Information Security Management Complete Case Project 3-2 from page 142. Only one page is needed. Complete Case Project 4-4 from page 187. Only one page i

 Complete Case Project 3-2 from page 142. Only one page is needed.

Complete Case Project 4-4 from page 187. Only one page is needed.

double space

Case Project 3-2: Compare Cipher Tools

There are a variety of online cipher tools that demonstrate different cryptographic

algorithms. Visit the website Cipher Tools (rumkin.com/tools/cipher/) and explore the

different tools. Select three tools, one of which is mentioned in this chapter (ROT13, One-

Time Pad, etc.). Experiment with the three different tools. Which is easy to use? Which is more

difficult? Which tool would you justify to be more secure than the others? Why? Write a onepage

paper on your analysis of the tools.

Case Project 4-4: HTTPS

Hypertext Transport Protocol Secure (HTTPS) is becoming increasingly popular as a security

protocol for web traffic. Some sites automatically use HTTPS for all transactions (like Google),

while others require that users must configure it in their settings. Some argue that HTTPS should

be used on all web traffic. What are the advantages of HTTPS? What are its disadvantages? How

is it different from HTTP? How must the server be set up for HTTPS transactions? How would

it protect you using a public Wi-Fi connection at a local coffee shop? Should all web traffic be

required to use HTTPS? Why or why not? Write a one-page paper of your research.

SE/CIAMPA, CompTIA Security+ Guide to Network Security Fundamentals, 6th Edition ISBN-978-1-337-28878-1 ©20XX Designer: XXX
Text & Cover printer: Quad Graphics Binding: PB Trim: 7.375 x 9.125″ CMYK

Security+ Guide to
Network Security Fundam

entals

To register or access your online learning solution or purchase materials
for your course, visit www.cengagebrain.com.

Security+ Guide to Network
Security Fundamentals

INFORMATION SECURITY

Sixth Edition

Mark Ciampa

Sixth
Edition

CIAMPA

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

CompTIA Security+ SY0-501 Exam Objectives

Security+ Exam Domain/Objectives Chapter Bloom’s Taxonomy
1.0: Threats, Attacks, and Vulnerabilities
1.1 Given a scenario, analyze indicators of compromise and determine the type of

malware.
2 Analyze

1.2 Compare and contrast types of attacks. 2
3
5
8

11
15

Understand
Analyze
Understand
Apply/Understand
Create
Apply

1.3 Explain threat actor types and attributes. 1 Analyze/Apply
1.4 Explain penetration testing concepts. 13 Apply
1.5 Explain vulnerability scanning concepts. 13 Apply
1.6 Explain the impact associated with types of vulnerabilities. 1

3
4
5
9

10

Understand
Understand
Understand
Understand
Understand
Understand

2.0: Technologies and Tools
2.1 Install and configure network components, both hardware- and software-based,

to support organizational security.
4
6
7
8

Apply
Analyze
Apply
Analyze/Evaluate

2.2 Given a scenario, use appropriate software tools to assess the security posture of
an organization.

8
13
14

Evaluate
Analyze/Evaluate
Evaluate

2.3 Given a scenario, troubleshoot common security issues. 15 Analyze
2.4 Given a scenario, analyze and interpret output from security technologies. 6

7
9

Analyze
Analyze
Analyze

2.5 Given a scenario, deploy mobile devices securely. 8
10
11

Apply/Evaluate
Analyze/Create
Analyze

2.6 Given a scenario, implement secure protocols. 4
5

Apply
Analyze

3.0: Architecture and Design
3.1 Explain use cases and purpose for frameworks, best practices and secure

configuration guides.
1

15
Analyze
Understand

3.2 Given a scenario, implement secure network architecture concepts. 6
7
8

13

Analyze
Apply
Apply/Evaluate
Apply

88781_ifc_hr.indd 2 8/9/17 3:41 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Australia • Brazil • Mexico • Singapore • United Kingdom • United States

INFORMATION SECURITY

Mark Ciampa, Ph.D.

