ffi rs.indd 05/24/2017 page i · 2017-05-31 · ffi rs.indd 05/24/2017 page vii acknowledgments i...
TRANSCRIPT
ffi rsindd 05242017 Page i
ffi rsindd 05242017 Page iii
CASP TM
CompTIA Advanced Security Practitioner
Study Guide
Second Edition
Michael Gregg
ffi rsindd 05242017 Page iv
Senior Acquisitions Editor Jeff KellumDevelopment Editor Jim ComptonTechnical Editors Buzz Murphy and Dr John DeLallaProduction Editor Eric CharbonneauCopy Editor Liz WelchEditorial Manager Pete GaughanProduction Manager Kathleen WisorProfessional Technology and Strategy Director Barry PruettAssociate Publisher Chris WebbMedia Project Manager 1 Laura Moss-HollisterMedia Associate Producer Josh FrankMedia Quality Assurance Doug KuhnBook Designer Judy FungProofreader Nancy BellIndexer Ted LauxProject Coordinator Cover Patrick RedmondCover Designer WileyCopyright copy 2014 by John Wiley amp Sons Inc Indianapolis IndianaPublished simultaneously in Canada
ISBN 978-1-118-93084-7ISBN 978-1-118-93085-4 (ebk)ISBN 978-1-118-93086-1 (ebk)
No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording scanning or otherwise except as permit-ted under Sections 107 or 108 of the 1976 United States Copyright Act without either the prior written permission of the Publisher or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center 222 Rosewood Drive Danvers MA 01923 (978) 750-8400 fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department John Wiley amp Sons Inc 111 River Street Hoboken NJ 07030 (201) 748-6011 fax (201) 748-6008 or online at wwwwileycomgopermissions
Limit of LiabilityDisclaimer of Warranty The publisher and the author make no representations or war-ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties including without limitation warranties of fitness for a particular purpose No warrantymay be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal accounting or other professional services If professional assistance is required the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Web site is referred to in this work as a citation andor a potential source of further information does not mean that the author or thepublisher endorses the information the organization or Web site may provide or recommendations it may make Further readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read
For general information on our other products and services or to obtain technical support please contact our Customer Care Department within the US at (877) 762-2974 outside the US at (317) 572-3993 or fax (317) 572-4002
Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or in print-on-demand If this book refers to media such as a CD or DVD that is not included in the version you purchased youmay download this material at httpbooksupportwileycom For more information about Wiley products visit wwwwileycom
Library of Congress Control Number 2014946680
TRADEMARKS Wiley the Wiley logo and the Sybex logo are trademarks or registered trademarks of John Wiley amp Sons Inc andor its affiliates in the United States and other countries and may not be used without written permission CASP is a trademark of CompTIA Properties LLC All other trademarks are the property of their respective owners John Wiley amp Sons Inc is not associated with any product orvendor mentioned in this book
10 9 8 7 6 5 4 3 2 1
ffi rsindd 05242017 Page v
Dear ReaderThank you for choosing CASP CompTIA Advanced Security Practitioner Study GuideSecond Edition This book is part of a family of premium-quality Sybex books all of which are written by outstanding authors who combine practical experience with a gift for teaching
Sybex was founded in 1976 More than 30 years later wersquore still committed to producing con-sistently exceptional books With each of our titles wersquore working hard to set a new standard for the industry From the paper we print on to the authors we work with our goal is to bringyou the best books available
I hope you see all that refl ected in these pages Irsquod be very interested to hear your comments and get your feedback on how wersquore doing Feel free to let me know what you think about this or any other Sybex book by sending me an email at contactussybexcom If you think yoursquove found a technical error in this book please visit httpsybexcusthelpcom Customer feed-back is critical to our efforts at Sybex Best regards
Chris Webb Associate Publisher Sybex an Imprint of Wiley
ffi rsindd 05242017 Page vi
To Christine thank you for your love and for always supporting me in my
endeavors I love you
ffi rsindd 05242017 Page vii
Acknowledgments
I want to acknowledge and thank the talented team at Sybex and Wiley for their tirelesspursuit of accuracy precision and clarity Thank you for your skillful efforts
I would also like to acknowledge and thank you the reader for your desire for self-improvement and your faith in us to produce a resource worthy of your time money andconsumption Wersquove done our best to make this a powerful asset in your efforts to be a better IT professional To all of you who read this book keep learning and taking steps tomove your career forward
ffi rsindd 05242017 Page viii
About the Author
Michael Gregg is the founder and CEO of Superior Solutions Inc a Houston Texasndashbased IT security consulting fi rm Superior Solutions performs security assessments and penetration testing for Fortune 1000 fi rms The company has performed security assess-ments for private public and governmental agencies Its Houston-based team travels theUnited States to assess audit and provide training services
Michael is responsible for working with organizations to develop cost-effective and innovative technology solutions to security issues and for evaluating emerging technolo-gies He has more than 20 years of experience in the IT fi eld and holds two associatersquos degrees a bachelorrsquos degree and a masterrsquos degree In addition to co-writing the fi rst second and third editions of Security Administrator Street Smarts Michael has written or co-written 14 other books including Build Your Own Security Lab A Field Guide for Network Testing (ISBN 9780470179864) Hack the Stack Using Snort and Ethereal toMaster the 8 Layers of an Insecure Network (ISBN 9781597491099) Certifi ed Ethical Hacker Exam Prep 2 (ISBN 9780789735317) and Inside Network Security Assessment Guarding Your IT Infrastructure (ISBN 9780672328091)
Michael has been featured on Fox News the New York Times CBS News CNN andother print and TV outlets and has testifi ed before US Congress as an industrycyber secu-rity expert Michael has created over a dozen training security classes and training manu-als and has created and performed video instruction on many security topics such as cybersecurity CISSP CISA Security+ and others
When not consulting teaching or writing Michael enjoys 1960s muscle cars and giv-ing back to the community He is a board member of Habitat for Humanity
About the Contributor
Dr John DeLalla has been an educator with the University of Arizona for more thantwelve years as Program Director for the Bachelors of Applied Science degree in computernetwork administration John teaches a variety of networking classes He also founded and runs a non-credit IT certifi cation program offering community outreach via the uni-versity which includes the Security+ CASP and CISSP training courses Prior to joining the university he worked in the IT fi eld and helped launch a successful Silicon Valley dot-com in a public relations role John has also worked with The Walt Disney Company andtoured with the Goo Goo Dolls in a marketing role
John earned three degrees from Northern Arizona University BS in advertisingMEd in adult education and EdD in higher education leadership He has more than 20information technology certifi cations including IT security and wireless networking Hewas awarded the Superior Faculty Achievement Award for excellence in teaching in 2012and University of Arizona Staff Innovation Award in 2013 Away from the offi ce John has been building a riding railroad at his home in southern Arizona and is active in commu-nity affairs
ftocindd 09292014 Page ix
ContentsForeword xxi
Introduction xxv
Assessment Test lviii
Chapter 1 Cryptographic Tools and Techniques 1
The History of Cryptography 3Cryptographic Services 4
Cryptographic Goals 4Cryptographic Terms 5Cipher Types and Methods 8
Symmetric Encryption 10Data Encryption Standard 12Triple DES 13Advanced Encryption Standard 14International Data Encryption Algorithm 14Rivest Cipher Algorithms 14
Asymmetric Encryption 15DiffiendashHellman 16RSA 17Elliptic Curve Cryptography 18ElGamal 18
Hybrid Encryption 18Hashing 19
Hashing and Message Digests 19MD Series 21SHA 21HAVAL 22Message Authentication Code 22HMAC 22
Digital Signatures 22Public Key Infrastructure 24
Certificate Authority 25Registration Authority 25Certificate Revocation List 26Digital Certificates 26Certificate Distribution 28The Clientrsquos Role in PKI 29
Implementation of Cryptographic Solutions 30
x Contents
ftocindd 09292014 Page x
Application Layer Encryption 31Transport Layer Encryption 32Internet Layer Controls 33Physical Layer Controls 34Steganography 35
Cryptographic Attacks 36Summary 37Exam Essentials 38Review Questions 40
Chapter 2 Comprehensive Security Solutions 45
Advanced Network Design 47Network Authentication Methods 488021x 48Mesh Networks 48Remote Access 49Virtual Networking and Placement of
Security Components 51SCADA 55VoIP 56
TCPIP 58Network Interface Layer 59Internet Layer 61Transport Layer 67Application Layer 69
Secure Communication Solutions 72Network Data Flow 72SSL Inspection 73Domain Name Service 73Securing Zone Transfers 74Start of Authority 75Secure DNS 76Transaction Signature 77Fast Flux DNS 77Lightweight Directory Access Protocol 78Secure Directory Services 78Active Directory 78Security Information and Event Management 79Database Activity Monitoring 79Federated ID 79Single Sign-On 80Kerberos 80
Secure Facility Solutions 80
Contents xi
ftocindd 09292014 Page xi
Building Layouts 81Facilities Management 81
Secure Network Infrastructure Design 82Router Configuration 83Enterprise Service Bus 84Web Services Security 85
Summary 85Exam Essentials 86Review Questions 88
Chapter 3 Securing Virtualized Distributed and Shared Computing 93
Enterprise Security 96Software-Defined Networking 98
Cloud Computing 100Cloud Computing Models 100Cloud Computing Providers and Hosting Options 101Benefits of Cloud Computing 102Security of On-DemandElastic Cloud Computing 105Cloud Computing Vulnerabilities 109Cloud Storage 110Cloud-Augmented Security Services 111
Virtualization 112Virtualized Servers 113
Virtual LANs 118Virtual Networking and Security Components 120Enterprise Storage 121Summary 127Exam Essentials 127Review Questions 129
Chapter 4 Host Security 133
Firewalls and Network Access Control 136Host-Based Firewalls 141Trusted Operating Systems 144Endpoint Security Solutions 147
Common Threats to Endpoint Security 149Anti-malware 151
Antivirus 152Anti-spyware 154Spam Filters 155
Host Hardening 157Asset Management 162
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
ffi rsindd 05242017 Page iii
CASP TM
CompTIA Advanced Security Practitioner
