CompTIA Security +

Outcomes This course will prepare you for Security+ certification which is recognized around the world as the benchmark for foundation-level security professionals. Incorporating a comprehensive range of security knowledge areas, Security+ was developed with input from industry, government, academia and front-line practitioners, so you can be assured of its relevance. Microsoft participated with CompTIA? to develop Security+ and has implemented Security+ into the MCSA and MCSE such that it fulfills some of the security requirements. Assessment There are pre and post level questions and answers for each level of instruction. Lesson 1:General Security Concepts Access control

• Foundation of a secure network
• Access Control methods

Authentication

• Overview
• Kerberos
• CHAP
• Certificates
• Username/Password
• Tokens
• Multi-Factor
• Mutual Authentication
• Biometrics
• Auditing

Protecting Your Network

• Non-essential services & protocols ? disabling unnecessary systems/process/attacks
• Attacks
• Malicious Code
• Social Engineering

Auditing

• Logging & System Scanning

Level 2:Communication Security Remote Access

• 802.1x
• VPN
• RADIUS
• TACACS/+
• L2TP/PPTP
• SSH
• IPSEC
• Vulnerabilities

E-mail

• S/MIME
• PGP
• Vulnerabilities

Web

• SSL/TLS
• HTTP/S
• Instant Messaging

Directory Services

• SSL/TLS
• LDAP

File Transfer

• S/FTP
• Blind FTP/Anonymous
• File Sharing
• Vulnerabilities

Wireless

• WTLS
• 802.1x
• WEP/WAP
• Vulnerabilities

Level 3:Infrastructure Security Devices

• Firewalls
• Routers
• Switches
• Wireless
• Modems
• RAS
• Telecom/PBX
• VPN
• IDS
• Network Monitoring/Diagnostic
• Workstation
• Servers
• Mobile Devices

Media

• Coax
• UTP/STP
• Fiber
• Removable Media

Security Topologies

• Security Zones
• VLANs
• NAT
• Tunneling

Intrusion Detection

• Network Based
• Host based
• Active Detection
• Honey Pots
• Incident Response

Security

• OS/NOS Hardening (Concepts & Processes)
• Network Hardening
• Application Hardening

Level 4:Basics of Cryptography Algorithms

• Hashing
• Symmetric
• Asymmetric

Concepts of Cryptography

• Confidentiality
• Integrity
• Authentication
• Non-Repudiation
• Access Control

PKI

• Distinguishing Certificates
• Revocation
• Trust Models

Standard & Protocols Key Management/Certificate Lifecycle

• Centralized vs. Decentralized
• Storage
• Escrow
• Expiration
• Revocation
• Suspension
• Recovery
• Renewal
• Destruction
• Key Usage

Level 5:Operational/Organizational Security Physical Security

• Access Control
• Social Engineering
• Environment

Disaster Recovery

• Backups
• Secure Recovery
• Disaster Recovery Plan

Business Continuity

• Utility
• High Availability/Fault Tolerance
• Backups

Policy & Procedure

• Security Policy
• Incident Response Policy

Privilege Management

• User/Group/Role Management
• Single Sign-on
• Centralized vs. Decentralized
• Auditing (Privilege, Usage, Escalation)
• MAC/DAC/RBAC

Forensic (Awareness, Conceptual Knowledge & Understanding-knowing your role

• Chain of Custody
• Preservation of Evidence
• Collection of Evidence

Risk Identification

• Asset Identification
• Risk Assessment
• Threat Identification
• Vulnerabilities

Education-training of end-users, executives, & HR

• Communication
• User Awareness
• Education
• Online Resources

Documentation

• Standard and Guidelines
• System Architecture
• Change Documentation
• Logs and Inventories
• Classification
• Retention/Storage
• Destruction

Contact Hours: 60