Sixth Edition

SECURITY+ GUIDE TO
NETWORK SECURITY

CompTIA ®

FUNDAMENTALS

88781_fm_hr_i-xxvi.indd 1 8/16/17 7:00 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

© 2018, 2015 Cengage Learning
Unless otherwise noted, all content is © Cengage.

Security+ Guide to Network
Security Fundamentals, Sixth
Edition

Mark Ciampa

SVP, GM Skills: Jonathan Lau

Product Team Manager: Kristin
McNary

Associate Product Manager: Amy
Savino

Executive Director of Development:
Marah Bellegarde

Senior Product Development
Manager: Leigh Hefferon

Senior Content Developer: Michelle
Ruelos Cannistraci

Product Assistant: Jake Toth

Marketing Director: Michelle McTighe

Production Director: Patty Stephan

Senior Content Project Manager:
Brooke Greenhouse

Art Director: Diana Graham

Cover image(s): iStockPhoto.com/
supernitram

Printed in the United States of America
Print Number: 01 Print Year: 2017

ALL RIGHTS RESERVED. No part of this work covered by the copy-
right herein may be reproduced or distributed in any form or by
any means, except as permitted by U.S. copyright law, without the
prior written permission of the copyright owner.

Library of Congress Control Number: 2017950178

ISBN: 978-1-337-28878-1
LLF ISBN: 978-1-337-68585-6

Notice to the Reader
Publisher does not warrant or guarantee any of the products described herein or perform any independent analysis in
connection with any of the product information contained herein. Publisher does not assume, and expressly disclaims, any
obligation to obtain and include information other than that provided to it by the manufacturer. The reader is expressly
warned to consider and adopt all safety precautions that might be indicated by the activities described herein and to avoid all
potential hazards. By following the instructions contained herein, the reader willingly assumes all risks in connection with such
instructions. The publisher makes no representations or warranties of any kind, including but not limited to, the warranties of
fitness for particular purpose or merchantability, nor are any such representations implied with respect to the material set forth
herein, and the publisher takes no responsibility with respect to such material. The publisher shall not be liable for any special,
consequential, or exemplary damages resulting, in whole or part, from the readers’ use of, or reliance upon, this material.

Cengage
20 Channel Center Street
Boston, MA 02210
USA

Cengage is a leading provider of customized learning solutions
with employees residing in nearly 40 different countries and sales
in more than 125 countries around the world. Find your local
representative at www.cengage.com.

Cengage products are represented in Canada by Nelson Education, Ltd.

To learn more about Cengage platforms and services,
visit www.cengage.com

Purchase any of our products at your local college store or at our
preferred online store www.cengagebrain.com

For product information and technology assistance, contact us at
Cengage Learning Customer & Sales Support, 1-800-354-9706.

For permission to use material from this text or product, submit all
requests online at www.cengage.com/permissions.

Further permissions questions can be e-mailed to
permissionrequest@cengage.com.

Some of the product names and company names used in this book have been used for identification purposes only
and may be trademarks or registered trademarks of their respective manufacturers and sellers.
Windows® is a registered trademark of Microsoft Corporation. Microsoft.is registered trademark of Microsoft
Corporation in the United States and/or other countries. Cengage is an independent entity from Microsoft Corporation
and not affiliated with Microsoft in any manner.

