Discover millions of ebooks, audiobooks, and so much more with a free trial

Only $11.99/month after trial. Cancel anytime.

CISSP in 21 Days - Second Edition
CISSP in 21 Days - Second Edition
CISSP in 21 Days - Second Edition
Ebook777 pages8 hours

CISSP in 21 Days - Second Edition

Rating: 3 out of 5 stars

3/5

()

Read preview

About this ebook

About This Book
  • Day-by-day plan to study and assimilate core concepts from CISSP CBK
  • Revise and take a mock test at the end of every four chapters
  • A systematic study and revision of myriad concepts to help you crack the CISSP examination
Who This Book Is For

If you are a networking professional aspiring to take the CISSP examination and obtain the coveted CISSP certification (considered to be the Gold Standard in Information Security personal certification), then this book for you. This book assumes that you already have sufficient knowledge in all 10 domains of the CISSP CBK by way of work experience and knowledge gained from other study books.

LanguageEnglish
Release dateJun 30, 2016
ISBN9781785880704
CISSP in 21 Days - Second Edition
Author

M. L. Srinivasan

Popularly known as MLS, the author is an Information Technology and Information Security professional and has about 18 years experience in various domains of IT such as Software Programming, Hardware Troubleshooting, Networking Technologies, Systems Administration, Security Administration; Information Security-related consulting, audit and training. MLS has been an avid trainer through out his career and has developed many short-term and long-term training programs. One such program is "Certified Vulnerability Assessor (cVa)", which is accredited by a leading ISO certifying agency. He's a prolific speaker and trainer and has presented many papers related to Network Security in International conventions and conferences. He was the Technical Director of Secure Matrix, an India-based company that provides security consulting and audits. During his tenure in the last four years, he led the team of consultants to implement many ISO 27001-certification projects across India, the Middle East, and Africa. He is a specialist IT and IS auditor with Det Norske Veritas (DNV), India region. He has performed many quality and information security audits to hundreds of medium and large organizations in the past 10 years. He is at present the Chairman and CEO of ChennaiNet, a technology company focused on IT and IS-related product development, services, and training.

Related to CISSP in 21 Days - Second Edition

Related ebooks

Security For You

View More

Related articles

Reviews for CISSP in 21 Days - Second Edition

Rating: 3 out of 5 stars
3/5

1 rating1 review

What did you think?

Tap to rate

Review must be at least 10 words

  • Rating: 3 out of 5 stars
    3/5
    I didn't like the structure of the book, the only thing is that it puts a day by day progress that kind of help with precise steps.

Book preview

CISSP in 21 Days - Second Edition - M. L. Srinivasan

Table of Contents

CISSP in 21 Days Second Edition

Credits

About the Author

About the Reviewer

www.PacktPub.com

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the color images of this book 

Errata

Piracy

Questions

1. Day 1 – Security and Risk Management - Security, Compliance, and Policies

Overview of security, compliance, and policies

Asset

Asset protection

Confidentiality, Integrity, and Availability (CIA)

