CompTIA Security+ Guide to Network Security Fundamentals 5th Edition

Book Preface

The number one concern of computer professionals today continues to be information security, and with good reason. Consider the evidence: a computer cluster for cracking passwords can generate 350 billion password guesses per second and could break any eight-character password in a maximum of 5.5 hours. Internet web servers must resist thousands of attacks every day, and an unprotected computer connected to the Internet can be infected in fewer than 60 seconds. From 2005 through early 2014, more than 666 million electronic data records in the U.S. had been breached, exposing to attackers a range of personal electronic data, such as address, Social Security numbers, health records, and credit card numbers.i Attackers who penetrated the network of a credit card processing company that handles prepaid debit cards manipulated the balances and limits on just five prepaid cards. These cards were then used to withdraw almost $5 million cash from automated teller machines (ATMs) in one month.

As attacks continue to escalate, the need for trained security personnel also increases. According to the U.S. Bureau of Labor Statistics (BLS) “Occupational Outlook Handbook,” the job outlook for information security analysts through the end of the decade is expected to grow by 22 percent, faster than the average growth rate. The increase in employment will add 65,700 positions to the more than 300,000 already in this field.ii And unlike some information technology (IT) positions, security is rarely offshored or outsourced: because security is such a critical element in an organization, security positions generally remain within the organization. In addition, security jobs typically do not involve “on-the-job training” where employees can learn as they go; the risk is simply too great. IT employers want and pay a premium for certified security personnel.

To verify security competency, a vast majority of organizations use the Computing Technology Industry Association (CompTIA) Security+ certification, a vendor-neutral credential. Security+ is one of the most widely recognized security certifications and has become the security foundation for today’s IT professionals. It is internationally recognized as validating a foundation level of security skills and knowledge. A successful Security+ candidate has the knowledge and skills required to identify risks and participate in risk mitigation activities; provide infrastructure, application, operational, and information security; apply security controls to maintain confidentiality, integrity, and availability; identify appropriate technologies and products; troubleshoot security events and incidents; and operate with an awareness of applicable policies, laws, and regulations.

CompTIA® Security+ Guide to Network Security Fundamentals, Fifth Edition is designed to equip learners with the knowledge and skills needed to be secure IT professionals. Yet it is more than merely an “exam prep” book. While teaching the fundamentals of information security by using the CompTIA Security+ exam objectives as its framework, it takes an in-depth and comprehensive view of security by examining the attacks that are launched against networks and computer systems, the necessary defense mechanisms, and even offers end-user practical tools, tips, and techniques to counter attackers. CompTIA® Security+ Guide to Network Security Fundamentals, Fifth Edition is a valuable tool for those who want to learn about security and who desire to enter the field of information security by providing the foundation that will help prepare for the CompTIA Security+ certification exam.