Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
CompTIA Security+ Certification Guide
CompTIA Security+ Certification Guide

CompTIA Security+ Certification Guide: Master IT security essentials and exam topics for CompTIA Security+ SY0-501 certification

eBook
$26.99
Paperback
$32.99
Subscription
Free Trial
Renews at $12.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

CompTIA Security+ Certification Guide

Chapter 1. Understanding Security Fundamentals

In this chapter we will look at a number of security fundamentals, some of these will be expanded upon in later chapters. For the exam you will need to know all of the information in this book as the exam is fairly tricky. 

We will cover the following exam objectives in this chapter:

  • Explaining the importance of physical security controls: Lighting—signs—fencing/gate/cage—security guards—alarms—safe—secure cabinets/enclosures—protected distribution/protected cabling—Airgap—Mantrap—Faraday cage—lock types—Biometrics—Barricades/bollards—tokens/cards—environmental controls—HVAC—hot and cold aisles—fire suppression—cable locks—screen filters—cameras—motion detection—logs—infrared detection—key management
  • Given a scenario, implement identity and access management controls: Access control models—MAC—DAC—ABAC—role-based access control—rule-based access control—physical access control—proximity cards—smart cards
  • Comparing and contrasting various types of controls: Deterrent—preventive—detective—corrective—compensating—technical—administrative—physical
  • Explaining cryptography algorithms and their basic characteristics: Hashing algorithms—MD5—SHA—HMAC—RIPEMD

CIA triad concept


Most security books start with the basics of security by featuring the CIA triad—this is a model designed to guide policies for information security within an organization. It is a widely used security model and it stands for confidentiality, integrity, and availability; the three key principles that should be used to guarantee having a secure system:

Figure 1: CIA triad

  • Confidentiality: Prevents the disclosure of data to unauthorized people so that only authorized people have access to data—this is known as the need to know basis. Only those who should know the contents should be given access. An example would be that your medical history is only available to your doctor and nobody else. We also tend to encrypt data to keep it confidential.
  • Integrity: This means that you know that data has not been altered or tampered with. We use a technique called hashing that takes the data and converts it into a numerical value. If you run the hash when you suspect changes have taken place, and if the numerical value has changed, then the data has been tampered with. Common hashing algorithms in the exam are Secure Hash Algorithm version 1 (SHA1) and Message Digest version 5 (MD5).
  • Availability: Ensures that data is always available; if you wanted to purchase an airplane ticket and the system came back with an error and you could not purchase it, this could be frustrating.

Identifying security controls


There are a wide variety of different security controls that are used to mitigate the risk of being attacked; the three main security controls are technical, administrator, and physical. In this section, we are going to look at these in more detail; you need to be familiar with each of these controls and when each of them should be applied. Let's start by looking at the three main controls.

Administrative controls

Administrative controls are mainly written by managers to create organizational policies to reduce the risk within companies. Examples could be an internet-use policy so that the employees realize that the internet can only be used for company business and not used for social media during the working day. Another administrative control would be completing a form if you want to apply for a holiday; the form would be available from the forms library:

Note

Administrative controls could be writing a policy, completing a form, and getting your ID badge re-keyed annually.

  • Annual security awareness training: This is an annual event where you are reminded about what you should be doing on a daily basis to keep the company safe. An example would be when you are finished for the day that you clear your desk and lock all documents away; another would remind you that your identity badge should be worn at all times and you should challenge anyone not wearing a badge. Another example is that companies now need their employees to complete cyber security training as the risk is getting greater each day.
  • Annual risk assessment: A company will have a risk register where the financial director will look at all of the risks associated with money and the IT manager will look at all of the risks posed by the IT infrastructure. As technology changes and the hackers get more sophisticated, the risks can become greater.
  • Penetration testing/vulnerability scanning: A vulnerability scan is not intrusive as it merely checks for vulnerabilities, whereas a penetration test is more intrusive and can exploit vulnerabilities. These will be explained further into this book.
  • Change management: This is a process that a company adopts so that any changes don't cause any security risks to the company. A change to one department could impact another department. The Change Advisory Board (CAB) assists with the prioritization and priority of changes; they also look at the financial benefits of the change and they may accept or reject the changes proposed for the benefit of the company. Information technology (IT) evolves rapidly and our processes will need to change to cope with potential security risks associated with the newer technology.

