CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

Similar documents
Protecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets

(2½ hours) Total Marks: 75

CompTIA Security+ (Exam SY0-401)

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Post-Class Quiz: Access Control Domain

Software Development & Education Center Security+ Certification

Cryptographic Concepts

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

CompTIA JK CompTIA Academic/E2C Security+ Certification. Download Full Version :

BraindumpsVCE. Best vce braindumps-exam vce pdf free download

CompTIA Security+ (2008 Edition) Exam


KALASALINGAM UNIVERSITY

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Introduction and Overview. Why CSCI 454/554?

Chapter 19 Security. Chapter 19 Security

CS 356 Lecture 7 Access Control. Spring 2013

Chapter 15: Security. Operating System Concepts 8 th Edition,

UNIT - IV Cryptographic Hash Function 31.1

CompTIA Security+(2008 Edition) Exam

Chapter 5 Authentication and Basic Cryptography

Overview. SSL Cryptography Overview CHAPTER 1

Chapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao

Security+ SY0-501 Study Guide Table of Contents

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

Define information security Define security as process, not point product.

L13. Reviews. Rocky K. C. Chang, April 10, 2015

APNIC elearning: Cryptography Basics

Syllabus: The syllabus is broadly structured as follows:

Security. Communication security. System Security

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

CompTIA Security+ Certification

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Network Security and Cryptography. December Sample Exam Marking Scheme

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Security in ECE Systems

Most Common Security Threats (cont.)

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Cryptography and Network Security

Verteilte Systeme (Distributed Systems)

PASSWORDS & ENCRYPTION

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

1.264 Lecture 28. Cryptography: Asymmetric keys

Network Security and Cryptography. 2 September Marking Scheme

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Authentication. Chapter 2

CPET 499/ITC 250 Web Systems Chapter 16 Security. Topics

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Lecture 1: Introduction to Security Architecture. for. Open Systems Interconnection

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

HOST Authentication Overview ECE 525

Computer Security: Principles and Practice

Cryptography MIS

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)

Authentication CHAPTER 17

Number Theory and RSA Public-Key Encryption

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Security Policies and Procedures Principles and Practices

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Encryption. INST 346, Section 0201 April 3, 2018

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

VPN Overview. VPN Types

Wireless Attacks and Countermeasures

CSC 774 Network Security

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Google Cloud Platform: Customer Responsibility Matrix. December 2018

IBM i Version 7.2. Security Cryptography IBM

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CS 111. Operating Systems Peter Reiher

Intruders, Human Identification and Authentication, Web Authentication

Information Security in Corporation

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

MODULE NO.28: Password Cracking

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Checklist: Credit Union Information Security and Privacy Policies

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

5 Tips to Fortify your Wireless Network

Distributed Systems. Lecture 14: Security. Distributed Systems 1

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Distributed Systems. Lecture 14: Security. 5 March,

IT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston

Top-Down Network Design

Security Policy (EN) v1.3

Lecture III : Communication Security Mechanisms

Pass, No Record: An Android Password Manager

Level 3 Principles of ICT Systems and Data Security ( / )

Transport Level Security

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Introduction to Security

Transcription:

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals This course contains copyrighted material used by permission of Logical Operations, Inc.

Slide 1 Course 01: Security Fundamentals The Information Security Cycle Information Security Controls Authentication Methods Cryptography Fundamentals Security Policy Fundamentals OV 1-1

Slide 2 Topic A: The Information Security Cycle What Is Information Security? What to Protect Goals of Security Risk Threats A Vulnerability Intrusions Attacks Controls Types of Controls The Security Management Process OV 1-2

Slide 3 What Is Information Security? Protection of available information or information resources. Necessary for a responsible individual or organization to secure confidential information. Minimize business risks and other consequences of losing crucial data. OV 1-3

Slide 4 What to Protect Data Resource Data Resource OV 1-4

Slide 5 Goals of Security Prevention Detection Recovery OV 1-5

Slide 6 Risk Likelihood: Rare Damage: Moderate Disgruntled Former Employees Threat of Improper Access OV 1-6

Slide 7 Threats Intentional or unintentional Information Security Threats Changes to Information Interruption of Services Interruption of Access Damage to Hardware Damage to Facilities OV 1-7

Slide 8 A Vulnerability Attacker Unsecured Router Information System OV 1-8

Slide 9 Intrusions OV 1-9

Slide 10 Attacks Physical Security Attacks Software-Based Attacks Social Engineering Attacks Web Application-Based Attacks Network-Based Attacks OV 1-10

Slide 11 Controls Controls are the countermeasures that you need to put in place to avoid, mitigate, or counteract security risks due to threats or attacks. Prevention Control Detection Control Correction Control OV 1-11

