Welcome to the Security+ Certification Training Kit. This training kit introduces the basic concepts of computer security. It is designed to prepare you to take the Security+ Certification exam administered by the Computing Technology Industry Association (CompTIA). The Security+ Certification program covers the computer security technologies most commonly used today. Passing the Security+ Certification exam means you are certified as possessing the basic knowledge and skills needed to work in computer security. However, this book is not just about getting you through the exam. The lessons in these chapters also provide you with knowledge you'll use to create a more secure computing environment.
Each chapter in this book is divided into lessons. Most lessons include hands-on procedures that allow you to practice or demonstrate a particular concept or skill. Each lesson ends with a short summary and a set of review questions to test your knowledge of the lesson material.
This book is appropriate for anyone who has experience working on computer networks and wants to learn more about computer security. This book is specifically designed for candidates preparing to take the CompTIA Security+ examination SY0-101. CompTIA describes the Security+ certified professional as follows:
"Those holding the Security+ certification have demonstrated the aptitude and ability to master such knowledge areas as: general security concepts, communications security, infrastructure security, basics of cryptography, and operational/organizational security."
No one is prevented from registering for or attempting the Security+ exam. However, you are more likely to achieve the Security+ certification if you meet certain prerequisites. At a minimum, you should be capable of installing, configuring, and connecting computers to the Internet before reading this book. Security+ Certification candidates should also have A+ and Network+ certifications or equivalent knowledge and skills, in addition to at least two years of experience in computer networking, and a thorough knowledge of Transmission Control Protocol/Internet Protocol (TCP/IP). This book will make the most sense to people who meet those criteria.
Throughout this book, you will find references to RFC (Request for Comment), NIST (National Institute for Standards and Technology), and CC (Common Criteria) documents which supplement the topic being discussed. Unless otherwise noted, these documents can be found at the following Web sites:
CC: http://www.commoncriteria.org
NIST: http://www.csrc.nist.gov/publications
RFC: http://www.icann.rfceditor.org
For your convenience, some key RFC, NIST, and CC documents are included on the Supplemental Course Materials CD-ROM. These documents are provided as supplemental information. However, we recommend that you go to the respective Web sites to get the most up-to-date documents if you intend to use the information to manage your security issues.
The Supplemental Course Materials CD-ROM contains a variety of informational aids that can be used throughout this book.
For additional support information regarding this book and the CD-ROM, visit the Microsoft Press Technical Support Web site at www.microsoft.com/mspress/support. You can also e-mail TKINPUT@MICROSOFT.COM or send a letter to Microsoft Press, Attn: Microsoft Press Technical Support, One Microsoft Way, Redmond, WA 98052-6399.
Each chapter has a "Before You Begin" section, which prepares you for completing the chapter.
The chapters are broken into lessons. Some lessons contain practice exercises that give you an opportunity to use the information presented or to explore the part of the application being described.
The "Lesson Summary" section at the end of each lesson identifies key points discussed in the text.
The "Lesson Review" section at the end of each lesson allows you to test yourself on what you have learned in that lesson.
Appendix A, "Questions and Answers," contains all the book's questions and provides the appropriate answers.
Several types of notes appear throughout the lessons.
The following notational conventions are used throughout this book.
Icon | Represents |
| Supplemental course materials. You will find these materials on the Supplemental Course Materials CD-ROM. |
| An exercise containing questions about the lesson just presented. Answers to the exercises are contained in Appendix A, "Questions and Answers," at the end of the book. |
| Lesson review questions. These questions at the end of each lesson allow you to test what you have learned in the lesson. You will find the answers to the review questions in Appendix A, "Questions and Answers," at the end of the book. |
This self-paced training kit combines notes, exercises, and review questions to help you prepare for the Security+ Certification exam. The book is designed to be worked through from beginning to end, but you can choose a customized track and complete only the sections that interest you. (See the next section, "Finding the Best Starting Point for You," for more information.) If you choose the customized track option, see the "Before You Begin" section in each chapter. Any hands-on procedures that require preliminary work from preceding chapters refer to the appropriate chapters.
The book is divided into the following chapters:
Because this book is self-paced, you can skip some lessons and revisit them later.
If You | Follow This Learning Path |
Are preparing to take the CompTIA Certification Exam SY0-101 | Read the "Getting Started" section. Then work through the remaining chapters in any order. |
Want to review information about | Use the "Where to Find Specific Skills in This Book" section that follows this table. |
The following tables provide a list of the skills measured on certification exam Security+ Examination SY0-101. The table lists the skills, as defined in the objectives for the exam, and where in this book you will find the lesson relating to a particular skill.
