CompTIA Security+ Guide to Network Security Fundamentals, Seventh Edition
By Mark Ciampa
Table of Contents
Introduction IX
Part 1
Security Fundamentals_1
Module 1
Introduction to Security_3
What Is Information Security? 5
Understanding Security 5
Defining Information Security 5
Who Are the Threat Actors? 7
Script Kiddies 8
Hacktivists 9
State Actors 9
Insiders 10
Other Threat Actors 10
Vulnerabilities and Attacks 11
Vulnerabilities 11
Attack Vectors 14
Social Engineering Attacks 15
Impacts of Attacks 21
Summary 22
Key Terms_23
Review Questions_24
Case Projects_30
Module 2
Threat Management and
Cybersecurity Resources_33
Penetration Testing 34
Defining Penetration Testing 34
Why Conduct a Test? 35
Who Should Perform the Test? 35
Rules of Engagement 37
Performing a Penetration Test 39
Vulnerability Scanning 42
What Is a Vulnerability Scan? 42
Conducting a Vulnerability Scan 43
Data Management Tools 47
Threat Hunting 49
Cybersecurity Resources 50
Frameworks 50
Regulations 52
Legislation 53
Standards 53
Benchmarks/Secure Configuration Guides 54
Information Sources 54
Summ ary_55
Key Terms_56
Review Questions_57
Case Projects_61
Part 2
Endpoint Security_63
Module 3
Threats and Attacks
on Endpoints 65
Attacks Using Malware 66
Imprison 67
Launch 69
Snoop 73
Deceive 75
Evade 76
Application Attacks 77
Scripting 78
Injection 78
Request Forgery 80
Replay 80
Attacks on Software 81
Adversarial Artificial Intelligence
Attacks 83
What Are Artificial Intelligence (AI) and
Machine Learning (ML)? 84
Uses in Cybersecurity 84
Risks in Using AI and ML in Cybersecurity 85
Summ ary_86
Key Terms_88
Review Questions_88
Case Projects_93
Module 4
Endpoint and
Application Development
Security_95
Threat Intelligence Sources 96
Categories of Sources 97
Sources of Threat Intelligence 99
Securing Endpoint Computers 101
Confirm Boot Integrity 101
Protect Endpoints 103
Harden Endpoints 107
Creating and Deploying SecDevOps 112
Application Development Concepts 114
Secure Coding Techniques 115
Code Testing 115
Summ ary_118
Key Terms_120
Review Questions_120
Case Projects_125
Module 5
Mobile, Embedded,
and Specialized Device
Security_127
Securing Mobile Devices 129
Introduction to Mobile Devices 129
Mobile Device Risks 134
Protecting Mobile Devices 136
Embedded Systems and Specialized
Devices 140
Types of Devices 140
Security Issues 144
Summ ary_145
Key Terms_147
Review Questions_148
Case Projects_152
Part 3
Cryptography_155
Module 6
Basic Cryptography_157
Defining Cryptography 158
What Is Cryptography? 158
Cryptography Use Cases 160
Limitations of Cryptography 162
Cryptographic Algorithms 164
Hash Algorithms 165
Symmetric Cryptographic Algorithms 166
Asymmetric Cryptographic Algorithms 168
Cryptographic Attacks and Defenses 172
Attacks on Cryptography 173
Quantum Cryptographic Defenses 174
Using Cryptography 175
Encryption through Software 175
Hardware Encryption 177
Blockchain 178
Summ ary_180
Key Terms_181
Review Questions_181
Case Projects_187
Module 7
Public Key Infrastructure
and Cryptographic
Protocols_191
Digital Certificates 192
Defining Digital Certificates 192
Managing Digital Certificates 194
Types of Digital Certificates 197
Public Key Infrastructure (PKI) 202
What Is Public Key Infrastructure (PKI)? 202
Trust Models 202
Managing PKI 204
Key Management 205
Cryptographic Protocols 207
Secure Sockets Layer (SSL) 208
Transport Layer Security (TLS) 208
Secure Shell (SSH) 208
Hypertext Transport Protocol Secure (HTTPS) 209
Secure/Multipurpose Internet Mail
Extensions (S/MIME) 209
Secure Real-time Transport Protocol (SRTP) 209
IP Security (IPsec) 210
Weaknesses of Cryptographic Protocols 210
Implementing Cryptography 211
Key Strength 211
Secret Algorithms 212
Block Cipher Modes of Operation 212
Crypto Service Providers 213
Summ ary_214
Key Terms_215
Review Questions_216
Case Projects_220
Part 4
Network Security_223
Module 8
Networking Threats,
