Software Development & Education Center Security+ Certification

Size: px

Start display at page:

Download "Software Development & Education Center Security+ Certification"

Laurence Young
6 years ago
Views:

1 Software Development & Education Center Security+ Certification

2 CompTIA Security+ Certification CompTIA Security+ certification designates knowledgeable professionals in the field of security, one of the fastest-growing fields in IT. CompTIA Security+ is an international, vendor-neutral certification that demonstrates competency in: Network security Compliance and operational security Threats and vulnerabilities Application, data and host security Access control and identity management Cryptography CompTIA Security+ not only ensures that candidates will apply knowledge of security concepts, tools, and procedures to react to security incidents; it ensures that security personnel are anticipating security risks and guarding against them. Candidate job roles include security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator, and network administrator. The CompTIA Security+ certification is accredited by the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI).The CompTIA Security+ certification may be kept current through the CompTIA Continuing Education program. Course Objectives Upon successful completion of this course, students will be able to: Identify the fundamental concepts of computer security. Identify security threats and vulnerabilities. Examine network security. Manage application, data and host security. Identify access control and account management security measures. Manage public key infrastructure (PKI).

3 Manage certificates. Identify compliance and operational security measures. Manage risk. Establish key components of the security infrastructure. Manage security incidents. Develop business continuity and disaster recovery plans. Rationale A vendor and product neutral course which will earn the student an established industry credential that validates their network and server expertise; will serve as a jumping off point for higher level certifications Evaluation Those who participate in class discussions, complete class labs and miss no more than three class meetings will be awarded 4.0 continuing education units. Ultimate evaluation of the student will be their successfully passing the CompTIA Security + (2011 edition) (SY0-201) examination. Test Details Number of questions Maximum of 100 questions Length of test 90 minutes Passing score 750 (on a scale of ) Recommended experience CompTIA Network+ certification and two years of technical networking experience, with an emphasis on security. Exam codes SY0-301, JK0-018

4 Course Outline Lesson 1: Security Fundamentals Topic 1A: Information Security Cycle What Is Information Security? What to Protect Goals of Security Vulnerabilities Threats Attacks Intrusions Risk Controls Types of Controls Security Management Objectives Topic 1B: Information Security Controls The CIA Triad Non-repudiation Authentication Identification The Five A s Access Control Methods Implicit Deny Least Privilege Separation of Duties Job Rotation Mandatory Vacation Time of Day Restrictions

5 Privilege Management Topic 1C: Authentication Methods Authentication Factors User Name/Password Authentication Tokens Trusted OS Biometrics Multi-Factor Authentication Mutual Authentication Topic 1D: Cryptography Fundamentals Cryptography Encryption Ciphers Cipher Types Encryption and Security Goals Encryption Algorithms Steganography Keys Hashing Encryption Hashing Encryption Algorithms Symmetric Encryption Symmetric Encryption Algorithms Asymmetric Encryption Asymmetric Encryption Algorithms Digital Signatures Quantum Cryptography Hardware-Based Encryption Devices

6 Topic 1E: Security Policy Fundamentals Security Policies Security Policy Components Security Policy Issues Common Security Policy Types Security Document Categories Change Management Documentation Handling Measures Lesson 2: Security Threats and Vulnerabilities Topic 2A: Social Engineering Social Engineering Attacks Types of Social Engineering Hackers and Attackers Categories of Attackers Topic 2B: Physical Threats and Vulnerabilities Physical Security Physical Security Threats and Vulnerabilities Hardware Attacks Environmental Threats and Vulnerabilities Topic 2C: Network-Based Threats TCP/IP Basics Port Scanning Attacks Eavesdropping Attacks Replay Attacks Social Network Attacks Man-in-the-Middle Attacks Denial of Service (DoS) Attacks

7 Distributed Denial of Service (DDoS) Attacks Types of DoS Attacks Session Hijacking P2P Attacks ARP Poisoning DNS Vulnerabilities Topic 2D: Wireless Threats and Vulnerabilities Wireless Security Wireless Threats and Vulnerabilities Topic 2E: Software Based Threats Software Attacks Malicious Code Attacks Types of Malicious Code Attacks Password Attacks Types of Password Attacks Backdoor Attacks Application Attacks Types of Application Attacks Lesson 3: Network Security Topic 3A: Network Devices and Technologies Network Components Network Devices Network Technologies Intrusion Detection Systems (IDSs) NIDS NIPS Types of Network Monitoring Systems