Exam objectives are subject to change without prior notice.
Skill Being Measured | Location in Book |
1.1. Access Control
| Chapter 9, Lesson 1 Chapter 7, Lesson 2 Chapter 9, Lesson 2 |
1.2. Authentication
| Chapter 7, Lesson 3 |
1.3. Non-essential Services and Protocols | Chapter 8, Lesson 1 |
1.4. Attacks
Brute Force Dictionary
| Chapter 11, Lesson 1 |
1.5. Malicious Code
| Chapter 11, Lesson 1 |
1.6. Social Engineering | Chapter 1, Lesson 2 Chapter 9, Lesson 1 Chapter 11, Lesson 1 |
1.7. Auditing | Chapter 1, Lesson 4 Chapter 9, Lesson 2 |
Skill Being Measured | Location in Book | ||
2.1. Remote Access
| Chapter 5, Lesson 2 | ||
2.2. E-mail
Spam Hoaxes | Chapter 6, Lesson 1 | ||
2.3. Web
| Chapter 6, Lesson 2 | Vulnerabilities 8.3 Naming Conventions Packet Sniffing Privacy | Chapter 6, Lesson 1 Chapter 6, Lesson 2 |
Java Script ActiveX Buffer Overflows Cookies Signed Applets CGI SMTP Relay | Chapter 6, Lesson 1 Chapter 6, Lesson 2 | ||
2.4. Directory
| Chapter 8, Lesson 2 | ||
2.5. File Transfer
Packet Sniffing | Chapter 8, Lesson 2 Chapter 6, Lesson 2 Chapter 8, Lesson 2 Chapter 6, Lesson 3 Chapter 6, Lesson 1 Chapter 6, Lesson 1 | ||
2.6. Wireless
Site Surveys | Chapter 5, Lesson 3 |
Skill Being Measured | Location in Book |
3.1. Devices
| Chapter 4, Lesson 3 |
| Chapter 4, Lesson 4 |
3.2. Media
| Chapter 4, Lesson 2 |
Tape CDR Hard Drives Diskettes Flash Cards Smart Cards | Chapter 9, Lesson 3 |
3.3. Security Topologies
DMZ Intranet Extranet
| Chapter 4, Lesson 4 |
| Chapter 5, Lesson 2 |
3.4. Intrusion Detection
Active Detection Passive Detection
Active Detection Passive Detection
| Chapter 11, Lesson 2 |
3.5. Security Baselines
File System Updates (Hotfixes, Service Packs, Patches)
Updates (Firmware) Configuration | Chapter 8, Lesson 1 |
Updates (Hotfixes, Service Packs, Patches) Web Servers E-Mail Servers FTP Servers DNS Servers NNTP Servers File/Print Servers DHCP Servers Data Repositories | Chapter 8, Lesson 2 Chapter 8, Lesson 1 Chapter 8, Lesson 2 |
Skill Being Measured | Location in Book |
4.1. Algorithms
| Chapter 3, Lesson 1 |
4.2. Concepts of Using Cryptography
Digital Signatures
Digital Signatures
| Chapter 3, Lesson 2 |
4.3. PKI
Certificate Policies Certificate Practice Statements
| Chapter 3, Lesson 1 |
4.4. Standards and Protocols | Chapter 3, Lesson 1 |
4.5. Key Management/Certificate Lifecycle
Hardware vs. Software Private Key Protection
Status Checking
Status Checking
M of N Control
| Chapter 3, Lesson 5 |
Skill Being Measured | Location in Book |
5.1. Physical Security
Physical Barriers Biometrics
Wireless Cells Location Shielding Fire Suppression | Chapter 9, Lesson 1 |
5.2. Disaster Recovery
Offsite Storage
Alternate Sites
| Chapter 9, Lesson 1 |
5.3. Business Continuity
| Chapter 9, Lesson 4 |
5.4. Policy and Procedures
Acceptable Use Due Care Privacy Separation of Duties Need to Know Password Management SLA Disposal/Destruction HR Policy | Chapter 10, Lesson 1 |
| Chapter 10, Lesson 1 |
5.5. Privilege Management
| Chapter 9, Lesson 2 |
5.6. Forensics
| Chapter 11, Lesson 3 |
5.7. Risk Identification
| Chapter 10, Lesson 2 |
5.8. Education: Training of End Users, Executives,
| Chapter 10, Lesson 3 |
5.9. Documentation
Notification
| Chapter 10, Lesson 1 |
This self-paced training kit comes with a companion CD-ROM, which contains additional material to enhance and supplement the text. The following sections discuss the hardware and software required to complete the exercises and view the items on the companion CD-ROM.