Study Guide
Second Edition
Michael Gregg
ffi rsindd 05242017 Page iv
Senior Acquisitions Editor Jeff KellumDevelopment Editor Jim ComptonTechnical Editors Buzz Murphy and Dr John DeLallaProduction Editor Eric CharbonneauCopy Editor Liz WelchEditorial Manager Pete GaughanProduction Manager Kathleen WisorProfessional Technology and Strategy Director Barry PruettAssociate Publisher Chris WebbMedia Project Manager 1 Laura Moss-HollisterMedia Associate Producer Josh FrankMedia Quality Assurance Doug KuhnBook Designer Judy FungProofreader Nancy BellIndexer Ted LauxProject Coordinator Cover Patrick RedmondCover Designer WileyCopyright copy 2014 by John Wiley amp Sons Inc Indianapolis IndianaPublished simultaneously in Canada
ISBN 978-1-118-93084-7ISBN 978-1-118-93085-4 (ebk)ISBN 978-1-118-93086-1 (ebk)
No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording scanning or otherwise except as permit-ted under Sections 107 or 108 of the 1976 United States Copyright Act without either the prior written permission of the Publisher or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center 222 Rosewood Drive Danvers MA 01923 (978) 750-8400 fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department John Wiley amp Sons Inc 111 River Street Hoboken NJ 07030 (201) 748-6011 fax (201) 748-6008 or online at wwwwileycomgopermissions
Limit of LiabilityDisclaimer of Warranty The publisher and the author make no representations or war-ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties including without limitation warranties of fitness for a particular purpose No warrantymay be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal accounting or other professional services If professional assistance is required the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Web site is referred to in this work as a citation andor a potential source of further information does not mean that the author or thepublisher endorses the information the organization or Web site may provide or recommendations it may make Further readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read
For general information on our other products and services or to obtain technical support please contact our Customer Care Department within the US at (877) 762-2974 outside the US at (317) 572-3993 or fax (317) 572-4002
Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or in print-on-demand If this book refers to media such as a CD or DVD that is not included in the version you purchased youmay download this material at httpbooksupportwileycom For more information about Wiley products visit wwwwileycom
Library of Congress Control Number 2014946680
TRADEMARKS Wiley the Wiley logo and the Sybex logo are trademarks or registered trademarks of John Wiley amp Sons Inc andor its affiliates in the United States and other countries and may not be used without written permission CASP is a trademark of CompTIA Properties LLC All other trademarks are the property of their respective owners John Wiley amp Sons Inc is not associated with any product orvendor mentioned in this book
10 9 8 7 6 5 4 3 2 1
ffi rsindd 05242017 Page v
Dear ReaderThank you for choosing CASP CompTIA Advanced Security Practitioner Study GuideSecond Edition This book is part of a family of premium-quality Sybex books all of which are written by outstanding authors who combine practical experience with a gift for teaching
Sybex was founded in 1976 More than 30 years later wersquore still committed to producing con-sistently exceptional books With each of our titles wersquore working hard to set a new standard for the industry From the paper we print on to the authors we work with our goal is to bringyou the best books available
I hope you see all that refl ected in these pages Irsquod be very interested to hear your comments and get your feedback on how wersquore doing Feel free to let me know what you think about this or any other Sybex book by sending me an email at contactussybexcom If you think yoursquove found a technical error in this book please visit httpsybexcusthelpcom Customer feed-back is critical to our efforts at Sybex Best regards
Chris Webb Associate Publisher Sybex an Imprint of Wiley
ffi rsindd 05242017 Page vi
To Christine thank you for your love and for always supporting me in my
endeavors I love you
ffi rsindd 05242017 Page vii
Acknowledgments
I want to acknowledge and thank the talented team at Sybex and Wiley for their tirelesspursuit of accuracy precision and clarity Thank you for your skillful efforts
I would also like to acknowledge and thank you the reader for your desire for self-improvement and your faith in us to produce a resource worthy of your time money andconsumption Wersquove done our best to make this a powerful asset in your efforts to be a better IT professional To all of you who read this book keep learning and taking steps tomove your career forward
ffi rsindd 05242017 Page viii
About the Author
Michael Gregg is the founder and CEO of Superior Solutions Inc a Houston Texasndashbased IT security consulting fi rm Superior Solutions performs security assessments and penetration testing for Fortune 1000 fi rms The company has performed security assess-ments for private public and governmental agencies Its Houston-based team travels theUnited States to assess audit and provide training services
Michael is responsible for working with organizations to develop cost-effective and innovative technology solutions to security issues and for evaluating emerging technolo-gies He has more than 20 years of experience in the IT fi eld and holds two associatersquos degrees a bachelorrsquos degree and a masterrsquos degree In addition to co-writing the fi rst second and third editions of Security Administrator Street Smarts Michael has written or co-written 14 other books including Build Your Own Security Lab A Field Guide for Network Testing (ISBN 9780470179864) Hack the Stack Using Snort and Ethereal toMaster the 8 Layers of an Insecure Network (ISBN 9781597491099) Certifi ed Ethical Hacker Exam Prep 2 (ISBN 9780789735317) and Inside Network Security Assessment Guarding Your IT Infrastructure (ISBN 9780672328091)
Michael has been featured on Fox News the New York Times CBS News CNN andother print and TV outlets and has testifi ed before US Congress as an industrycyber secu-rity expert Michael has created over a dozen training security classes and training manu-als and has created and performed video instruction on many security topics such as cybersecurity CISSP CISA Security+ and others
When not consulting teaching or writing Michael enjoys 1960s muscle cars and giv-ing back to the community He is a board member of Habitat for Humanity
About the Contributor
Dr John DeLalla has been an educator with the University of Arizona for more thantwelve years as Program Director for the Bachelors of Applied Science degree in computernetwork administration John teaches a variety of networking classes He also founded and runs a non-credit IT certifi cation program offering community outreach via the uni-versity which includes the Security+ CASP and CISSP training courses Prior to joining the university he worked in the IT fi eld and helped launch a successful Silicon Valley dot-com in a public relations role John has also worked with The Walt Disney Company andtoured with the Goo Goo Dolls in a marketing role
John earned three degrees from Northern Arizona University BS in advertisingMEd in adult education and EdD in higher education leadership He has more than 20information technology certifi cations including IT security and wireless networking Hewas awarded the Superior Faculty Achievement Award for excellence in teaching in 2012and University of Arizona Staff Innovation Award in 2013 Away from the offi ce John has been building a riding railroad at his home in southern Arizona and is active in commu-nity affairs
ftocindd 09292014 Page ix
ContentsForeword xxi
Introduction xxv
Assessment Test lviii
Chapter 1 Cryptographic Tools and Techniques 1
The History of Cryptography 3Cryptographic Services 4
Cryptographic Goals 4Cryptographic Terms 5Cipher Types and Methods 8
Symmetric Encryption 10Data Encryption Standard 12Triple DES 13Advanced Encryption Standard 14International Data Encryption Algorithm 14Rivest Cipher Algorithms 14
Asymmetric Encryption 15DiffiendashHellman 16RSA 17Elliptic Curve Cryptography 18ElGamal 18
Hybrid Encryption 18Hashing 19
Hashing and Message Digests 19MD Series 21SHA 21HAVAL 22Message Authentication Code 22HMAC 22
Digital Signatures 22Public Key Infrastructure 24
Certificate Authority 25Registration Authority 25Certificate Revocation List 26Digital Certificates 26Certificate Distribution 28The Clientrsquos Role in PKI 29
Implementation of Cryptographic Solutions 30
x Contents
ftocindd 09292014 Page x
Application Layer Encryption 31Transport Layer Encryption 32Internet Layer Controls 33Physical Layer Controls 34Steganography 35
Cryptographic Attacks 36Summary 37Exam Essentials 38Review Questions 40
Chapter 2 Comprehensive Security Solutions 45
Advanced Network Design 47Network Authentication Methods 488021x 48Mesh Networks 48Remote Access 49Virtual Networking and Placement of
Security Components 51SCADA 55VoIP 56
TCPIP 58Network Interface Layer 59Internet Layer 61Transport Layer 67Application Layer 69
Secure Communication Solutions 72Network Data Flow 72SSL Inspection 73Domain Name Service 73Securing Zone Transfers 74Start of Authority 75Secure DNS 76Transaction Signature 77Fast Flux DNS 77Lightweight Directory Access Protocol 78Secure Directory Services 78Active Directory 78Security Information and Event Management 79Database Activity Monitoring 79Federated ID 79Single Sign-On 80Kerberos 80
Secure Facility Solutions 80
Contents xi
ftocindd 09292014 Page xi
Building Layouts 81Facilities Management 81
Secure Network Infrastructure Design 82Router Configuration 83Enterprise Service Bus 84Web Services Security 85
Summary 85Exam Essentials 86Review Questions 88
Chapter 3 Securing Virtualized Distributed and Shared Computing 93
Enterprise Security 96Software-Defined Networking 98
Cloud Computing 100Cloud Computing Models 100Cloud Computing Providers and Hosting Options 101Benefits of Cloud Computing 102Security of On-DemandElastic Cloud Computing 105Cloud Computing Vulnerabilities 109Cloud Storage 110Cloud-Augmented Security Services 111
Virtualization 112Virtualized Servers 113
Virtual LANs 118Virtual Networking and Security Components 120Enterprise Storage 121Summary 127Exam Essentials 127Review Questions 129
Chapter 4 Host Security 133
Firewalls and Network Access Control 136Host-Based Firewalls 141Trusted Operating Systems 144Endpoint Security Solutions 147
Common Threats to Endpoint Security 149Anti-malware 151
Antivirus 152Anti-spyware 154Spam Filters 155
Host Hardening 157Asset Management 162
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
ffi rsindd 05242017 Page iv
