Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover
Title Page
Copyright Page
Dedication
About the Author
Contents at a Glance
Contents
Acknowledgments
Introduction
Chapter 1 Security Fundamentals
Reviewing the Requirements for SSCP
Registering for the Exam
Have One Year of Experience
Passing the Exam
Maintaining Your SSCP Certification
Understanding Basic Security Concepts
Confidentiality
Integrity
Availability
Exploring Fundamentals of Security
Least Privilege
Separation of Duties
Privacy
Defense in Depth
Nonrepudiation
AAAs of Security
Accountability
Due Diligence
Due Care
Chapter Review
Questions
Answers
Chapter 2 Access Controls
Comparing Identification, Authentication, and Authorization
Exploring Authentication
Three Factors of Authentication
Multifactor Authentication
Reviewing Identification
Single Sign-on Authentication
Centralized vs. Decentralized Authentication
Offline Authentication
Device Authentication
Implementing Access Controls
Comparing Subjects and Objects
Logical Access Controls
Comparing Access Control Models
Discretionary Access Control
Non-Discretionary Access Control
Access Control Matrix vs. Capability Table
Participating in the Identity-Management Life Cycle
Identity Proofing
Provisioning and Authorization
Maintenance and Entitlement
De-provisioning
Participating in Physical Security Operations
Chapter Review
Questions
Answers
Chapter 3 Basic Networking and Communications
The OSI Model
The Physical Layer (Layer 1)
The Data Link Layer (Layer 2)
The Network Layer (Layer 3)
The Transport Layer (Layer 4)
The Session Layer (Layer 5)
The Presentation Layer (Layer 6)
The Application Layer (Layer 7)
Comparing the OSI and TCP/IP Models
Network Topologies
Ethernet
Bus
Star
Tree
Token Ring
Mesh
Reviewing Basic Protocols and Ports
Comparing IPv4 and IPv6
Dynamic Host Configuration Protocol
Address Resolution Protocol
Network Discovery Protocol
Domain Name System
Internet Control Message Protocol
Internet Group Message Protocol
Simple Network Management Protocol
File Transfer Protocol
Telnet
Secure Shell
HyperText Transfer Protocol and HyperText Transfer Protocol Secure
Transport Layer Security and Secure Sockets Layer
Network File System
Routing Protocols
E-mail Protocols
Tunneling Protocols
Internet Protocol Security
Mapping Well-Known Ports to Protocols
Comparing Ports and Protocol Numbers
Comparing Internetwork Trust Architectures
Comparing Public and Private IP Addresses
Using NAT
Comparing Trust Relationships
Exploring Wireless Technologies
Securing Data Transmissions
Wireless Device Administrator Password
Wireless Service Set Identifier
MAC Filtering
Bluetooth
GSM
3G, LTE, and 4G
WiMAX
Radio Frequency Identification
NFC
Protecting Mobile Devices
Chapter Review
Questions
Answers
Chapter 4 Advanced Networking and Communications
Managing LAN-Based Security
Comparing Switches and Routers
Segmentation
Secure Device Management
Understanding Telecommunications
Internet Connections
VoIP
Securing Phones
Converged Communications
Using Proxy Servers
Understanding Firewalls
Packet-Filtering Firewall
Stateful Inspection Firewall
Application Firewall
Next-Generation Firewall
Defense Diversity
Comparing Network-based and Host-based Firewalls
Exploring Remote Access Solutions
Risks and Vulnerabilities
Tunneling Protocols
Authentication
Traffic Shaping
Access and Admission Control
Exploring Virtual Environments
Virtualization Terminology
Shared Storage
Virtual Appliances
Continuity and Resilience
Separation of Data Plane and Control Plane
Software-defined Networking
Attacks and Countermeasures
Understanding Cloud Computing
Cloud Operation Models
Storage
Privacy
Data Control and Third-party Outsourcing
Compliance
Chapter Review
Questions
Answers
