IT Security/Collection
IT Security
editLearning Guide
editThis learning guide supports the Wikiversity course IT Security, available at http://en.wikiversity.org/wiki/IT_Security.
Overview
editIT Security/Collection/Sidebar IT Security is an information technology topic that includes network security, operational security, threats and vulnerabilities, host security, security controls, and cryptography.
This course combines Wikipedia readings, YouTube videos, and hands-on learning activities to assist learners in preparing for CompTIA Security+ Certification.
Preparation
editThis is a fourth-semester, college-level course. Learners should already be familiar with introductory computer concepts, computer support concepts, and computer networking concepts.
Objectives
editSee the list of all objectives. For specific domains:
- General Security Concepts
- Threats, Vulnerabilities, and Mitigations
- Security Architecture
- Security Operations
- Security Program Management and Oversight
Also see the list of acronyms and the list of technologies .
Test Details
editExam description:
The exam will verify the successful candidate has the knowledge and skills required to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; monitor and secure hybrid environments, including cloud, mobile, and IoT; operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance; identify, analyze, and respond to security events and incidents.
Number of questions: Maximum of 90
Length of test: 90 minutes
Passing score: 750 (on a scale of 100-900)
Recommended experience:
A minimum of 2 years of experience in IT administration with a focus on security, hands-on experience with technical information security, and broad knowledge of security concepts.
Exam code: SY0-701
Languages: English, with Japanese, Portuguese and Spanish to follow
See Also
editSearch for Computer security on Wikipedia. |
- Computer Skills
- Internet and Computing Core Certification (IC3)
- Computer Networks
- Exam 98-367: Security Fundamentals
- Computer Security
CompTIA
editWikibooks has a book on the topic of Security+ Certification. |
External links
editReferences
edit
Network Security
editThis lesson covers network device security.
Objectives and Skills
editObjectives and skills for the network devices portion of Security+ certification include:[1]
- Implement security configuration parameters on network devices and other technologies.
- Firewalls
- Routers
- Switches
- Load Balancers
- Proxies
- Web security gateways
- VPN concentrators
- NIDS and NIPS
- Behavior based
- Signature based
- Anomaly based
- Heuristic
- Protocol analyzers
- Spam filter
- UTM security appliances
- URL filter
- Content inspection
- Malware inspection
- Web application firewall vs. network firewall
- Application aware devices
- Firewalls
- IPS
- IDS
- Proxies
Readings
editMultimedia
edit- YouTube: Routers, Firewalls, and Switches - CompTIA Security+ SY0-401: 1.1
- YouTube: Load Balancers and Proxies - CompTIA Security+ SY0-401: 1.1
- YouTube: Web Security Gateways and UTMs - CompTIA Security+ SY0-401: 1.1
- YouTube: VPN Concentrators - CompTIA Security+ SY0-401: 1.1
- YouTube: Application-Aware Security Devices - CompTIA Security+ SY0-401: 1.1
Activities
editSee Also
editReferences
editThis lesson covers network administration security.
Objectives and Skills
editObjectives and skills for the network administration portion of Security+ certification include:[1]
- Given a scenario, use secure network administration principles.
- Rule-based management
- Firewall rules
- VLAN management
- Secure router configuration
- Access control lists
- Port Security
- 802.1x
- Flood guards
- Loop protection
- Implicit deny
- Network separation
- Log analysis
- Unified Threat Management
Readings
editMultimedia
edit- YouTube: Firewall Rules - CompTIA Security+ SY0-401: 1.2
- YouTube: VLAN Management - CompTIA Security+ SY0-401: 1.2
- YouTube: Spanning Tree Protocol and Loop Protection - CompTIA Security+ SY0-401: 1.2
- YouTube: Secure Router Configuration - CompTIA Security+ SY0-401: 1.2
- YouTube: Access Control Lists - CompTIA Security+ SY0-401: 1.2
- YouTube: Port Security and 802.1X - CompTIA Security+ SY0-401: 1.2
- YouTube: Flood Guards - CompTIA Security+ SY0-401: 1.2
- YouTube: Network Separation - CompTIA Security+ SY0-401: 1.2
- YouTube: Log Analysis - CompTIA Security+ SY0-401: 1.2
Activities
editSee Also
editReferences
editThis lesson covers network design security.
Objectives and Skills
editObjectives and skills for the network design portion of Security+ certification include:[1]
- Explain network design elements and components.