Technical controls

Technical controls are those implemented by the IT team to reduce risk to the business. These could include the following:

  • Firewall rules: Firewalls prevent unauthorized access to the network by IP address, application, or protocol. These are covered in-depth later in this book.
  • Antivirus/antimalware: This is the most common threat to the business and we must ensure that all servers and desktops are protected and up to date.
  • Screen savers: These log computers off when they are idle, preventing access.
  • Screen filters: These prevent people walking past from reading the data on your screen.
  • Intrusion Prevention Systems (IPS)/Intrusion Detection Systems (IDS): The intrusion detection system monitors the network for any changes and the intrusion prevention system stops the attacks.

Note

Technical controls could be installing a screensaver or configuring firewall rules.

Physical controls

Physical controls are controls that you can touch, for examples:

  • Cable locks: These are attached for laptops to secure them so that nobody can steal them.
  • Laptop safe: Laptops and tablets are expensive, but the data they hold could be priceless, therefore there are safes for the storage of laptops and tablets.
  • Biometric locks: Biometrics are unique to each person; examples would be their fingerprint, voice, iris scanner, and facial recognition. 
  • Fences/gates: The first line of defense should be a perimeter fence as the openness of many sites renders them highly vulnerable to intruders. The access to the site can be controlled by using a gate either manned by a security guard or with a proximity reader. A timber fence does not provide as much protection as a high steel fence.
  • Burglar alarms: These are set when the premises is not occupied, so when someone tries to break into your premises, it will trigger the alarm and notify the monitoring company or local police.
  • Fire alarms/smoke detectors: In a company, there will be fire alarms or smoke detectors in every room so that when a fire breaks out, and the alarms go off, the people inside the premises are given the opportunity to escape.
  • Lighting: Lighting is installed for two main reasons: the first reason is so that anyone trying to enter your site at night can be seen and the second reason is for safety.
  • Security guards: They check the identity cards of people entering the building to stop unauthorized access. This also helps deter people trying to enter a building illegally.
  • Mantraps: These are turnstile devices that only allow one person in at a time. They maintain a safe and secure environment mainly for a data center. A data center hosts many servers for different companies.
  • Perimeter protection: Fences, gates, and lights could protect the perimeter of your company. We could place bollards in front of a building to stop a car driving through the entrance. These normally protect ATM cash machines from being hit by a vehicle.
  • Internal protection: We could have safes and secure enclosures; the first example would be a toughened glass container or a sturdy mesh both with locks to reduce access. We could also have protected distribution for cabling; this looks like metal poles that would have network cables inside. Screen filters used on a desktop could prevent someone from reading the screen.
  • Faraday cage: This is a metal structure like a metal mesh used to house chickens. The cage prevents wireless or cellular phones from working inside the company. This could be built into the structure of a room used as a secure area.
  • Key management: This is where departmental keys are signed out and signed back in daily to prevent someone taking the keys away and cutting copies of them.
  • Proximity card: These are contactless devices where a smart card or token is put near the proximity card to gain access to a door or building.
  • Tokens: Tokens are small physical devices where you either touch the proximity card to enter a restricted area of a building. Some tokens allow you to open and lock doors by pressing the middle of the token itself; others display a code for a number of seconds before it expires.
  • Environmental controlsHeating, ventilation, and Air-Conditioning (HVAC), and fire-suppression systems are also security controls. In a data center or a server room, the temperature needs to be kept cool or the servers inside will overheat and fail.

Note

HVAC systems help provide availability to servers in the data center, ensuring they don't overheat.

  • AirGap: This is where a device is on your network, but it has a device between it and the other devices on your network. For example, you may want to isolate a computer that can complete a BACS transfer from the other computers in the finance department.
  • Motion detection/cameras: These could be deemed physical controls, but the exam is focused on these being deterrent controls. Log files also note the events and could also be deemed a physical control, but the exam deems them to be detective controls.
  • Barricades: Barricades can be erected across roads to stop traffic entering your site, but will not stop someone getting out of a car and jumping over them. You will need to use them in conjunction with security guards to fully protect your site.
  • Bollards: Bollards are becoming very common as they control access by cars and stop them ramming through a front door. They stop ram raiders from stealing a cash machine or crashing into a jeweler's shop. They can be made from steel or concrete and are placed about four feet apart. In some countries, they are installed to prevent car bombers driving their vehicle into a group of people, maybe inside a shopping mall.

