LearnKey Training

Security+ 2008 Course

Security+ 2008 Course

Back to Product Page


Security+ 2008 Course

6 Sessions -
17 Hours of Interactive Training

Develop your understanding of network administration by gaining a certifiable knowledge of Security+ by CompTIA. Learn how to secure and manage all facets of your network from CPU cycles to software used by individuals or across a network. Security+ is the next level to attain certification for every IT network administrator. This course will prepare you to pass the CompTIA Security+® certification exam SY0-201.

Benefits
  • Implement and maintain an effective security strategy within your company's network infrastructure
  • Our courses meet or exceed all CompTIA® certification objectives for exam SY0-201
  • Learn the knowledge of systems security, network infrastructure, access control, assessments and audits

About The Author
Tom Carpenter is a trainer, consultant and author specializing in networking technologies and Microsoft solutions. Tom has written more than 15 books on topics ranging from Windows Server to wireless networking. He has trained more than 30,000 IT professionals since 1997 in face-to-face training classes and he has taught more than 60,000 through webinars and online training programs. He holds certifications with Microsoft, CompTIA and CWNP and is the current CTO for CWNP - the premiere 802.11 wireless administration certification program. With more than 20 years experience in the IT industry, Tom brings a wealth of experience to any training program.

Session 1

Section A: Introduction

  • Prerequisites
  • Knowledge Domains
  • Security Importance
  • Applications

Section B: Security Requirements

  • Requirements
  • Classification
  • Due Care
  • Due Diligence
  • Due Process
  • User Education
  • HR Security

Section C: Security Threats

  • Understanding Threats
  • Viruses and Worms
  • Trojans, Spyware, and Malware
  • Rootkits
  • Spam Filtering
  • Botnets

Section D: Privilege Escalation

  • Initial Entry
  • Escalation Methods
  • After Escalation
  • Performing a Logic Bomb

Section E: Hardware Security Risks

  • BIOS
  • USB Devices
  • Removable Storage
  • Cell Phones

Section F: Network Vulnerabilities

  • Vulnerable Devices
  • Weak Passwords
  • Backdoors
  • Denial of Service
  • Vampire Taps

Section G: Infrastructure Risks

  • Old Protocols
  • TCP/IP Issues
  • Null Sessions
  • Spoofing
  • Man-in-the-Middle
  • Replay Attacks
  • DDoS
  • DNS Vulnerabilities
  • ARP Poisoning

Session 2

Section A: Wireless Vulnerabilities

  • Wireless LANs
  • Wi-Fi
  • Data Emanation
  • War Driving
  • Default Behaviors
  • Rogue APs
  • Hijacking

Section B: Wireless Encryption

  • Encryption Cracking
  • WEP
  • Authentication
  • Understanding WEP
  • WEP Key Problems
  • Weak Initialization Vectors

Section C: Personal Device Security

  • Portable Devices
  • Bluejacking
  • Bluesnarfing
  • Blackjacking
  • Laptops

Section D: Authentication Fundamentals

  • Identification
  • Authentication
  • One Factor
  • Multiple Factors
  • Single Sign-On

Section E: Authentication Hardware

  • Thumb Scanners
  • FAR and FRR
  • Smart Cards
  • RFID

Section F: Authentication Protocols

  • Understanding Protocols
  • PAP and CHAP
  • LAN Manager
  • NTLM
  • NTLMv2

Section G: Advanced Authentication Protocols

  • Kerberos
  • Kerberos Tickets
  • Kerberos Access
  • LDAP
  • 802.1X/RADIUS
  • TACACS
  • RAS

Section H: Users, Groups, and Roles

  • Active Directory
  • Users
  • Groups
  • Group Strategy
  • Guidelines
  • Roles

Section I: Authorization Models

  • Group Policy Editor
  • Password Policies
  • Lockout Policies
  • Creating Accounts
  • Account Parameters

Session 3

Section A: ACLs

  • Managing Folder Access
  • Network Resource Permissions

Section B: Access Control Methods

  • MAC
  • DAC
  • RBAC
  • Least Privilege
  • Implicit Deny
  • Duty Separation

Section C: Remote Access Security

  • Remote Access
  • RA Encryption
  • RA Authentication
  • Enabling RAS
  • RAS Authentication Options

Section D: Physical Security

  • Understanding Physical Security
  • Affecting Factors
  • Access Control
  • Facility Access Checklist
  • Internal Access Checklist
  • Network Access Checklist

Section E: OS Hardening

  • Patches
  • Service Packs
  • Patch Management
  • Linux Hardening
  • Windows Hardening
  • Creating Security Templates
  • Security Analysis