- DMZ
- Subnetting
- VLAN
- NAT
- Remote Access
- Telephony
- NAC
- Virtualization
- Cloud Computing
- Platform as a Service
- Software as a Service
- Infrastructure as a Service
- Private
- Public
- Hybrid
- Community
- Layered security / Defense in depth
Readings
editMultimedia
edit- YouTube: DMZ - CompTIA Security+ SY0-401: 1.3
- YouTube: Subnetting the Network - CompTIA Security+ SY0-401: 1.3
- YouTube: VLANs - CompTIA Security+ SY0-401: 1.3
- YouTube: Network Address Translation - CompTIA Security+ SY0-401: 1.3
- YouTube: Remote Access - CompTIA Security+ SY0-401: 1.3
- YouTube: Telephony - CompTIA Security+ SY0-401: 1.3
- YouTube: Network Access Control - CompTIA Security+ SY0-401: 1.3
- YouTube: Virtualization - CompTIA Security+ SY0-401: 1.3
- YouTube: Cloud Computing - CompTIA Security+ SY0-401: 1.3
- YouTube: Defense in Depth - CompTIA Security+ SY0-401: 1.3
Activities
editSee Also
editReferences
editThis lesson covers network protocols security.
Objectives and Skills
editObjectives and skills for the network protocols portion of Security+ certification include:[1]
- Given a scenario, implement common protocols and services.
- Protocols
- IPSec
- SNMP
- SSH
- DNS
- TLS
- SSL
- TCP/IP
- FTPS
- HTTPS
- SCP
- ICMP
- IPv4
- IPv6
- iSCSI
- Fibre Channel
- FCoE
- FTP
- SFTP
- TFTP
- TELNET
- HTTP
- NetBIOS
- NTP
- Ports
- 21
- 22
- 25
- 53
- 80
- 110
- 123
- 139
- 143
- 443
- 3389
- OSI relevance
- Protocols
Readings
editMultimedia
edit- YouTube: IPv4 and IPv6 - CompTIA Security+ SY0-401: 1.4
- YouTube: IPsec - CompTIA Security+ SY0-401: 1.4
- YouTube: ICMP and SNMP - CompTIA Security+ SY0-401: 1.4
- YouTube: Telnet and SSH - CompTIA Security+ SY0-401: 1.4
- YouTube: Transferring Files - CompTIA Security+ SY0-401: 1.4
- YouTube: DNS - CompTIA Security+ SY0-401: 1.4
- YouTube: HTTPS and TLS/SSL - CompTIA Security+ SY0-401: 1.4
- YouTube: Storage Area Networking - CompTIA Security+ SY0-401: 1.4
- YouTube: NetBIOS - CompTIA Security+ SY0-401: 1.4
- YouTube: Common Network Ports - CompTIA Security+ SY0-401: 1.4
- YouTube: Protocols and the OSI Model - CompTIA Security+ SY0-401: 1.4
Activities
editSee Also
editReferences
editThis lesson covers wireless network security.
Objectives and Skills
editObjectives and skills for the wireless network portion of Security+ certification include:[1]
- Given a scenario, troubleshoot security issues related to wireless networking.
- WPA
- WPA2
- WEP
- EAP
- PEAP
- LEAP
- MAC filter
- Disable SSID broadcast
- TKIP
- CCMP
- Antenna Placement
- Power level controls
- Captive portals
- Antenna types
- Site surveys
- VPN (over open wireless)
Readings
editMultimedia
edit- YouTube: Wireless Encryption - CompTIA Security+ SY0-401: 1.5
- YouTube: EAP, LEAP, and PEAP - CompTIA Security+ SY0-401: 1.5
- YouTube: MAC Address Filtering - CompTIA Security+ SY0-401: 1.5
- YouTube: SSID Management - CompTIA Security+ SY0-401: 1.5
- YouTube: TKIP and CCMP - CompTIA Security+ SY0-401: 1.5
- YouTube: Wireless Power and Antenna Placement - CompTIA Security+ SY0-401: 1.5
- YouTube: Captive Portals - CompTIA Security+ SY0-401: 1.5
- YouTube: Antenna Types - CompTIA Security+ SY0-401: 1.5
- YouTube: Site Surveys - CompTIA Security+ SY0-401: 1.5
- YouTube: VPN Over Open Wireless Networks - CompTIA Security+ SY0-401: 1.5
Activities
editSee Also
editReferences
editOperational Security
editThis lesson covers risk concepts.
Objectives and Skills
editObjectives and skills for the risk concepts portion of Security+ certification include:[1]
- Explain the importance of risk related concepts.