Preventative controls

Preventative controls are in place to deter any attack; this could be having a security guard with a large dog walking around the perimeter of your company. This would make someone trying to break in think twice:

  • Disable user accounts: When someone leaves a company, the first thing that happens is that their account is disabled, as we don't want to lose information that they have access to, and then we change the password so that they cannot access it. We may disable an account while people are on secondment or maternity leave.
  • Operating system hardening: This makes a computer's operating system more secure. It often requires numerous actions such as configuring system and network components properly, turning off features and services that it does not use, and applying the latest software and antivirus updates.

Deterrent controls

Deterrent controls could be CCTV and motions sensors. When someone is walking past a building and the motion sensors detect them, it turns lights on to deter them.

A building with a sign saying that it is being filmed with CCTV prevents someone from breaking into your premises, as they think they are being filmed, even though there may not be a camera inside—but they don't know that.

Note

CCTV and motion sensors as deterrents. CCTV is a form of detective control following an incident, where you review the footage to see how the incident happened.

Detective controls

Detectivecontrols are used to investigate an incident that has happened and needs to be investigated; these could include the following:

  • CCTV records events as they happen and from that you can see who has entered a particular room or has climbed through a window at the rear of a building.
  • Log files are text files that record events and the times that they occurred; they can log trends and patterns over a period of time. For example, servers, desktops, and firewalls are all events. Once you know the time and date of an event, you can gather information from various log files.

Corrective controls

Corrective controls are the actions you take to recover from an incident. You may lose a hard drive that contained data; in that case, you would replace the data from a backup you had previously taken.

Fire-suppression systems are another form of corrective control. You may have had a fire in your data center that has destroyed many servers, therefore when you purchase a replacement, you may install an oxygen-suppressant system. This method uses argon/nitrogen and sometimes a small element of CO2 to displace the oxygen in the server room. The basis of this method is to reduce the oxygen level to below 15% because it will suppress a fire.

Compensating controls

Compensating controls can be called alternative controls; this is a mechanism that is put in place to satisfy the requirements of a security measure that is deemed too difficult or impractical to implement at the present time. It is similar to when you go shopping and you have $100 in cash—once you have spent your cash, you will have to use a credit card as a compensating control.

An example of this is where a new person has just been employed by the company where the normal way to log in is to use a smart card and PIN. This resembles a bank card with a chip where you insert it into your laptop or keyboard and then insert a PIN to log in. Maybe it takes 3-5 days to get a new smart card, so during the waiting period, they may log in using a username and password:

Access controls

The three main parts of access controls are identifying an individual, authenticating them when they insert a password or PIN, and then authorization, where an individual has different forms of access to different data. For example, someone working in finance will need a higher level of security clearance and have to access different data than the person who dispatched an order in finished goods:

  • Identification: This is similar to everyone who has their own bank account; the account is identified by the account details on the bank card. Identification in a security environment may involve having a user account, a smart card, or maybe a fingerprint reader—this is unique to that individual.
  • Authentication: Once the individual inserts their method of identification, they next to be authenticated, for example, by inserting a password or a PIN.
  • Authorization: This is the level of access you have to selective data. You are normally a member of certain groups, for example, a sales manager could access data from the sales group and then access data from the managers group. You will only be given the minimum amount of access required to perform your job; this is known as least privilege.

Discretionary access control

Discretionary access control involves New Technology File System (NTFS) file permissions, which are used in Microsoft operating systems. The user is only given the access that he/she needs to perform their job.