You can perform most exercises without any computer at all. However, a few exercises ask you to install and use certain security programs. To perform these exercises, you will need a computer and an operating system. Almost any computer produced after 1994 can be used for the computer-related exercises in this book. However, the exercises themselves were written on an Intel-compatible system running the Microsoft Windows 2000 Professional operating system. If you choose to utilize Windows 2000 Professional to complete all of the exercises in this book you'll require a minimum of:
The most important requirement is to be sure that your computer supports the software and operating system that you load on it. This information can be obtained from the manufacturer of your operating system. Many of the exercises that involve a computer require you to connect to the Internet.
There is no particular operating system required to work with the software referenced in this book. The step-by-step instructions were written to work precisely on a Windows 2000 Professional computer, but they should work similarly on any Windows 95 or later operating system. If you have another operating system, you might need to look up specific steps on how to install the software referenced in this book on your particular operating system. All other software you require to perform any exercise can be downloaded for free from the Internet.
To view the eBook you must have Microsoft Internet Explorer 5.01 or later and the proper Hypertext Markup Language (HTML) components on your system. If your system does not meet these requirements, you can install Internet Explorer 6 Service Pack 1 from the CD-ROM prior to installing the eBook.
You must have the Supplemental Course Materials CD-ROM inserted in your CD-ROM drive to run the eBook.
To perform these exercises, you must set up your computer according to the manufacturer's instructions. All other instructions should be accurate for a Windows 2000 Professional operating system and very similar for Windows 95 or later operating systems. As previously mentioned, you should already be capable of installing, configuring, and connecting computers to the Internet before reading this book or attempting any of these exercises. Those tasks must be accomplished according to your software and hardware vendor instructions before you attempt any computer-related exercise in this book.
The companion CD also includes a fully searchable electronic version of the book (eBook).
If AutoRun is disabled on your machine, run StartCD.exe in the root folder of the CD-ROM or refer to the Readme.txt file on the CD-ROM.
If AutoRun is disabled on your machine, run StartCD.exe in the root folder of the CD-ROM or refer to the Readme.txt file on the CD-ROM.
The CD-ROM also includes an assessment tool that generates 50-question practice exams with automated scoring and answer feedback.
If AutoRun is disabled on your machine, run StartCD.exe in the root directory of the CD-ROM or refer to the Readme.txt file on the CD-ROM.
The CompTIA Security+ Certification is a testing program sponsored by the Computing Technology Industry Association (CompTIA) that certifies the knowledge of networking technicians who have accumulated 24 months of experience in the information technology (IT) industry. You can find more information about CompTIA certifications at http://www.comptia.org/certification.
Leading experts from all sectors of the IT industry developed the Security+ Certification Exam SY0-101. CompTIA conducted a multilevel review process for all questions to ensure that they are accurate as well as psychometrically sound.
For most individuals, Security+ Certification is the first step on the path to becoming a security professional. It can also be thought of as the next step after CompTIA's A+ and Network+ certifications for people who want to specialize in computer security. Passing the Security+ examination certifies you as possessing the basic knowledge and skills needed to become a computer security specialist. If you are interested in becoming a Microsoft Certified Systems Engineer (MCSE), the Security+ Certification Training Kit provides just the foundation you need to get on your way with confidence.
With Security+ Certification, you will receive many benefits, including the
following:
The text in this book prepares you to master the skills needed to pass the Security+ exam. By mastering all course work, you will be able to complete the Security+ Certification exam with the confidence you need to ensure success. Individuals are permitted to take the exam as many times as they like.
The exam is broken down into five sections, called objective domains. The following table lists the objective domains and the extent to which they are represented in the examination.
Security+ Certification Domain Area | Percentage of Examination |
1.0 General Security Concepts | 30 percent |
2.0 Communications Security | 20 percent |
3.0 Infrastructure Security | 20 percent |
4.0 Basics of Cryptography | 15 percent |
5.0 Operational/Organizational Security | 15 percent |
Anyone can take the Security+ exam. There are no specific requirements or prerequisites, except payment of the fee. However, exam content is targeted to computer technicians with 24 months of experience in the IT industry. A typical candidate will have CompTIA A+ and Network+ certifications or have equivalent knowledge, but those certifications are not required to register for the exam.
The tests are administered at both Thompson Prometric and VUE testing centers.