Senior Acquisitions Editor Jeff KellumDevelopment Editor Jim ComptonTechnical Editors Buzz Murphy and Dr John DeLallaProduction Editor Eric CharbonneauCopy Editor Liz WelchEditorial Manager Pete GaughanProduction Manager Kathleen WisorProfessional Technology and Strategy Director Barry PruettAssociate Publisher Chris WebbMedia Project Manager 1 Laura Moss-HollisterMedia Associate Producer Josh FrankMedia Quality Assurance Doug KuhnBook Designer Judy FungProofreader Nancy BellIndexer Ted LauxProject Coordinator Cover Patrick RedmondCover Designer WileyCopyright copy 2014 by John Wiley amp Sons Inc Indianapolis IndianaPublished simultaneously in Canada
ISBN 978-1-118-93084-7ISBN 978-1-118-93085-4 (ebk)ISBN 978-1-118-93086-1 (ebk)
No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording scanning or otherwise except as permit-ted under Sections 107 or 108 of the 1976 United States Copyright Act without either the prior written permission of the Publisher or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center 222 Rosewood Drive Danvers MA 01923 (978) 750-8400 fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department John Wiley amp Sons Inc 111 River Street Hoboken NJ 07030 (201) 748-6011 fax (201) 748-6008 or online at wwwwileycomgopermissions
Limit of LiabilityDisclaimer of Warranty The publisher and the author make no representations or war-ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties including without limitation warranties of fitness for a particular purpose No warrantymay be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal accounting or other professional services If professional assistance is required the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Web site is referred to in this work as a citation andor a potential source of further information does not mean that the author or thepublisher endorses the information the organization or Web site may provide or recommendations it may make Further readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read
For general information on our other products and services or to obtain technical support please contact our Customer Care Department within the US at (877) 762-2974 outside the US at (317) 572-3993 or fax (317) 572-4002
Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or in print-on-demand If this book refers to media such as a CD or DVD that is not included in the version you purchased youmay download this material at httpbooksupportwileycom For more information about Wiley products visit wwwwileycom
Library of Congress Control Number 2014946680
TRADEMARKS Wiley the Wiley logo and the Sybex logo are trademarks or registered trademarks of John Wiley amp Sons Inc andor its affiliates in the United States and other countries and may not be used without written permission CASP is a trademark of CompTIA Properties LLC All other trademarks are the property of their respective owners John Wiley amp Sons Inc is not associated with any product orvendor mentioned in this book
10 9 8 7 6 5 4 3 2 1
ffi rsindd 05242017 Page v
Dear ReaderThank you for choosing CASP CompTIA Advanced Security Practitioner Study GuideSecond Edition This book is part of a family of premium-quality Sybex books all of which are written by outstanding authors who combine practical experience with a gift for teaching
Sybex was founded in 1976 More than 30 years later wersquore still committed to producing con-sistently exceptional books With each of our titles wersquore working hard to set a new standard for the industry From the paper we print on to the authors we work with our goal is to bringyou the best books available
I hope you see all that refl ected in these pages Irsquod be very interested to hear your comments and get your feedback on how wersquore doing Feel free to let me know what you think about this or any other Sybex book by sending me an email at contactussybexcom If you think yoursquove found a technical error in this book please visit httpsybexcusthelpcom Customer feed-back is critical to our efforts at Sybex Best regards
Chris Webb Associate Publisher Sybex an Imprint of Wiley
ffi rsindd 05242017 Page vi
To Christine thank you for your love and for always supporting me in my
endeavors I love you
ffi rsindd 05242017 Page vii
Acknowledgments
I want to acknowledge and thank the talented team at Sybex and Wiley for their tirelesspursuit of accuracy precision and clarity Thank you for your skillful efforts
I would also like to acknowledge and thank you the reader for your desire for self-improvement and your faith in us to produce a resource worthy of your time money andconsumption Wersquove done our best to make this a powerful asset in your efforts to be a better IT professional To all of you who read this book keep learning and taking steps tomove your career forward
ffi rsindd 05242017 Page viii
About the Author
Michael Gregg is the founder and CEO of Superior Solutions Inc a Houston Texasndashbased IT security consulting fi rm Superior Solutions performs security assessments and penetration testing for Fortune 1000 fi rms The company has performed security assess-ments for private public and governmental agencies Its Houston-based team travels theUnited States to assess audit and provide training services
Michael is responsible for working with organizations to develop cost-effective and innovative technology solutions to security issues and for evaluating emerging technolo-gies He has more than 20 years of experience in the IT fi eld and holds two associatersquos degrees a bachelorrsquos degree and a masterrsquos degree In addition to co-writing the fi rst second and third editions of Security Administrator Street Smarts Michael has written or co-written 14 other books including Build Your Own Security Lab A Field Guide for Network Testing (ISBN 9780470179864) Hack the Stack Using Snort and Ethereal toMaster the 8 Layers of an Insecure Network (ISBN 9781597491099) Certifi ed Ethical Hacker Exam Prep 2 (ISBN 9780789735317) and Inside Network Security Assessment Guarding Your IT Infrastructure (ISBN 9780672328091)
Michael has been featured on Fox News the New York Times CBS News CNN andother print and TV outlets and has testifi ed before US Congress as an industrycyber secu-rity expert Michael has created over a dozen training security classes and training manu-als and has created and performed video instruction on many security topics such as cybersecurity CISSP CISA Security+ and others
When not consulting teaching or writing Michael enjoys 1960s muscle cars and giv-ing back to the community He is a board member of Habitat for Humanity
About the Contributor
Dr John DeLalla has been an educator with the University of Arizona for more thantwelve years as Program Director for the Bachelors of Applied Science degree in computernetwork administration John teaches a variety of networking classes He also founded and runs a non-credit IT certifi cation program offering community outreach via the uni-versity which includes the Security+ CASP and CISSP training courses Prior to joining the university he worked in the IT fi eld and helped launch a successful Silicon Valley dot-com in a public relations role John has also worked with The Walt Disney Company andtoured with the Goo Goo Dolls in a marketing role
John earned three degrees from Northern Arizona University BS in advertisingMEd in adult education and EdD in higher education leadership He has more than 20information technology certifi cations including IT security and wireless networking Hewas awarded the Superior Faculty Achievement Award for excellence in teaching in 2012and University of Arizona Staff Innovation Award in 2013 Away from the offi ce John has been building a riding railroad at his home in southern Arizona and is active in commu-nity affairs
ftocindd 09292014 Page ix
ContentsForeword xxi
Introduction xxv
Assessment Test lviii
Chapter 1 Cryptographic Tools and Techniques 1
The History of Cryptography 3Cryptographic Services 4
Cryptographic Goals 4Cryptographic Terms 5Cipher Types and Methods 8
Symmetric Encryption 10Data Encryption Standard 12Triple DES 13Advanced Encryption Standard 14International Data Encryption Algorithm 14Rivest Cipher Algorithms 14
Asymmetric Encryption 15DiffiendashHellman 16RSA 17Elliptic Curve Cryptography 18ElGamal 18
Hybrid Encryption 18Hashing 19
Hashing and Message Digests 19MD Series 21SHA 21HAVAL 22Message Authentication Code 22HMAC 22
Digital Signatures 22Public Key Infrastructure 24
Certificate Authority 25Registration Authority 25Certificate Revocation List 26Digital Certificates 26Certificate Distribution 28The Clientrsquos Role in PKI 29
Implementation of Cryptographic Solutions 30
x Contents
ftocindd 09292014 Page x
Application Layer Encryption 31Transport Layer Encryption 32Internet Layer Controls 33Physical Layer Controls 34Steganography 35
Cryptographic Attacks 36Summary 37Exam Essentials 38Review Questions 40
Chapter 2 Comprehensive Security Solutions 45
Advanced Network Design 47Network Authentication Methods 488021x 48Mesh Networks 48Remote Access 49Virtual Networking and Placement of
Security Components 51SCADA 55VoIP 56
TCPIP 58Network Interface Layer 59Internet Layer 61Transport Layer 67Application Layer 69
Secure Communication Solutions 72Network Data Flow 72SSL Inspection 73Domain Name Service 73Securing Zone Transfers 74Start of Authority 75Secure DNS 76Transaction Signature 77Fast Flux DNS 77Lightweight Directory Access Protocol 78Secure Directory Services 78Active Directory 78Security Information and Event Management 79Database Activity Monitoring 79Federated ID 79Single Sign-On 80Kerberos 80
Secure Facility Solutions 80
Contents xi
ftocindd 09292014 Page xi
Building Layouts 81Facilities Management 81
Secure Network Infrastructure Design 82Router Configuration 83Enterprise Service Bus 84Web Services Security 85
Summary 85Exam Essentials 86Review Questions 88
Chapter 3 Securing Virtualized Distributed and Shared Computing 93
Enterprise Security 96Software-Defined Networking 98
Cloud Computing 100Cloud Computing Models 100Cloud Computing Providers and Hosting Options 101Benefits of Cloud Computing 102Security of On-DemandElastic Cloud Computing 105Cloud Computing Vulnerabilities 109Cloud Storage 110Cloud-Augmented Security Services 111
Virtualization 112Virtualized Servers 113
Virtual LANs 118Virtual Networking and Security Components 120Enterprise Storage 121Summary 127Exam Essentials 127Review Questions 129
Chapter 4 Host Security 133
Firewalls and Network Access Control 136Host-Based Firewalls 141Trusted Operating Systems 144Endpoint Security Solutions 147
Common Threats to Endpoint Security 149Anti-malware 151
Antivirus 152Anti-spyware 154Spam Filters 155
Host Hardening 157Asset Management 162
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
ffi rsindd 05242017 Page v
Dear ReaderThank you for choosing CASP CompTIA Advanced Security Practitioner Study GuideSecond Edition This book is part of a family of premium-quality Sybex books all of which are written by outstanding authors who combine practical experience with a gift for teaching
Sybex was founded in 1976 More than 30 years later wersquore still committed to producing con-sistently exceptional books With each of our titles wersquore working hard to set a new standard for the industry From the paper we print on to the authors we work with our goal is to bringyou the best books available