The permissions are as follows:

  • Full control: Full access
  • Modify: Change data, read, and read and execute
  • Read and execute: Read the file and run a program if one is inside it
  • List folder contents: Expand a folder to see the subfolders inside it
  • Read: Read the contents
  • Write: Allows you to write to the file
  • Special permissions: Allows granular access; for example, it breaks each of the previous permissions into a more granular level
  • Data creator/owner: The person that creates the unclassified data is called the owner and they are responsible for checking who has access to that data:

Least privilege

Least privilege is where you give someone only the limited access level required so that they can perform their job role; this is known as the need to know basis. The company will write a least privilege policy so that the administrators know how to manage it.

Mandatory access control

Mandatory Access Control (MAC) is based on the classification level of the data. This looks at how much damage they could cause to the interest of the nation. These are as follows:

  • Top secret: Highest level, exceptional grave damage
  • Secret: Cause serious damage
  • Confidential: Cause damage
  • Restricted: Undesirable effects

Examples of Mandatory Access Control (MAC):

Data types

Classification

Nuclear energy project

Top secret

Research and development

Secret

Ongoing legal issues

Confidential

Government payroll

Restricted

  • Custodian: The custodian is the person who stores and manages classified data.
  • Security administrator: The security administrator is the person who gives access to classified data once clearance has been approved.
  • Security enhanced Linux: SELinux is a project that was created with the intention of providing stricter security measures for access control and user permits, processes, files, and devices in Linux systems. The National Security Agency (NSA) in the United States published this as an open code under the GNU PNL license. This project was integrated in Linux's (LSM) security modules from the 2.6.0 version of the Linux kernel that was published in 2003.

Linux permissions (not SELinux)

File permissions: Linux permissions come in a numerical format; the first number represents the owner, the second number represents the group, and the third number represents all other users:

  • Permissions:
    • Owner: First number
    • Group: Second number
    • All other users: Third number
  • Numerical values:
    • 4: Read (r)
    • 2: Write (w)
    • 1: Execute (x)

Unlike a Windows permission that will execute an application, the execute function in Linux allows you to view or search.

A permission of 6 would be read and write. A value of 2 would be write, and a value of 7 would be read, write, and execute. Some examples are as follows:

  • Example 1: If I have 764 access to File A, this could be broken down as:
    • Owner: Read, write, and execute
    • Group: Read
    • All other users: Read
  • Example 2: Determine which of the following permissions to File B is the highest and which is the lowest:
    • 776 File B, also shown as ­_rwx _rwx _rw
    • 677 File B
    • 777 File B
    • 577 File B
    • 576 File B

When selecting the highest, you look at the value on the left, therefore the highest is the value of 777 is full control.

When selecting the lowest, you look at the lowest value on the left. There are two options here: d and e start with the lowest number, and then you look at the others. From here, you can see that answer e is the lowest.

Note

The higher the number, the higher the permissions; the lowest number is the one with the lesser permissions.

You can also change permissions in Linux: If the permission to File C is 654 and we wish to change the permissions, we will run the Chmod 777 File A command, which changes the permissions to File C.

 

Role-based access control

This is a subset of duties within a department. An example would be two people with the finance department who only handle the petty cash. In IT, terms it could be that only two of the IT team administer the email server.

Rule-based access control

In Rule-Based Access Control (RBAC), a rule is applied to all of the people within, for example, contractors will only have access between 8 a.m. and 5 p.m., and the help desk people will only be able to access Building 1, where their place of work is. It can be time-based or have some sort of restriction, but it applies to the whole department.

Attribute-based access control

In Attribute-Based Access Control (ABAC), access is restricted based on an attribute in the account. John could be an executive and some data could be restricted to only those with the executive attribute.

Group-based access

To control access to data, people may be put into groups to simplify access. An example would be if there were two people who worked in Information Technology (IT) who needed access to the older IT data. These people are called Bill and Ben:

Everyone in the sales team may have full control of the sales data by using group-based access, but you may need two new starters to have only read access. In this case, you would create a group called new starters and give those people inside that group only read permission to the data.

 

Note

If access to data is done via group-based access, then any solution in the exam will be a group-based answer.