The phone number for registering with Thompson Prometric Security+ in the US is 1-800-977-3926. The phone number for registering with VUE in the US and Canada
is 1-877-551-PLUS (7587). To find registration phone numbers for other countries, or to register online, visit the VUE (http://www.vue.com ) or Thompson Prometric (http://www.2test.com ) Web sites.
When you call, please have the following information available:
Payment is made at the time of registration, either by credit card or by requesting that an invoice be sent to you or your employer. Vouchers and coupons are also redeemed at that time.
The process of preparing for the Security+ exam is unique to every student, but there are a wide variety of resources to aid you in the process, including the following:
The Security+ exam is administered by computer, and is completely "closed book." You are not permitted to bring any written materials into the testing room with you, although you are given a pencil and a blank piece of paper or a scratch tablet on which you can write any information you want before the exam begins. Many candidates memorize a page full of crucial facts and jot them down in the testing room before the exam begins. You can then use your own notes during the exam, but you must turn them in afterward; you cannot take them out with you.
The testing room typically contains a group of computers, with cubicles or dividers to prevent any distraction or communication between candidates. In most cases, there is a window through which a proctor observes the testing process. You are given time in the testing room to make your own notes. You can then take an orientation exam on the testing computer to familiarize yourself with the format of the software.
The exam is preloaded on the computer when you arrive, and you can start the test at any time. The exam consists of 100 questions, chosen at random from a pool, so that the probability of two people taking the exact same exam is very slight. You have 90 minutes to take the exam; a clock on the computer screen keeps you informed of the time remaining. Each question appears on a separate screen, and you can move forward and backward through the questions by clicking the appropriate arrows. Instructions for using the testing software appear on each screen, although most users familiar with graphical user interfaces don't need them.
The questions are all multiple choice. Some questions require you to select a single answer; these questions have radio buttons on the answers so you can make only one choice. Some questions require more than one answer. These questions have check boxes and also indicate how many selections you can make. All questions are graded either right or wrong; there is no partial credit. If you do not select the required number of responses to a question, the software flags that question and reminds you that it is incomplete at the end of the exam. In some cases, questions include graphics, such as charts or network diagrams. You are asked a question about the graphic, and you might have to click on a particular part of the graphic to indicate your answer.
As you take the test, you can answer each question as it appears, or you can fill a check box that flags an unanswered question to review later. This feature is for user convenience only. You can return to any question at any time in the exam by clicking the forward and backward arrows. The flags only enable you to return to specific questions without having to go through all the questions you have already completed.
Candidates have different techniques for taking multiple-choice exams. Some people read all of the questions first before selecting any responses. This can be beneficial, because later questions might provide a hint or trigger your memory about the subject of an earlier question. However, don't waste too much time doing this, or you might find yourself rushing through the last few questions. Answering 100 questions in 90 minutes works out to less than one minute for each question, so you can't afford to spend too much time on any one question.
The key to taking an exam of this type is to read each question carefully. The language of the questions is chosen very carefully, and sometimes rather deviously. In many cases, questions are designed to trick you into thinking that they are easier than they actually are. If an answer seems painfully obvious, read the question over again. Chances are, the obvious answer is not the correct one. In some cases, all of the responses are correct, and you are instructed to select the one that best answers the question, so always be sure to read all of the possible responses, even when the first one seems correct.
Even if you are completely stumped about a question, you should take a guess before the exam is over. Leave yourself a few minutes at the end of the test to make any guesses you need to, so that you don't leave any questions unanswered.
At the end of the exam there is a brief delay as the computer totals your score. You then receive the results on the spot, with a printed report that breaks down your score into several topics. If you fail the test, this report can be an excellent guide to the material that requires further study. If you pass, the report contains the certification number that you can use to prove your status. Although you receive a score for the exam, the Security+ Certification exam is strictly pass/fail. You can use your high score for bragging rights among your friends and colleagues, but all candidates passing the exam receive the same certification, which is a certificate that CompTIA mails to you a few weeks after the exam.
Every effort has been made to ensure the accuracy of this book and the contents of the companion disc. If you have comments, questions, or ideas regarding this book or the companion disc, please send them to Microsoft Press using either of the following methods:
E-mail: TKINPUT@MICROSOFT.COM
Postal Mail: Microsoft Press
Attn: Security+ Certification Training Kit Editor
One Microsoft Way
Redmond, WA 98052-6399
The Microsoft Press Web site (http://www.microsoft.com/mspress/support ) provides corrections for books. Please note that product support is not offered through this Web site. For further information regarding Microsoft software support options, please connect to http://www.microsoft.com/support.
For information about ordering the full version of any Microsoft software, please connect to http://www.microsoft.com.