88781_fm_hr_i-xxvi.indd 2 8/16/17 7:00 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Brief Contents
INTRODUCTION…………………………………………………………………………………xv

PART 1

SECURITY AND ITS THREATS ………………………………………………………………..1

CHAPTER 1

Introduction to Security ……………………………………………………………………..3

CHAPTER 2

Malware and Social Engineering Attacks …………………………………………. 51

PART 2

CRYPTOGRAPHY ……………………………………………………………………………… 97

CHAPTER 3

Basic Cryptography …………………………………………………………………………. 99

CHAPTER 4

Advanced Cryptography and PKI …………………………………………………… 145

PART 3

NETWORK ATTACKS AND DEFENSES ………………………………………………. 189

CHAPTER 5

Networking and Server Attacks …………………………………………………….. 191

CHAPTER 6

Network Security Devices, Design, and Technology ……………………….. 233

CHAPTER 7

Administering a Secure Network …………………………………………………… 281

CHAPTER 8

Wireless Network Security …………………………………………………………….. 321

PART 4

DEVICE SECURITY…………………………………………………………………………… 371

CHAPTER 9

Client and Application Security ……………………………………………………… 373

iii

88781_fm_hr_i-xxvi.indd 3 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Brief Contents

CHAPTER 10

Mobile and Embedded Device Security ……………………………………………421

PART 5

IDENTITY AND ACCESS MANAGEMENT …………………………………………….469

CHAPTER 11

Authentication and Account Management ……………………………………..471

CHAPTER 12

Access Management ……………………………………………………………………….521

PART 6

RISK MANAGEMENT ………………………………………………………………………..563

CHAPTER 13

Vulnerability Assessment and Data Security …………………………………..565

CHAPTER 14

Business Continuity ………………………………………………………………………..607

CHAPTER 15

Risk Mitigation ……………………………………………………………………………….651

APPENDIX A

CompTIA SY0-501 Certification Exam Objectives ……………………………..691

GLOSSARY …………………………………………………………………………………………… 713

INDEX …………………………………………………………………………………………………..741

iv

88781_fm_hr_i-xxvi.indd 4 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Table of Contents
INTRODUCTION……………………………………………………………………………………………..xv

PART 1

SECURITY AND ITS THREATS …………………………………………….. 1

CHAPTER 1

Introduction to Security ………………………………………………….. 3
Challenges of Securing Information ………………………………………………………… 8

Today’s Security Attacks …………………………………………………………………………8
Reasons for Successful Attacks ………………………………………………………………12
Difficulties in Defending Against Attacks ………………………………………………. 14

What Is Information Security? ……………………………………………………………….. 17
Understanding Security …………………………………………………………………………18
Defining Information Security ……………………………………………………………….18
Information Security Terminology …………………………………………………………21
Understanding the Importance of Information Security ………………………….. 24

Who Are the Threat Actors? …………………………………………………………………… 28
Script Kiddies ……………………………………………………………………………………… 29
Hactivists …………………………………………………………………………………………… 29
Nation State Actors ………………………………………………………………………………30
Insiders ………………………………………………………………………………………………30
Other Threat Actors ………………………………………………………………………………31

Defending Against Attacks ……………………………………………………………………. 32
Fundamental Security Principles ………………………………………………………….. 32
Frameworks and Reference Architectures ……………………………………………… 35

Chapter Summary …………………………………………………………………………………. 35

Key Terms …………………………………………………………………………………………….. 37

Review Questions………………………………………………………………………………….. 37

Case Projects ………………………………………………………………………………………… 46

CHAPTER 2

Malware and Social Engineering Attacks ……………………….. 51
Attacks Using Malware ………………………………………………………………………….. 53

Circulation………………………………………………………………………………………….. 55
Infection …………………………………………………………………………………………….. 61

v

88781_fm_hr_i-xxvi.indd 5 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Table of Contentsvi

Concealment ………………………………………………………………………………………. 65
Payload Capabilities ……………………………………………………………………………..66

Social Engineering Attacks …………………………………………………………………….. 73
Psychological Approaches ……………………………………………………………………. 74
Physical Procedures ……………………………………………………………………………..80

Chapter Summary …………………………………………………………………………………. 82

Key Terms …………………………………………………………………………………………….. 84

Review Questions …………………………………………………………………………………. 84

Case Projects ………………………………………………………………………………………… 92

PART 2

CRYPTOGRAPHY ……………………………………………………………. 97

CHAPTER 3

Basic Cryptography ……………………………………………………….. 99
Defining Cryptography ………………………………………………………………………… 101