Assessments, and Defenses_225
Attacks on Networks 226
Interception Attacks 227
Layer 2 Attacks 228
DNS Attacks 231
Distributed Denial of Service Attack 233
Malicious Coding and Scripting Attacks 234
Tools for Assessment and Defense 236
Network Reconnaissance and Discovery Tools 237
Linux File Manipulation Tools 238
Scripting Tools 238
Packet Capture and Replay Tools 238
Physical Security Controls 240
External Perimeter Defenses 240
Internal Physical Security Controls 243
Computer Hardware Security 245
Summ ary_246
Key Terms_248
Review Questions_248
Case Projects_252
Module 9
Network Security Appliances
and Technologies_255
Security Appliances 256
Firewalls 257
Proxy Servers 261
Deception Instruments 261
Intrusion Detection and Prevention
Systems 263
Network Hardware Security Modules 264
Configuration Management 265
Security Technologies 266
Access Technologies 266
Technologies for Monitoring and
Managing 269
Design Technologies 272
Summ ary_276
Key Terms_278
Review Questions_279
Case Projects_282
Module 10
Cloud and Virtualization
Security_285
Cloud Security 286
Introduction to Cloud Computing 286
Securing Cloud Computing 292
Virtualization Security 298
Defining Virtualization 298
Infrastructure as Code 300
Security Concerns for Virtual
Environments 302
Secure Network Protocols 304
Simple Network Management Protocol (SNMP) 304
Domain Name System Security Extensions
(DNSSEC) 304
File Transfer Protocol (FTP) 305
Secure Email Protocols 306
Lightweight Directory Access Protocol (LDAP) 306
Internet Protocol Version 6 (IPv6) 307
Use Cases 307
Summ ary_308
Key Terms_310
Review Questions_311
Case Projects_315
Module 11
Wireless Network Security_317
Wireless Attacks 319
Bluetooth Attacks 319
Near Field Communication (NFC) Attacks 321
Radio Frequency Identification (RFID)
Attacks 322
Wireless Local Area Network Attacks 323
Vulnerabilities of WLAN Security 331
Wired Equivalent Privacy 331
Wi-Fi Protected Setup 332
MAC Address Filtering 332
Wi-Fi Protected Access (WPA) 333
Wireless Security Solutions 334
Wi-Fi Protected Access 2 (WPA2) 334
Wi-Fi Protected Access 3 (WPA3) 336
Additional Wireless Security
Protections 336
Installation 337
Configuration 338
Specialized Systems Communications 339
Rogue AP System Detection 339
Summ ary_340
Key Terms_342
Review Questions_342
Case Projects_347
Part 5
Enterprise Security_351
Module 12
Authentication_353
Types of Authentication Credentials 354
Something You Know: Passwords 355
Something You Have: Smartphone and
Security Keys 361
Something You Are: Biometrics 364
Something You Do: Behavioral Biometrics 368
Authentication Solutions 369
Password Security 370
Secure Authentication Technologies 373
Summ ary_378
Key Terms_379
Review Questions_380
Case Projects_386
Module 13
Incident Preparation,
Response, and Investigation_389
Incident Preparation 390
Reasons for Cybersecurity Incidents 391
Preparing for an Incident 397
Incident Response 400
Use SOAR Runbooks and Playbooks 401
Perform Containment 401
Make Configuration Changes 402
Incident Investigation 402
Data Sources 402
Digital Forensics 405
Summ ary_413
Key Terms_415
Review Questions_415
Case Projects_420
Module 14
Cybersecurity Resilience_423
Business Continuity 424
Introduction to Business Continuity 424
Resilience Through Redundancy 427
Policies 436
Definition of a Policy 436
Types of Security Policies 437
Summ ary_444
Key Terms_445
Review Questions_446
Case Projects_451
Module 15
Risk Management and Data
Privacy_453
Managing Risk 454
Defining Risk 455
Risk Types 456
Risk Analysis 457
Risk Management 461
Data Privacy 466
User Concerns 467
Data Breach Consequences 468
Data Types 468
Protecting Data 468
Data Destruction 470
Summ ary_470
Key Terms_472
Review Questions_473
Case Projects_476
appendices A
COMPTIA SECURITY+ SY0-601
CERTIFICATION EXAM
OBJECTIVES 479
appendices B
TWO RIGHTS & A WRONG:
ANSWERS 505
GLO SSAR Y 515
index 543