Image Image Image Image Image Image Image Image Image

20 Sep

By

Course: CompTIA Security+ section 2

September 20, 2013 | By |

Course Outline

Day 1: Basic Security Concepts

  • Firewalls, Routers, and Switches.
  • Load Balancers, Proxies, and Gateways.
  • VPN concentrators, NIDS and NIPS.
  • Protocol analyzers and Sniffers.
  • URL filtering, content inspection, malware inspection.
  • Rule-based management and Firewall rules.
  • Securing routers and switches.
  • Access control lists (ACLs) and Port Security.
  • Network Design.
  • DMZ, Subnetting, VLAN, and NAT.
  • Protocols and Ports.
  • IPSec, SSH, TLS, SSL, TCP/IP.
  • SNMP, FTP, HTTPS, DNS.
  • TELNET, NetBIOS.
  • Wireless Security.

Day 2: Security Risks and Prevention

  • Importance of policies in reducing risk.
  • Risk-avoidance, transference, acceptance, mitigation, deterrence.
  • Implement security controls based on risk.
  • User rights and permissions reviews.
  • Data loss, theft, and auditing.
  • IT contingency planning.
  • Backups, execution and frequency.
  • High availability, redundancy, and fault tolerance.
  • Confidentiality, integrity, and availability (CIA).
  • Malware, common attacks, and social engineering attacks.
  • Wireless and application attacks.

Day 3: Mitigation Techniques

  • Application security.
  • Host Security.
  • Data Security.
  • Access Control and Identity Management.
  • RADIUS, TACACS+, and Kerberos.
  • Authorization, Authentication, and Access Control (AAA).
  • Biometrics, tokens, and smart cards.
  • ACLs, role/rule-based access control.
  • Group Policies and user assigned privileges.

Days 4-5: Cryptography

  • Symmetric vs. asymmetric.
  • Fundamental differences and encryption methods.
  • Transport encryption.
  • Non-repudiation.
  • Hashing.
  • Digital signatures.
  • Elliptic curve and quantum cryptography Host Security.
  • WEP vs. WPA/WPA2 and pre-shared keys.
  • MD5, SHA, AES, DES, and 3DES.
  • HMAC, RSA, RC4, CHAP, and PAP.
  • Comparative strengths of algorithms.
  • Use of algorithms with transport encryption.

Day 5: Public Key Infrastructure (PKI) and Exam Prep

  • Certificate authorities and digital certificates.
  • Recovery agents, Public keys, and Private keys.
  • Registration, Key escrow, and Trust models.
  • PKI Implementation.
  • Certificate authorities and digital certificates.
  • Putting it all together.
  • Review and practice questions.
  • Exam preparataion.