Confidentiality

Integrity

Availability

Security governance

Strategy, goals, mission, and objectives

Organizational processes

Security roles and responsibilities

Control frameworks

Management controls

Administrative controls

Technical controls

Due diligence and due care

Compliance

Legislative and regulatory compliance

Privacy requirements in compliance

Licensing and intellectual property

Legal and regulatory issues

Computer crimes

Fraud

Theft

Malware/malicious code

Cyber crime

Importing and exporting controls

Transborder data flow

Data breaches

Professional ethics

Codes of ethics

(ISC)2 code of professional ethics

Security policies, standards, procedures, and guidelines

Personnel security policies

Employment candidate screening

Employment agreement and policies

Employment termination processes

Vendor, consultant, and contractor controls

Compliance and privacy

Summary

Sample questions

2. Day 2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education

Overview of risk management, business continuity, and security education

Risk management

Threats, vulnerabilities, and attacks

Threat risk modeling

Threat and vulnerability analysis

Attack analysis

Risk analysis

Quantitative risk analysis

Qualitative risk analysis

Risk treatment

Business continuity management

The Business Continuity Planning (BCP) process

BCP best practices

Security risk considerations in acquisitions, strategy, and practice

Information security education, training, and awareness

Summary

Sample questions

3. Day 3 – Asset Security - Information and Asset Classification

Overview of asset security - information and asset classification

Asset classification and control

Classification types in government

The United States information classification

Classification types in corporations

Data privacy

Data owners

Data processors

Data remanence

Data collection limitations

Data retention

Data in media

Data in hardware

Data with personnel

Summary

Sample questions

4. Day 4 – Asset Security - Data Security Controls and Handling

Overview of asset security - data security controls and handling

Data security controls

Data security requirements

Payment Card Industry Data Security Standard (PCI DSS)

Sarbanes-Oxley Act (SOX)

Gramm-Leach-Bliley Act (GLBA)

EU Data Protection Act (DPA)

Data Loss Prevention (DLP)

Data in motion

Data at rest

Data in use

Data Loss Prevention strategies

DLP controls

Cryptographic methods to secure data

Encryption

Hashing

Digital signatures

Data handling requirements

Handling sensitive information

Summary

Sample questions

5. Day 5 – Exam Cram and Practice Questions

An overview of exam cram and practice questions

CISSP CBK domain #1 – security and risk management

CISSP CBK domain #2 – asset security

Sample questions

References and further reading

Summary

6. Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation

An overview of security design, practices, models, and vulnerability mitigation

Secure design principles

The computer architecture

Computer system

Trusted computing

Assurance

Common Criteria

Certification and accreditation

DITSCAP

NIACAP

DIACAP

Security engineering practices

Information security models

Take-grant model

Bell-LaPadula model

Biba model

Clark-Wilson model

Vulnerability assessment and mitigation

Vulnerability assessment

Penetration testing

Vulnerability assessment and the penetration testing process

CVE and CVSS

Summary

Sample questions

7. Day 7 – Security Engineering - Cryptography

An overview of cryptography

The fundamentals of cryptography

The methods of encryption

The cryptographic process

Cryptographic algorithms

The cryptographic method

Types of encryption

Symmetric key encryption

The operation modes of block ciphers

Asymmetric key encryption

Hashing

The key length and security

The summary of encryption types

Applications and the use of cryptography

Public Key Infrastructure (PKI)

Secure messaging

Message digest

Digital signature

The digital certificate

Key management techniques

Key management procedures

Type of keys

Key management best practices

Key states

Key management phases

Cryptanalytic attacks

The methods of cryptanalytic attacks

Cryptographic standards

Wireless cryptographic standards

The Federal Information Processing Standard

Summary

Sample questions

8. Day 8 – Communication and Network Security - Network Security

An overview of communication and network security

Network architecture, protocols, and technologies

Layered architecture

Open System Interconnect (OSI) model

Transmission Control Protocol / Internet Protocol (TCP/IP)

OSI layers and security

Application layer protocols and security

Domain Name System (DNS)

Threats, attacks, and countermeasures

Dynamic Host Configuration Protocol (DHCP)

Threats, vulnerabilities, attacks, and countermeasures

Hyper Text Transfer Protocol (HTTP)

Threats, vulnerabilities, attacks, and countermeasures

FTP and TELNET

Threats, vulnerabilities, attacks, and countermeasures

Post Office Protocol (POP3) and Internet Message Access Protocol (IMAP)

Threats, vulnerabilities, attacks, and countermeasures

Simple Network Management Protocol (SNMP)

Threats, vulnerabilities, attacks, and countermeasures

Presentation layer protocols and security

Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

Threats, vulnerabilities, attacks, and countermeasures

Session layer protocols and security

Threats, vulnerabilities, attacks, and countermeasures

Summary

Sample questions

9. Day 9 – Communication and Network Security - Communication Security

An overview of communication security

Transport layer protocols and security

Transmission Control Protocol (TCP)