Chapter 5 Attacks
Comparing Attackers
Hackers and Crackers
White Hats, Black Hats, and Grey Hats
Advanced Persistent Threats
Insider Attacks
Script Kiddies
Phreaks
Accidental Threats
Exploring Attack Types and Countermeasures
Basic Countermeasures
Spoofing
DoS
DDoS
Botnets and Zombies
Sniffing Attack
Ping Sweep
Port Scan
Salami Attack
Man-in-the-Middle
Session Hijacking
Replay
Smurf and Fraggle Attacks
Software Security as a Countermeasure
Buffer Overflow Attacks
Injection Attacks
Cross-Site Scripting
Cross-Site Request Forgery
Password Attacks
Spam
Phishing Attacks
Phishing and Drive-by Downloads
Spear Phishing and Whaling
Vishing
Smishing
Zero Day Exploits
Covert Channel
Wireless Attacks and Countermeasures
Understanding Social Engineering
Tailgating
Impersonation
Dumpster Diving
Shoulder Surfing
Pharming
Social Networking Attacks
User Awareness as a Countermeasure
Chapter Review
Questions
Answers
Chapter 6 Malicious Code and Activity
Identifying Malicious Code
Virus
Worm
Trojan Horse
Scareware
Ransomware
Keylogger
Logic Bomb
Rootkits
Mobile Code
Backdoors and Trapdoors
RATs
Spyware
Malware Hoaxes
Analyzing the Stages of Regin
Understanding Malware Delivery Methods
Delivering Malware via Drive-by Downloads
Delivering Malware via Malvertising
Delivering Malware via E-mail
Delivering Malware via USB Drives
Implementing Malicious Code Countermeasures
Antivirus Software
Keeping AV Signatures Up to Date
Spam Filters
Content-Filtering Appliances
Keeping Operating Systems Up to Date
Scanners
Beware of Shortened Links
Sandboxing
Least Privilege
Software Security
Application Whitelisting and Blacklisting
Participating in Security Awareness and Training
Common Vulnerabilities and Exposures
Chapter Review
Questions
Answers
Chapter 7 Risk, Response, and Recovery
Defining Risk
Identifying Threat Sources
Identifying Threat Events
Understanding Vulnerabilities
Understanding Impact
Managing Risk
Residual Risk
Identifying Assets
Risk Visibility and Reporting
Risk Register
Performing Risk Assessments
Quantitative Analysis
Qualitative Analysis
Risk Assessment Steps
Address Findings
Responding to Incidents
Preparation
Detection and Analysis
Containment, Eradication, and Recovery
Post-incident Activity
Chapter Review
Questions
Answers
Chapter 8 Monitoring and Analysis
Operating and Maintaining Monitoring Systems
Intrusion Detection Systems
IDS Alerts
Network-based Intrusion Detection Systems
Host-based Intrusion Detection Systems
Intrusion Prevention Systems
Detection Methods
Wireless Intrusion Detection and Prevention Systems
Analyzing Results
Detection Systems and Logs
Detecting Unauthorized Changes
Using Security Information and Event Management Tools
Performing Security Assessment Activities
Vulnerability Assessments
Penetration Tests
Chapter Review
Questions
Answers
Chapter 9 Controls and Countermeasures
Using Controls, Safeguards, and Countermeasures
Performing a Cost-Benefit Analysis
Security Controls Life Cycle
Understanding Control Goals
Preventive
Detective
Corrective
Other Controls
Comparing the Classes of Controls
Management/Administrative Security Controls
Technical Security Controls
Operational Security Controls
Physical Security Controls
Combining Control Goals and Classes
Exploring Some Basic Controls
Hardening Systems
Policies, Standards, Procedures, and Guidelines
Response Plans
Change Control and Configuration Management
Testing Patches, Fixes, and Updates
Endpoint Device Security
User Awareness and Training Programs
Understanding Fault Tolerance
Fault Tolerance for Disks
Failover Clusters
Redundant Connections
Understanding Backups
Full Backups
Full/Incremental Backup Strategy
Full/Differential Backup Strategy
Chapter Review
Questions
Answers
