Brampton Campus
Simply a Better Way to Learn!
CompTIA Security+ Certification
There is compelling evidence that neither technologies nor policies alone offer effective protection against security threats. Theft and destruction of intellectual property takes place despite the presence of firewalls, encryption and corporate edicts. The industry and governments around the world must have a well-trained workforce to effectively combat hackers, attacks and security threats. CompTIA Security+ is the standard validation for that workforce.
The CompTIA Security+ certification tests for security knowledge mastery of an individual with two years on-the-job networking experience, with emphasis on security. The exam covers industry-wide topics, including communication security, infrastructure security, cryptography, access control, authentication, external attack and operational and organization security.
A+ Certification and some industry experience is recommended prior to this course.
- Classroom Training - 30 hours of lectures, labs and practice exercises
- Self paced training for the individual with one-on-one attention
Overview and objectives
This practical five-day hands-on course is intended for students wishing to qualify with Security+ Certification.
A typical student will have good knowledge of Personal Computers, Networking and the internet technologies.
Course content
General Security Concepts Understanding Information Security Securing the Physical Environment Examining Operational Security Working with Management and Policies Understanding the Goals of Information Security Comprehending the Security Process Appreciating Antivirus Software Implementing Access Control Understanding Authentication Understanding Networking Services and Protocols Distinguishing Between Security Topologies Setting Design Goals Creating Security Zones Working with Newer Technologies Business Concerns to Be Aware Of
Identifying Potential Risks Calculating Attack Strategies Types of Access Attacks Recognizing Modification and Repudiation Attacks Identifying Denial of Service (DoS) and Distributed DoS (DDoS) Attacks Recognizing Common Attacks Back Door Attacks Spoofing Attacks Man-in-the-Middle Attacks Replay Attacks Password-Guessing Attacks Identifying TCP/IP Security Concerns Working with the TCP/IP Protocol Suite Encapsulation Working with Protocols and Services Recognizing TCP/IP Attacks Understanding Software Exploitation Surviving Malicious Code Viruses Trojan Horses Logic Bombs Worms Antivirus Software Understanding Social Engineering An Introduction to Auditing Processes and Files
Infrastructure and Connectivity Understanding Infrastructure Security Working with Hardware Components Working with Software Components Understanding the Different Network Infrastructure Devices Firewalls Hubs Routers Switches Wireless Access Points Modems Remote Access Services Telecom/PBX Systems Virtual Private Networks Monitoring and Diagnosing Networks Network Monitors Securing Workstations and Servers Understanding Mobile Devices Understanding Remote Access Using the Serial Line Internet Protocol Using the Point-to-Point Protocol Tunneling Protocols 802.1X Wireless Protocols Securing Internet Connections Working with Ports and Sockets The Principles of E-Mail Working with the Web Working with the File Transfer Protocol Understanding SNMP and Other TCP/IP Protocols The Basics of Cabling, Wires, and Communications Coax Unshielded Twisted Pair and Shielded Twisted Pair Fiber Optic Infrared Radio Frequencies Microwave Systems Employing Removable Media Tape CD-R Hard Drives Diskettes Flash Cards Smart Cards
Monitoring Communications Activity Monitoring the Network Recognizing the Different Types of Network Traffic Monitoring Network Systems Understanding Intrusion Detection Systems Working with a Network-Based IDS Working with a Host-Based IDS Utilizing Honey Pots Understanding Incident Response Working with Wireless Systems Wireless Transport Layer Security IEEE 802.11x Wireless Protocols WEP/WAP Wireless Vulnerabilities to Know Understanding Instant Messagings Features IM Vulnerabilities Controlling Privacy Working with 8.3 File Naming Understanding Packet Sniffing Understanding Signal Analysis and Intelligence Footprinting Scanning
Implementing and Maintaining a Secure Network Overview of Network Security Threats Defining Security Baselines Hardening the OS and NOS Configuring Network Protocols Microsoft Windows 9x Hardening Microsoft Windows NT 4 Hardening Microsoft Windows 2000 Hardening Microsoft Windows XP Hardening Windows Server 2003 Hardening Unix/Linux Hardening Novell NetWare Hardening Apple Macintosh Hardening Filesystems Updating Your Operating System Hardening Network Devices Updating Network Devices Configuring Routers and Firewalls Hardening Applications Hardening Web Servers Hardening E-Mail Servers Hardening FTP Servers Hardening DNS Servers Hardening NNTP Servers Hardening File and Print Servers and Services Hardening DHCP Services Working with Data Repositories
Securing the Network and Environment Understanding Physical and Network Security Implementing Access Control Understanding Social Engineering Scanning the Environment Understanding Business Continuity Planning Undertaking Business Impact Analysis Assessing Risk Developing Policies, Standards, and Guidelines Implementing Policies Incorporating Standards Following Guidelines Working with Security Standards and ISO 17799 Classifying Information Public Information Private Information Roles in the Security Process Information Access Controls
Cryptography Basics and Methods An Overview of Cryptography Understanding Physical Cryptography Understanding Mathematical Cryptography Understanding Quantum Cryptography Uncovering the Myth of Unbreakable Codes Understanding Cryptographic Algorithms The Science of Hashing Working with Symmetric Algorithms Working with Asymmetric Algorithms Using Cryptographic Systems Confidentiality Integrity Authentication Non-Repudiation Access Control Using Public Key Infrastructure Using a Certificate Authority Working with Registration Authorities and Local Registration Authorities Implementing Certificates Understanding Certificate Revocation Implementing Trust Models Preparing for Cryptographic Attacks
Cryptography Standards Understanding Cryptography Standards and Protocols The Origins of Encryption Standards PKIX/PKCS X.509 SSL and TLS CMP S/MIME SET SSH PGP HTTPS S-HTTP IPSec FIPS Common Criteria WTLS WEP ISO 17799 Understanding Key Management and the Key Life Cycle Comparing Centralized and Decentralized Key Generation Storing and Distributing Keys Using Key Escrow Key Expiration Revoking Keys Suspending Keys Recovering and Archiving Keys Renewing Keys Destroying Keys
Security Policies and Procedures Understanding Business Continuity Utilities High Availability Disaster Recovery Reinforcing Vendor Support Service Level Agreements (SLAs) Code Escrow Generating Policies and Procedures Human Resource Policies Business Policies Certificate Policies Incident Response Policies Enforcing Privilege Management User and Group Role Management Privilege Escalation Single Sign-On Privilege Decision Making Auditing Access Control
Security Management Understanding Computer Forensics Methodology of a Forensic Investigation Enforcing the Chain of Custody Preserving Evidence Collecting Evidence Understanding Security Management Drafting Best Practices and Documentation Understanding Security Awareness and Education Using Communication and Awareness Providing Education Staying on Top of Security Websites Trade Publications Regulating Privacy and Security Health Insurance Portability and Accountability Act Gramm-Leach Bliley Act of 1999 Computer Fraud and Abuse Act Family Educational Rights and Privacy Act Computer Security Act of 1987 Cyberspace Electronic Security Act Cyber Security Enhancement Act Patriot Act Familiarizing Yourself with International Efforts
