IN-SE

CompTIA Security+

Summary

Duration

5 Days

Level

Intermediate

Technology

IT Professionals

Delivery Method

Instructor-led (Classroom)

Training Credits

N/A

Audience

IT Professionals

Introduction

The CompTIA Security+ certification is an internationally recognized validation of the technical knowledge required of IT security practitioners.

This course covers a wide range of IT security topics such as network security, compliance and operational security, threats and vulnerabilities, access control and identity management and cryptography. If you are an IT professional seeking to progress in your IT security career, then you know that the CompTIA Security+ course is one of the most valuable certifications available.

In addition, this course exposes delegates to security concepts, tools, and procedures necessary to react to security incidents and it empowers security personnel to anticipate security risks and guard against them.

Since its introduction in 2002, over a quarter million professionals have achieved Security+ certification, itself a springboard to prestigious certifications like the CASP, CISSP, and CISA certifications. 

Target Audience

  • Anyone wishing to build a solid foundation with regard to security architectures
  • Anyone wishing to pursue a career in IT security
  • Security architects, security engineers, security administrators, network administrators, information assurance technicians.

Prerequisites

Before attending this course, delegates must have:

  • Either attended the CompTIA Network+ course, or have equivalent knowledge or

  • A minimum of two years of technical networking experience, with an emphasis on security.

Course Objectives

After completing this course, delegates will have a thorough understanding of:

  • Measuring and Weighing Risk
  • Monitoring and Diagnosing Networks
  • Understanding Devices and Infrastructure
  • Access Control, Authentication, and Authorization
  • Protecting Wireless Networks
  • Securing the Cloud
  • Host, Data, and Application Security
  • Cryptography
  • Malware, Vulnerabilities, and Threats
  • Social Engineering and Other Foes
  • Security Administration
  • Disaster Recovery and Incident Response

Course Content

Lesson 1: Measuring and Weighing Risk

  • Risk Assessment
  • Computing Risk Assessment
  • Acting on Your Risk Assessment
  • Risks Associated with Cloud Computing
  • Risks Associated with Virtualization
  • Developing Policies, Standards, and Guidelines
  • Implementing Policies
  • Understanding Control Types and
  • False Positives/Negatives
  • Risk Management Best Practices
  • Disaster Recovery

Lesson 2: Monitoring and Diagnosing Networks

  • Monitoring Networks
  • Network Monitors
  • Understanding Hardening
  • Working with Services
  • Patches
  • User Account Control
  • Filesystems
  • Securing the Network
  • Security Posture
  • Continuous Security Monitoring
  • Setting a Remediation Policy
  • Reporting Security Issues
  • Alarms
  • Alerts
  • Trends
  • Differentiating between Detection Controls and Prevention Controls

Lesson 3: Understanding Devices and Infrastructure

  • Mastering TCP/IP
  • OSI Relevance
  • Working with the TCP/IP Suite
  • IPv4 and IPv6
  • Understanding Encapsulation
  • Working with Protocols and Services
  • Designing a Secure Network
  • Demilitarized Zones
  • Subnetting
  • Virtual Local Area Networks
  • Remote Access
  • Network Address Translation
  • Telephony
  • Network Access Control
  • Understanding the Various Network Infrastructure Devices
  • Firewalls
  • Routers
  • Switches
  • Load Balancers
  • Proxies
  • Web Security Gateway
  • VPNs and VPN Concentrators
  • Intrusion Detection Systems
  • Understanding Intrusion Detection Systems
  • IDS vs. IPS
  • Working with a Network-Based IDS
  • Working with a Host-Based IDS
  • Working with NIPSs
  • Protocol Analyzers
  • Spam Filters
  • UTM Security Appliances

