CompTIA Security+

Duration: 5 Days | Price: Contact a Career Consultant for pricing

Description: This course is targeted toward an Information Technology (IT) professional who has networking and administrative skills in Windows-based TCP/IP networks and familiarity with other operating systems, such as OS X, UNIX, or Linux, and who wants to further a career in IT by acquiring a foundational knowledge of security topics; prepare for the CompTIA Security+ Certification examination; or use Security+ as the foundation for advanced security certifications or career roles. Students will learn how to implement and monitor security on networks, applications, and operating systems, and respond to security breaches.

Prerequisites: Basic Windows skills and fundamental understanding of computer and networking concepts are required. CompTIA A+ and Network+ certifications, or equivalent knowledge, and six to nine months experience in networking, including experience configuring and managing TCP/IP, are strongly recommended.

Information Security Cycle What Is Information Security? What to Protect Goals of Security Vulnerabilities Threats Attacks Intrusions Risk Controls Types of Controls Security Management Objectives	Information Security Controls The CIA Triad Non-repudiation Authentication Identification The Five As Access Control Methods Implicit Deny Least Privilege Separation of Duties Job Rotation Mandatory Vacation Time of Day Restrictions Privilege Management
Authentication Methods Authentication Factors User Name/Password Authentication Tokens Trusted OS Biometrics Multi-Factor Authentication Mutual Authentication	Cryptography Fundamentals Cryptography Encryption Ciphers Cipher Types Encryption and Security Goals Encryption Algorithms Steganography Keys Hashing Encryption Hashing Encryption Algorithms Symmetric Encryption Symmetric Encryption Algorithms Asymmetric Encryption Asymmetric Encryption Algorithms Digital Signatures Quantum Cryptography Hardware-Based Encryption Devices
Security Policy Fundamentals Security Policies Security Policy Components Security Policy Issues Common Security Policy Types Security Document Categories Change Management Documentation Handling Measures	Social Engineering Social Engineering Attacks Types of Social Engineering Hackers and Attackers Categories of Attackers
Physical Threats and Vulnerabilities Physical Security Physical Security Threats and Vulnerabilities Hardware Attacks Environmental Threats and Vulnerabilities	Network-Based Threats TCP/IP Basics Port Scanning Attacks Eavesdropping Attacks Replay Attacks Social Network Attacks Man-in-the-Middle Attacks Denial of Service (DoS) Attacks Distributed Denial of Service (DDoS) Attacks Types of DoS Attacks Session Hijacking P2P Attacks ARP Poisoning DNS Vulnerabilities
Wireless Threats and Vulnerabilities Wireless Security Wireless Threats and Vulnerabilities	Software Based Threats Software Attacks Malicious Code Attacks Types of Malicious Code Attacks Password Attacks Types of Password Attacks Backdoor Attacks Application Attacks Types of Application Attacks
Network Devices and Technologies Network Components Network Devices Network Technologies Intrusion Detection Systems (IDSs) NIDS NIPS Types of Network Monitoring Systems Virtual Private Networks (VPNs) VPN Concentrator Web Security Gateways	Network Design Elements and Components NAC VLANs Subnetting NAT Remote Access Remote Access Methods Telephony Components Virtualization Cloud Computing Cloud Computing Service Types
Implementing Networking Protocols Internet Protocols DNS HTTP SSL Transport Layer Security (TLS) HTTPS SSH SNMP ICMP IPSec File Transfer Protocols Ports MMC	Appling Network Security Administration Principles Rule-Based Management Network Administration Security Methods
Securing Wireless Traffic The 802.11 Protocol 802.11 Standards The WAP Protocol Wireless Security Protocols Wireless Security Methods	Establishing Device/Host Security Hardening Operating System Security Operating System Security Settings Security Baselines Software Updates Patch Management Logging Auditing Anti-Malware Software Types of Anti-Malware Software Virtualization Security Techniques Hardware Security Controls Strong Passwords
Application Security What is Application Security? Application Security Methods Input Validation Input Validation Vulnerabilities Error and Exception Handling Cross-Site Scripting Cross-Site Request Forgery (XSRF) Cross-Site Attack Prevention Methods Fuzzing Web Browser Security	Data Security What is Data Security? Data Security Vulnerabilities Data Encryption Methods Hardware-Based Encryption Devices
Mobile Security Mobile Device Types Mobile Device Vulnerabilities Mobile Device Security Controls	Access Control and Authentication Services Directory Services LDAP Common Directory Services Remote Access Methods Tunneling VPN Layer Two Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) CHAP PAP PGP RADIUS TACACS Kerberos The Kerberos Process
Implementing Account Management Security Controls Identity Management Account Management Account Privileges Account Policy Multiple Accounts Multiple User Account Issues Account Management Security Controls Group Policy	Installing a Certificate Authority (CA) Hierarchy Digital Certificates Certificate Authentication Single vs. Dual Sided Certificate Authentication Public Key Infrastructure (PKI) PKI Components CA Hierarchies (Trust Models) The Root CA Public and Private Roots Subordinate CAs Offline Root CAs CA Hierarchy Design Options Backing Up a CA Restoring a CA
Enrolling Certificates The Certificate Enrollment Process The Certificate Life Cycle Certificate Life Cycle Management	Securing Network Traffic by Using Certificates SSL Enrollment Process Renewing Certificates Revoking Certificates The Certificate Revocation List (CRL) Backing Up Certificates and Private Keys Private Key Protection Methods Key Escrow Private Key Restoration Methods Private Key Replacement
Physical Security Physical Security Controls Physical Security Control Types Environmental Exposures Environmental Controls Environmental Monitoring	Legal Compliance Compliance Laws and Regulations Legal Requirements Types of Legal Requirements Due Care Due Diligence Due Process Forensic Requirements
Security Awareness and Training Security Policy Awareness Employee Education User Security Responsibilities	Risk Analysis Risk Management Types of Risk Components of Risk Analysis Phases of Risk Analysis Risk Analysis Methods Risk Calculation Risk Response Strategies
Implementing Risk Mitigation Strategies Risk Control Types Security Incident Management Risk Mitigation Techniques	Implementing Vulnerability Assessment Tools and Techniques Security Assessment Types Security Assessment Techniques Security Assessment Tools Honeypots
Scanning for Vulnerabilities The Hacking Process Ethical Hacking Penetration Testing and Vulnerability Scanning Types of Vulnerability Scans Box Testing Methods Security Utilities Vulnerable Port Ranges	Mitigation and Deterrent Techniques Security Posture Detection vs. Prevention Controls Types of Mitigation and Deterrent Techniques
Responding to Security Incidents Computer Crime First Responders Chain of Custody Incident Response Policies Computer Forensics Order of Volatility Basic Forensic Response Procedures for IT Basic Forensic Process	Recovering from a Security Incident Damage Assessment and Loss Control Guidelines Organizational Security Reporting Structures Security Incident Reporting Options
Business Continuity Business Continuity Plans Business Impact Analysis Continuity of Operations Plan IT Contingency Planning Succession Planning Business Continuity Testing	Planning for Disaster Recovery Disaster Recovery Plans Fault Tolerance Redundancy Measures High Availability Alternate Sites Disaster Recovery Testing Disaster Recovery Evaluation and Maintenance
Executing Disaster Recovery Plans and Procedures The Recovery Team The Salvage Team The Disaster Recovery Process Secure Recovery Backup Types and Recovery Plans Backout Contingency Plans Secure Backups Backup Storage Locations