What Is Cryptography? ……………………………………………………………………….. 101
Cryptography and Security …………………………………………………………………. 105
Cryptography Constraints …………………………………………………………………….107

Cryptographic Algorithms ……………………………………………………………………. 108
Hash Algorithms …………………………………………………………………………………110
Symmetric Cryptographic Algorithms ………………………………………………….. 113
Asymmetric Cryptographic Algorithms ………………………………………………… 116

Cryptographic Attacks …………………………………………………………………………. 123
Algorithm Attacks ………………………………………………………………………………. 123
Collision Attacks ………………………………………………………………………………… 125

Using Cryptography …………………………………………………………………………….. 126
Encryption through Software ………………………………………………………………. 127
Hardware Encryption ………………………………………………………………………….128

Chapter Summary ……………………………………………………………………………….. 130

Key Terms …………………………………………………………………………………………… 132

Review Questions………………………………………………………………………………… 133

Case Projects ………………………………………………………………………………………. 142

CHAPTER 4

Advanced Cryptography and PKI …………………………………. 145
Implementing Cryptography ……………………………………………………………….. 147

Key Strength ……………………………………………………………………………………….147
Secret Algorithms ……………………………………………………………………………….148

88781_fm_hr_i-xxvi.indd 6 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Table of Contents vii

Block Cipher Modes of Operation ……………………………………………………….. 149
Crypto Service Providers…………………………………………………………………….. 150
Algorithm Input Values ………………………………………………………………………. 151

Digital Certificates ………………………………………………………………………………. 152
Defining Digital Certificates …………………………………………………………………. 152
Managing Digital Certificates ……………………………………………………………….154
Types of Digital Certificates ………………………………………………………………….158

Public Key Infrastructure (PKI) …………………………………………………………….. 165
What Is Public Key Infrastructure (PKI)? ………………………………………………. 166
Trust Models …………………………………………………………………………………….. 166
Managing PKI ……………………………………………………………………………………..168
Key Management ……………………………………………………………………………….. 171

Cryptographic Transport Protocols ……………………………………………………… 174
Secure Sockets Layer (SSL) …………………………………………………………………… 174
Transport Layer Security (TLS) …………………………………………………………….. 175
Secure Shell (SSH) ……………………………………………………………………………….176
Hypertext Transport Protocol Secure (HTTPS) ………………………………………..176
Secure/Multipurpose Internet Mail Extensions (S/MIME) ………………………. 177
Secure Real-time Transport Protocol (SRTP) ………………………………………….. 177
IP Security (IPsec) ………………………………………………………………………………. 177

Chapter Summary ……………………………………………………………………………….. 179

Key Terms …………………………………………………………………………………………… 181

Review Questions………………………………………………………………………………… 181

Case Projects ………………………………………………………………………………………. 187

PART 3

NETWORK ATTACKS AND DEFENSES ……………………………… 189

CHAPTER 5

Networking and Server Attacks …………………………………… 191
Networking-Based Attacks ………………………………………………………………….. 193

Interception ……………………………………………………………………………………….194
Poisoning …………………………………………………………………………………………. 196

Server Attacks …………………………………………………………………………………….. 201
Denial of Service (DoS) ………………………………………………………………………..201
Web Server Application Attacks ………………………………………………………….. 203
Hijacking ………………………………………………………………………………………….. 209
Overflow Attacks ……………………………………………………………………………….. 213
Advertising Attacks …………………………………………………………………………….. 215
Browser Vulnerabilities ………………………………………………………………………. 218

Chapter Summary ……………………………………………………………………………….. 222

88781_fm_hr_i-xxvi.indd 7 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Table of Contentsviii

Key Terms …………………………………………………………………………………………… 223

Review Questions………………………………………………………………………………… 223

Case Projects ………………………………………………………………………………………. 229

CHAPTER 6

Network Security Devices, Design, and Technology ……… 233
Security Through Network Devices ……………………………………………………… 235