Hashing and data integrity


  • Hashing: It is where the data inside a document is hashed using an algorithm such as Secure Hash Algorithm version 1 (SHA1) and Message Digest version 5 (MD5). This turns the data inside the file to a long text string known as a hash value; this is also known as a message digest.
  • Hashing the same data: If you copy a file and therefore have two files containing the same data, and if you hash them with the same hashing algorithm, it will always produce the same hash value. Please look at the example that follows.
  • Verifying integrity: During forensic analysis, the scientist takes a copy of the data prior to investigation. To ensure that he/she has not tampered with it during investigation, he/she will hash the data before starting and then compare the hash to the data when he/she has finished. If the hash matches, then we know that the integrity of the data is intact.
  • One-way function: For the purpose of the exam, hashing is a one-way function and cannot be reversed.
  • HMAC authentication: In cryptography, an HMAC (sometimes known as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of Message Authentication Code (MAC) involving a cryptographic hash function and a secret cryptographic key. We can have HMAC-MD5 or HMAC-SHA1; the exam provides both data integrity and data authentication.
  • Digital signature: This is used to verify the integrity of an email so that you know it has not been tampered with in transit. The private certificate used to sign the email that creates a one-way hash function and when it arrives at its destination the recipient has already been given a public key to verify that it has not been tampered with in transit. This will be covered more in-depth later in this book.

Can you read data that has been hashed? Hashing does not hide the data as a digitally signed email could still be read—it only verifies integrity. If you wish to stop someone reading the email in transit, you need to encrypt it.

  •  RACE Integrity Primitives Evaluation Message Digest (RIPEMD): This is a 128-bit hashing function. RIPEMD (https://en.wikipedia.org/wiki/RACE_(Europe) has been replaced by RIPEMD-160, RIPEMD-256, and RIPEMD-320. For the purpose of the exam, you need to know that it can be used to hash data.

Hash practical

The reason that we hash a file is to verify its integrity so that we know if someone has tampered with it.

Hash exercise

In this exercise, we have a file called data.txt. First of all, I use a free MD5 hashing tool and browse to the data.txt file, which generates a hash value. I have also created a folder called Move data to here:

  1. Get the original hash:
  1. Copy the hash from the current hash value to the original hash value.
  1. Copy the data.txt file to the Move data to here folder, then go to the MD5 hash software and browse to the data.txt file in the new location, then press verify. The values should be the same as shown here:

The values are the same, therefore we know the integrity of the data is intact and has not been tampered with during moving the readme.txt file.

  1. Next, we go into the data.txt file and change a single character, add an extra dot at the end of a sentence, or even enter a space that cannot be seen. We then take another hash of the data and we will then see that the hash value is different and does not match; this means that the data has been tampered with:

Defense in depth model


Defense in depth is the concept of protecting a company's data with a series of defensive layers so that if one layers fails, another layer will already be in place to thwart an attack. We start with our data, then we encrypt it to protect it:

  • The data is stored on a server
  • The data has file permissions
  • The data is encrypted
  • The data is in a secure area of the building
  • There is a security guard at the building entrance checking identification
  • There is CCTV on the perimeter
  • There is a high fence on the perimeter

Therefore, before someone can steal the data, they have seven layers of security that they must pass through. The concept of defense in depth is that if one layer fails, then the next layer protects:

Review questions


  1. What are the three components of the CIA triad?
  2. Why might a CCTV camera be sited outside a building without any film inside?
  3. What does confidentiality mean?
  4. How can we protect a data center from people entering it?
  5. What is the purpose of an airgap?
  6. Name three administrative controls.
  7. Name three physical controls.
  8. Following an incident, what type of control will be used when researching how the incident happened?
  9. How do I know if the integrity of my data is intact?
  1. What is a corrective control?
  2. What is the purpose of hashing?
  3. If i hash the same data with different SHA1 applications, what will the output be?
  4. What two things does HMAC provide?
  5. What type of control is it when I change the firewall rules?
  6. What is used to log into a system that works in conjunction with a PIN?
  7. What is the name of the person who looks after classified data and who is the person that gives people access to the classified data?
  8. When you use a DAC model for access, who determines who gains access to the data?
  9. What is least privilege?
  10. What access control method does SELinux utilize?
  11. What is the Linux permission of 777? What access does it give you?
  12. What does the Linux permission execute allow me to do?
  13. The sales are allowed to log into the company between 9 a.m. and 10 p.m. What type of access control is being used?
  14. Two people from the finance team are only allowed to authorize the payment of cheques; what type of access control are they using?
  15. What is the purpose of the defense in depth model?
  16. When someone leaves the company what is the first thing we should do with their user account?

