-
Chapter 1 The CompTIA Security+ home page: www.comptia.com/certification/security/default.asp -
Chapter 2 Allen, Julia H. The CERT Guide to System and Network Security Practices . Addison-Wesley. Upper Saddle River, NJ, 2001. ISBN 020173723X. Krause, Micki, and Harold F. Tipton. Information Security Management Handbook, Fourth Edition . Auerbach Publications . New York, NY, 1999. ISBN 0849398290. The SANS "The Twenty Most Critical Internet Security Vulnerabilities" list: www.sans.org/top20/ -
Chapter 3 Chirillo, John. Hack Attacks Denied: A Complete Guide to Network Lockdown for UNIX, Windows , and Linux, Second Edition . John Wiley & Sons. Indianapolis, IN, 2002. ISBN 0471232831. Refer to Chapter 1, "Common Ports and Services," and Chapter 4, "Safeguarding Against Penetration Attacks." Chirillo, John. Hack Attacks Revealed: A Complete Reference for UNIX, Windows, and Linux with Custom Security Toolkit, Second Edition . John Wiley & Sons. Indianapolis, IN, 2002. ISBN 0471232823. Refer to Chapter 4, "Well-Known Ports and Their Services," and Chapter 5, "Discovery and Scanning Techniques." McClure, Stuart, Joel Scambray, and George Kurtz. Hacking Exposed: Network Security Secrets and Solutions, Third Edition . McGraw-Hill. New York, NY, 2001. ISBN 0072193816. Refer to Chapter 12, "Denial of Service Attacks." Virus Bulletin Web site: www.virusbtn.com The Twenty Most Critical Internet Security Vulnerabilities list (SANS): www.sans.org/top20/ The CERT Coordination Center (CERT/CC): www.cert.org -
Chapter 4 Allen, Julia H. The CERT Guide to System and Network Security Practices . Addison-Wesley. Upper Saddle River, NJ, 2001. ISBN 020173723X. SANS Information Security Reading Room: rr.sans.org/index.php -
Chapter 5 Allen, Julia H. The CERT Guide to System and Network Security Practices . Addison-Wesley, Upper Saddle River, NJ, 2001. ISBN 020173723X. The World Wide Web Security FAQ: www.w3.org/Security/Faq/ SANS Information Security Reading Room: rr.sans.org/index.php IEEE Standards Association: standards.ieee.org/ -
Chapter 6 Bragg, Roberta. CISSP Training Guide . Que. Indianapolis, IN, 2002. ISBN 078972801X. Refer to Chapter 2, "Telecommunications and Network Security." Lammle, Todd. CCNA Cisco Certified Network Associate Study Guide, Second Edition . Sybex. Alameda, CA, 2000. ISBN 0782126472. Refer to Chapter 6, "Virtual LANs (VLANs)." Maufer, Thomas A. IP Fundamentals: What Everyone Needs to Know About Addressing & Routing . Prentice Hall PTR. Upper Saddle River, NJ, 1999. ISBN 0139754830. Refer to Chapter 12, "Introduction to Routing." Firewall Architectures: www.invir.com/int-sec-firearc.html Introduction to the Internet and Internet Security: csrc.nist.gov/publications/nistpubs/800-10/node1.html IP in IP Tunneling (RFC 1853): www.faqs.org/rfcs/rfc1853.html VLAN information: net21.ucdavis.edu/newvlan.htm -
Chapter 7 Shipley, Greg. Maximum Security, Third Edition . Sams Publishing. Indianapolis, IN, 2001. ISBN 0672318717. The World Wide Web Security FAQ: www.w3.org/Security/Faq/ SANS Information Security Reading Room: rr.sans.org/index.php CERT Incident Reporting Guidelines: www.cert.org/tech_tips/incident_reporting.html -
Chapter 8 Krutz, Ronald, and Russell Dean Vines. The CISSP Prep Guide: Mastering the Ten Domains of Computer Security . John Wiley & Sons. Indianapolis, IN, 2001. ISBN 0471413569. How Encryption Works reference Web site: www.howstuffworks.com/encryption.htm RSA-Based Cryptographic Schemes Web site: www.rsasecurity.com/rsalabs/rsa_algorithm/ W3C XML Encryption Working Group Web site: www.w3.org/Encryption/2001/ National Institute of Standards and Technology Web site: www.nist.gov Rijndael Web site: www.esat.kuleuven.ac.be/~rijmen/rijndael/ Request for Comments (RFC) 2527, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework," on the Internet Engineering Task Force (IETF) Web site: www.ietf.org/rfc/rfc2527.txt Microsoft Kerberos deployment Web page: www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/windows2000serv/deploy/kerberos.asp Security books, journals, bibliographies , and publications listing Web site: www.cs.auckland.ac.nz/~pgut001/links/books.html -
Chapter 9 Housley, Russ and Tim Polk. Planning for PKI . John Wiley & Sons. New York, NY, 2001. ISBN 0471397024. Krutz, Ronald, and Russell Dean Vines. The CISSP Prep Guide: Mastering the Ten Domains of Computer Security . John Wiley & Sons. Indianapolis, IN, 2001. ISBN 0471413569. PKI X.509 PKIX Charter Web page (which provides a description of the working group and many related RFC and Internet-draft links): www.ietf.org/html. charters /pkix-charter.html International Telecommunications Union Web site page with information on the data networks and open systems communications recommendations: www.itu.int/rec/recommendation.asp?type=products&lang=e&parent=T-REC-X RSA Corporation "Public Key Cryptography Standards" Web page: www.rsasecurity.com/rsalabs/pkcs/ National Institute of Standards and Technology "Security Requirements for Cryptographic mod u les" Web page: csrc.nist.gov/cryptval/140-1/fr981023.htm -
Chapter 10 Chirillo, John. Hack Attacks Denied . John Wiley & Sons. New York, NY, 2001. ISBN 0471416258. Shipley, Greg. Maximum Security, Third Edition . Sams Publishing. Indianapolis, IN, 2001. ISBN 0672318717. SANS Information Security Reading Room: rr.sans.org/index.php CERT Incident Reporting Guidelines: www.cert.org/tech_tips/incident_reporting.html -
Chapter 11 Chirillo, John. Hack Attacks Denied . John Wiley & Sons. New York, NY, 2001. ISBN 0471416258. Cole, Eric. Hackers Beware . Pearson Education. Indianapolis, IN, 2002. ISBN 0735710090. An Explanation of Computer Forensics, by Judd Robbins: www.computerforensics.net/forensics.htm CERT Incident Reporting Guidelines: www.cert.org/tech_tips/incident_reporting.html Other Resources www.bluetooth.com/ is the official Bluetooth Web site. www.bluetooth.org/ offers information about joining the Bluetooth SIG. www.securityfocus.com/popups/forums/bugtraq/faq.shtml provides information about the SecurityFocus BUGTRAQ mailing list FAQ. www.informit.com/ includes IT-related articles, books, forums, and certification information (requires registration). www.mcmcse.com/comptia/security/SY0101.shtml is Microsoft's list of Security+ resources. www.certcities.com offers practice exams, exam review forums, and other information related to IT certification tests. The Security+ exam is discussed at certcities.com/editorial/exams/story.asp?EditorialsID=66. www.comptia.com/certification/security/default.asp is CompTIA's site for Security+ information. |