Section F: Application Security

  • Buffer Overflows
  • Dependencies
  • Stack-Based Overflows
  • Heap-Based Overflows
  • After the Attack
  • Countermeasures
  • Instant Messaging
  • P2P Networks

Section G: Web Application Security

  • Web Servers
  • Communications
  • Common Attacks
  • Web Applications
  • ActiveX and Java
  • XSS
  • Browser Options
  • Cookies
  • Input Validation

Section H: E-mail Security

  • E-mail Protocols
  • E-mail Threats
  • E-mail Authentication
  • Confidentiality
  • SMTP Relay
  • Spam Solutions

Session 4

Section A: Client Security Solutions

  • avast Software
  • Spam Filtering
  • Pop-Up Blocking
  • Personal Firewalls
  • HIDS

Section B: Virtualization and Security

  • Virtualization Defined
  • Benefits
  • Scenarios
  • Virtual PC
  • Hyper-V
  • VMware
  • Planning
  • Security Issues

Section C: Network Firewalls

  • Understanding Firewalls
  • Firewall Types
  • Firewall Installation
  • Well Known Ports
  • Port Blocking

Section D: Network Security Design

  • Subnetting
  • Virtual LANs
  • Connecting Networks
  • DMZ
  • NAT
  • NAC

Section E: Telephony Security

  • Traditional PBX
  • VoIP
  • SIP Security
  • H.323 Security

Section F: Intrusion Detection and Prevention

  • Intrusion Monitoring
  • IDS Solutions
  • Detection Methods
  • IPS Solutions
  • IPS Detection States
  • Intrusion Indications
  • IDS Implementations
  • Intrusion Responses
  • Honeypots

Section G: Controlling Internet Access

  • Proxy Servers
  • Internet Filters
  • Creating a Firewall Rule

Section H: Protocol Analyzers

  • Installing Wireshark
  • Capturing E-mail Logon
  • Creating HTTP Filter
  • Viewing Passwords

Session 5

Section A: Wireless Network Security

  • War Driving
  • SSID Issues
  • Rogue APs
  • Weak Encryption
  • Configuring WPA

Section B: Monitoring Systems

  • Performance Tools
  • Task Manager
  • Performance Snap-In
  • Baselines
  • Creating a Baseline
  • Creating a Second Baseline
  • Comparing Baselines with Excel

Section C: Scanning the Network

  • Port Scanning
  • Angry IP Scanner
  • Scanning Devices
  • Service Enumeration
  • Configuring Zenmap GUI
  • Nmap Scanning

Section D: Vulnerability Scanning

  • Sectools.org
  • OVAL
  • National Vulnerability Database
  • Password Cracker
  • Pen Testing

Section E: Logging and Auditing

  • Importance of Logs
  • DNS Logs
  • System Logs
  • Performance Logs
  • Access Logs
  • Firewall Logs
  • Antivirus Logs
  • Auditing

Section F: Cryptography 101

  • Encryption
  • Simple Encryption
  • CIA
  • Non-Repudiation
  • Whole Disk
  • Key Management
  • Steganography
  • Encryption Testing
  • TPM

Section G: Encryption Algorithms

  • Encryption Types
  • Key Factors
  • DES
  • 3DES
  • RSA
  • ECC
  • PGP
  • AES
  • RC4
  • Secure Transfer
  • One-Time Pad

Session 6

Section A: Encryption Protocols and Hashing

  • Hashing
  • Hashing Protocols
  • Digital Signatures
  • SSL/TLS
  • TLS Goals
  • SSL Operations
  • PPTP
  • L2TP
  • IPSec
  • HTTP Solutions
  • SSH

Section B: Public Key Cryptography

  • Certificates
  • PK Cryptography
  • PKI Components
  • PKI Processes

Section C: Risk Assessments

  • Risk Management
  • Asset Identification
  • Threat Identification
  • Risk Assessment
  • Risk Tracking

Section D: Redundancy Planning

  • Failure Points
  • RAID
  • Spare Parts
  • Redundant Servers
  • Redundant ISP
  • Power Supply
  • Spare Sites

Section E: Incident Response

  • Incident Defined
  • IR Process
  • First Responders
  • Computer Forensics
  • Chain of Custody
  • Reporting
  • Damage Control

Section F: Disaster Recovery

  • Planning
  • Backup Practices
  • Backup Methods
  • Backup Types
  • Media Rotation
  • Restoration
  • DR Exercises

Section G: Social Engineering

  • Definition
  • Example Attacks
  • Dumpster Diving
  • Passive Attacks
  • Inside/Outside Attacks
  • Reverse
  • Phishing Attacks

Section H: Security Policies

  • Importance
  • General Policies
  • Functional Policies
  • sans.org