Chapter 10 Auditing
Understanding Auditing and Accountability
Holding Users Accountable with Audit Logs
Auditing with Logs
Clipping Levels
Understanding Audit Trails
Exploring Audit Logs
Operating System Logs
Storing Logs on Remote Systems
*Nix Logs
Proxy Server Logs
Firewall Logs
Reviewing Logs
Managing Audit Logs
Performing Security Audits
Auditing Passwords
Auditing Security Policies
ISACA
Exploring PCI DSS Requirements
Auditing Physical Access Controls
Understanding Configuration Management
Using Imaging for Configuration Management
Using Group Policy for Configuration Management
Understanding Change Management
Chapter Review
Questions
Answers
Chapter 11 Security Operations
Handling Data
Classifying Data
Marking and Labeling Data
Roles and Responsibilities
Protecting Data from Cradle to Grave
Data at Rest and Data in Motion
Data Management Policies
Understanding Databases
Data Inference
Data Diddling
Securing Big Data
Regulatory Requirements
Training
Managing Assets
Hardware
Software
Data
Certification and Accreditation
Certification, Accreditation, and Security Assessments
Common Criteria
Using a Risk Management Framework
Understanding Security Within the System Development Life Cycle
Chapter Review
Questions
Answers
Chapter 12 Security Administration and Planning
Understanding Security Policies
Security Policy Characteristics
Enforcing Security Policies
Value of a Security Policy
Security Policies Becoming More Common
Understanding Code of Ethics
Policy Awareness
Updating Security Policies
Understanding BCPs and DRPs
Business Impact Analysis
Disaster Recovery Plan
Emergency Response Plans and Procedures
Comparing a BCP and a DRP
Restoration Planning
Testing and Drills
Alternative Locations
Identifying Security Organizations
NIST
US-CERT
SANS Institute
CERT Division
Chapter Review
Questions
Answers
Chapter 13 Legal Issues
Exploring Computer Forensics
Participating in Incident Handling
First Responders and Preserving the Scene
Three Phases of a Computer Forensics Investigation
Forensic Evidence Guidelines and Principles
Comparing Computer Abuse and Computer Crime
Understanding Fraud and Embezzlement Crime
Mandatory Vacations
Job Rotation
Understanding Privacy Issues
European Directives
California Supreme Court Rules That ZIP Codes Are PII
Connecticut’s Public Act No. 08-167
Children’s Online Privacy Protection Act
California Online Privacy Protection Act of 2003
Chapter Review
Questions
Answers
Chapter 14 Cryptography
Understanding Basic Cryptography Concepts
Cryptography Terminology
Data Sensitivity
Regulatory Requirements
Participating in Security Awareness and Training
Enforcing Integrity with Hashing
Hashing Algorithms Provide One-Way Encryption
Hashing Algorithms
Verifying a Hash
Salting Passwords
Exploring Symmetric Encryption
ROT13
Composing and Rotating Keys
Comparing Block and Stream Ciphers
Advanced Encryption Standard
Other Symmetric Encryption Algorithms
Exploring Asymmetric Encryption
RSA
Transport Layer Security
Secure Sockets Layer
Diffie-Hellman
Elliptic Curve Cryptography
Secure Shell
Protecting E-mail with S/MIME
Pretty Good Privacy (PGP)
Other Encryption Schemes
Steganography
IPsec
Public Key Infrastructure
Certificates
Certificate Authority
Key Escrow
Alternative Certificate Trusts
Comparing Cryptanalysis Attacks
Managing Cryptographic Keys
Known-Plaintext Attack
Ciphertext-Only Attack
Chapter Review
Questions
Answers
Appendix About the Download
System Requirements
Downloading Total Tester Premium Practice Exam Software
Total Tester Premium Practice Exam Software
Installing and Running Total Tester
Technical Support
Total Seminars Technical Support
McGraw-Hill Education Content Support
Glossary
Index
← Prev
Back
Next →
← Prev
Back
Next →