Whitman, M.E. and Mattord, H.J. (2011) Principles of Information Security, Fourth Edition, International Edition, Delmar Cengage Learning
A more recent version is available
Overview
The fourth edition of Principles of Information Security explores the field of information security and assurance with updated content including new innovations in technology and methodologies. Students will revel in the comprehensive coverage that includes a historical overview of information security, discussions on risk management and security technology, current certification information, and more. The text builds on internationally-recognized standards and bodies of knowledge to provide the knowledge and skills students need for their future roles as business decision-makers. Information security in the modern organization is a management issue which technology alone cannot answer; it is a problem that has important economic consequences for which management will be held accountable. Students can feel confident that they are using a standards-based, content-driven resource to prepare for their work in the field.
- Conforms fully to CNSS Training Standard 4011, which allows federal recognition of programs based on this book.
- Uses examples of information security issues, tools and practices implemented in today’s businesses, fostering real-world application.
- Includes Off-Line boxes with sidebar articles for further study, and Technical Details boxes that separate highly technical information from the chapter narrative for easier reading.
- Includes extensive end-of-chapter pedagogy, including exercises and cases that give students the opportunity to examine the information security arena outside the classroom.
- Contains updated managerial content to provide general, yet valuable information, without bogging your students down with extraneous, highly specific details.
Table of Contents
1. Introduction to Information Security.
2. The Need for Security.
3. Legal, Ethical, and Professional Issues in Information Security.
4. Risk Management.
5. Planning for Security.
6. Security Technology: Firewalls, VPNs, and Wireless
7. Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools.
8. Cryptography.
9. Physical Security.
10. Implementing Information Security.
11. Security and Personnel.
12. Information Security Maintenance and eDiscovery.
What’s New
- Enhanced section on Security Models and Standards, including access control models, Bell-LaPadula, Biba, and others, as well as enhanced coverage of NIST and ISO standards.
- New content on Security Governance adds depth and breadth to the topic.
- Updates on the newest laws and a host of identity theft bills.
- Includes a new section on addressing the methods and results of systems certification and accreditation in accordance with federal guidelines.
- Up-to-date examples and references maintain currency and relevance.
Microsoft Official Academic Course (2011) MTA Security Fundamentals, Exam 98-367 (Microsoft Official Academic Course), John Wiley & Sons
Download eBook PDF TOC (PDF 596KB)
Download eBook PDF Chapter 1 – Understanding Security Layers (PDF 1,478KB)
Download eBook PDF Chapter 2 – Authentication, Authorization, and Accounting (PDF 5,968KB)
Download eBook PDF Chapter 3 – Understanding Security Policies (PDF 2,784KB)
Download eBook PDF Chapter 4 – Understanding Network Security (PDF 1,749KB)
Download eBook PDF Chapter 5 – Protecting the Server and Client (PDF 3,468KB)
Download eBook PDF Appendix (PDF 582KB)
Download eBook PDF Index (PDF 641KB)
Students who are beginning studies in technology need a strong foundation in the basics before moving on to more advanced technology courses and certification programs. The Microsoft Technology Associate (MTA) is a new and innovative certification track designed to provide a pathway for future success in technology courses and careers. The MTA program curriculum helps instructors teach and validate fundamental technology concepts and provides students with a foundation for their careers as well as the confidence they need to succeed in advanced studies. Through the use of MOAC MTA titles you can help ensure your students future success in and out of the classroom. Vital fundamentals of security are included such as understanding security layers, authentication, authorization, and accounting. They will also become familair with security policies, network security and protecting the Server and Client.
Table of Contents
1 Understanding Security Layers.
2 Authentication, Authorization, and Accounting.
3 Understanding Security Policies.
4 Understanding Network Security.
5 Protecting the Server and Client.
Appendix A.
