Год выпуска: 2003
Автор: Ruth A., Hudson K. / Рут А., Хадсон К.
Жанр: Компьютерная безопасность
Издательство: Microsoft Press
Серия: Microsoft Training Kit
Качество: eBook (изначально компьютерное)
Количество страниц: неизвестно (см. содержание)
Описание: В данной книге от Майкрософт изложены базовые принципы компьютерной безопасности. Пособие рассчитано на специалистов, готовящихся сдавать экзамен по компьютерной безопасности SY0-101 Computing Technology Industry Association (CompTIA).
Each chapter in this book is divided into lessons. Most lessons include hands-on procedures that allow you to practice or demonstrate a particular concept or skill. Each lesson ends with a short summary and a set of review questions to test your knowledge of the lesson material.
This book is appropriate for anyone who has experience working on computer networks and wants to learn more about computer security. This book is specifically designed for candidates preparing to take the CompTIA Security+ examination SY0-101. CompTIA describes the Security+ certified professional as follows:
"Those holding the Security+ certification have demonstrated the aptitude and ability to master such knowledge areas as: general security concepts, communications security, infrastructure security, basics of cryptography, and operational/organizational security."
No one is prevented from registering for or attempting the Security+ exam. However, you are more likely to achieve the Security+ certification if you meet certain prerequisites. At a minimum, you should be capable of installing, configuring, and connecting computers to the Internet before reading this book. Security+ Certification candidates should also have A+ and Network+ certifications or equivalent knowledge and skills, in addition to at least two years of experience in computer networking, and a thorough knowledge of Transmission Control Protocol/Internet Protocol (TCP/IP). This book will make the most sense to people who meet those criteria.
The section you are reading, "About This Book," contains a self-paced training overview and introduces the components of this training course. Read this section thoroughly to get the greatest educational value from this course and to plan which lessons you will complete.
Chapter 1 , "General Networking and Security Concepts," overviews many of the concepts discussed throughout the book. This chapter discusses the "big picture" of organizational and operational security, including security threats, intrusions, and defenses.
Chapter 2 , "TCP/IP Basics," presents an overview and review of the TCP/IP suite of protocols. This chapter also illustrates ways in which the TCP/IP protocol suite can be compromised.
Chapter 3 , "Certificate Basics," explains how encryption and certificates help you to increase security. The chapter describes cryptography and encryption keys, Public Key Infrastructure (PKI), and certification authorities.
Chapter 4 , "Network Infrastructure Security," describes a wide variety of security concerns related to the network infrastructure, including network device and cabling security, security zones, and monitoring network resources.
Chapter 5 , "Communications Security," describes ways to secure remote connections using a variety of encrypted connections and tunnels. You also learn about wireless security in this chapter.
Chapter 6 , "Application Security," explains the ways in which your e-mail, Web browser, and File Transfer Protocol (FTP) clients might be compromised by attackers. Further, you learn measures you can take to increase the security of those components.
Chapter 7 , "User Security," describes access control measures, such as mandatory and role-based authentication. This chapter also explains how you can increase security by using Kerberos, Challenge Handshake Authentication Protocol (CHAP), biometric authentication, and mutual authentication.
Chapter 8 , "Security Baselines," covers measures to increase the security of your network by ensuring that your hosts and devices are as safe as possible. This chapter focuses on how to keep servers secure, whereas Chapter 6 focused on how to secure client software.
Chapter 9 , "Operational Security," draws your attention to ways that your information security systems might be compromised by attacks from the world outside the computer. Issues such as social engineering, fire suppression, and disaster recovery are discussed. The chapter also discusses user and group management, removable media, and ways to protect your business continuity.
Chapter 10 , "Organizational Security," focuses on the policies, procedures, laws, and regulations that apply to your organization. Further, you learn to identify risks and methods for promoting your security policy and educating users.
Chapter 11 , " Incident Detection and Response," looks at the types of attacks your organization might encounter. This chapter also discusses intrusion detection systems and how to handle intrusions.
Appendix A, "Questions and Answers," lists all of the exercise and review questions from the book, showing the page number where the question
appears and the suggested answer.
Appendix B, "Ports and Protocol IDs," reiterates the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Protocol (IP) identifiers that you should know. This appendix is assembled as a study reference for your convenience.
The Glossary provides definitions of key networking terms used throughout the book.