eBook - ePub
Microsoft Windows Security Essentials
Darril Gibson
This is a test
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
eBook - ePub
Microsoft Windows Security Essentials
Darril Gibson
DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations
Ă propos de ce livre
Windows security concepts and technologies for IT beginners
IT security can be a complex topic, especially for those new to the field of IT. This full-color book, with a focus on the Microsoft Technology Associate (MTA) program, offers a clear and easy-to-understand approach to Windows security risks and attacks for newcomers to the world of IT. By paring down to just the essentials, beginners gain a solid foundation of security concepts upon which more advanced topics and technologies can be built.
This straightforward guide begins each chapter by laying out a list of topics to be discussed, followed by a concise discussion of the core networking skills you need to have to gain a strong handle on the subject matter. Chapters conclude with review questions and suggested labs so you can measure your level of understanding of the chapter's content.
- Serves as an ideal resource for gaining a solid understanding of fundamental security concepts and skills
- Offers a straightforward and direct approach to security basics and covers anti-malware software products, firewalls, network topologies and devices, network ports, and more
- Reviews all the topics you need to know for taking the MTA 98-367 exam
- Provides an overview of security components, looks at securing access with permissions, addresses audit policies and network auditing, and examines protecting clients and servers
If you're new to IT and interested in entering the IT workforce, then Microsoft Windows Security Essentials is essential reading.
Foire aux questions
Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier lâabonnement ». Câest aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via lâapplication. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă la bibliothĂšque et Ă toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode dâabonnement : avec lâabonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă 12 mois dâabonnement mensuel.
Quâest-ce que Perlego ?
Nous sommes un service dâabonnement Ă des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă toute une bibliothĂšque pour un prix infĂ©rieur Ă celui dâun seul livre par mois. Avec plus dâun million de livres sur plus de 1 000 sujets, nous avons ce quâil vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Ăcouter sur votre prochain livre pour voir si vous pouvez lâĂ©couter. Lâoutil Ăcouter lit le texte Ă haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, lâaccĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Microsoft Windows Security Essentials est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă Microsoft Windows Security Essentials par Darril Gibson en format PDF et/ou ePUB ainsi quâĂ dâautres livres populaires dans Computer Science et Cyber Security. Nous disposons de plus dâun million dâouvrages Ă dĂ©couvrir dans notre catalogue.
Informations
Chapter 1
Understanding Core Security Principles
Every computer presents a certain level of risk. You canât eliminate risk unless you simply never turn on the computer. However, you can manage risk. You start by understanding what risk is and understanding that risk mitigation is accomplished by reducing vulnerabilities.
Several core security principles guide the protection of information technology (IT) systems and data. When you understand these core security principles, itâs easier to grasp the reasoning behind many of the security practices.
Most security principles can be traced back to the security triad (also called the AIC or CIA triad). The security triad mandates protection against the loss of confidentiality, the loss of integrity, and the loss of availability of IT systems and data. Other principles include defense-in-depth and the principle of least privilege. Administrators harden, or secure, IT systems by attempting to configure them more securely than the default configuration and reduce vulnerabilities. This chapter covers all of these topics in the following sections:
- Understanding risk
- Exploring the security triad
- Implementing a defense-in-depth security strategy
- Enforcing the principle of least privilege
- Hardening a server
Understanding Risk
Risk is unavoidable. You canât eliminate it. However, itâs possible to minimize risk by first understanding it and then taking steps to mitigate it.
Minimizing risk is also known as risk mitigation.
For example, every time you step into a street, you run the risk of being hit by a car. The real threat of a car colliding with your body, and your bodyâs vulnerability to this collision, convinces you to take steps to reduce the risk. Unless youâre Superman, you canât stop the threat. If the car is coming, itâs coming. But you can minimize the risk by using crosswalks and looking for approaching cars before stepping into the street.
Similarly, risks are reduced in IT networks by taking steps to reduce the vulnerabilities. Consider Figure 1-1. Risk occurs when threats exploit vulnerabilities. In an IT environment, threats are any events that can result in the loss of confidentiality, integrity, or availability of IT systems or data. Threats can be man-made or natural.
The next section explains the concepts of confidentiality, integrity, and availability in more depth.
Figure 1-1: Threats exploit vulnerabilities, creating risk.
NISTâs Definition of Risk
The National Institute of Standards and Technology (NIST) is a U.S. agency that includes the Information Technology Laboratory (ITL). The ITL regularly conducts research and publishes papers on behalf of NIST.
Much of NISTâs research focuses on what the U.S. government can do to improve security for its IT systems and data. However, these papers are publically available, and many non-government organizations adopt the techniques and methodologies.
NISTâs Special Publication 800-30 (SP 800-30) is titled âRisk Management Guide for Information Technology Systems.â The definition of risk in SP 800-30 is as follows: âRisk is a function of the likelihood of a given threat-sourceâs exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.â Although you donât need to memorize this quote, itâs worth noting that it does add more depth than just Risk occurs when a threat exploits a vulnerability.
Risk management is a complex topic that includes multiple facets. At this stage of your study, you donât need to master all the different topics of risk management, but you should be aware that much more detail is available. If the topic appeals to you, you can use the Microsoft Technology Associate Security Fundamentals certification as a springboard to more advanced security certifications such as ISC(2)s Certified Information Systems Security Professional (CISSP) certification.
Man-made threats are any threats from people. These can be intentional threats such as attacks or malware distribution. Intentional threats can also include the access, modification, or deletion of data. Other threats include theft, fire, and vandalism. Man-made threats can also be unintentional, such as the accidental deletion of data. Natural threats include weather events such as hurricanes, floods, tornadoes, and lightning. Environmental threats include long-term power failures or the inadvertent release of hazardous chemicals.
An important point to keep in mind is that you canât stop threats. If someone wants to write malicious software, you canât prevent it. If Mother Nature wants to create a tornado, itâs coming. However, you can reduce risks by reducing vulnerabilities.
Vulnerabilities are weaknesses. These can be inherent weaknesses in your software or hardware, such as bugs in the code or faulty power supplies. They can be weaknesses in procedures that allow users to give up valuable data to social engineers. They can be weaknesses in security configurations, such as when unneeded services or protocols are left running on a system. They can be weaknesses in physical security that allow unauthorized personnel access to servers or network devices.
Reducing vulnerabilities is the core of risk management in an IT environment. Every step you take to reduce weaknesses reduces your risks. The following list identifies some common techniques you can use to reduce weaknesses. Donât worry if you donât understand them all right nowâtheyâre covered in more depth th...