I hope you see all that refl ected in these pages Irsquod be very interested to hear your comments and get your feedback on how wersquore doing Feel free to let me know what you think about this or any other Sybex book by sending me an email at contactussybexcom If you think yoursquove found a technical error in this book please visit httpsybexcusthelpcom Customer feed-back is critical to our efforts at Sybex Best regards
Chris Webb Associate Publisher Sybex an Imprint of Wiley
ffi rsindd 05242017 Page vi
To Christine thank you for your love and for always supporting me in my
endeavors I love you
ffi rsindd 05242017 Page vii
Acknowledgments
I want to acknowledge and thank the talented team at Sybex and Wiley for their tirelesspursuit of accuracy precision and clarity Thank you for your skillful efforts
I would also like to acknowledge and thank you the reader for your desire for self-improvement and your faith in us to produce a resource worthy of your time money andconsumption Wersquove done our best to make this a powerful asset in your efforts to be a better IT professional To all of you who read this book keep learning and taking steps tomove your career forward
ffi rsindd 05242017 Page viii
About the Author
Michael Gregg is the founder and CEO of Superior Solutions Inc a Houston Texasndashbased IT security consulting fi rm Superior Solutions performs security assessments and penetration testing for Fortune 1000 fi rms The company has performed security assess-ments for private public and governmental agencies Its Houston-based team travels theUnited States to assess audit and provide training services
Michael is responsible for working with organizations to develop cost-effective and innovative technology solutions to security issues and for evaluating emerging technolo-gies He has more than 20 years of experience in the IT fi eld and holds two associatersquos degrees a bachelorrsquos degree and a masterrsquos degree In addition to co-writing the fi rst second and third editions of Security Administrator Street Smarts Michael has written or co-written 14 other books including Build Your Own Security Lab A Field Guide for Network Testing (ISBN 9780470179864) Hack the Stack Using Snort and Ethereal toMaster the 8 Layers of an Insecure Network (ISBN 9781597491099) Certifi ed Ethical Hacker Exam Prep 2 (ISBN 9780789735317) and Inside Network Security Assessment Guarding Your IT Infrastructure (ISBN 9780672328091)
Michael has been featured on Fox News the New York Times CBS News CNN andother print and TV outlets and has testifi ed before US Congress as an industrycyber secu-rity expert Michael has created over a dozen training security classes and training manu-als and has created and performed video instruction on many security topics such as cybersecurity CISSP CISA Security+ and others
When not consulting teaching or writing Michael enjoys 1960s muscle cars and giv-ing back to the community He is a board member of Habitat for Humanity
About the Contributor
Dr John DeLalla has been an educator with the University of Arizona for more thantwelve years as Program Director for the Bachelors of Applied Science degree in computernetwork administration John teaches a variety of networking classes He also founded and runs a non-credit IT certifi cation program offering community outreach via the uni-versity which includes the Security+ CASP and CISSP training courses Prior to joining the university he worked in the IT fi eld and helped launch a successful Silicon Valley dot-com in a public relations role John has also worked with The Walt Disney Company andtoured with the Goo Goo Dolls in a marketing role
John earned three degrees from Northern Arizona University BS in advertisingMEd in adult education and EdD in higher education leadership He has more than 20information technology certifi cations including IT security and wireless networking Hewas awarded the Superior Faculty Achievement Award for excellence in teaching in 2012and University of Arizona Staff Innovation Award in 2013 Away from the offi ce John has been building a riding railroad at his home in southern Arizona and is active in commu-nity affairs
ftocindd 09292014 Page ix
ContentsForeword xxi
Introduction xxv
Assessment Test lviii
Chapter 1 Cryptographic Tools and Techniques 1
The History of Cryptography 3Cryptographic Services 4
Cryptographic Goals 4Cryptographic Terms 5Cipher Types and Methods 8
Symmetric Encryption 10Data Encryption Standard 12Triple DES 13Advanced Encryption Standard 14International Data Encryption Algorithm 14Rivest Cipher Algorithms 14
Asymmetric Encryption 15DiffiendashHellman 16RSA 17Elliptic Curve Cryptography 18ElGamal 18
Hybrid Encryption 18Hashing 19
Hashing and Message Digests 19MD Series 21SHA 21HAVAL 22Message Authentication Code 22HMAC 22
Digital Signatures 22Public Key Infrastructure 24
Certificate Authority 25Registration Authority 25Certificate Revocation List 26Digital Certificates 26Certificate Distribution 28The Clientrsquos Role in PKI 29
Implementation of Cryptographic Solutions 30
x Contents
ftocindd 09292014 Page x
Application Layer Encryption 31Transport Layer Encryption 32Internet Layer Controls 33Physical Layer Controls 34Steganography 35
Cryptographic Attacks 36Summary 37Exam Essentials 38Review Questions 40
Chapter 2 Comprehensive Security Solutions 45
Advanced Network Design 47Network Authentication Methods 488021x 48Mesh Networks 48Remote Access 49Virtual Networking and Placement of
Security Components 51SCADA 55VoIP 56
TCPIP 58Network Interface Layer 59Internet Layer 61Transport Layer 67Application Layer 69
Secure Communication Solutions 72Network Data Flow 72SSL Inspection 73Domain Name Service 73Securing Zone Transfers 74Start of Authority 75Secure DNS 76Transaction Signature 77Fast Flux DNS 77Lightweight Directory Access Protocol 78Secure Directory Services 78Active Directory 78Security Information and Event Management 79Database Activity Monitoring 79Federated ID 79Single Sign-On 80Kerberos 80
Secure Facility Solutions 80
Contents xi
ftocindd 09292014 Page xi
Building Layouts 81Facilities Management 81
Secure Network Infrastructure Design 82Router Configuration 83Enterprise Service Bus 84Web Services Security 85
Summary 85Exam Essentials 86Review Questions 88
Chapter 3 Securing Virtualized Distributed and Shared Computing 93
Enterprise Security 96Software-Defined Networking 98
Cloud Computing 100Cloud Computing Models 100Cloud Computing Providers and Hosting Options 101Benefits of Cloud Computing 102Security of On-DemandElastic Cloud Computing 105Cloud Computing Vulnerabilities 109Cloud Storage 110Cloud-Augmented Security Services 111
Virtualization 112Virtualized Servers 113
Virtual LANs 118Virtual Networking and Security Components 120Enterprise Storage 121Summary 127Exam Essentials 127Review Questions 129
Chapter 4 Host Security 133
Firewalls and Network Access Control 136Host-Based Firewalls 141Trusted Operating Systems 144Endpoint Security Solutions 147
Common Threats to Endpoint Security 149Anti-malware 151
Antivirus 152Anti-spyware 154Spam Filters 155
Host Hardening 157Asset Management 162
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
ffi rsindd 05242017 Page vi
To Christine thank you for your love and for always supporting me in my
endeavors I love you
ffi rsindd 05242017 Page vii
Acknowledgments
I want to acknowledge and thank the talented team at Sybex and Wiley for their tirelesspursuit of accuracy precision and clarity Thank you for your skillful efforts
I would also like to acknowledge and thank you the reader for your desire for self-improvement and your faith in us to produce a resource worthy of your time money andconsumption Wersquove done our best to make this a powerful asset in your efforts to be a better IT professional To all of you who read this book keep learning and taking steps tomove your career forward
ffi rsindd 05242017 Page viii
About the Author
Michael Gregg is the founder and CEO of Superior Solutions Inc a Houston Texasndashbased IT security consulting fi rm Superior Solutions performs security assessments and penetration testing for Fortune 1000 fi rms The company has performed security assess-ments for private public and governmental agencies Its Houston-based team travels theUnited States to assess audit and provide training services
Michael is responsible for working with organizations to develop cost-effective and innovative technology solutions to security issues and for evaluating emerging technolo-gies He has more than 20 years of experience in the IT fi eld and holds two associatersquos degrees a bachelorrsquos degree and a masterrsquos degree In addition to co-writing the fi rst second and third editions of Security Administrator Street Smarts Michael has written or co-written 14 other books including Build Your Own Security Lab A Field Guide for Network Testing (ISBN 9780470179864) Hack the Stack Using Snort and Ethereal toMaster the 8 Layers of an Insecure Network (ISBN 9781597491099) Certifi ed Ethical Hacker Exam Prep 2 (ISBN 9780789735317) and Inside Network Security Assessment Guarding Your IT Infrastructure (ISBN 9780672328091)
Michael has been featured on Fox News the New York Times CBS News CNN andother print and TV outlets and has testifi ed before US Congress as an industrycyber secu-rity expert Michael has created over a dozen training security classes and training manu-als and has created and performed video instruction on many security topics such as cybersecurity CISSP CISA Security+ and others
When not consulting teaching or writing Michael enjoys 1960s muscle cars and giv-ing back to the community He is a board member of Habitat for Humanity
About the Contributor
Dr John DeLalla has been an educator with the University of Arizona for more thantwelve years as Program Director for the Bachelors of Applied Science degree in computernetwork administration John teaches a variety of networking classes He also founded and runs a non-credit IT certifi cation program offering community outreach via the uni-versity which includes the Security+ CASP and CISSP training courses Prior to joining the university he worked in the IT fi eld and helped launch a successful Silicon Valley dot-com in a public relations role John has also worked with The Walt Disney Company andtoured with the Goo Goo Dolls in a marketing role
John earned three degrees from Northern Arizona University BS in advertisingMEd in adult education and EdD in higher education leadership He has more than 20information technology certifi cations including IT security and wireless networking Hewas awarded the Superior Faculty Achievement Award for excellence in teaching in 2012and University of Arizona Staff Innovation Award in 2013 Away from the offi ce John has been building a riding railroad at his home in southern Arizona and is active in commu-nity affairs
ftocindd 09292014 Page ix
ContentsForeword xxi
Introduction xxv
Assessment Test lviii
Chapter 1 Cryptographic Tools and Techniques 1
The History of Cryptography 3Cryptographic Services 4
Cryptographic Goals 4Cryptographic Terms 5Cipher Types and Methods 8
