ABC Amber CHM Converter Trial version, />
Contents
1. Cover Page
2. LOC
3.
4. General Networking and Security Concepts
5. Lesson 1: The Big Picture
6. Lesson 2: Identifying Threats
7. Lesson 3: Intrusion Points
8. Lesson 4: Defending Against Threats
9. Lesson 5: Organizational and Operational Security
10. TCP/IP Basics
11. Lesson 1: Basic TCP/IP Principles
12. Lesson 2: TCP/IP Layers and Vulnerabilities
13. Certificate Basics
14. Lesson 1: Understanding Cryptography
15. Lesson 2: Using Cryptography
16. Lesson 3: Identifying the Components of a Public Key Infrastructure
17. Lesson 4: Understanding CA Trust Models
18. Lesson 5: Understanding Certificate Life Cycle and Key Management
19. Network Infrastructure Security
20. Lesson 1: Understanding Network Infrastructure Security
21. Lesson 2: Securing Network Cabling
22. Lesson 3: Securing Connectivity Devices
23. Lesson 4: Exploring Secure Topologies
24. Lesson 5: Securing and Monitoring Network Resources
25. Communications Security
26. Lesson 1: Understanding Remote Access Connectivity
27. Lesson 2: Providing Secure Remote Access
28. Lesson 3: Understanding Wireless Standards and Protocols
29. Application Security

30. Lesson 1: E-Mail Security
31. Lesson 2: Web Security
32. Lesson 3: File Transfer
33. User Security
34. Lesson 1: Understanding Authentication
35. Lesson 2: Understanding Access Control Models
36. Security Baselines
37. Lesson 1: Network Device and Operating System Hardening
38. Lesson 2: Server Application Hardening
39. Operational Security
40. Lesson 1: Physical Security
41. Lesson 2: Privilege Management
42. Lesson 3: Removable Media
43. Lesson 4: Protecting Business Continuity
44. Organizational Security
45. Lesson 1: Documentation
46. Lesson 2: Risk Assessment


ABC Amber CHM Converter Trial version, />
47. Lesson 3: Security Education
48. Incident Detection and Response
49. Lesson 1: Attacks and Malicious Code
50. Lesson 2: Intrusion Detection Systems
51. Lesson 3: Incident Response
52. Questions and Answers
53. Ports and Protocol IDs
54. About This eBook

Copyright 2003 by Microsoft Corporation



ABC Amber CHM Converter Trial version, />
PUBLISHED BY
Microsoft Press
A Division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399
Copyright 2003 by Microsoft Corporation
All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form
or by any means without the written permission of the publisher.
Library of Congress Cataloging-in-Publication Data
Security+ Certification Training Kit / Microsoft Corporation.
p. cm.
Includes index.
ISBN 0-7356-1822-4
1. Electronic data processing personnel--Certification. 2. Computer
security--Examinations--Study guides. I. Microsoft Corporation.
QA76.3 .S43
005.8--dc21

2003
2002043072

Printed and bound in the United States of America.
1 2 3 4 5 6 7 8 9 QWT 8 7 6 5 4 3
Distributed in Canada by H.B. Fenn and Company Ltd.
A CIP catalogue record for this book is available from the British Library.
Microsoft Press books are available through booksellers and distributors worldwide. For further
information about international editions, contact your local Microsoft Corporation office or contact

Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at
www.microsoft.com/mspress. Send comments to
ActiveX, Microsoft, Microsoft Press, MSDN, Outlook, Windows, and Windows NT are either
registered trademarks or trademarks of Microsoft Corporation in the United States and/or other
countries. Other product and company names mentioned herein may be the trademarks of their
respective owners.
The example companies, organizations, products, domain names, e-mail addresses, logos, people,
places, and events depicted herein are fictitious. No association with any real company, organization,
product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.


ABC Amber CHM Converter Trial version, />
Acquisitions Editor: Kathy Harding
Project Editor: Jean Trenary
Technical Editor: Bob Dean


About This Book
Welcome to the Security+ Certification Training Kit. This training kit introduces the basic concepts
of computer security. It is designed to prepare you to take the Security+ Certification exam administered
by the Computing Technology Industry Association (CompTIA). The Security+ Certification program
covers the computer security technologies most commonly used today. Passing the Security+
Certification exam means you are certified as possessing the basic knowledge and skills needed to work
in computer security. However, this book is not just about getting you through the exam. The lessons in
these chapters also provide you with knowledge you'll use to create a more secure computing
environment.
Each chapter in this book is divided into lessons. Most lessons include hands-on procedures that allow
you to practice or demonstrate a particular concept or skill. Each lesson ends with a short summary and
a set of review questions to test your knowledge of the lesson material.


Intended Audience
This book is appropriate for anyone who has experience working on computer networks and wants to
learn more about computer security. This book is specifically designed for candidates preparing to take
the CompTIA Security+ examination SY0-101. CompTIA describes the Security+ certified
professional as follows:
"Those holding the Security+ certification have demonstrated the aptitude and ability to master such
knowledge areas as: general security concepts, communications security, infrastructure security, basics
of cryptography, and operational/organizational security."

