| Foreword |
|
xvii | |
| Introduction |
|
xix | |
| Domain 1 Access Controls |
|
1 | (70) |
|
|
|
3 | (1) |
|
|
|
3 | (8) |
|
Applying Logical Access Control in Terms of Subjects |
|
|
4 | (5) |
|
Applying Logical Access Control in Terms of Objects or Object Groups |
|
|
9 | (2) |
|
Implementing Access Controls |
|
|
11 | (12) |
|
Discretionary Access Control |
|
|
11 | (3) |
|
Role-Based Access Controls |
|
|
14 | (7) |
|
Nondiscretionary Access Control |
|
|
21 | (1) |
|
|
|
21 | (1) |
|
Attribute-Based Access Control |
|
|
22 | (1) |
|
Security Architecture and Models |
|
|
23 | (4) |
|
Bell-LaPadula Confidentiality Model |
|
|
23 | (1) |
|
Biba and Clark-Wilson Integrity Models |
|
|
24 | (2) |
|
|
|
26 | (1) |
|
Implementing Authentication Mechanisms-Identification, Authentication, Authorization, and Accountability |
|
|
27 | (32) |
|
Identification (Who Is the Subject?) |
|
|
27 | (2) |
|
Authentication (Proof of Identity) |
|
|
29 | (22) |
|
|
|
51 | (4) |
|
Authentication Using Kerberos |
|
|
55 | (3) |
|
User/Device Authentication Policies |
|
|
58 | (1) |
|
Comparing Internetwork Trust Architectures |
|
|
59 | (2) |
|
|
|
59 | (1) |
|
|
|
60 | (1) |
|
|
|
60 | (1) |
|
|
|
60 | (1) |
|
|
|
61 | (1) |
|
|
|
62 | (1) |
|
|
|
62 | (1) |
|
|
|
62 | (1) |
|
Administering the Identity Management Lifecycle |
|
|
62 | (1) |
|
|
|
62 | (1) |
|
|
|
63 | (1) |
|
|
|
63 | (1) |
|
|
|
63 | (1) |
|
|
|
63 | (1) |
|
|
|
63 | (1) |
|
|
|
64 | (3) |
|
|
|
67 | (4) |
| Domain 2 Security Operations |
|
71 | (114) |
|
|
|
73 | (1) |
|
|
|
74 | (3) |
|
|
|
74 | (1) |
|
|
|
75 | (1) |
|
Applying a Code of Ethics to Security Practitioners |
|
|
76 | (1) |
|
Security Program Objectives: The C-I-A Triad and Beyond |
|
|
77 | (41) |
|
|
|
77 | (1) |
|
|
|
78 | (1) |
|
|
|
79 | (1) |
|
|
|
80 | (1) |
|
|
|
80 | (2) |
|
|
|
82 | (1) |
|
Designing a Security Architecture |
|
|
82 | (13) |
|
Secure Development and Acquisition Lifecycles |
|
|
95 | (6) |
|
System Vulnerabilities, Secure Development, and Acquisition Practices |
|
|
101 | (3) |
|
|
|
104 | (2) |
|
|
|
106 | (12) |
|
Disclosure Controls: Data Leakage Prevention |
|
|
118 | (59) |
|
|
|
119 | (2) |
|
|
|
121 | (1) |
|
|
|
121 | (9) |
|
Implementation and Release Management |
|
|
130 | (2) |
|
Systems Assurance and Controls Validation |
|
|
132 | (1) |
|
Change Control and Management |
|
|
132 | (3) |
|
|
|
135 | (4) |
|
Security Impact Assessment |
|
|
139 | (1) |
|
System Architecture/Interoperability of Systems |
|
|
139 | (1) |
|
|
|
140 | (2) |
|
Monitoring System Integrity |
|
|
142 | (1) |
|
Security Awareness and Training |
|
|
142 | (4) |
|
Interior Intrusion Detection Systems |
|
|
146 | (6) |
|
Building and Inside Security |
|
|
152 | (14) |
|
Securing Communications and Server Rooms |
|
|
166 | (3) |
|
Restricted and Work Area Security |
|
|
169 | (1) |
|
|
|
170 | (7) |
|
|
|
177 | (1) |
|
|
|
178 | (3) |
|
|
|
181 | (4) |
| Domain 3 Risk Identification, Monitoring, And Analysis |
|
185 | (100) |
|
|
|
187 | (1) |