PowerPoints
Lesson 1: Understanding Security Layers (PPT 1,138KB)
Lesson 2: Authentication, Authorization, and Accounting (PPT 1,757KB)
Lesson 3: Understanding Security Policies (PPT 867KB)
Lesson 4: Understanding Network Security (PPT 1,391KB)
Lesson 5: Protecting the Server and Client (PPT 2,538KB)
The Honeyet Project (2001) Know Your Enemy – Revealing The Security Tools, Tactics, and Motives of the BlackHat Community, Addison Wesley
This book shares the lessons of the Honeynet Project, in which leading security professionals built networks designed to be compromised. From this they learned everything possible from the “blackhat” hackers who took the bait: their tools, their tactics, and their motives. The insights in this book will go a long way towards helping security professionals protect their networks against real attacks. If that’s not enough, the book shows you how to build your own honeynet, learning even more about today’s most significant exploits — and tomorrow’s. Lance Spitzer, leader of The Honeynet Project, begins by introducing honeynets and honeypots (the parts that make up the honeynet network), explaining how they work, and showing how to build one. Next, Know Your Enemy focuses on an in-depth analysis of attacks, including detailed analyses of compromised systems, and techniques for containing blackhat hackers while you gather evidence and work to identify them. Part III takes you into the minds of the blackhat hackers, focusing on the evidence left by actual attacks — not theory or speculation. For all computer security specialists, and network and system administrators concerned with intrusion detection and security.
The primary weapon of the Honeynet Project is the Honeynet, a unique solution designed to capture and study the blackhat’s every move. In this book you will learn in detail not only what the Honeynet Project has discovered about adversaries, but also how Honeynets are used to gather critical information. Aimed at both security professionals and those with a nontechnical background, this book teaches the technical skills needed to study a blackhat attack and learn from it. The CD includes examples of network traces, code, system binaries, and logs used intruders from the blackhat community, collected and used by the Honeynet Project.
Table of Contents
1. The Battleground.
I: THE HONEYNET.
2. What a Honeynet Is.
Honeypots.Honeynets.Value of a Honeynet.The Honeypots in the Honeynet.Summary.3. How a Honeynet Works.
Data Control.Data Capture.Access Control Layer.Network Layer.System Layer.Off-Line Layer.Social Engineering.Risk.Summary.4. Building a Honeynet.
Overall Architecture.Data Control.Data Capture.Maintaining a Honeynet and Reacting to Attacks.Summary.II: THE ANALYSIS.
5. Data Analysis.
Firewall Logs.IDS Analysis.System Logs.Summary.6. Analyzing a Compromised System.
The Attack.The Probe.The Exploit.Gaining Access.The Return.Analysis Review.Summary.7. Advanced Data Analysis.
Passive Fingerprinting.The Signatures.The ICMP Example.Forensics.Summary.8. Forensic Challenge.
Images.The Coroner’s Toolkit.MAC Times.Deleted Inodes.Data Recovery.Summary.III: THE ENEMY.
9. The Enemy.
The Threat.The Tactics.The Tools.The Motives.Changing Trends.Summary.10. Worms at War.
The Setup.The First Worm.The Second Worm.The Day After.Summary.11. In Their Own Words.
The Compromise.Reading the IRC Chat Sessions.Day 1, June 4.Day 2, June 5.Day 3, June 6.Day 4, June 7.Day 5, June 8.Day 6, June 9.Day 7, June 10.Analyzing the IRC Chat Sessions.Profiling Review.Psychological Review.Summary.12. The Future of the Honeynet.
Future Developments.Conclusion.Appendix A. Snort Configuration.
Snort Start-Up Script.Snort Configuration File, snort.conf..Appendix B. Swatch Configuration File.
Appendix C. Named NXT HOWTO.
Appendix D. NetBIOS Scans.
Appendix E. Source Code for bj.c.
Appendix F. TCP Passive Fingerprint Database.
Appendix G. ICMP Passive Fingerprint Database.
Appendix H. Honeynet Project Members.
Index. 0201746131T08302001
Cretaro, P. and Farwood, D. (2009) Lab Manual for Ciampa S Security+ Guide to Network Security Fundamentals, 3rd (Test Preparation), Delmar Cengage Learning
A more recent edition of this book is available
This lab manual, when used with the main text, “Security+ Guide to Network Security Fundamentals, Third Edition” will maximize students’ successes on CompTIA’s Security+ certification exam.