Symmetric Encryption 10Data Encryption Standard 12Triple DES 13Advanced Encryption Standard 14International Data Encryption Algorithm 14Rivest Cipher Algorithms 14
Asymmetric Encryption 15DiffiendashHellman 16RSA 17Elliptic Curve Cryptography 18ElGamal 18
Hybrid Encryption 18Hashing 19
Hashing and Message Digests 19MD Series 21SHA 21HAVAL 22Message Authentication Code 22HMAC 22
Digital Signatures 22Public Key Infrastructure 24
Certificate Authority 25Registration Authority 25Certificate Revocation List 26Digital Certificates 26Certificate Distribution 28The Clientrsquos Role in PKI 29
Implementation of Cryptographic Solutions 30
x Contents
ftocindd 09292014 Page x
Application Layer Encryption 31Transport Layer Encryption 32Internet Layer Controls 33Physical Layer Controls 34Steganography 35
Cryptographic Attacks 36Summary 37Exam Essentials 38Review Questions 40
Chapter 2 Comprehensive Security Solutions 45
Advanced Network Design 47Network Authentication Methods 488021x 48Mesh Networks 48Remote Access 49Virtual Networking and Placement of
Security Components 51SCADA 55VoIP 56
TCPIP 58Network Interface Layer 59Internet Layer 61Transport Layer 67Application Layer 69
Secure Communication Solutions 72Network Data Flow 72SSL Inspection 73Domain Name Service 73Securing Zone Transfers 74Start of Authority 75Secure DNS 76Transaction Signature 77Fast Flux DNS 77Lightweight Directory Access Protocol 78Secure Directory Services 78Active Directory 78Security Information and Event Management 79Database Activity Monitoring 79Federated ID 79Single Sign-On 80Kerberos 80
Secure Facility Solutions 80
Contents xi
ftocindd 09292014 Page xi
Building Layouts 81Facilities Management 81
Secure Network Infrastructure Design 82Router Configuration 83Enterprise Service Bus 84Web Services Security 85
Summary 85Exam Essentials 86Review Questions 88
Chapter 3 Securing Virtualized Distributed and Shared Computing 93
Enterprise Security 96Software-Defined Networking 98
Cloud Computing 100Cloud Computing Models 100Cloud Computing Providers and Hosting Options 101Benefits of Cloud Computing 102Security of On-DemandElastic Cloud Computing 105Cloud Computing Vulnerabilities 109Cloud Storage 110Cloud-Augmented Security Services 111
Virtualization 112Virtualized Servers 113
Virtual LANs 118Virtual Networking and Security Components 120Enterprise Storage 121Summary 127Exam Essentials 127Review Questions 129
Chapter 4 Host Security 133
Firewalls and Network Access Control 136Host-Based Firewalls 141Trusted Operating Systems 144Endpoint Security Solutions 147
Common Threats to Endpoint Security 149Anti-malware 151
Antivirus 152Anti-spyware 154Spam Filters 155
Host Hardening 157Asset Management 162
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
ffi rsindd 05242017 Page vii
Acknowledgments
I want to acknowledge and thank the talented team at Sybex and Wiley for their tirelesspursuit of accuracy precision and clarity Thank you for your skillful efforts
I would also like to acknowledge and thank you the reader for your desire for self-improvement and your faith in us to produce a resource worthy of your time money andconsumption Wersquove done our best to make this a powerful asset in your efforts to be a better IT professional To all of you who read this book keep learning and taking steps tomove your career forward
ffi rsindd 05242017 Page viii
About the Author
Michael Gregg is the founder and CEO of Superior Solutions Inc a Houston Texasndashbased IT security consulting fi rm Superior Solutions performs security assessments and penetration testing for Fortune 1000 fi rms The company has performed security assess-ments for private public and governmental agencies Its Houston-based team travels theUnited States to assess audit and provide training services
Michael is responsible for working with organizations to develop cost-effective and innovative technology solutions to security issues and for evaluating emerging technolo-gies He has more than 20 years of experience in the IT fi eld and holds two associatersquos degrees a bachelorrsquos degree and a masterrsquos degree In addition to co-writing the fi rst second and third editions of Security Administrator Street Smarts Michael has written or co-written 14 other books including Build Your Own Security Lab A Field Guide for Network Testing (ISBN 9780470179864) Hack the Stack Using Snort and Ethereal toMaster the 8 Layers of an Insecure Network (ISBN 9781597491099) Certifi ed Ethical Hacker Exam Prep 2 (ISBN 9780789735317) and Inside Network Security Assessment Guarding Your IT Infrastructure (ISBN 9780672328091)
Michael has been featured on Fox News the New York Times CBS News CNN andother print and TV outlets and has testifi ed before US Congress as an industrycyber secu-rity expert Michael has created over a dozen training security classes and training manu-als and has created and performed video instruction on many security topics such as cybersecurity CISSP CISA Security+ and others
When not consulting teaching or writing Michael enjoys 1960s muscle cars and giv-ing back to the community He is a board member of Habitat for Humanity
About the Contributor
Dr John DeLalla has been an educator with the University of Arizona for more thantwelve years as Program Director for the Bachelors of Applied Science degree in computernetwork administration John teaches a variety of networking classes He also founded and runs a non-credit IT certifi cation program offering community outreach via the uni-versity which includes the Security+ CASP and CISSP training courses Prior to joining the university he worked in the IT fi eld and helped launch a successful Silicon Valley dot-com in a public relations role John has also worked with The Walt Disney Company andtoured with the Goo Goo Dolls in a marketing role
John earned three degrees from Northern Arizona University BS in advertisingMEd in adult education and EdD in higher education leadership He has more than 20information technology certifi cations including IT security and wireless networking Hewas awarded the Superior Faculty Achievement Award for excellence in teaching in 2012and University of Arizona Staff Innovation Award in 2013 Away from the offi ce John has been building a riding railroad at his home in southern Arizona and is active in commu-nity affairs
ftocindd 09292014 Page ix
ContentsForeword xxi
Introduction xxv
Assessment Test lviii
Chapter 1 Cryptographic Tools and Techniques 1
The History of Cryptography 3Cryptographic Services 4
Cryptographic Goals 4Cryptographic Terms 5Cipher Types and Methods 8
Symmetric Encryption 10Data Encryption Standard 12Triple DES 13Advanced Encryption Standard 14International Data Encryption Algorithm 14Rivest Cipher Algorithms 14
Asymmetric Encryption 15DiffiendashHellman 16RSA 17Elliptic Curve Cryptography 18ElGamal 18
Hybrid Encryption 18Hashing 19
Hashing and Message Digests 19MD Series 21SHA 21HAVAL 22Message Authentication Code 22HMAC 22
Digital Signatures 22Public Key Infrastructure 24
Certificate Authority 25Registration Authority 25Certificate Revocation List 26Digital Certificates 26Certificate Distribution 28The Clientrsquos Role in PKI 29
Implementation of Cryptographic Solutions 30
x Contents
ftocindd 09292014 Page x
Application Layer Encryption 31Transport Layer Encryption 32Internet Layer Controls 33Physical Layer Controls 34Steganography 35
Cryptographic Attacks 36Summary 37Exam Essentials 38Review Questions 40
Chapter 2 Comprehensive Security Solutions 45
Advanced Network Design 47Network Authentication Methods 488021x 48Mesh Networks 48Remote Access 49Virtual Networking and Placement of
Security Components 51SCADA 55VoIP 56
TCPIP 58Network Interface Layer 59Internet Layer 61Transport Layer 67Application Layer 69
Secure Communication Solutions 72Network Data Flow 72SSL Inspection 73Domain Name Service 73Securing Zone Transfers 74Start of Authority 75Secure DNS 76Transaction Signature 77Fast Flux DNS 77Lightweight Directory Access Protocol 78Secure Directory Services 78Active Directory 78Security Information and Event Management 79Database Activity Monitoring 79Federated ID 79Single Sign-On 80Kerberos 80
Secure Facility Solutions 80
Contents xi
ftocindd 09292014 Page xi
Building Layouts 81Facilities Management 81
Secure Network Infrastructure Design 82Router Configuration 83Enterprise Service Bus 84Web Services Security 85
Summary 85Exam Essentials 86Review Questions 88
Chapter 3 Securing Virtualized Distributed and Shared Computing 93
Enterprise Security 96Software-Defined Networking 98
Cloud Computing 100Cloud Computing Models 100Cloud Computing Providers and Hosting Options 101Benefits of Cloud Computing 102Security of On-DemandElastic Cloud Computing 105Cloud Computing Vulnerabilities 109Cloud Storage 110Cloud-Augmented Security Services 111
Virtualization 112Virtualized Servers 113
Virtual LANs 118Virtual Networking and Security Components 120Enterprise Storage 121Summary 127Exam Essentials 127Review Questions 129
Chapter 4 Host Security 133
Firewalls and Network Access Control 136Host-Based Firewalls 141Trusted Operating Systems 144Endpoint Security Solutions 147
Common Threats to Endpoint Security 149Anti-malware 151
Antivirus 152Anti-spyware 154Spam Filters 155
Host Hardening 157Asset Management 162
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
ffi rsindd 05242017 Page viii
About the Author
Michael Gregg is the founder and CEO of Superior Solutions Inc a Houston Texasndashbased IT security consulting fi rm Superior Solutions performs security assessments and penetration testing for Fortune 1000 fi rms The company has performed security assess-ments for private public and governmental agencies Its Houston-based team travels theUnited States to assess audit and provide training services
Michael is responsible for working with organizations to develop cost-effective and innovative technology solutions to security issues and for evaluating emerging technolo-gies He has more than 20 years of experience in the IT fi eld and holds two associatersquos degrees a bachelorrsquos degree and a masterrsquos degree In addition to co-writing the fi rst second and third editions of Security Administrator Street Smarts Michael has written or co-written 14 other books including Build Your Own Security Lab A Field Guide for Network Testing (ISBN 9780470179864) Hack the Stack Using Snort and Ethereal toMaster the 8 Layers of an Insecure Network (ISBN 9781597491099) Certifi ed Ethical Hacker Exam Prep 2 (ISBN 9780789735317) and Inside Network Security Assessment Guarding Your IT Infrastructure (ISBN 9780672328091)
Michael has been featured on Fox News the New York Times CBS News CNN andother print and TV outlets and has testifi ed before US Congress as an industrycyber secu-rity expert Michael has created over a dozen training security classes and training manu-als and has created and performed video instruction on many security topics such as cybersecurity CISSP CISA Security+ and others
When not consulting teaching or writing Michael enjoys 1960s muscle cars and giv-ing back to the community He is a board member of Habitat for Humanity
About the Contributor