|
Introduction to Risk Management |
|
|
187 | (21) |
|
|
|
187 | (16) |
|
Security Auditing Overview |
|
|
203 | (5) |
|
|
|
208 | (1) |
|
|
|
208 | (1) |
|
Presentation of Audit Findings |
|
|
208 | (1) |
|
|
|
208 | (1) |
|
Security Assessment Activities |
|
|
209 | (30) |
|
Vulnerability Scanning and Analysis |
|
|
209 | (15) |
|
|
|
224 | (15) |
|
Operating and Maintaining Monitoring Systems |
|
|
239 | (27) |
|
Security Monitoring Concepts |
|
|
239 | (6) |
|
|
|
245 | (1) |
|
|
|
246 | (1) |
|
|
|
247 | (1) |
|
|
|
247 | (2) |
|
|
|
249 | (8) |
|
|
|
257 | (1) |
|
Security Analytics, Metrics, and Trends |
|
|
258 | (2) |
|
|
|
260 | (1) |
|
|
|
261 | (5) |
|
Communication of Findings |
|
|
266 | (1) |
|
Going Hands-on-Risk Identification Exercise |
|
|
266 | (13) |
|
Virtual Testing Environment |
|
|
267 | (1) |
|
|
|
268 | (11) |
|
|
|
279 | (1) |
|
|
|
280 | (3) |
|
|
|
283 | (2) |
| Domain 4 Incident Response And Recovery |
|
285 | (60) |
|
|
|
287 | (1) |
|
|
|
287 | (32) |
|
|
|
289 | (7) |
|
|
|
296 | (10) |
|
Containment, Eradication, and Recovery |
|
|
306 | (2) |
|
|
|
308 | (11) |
|
Recovery and Business Continuity |
|
|
319 | (21) |
|
Business Continuity Planning |
|
|
319 | (7) |
|
Disaster Recovery Planning |
|
|
326 | (4) |
|
|
|
330 | (3) |
|
Plan Review and Maintenance |
|
|
333 | (7) |
|
|
|
340 | (1) |
|
|
|
341 | (3) |
|
|
|
344 | (1) |
| Domain 5 Cryptography |
|
345 | (102) |
|
|
|
346 | (1) |
|
|
|
347 | (43) |
|
Key Concepts and Definitions |
|
|
347 | (3) |
|
|
|
350 | (5) |
|
|
|
355 | (1) |
|
|
|
356 | (5) |
|
Encryption and Decryption |
|
|
361 | (1) |
|
|
|
361 | (15) |
|
|
|
376 | (5) |
|
|
|
381 | (1) |
|
|
|
382 | (1) |
|
Message Authentication Code |
|
|
382 | (1) |
|
|
|
383 | (1) |
|
|
|
383 | (1) |
|
|
|
384 | (1) |
|
Methods of Cryptanalytic Attack |
|
|
385 | (5) |
|
Data Sensitivity and Regulatory Requirements |
|
|
390 | (27) |
|
Legislative and Regulatory Compliance |
|
|
390 | (4) |
|
|
|
394 | (1) |
|
Public Key Infrastructure (PKI) |
|
|
395 | (2) |
|
Fundamental Key Management Concepts |
|
|
397 | (7) |
|
Management and Distribution of Keys |
|
|
404 | (9) |
|
|
|
413 | (4) |
|
Going Hands-on with Cryptography-Cryptography Exercise |
|
|
417 | (22) |
|
|
|
417 | (1) |
|
|
|
418 | (13) |
|
Key Exchange and Sending Secure E-mail |
|
|
431 | (8) |
|
|
|
439 | (1) |
|
|
|
439 | (1) |
|
|
|
440 | (3) |
|
|
|
443 | (4) |
| Domain 6 Networks And Communications Security |
|
447 | (130) |
|
|
|
449 | (1) |
|
Security Issues Related to Networks |
|
|
449 | (47) |
|
|
|
450 | (10) |
|
|
|
460 | (7) |
|
Network Topographies and Relationships |
|
|
467 | (10) |
|
Commonly Used Ports and Protocols |
|
|
477 | (19) |
|
Telecommunications Technologies |
|
|
496 | (7) |
|
|
|
496 | (3) |
|
|
|
499 | (1) |
|
|
|
500 | (1) |
|
|
|
501 | (1) |
|
Attacks and Countermeasures |
|
|
501 | (2) |
|
|
|
503 | (19) |
|
|
|
507 | (2) |
|
|
|
509 | (4) |
|
|
|
513 | (1) |
|
|
|
513 | (2) |
|
|
|
515 | (1) |
|
Open Protocols, Applications, and Services |