Answers and explanations


  1. Confidentiality means only allowing those authorized to access data gain access. Integrity means that data has not been tampered with. Availability means that data is available when you need it, for example purchasing an airline ticket.
  2. We could place a CCTV camera in a prominent location as a deterrent, people walking past cannot tell if it has film or not, we are using it as a deterrent.
  3. Confidentiality means that we are limiting access to data to only those who should have access.
  4. To stop people entering a datacenter, we would install a mantrap a turnstile device so that we can control who accessed the datacenter one at a time.
  5. An airgap is what it says on the tin, it is a gap between your network and a machinee would use an airgap maybe between Research and Development Machine and the corporate network.
  6. Administrative controls could be writing a new Policy to make the company run smooth; we may have just implemented change management. You could implement a new form to ensure that all of the data required for an application is supplied. We could run an annual security awareness training day, complete risk assessment, or penetration testing.
  7. Physical control is huge. Remember that these can be physically touched. You can choose three from: cable locks, laptop safe, biometric locks, fences, gates, burglar alarms, fire alarms, lights, security guards, bollards, barricades, a faraday cage, key management, proximity cards, tokens, HVAC, an airgap, motions sensors, and cameras and biometric devices such as an iris scanner.
  8. If we investigate an incident, we need to collect all of the facts about the incident; this is a detective control. Think of a detective such as Sherlock Holmes who is always investigating mysteries.
  9. If we hash the data before and after, and the hash value remains the same, then integrity of the data is intact. If the second hash is different, the data has been tampered with.
  10. Corrective control is a one-way function where an incident has happened and we want to redeem the situation. For example, if the hard drive on my laptop fails, then I will purchase a new hard drive, put it into my laptop, install the operating systems and application, then obtain a copy of my data from a backup.

 

  1. Hashing is a technique that lets you know if data has been tampered with, but it does not hide the data.
  2. If the same data is hashed with two different applications that can hash data with SHA1, then the hash value will be the same.
  3. HMAC provides data integrity and data authentication. You can use HMAC-SHA1 or HMAC-MD5.
  4. If I change firewall rules, I am doing this to reduce risk; it is carried out by administrators, therefore it is a technical control.
  5. A smart card is a credit card-type device that has a chip built in; once inserted into the keyboard or USB card reader, you will then be asked to enter a PIN.
  6. The person who stores and manages classified data is called the custodian. The person who gives access to the classified data is the security administrator. Prior to getting access to the data, the person may well be vetted.
  7. In the DAC model, the data is unclassified and the data creator who is also called the owner will decide who gains access to the data.
  8. Least privilege is a technique that says that people should only get the limited access to data that they need to perform their job.
  9. SELinux uses the MAC model to access data. This is the secure version of Linux.
  10. In Linux 777 give the owner who is the first digit, the group that is the send digit and all users who are the third group read, write, and execute. It could also be should a rwx.
  11. The Linux permission for execute (x) allows you to search for or view data.
  12. An access control method that applies either a time restriction or location restriction is called rule-based access.
  13. A subset of a department with access to a subset of duties is called role-based access.
  14. The defense in depth model has many different layers; the idea behind this is if one layer is broken through, the next layer will provide protection.
  15. When someone leaves the company, we should disable their account so that the keys associated with it are still available. The next stage is to change the password so nobody can access it, especially the person who has just left.
Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Learn cryptography and various cryptography algorithms for real-world implementations
  • Discover security policies, plans, and procedures to protect your security infrastructure
  • Written by Ian Neil, one of the world’s top CompTIA Security+ (SY0-501) trainer

Description

CompTIA Security+ is a worldwide certification that establishes the fundamental knowledge required to perform core security functions and pursue an IT security career. CompTIA Security+ Certification Guide is a best-in-class exam study guide that covers all of CompTIA Security+ 501 exam objectives. It is authored by Ian Neil, who is a world-class trainer of CompTIA Security+ 501. Packed with self-assessment scenarios and realistic exam questions, this guide will help you master the core concepts to succeed in the exam the first time you take it. Using relevant examples, you will learn all the important security fundamentals from Certificates and Encryption to Identity and Access Management concepts. You will then dive into the important domains of the exam; namely, threats, attacks and vulnerabilities, technologies and tools, architecture and design, risk management, and cryptography and Public Key Infrastructure (PKI). This book comes with over 600 practice questions with detailed explanation that is at the exam level and also includes two mock exams to help you with your study plan. This guide will ensure that encryption and certificates are made easy for you.