Lesson 4: Access Control, Authentication, and Authorization

  • Understanding Access Control Basics
  • Identification vs. Authentication
  • Authentication (Single Factor) and Authorization
  • Multifactor Authentication
  • Layered Security and Defense in Depth
  • Network Access Control
  • Tokens
  • Federations
  • Potential Authentication and Access Problems
  • Authentication Issues to Consider
  • Authentication Protocols
  • Account Policy Enforcement
  • Users with Multiple Accounts/Roles
  • Generic Account Prohibition
  • Group-based and User-assigned Privileges
  • Understanding Remote Access Connectivity
  • Using the Point-to-Point Protocol
  • Working with Tunneling Protocols
  • Working with RADIUS
  • TACACS/TACACS+/XTACACS
  • VLAN Management
  • SAML
  • Understanding Authentication Services
  • LDAP
  • Kerberos
  • Single Sign-On Initiatives
  • Understanding Access Control
  • Mandatory Access Control
  • Discretionary Access Control
  • Role-Based Access Control
  • Rule-Based Access Control
  • Implementing Access Controlling Best Practices
  • Least Privileges
  • Separation of Duties
  • Time of Day Restrictions
  • User Access Review
  • Smart Cards
  • Access Control Lists
  • Port Security
  • Working with 802.1X
  • Flood Guards and Loop Protection
  • Preventing Network Bridging
  • Log Analysis
  • Trusted OS
  • Secure Router Configuration

Lesson 5: Protecting Wireless Networks

  • Working with Wireless Systems
  • IEEE 802.11x Wireless Protocols
  • WEP/WAP/WPA/WPA2
  • Wireless Transport Layer Security
  • Understanding Wireless Devices
  • Wireless Access Points
  • Extensible Authentication Protocol
  • Lightweight Extensible Authentication Protocol
  • Protected Extensible Authentication Protocol
  • Wireless Vulnerabilities to Know
  • Wireless Attack Analogy

Lesson 6: Securing the Cloud

  • Working with Cloud Computing
  • Software as a Service (SaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a Service (IaaS)
  • Private Cloud
  • Public Cloud
  • Community Cloud
  • Hybrid Cloud
  • Working with Virtualization
  • Snapshots
  • Patch Compatibility
  • Host Availability/Elasticity
  • Security Control Testing
  • Sandboxing
  • Security and the Cloud
  • Cloud Storage

Lesson 7: Host, Data, and Application Security

  • Application Hardening
  • Databases and Technologies
  • Fuzzing
  • Secure Coding
  • Application Configuration Baselining
  • Operating System Patch Management
  • Application Patch Management
  • Host Security
  • Permissions
  • Access Control Lists
  • Antimalware
  • Host Software Baselining
  • Hardening Web Servers
  • Hardening Email Servers
  • Hardening FTP Servers
  • Hardening DNS Servers
  • Hardening DHCP Services
  • Protecting Data Through Fault Tolerance
  • Backups
  • RAID
  • Clustering and Load Balancing
  • Application Security
  • Best Practices for Security
  • Data Loss Prevention
  • Hardware-Based Encryption Devices

Lesson 8: Cryptography

  • An Overview of Cryptography
  • Historical Cryptography
  • Modern Cryptography
  • Working with Symmetric Algorithms
  • Working with Asymmetric Algorithms
  • What Cryptography Should You Use?
  • Hashing Algorithms
  • Rainbow Tables and Salt
  • Key Stretching
  • Understanding Quantum Cryptography
  • Cryptanalysis Methods
  • Wi-Fi Encryption
  • Using Cryptographic Systems
  • Confidentiality and Strength
  • Integrity
  • Digital Signatures
  • Authentication
  • Nonrepudiation
  • Key Features
  • Understanding Cryptography Standards and Protocols
  • The Origins of Encryption Standards
  • Public-Key Infrastructure X.509/Public-Key Cryptography Standards
  • X.509
  • SSL and TLS
  • Certificate Management Protocols
  • Secure Multipurpose Internet Mail Extensions
  • Secure Electronic Transaction
  • Secure Shell
  • Pretty Good Privacy
  • HTTP Secure
  • Secure HTTP
  • IP Security
  • Tunneling Protocols
  • Federal Information Processing Standard
  • Using Public-Key Infrastructure
  • Using a Certificate Authority
  • Working with Registration Authorities and Local Registration Authorities
  • Implementing Certificates
  • Understanding Certificate Revocation
  • Implementing Trust Models
  • Hardware-Based Encryption Devices
  • Data Encryption