King, T. (2003) Security+ Training Guide, Pearson IT Certification
The Security+ certification is CompTIA’s response to membership requests to develop a foundation-level certification for security workers. The IT industry is in agreement that there is a need to better train, staff, and empower those tasked with designing and implementing information security, and Security+ is an effort to meet this demand. The exam is under consideration by Microsoft as the baseline security certification for Microsoft’s new security certification initiative.
The Security+ Training Guide is a comprehensive resource for those preparing to take this exam, covering everything in a format that maps to the exam objectives. The book has been subjected to a rigorous technical review, ensuring content is superior in both coverage and technical accuracy.
Introduction.
How This Book Helps You. What the Security+ Exam Covers. Hardware and Software Youll Need. Advice on Taking the Exam. Que Certification.
Study and Exam Prep Tips.
Learning Styles. Study Tips. Exam Prep Tips. Final Considerations.
I: EXAM PREPARATION.
1. General Security Concepts.
Introduction. A Brief History of Networks and Security. Basic Terminology. Access Control Techniques. Authentication Methods. Identifying Nonessential Services and Protocols. Attacks. Malicious Code. Social Engineering. Auditing.
2. Communication Security.
Introduction. Recognizing and Administering Remote and Wireless Access. Recognizing and Administering Security ControlsEmail Communications. Recognizing and Administering Security ControlsWeb Presence. Recognizing and Administering Security ControlsDirectory. Recognizing and Administering Security ControlsFile Transfer. Recognizing and Administering Security ControlsWireless. Recognizing Vulnerabilities and Taking ActionInstant Messaging.
3. Devices, Media, and Topology Security.
Introduction. Understanding the Basic Security Concepts of Network and System Devices. Understanding the Basic Security Concepts of Media. Understanding the Concepts of Security Topologies.
4. Intrusion Detection, Baselines, and Hardening.
Introduction. Network-Based Intrusion Detection. Host-Based Intrusion Detection. Honeypots. Incident Response. Understanding Security Baselines.
5. Cryptography Algorithms.
Introduction. Encryption Algorithms. Concepts of Using Encryption.
6. PKI and Key Management.
Introduction. Digital Certificates. Revocation. Trust Models. Identifying and Differentiating Standards and Protocols. Understanding and Explaining Key Management/Certificate Lifecycle.
7. Physical Security, Disaster Recovery, and Business Continuity.
Introduction. Physical Security. Disaster Recovery and Disaster Recovery Plans. Business Continuity.
8. Security Policy and Procedures.
Introduction. Security Policy.
9. Security Management.
Introduction. Privilege Management. Forensics. Risk Identification. Change Management. Awareness. Documentation.
II: FINAL REVIEW.
Fast Facts.
Introductory Note: Learn Key Terms! General Security Concepts. Communications Security. Infrastructure Security. Basics of Cryptography. Operational/Organizational Security.
Practice Exam.
Exam Questions. Answers to Exam Questions.
III: APPENDIXES.
Appendix A. Security Resources.
Appendix B. Glossary.
Appendix C. General Security Resources and Bibliography.
1. General Security Concepts. 2. Communication Security. 3. Devices, Media, and Topology Security. 4. Intrusion Detection, Baselines, and Hardening. 5. Cryptography Algorithms. 6. PKI and Key Management. 7. Physical Security, Disaster Recovery, and Business Continuity. 8. Security Policy and Procedures. 9. Security Management.
Appendix D. Overview of the Certification Process.
Description of the Path to Certification. About the Security+ Certification Program.
Appendix E. Whats on the CD-ROM.
PrepLogic Practice Tests, Preview Edition.
Appendix F. Using the PrepLogic Practice Tests, Preview Edition Software.
Exam Simulation. Question Quality. Interface Design. Effective Learning Environment. Software Requirements. Installing PrepLogic Practice Tests, Preview Edition. Removing PrepLogic Practice Tests, Preview Edition from Your Computer. Using PrepLogic Practice Tests, Preview Edition. Customer Service. Product Suggestions and Comments. License Agreement.
Index.
Stewart, J. M. (2004) Security+ FAST PASS, Sybex inc.