Threats, vulnerabilities, attacks, and countermeasures

User Datagram Protocol (UDP)

Threats, vulnerabilities, attacks, and countermeasures

Internet Control Message Protocol (ICMP)

Threats, vulnerabilities, attacks, and countermeasures

Other protocols in the transport layer

The network layer protocols and security

Internet Protocol (IP)

Threats, vulnerabilities, attacks, and countermeasures

IPsec protocols

Threats, vulnerabilities, attacks, and countermeasures

Data link layer protocols and security

Link layer protocols

Address Resolution Protocol (ARP)

Threats, vulnerabilities, attacks, and countermeasures

Border Gateway Protocol

Threats, vulnerabilities, attacks, and countermeasures

Ethernet

Threats, vulnerabilities, attacks, and countermeasures

The physical layer and security

Security in communication channels

Security requirements in voice, multimedia, remote access, data communications, and virtualized networks

Attacks on communication networks

Preventing or mitigating communication network attacks

Security controls in communication networks

Summary

Sample questions

10. Day 10 – Exam Cram and Practice Questions

An overview of exam cram and practice questions

The exam cram

CISSP CBK Domain #3 –€“ security engineering

CISSP CBK Domain #4 –€ communication and network security

Sample questions

References and further reading

Summary

11. Day 11 – Identity and Access Management - Identity Management

An overview of identity and access management

Physical and logical access to assets

Identity management principles and implementation

Identity as a service

Security concerns

Third-party identity services

Summary

Sample questions

12. Day 12 – Identity and Access Management - Access Management, Provisioning, and Attacks

An overview of access management

Access management concepts, methodologies, and techniques

Basic concepts

Access control models

Discretionary access control

Non-discretionary access control

Authentication and authorization

Authorization

Identity and provisioning life cycle

Access control attacks and countermeasures

Port scanning and compromise

Hijacking

Malicious codes

Password attacks

Vulnerability compromises

Accountability

Summary

Sample questions

13. Day 13 – Security Assessment and Testing - Designing, Performing Security Assessment, and Tests

An overview of security assessment and testing

Security assessment and test strategies

Designing and validating assessment and testing strategies

Security controls

Conduct security control testing

Vulnerability assessments

Penetration testing

Black box testing

White box testing

Grey box testing

Log reviews

Synthetic transactions

Stress tests

Denial-of-Service tests

Load tests

Concurrency tests

Latency test

Code review and testing

Manual code review

Dynamic code review

Static code review

Fuzz code review

Misuse case testing

Test coverage analysis

Interface testing

The API

The UI

Physical

The effectiveness of controls

Summary

Sample questions

14. Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting

An overview of controlling, analyzing, auditing, and reporting security test data

A collection of security process data

The control of security process data

The protection and control of system test data

Audit logging

System logs

Administrator and operator logs

Fault logging

Key performance and risk indicators

Disaster recovery and business continuity

Analyzing security process data

False positives

False negatives

The effectiveness of a security control

Internal and third-party security audits

Internal audits

Third-party audits

Information system audit controls

Reporting test and audit outputs

Summary

Sample questions

15. Day 15 – Exam Cram and Practice Questions

An overview of exam cram and practice questions

Exam cram

CISSP CBK Domain #5 – identity and access management

CISSP CBK Domain #6 – security assessment and testing

Mock test

References and further reading

Summary

16. Day 16 – Security Operations - Foundational Concepts

An overview of operations security

The physical security design

Physical facility

Geographic operating location

Supporting facilities

Physical and operations security controls

Threats, vulnerabilities, and countermeasures for physical and operations security