Dr John DeLalla has been an educator with the University of Arizona for more thantwelve years as Program Director for the Bachelors of Applied Science degree in computernetwork administration John teaches a variety of networking classes He also founded and runs a non-credit IT certifi cation program offering community outreach via the uni-versity which includes the Security+ CASP and CISSP training courses Prior to joining the university he worked in the IT fi eld and helped launch a successful Silicon Valley dot-com in a public relations role John has also worked with The Walt Disney Company andtoured with the Goo Goo Dolls in a marketing role
John earned three degrees from Northern Arizona University BS in advertisingMEd in adult education and EdD in higher education leadership He has more than 20information technology certifi cations including IT security and wireless networking Hewas awarded the Superior Faculty Achievement Award for excellence in teaching in 2012and University of Arizona Staff Innovation Award in 2013 Away from the offi ce John has been building a riding railroad at his home in southern Arizona and is active in commu-nity affairs
ftocindd 09292014 Page ix
ContentsForeword xxi
Introduction xxv
Assessment Test lviii
Chapter 1 Cryptographic Tools and Techniques 1
The History of Cryptography 3Cryptographic Services 4
Cryptographic Goals 4Cryptographic Terms 5Cipher Types and Methods 8
Symmetric Encryption 10Data Encryption Standard 12Triple DES 13Advanced Encryption Standard 14International Data Encryption Algorithm 14Rivest Cipher Algorithms 14
Asymmetric Encryption 15DiffiendashHellman 16RSA 17Elliptic Curve Cryptography 18ElGamal 18
Hybrid Encryption 18Hashing 19
Hashing and Message Digests 19MD Series 21SHA 21HAVAL 22Message Authentication Code 22HMAC 22
Digital Signatures 22Public Key Infrastructure 24
Certificate Authority 25Registration Authority 25Certificate Revocation List 26Digital Certificates 26Certificate Distribution 28The Clientrsquos Role in PKI 29
Implementation of Cryptographic Solutions 30
x Contents
ftocindd 09292014 Page x
Application Layer Encryption 31Transport Layer Encryption 32Internet Layer Controls 33Physical Layer Controls 34Steganography 35
Cryptographic Attacks 36Summary 37Exam Essentials 38Review Questions 40
Chapter 2 Comprehensive Security Solutions 45
Advanced Network Design 47Network Authentication Methods 488021x 48Mesh Networks 48Remote Access 49Virtual Networking and Placement of
Security Components 51SCADA 55VoIP 56
TCPIP 58Network Interface Layer 59Internet Layer 61Transport Layer 67Application Layer 69
Secure Communication Solutions 72Network Data Flow 72SSL Inspection 73Domain Name Service 73Securing Zone Transfers 74Start of Authority 75Secure DNS 76Transaction Signature 77Fast Flux DNS 77Lightweight Directory Access Protocol 78Secure Directory Services 78Active Directory 78Security Information and Event Management 79Database Activity Monitoring 79Federated ID 79Single Sign-On 80Kerberos 80
Secure Facility Solutions 80
Contents xi
ftocindd 09292014 Page xi
Building Layouts 81Facilities Management 81
Secure Network Infrastructure Design 82Router Configuration 83Enterprise Service Bus 84Web Services Security 85
Summary 85Exam Essentials 86Review Questions 88
Chapter 3 Securing Virtualized Distributed and Shared Computing 93
Enterprise Security 96Software-Defined Networking 98
Cloud Computing 100Cloud Computing Models 100Cloud Computing Providers and Hosting Options 101Benefits of Cloud Computing 102Security of On-DemandElastic Cloud Computing 105Cloud Computing Vulnerabilities 109Cloud Storage 110Cloud-Augmented Security Services 111
Virtualization 112Virtualized Servers 113
Virtual LANs 118Virtual Networking and Security Components 120Enterprise Storage 121Summary 127Exam Essentials 127Review Questions 129
Chapter 4 Host Security 133
Firewalls and Network Access Control 136Host-Based Firewalls 141Trusted Operating Systems 144Endpoint Security Solutions 147
Common Threats to Endpoint Security 149Anti-malware 151
Antivirus 152Anti-spyware 154Spam Filters 155
Host Hardening 157Asset Management 162
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
ftocindd 09292014 Page ix
ContentsForeword xxi
Introduction xxv
Assessment Test lviii
Chapter 1 Cryptographic Tools and Techniques 1
The History of Cryptography 3Cryptographic Services 4
Cryptographic Goals 4Cryptographic Terms 5Cipher Types and Methods 8
Symmetric Encryption 10Data Encryption Standard 12Triple DES 13Advanced Encryption Standard 14International Data Encryption Algorithm 14Rivest Cipher Algorithms 14
Asymmetric Encryption 15DiffiendashHellman 16RSA 17Elliptic Curve Cryptography 18ElGamal 18
Hybrid Encryption 18Hashing 19
Hashing and Message Digests 19MD Series 21SHA 21HAVAL 22Message Authentication Code 22HMAC 22
Digital Signatures 22Public Key Infrastructure 24
Certificate Authority 25Registration Authority 25Certificate Revocation List 26Digital Certificates 26Certificate Distribution 28The Clientrsquos Role in PKI 29
Implementation of Cryptographic Solutions 30
x Contents
ftocindd 09292014 Page x
Application Layer Encryption 31Transport Layer Encryption 32Internet Layer Controls 33Physical Layer Controls 34Steganography 35
Cryptographic Attacks 36Summary 37Exam Essentials 38Review Questions 40
Chapter 2 Comprehensive Security Solutions 45
Advanced Network Design 47Network Authentication Methods 488021x 48Mesh Networks 48Remote Access 49Virtual Networking and Placement of
Security Components 51SCADA 55VoIP 56
TCPIP 58Network Interface Layer 59Internet Layer 61Transport Layer 67Application Layer 69
Secure Communication Solutions 72Network Data Flow 72SSL Inspection 73Domain Name Service 73Securing Zone Transfers 74Start of Authority 75Secure DNS 76Transaction Signature 77Fast Flux DNS 77Lightweight Directory Access Protocol 78Secure Directory Services 78Active Directory 78Security Information and Event Management 79Database Activity Monitoring 79Federated ID 79Single Sign-On 80Kerberos 80
Secure Facility Solutions 80
Contents xi
ftocindd 09292014 Page xi
Building Layouts 81Facilities Management 81
Secure Network Infrastructure Design 82Router Configuration 83Enterprise Service Bus 84Web Services Security 85
Summary 85Exam Essentials 86Review Questions 88
Chapter 3 Securing Virtualized Distributed and Shared Computing 93
Enterprise Security 96Software-Defined Networking 98
Cloud Computing 100Cloud Computing Models 100Cloud Computing Providers and Hosting Options 101Benefits of Cloud Computing 102Security of On-DemandElastic Cloud Computing 105Cloud Computing Vulnerabilities 109Cloud Storage 110Cloud-Augmented Security Services 111
Virtualization 112Virtualized Servers 113
Virtual LANs 118Virtual Networking and Security Components 120Enterprise Storage 121Summary 127Exam Essentials 127Review Questions 129
Chapter 4 Host Security 133
Firewalls and Network Access Control 136Host-Based Firewalls 141Trusted Operating Systems 144Endpoint Security Solutions 147
Common Threats to Endpoint Security 149Anti-malware 151
Antivirus 152Anti-spyware 154Spam Filters 155
Host Hardening 157Asset Management 162
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
x Contents
ftocindd 09292014 Page x
Application Layer Encryption 31Transport Layer Encryption 32Internet Layer Controls 33Physical Layer Controls 34Steganography 35
Cryptographic Attacks 36Summary 37Exam Essentials 38Review Questions 40
Chapter 2 Comprehensive Security Solutions 45
Advanced Network Design 47Network Authentication Methods 488021x 48Mesh Networks 48Remote Access 49Virtual Networking and Placement of
Security Components 51SCADA 55VoIP 56
TCPIP 58Network Interface Layer 59Internet Layer 61Transport Layer 67Application Layer 69
Secure Communication Solutions 72Network Data Flow 72SSL Inspection 73Domain Name Service 73Securing Zone Transfers 74Start of Authority 75Secure DNS 76Transaction Signature 77Fast Flux DNS 77Lightweight Directory Access Protocol 78Secure Directory Services 78Active Directory 78Security Information and Event Management 79Database Activity Monitoring 79Federated ID 79Single Sign-On 80Kerberos 80
Secure Facility Solutions 80
Contents xi
ftocindd 09292014 Page xi
Building Layouts 81Facilities Management 81
Secure Network Infrastructure Design 82Router Configuration 83Enterprise Service Bus 84Web Services Security 85
Summary 85Exam Essentials 86Review Questions 88
Chapter 3 Securing Virtualized Distributed and Shared Computing 93
Enterprise Security 96Software-Defined Networking 98
Cloud Computing 100Cloud Computing Models 100Cloud Computing Providers and Hosting Options 101Benefits of Cloud Computing 102Security of On-DemandElastic Cloud Computing 105Cloud Computing Vulnerabilities 109Cloud Storage 110Cloud-Augmented Security Services 111
Virtualization 112Virtualized Servers 113
Virtual LANs 118Virtual Networking and Security Components 120Enterprise Storage 121Summary 127Exam Essentials 127Review Questions 129
Chapter 4 Host Security 133
Firewalls and Network Access Control 136Host-Based Firewalls 141Trusted Operating Systems 144Endpoint Security Solutions 147
Common Threats to Endpoint Security 149Anti-malware 151
Antivirus 152Anti-spyware 154Spam Filters 155
Host Hardening 157Asset Management 162
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
Contents xi
ftocindd 09292014 Page xi
Building Layouts 81Facilities Management 81
Secure Network Infrastructure Design 82Router Configuration 83Enterprise Service Bus 84Web Services Security 85
Summary 85Exam Essentials 86Review Questions 88
Chapter 3 Securing Virtualized Distributed and Shared Computing 93
Enterprise Security 96Software-Defined Networking 98
Cloud Computing 100Cloud Computing Models 100Cloud Computing Providers and Hosting Options 101Benefits of Cloud Computing 102Security of On-DemandElastic Cloud Computing 105Cloud Computing Vulnerabilities 109Cloud Storage 110Cloud-Augmented Security Services 111
Virtualization 112Virtualized Servers 113
Virtual LANs 118Virtual Networking and Security Components 120Enterprise Storage 121Summary 127Exam Essentials 127Review Questions 129
Chapter 4 Host Security 133
Firewalls and Network Access Control 136Host-Based Firewalls 141Trusted Operating Systems 144Endpoint Security Solutions 147
Common Threats to Endpoint Security 149Anti-malware 151
Antivirus 152Anti-spyware 154Spam Filters 155
Host Hardening 157Asset Management 162
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
xii Contents
ftocindd 09292014 Page xii
Data Exfiltration 163Intrusion Detection and Prevention 165Network Management Monitoring and Security Tools 168
Security Devices 168Operational and Consumer Network-Enabled Devices 169
Summary 170Exam Essentials 171Review Questions 173
Chapter 5 Application Security and Penetration Testing 177
Application Security Testing 180Specific Application Issues 182
Cross-Site Scripting 183Cross-Site Request Forgery 184Improper Error Handling 184Geotagging 185Clickjacking 185Session Management 186Input Validation 187SQL Injection 187
Application Sandboxing 189Application Security Frameworks 189