Lesson 9: Malware, Vulnerabilities, and Threats

  • Understanding Malware
  • Surviving Viruses
  • Symptoms of a Virus Infection
  • How Viruses Work
  • Types of Viruses
  • Managing Spam to Avoid Viruses
  • Antivirus Software
  • Understanding Various Types of Attacks
  • Identifying Denial-of-Service and
  • Distributed Denial-of-Service Attacks
  • Spoofing Attacks
  • Pharming Attacks
  • Phishing, Spear Phishing, and Vishing
  • Xmas Attack
  • Man-in-the-Middle Attacks
  • Replay Attacks
  • Smurf Attacks
  • Password Attacks
  • Privilege Escalation
  • Malicious Insider Threats
  • Transitive Access
  • Client-Side Attacks
  • Typo Squatting and URL Hijacking
  • Watering Hole Attack
  • Identifying Types of Application Attacks
  • Cross-Site Scripting and Forgery
  • SQL Injection
  • LDAP Injection
  • XML Injection
  • Directory Traversal/Command Injection
  • Buffer Overflow
  • Integer Overflow
  • Zero-Day Exploits
  • Cookies and Attachments
  • Locally Shared Objects and Flash Cookies
  • Malicious Add-Ons
  • Session Hijacking
  • Header Manipulation
  • Arbitrary Code and Remote Code Execution
  • Tools for Finding Threats
  • Interpreting Assessment Results
  • Tools to Know
  • Risk Calculations and Assessment Types

Lesson 10: Social Engineering and Other Foes

  • Understanding Social Engineering
  • Types of Social Engineering Attacks
  • What Motivates an Attack?
  • The Principles Behind Social Engineering
  • Social Engineering Attack Examples
  • Understanding Physical Security
  • Hardware Locks and Security
  • Mantraps
  • Video Surveillance
  • Fencing
  • Access List
  • Proper Lighting
  • Signs
  • Guards
  • Barricades
  • Biometrics
  • Protected Distribution
  • Alarms
  • Motion Detection
  • Environmental Controls
  • HVAC
  • Fire Suppression
  • EMI Shielding
  • Hot and Cold Aisles
  • Environmental Monitoring
  • Temperature and Humidity Controls
  • Control Types
  • A Control Type Analogy
  • Data Policies
  • Destroying a Flash Drive
  • Some Considerations
  • Optical Discs

Lesson 11: Security Administration

  • Third-Party Integration
  • Transitioning
  • Ongoing Operations
  • Understanding Security Awareness and Training
  • Communicating with Users to Raise Awareness
  • Providing Education and Training
  • Safety Topics
  • Training Topics
  • Classifying Information
  • Public Information
  • Private Information
  • Information Access Controls
  • Security Concepts
  • Complying with Privacy and Security Regulations
  • The Health Insurance Portability and Accountability Act
  • The Gramm-Leach-Bliley Act
  • The Computer Fraud and Abuse Act
  • The Family Educational Rights and Privacy Act
  • The Computer Security Act of 1987
  • The Cyberspace
  • Electronic Security Act
  • The Cyber Security Enhancement Act
  • The Patriot Act
  • Familiarizing Yourself with International Efforts
  • Mobile Devices
  • BYOD Issues
  • Alternative Methods to Mitigate Security Risks

Lesson 12: Disaster Recovery and Incident Response

  • Issues Associated with Business Continuity
  • Types of Storage Mechanisms
  • Crafting a Disaster-Recovery Plan
  • Incident Response Policies
  • Understanding Incident Response
  • Succession Planning
  • Tabletop Exercises
  • Reinforcing Vendor Support
  • Service-Level Agreements
  • Code Escrow Agreements
  • Penetration Testing
  • What Should You Test?
  • Vulnerability Scanning

Associated Certifications & Exam

This course will prepare delegates to write the CompTIA Security+ exam SYO-401.

Successfully passing this exam will result in the attainment of the CompTIA Security+ certification.

On successful completion of this course, delegates will receive a Torque IT course attendance certificate.