Common threats

Common vulnerabilities

Designing physical and operations security controls

Perimeter security

Interior security

Unauthorized intrusions

Motion detectors

Fire

Fire classes

Fire detectors

Fire suppression mediums

Water sprinklers

Gas dischargers

Electrical power

Operations/facility security

Auditing

Audit trail

Emergency procedures

Startup and shutdown procedures

Evacuation procedures

Training and awareness

Protecting and securing equipment

Equipment security

Media security

Computer investigations

Summary

Sample questions

17. Day 17 – Security Operations - Incident Management and Disaster Recovery

Incident management and reporting

The examples of incidents

Incident management objective and goals

Incident management controls

Intrusion detection systems

Vulnerability assessment and penetration testing

Patch management

Configuration management

Business Continuity Planning (BCP)

BCP goals and objectives

BCP process

BCP best practices

Disaster Recovery Planning (DRP)

Goals and objectives

Components of disaster recovery planning

Recovery teams

Recovery sites

Business resumption from alternative sites

A reciprocal agreement

Subscription services

Backup terminologies

Testing procedures

Summary

Sample questions

18. Day 18 – Software Development Security - Security in Software Development Life Cycle

An overview of software development security

Systems engineering

Initiation phase

Development/acquisition phase

Implementation phase

Operation/maintenance phase

Disposal phase

Software development life cycle

Software development models

Simplistic model

Waterfall model

Complex models

Incremental model

Spiral model

Agile framework

Security in software development

Security controls in software development

Separation of development, test, and operational facilities

Change control processes and procedures

Vendor-supplied software packages

Avoiding covert channels

Summary

Sample questions

19. Day 19 – Software Development Security - Assessing effectiveness of Software Security

Overview

Security in information technology systems

Object-oriented systems

Object-oriented programming (OOP)

The security in object-oriented software

Artificial Intelligence (AI) systems

Database systems

Threats and vulnerabilities to application systems

Web application security

Common web application vulnerabilities

Security impact analysis

Monitoring and testing activities

Summary

Sample questions

20. Day 20 – Exam Cram and Practice Questions

Overview of exam cram and practice questions

Exam cram

CISSP CBK Domain #7 –€ security operations

CISSP CBK Domain #8 –€ software development security

References and further reading

Summary

Sample questions

21. Day 21 – Exam Cram and Mock Test

An overview of the exam cram and mock test

Exam cram

Summary

Mock test

References and further reading

CISSP in 21 Days Second Edition


CISSP in 21 Days Second Edition

Copyright © 2016 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: December 2008

Second edition: June 2016

Production reference: 1240616

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham 

B3 2PB, UK.

ISBN 978-1-78588-449-8

www.packtpub.com

Credits

About the Author

M. L. Srinivasan is the founder and CEO of ChennaiNet, an India-based technology company focused on information technology and information security-related product development, services, and training. He's a Certified Information System Security Professional (CISSP) and Certified Information Security Management System Lead Auditor.

Popularly known as MLS, the author is an information technology and information security professional and has about 25 years' experience in various IT domains, such as software programming, hardware troubleshooting, networking technologies, systems administration, security administration, information security-related consulting, auditing and training.

He has been an avid trainer throughout his career and has developed many short-term and long-term training programs. He has been invited to speak at many international conferences and seminars on information security. Currently he is associated with NIIT Technologies (USA), and CA Technologies (USA) as a senior instructor covering various product-based training on CA identity manager, CA SiteMinder (Single Sign-On), CA ControlMinder (AccessControl), CA Federation Manager, and CA DataMinder products.

He was a specialist IT and IS auditor with Det Norske Veritas (DNV), India region. He has performed many quality and information security audits for hundreds of medium and large organizations in the past.

About the Reviewer

John Schreiner is a Major in the United States Marine Corps and a networking and security instructor. He serves as a Company Commander, responsible for training Marines on the East Coast on the latest commercial technologies (Cisco, Microsoft, Riverbed, Harris, and so on.). John brings experience teaching CISSP, Security+, and CCNA: Security.

John holds a CISSP, CCNA: Security, CCNP, CCDP, WCNA, and various other certifications. He also blogs at http://www.unadulteratednerdery.com/. In addition to this title, John was the technical reviewer for Cisco Unified Communications Manager 8: Expert Administration Cookbook, Tanner Ezell, Packt Publishing.