8 Virtual Private Networks (VPNs) VPN Concentrator Web Security Gateways Topic 3B: Network Design Elements and Components NAC VLANs Subnetting NAT Remote Access Remote Access Methods Telephony Components Virtualization Cloud Computing Cloud Computing Service Types Topic 3C: Implement Networking Protocols Internet Protocols DNS HTTP SSL Transport Layer Security (TLS) HTTPS SSH SNMP ICMP IPSec File Transfer Protocols Ports

9 MMC How to Implement Networking Protocols Topic 3D: Apply Network Security Administration Principles Rule-Based Management Network Administration Security Methods How to How to Apply Network Security Administration Principles Topic 3E: Secure Wireless Traffic The Protocol Standards The WAP Protocol Wireless Security Protocols Wireless Security Methods How to Secure Wireless Traffic Lesson 4: Managing Application, Data and Host Security Topic 4A: Establish Device/Host Security Hardening Operating System Security Operating System Security Settings Security Baselines Software Updates Patch Management Logging Auditing Anti-Malware Software Types of Anti-Malware Software Virtualization Security Techniques Hardware Security Controls

10 Strong Passwords How to Establish Device/Host Security Topic 4B: Application Security What is Application Security? Application Security Methods Input Validation Input Validation Vulnerabilities Error and Exception Handling Cross-Site Scripting Cross-Site Request Forgery (XSRF) Cross-Site Attack Prevention Methods Fuzzing Web Browser Security Topic 4C: Data Security What is Data Security? Data Security Vulnerabilities Data Encryption Methods Hardware-Based Encryption Devices How to Topic 4D: Mobile Security Mobile Device Types Mobile Device Vulnerabilities Mobile Device Security Controls Lesson 5: Access Control, Authentication, and Account Management Topic 5A: Access Control and Authentication Services Directory Services LDAP

11 Common Directory Services Remote Access Methods Tunneling VPN Layer Two Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) CHAP PAP PGP RADIUS TACACS Kerberos The Kerberos Process Topic 5B: Implement Account Management Security Controls Identity Management Account Management Account Privileges Account Policy Multiple Accounts Multiple User Account Issues Account Management Security Controls Group Policy How to Implement Account Management Security Controls Lesson 6: Managing Public Key Infrastructure (PKI) Topic 6A: Install a Certificate Authority (CA) Hierarchy Digital Certificates Certificate Authentication

12 Single vs. Dual Sided Certificate Authentication Public Key Infrastructure (PKI) PKI Components CA Hierarchies (Trust Models) The Root CA Public and Private Roots Subordinate CAs Offline Root CAs CA Hierarchy Design Options How to Install a Certificate Authority (CA) Hierarchy Topic 6B: Back Up a CA How to Back Up a CA Topic 6C: Restore a CA How to Restore a CA Lesson 7: Managing Certificates Topic 7A: Enroll Certificates The Certificate Enrolment Process The Certificate Life Cycle Certificate Life Cycle Management How to Enroll Certificates Topic 7B: Secure Network Traffic by Using Certificates SSL Enrolment Process How to Secure Network Traffic by Using Certificates Topic 7C: Renew Certificates How to Renew Certificates Topic 7D: Revoke Certificates Certificate Revocation The Certificate Revocation List (CRL)

13 How to Revoke Certificates Topic 7E: Back Up Certificates and Private Keys Private Key Protection Methods Key Escrow How to Back Up Certificates and Private Keys Topic 7F: Restore Certificates and Private Keys Private Key Restoration Methods Private Key Replacement How to Restore Certificates and Private Keys Lesson 8: Compliance and Operational Security Topic 8A: Physical Security Physical Security Controls Physical Security Control Types Environmental Exposures Environmental Controls Environmental Monitoring Topic 8B: Legal Compliance Compliance Laws and Regulations Legal Requirements Types of Legal Requirements Due Care Due Diligence Due Process Forensic Requirements Topic 8C: Security Awareness and Training Security Policy Awareness Employee Education