Standard Libraries 191Secure Coding Standards 191Application Exploits 193Escalation of Privilege 193Improper Storage of Sensitive Data 194Cookie Storage and Transmission 195Malware Sandboxing 196Memory Dumping 197Process Handling at the Client and Server 197
JSONREST 198Browser Extensions 198Ajax 198JavaScriptApplets 199Flash 199HTML5 200SOAP 200Web Services Security 200Buffer Overflow 201Memory Leaks 202Integer Overflow 202Race Conditions (TOCTOU) 203
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
Contents xiii
ftocindd 09292014 Page xiii
Resource Exhaustion 204Security Assessments and Penetration Testing 204
Test Methods 205Penetration Testing Steps 205Assessment Types 206Vulnerability Assessment Areas 207Security Assessment and Penetration Test Tools 209
Summary 222Exam Essentials 223Review Questions 224
Chapter 6 Risk Management 229
Risk Terminology 232Identifying Vulnerabilities 233Operational Risks 236
Risk in Business Models 236Risk in External and Internal Influences 243Risks with Data 246
The Risk Assessment Process 252Asset Identification 252Information Classification 254Risk Assessment 255Risk Analysis Options 260Implementing Controls 261Continuous Monitoring 263Enterprise Security Architecture
Frameworks and Governance 263Best Practices for Risk Assessments 264Summary 265Exam Essentials 266Review Questions 268
Chapter 7 Policies Procedures and Incident Response 273
A High-Level View of Documentation 276The Policy Development Process 277Policies and Procedures 278
Business Documents Used to Support Security 283Documents and Controls Used for Sensitive Information 286
Why Security 286Personally Identifiable Information Controls 287Data Breaches 288Policies Used to Manage Employees 290
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
xiv Contents
ftocindd 09292014 Page xiv
Training and Awareness for Users 294Auditing Requirements and Frequency 296The Incident Response Framework 297Incident and Emergency Response 300
Digital Forensics Tasks 301Summary 305Exam Essentials 306Review Questions 308
Chapter 8 Security Research and Analysis 313
Apply Research Methods to Determine Industry Trends and Impact to the Enterprise 316
Performing Ongoing Research 316Best Practices 321New Technologies 323Situational Awareness 332Knowledge of Current Vulnerabilities and Threats 336Research Security Implications of New Business Tools 341Global IA Industry Community 344Research Security Requirements for Contracts 348
Analyze Scenarios to Secure the Enterprise 350Benchmarking and Baselining 350Prototyping and Testing Multiple Solutions 350CostndashBenefit Analysis 351Metrics Collection and Analysis 352Analyze and Interpret Trend Data to Anticipate
Cyber Defense Needs 352Reviewing Effectiveness of Existing Security Controls 353Reverse Engineering or Deconstructing
Existing Solutions 354Analyzing Security Solutions to Ensure
They Meet Business Needs 354Conducting a Lessons LearnedAfter-Action Review 356Using Judgment to Solve Difficult Problems 356
Summary 357Exam Essentials 358Review Questions 359
Chapter 9 Enterprise Security Integration 363
Integrate Enterprise Disciplines to Achieve Secure Solutions 366The Role of IT Governance 368
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
Contents xv
ftocindd 09292014 Page xv
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines 370
Providing Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls 373
Establish Effective Collaboration within Teams to Implement Secure Solutions 375
Disciplines 378Integrate Hosts Storage Networks and Applications
into a Secure Enterprise Architecture 381Secure Data Flows to Meet Changing Business Needs 384Logical Deployment Diagram and Corresponding
Physical Deployment Diagram of All Relevant Devices 386Secure Infrastructure Design 386Standards 387Design Considerations During Mergers Acquisitions
and De-mergersDivestitures 387Technical Deployment Models (Outsourcing
Insourcing Managed Services Partnership) 388Storage Integration (Security Considerations) 389In-House Developed vs Commercial vs
Commercial Customized 390Interoperability Issues 392Enterprise Application Integration Enablers 393
Summary 394Exam Essentials 395Review Questions 396
Chapter 10 Security Controls for Communication and Collaboration 401
Selecting the Appropriate Control to Secure Communications and Collaboration Solutions 404
Security of Unified Collaboration 405VoIP 413VoIP Implementation 415Remote Access and Advanced Trust Models 416Mobile Device Management 417Secure External Communications 418Secure Implementation of Collaboration Sites
and Platforms 420Prioritizing Traffic with QoS 421Mobile Devices 422
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
ftocindd 09292014 Page xvi
xvi Contents
Integrate Advanced Authentication and Authorization Technologies to Support Enterprise Objectives 425
Authentication 426Authorization 426Federation and SAML 426Identity Propagation 428XACML 428SOAP 429Single Sign-On 430Service Provisioning Markup Language 430OAUTH 431Attestation 431Certificate-Based Authentication 431
Implement Security Activities across the Technology Life Cycle 433
End-to-End Solution Ownership 433Understanding the Results of Solutions in Advance 434Systems Development Life Cycle 436Adapt Solutions to Address Emerging Threats
and Security Trends 439Validating System Designs 441
Summary 444Exam Essentials 444Review Questions 446
Appendix A CASP Lab Manual 451
What Yoursquoll Need 452Lab A1 Verifying a Baseline Security Configuration 455Lab A2 Introduction to a Protocol Analyzer 458Lab A3 Performing a Wireless Site Survey 461Lab A4 Using Windows Remote Access 462
Connecting to the Remote Desktop PC 463Lab A5 Configuring a VPN Client 464Lab A6 Using the Windows Command-Line Interface (CLI) 467Lab A7 Cisco IOS Command-Line Basics 469Lab A8 Shopping for Wi-Fi Antennas 470Lab A9 Cloud Provisioning 472Lab A10 Introduction to Windows Command-line
Forensic Tools 473Lab A11 Introduction to Hashing Using a GUI 480Lab A12 Hashing from the Command Line 482
Verifying File Integrity from a Command Line 482Verifying File Integrity on a Downloaded File 483
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
ftocindd 09292014 Page xvii
Contents xvii
Lab A13 Cracking Encrypted Passwords 484Lab A14 Threat Modeling 486Lab A15 Social Engineering 487Lab A16 Downloading Verifying and Installing
a Virtual Environment 490Lab A17 Exploring Your Virtual Network 493Lab A18 Port Scanning 497Lab A19 Introduction to the Metasploit Framework 501Lab A20 Sniffing NETinVM Traffic with Wireshark 503Suggestions for Further Exploration of Security Topics 507
Appendix B Answers to Review Questions 509
Chapter 1 Cryptographic Tools and Techniques 510Chapter 2 Comprehensive Security Solutions 511Chapter 3 Securing Virtualized Distributed and
Shared Computing 512Chapter 4 Host Security 513Chapter 5 Application Security and Penetration Testing 514Chapter 6 Risk Management 515Chapter 7 Policies Procedures and Incident Response 517Chapter 8 Security Research and Analysis 518Chapter 9 Enterprise Security Integration 519Chapter 10 Security Controls for Communication
and Collaboration 520
Appendix C About the Additional Study Tools 523
Additional Study Tools 524Sybex Test Engine 524Electronic Flashcards 524PDF of Glossary of Terms 524Adobe Reader 524
System Requirements 524Using the Study Tools 525Troubleshooting 525
Customer Care 525
Index 527
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
fl astindd 09292014 Page xviii
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
fl astindd 09292014 Page xix
Table of Exercises
Exercise 21 Sniffing VoIP Traffic 58
Exercise 22 Spoofing MAC Addresses with SMAC 60
Exercise 23 Sniffing IPv4 with Wireshark 62
Exercise 24 Capturing a Ping Packet with Wireshark 66
Exercise 25 Capturing a TCP Header with Wireshark 68
Exercise 26 Using Men amp Mice to Verify DNS Configuration 75
Exercise 27 Attempting a Zone Transfer 76
Exercise 31 What Services Should Be Moved to the Cloud 104
Exercise 32 Identifying Risks and Issues with Cloud Computing 108
Exercise 33 Turning to the Cloud for Storage and Large File Transfer 111
Exercise 34 Creating a Virtual Machine 114
Exercise 35 Understanding Online Storage 124
Exercise 41 Reviewing and Assessing ACLs 140
Exercise 42 Configuring IPTables 143
Exercise 43 Testing Your Antivirus Program 153
Exercise 44 Taking Control of a Router with Physical Access 159
Exercise 45 Running a Security Scanner to Identify Vulnerabilities 160
Exercise 46 Bypassing Command Shell Restrictions 161
Exercise 51 Identifying Testing Types at Your Organization 181
Exercise 52 Downloading and Running Kali 209
Exercise 53 Performing Passive Reconnaissance on Your Company
or Another Organization 211
Exercise 54 Performing TCP and UDP Port Scanning 214
Exercise 61 Tracking Vulnerabilities in Software 234
Exercise 62 Outsourcing Issues to Review 239
Exercise 63 Calculating Annualized Loss Expectancy 258
Exercise 71 Reviewing Security Policy 282
Exercise 72 Reviewing Documents 285
Exercise 73 Reviewing the Employee Termination Process 294
Exercise 74 Exploring Helix a Well-Known Forensic Tool 305
Exercise 81 Using WinDump to Sniff Traffic 324
Exercise 82 Exploring the Nagios Tool 325
Exercise 83 Using Ophcrack 328
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
xx Table of Exercises
fl astindd 09292014 Page xx
Exercise 84 Installing Cookie Cadger 334
Exercise 85 Identifying XSS Vulnerabilities 335
Exercise 91 Reviewing Your Companyrsquos Acceptable Use Policy 372
Exercise 101 Eavesdropping on Web Conferences 405
Exercise 102 Sniffing Email with Wireshark 411
Exercise 103 Sniffing VoIP with Cain amp Abel 413
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
fl astindd 09292014 Page xxifl astindd 09292014 Page xxi
Foreword
It Pays to Get Certified
In a digital world digital literacy is an essential survival skill Certifi cation demon-strates that you have the knowledge and skill to solve technical or business problems in virtually any business environment CompTIA certifi cations are highly valued creden-tials that qualify you for jobs increased compensation and promotion
Job RetentionIT Knowledge and
Skills Get JobsIT Is
Everywhere
IT is mission criticalto almost allorganizations and itsimportance isincreasing
Certifications verifyyour knowledge andskills that qualifiesyou for
bull 79 of US businesses report IT is either important or very important to the success of their company
High PayndashHighGrowth Jobs
Hiring managersdemand thestrongest skill set
New Opportunities
bull Jobs in the high growth IT career field
bull Increased compensation
bull Challenging assignments and promotions
bull 60 report that being certified is an employer or job requirement
bull 31 report certification improved their career advancement opportunities
bull There is a widening IT skills gap with over 300000 jobs open
bull 88 report being certified enhanced their resume
bull Increased knowledge of new or complex technologies
bull Enhanced productivity
bull More insightful problem solving
bull Better project management and communication skills
bull 47 report being certified problem solving skills
Competence isnoticed and valuedin organizations
Certifications qualifyyou for new opportu-nities in your currentjob or when you wantto change careers