I'd like to thank my amazing wife, Jacki, whose steadfast support and embrace of my nerdy endeavors are a constant reminder that she’s the best thing that has ever happened to me.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Free access for Packt account holders

If you have an account with Packt at www.packtpub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.

To my Father who is the guiding force for everything I do

Preface

Certified Information System Security Professional (CISSP) is a coveted certification for an information security professional to achieve. Certified individuals are considered experienced and knowledgeable information security professionals. This is due to the fact that the certification's requirements are that the candidate not only has to pass the exam, but have 4 to 5 years of relevant practical experience in one or two domains of information security.

The exam is conducted by the International Information System Security Certification Consortium (ISC)²®, a nonprofit consortium that is the globally recognized Gold Standard for certifying information security professionals throughout their careers. (ISC)²® was founded in 1989 by industry leaders and has certified over 1,00,000 information security professionals across the globe.

While preparing for CISSP™, a candidate has to study many books and references. There are many books that cover the CISSP™ CBK™ domains in depth and provide a starting point for a thorough preparation for the exam. References to such books are covered in the references chapter at the end of this book. However, since there are many concepts spread across the eight security domains, it is an important starting point as a guide to explore deeper concepts, as well as refresh many concepts that need to be revised before the exam. This book addresses the requirements of the initial preparation for the exam, as well as revisiting the key concepts in these eight domains. To facilitate such a need core concept, the eight CISSP information security domains are explained in a short, simple, and lucid form.

What this book covers

Chapter 1, Day 1 – Security and Risk Management - Security, Compliance, and Policies, covers the foundational concepts in information security, such as Confidentiality, Integrity, and Availability (CIA) from the first domain of CISSP Common Body of Knowledge (CBK)®.

Chapter 2, Day2 – Security and Risk Management - Risk Management, Business Continuity, and Security Education, covers risk management practices that include the identification of risks through risk analysis and assessment, and mitigation techniques such as reduction, moving, transferring, and avoiding risks. An overview of business continuity requirements, developing and documenting project scopes and plans, and conducting business impact analyses is provided. Further more policies and practices pertaining to personnel security are covered.

Chapter 3, Day 3 – Asset Security - Information and Asset Classification, covers the classification of information and supporting assets; the collection of information, its handling and protection throughout its lifecycle, and ownership of information and its privacy; and data retention requirements and methods.

Chapter 4, Day 4 – Asset Security - Data Security Controls and Handling, covers data security controls that include Data Loss Prevention strategies, such as data at rest, data in transit, data in use, and data handling requirements for sensitive information.

Chapter 5, Day 5 – Exam Cram and Practice Questions, covers important concepts and information from the first two domains of the CISSP CBK, namely Security and Risk Management and Asset Security. They are provided in an exam-cram format for fast review and serve to reinforce of the two domains covered in the previous four chapters.

Chapter 6, Day 6 – Security Engineering - Security Design, Practices, Models, and Vulnerability Mitigation, covers concepts for using secure design principles while implementing and managing engineering processes. Information security models and system security evaluation models with controls and countermeasures, and security capabilities in information systems, are also covered. Also, vulnerability assessment and mitigation strategies in information systems, web-based systems, mobile systems, and embedded and cyber-physical systems are covered in detail.

Chapter 7, Day 7 – Security Engineering - Cryptography, covers the application of cryptography in information security requirements. Various concepts such as the cryptographic life cycle, types of cryptography, public key infrastructure, and so on are covered with illustrations. The methods of cryptanalytic attack are covered in detail with suitable examples.

Chapter 8, Day 8 – Communication and Network Security - Network Security, covers foundational concepts in network architecture and network security. IP and non-IP protocols, and their applications and vulnerabilities, are covered in detail, along with wireless networks and their security requirements. Application of cryptography in communication security, with illustrations and concepts related to securing network components.

Chapter 9, Day 9 – Communication and Network Security - Communication Security, covers communication channels such as voice, multimedia, remote access, data communications, virtualized networks, and so on, and their security requirements. Preventing or mitigating network attacks is also covered, with illustrations.