14 User Security Responsibilities Lesson 9: Managing Risk Topic 9A: Risk Analysis Risk Management Types of Risk Components of Risk Analysis Phases of Risk Analysis Risk Analysis Methods Risk Calculation Risk Response Strategies Topic 9B: Implement Risk Mitigation Strategies Risk Control Types Security Incident Management Risk Mitigation Techniques How to Implement Risk Mitigation Strategies Lesson 10: The Security Infrastructure Topic 10A: Implement Vulnerability Assessment Tools and Techniques Security Assessment Types Security Assessment Techniques Security Assessment Tools Honeypots How to Implement Vulnerability Assessment Tools and Techniques Topic 10B: Scan for Vulnerabilities The Hacking Process Ethical Hacking Penetration Testing and Vulnerability Scanning Types of Vulnerability Scans

15 Box Testing Methods Security Utilities Vulnerable Port Ranges How to Scan for Vulnerabilities Topic 10C: Mitigation and Deterrent Techniques Security Posture Detection vs. Prevention Controls Types of Mitigation and Deterrent Techniques Lesson 11: Managing Security Incidents Topic 11A: Respond to Security Incidents Computer Crime First Responders Chain of Custody Incident Response Policies Computer Forensics Order of Volatility Basic Forensic Response Procedures for IT Basic Forensic Process How to Respond to Security Incidents Topic 11B: Recover from a Security Incident Damage Assessment and Loss Control Guidelines Organizational Security Reporting Structures Security Incident Reporting Options How to Recover from a Security Incident Lesson 12: Business Continuity and Disaster Recovery Topic 12A: Business Continuity Business Continuity Plans

16 Business Impact Analysis Continuity of Operations Plan IT Contingency Planning Succession Planning Business Continuity Testing Topic 12B: Plan for Disaster Recovery Disaster Recovery Plans Fault Tolerance Redundancy Measures High Availability Alternate Sites Disaster Recovery Testing Disaster Recovery Evaluation and Maintenance How to Plan for Disaster Recovery Topic 12C: Execute Disaster Recovery Plans and Procedures The Recovery Team The Salvage Team The Disaster Recovery Process Secure Recovery Backup Types and Recovery Plans Backout Contingency Plans Secure Backups Backup Storage Locations How to Execute Disaster Recovery Plans and Procedures

17 Industry Interface Program Projects Modular Assignments Mini Projects 1 Major Project Domains / Industry Retail Industry Banking & Finance Service E-Commerce Manufacturing & Production Web Application Development Research & Analytics HR & Consultancy FMCG Consumer Electronics Event Management Industry Telecom

18 Training & Performance Tracking Knowledge related to current technology aspects and corporate level deliverable & Continuous training and assessment to make you industry ready. Throughout the Training Curriculum Candidate will go through a Scheduled Assessment Process as below: Continues Assessments Practical Workshops Modular Assignments Case Studies & Analysis Presentations (Latest Trends & Technologies) Tech Seminars Technical Viva Observing live Models of various projects Domain Specific Industry Projects

19 Skills Development Workshop Communication is something which all of us do from the very first day of our life, yet there is a question that haunts us most of the time Did I express myself correctly in such and such situation? The answer to this question is really tricky, because in some cases we leave our signatures and good impression but in some others we even fail to get our idea clearly. It happens mostly because we don t know how to act in certain situations. Every time we fail we don t lose completely, we do learn something, but prior knowledge of the same thing could be more beneficial because then we could have turned that failure into success. The course / workshop would focus at many aspects of personality, like: Building positive relationships with peers & seniors Building self-confidence & Developing clear communication skills Exploring and working on factors that help or hinder effective interpersonal communication Learning impacts of non-verbal behavior & Dealing with difficult situations and difficult people Workshops Consists of Following Activities: Personality Development Group Discussions & Debates Seminars & Presentations Case Studies & Analysis Corporate Communication Development HR & Interview Skills Management Games & Simulations Aptitude, Logical & Reasoning Assessments & Development

CompTIA Security+ (Exam SY0-401)

CompTIA Security+ (Exam SY0-401) Course Overview This course will prepare students to pass the current CompTIA Security+ SY0-401 certification exam. After taking this course, students will understand the