There is a more recent version of this book.
Get the streamlined tool you need to bone up for the Security+ exam [SYO–101]. Fast Pass coverage includes:
- General security concepts.
- Assessing risk.
- Securing communications.
- Implementing wireless security features.
- Configuring a firewall.
- Detecting intrusions.
- Securing your organization′s infrastructure.
- Understanding the basics of cryptography.
- Managing security keys and certificates.
- Ensuring operational and organizational security.
- Recovering from disasters.
- A CD–ROM so you can practice, practice, practice.
- Concise, objective–focused coverage and review questions.
Table of Contents
Introduction.
Chapter 1: General Security Concepts.
Chapter 2: Communication Security.
Chapter 3: Infrastructure Security.
Chapter 4: Basics of Cryptography.
Chapter 5: Operational/Organizational Security.
Pastore, M. and Dulaney, E. (2006) CompTIA Security+: Study Guide – Exam SY0-101. Third Edition, Sybex
More recent versions of this book are available,
Take charge of your career with certification that can increase your marketability. This new edition of the top–selling Guide is what you need to prepare for CompTIA′s Security+ SY0–101 exam.
Developed to meet the exacting requirements of today′s certification candidates and aspiring IT security professionals, this fully updated, comprehensive book features:
- Clear and concise information on crucial security topics.
- Practical examples and hands–on labs to prepare you for actual on–the–job situations.
- Authoritative coverage of all key exam topics including general security concepts; communication, infrastructure, operational, and organizational security; and cryptography basics.
The Guide covers all exam objectives, demonstrates implementation of important instructional design principles, and provides instructional reviews to help you assess your readiness for the exam. Additionally, the Guide includes a CD–ROM with advanced testing software, all chapter review questions, and bonus exams as well as electronic flashcards that run on your PC, Pocket PC, or Palm handheld.
Join the more than 20,000 security professionals who have earned this certification with the CompTIA authorized Study Guide.
Table of Contents
Introduction.
Assessment Test.
Chapter 1: General Security Concepts.
Chapter 2: Identifying Potential Risks.
Chapter 3: Infrastructure and Connectivity.
Chapter 4: Monitoring Activity and Intrusion Detection.
Chapter 5: Implementing and Maintaining a Secure Network.
Chapter 6: Securing the Network and Environment.
Chapter 7: Cryptography Basics, Methods, and Standards.
Chapter 8: Security Policies and Procedures.
Chapter 9: Security Management.
Glossary.
Dunham, K. (2000) Bigelow’s Virus Troubleshooting – Pocket Reference, McGraw-Hill
Take it wherever you go! This handy pocket reference will identify, diagnose, and eradicate all your computer viruses.
30,000 new viruses to be released this year! In addition, some of the newest viruses are so clever, they don t even require opening to execute.
No reference guide currently available! Computer users and professionals alike will be desperate for a reference to combat these deadly viruses.
Topics covered: Malicious software of all kinds, including macro viruses, e-mail attachment viruses, Trojan horses, worms, and others. Good computer hygiene gets lots of attention, including use of antivirus software; sections deal with detecting and removing viruses when they appear.
From the Back Cover
Identify, Diagnose and Combat Computer Viruses Now!
With the growing number of viruses infecting computers – and an increasing level of damage – safeguarding your system has never been more important than now. This useful pocket reference shows you how to detect viruses, what steps to take once infected, and how to prevent future attacks. Concise and thorough, this handy guide contains all you need for diagnosing and troubleshooting destructive computer viruses – including the newest generation of network email worms.
Inside you’ll find out about:
- Exposed Virus Myths and Hoaxes
- Antivirus Laws
- Symptoms of Infection
- Antivirus Software Scanning Methods
- Submitting Virus Samples for Analysis
- Repair and Rescue of Damaged or Lost Files
- Virus Reinfection and Risky Behavior
- Essential Emergency Software
- Alternative Operating Systems and Procedures
- Recommended Removal Procedures
Renowned anti-virus professional Ken Dunham reveals various troubleshooting scenarios, making this practical reference invaluable for all computer professionals and technicians.