- Control types
- Technical
- Management
- Operational
- False positives
- False negatives
- Importance of policies in reducing risk
- Privacy policy
- Acceptable use
- Security policy
- Mandatory vacations
- Job rotation
- Separation of duties
- Least privilege
- Risk calculation
- Likelihood
- ALE
- Impact
- SLE
- ARO
- MTTR
- MTTF
- MTBF
- Quantitative vs. qualitative
- Vulnerabilities
- Threat vectors
- Probability / threat likelihood
- Risk-avoidance, transference, acceptance, mitigation, deterrence
- Risks associated with Cloud Computing and Virtualization
- Recovery time objective and recovery point objective
- Control types
Readings
editMultimedia
edit- YouTube: Control Types - CompTIA Security+ SY0-401: 2.1
- YouTube: False Positives and False Negatives - CompTIA Security+ SY0-401: 2.1
- YouTube: Reducing Risk with Security Policies - CompTIA Security+ SY0-401: 2.1
- YouTube: Calculating Risk - CompTIA Security+ SY0-401: 2.1
- YouTube: Quantitative and Qualitative Risk Assessment - CompTIA Security+ SY0-401: 2.1
- YouTube: Vulnerabilities, Threat Vectors, and Probability - CompTIA Security+ SY0-401: 2.1
- YouTube: Risk Avoidance - CompTIA Security+ SY0-401: 2.1
- YouTube: Risks with Cloud Computing and Virtualization - CompTIA Security+ SY0-401: 2.1
- YouTube: Recovery Time Objectives - CompTIA Security+ SY0-401: 2.1
Activities
editSee Also
editReferences
editThis lesson covers systems integration security.
Objectives and Skills
editObjectives and skills for the systems integration portion of Security+ certification include:[1]
- Summarize the security implications of integrating systems and data with third parties.
- On-boarding/off-boarding business partners
- Social media networks and/or applications
- Interoperability agreements
- SLA
- BPA
- MOU
- ISA
- Privacy considerations
- Risk awareness
- Unauthorized data sharing
- Data ownership
- Data backups
- Follow security policy and procedures
- Review agreement requirements to verify compliance and performance standards
Readings
editMultimedia
edit- YouTube: On-boarding and Off-boarding Business Partners - CompTIA Security+ SY0-401: 2.2
- YouTube: Security Implications of Social Media - CompTIA Security+ SY0-401: 2.2
- YouTube: Interoperability Agreements - CompTIA Security+ SY0-401: 2.2
- YouTube: Privacy Considerations and Data Ownership with Third Parties - CompTIA Security+ SY0-401: 2.2
- YouTube: Risk Awareness with Third Parties - CompTIA Security+ SY0-401: 2.2
- YouTube: Data Ownership and Unauthorized Data Sharing - CompTIA Security+ SY0-401: 2.2
- YouTube: Data Backups with Third Parties - CompTIA Security+ SY0-401: 2.2
- YouTube: Security Policy Considerations with Third Parties - CompTIA Security+ SY0-401: 2.2
- YouTube: Third-Party Security Compliance - CompTIA Security+ SY0-401: 2.2
Activities
editSee Also
editReferences
editThis lesson covers risk mitigation.
Objectives and Skills
editObjectives and skills for the risk mitigation portion of Security+ certification include:[1]
- Given a scenario, implement appropriate risk mitigation strategies.
- Change management
- Incident management
- User rights and permissions reviews
- Perform routine audits
- Enforce policies and procedures to prevent data loss or theft
- Enforce technology controls
- Data Loss Prevention (DLP)
Readings
editMultimedia
edit- YouTube: Change Management - CompTIA Security+ SY0-401: 2.3
- YouTube: Incident Management - CompTIA Security+ SY0-401: 2.3
- YouTube: User Rights and Permissions - CompTIA Security+ SY0-401: 2.3
- YouTube: Security Audits - CompTIA Security+ SY0-401: 2.3
- YouTube: Data Loss and Theft Policies - CompTIA Security+ SY0-401: 2.3
- YouTube: Data Loss Prevention - CompTIA Security+ SY0-401: 2.3
Activities
editSee Also
editReferences
editThis lesson covers forensics procedures.
Objectives and Skills
editObjectives and skills for the forensics procedures portion of Security+ certification include:[1]
- Given a scenario, implement basic forensic procedures.