Standard Network Devices …………………………………………………………………. 236
Network Security Hardware ……………………………………………………………….. 246

Security Through Network Architecture ………………………………………………. 260
Security Zones ………………………………………………………………………………….. 260
Network Segregation …………………………………………………………………………. 263

Security Through Network Technologies ……………………………………………… 265
Network Access Control (NAC) ……………………………………………………………. 265
Data Loss Prevention (DLP)…………………………………………………………………. 267

Chapter Summary ……………………………………………………………………………….. 269

Key Terms …………………………………………………………………………………………… 271

Review Questions………………………………………………………………………………… 271

Case Projects ………………………………………………………………………………………. 279

CHAPTER 7

Administering a Secure Network …………………………………. 281
Secure Network Protocols …………………………………………………………………… 283

Simple Network Management Protocol (SNMP) ……………………………………. 285
Domain Name System (DNS) ……………………………………………………………… 286
File Transfer Protocol (FTP)…………………………………………………………………. 288
Secure Email Protocols ………………………………………………………………………. 290
Using Secure Network Protocols …………………………………………………………..291

Placement of Security Devices and Technologies …………………………………. 292

Analyzing Security Data ………………………………………………………………………. 295
Data from Security Devices ………………………………………………………………… 296
Data from Security Software ………………………………………………………………. 297
Data from Security Tools ……………………………………………………………………. 298
Issues in Analyzing Security Data ……………………………………………………….. 298

Managing and Securing Network Platforms ………………………………………… 300
Virtualization …………………………………………………………………………………….300
Cloud Computing ………………………………………………………………………………. 304
Software Defined Network (SDN) ………………………………………………………… 306

Chapter Summary ……………………………………………………………………………….. 309

88781_fm_hr_i-xxvi.indd 8 8/16/17 7:01 PM

Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203

Table of Contents ix

Key Terms …………………………………………………………………………………………… 310

Review Questions………………………………………………………………………………… 311

Case Projects ………………………………………………………………………………………. 318

CHAPTER 8

Wireless Network Security ………………………………………….. 321
Wireless Attacks ………………………………………………………………………………….. 324

Bluetooth Attacks………………………………………………………………………………. 324
Near Field Communication (NFC) Attacks ……………………………………………..327
Radio Frequency Identification (RFID) Attacks ……………………………………… 330
Wireless Local Area Network Attacks …………………………………………………….332

Vulnerabilities of IEEE Wireless Security ………………………………………………. 341
Wired Equivalent Privacy …………………………………………………………………… 342
Wi-Fi Protected Setup ………………………………………………………………………… 343
MAC Address Filtering ……………………………………………………………………….. 344
SSID Broadcasting ……………………………………………………………………………… 345

Wireless Security Solutions …………………………………………………………………. 346
Wi-Fi Protected Access (WPA) …………………………………………………………….. 347
Wi-Fi Protected Access 2 (WPA2) …………………………………………………………. 349
Additional Wireless Security Protections ……………………………………………….352

Chapter Summary ……………………………………………………………………………….. 356

Key Terms …………………………………………………………………………………………… 359

Review Questions………………………………………………………………………………… 359

Case Projects ………………………………………………………………………………………. 368

PART 4

DEVICE SECURITY …………………………………………………………. 371

CHAPTER 9

Client and Application Security ……………………………………. 373
Client Security …………………………………………………………………………………….. 375

Hardware System Security …………………………………………………………………..375
Securing the Operating System Software ……………………………………………… 379
Peripheral Device Security ………………………………………………………………….. 388

Physical Security …………………………………………………………………………………. 392
External Perimeter Defenses ………………………………………………………………. 393
Internal Physical Access Security ………………………………………………………… 395
Computer Hardware Security ……..

Looking for this or a Similar Assignment? Click below to Place your Order