CompTIA Security+ Guide to Network Security Fundamentals, Eighth Edition
Mark Ciampa
Table of Contents
Introduction ix
Part 1
Security Foundations 1
Module 1
Introduction to Information Security 2
What Is Information Security? 4
Understanding Security 5
Principles of Security 5
Cybersecurity versus Information Security 8
Defining Information Security 8
Threat Actors and Their
Motivations 10
Unskilled Attackers 11
Shadow IT 12
Organized Crime 12
Insider Threats 13
Hacktivists 13
Nation-State Actors 13
Other Threat Actors 14
How Attacks Occur 15
Threat Vectors and Attack Surfaces 15
Categories of Vulnerabilities 18
Impacts of Attacks 20
Information Security Resources 21
Frameworks 21
Regulations 23
Legislation 23
Standards 23
Benchmarks/Secure Configuration
Guides 23
Information Sources 23
Module 2
Pervasive Attack Surfaces and Controls 35
Social Engineering Attacks 36
Examples of Human Manipulation 37
Types of Social Engineering Attacks 38
Physical Security Controls 44
Perimeter Defenses 44
Preventing Data Leakage 50
Computer Hardware Security 52
Data Controls 53
Data Classifications 53
Types of Data 54
Data Breach Consequences 55
Protecting Data 56
Part 2
Cryptography 67
Module 3
Fundamentals of Cryptography 68
Defining Cryptography 69
Steganography: Hiding the Message 70
Cryptography: Hiding the Meaning 71
Benefits of Cryptography 72
Cryptographic Algorithms 74
Variations of Algorithms 74
Hash Algorithms 76
Symmetric Cryptographic Algorithms 78
Asymmetric Cryptographic Algorithms 79
Using Cryptography 84
Encryption through Software 84
Hardware Encryption 86
Blockchain 87
Cryptographic Limitations and
Attacks 89
Limitations of Cryptography 89
Attacks on Cryptography 89
Module 4
Advanced Cryptography 102
Digital Certificates 103
Defining Digital Certificates 104
Managing Digital Certificates 105
Types of Digital Certificates 107
Public Key Infrastructure (PKI) 115
What Is Public Key Infrastructure
(PKI)? 115
Trust Models 115
Managing PKI 117
Key Management 118
Secure Communication and
Transport Protocols 120
Transport Layer Security (TLS) 122
IP Security (IPSec) 122
Other Protocols 124
Implementing Cryptography 125
Key Strength 125
Secret Algorithms 126
Block Cipher Modes of Operation 127
Part 3
Device Security 139
Module 5
Endpoint Vulnerabilities, Attacks, and Defenses 140
Malware Attacks 141
Kidnap 142
Eavesdrop 145
Masquerade 148
Launch 148
Sidestep 152
Indicator of Attack (IoA) 153
Application Vulnerabilities and Attacks 154
Application Vulnerabilities 154
Application Attacks 155
Securing Endpoint Devices 160
Protecting Endpoints 160
Hardening Endpoints 163
Module 6
Mobile and Embedded Device Security 181
Securing Mobile Devices 183
Introduction to Mobile Devices 183
Mobile Device Risks 188
Protecting Mobile Devices 191
Embedded Systems and
Specialized Devices 194
Types of Devices 194
Security Considerations 198
Application Security 200
Application Development Concepts 201
Secure Coding Techniques 202
Code Testing 202
Module 7
Identity and Access Management (IAM) 215
Types of Authentication Credentials 216
Something You Know: Passwords 217
Something You Have: Tokens and
Security Keys 224
Something You Are: Biometrics 226
Something You Do: Behavioral
Biometrics 230
Authentication Best Practices 231
Securing Passwords 231
Secure Authentication Technologies 234
Access Controls 237
Access Control Schemes 237
Access Control Lists (ACLs) 240
Part 4
Infrastructure and Architectures 253
Module 8
Infrastructure Threats and Security Monitoring 254
Attacks on Networks 255
On-Path Attacks 256
Domain Name System (DNS)
Attacks 257
Distributed Denial of Service (DDoS)
Attack 260
Malicious Coding and Scripting
Attacks 261
Layer 2 Attacks 262
Credential Relay Attack 264
Security Monitoring and Alerting 265
Monitoring Methodologies 265
Monitoring Activities 266
Tools for Monitoring and Alerting 267
Email Monitoring and Security 272
How Email Works 272
Email Threats 274
Email Defenses 275
Module 9
Infrastructure Security 288
Security Appliances 290
Common Network Devices 291
Infrastructure Security Hardware 294
Software Security Protections 302
Web Filtering 302
DNS Filtering 303
File Integrity Monitoring (FIM) 304
Extended Detection and Response (XDR) 304
Secure Infrastructure Design 305
What Is Secure Infrastructure Design? 305
Virtual LANs (VLANs) 305
Demilitarized Zone (DMZ) 306
Zero Trust 308
Access Technologies 309
Virtual Private Network (VPN) 310
Network Access Control (NAC) 310
Module 10
Wireless Network Attacks and Defenses 325
Wireless Attacks 327
Cellular Networks 327
Bluetooth Attacks 327
Near Field Communication (NFC) Attacks 330
Radio Frequency Identification (RFID) Attacks 332
Wireless Local Area Network Attacks 334
Vulnerabilities of WLAN Security 341
Wired Equivalent Privacy (WEP) 342
Wi-Fi Protected Setup (WPS) 342
MAC Address Filtering 343
Wi-Fi Protected Access (WPA) 344
Wireless Security Solutions 344
Wi-Fi Protected Access 2 (WPA2) 344
Wi-Fi Protected Access 3 (WPA3) 346
Additional Wireless Security Protections 347
Module 11
Cloud and Virtualization Security 363
Introduction to Cloud Computing 364
What Is Cloud Computing? 365
Types of Clouds 367
Cloud Locations 367
Cloud Architecture 368
Cloud Models 368
Cloud Management 370
Cloud-Native Microservices 371
Cloud Computing Security 373
Cloud-Based Security 373
Cloud Vulnerabilities 374
Cloud Security Controls 376
Virtualization Security 380
Defining Virtualization 380
Infrastructure as Code 382
Security Concerns for Virtual Environments 384
Part 5
Operations and Management 395
Module 12
Vulnerability Management 396
Vulnerability Scanning 397
Vulnerability Scan Basics 397
Sources of Threat Intelligence 399
Scanning Decisions 404
Running a Vulnerability Scan 408
Analyzing Vulnerability Scans 412
Addressing Vulnerabilities 414
Audits and Assessments 416
Internal Audits 416
External Assessments 417
Penetration Testing 417
Module 13
Incident Preparation and Investigation 431
Preparatory Plans 433
Business Continuity Planning 433
Incident Response Planning 435
Resilience Through Redundancy 439
Servers 440
Drives 441
Networks 444
Power 445
Sites 446
Clouds 446
Data 447
Incident Investigation 449
Data Sources 449
Digital Forensics 451
Module 14
Oversight and Operations 469
Administration 470
Governance 470
Compliance 474
Security Operations 478
Automation 478
Orchestration 483
Threat Hunting 484
Artificial Intelligence 486
Module 15
Information Security Management 502
Asset Protection 504
Asset Management 504
Change Management 509
Risk Management 512
Defining Risk 513
Analyzing Risks 514
Managing Risks 518
Appendix A
CompTIA Security1 SY0-701 Certification Exam Objectives 534
Glossary 553
Index 572