- Order of volatility
- Capture system image
- Network traffic and logs
- Capture video
- Record time offset
- Take hashes
- Screenshots
- Witnesses
- Track man hours and expense
- Chain of custody
- Big Data analysis
Readings
editMultimedia
edit- YouTube: Order of Volatility - CompTIA Security+ SY0-401: 2.4
- YouTube: Capturing System Images - CompTIA Security+ SY0-401: 2.4
- YouTube: Capturing Network Traffic and Logs - CompTIA Security+ SY0-401: 2.4
- YouTube: Capturing Video - CompTIA Security+ SY0-401: 2.4
- YouTube: Recording Time Offsets - CompTIA Security+ SY0-401: 2.4
- YouTube: Taking Hashes - CompTIA Security+ SY0-401: 2.4
- YouTube: Taking Screenshots - CompTIA Security+ SY0-401: 2.4
- YouTube: Interviewing Witnesses - CompTIA Security+ SY0-401: 2.4
- YouTube: Tracking Man-Hours and Expenses - CompTIA Security+ SY0-401: 2.4
- YouTube: Chain of Custody - CompTIA Security+ SY0-401: 2.4
- YouTube: Big Data Analysis - CompTIA Security+ SY0-401: 2.4
Activities
editSee Also
editReferences
editThis lesson covers incident response.
Objectives and Skills
editObjectives and skills for the incident response portion of Security+ certification include:[1]
- Summarize common incident response procedures.
- Preparation
- Incident identification
- Escalation and notification
- Mitigation steps
- Lessons learned
- Reporting
- Recovery/reconstitution procedures
- First responder
- Incident isolation
- Quarantine
- Device removal
- Data breach
- Damage and loss control
Readings
editMultimedia
edit- YouTube: Preparing for an Incident - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Identification - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Escalation and Notification - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Mitigation and Isolation - CompTIA Security+ SY0-401: 2.5
- YouTube: Lessons Learned from Incidents - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Reporting - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Recovery and Reconstitution - CompTIA Security+ SY0-401: 2.5
- YouTube: First Responder - CompTIA Security+ SY0-401: 2.5
- YouTube: Data Breaches - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Damage and Loss Control - CompTIA Security+ SY0-401: 2.5
Activities
editSee Also
editReferences
editThis lesson covers security training.
Objectives and Skills
editObjectives and skills for the security training portion of Security+ certification include:[1]
- Explain the importance of security related awareness and training.
- Security policy training and procedures
- Role-based training
- Personally identifiable information
- Information classification
- High
- Medium
- Low
- Confidential
- Private
- Public
- Data labeling, handling and disposal
- Compliance with laws, best practices and standards
- User habits
- Password behaviors
- Data handling
- Clean desk policies
- Prevent tailgating
- Personally owned devices
- New threats and new security trends/alerts
- New viruses
- Phishing attacks
- Zero-day exploits
- Use of social networking and P2P
- Follow up and gather training metrics to validate compliance and security posture
Readings
editMultimedia
edit- YouTube: Security Policy Training and Procedures - CompTIA Security+ SY0-401: 2.6
- YouTube: Personally Identifiable Information - CompTIA Security+ SY0-401: 2.6
- YouTube: Information Classification - CompTIA Security+ SY0-401: 2.6
- YouTube: Data Labeling, Handling, and Disposal - CompTIA Security+ SY0-401: 2.6
- YouTube: Compliance Best-Practices and Standards - CompTIA Security+ SY0-401: 2.6
- YouTube: User Habits - CompTIA Security+ SY0-401: 2.6
- YouTube: New Threats and Security Trends - CompTIA Security+ SY0-401: 2.6
- YouTube: Social Networking and Peer-to-Peer Security - CompTIA Security+ SY0-401: 2.6
- YouTube: Gathering Training Metrics - CompTIA Security+ SY0-401: 2.6
Activities
editSee Also
editReferences
editThis lesson covers physical security.
Objectives and Skills
editObjectives and skills for the physical security portion of Security+ certification include:[1]
- Compare and contrast physical security and environmental controls.
- Environmental controls
- HVAC
- Fire suppression
- EMI shielding
- Hot and cold aisles
- Environmental monitoring
- Temperature and humidity controls
- Physical security
- Hardware locks
- Mantraps
- Video Surveillance
- Fencing
- Proximity readers
- Access list
- Proper lighting
- Signs
- Guards
- Barricades
- Biometrics
- Protected distribution (cabling)
- Alarms
- Motion detection
- Control types
- Deterrent
- Preventive
- Detective
- Compensating
- Technical
- Administrative
- Environmental controls
Readings
editMultimedia
edit- YouTube: HVAC, Temperature, and Humidity Controls - CompTIA Security+ SY0-401: 2.7
- YouTube: Fire Suppression - CompTIA Security+ SY0-401: 2.7
- YouTube: EMI Shielding - CompTIA Security+ SY0-401: 2.7
- YouTube: Hot and Cold Aisles - CompTIA Security+ SY0-401: 2.7
- YouTube: Environmental Monitoring - CompTIA Security+ SY0-401: 2.7
- YouTube: Physical Security - CompTIA Security+ SY0-401: 2.7
- YouTube: Physical Security Control Types - CompTIA Security+ SY0-401: 2.7
Activities
editSee Also
editReferences
editThis lesson covers risk management best practices.
