SECURITY+ TRAINING COURSE DESCRIPTION
A hands on course aimed at getting delegates successfully through the CompTia
Security+ examination.
WHAT WILL YOU LEARN
* Explain general security concepts.
* Describe the security concepts in communications.
* Describe how to secure an infrastructure.
* Recognise the role of cryptography.
* Describe operational/organisational security.
SECURITY+ TRAINING COURSE DETAILS
* Who will benefit:
Those wishing to pass the Security+ exam.
* Prerequisites:
TCP/IP foundation for engineers
* Duration
5 days
SECURITY+ TRAINING COURSE CONTENTS
* General security concepts
Non-essential services and protocols. Access control: MAC, DAC, RBAC.
Security attacks: DOS, DDOS, back doors, spoofing, man in the middle, replay,
hijacking, weak keys, social engineering, mathematical, password guessing,
brute force, dictionary, software exploitation. Authentication: Kerberos,
CHAP, certificates, usernames/ passwords, tokens, biometrics. Malicious code:
Viruses, trojan horses, logic bombs, worms. Auditing, logging, scanning.
* Communication security
Remote access: 802.1x, VPNs, L2TP, PPTP, IPsec, RADIUS, TACACS, SSH. Email:
S/MIME, PGP, spam, hoaxes. Internet: SSL, TLS, HTTPS, IM, packet sniffing,
privacy, Javascript, ActiveX, buffer overflows, cookies, signed applets, CGI,
SMTP relay. LDAP. sftp, anon ftp, file sharing, sniffing, 8.3 names.
Wireless: WTLS, 802.11, 802.11x, WEP/WAP.
* Infrastructure security
Firewalls, routers, switches, wireless, modems, RAS, PBX, VPN, IDS,
networking monitoring, workstations, servers, mobile devices. Media security:
Coax, UTP, STP, fibre. Removable media. Topologies: Security zones, DMZ,
Intranet, Extranet, VLANs, NAT, Tunnelling. IDS: Active/ passive,
network/host based, honey pots, incident response. Security baselines:
Hardening OS/NOS, networks and applications.
* Cryptography basics
Integrity, confidentiality, access control, authentication, non-repudiation.
Standards and protocols. Hashing, symmetric, asymmetric. PKI: Certificates,
policies, practice statements, revocation, trust models. Key management and
certificate lifecycles. Storage: h/w, s/w, private key protection. Escrow,
expiration, revocation, suspension, recovery, destruction, key usage.
* Operational/Organisation security
Physical security: Access control, social engineering, environment. Disaster
recovery: Backups, secure disaster recovery plans. Business continuity:
Utilities, high availability, backups. Security policies: AU, due care,
privacy, separation of duties, need to know, password management, SLAs,
disposal, destruction, HR policies. Incident response policy. Privilege
management: Users, groups, roles, single sign on, centralised/decentralised.
Auditing. Forensics: Chain of custody, preserving and collecting evidence.
Identifying risks: Assets, risks, threats, vulnerabilities. Role of
education/training. Security documentation.