LEARN CERTIFY WORK
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
fl astindd 09292014 Page xxii
xxii Foreword
Certification Helps Your CareerThe CompTIA Advanced Security Practitioner (CASP) certifi cation designates IT professionals with advanced-level security skills and knowledge
The CASP is the first mastery level certification available from CompTIA It expands on the widely recognized path of CompTIA Security+ with almost 250000 certified Security+ professionals
Being CASP certified demonstrates technical competency in enterprise security risk management research and analysis and integration of computing communications and business disciplines
Approved by the US Department of Defense (DoD) for 4 information assurance job roles in the DoD 857001-M directive IA Technical Level III IA Manager level II and IA System Architect amp Engineer (IASAE) Levels I and II
Steps to Getting Certified
Review Exam Objectives Review the certifi cation objectives to make sure you know what is covered in the exam Visit httpcertificationcomptiaorgexamobjectivesaspx
Practice for the Exam After you have studied for the certifi cation take a free assessment and sample test to get an idea what type of questions might be on the exam Visit httpcertificationcomptiaorgsamplequestionsaspx
Purchase an Exam Voucher Purchase your exam voucher on the CompTIA Marketplace which is located at wwwcomptiastorecom
Take the Test Go to the Pearson VUE website and schedule a time to take your exam You can fi nd exam providers here httpwwwpearsonvuecomcomptia
Stay Certified Continuing Education The CASP certifi cation is valid for three years from the date of certifi cation There are a number of ways the certifi cation can be renewed For more information go to httpcertificationcomptiaorgce
How to Obtain More InformationVisit CompTIA online httpcertificationcomptiaorghomeaspx to learn more about getting CompTIA certifi ed
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
fl astindd 09292014 Page xxiii
Foreword xxiii
Contact CompTIA call 866-835-8020 and choose Option 2 or email questionscomptiaorg
Social Media
Find CompTIA on
YouTube
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
fl astindd 09292014 Page xxv
Introduction
The CASP certifi cation was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of security professionals who have 10 yearsrsquo experience in IT administration and at least 5 yearsrsquo hands-on technical experience The security professionalrsquos job is to protect the confi denti-ality integrity and availability of an organizationrsquos valuable information assets As such these individuals need to have the ability to apply critical thinking and judgment
According to CompTIA the CASP certification ldquois a vendor-neutral credentialrdquo The CASP validates ldquoadvanced-level security skills and knowledgerdquo interna-tionally There is no prerequisite but ldquoCASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical lsquohands-onrsquo focus at the enterprise levelrdquo
Many certifi cation books present material for you to memorize before the exam but this book goes a step further in that it offers best practices tips and hands-on exercises that help those in the fi eld of security better protect critical assets build defense in depth and accurately assess risk
If yoursquore preparing to take the CASP exam it is a good idea to fi nd as much information as possible about computer security practices and techniques Because this test is designed for those with years of experience you will be better prepared by having the most hands-on experience possible this study guide was written with this in mind We have included hands-on exercises real-world scenarios and review questions at the end of each chapter to give you some idea as to what the exam is like You should be able to answer at least 90 percent of the test questions in this book correctly before attempting the exam if yoursquore unable to do so reread the chapter and try the questions again Your score should improve
Before You Begin the CompTIA CASP Certification Exam
Before you begin studying for the exam itrsquos good for you to know that the CASP exam is offered by CompTIA (an industry association responsible for many certifi cations) and is granted to those who obtain a passing score on a single exam Before you begin studying for the exam learn all you can about the certifi cation
A detailed list of the CASP CAS-002 (2014 Edition) exam objectives is pre-sented in this introduction see the section ldquoThe CASP (2014 Edition) Exam Objective Maprdquo
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
xxvi Introduction
fl astindd 09292014 Page xxvi
Obtaining CASP certifi cation demonstrates that you can help your organization design and maintain system and network security services designed to secure the organizationrsquos assets By obtaining CASP certifi cation you show that you have the technical knowledge and skills required to conceptualize design and engineer secure solutions across complex enterprise environments
How to Become a CASP Certified Professional
As this book goes to press candidates can take the exam at any Pearson VUE testing cen-ter The following table contains all the necessary contact information and exam-specifi c details for registering Exam pricing might vary by country or by CompTIA membership
Vendor Website Phone Number
Pearson VUE wwwvuecomcomptia US and Canada 877-551-PLUS (7587)
Who Should Read This Book
CompTIA Advanced Security Practitioner Study Guide is designed to give you insight into the working world of IT security and describes the types of tasks and activities that a security professional with 5 to 10 years of experience carries out Organized classes and study groups are the ideal structures for obtaining and practicing with the recommended equipment
College classes training classes and bootcamps offered by SANS and others are recommended ways to gain proficiency with the tools and tech-niques discussed in the book
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
Introduction xxvii
fl astindd 09292014 Page xxvii
How This Book Is Organized
This book is organized into 10 chapters Each chapter looks at specific skills and abilities needed by a security professional The chapters appendixes and their descriptions are as follows
Chapter 1 Cryptographic Tools and Techniques Shows you where cryptographic solu-tions can be applied Cryptography can be used to secure information while in storage or in transit
Chapter 2 Comprehensive Security Solutions Shows you the importance of securing remote access and the proper placement of network security devices This chapter also addresses system virtualization
Chapter 3 Securing Virtualized Distributed and Shared Computing Presents essential enterprise security information This chapter deals with storage network infrastructure and cloud computing
Chapter 4 Host Security Provides real-world tools and techniques to defend systems against inbound threats such as viruses worms spyware and rootkits This chapter also addresses critical differences between IDS and IPS Further it shows how to confi gure basic fi rewall rules
Chapter 5 Application Security and Penetration Testing Presents knowledge needed to build secure applications and test a network from good security controls Topics like the systems development life cycle are discussed
Chapter 6 Risk Management Discusses the importance of risk management This chap-ter also reviews methods for executing and implementing risk management strategies and controls
Chapter 7 Policies Procedures and Incident Response Reviews the importance of a good policy structure This chapter also addresses the importance of preparing for incident response and disaster recovery
Chapter 8 Security Research and Analysis Explores the use of security assessment tools to evaluate the general strength of a system and penetration-testing tools to view your sys-tems as an attacker would see them
Chapter 9 Enterprise Security Integration Examines industry trends and outlines the potential impact to an enterprise
Chapter 10 Security Controls for Communication and Collaboration Examines methods to select and distinguish the appropriate security controls This chapter also covers tech-niques to protect emerging technologies
Appendix A CASP Lab Manual This is a series of hands-on labs that will help you understand the key concepts presented in this book It also includes a suggested lab setup
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice
xxviii Introduction
fl astindd 09292014 Page xxviii
Appendix B Answers to Review Questions Here yoursquoll fi nd the answers to the review questions that appear at the end of each chapter
Appendix C About the Additional Study Tools Here yoursquoll fi nd brief instructions for downloading and working effectively with this bookrsquos additional study toolsmdashfl ashcards two 50-question practice exams and a glossarymdashavailable from wwwsybexcomgocasp2e
Exam Strategy
The CASP exam is similar to other CompTIA exams in that it is computer based When you arrive at the testing center you will need to bring two forms of indentifi cation opne of which must contain a photo Itrsquos good practice to arrive at least 15 minutes early Upon signing in you will need to show your photo identifi cation Once the testing center has been confi gured you will be assigned a seat and can start the exam
You will not be allowed to bring any paper or notes into the testing center The exam is closed book You will be provided paper to write on which must be returned at the end of the exam
During the 165-minute exam time limit you will need to complete 80 questions While you should have adequate time to complete the test time management is a must
The CASP exam allows you to mark questions and return to them if you like This means that if you are not sure about a question itrsquos best to mark it move on and return to it after you have tackled the easy questions
This test is much more diffi cult than a basic exam such as Network+ or Security+ Questions on the exam are multiple choice simulation and drag and drop You should attempt to answer all questions It is better to guess an answer than leave a question blank My personal approach is to make multiple passes on the exam Unlike some other exams you can mark any question you are not sure of and return to it later On the fi rst pass answer all the questions you are sure of Sometimes this can even help with other questions You may see something in one that helps you remember a needed fact for another On the second pass work through the more diffi cult questions or the ones that you are just not sure of Take your time in reading the question because missing just one word on a ques-tion can make a big difference Again itrsquos better to guess at an answer than to leave a ques-tion blank
In the next section I will discuss some of the types of test questions you will be pre-sented with
Tips for Taking the CASP ExamCompTIA did something new with this exammdashit contains more than just standard ques-tions During the exam you may be presented with regular multiple-choice