Chapter 10, Day 10 – Exam Cram and Practice Questions, covers important concepts and information from the third and fourth domains of the CISSP CBK, namely security engineering and communication and network security. They are provided in an exam cram format for fast review and serve to reinforce the two domains covered in the previous four chapters.

Chapter 11, Day 11 – Identity and Access Management - Identity Management, covers provisioning and managing the identities and the access used in the interaction between humans and information systems. Core concepts of identification, authentication, authorization, and accountability, are covered in detail. Concepts related to identity as a service or cloud-based third-party identity services are covered, as well as security requirements in such services, with illustrations.

Chapter 12, Day 12 – Identity and Access Management  -  Access Management, Provisioning, and Attacks, focuses on access control concepts, methods, attacks, and countermeasures in detail.

Chapter 13, Day 13 – Security Assessment and Testing - Designing and Performing Security Assessment and Tests, covers tools, methods, and techniques for identifying and mitigating risks due to architectural issues using systematic security assessment and testing of information assets and associated infrastructure. Security control requirements and their effectiveness assessment are also covered.

Chapter 14, Day 14 – Security Assessment and Testing - Controlling, Analyzing, Auditing, and Reporting, covers management and operational controls pertaining to security process data. Analyzing and reporting test outputs, either automated or through manual methods, and conducting or facilitating internal and third-party audits, are covered in detail.

Chapter 15, Day 15 – Exam Cram and Practice Questions, covers important concepts and information from the fifth and sixth domains of the CISSP CBK, namely Identity and Access Management and security assessment and testing. They are provided in an exam cram format for fast review and serve to reinforce the two domains covered in the previous four chapters.

Chapter 16, Day 16 – Security Operations - Foundational Concepts, covers physical security strategies that include secure facility and website design, data center security, hazards, and media storage. Concepts on logging and monitoring activities, investigations, security in the provision of resources, operations security, and resource protection techniques are covered in detail.

Chapter 17, Day 17 – Security Operations - Incident Management and Disaster Recovery, covers incident management, disaster recovery, and business continuity-related concepts that pertains to security operations.

Chapter 18, Day 18 – Software Development Security - Security in Software Development Life Cycle, covers the application of security concepts and the best practices for the production and development of software environments. Security in the software development life cycle is also covered in detail.

Chapter 19, Day 19 – Software Development Security - Assessing Effectiveness of Software Security, covers assurance requirements in software and ways to assess the effectiveness of software security. It also covers the different methods and techniques to assess the security impact of acquired software.

Chapter 20, Day 20 – Exam Cram and Practice Questions, covers important concepts and information from the seventh and eighth domains of the CISSP CBK®, namely security operations and software development security. They are provided in an exam cram format for fast review and serve to reinforce the two domains covered in the previous four chapters.

Chapter 21, Day 21 – Exam Cram and Mock Test, consists of an exam cram from all the eight domains in CISSP CBK®.

What you need for this book

There are no software/hardware requirements for this quick reference and revision guide. You only need to build your confidence with the systematic study and revision of the concepts in the information security domain to crack the CISSP examination.

Who this book is for

This book is for all aspirants who are planning to take the CISSP examination and obtain the coveted CISSP certification that is considered the Gold Standard in Information Security personal certification.

It assumes that the candidate already has sufficient knowledge in all the eight domains of the CISSP CBK by way of work experience and knowledge gained from other study books. This book provides concise explanations of the core concepts that are covered in the exam.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: In a three-way handshake, first the client (workstation) sends a request to the server (for example, www.some_website.com).

New terms and important words are shown in bold. 

Note

Warnings or important notes appear in a box like this.

Tip

Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail feedback@packtpub.com, and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the color images of this book 

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from http://www.packtpub.com/sites/default/files/downloads/CISSPin21DaysSecondEdition_ColorImages.pdf.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and

Enjoying the preview?
Page 1 of 1