Slide 12 Types of Controls Prevention Detection Correction OV 1-12

Slide 13 The Security Management Process OV 1-13

Slide 14 Topic B: Information Security Controls The CIA Triad Non-repudiation Identification Authentication Authentication Factors Authorization Access Control Access Control Models Accounting and Auditing Common Security Practices Implicit Deny Least Privilege Separation of Duties Job Rotation Mandatory Vacation Time of Day Restrictions Privileged Management OV 1-14

Slide 15 The CIA Triad Availability OV 1-15

Slide 16 Non-repudiation OV 1-16

Slide 17 Identification OV 1-17

Slide 18 Authentication OV 1-18

Slide 19 Authentication Factors Something you are Fingerprints, handprints, or retinal patterns Something you have Key or ID card Something you know Password or PIN Somewhere you are or are not IP address or GPS Something you do Keystroke patterns Password 24.213.151.4 OV 1-19

Slide 20 Authorization Determining the rights and privileges of a user or entity. Comes after identification and authentication. OV 1-20

Slide 21 Access Control Determining and assigning privileges to resources, objects, or data. Manages authorization. OV 1-21

Slide 22 Access Control Models Mandatory Access Control (MAC) Discretionary Access Control (DAC) Role-Based Access Control (RBAC) Rule-Based Access Control OV 1-22

Slide 23 Accounting and Auditing The process of tracking and recording system activities and resource access. Auditing: examine what was recorded. OV 1-23

Slide 24 Common Security Practices Implicit deny Least privilege Separation of duties Job rotation Mandatory vacation Time of day restrictions Privilege management OV 1-24

Slide 25 Implicit Deny Default Deny Read Access Granted Write Access Denied OV 1-25

Slide 26 Least Privilege Perform their jobs with fewer privileges User 1 User 4 Perform their jobs with more privileges User 2 Data Entry Clerks User 3 Financial Coordinators OV 1-26

Slide 27 Separation of Duties Backup Audit Restore OV 1-27

Slide 28 Job Rotation Backup Access Control Audit Firewall Restore OV 1-28

Slide 29 Mandatory Vacation OV 1-29

Slide 30 Time of Day Restrictions AM PM OV 1-30

Slide 31 Privilege Management Accounting/Auditing Authorization Access Control Administrator Authentication OV 1-31

Slide 32 Topic C: Authentication Methods User Name/Password Authentication Tokens Biometrics Geolocation Keystroke Authentication Multi-factor Authentication Mutual Authentication OV 1-32

Slide 33 User Name/Password Authentication Password User name OV 1-33

Slide 34 Tokens Unique Value PIN User Information Password OV 1-34

Slide 35 Biometrics Fingerprint scanner Retinal scanner Hand geometry scanner Voice-recognition software Facial-recognition software Fingerprint Scanner OV 1-35

Slide 36 Geolocation Where you are or are not. Determines physical location from IP address, MAC address, RFID, GPS coordinates, etc. Authentication requests from approved locations are granted. Authentication Approved Authentication Request Approved Locations Authentication Denied OV 1-36

Slide 37 Keystroke Authentication Keystroke Pattern Detector OV 1-37

Slide 38 Multi-factor Authentication Password ID Card OV 1-38

Slide 39 Mutual Authentication OV 1-39

Slide 40 Topic D: Cryptography Fundamentals Cryptography Encryption and Decryption Ciphers Cipher Types Encryption and Security Goals Steganography A Key Hashing Encryption Hashing Encryption Algorithms Symmetric Encryption Symmetric Encryption Algorithms Asymmetric Encryption Asymmetric Encryption Technologies Key Exchange Digital Signatures Cipher Suites Session Keys Key Stretching OV 1-40

Slide 41 Cryptography G7JDZL L539CZ AA9CZ1 ZPQ12G 93L12B LP7FFH 18ABHU UJ14A9 334FYO K71TYP CS3314 566HHX SAPRW1 SP563S 3F8Y0K PVF129 A7V8TT ADL10M N031M1 LAE3FB 1L598X RX0FYT LM2HU5 GT610A I5581Z QH1UNB 9JB70W OV 1-41

Slide 42 Encryption and Decryption Plaintext Encryption Ciphertext Ciphertext Decryption Plaintext OV 1-42

Slide 43 Ciphers Original Information Cipher Encrypted Information OV 1-43

Slide 44 Cipher Types Stream Cipher Plaintext Cipher Ciphertext Block Cipher Plaintext Block Cipher Ciphertext Block OV 1-44

Slide 45 Encryption and Security Goals Confidentiality Integrity Non-repudiation Authentication Access control OV 1-45

Slide 46 Steganography Steganographic techniques include: Hiding information in blocks. Hiding information within images. Invisibly altering the structure of a digital image. Vessel Image Steganographic Image Secret Data OV 1-46

Slide 47 A Key Original Information Cipher Encrypted Information = Two Letters Following OV 1-47