Prerequisites
No one is prevented from registering for or attempting the Security+ exam. However, you are more
likely to achieve the Security+ certification if you meet certain prerequisites. At a minimum, you should
be capable of installing, configuring, and connecting computers to the Internet before reading this book.
Security+ Certification candidates should also have A+ and Network+ certifications or equivalent
knowledge and skills, in addition to at least two years of experience in computer networking, and a
thorough knowledge of Transmission Control Protocol/Internet Protocol (TCP/IP). This book will make
the most sense to people who meet those criteria.


ABC Amber CHM Converter Trial version, />
Reference Materials
Throughout this book, you will find references to RFC (Request for Comment), NIST (National Institute
for Standards and Technology), and CC (Common Criteria) documents which supplement the topic
being discussed. Unless otherwise noted, these documents can be found at the following Web sites:
CC:
NIST: />RFC:
For your convenience, some key RFC, NIST, and CC documents are included on the Supplemental
Course Materials CD-ROM. These documents are provided as supplemental information. However, we
recommend that you go to the respective Web sites to get the most up-to-date documents if you intend
to use the information to manage your security issues.


About the CD-ROM
The Supplemental Course Materials CD-ROM contains a variety of informational aids that can be used
throughout this book.
• eBook. A complete electronic version of this training kit.
• Preview content. Three preview chapters from the Microsoft Windows
• Security Resource Kit are included on the CD-ROM in the \WinSecureRK folder.
• RFC articles. Included on the CD-ROM in the \RFC folder.
• NIST publications. Included on the CD-ROM in the \NIST folder.
• Common Criteria standards. Included on the CD-ROM in the \CC folder.
• Practice test. To practice taking the certification exam, you can use the practice test provided
on the CD-ROM. The sample questions help you assess your understanding of the concepts
presented in this book.
For additional support information regarding this book and the CD-ROM, visit the Microsoft Press
Technical Support Web site at www.microsoft.com/mspress/support. You can also e-mail
or send a letter to Microsoft Press, Attn: Microsoft Press Technical
Support, One Microsoft Way, Redmond, WA 98052-6399.

Features of This Book
Each chapter has a "Before You Begin" section, which prepares you for completing the chapter.
The chapters are broken into lessons. Some lessons contain practice exercises that give you an
opportunity to use the information presented or to explore the part of the application being described.
The "Lesson Summary" section at the end of each lesson identifies key points discussed in the text.


ABC Amber CHM Converter Trial version, />
eBook uses Microsoft ® Internet Explorer to shrink the images down to fit within the content pane. To
see the larger 1:1 image, simply click on the image. The 1:1 image will open in a separate window. If you
click on more than one image to view the 1:1 image, each image will open in a separate window, and
remain open until that window is closed.

Search
The .CHM format allows full-text searching to better locate the information you need. To conduct a
search, open the eBook and click the Search tab. In the Search Topics text box, type the word or topic
on which you wish to search. Click List Topics to display the search results. To view a search result,
either a) double-click on the result in the Select Topic list, or b) click on the result in the Select Topic
list, and click Display. The topic will then display in the content pane. Search results are ranked by the
number of times the words searched on occur within the topic results. The highest-ranked topic will
include the most references to the search criteria.

For advanced search options, open the drop-down list next to the search input box to clarify multiple
search terms with the parameters AND, OR, NEAR, or NOT.
Favorites
To save a topic for viewing later, select the topic so that it displays in the content pane. Select the
Favorites tab. The topic title, or heading, will appear in the Current Topic box. Click Add and the topic
title will appear in the Topics pane. To view a topic saved in Favorites, select the title, and click Display.
To remove a Favorite topic at any time, select it from the topic pane, and click Remove.
External Links
This eBook may contain links to Web sites outside of the Microsoft domain. All hyperlinks within the
text were valid at the time this eBook was published. Due to the nature of the World Wide Web, we
cannot guarantee that all links to Web sites are still valid after the release date of the eBook.
Accessibility
This eBook utilizes Internet Explorer to display content. Internet Explorer offers many accessibility
features, such as keyboard shortcuts and compatibility with Assistive Technology. To find out more
about accessibility within Internet Explorer, go to www.microsoft.com/enable/products and select the
version of Internet Explorer installed on your computer.
Tell Us What You Think
We need to hear from you regarding your experience with our eBooks. Tell us what you like, don't like;
which features you use, and which features you would like to see in future versions of our eBooks. Send
your comments to Please note that technical support is not offered through this
alias.

About Microsoft Press
Microsoft Press is a division of Microsoft Corporation and the leading source of comprehensive
self-paced learning, training, evaluation, and support resources to help everyone from developers to IT
professionals to end users get the most from Microsoft technology. Choose from hundreds of current


ABC Amber CHM Converter Trial version, />
titles in print, multimedia, and network-ready formats learning solutions made by Microsoft, with the
most timely and accurate information available. For more information, visit www.microsoft.com/mspress.