|
|
516 | (1) |
|
|
|
517 | (5) |
|
|
|
522 | (1) |
|
|
|
522 | (8) |
|
Separation of Data Plane and Control Plane |
|
|
522 | (1) |
|
|
|
523 | (3) |
|
Media Access Control Security (IEEE 802.1AE) |
|
|
526 | (1) |
|
|
|
527 | (3) |
|
Network-Based Security Devices |
|
|
530 | (25) |
|
Network Security Objectives and Attack Modes |
|
|
531 | (3) |
|
|
|
534 | (3) |
|
Network Intrusion Detection/Prevention Systems |
|
|
537 | (7) |
|
IP Fragmentation Attacks and Crafted Packets |
|
|
544 | (3) |
|
|
|
547 | (4) |
|
|
|
551 | (4) |
|
|
|
555 | (8) |
|
Wireless Technologies, Networks, and Methodologies |
|
|
555 | (3) |
|
Transmission Security and Common Vulnerabilities and Countermeasures |
|
|
558 | (5) |
|
|
|
563 | (1) |
|
|
|
564 | (4) |
|
|
|
568 | (9) |
| Domain 7 Systems And Application Security |
|
577 | (192) |
|
|
|
580 | (1) |
|
Identifying and Analyzing Malicious Code and Activity |
|
|
580 | (1) |
|
CIA Triad: Applicability to Malcode |
|
|
581 | (30) |
|
Malcode Naming Conventions and Types |
|
|
582 | (16) |
|
Malicious Code Countermeasures |
|
|
598 | (13) |
|
|
|
611 | (19) |
|
|
|
614 | (1) |
|
How to Do It for Yourself: Using the Social Engineer Toolkit (SET) |
|
|
615 | (4) |
|
|
|
619 | (1) |
|
|
|
619 | (3) |
|
|
|
622 | (1) |
|
|
|
623 | (1) |
|
Password-Protected ZIP Files/RAR |
|
|
624 | (1) |
|
|
|
624 | (1) |
|
|
|
624 | (2) |
|
|
|
626 | (2) |
|
Insider Hardware and Software Threats |
|
|
628 | (2) |
|
Spoofing, Phishing, Spam, and Botnets |
|
|
630 | (8) |
|
|
|
630 | (1) |
|
|
|
631 | (2) |
|
|
|
633 | (2) |
|
|
|
635 | (3) |
|
|
|
638 | (8) |
|
Cross-Site Scripting (XSS) Attacks |
|
|
639 | (1) |
|
Zero-Day Exploits and Advanced Persistent Threats (APTs) |
|
|
639 | (2) |
|
|
|
641 | (2) |
|
|
|
643 | (1) |
|
|
|
643 | (1) |
|
|
|
644 | (1) |
|
Rogue Products and Search Engines |
|
|
645 | (1) |
|
Infected Factory Builds and Media |
|
|
645 | (1) |
|
Web Exploitation Frameworks |
|
|
645 | (1) |
|
|
|
646 | (3) |
|
|
|
646 | (1) |
|
Man-in-the-Middle Malcode |
|
|
647 | (2) |
|
|
|
649 | (17) |
|
Malicious Activity Countermeasures |
|
|
652 | (3) |
|
Third-Party Certifications |
|
|
655 | (1) |
|
|
|
656 | (1) |
|
Questionable Behavior on a Computer |
|
|
656 | (2) |
|
|
|
658 | (1) |
|
Inspection of the Windows Registry |
|
|
659 | (1) |
|
How to Do It for Yourself: Installing Strawberry Perl in Windows 7 or Windows 8 |
|
|
659 | (2) |
|
Inspection of Common File Locations |
|
|
661 | (5) |
|
Behavioral Analysis of Malcode |
|
|
666 | (21) |
|
|
|
669 | (8) |
|
Testing Remote Websites Found in Network Log Files |
|
|
677 | (6) |
|
Testing of Samples in Virtualized Environments |
|
|
683 | (3) |
|
Free Online Sandbox Solutions |
|
|
686 | (1) |
|
Interactive Behavioral Testing |
|
|
687 | (1) |
|
|
|
687 | (4) |
|
|
|
687 | (2) |
|
|
|
689 | (2) |
|
Implementing and Operating End-Point Device Security |
|
|
691 | (5) |
|
Host-Based Intrusion Detection System |
|
|
691 | (1) |
|
|
|
692 | (1) |
|
|
|
692 | (1) |
|
|
|
693 | (1) |
