eBook - ePub
Microsoft Windows Security Essentials
Darril Gibson
This is a test
Buch teilen
- English
- ePUB (handyfreundlich)
- Ăber iOS und Android verfĂŒgbar
eBook - ePub
Microsoft Windows Security Essentials
Darril Gibson
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Ăber dieses Buch
Windows security concepts and technologies for IT beginners
IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built.
This straightforward guide begins each chapter by laying out a list of topics to be discussed, followed by a concise discussion of the core networking skills you need to have to gain a strong handle on the subject matter. Chapters conclude with review questions and suggested labs so you can measure your level of understanding of the chapter's content.
- Serves as an ideal resource for gaining a solid understanding of fundamental security concepts and skills
- Offers a straightforward and direct approach to security basics and covers anti-malware software products, firewalls, network topologies and devices, network ports, and more
- Reviews all the topics you need to know for taking the MTA 98-367 exam
- Provides an overview of security components, looks at securing access with permissions, addresses audit policies and network auditing, and examines protecting clients and servers
If you're new to IT and interested in entering the IT workforce, then Microsoft Windows Security Essentials is essential reading.
HĂ€ufig gestellte Fragen
Wie kann ich mein Abo kĂŒndigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf âAbo kĂŒndigenâ â ganz einfach. Nachdem du gekĂŒndigt hast, bleibt deine Mitgliedschaft fĂŒr den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich BĂŒcher herunterladen?
Derzeit stehen all unsere auf MobilgerĂ€te reagierenden ePub-BĂŒcher zum Download ĂŒber die App zur VerfĂŒgung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die ĂŒbrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den AboplÀnen?
Mit beiden AboplÀnen erhÀltst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst fĂŒr LehrbĂŒcher, bei dem du fĂŒr weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhĂ€ltst. Mit ĂŒber 1 Million BĂŒchern zu ĂŒber 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
UnterstĂŒtzt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nÀchsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Microsoft Windows Security Essentials als Online-PDF/ePub verfĂŒgbar?
Ja, du hast Zugang zu Microsoft Windows Security Essentials von Darril Gibson im PDF- und/oder ePub-Format sowie zu anderen beliebten BĂŒchern aus Computer Science & Cyber Security. Aus unserem Katalog stehen dir ĂŒber 1Â Million BĂŒcher zur VerfĂŒgung.
Information
Chapter 1
Understanding Core Security Principles
Every computer presents a certain level of risk. You canât eliminate risk unless you simply never turn on the computer. However, you can manage risk. You start by understanding what risk is and understanding that risk mitigation is accomplished by reducing vulnerabilities.
Several core security principles guide the protection of information technology (IT) systems and data. When you understand these core security principles, itâs easier to grasp the reasoning behind many of the security practices.
Most security principles can be traced back to the security triad (also called the AIC or CIA triad). The security triad mandates protection against the loss of confidentiality, the loss of integrity, and the loss of availability of IT systems and data. Other principles include defense-in-depth and the principle of least privilege. Administrators harden, or secure, IT systems by attempting to configure them more securely than the default configuration and reduce vulnerabilities. This chapter covers all of these topics in the following sections:
- Understanding risk
- Exploring the security triad
- Implementing a defense-in-depth security strategy
- Enforcing the principle of least privilege
- Hardening a server
Understanding Risk
Risk is unavoidable. You canât eliminate it. However, itâs possible to minimize risk by first understanding it and then taking steps to mitigate it.
Minimizing risk is also known as risk mitigation.
For example, every time you step into a street, you run the risk of being hit by a car. The real threat of a car colliding with your body, and your bodyâs vulnerability to this collision, convinces you to take steps to reduce the risk. Unless youâre Superman, you canât stop the threat. If the car is coming, itâs coming. But you can minimize the risk by using crosswalks and looking for approaching cars before stepping into the street.
Similarly, risks are reduced in IT networks by taking steps to reduce the vulnerabilities. Consider Figure 1-1. Risk occurs when threats exploit vulnerabilities. In an IT environment, threats are any events that can result in the loss of confidentiality, integrity, or availability of IT systems or data. Threats can be man-made or natural.
The next section explains the concepts of confidentiality, integrity, and availability in more depth.
Figure 1-1: Threats exploit vulnerabilities, creating risk.
NISTâs Definition of Risk
The National Institute of Standards and Technology (NIST) is a U.S. agency that includes the Information Technology Laboratory (ITL). The ITL regularly conducts research and publishes papers on behalf of NIST.
Much of NISTâs research focuses on what the U.S. government can do to improve security for its IT systems and data. However, these papers are publically available, and many non-government organizations adopt the techniques and methodologies.
NISTâs Special Publication 800-30 (SP 800-30) is titled âRisk Management Guide for Information Technology Systems.â The definition of risk in SP 800-30 is as follows: âRisk is a function of the likelihood of a given threat-sourceâs exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.â Although you donât need to memorize this quote, itâs worth noting that it does add more depth than just Risk occurs when a threat exploits a vulnerability.
Risk management is a complex topic that includes multiple facets. At this stage of your study, you donât need to master all the different topics of risk management, but you should be aware that much more detail is available. If the topic appeals to you, you can use the Microsoft Technology Associate Security Fundamentals certification as a springboard to more advanced security certifications such as ISC(2)s Certified Information Systems Security Professional (CISSP) certification.
Man-made threats are any threats from people. These can be intentional threats such as attacks or malware distribution. Intentional threats can also include the access, modification, or deletion of data. Other threats include theft, fire, and vandalism. Man-made threats can also be unintentional, such as the accidental deletion of data. Natural threats include weather events such as hurricanes, floods, tornadoes, and lightning. Environmental threats include long-term power failures or the inadvertent release of hazardous chemicals.
An important point to keep in mind is that you canât stop threats. If someone wants to write malicious software, you canât prevent it. If Mother Nature wants to create a tornado, itâs coming. However, you can reduce risks by reducing vulnerabilities.
Vulnerabilities are weaknesses. These can be inherent weaknesses in your software or hardware, such as bugs in the code or faulty power supplies. They can be weaknesses in procedures that allow users to give up valuable data to social engineers. They can be weaknesses in security configurations, such as when unneeded services or protocols are left running on a system. They can be weaknesses in physical security that allow unauthorized personnel access to servers or network devices.
Reducing vulnerabilities is the core of risk management in an IT environment. Every step you take to reduce weaknesses reduces your risks. The following list identifies some common techniques you can use to reduce weaknesses. Donât worry if you donât understand them all right nowâtheyâre covered in more depth th...