding techniques

iii.Code testing

5.Mobile, Embedded and Specialized Device Security

a.Securing mobile devices

i.Mobile device types and deployment

ii.Mobile device risks

iii.Securing mobile devices

iv.Mobile management tools

b.Embedded and IoT device security

i.Types of embedded systems

ii.IoT devices

iii.Specialized devices

c.Keeping specialized devices secure

i.Vulnerabilities

ii.Securing communications

III. CRYPTOGRAPHY

6.Basic Cryptography

a.Defining cryptography

b.Cryptographic algorithms

c.Cryptographic attacks

d.Using cryptography

7.Advanced Cryptography and PKI

a.Implementing cryptography

b.Digital certificates

c.Public Key Infrastructure (PKI)

d.Cryptographic transport protocols

IV. NETWORK SECURITY

8.Network Threats, Assessments, and Defenses

a.Attacks on networks

i.Interception

ii.Poisoning

iii.Denial of Service

b.Assessing network and organizational security

i.Network reconnaissance and discovery

ii.File manipulation

iii.Shell and script environments

iv.Packet capture and replay

c.Physical security defenses

i.External perimeter defenses

ii.Internal physical access security

iii.Computer hardware security

9.Network Security Design and Technologies

a.Security through network devices

i.Standard network devices

ii.Network security hardware

b.Security through architecture and design

c.Implementing secure protocols

d.Enterprise network security concepts

i.Configuration management

ii.Data protection

10.Wireless Network Security

a.Wireless attacks

i.Bluetooth attacks

ii.Near field communication attacks

iii.Radio frequency identification attacks

iv.Wireless local area network attacks

b.Vulnerabilities of IEEE wireless security

c.Wireless security solutions

i.Wi-Fi Protected Access

ii.Wi-Fi Protected Access 2

iii.Additional wireless security protections

11.Cloud and Virtualization Security

a.Cloud security

i.Cloud concepts and models

ii.Cloud security solutions

1.Cloud security controls

2.Cloud security solutions

b.Virtualization security

i.Virtualization concepts

ii.Securing virtual environments

ENTERPRISE SECURITY

12.Identity and Access Management (IAM)

a.Authentication credentials

i.What you know: passwords

ii.What you have: tokens, cards, and cell phones

iii.What you are: biometrics

iv.What you do: behavioral biometrics

v.Where you are: geolocation

b.Identity and account management controls

c.Access services

13.Incident Response and Investigation

a.Incident response plans and procedures

i.What is an incident response plan?

ii.Incident response exercises

iii.Attack frameworks

b.Investigating an incident by using data sources

c.Digital forensics

i.What is forensics?

ii.Forensics procedures

14.Cybersecurity Resilience

a.Control types

b.Techniques for resiliency

i.Redundancy

ii.Replication

iii.Data backups

c.Using organizational policies for security

15.Risk Management and Data Privacy

a.Managing risk

i.Threat assessment

ii.Risk assessment

b.Protecting sensitive data

i.Data types

ii.Consequences of privacy breaches

iii.Breach notifications

iv.Roles and responsibilities

v.Privacy enhancing technologies