Slide 48 Hashing Encryption OV 1-48

Slide 49 Hashing Encryption Algorithms MD5 SHA NTLM versions 1 and 2 RIPEMD HMAC OV 1-49

Slide 50 Symmetric Encryption Encrypts Data Decrypts Data Same Key on Both Sides OV 1-50

Slide 51 Symmetric Encryption Algorithms DES 3DES AES Blowfish Twofish RC 4, 5, 6 OV 1-51

Slide 52 Asymmetric Encryption Public Key Encrypts Private Key Decrypts OV 1-52

Slide 53 Asymmetric Encryption Techniques RSA DH ECC DHE ECDHE OV 1-53

Slide 54 Key Exchange Sender Receiver For messages to be exchanged, the sender and receiver need the right cryptographic keys Symmetric cipher: Same key Asymmetric cipher: Each other s public key OV 1-54

Slide 55 Digital Signatures Hash Value of Signature Hash Value Matches OV 1-55

Slide 56 Cipher Suites Collections of symmetric and asymmetric encryption algorithms: Key exchange Bulk encryption Message authentication code Pseudorandom function Establish secure connections between hosts. Associated with TLS and SSL network protocols. Over 200 named cipher suites provide varying protection levels. Key Exchange Algorithm Bulk Encryption Algorithm Message Authentication Code Algorithm Pseudorandom Function Cypher Suite OV 1-56

Slide 57 Session Keys Single-Use Key Related Messages Sender Receiver Unrelated message requires a different key OV 1-57

Slide 58 Key Stretching Original Key Key Stretching Algorithm Enhanced Key Key stretching makes it harder to crack passwords and passphrases. OV 1-58

Slide 59 Topic E: Security Policy Fundamentals A Security Policy Security Policy Components Common Security Policy Types Group Policy Security Document Categories Change Management Documentation Handling Measures OV 1-59

Slide 60 A Security Policy Individual Policy Resources to Protect Formal Policy Statement Implementation Measures OV 1-60

Slide 61 Security Policy Components Policy statement Standards Guidelines Procedures OV 1-61

Slide 62 Common Security Policy Types AUP Privacy policy Audit policy Extranet policy Password policy Wireless standards policy Social media policy OV 1-62

Slide 63 Group Policy OV 1-63

Slide 64 Security Document Categories System architecture Change documentation Logs Inventories OV 1-64

Slide 65 Change Management OV 1-65

Slide 66 Documentation Handling Measures Classification Retention and Storage Disposal and Destruction OV 1-66

Slide 67 Course 01 Review: Security Fundamentals The Information Security Cycle Information Security Controls Authentication Methods Cryptography Fundamentals Security Policy Fundamentals OV 1-67

Slide 68 Reflective Questions 1. Which of the basic security concepts in this lesson were familiar to you, and which were new? 2. Can you describe some real-world situations where you used basic security techniques such as authentication, access control, and encryption, or made use of a security policy? OV 1-68

This course contains copyrighted material used by permission of Logical Operations, Inc.

Review Questions: 1. Which of the following is not a goal of security? A. Prevention B. Prosecution C. Detection D. Recovery 2. Which of the following could be described as a weakness in a system? A. Risk B. Threats C. 0-day D. Vulnerability 3. When looking at risk, you should consider the extent of damage that could be done along with what else? A. Likelihood B. Insurance C. Response teams D. Firewalls 4. A control is considered to be what? A. Keyboards B. Buttons on the mouse C. Countermeasure D. Social Engineering 5. Besides Prevention and Correction, what is the 3rd type of control? A. Detection B. Awareness C. Discouragement D. None of the above 6. In the CIA Triad, the I stands for what? A. Identification B. Integrity C. Information D. Inbound traffic

7. Using biometrics for authentication would be what type of authentication factor? A. Something you are B. Something you have C. Something you know D. Something you do 8. True or False: Using multi-factor authentication does not really help strengthen the process of authentication. A. True B. False 9. The owner of an object can determine the permissions to access that object. This is what type of access control model? A. MAC B. Role-based C. Rule-based D. DAC 10. Giving users just enough access/permissions to accomplish their job is known as what? A. Least Privilege B. Default - No Access C. Implicit Deny D. None of the above

Answer Key: 1. B Prosecution would be something sought after the security event occurred. 2. D A vulnerability is a weakness in a system, such as a flaw in a program, poor configuration, etc. 3. A We should evaluate risk based on the amount of damage (Single Loss Event) and the likelihood that this could occur. 4. C A control is a type of countermeasure used to reduce risk. 5. A Detection is the 3rd type of control. 6. B This is for Integrity, where the goal is to protect our information from accidental or malicious changes. 7. A This is the "something you are" authentication factor. 8. B False. Multi-factor authentication increases the strength of authentication, which in turn increases your security profile. 9. D This is known as Discretionary Access Control. 10. A This is the concept of Least Privilege, which also implies that if you don't have permission, then you should be denied access.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback