Datasheet
1062
Getting an A+
Data classification is assigned to the information based on the value of the
information to the organization. Each classification level is designed to indi-
cate whether the information is to be kept private or is available for public
release. The following are examples of classification levels:
✦ Top secret, secret, and unclassified
✦ Confidential, official use only, and public
✦ Highly confidential, proprietary, internal use, and public
Getting an A+
This chapter introduces you to a number of security-related terms that you
need to understand before taking your first A+ exam. Here some key points
to remember when preparing for the exam:
✦ Authentication is the process of proving an identity to the network,
but authorization is the process of determining whether accessing a
resource is allowed after authentication takes place.
✦ Hackers take many different approaches to compromise a system.
Protect your environment from both network-based and software-based
attacks, and make sure that physical security is in place.
✦ A denial of service (DoS) is an attack on a system or network that pre-
vents the system or network from performing its regular function.
✦ Social engineering is a popular type of attack that involves the hacker
compromising security by tricking an employee through social contact.
The social engineer might entice the user to divulge confidential infor-
mation or might trick the user into running a program that does harm to
the system.
✦ You secure network traffic by encrypting traffic between two systems by
using technologies such as SSL and IPSec. Administrators typically use
SSL to encrypt Web traffic and IPSec to encrypt internal or VPN traffic.
✦ Securing your data involves not only protecting resources with permis-
sions but also protecting your data by following proper data destruc-
tion procedures and backup strategies as well as creating redundant
disk solutions.
49_487389-bk09ch01.indd 106249_487389-bk09ch01.indd 1062 9/10/09 11:03 PM9/10/09 11:03 PM