Who is this book for?

This book is designed for anyone who is seeking to pass the CompTIA Security+ SY0-501 exam. It is a stepping stone for anyone who wants to become a security professional or move into cyber security. This certification guide assumes no prior knowledge of the product.

What you will learn

  • Get to grips with security fundamentals from Certificates and Encryption to Identity and Access Management
  • Secure devices and applications that are used by your company
  • Identify the different types of malware and virus and take appropriate actions to protect against them
  • Protect your environment against social engineering and advanced attacks
  • Implement PKI concepts
  • Learn about secure coding techniques, quality control, and testing
  • Troubleshoot common security issues

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Sep 29, 2018
Length: 532 pages
Edition : 1st
Language : English
ISBN-13 : 9781789346688

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Sep 29, 2018
Length: 532 pages
Edition : 1st
Language : English
ISBN-13 : 9781789346688

Packt Subscriptions

See our plans and pricing
Modal Close icon
$12.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 6,500+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$129.99 billed annually
Feature tick icon Unlimited access to Packt's library of 6,500+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$179.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 6,500+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 120.97
CompTIA Linux+ Certification Guide
$43.99
CompTIA Security+ Certification Guide
$32.99
CompTIA Network+ Certification Guide
$43.99
Total $ 120.97 Stars icon
Visually different images

Table of Contents

13 Chapters
Understanding Security Fundamentals Chevron down icon Chevron up icon
Conducting Risk Analysis Chevron down icon Chevron up icon
Implementing Security Policies and Procedures Chevron down icon Chevron up icon
Delving into Identity and Access Management Chevron down icon Chevron up icon
Understanding Network Components Chevron down icon Chevron up icon
Understanding Cloud Models and Virtualization Chevron down icon Chevron up icon
Managing Hosts and Application Deployment Chevron down icon Chevron up icon
Protecting Against Attacks and Vulnerabilities Chevron down icon Chevron up icon
Implementing the Public Key Infrastructure Chevron down icon Chevron up icon
Responding to Security Incidents Chevron down icon Chevron up icon
Managing Business Continuity Chevron down icon Chevron up icon
Mock Exam 1 Chevron down icon Chevron up icon
Mock Exam 2 Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6
(90 Ratings)
5 star 85.6%
4 star 2.2%
3 star 4.4%
2 star 4.4%
1 star 3.3%
Filter icon Filter
Top Reviews

Filter reviews by




Gordo Aug 02, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The test questions are not the exact questions you'll get on the exam, especially since CompTIA rotates their questions. But they will 100% prepare you for the way the questions are set and what kind of questions to expect. It's a great way to gauge how far along you are with learning the subject matter and able to decipher those tricky or at least narrow down your choices for a better chance of picking the right answer.
Amazon Verified review Amazon
Guillaume Ebe Jun 22, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Excellent book! Read entire book. Then took the test with confidence and passed.Thank you Ian!
Amazon Verified review Amazon
Richard L. West Jr. Jan 24, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I seem to retain the info in here more so than a couple of the video instructions I was following. Although I was able to dedicate less distracted time too it (coffee shop instead of at work with videos)Seems to be well organized, and easier to grasp with a good amount of practice questions at the end of each chapter to help integrate the information a little better...
Amazon Verified review Amazon
M. Cantlin Feb 28, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I like this book, it helps study for my certification. It gives me all the infomation I need to pass the exam.
Amazon Verified review Amazon
Nick J. Aug 16, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I was studying to take the Security+ exam with this book having very little IT background beforehand and came across this on Amazon. Needless to say I passed my exam with flying colors. The material in this book was easy to understand and put into terms that were relatable to the average person. I highly recommend this book if you plan on taking this certification!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.