|
|
|
693 | (1) |
|
|
|
694 | (1) |
|
|
|
695 | (1) |
|
Operating and Configuring Cloud Security |
|
|
696 | (23) |
|
The Five Essential Characteristics of Clouds |
|
|
696 | (1) |
|
|
|
697 | (2) |
|
|
|
699 | (3) |
|
|
|
702 | (2) |
|
Legal and Privacy Concerns |
|
|
704 | (5) |
|
Classification of Discovered Sensitive Data |
|
|
709 | (1) |
|
Mapping and Definition of Controls |
|
|
710 | (1) |
|
Application of Defined Controls for Personally Identifiable Information (PII) |
|
|
711 | (1) |
|
Data Storage and Transmission |
|
|
712 | (4) |
|
|
|
716 | (1) |
|
Technologies Available to Address Threats |
|
|
716 | (1) |
|
|
|
716 | (3) |
|
|
|
719 | (7) |
|
Sample Use Cases for Encryption |
|
|
720 | (1) |
|
Cloud Encryption Challenges |
|
|
720 | (2) |
|
|
|
722 | (1) |
|
|
|
722 | (2) |
|
|
|
724 | (2) |
|
Encryption Alternatives and Other Data Protection Technologies |
|
|
726 | (12) |
|
Data Masking/Data Obfuscation |
|
|
726 | (1) |
|
|
|
727 | (1) |
|
|
|
728 | (1) |
|
Third-Party/Outsourcing Implications |
|
|
729 | (1) |
|
|
|
729 | (1) |
|
Data Deletion Procedures and Mechanisms |
|
|
730 | (1) |
|
Data Archiving Procedures and Mechanisms |
|
|
731 | (1) |
|
|
|
732 | (3) |
|
Data Event Logging and Event Attributes |
|
|
735 | (1) |
|
Storage and Analysis of Data Events |
|
|
736 | (2) |
|
Securing Big Data Systems |
|
|
738 | (2) |
|
Operating and Securing Virtual Environments |
|
|
740 | (10) |
|
Software-Defined Network (SDN) |
|
|
741 | (1) |
|
|
|
741 | (1) |
|
Continuity and Resilience |
|
|
742 | (1) |
|
Attacks and Countermeasures |
|
|
743 | (1) |
|
Security Virtualization Best Practices |
|
|
744 | (6) |
|
|
|
750 | (1) |
|
|
|
750 | (7) |
|
|
|
757 | (12) |
| Appendix A: Answers To Sample Questions |
|
769 | (62) |
|
Domain 1: Access Controls |
|
|
770 | (7) |
|
Domain 2: Security Operations |
|
|
777 | (8) |
|
Domain 3: Risk, Identification, Monitoring, and Analysis |
|
|
785 | (8) |
|
Domain 4: Incident Response and Recovery |
|
|
793 | (5) |
|
|
|
798 | (7) |
|
Domain 6: Networks and Communications Security |
|
|
805 | (9) |
|
Domain 7: Systems and Application Security |
|
|
814 | (17) |
| Appendix B: DNSSEC Walkthrough |
|
831 | (10) |
|
Hardware and Software Requirements |
|
|
832 | (1) |
|
|
|
832 | (1) |
|
|
|
832 | (3) |
|
Creating a Domain Administrator Account |
|
|
834 | (1) |
|
Configuring the sec.isc2.com DNS Zone |
|
|
834 | (1) |
|
Enabling Remote Desktop on DC1 |
|
|
835 | (1) |
|
|
|
835 | (2) |
|
Installing the OS and Configuring TCP/IP on DC1 |
|
|
836 | (1) |
|
Installing and Configuring DNS on DNS1 |
|
|
836 | (1) |
|
Signing a Zone on DC1 and Distributing Trust Anchors |
|
|
837 | (4) |
|
Distributing a Trust Anchor to DNS1 |
|
|
838 | (1) |
|
|
|
838 | (1) |
|
Querying a Signed Zone with DNSSEC Validation Required |
|
|
838 | (1) |
|
|
|
839 | (1) |
|
Resigning the Zone with Custom Parameters |
|
|
840 | (1) |
| Appendix C: Glossary Of Terms Related To The SSCP |
|
841 | (32) |
| Index |
|
873 | |
Lisainfo e-raamatute kohta