Objectives and Skills
editObjectives and skills for the risk management best practies portion of Security+ certification include:[1]
- Summarize risk management best practices.
- Business continuity concepts
- Business impact analysis
- Identification of critical systems and components
- Removing single points of failure
- Business continuity planning and testing
- Risk assessment
- Continuity of operations
- Disaster recovery
- IT contingency planning
- Succession planning
- High availability
- Redundancy
- Tabletop exercises
- Fault tolerance
- Hardware
- RAID: software (mdadm) or hardware
- Clustering
- Load balancing
- Servers
- Disaster recovery concepts
- Backup plans/policies
- Backup execution/frequency
- Cold site
- Hot site
- Warm site
- Business continuity concepts
Readings
editMultimedia
edit- YouTube: Business Impact Analysis - CompTIA Security+ SY0-401: 2.8
- YouTube: Critical Systems and Components - CompTIA Security+ SY0-401: 2.8
- YouTube: Redundancy and Single Points of Failure - CompTIA Security+ SY0-401: 2.8
- YouTube: Continuity of Operations - CompTIA Security+ SY0-401: 2.8
- YouTube: Disaster Recovery Planning and Testing - CompTIA Security+ SY0-401: 2.8
- YouTube: IT Contingency Planning - CompTIA Security+ SY0-401: 2.8
- YouTube: Succession Planning - CompTIA Security+ SY0-401: 2.8
- YouTube: Tabletop Exercises - CompTIA Security+ SY0-401: 2.8
- YouTube: Redundancy, Fault Tolerance, and High Availability - CompTIA Security+ SY0-401: 2.8
- YouTube: Cold Site, Hot Site, and Warm Site - CompTIA Security+ SY0-401: 2.8
Activities
editSee Also
editReferences
editThis lesson covers security controls.
Objectives and Skills
editObjectives and skills for the security controls portion of Security+ certification include:[1]
- Given a scenario, select the appropriate control to meet the goals of security.
- Confidentiality
- Encryption
- Access controls
- Steganography
- Integrity
- Hashing
- Digital signatures
- Certificates
- Non-repudiation
- Availability
- Redundancy
- Fault tolerance
- Patching
- Safety
- Fencing
- Lighting
- Locks
- CCTV
- Escape plans
- Drills
- Escape routes
- Testing controls
- Confidentiality
Readings
editMultimedia
editActivities
editSee Also
editReferences
editThreats
editThis lesson covers malware.
Objectives and Skills
editObjectives and skills for the malware portion of Security+ certification include:[1]
- Explain types of malware.
- Adware
- Virus
- Spyware
- Trojan
- Rootkits
- Backdoors
- Logic bomb
- Botnets
- Ransomware
- Polymorphic malware
- Armored virus
Readings
editMultimedia
edit- YouTube: Malware Overview - CompTIA Security+ SY0-401: 3.1
- YouTube: Viruses and Worms - CompTIA Security+ SY0-401: 3.1
- YouTube: Adware and Spyware - CompTIA Security+ SY0-401: 3.1
- YouTube: Trojans and Backdoors - CompTIA Security+ SY0-401: 3.1
- YouTube: Rootkits - CompTIA Security+ SY0-401: 3.1
- YouTube: Logic Bombs - CompTIA Security+ SY0-401: 3.1
- YouTube: Botnets - CompTIA Security+ SY0-401: 3.1
- YouTube: Ransomware - CompTIA Security+ SY0-401: 3.1
- YouTube: Polymorphic Malware - CompTIA Security+ SY0-401: 3.1
- YouTube: Armored Virus - CompTIA Security+ SY0-401: 3.1
Activities
editSee Also
editReferences
editThis lesson covers attacks.
Objectives and Skills
editObjectives and skills for the attacks portion of Security+ certification include:[1]
- Summarize various types of attacks.
- Man-in-the-middle
- DDoS
- DoS
- Replay
- Smurf attack
- Spoofing
- Spam
- Phishing
- Spim
- Vishing
- Spear phishing
- Xmas attack
- Pharming
- Privilege escalation
- Malicious insider threat
- DNS poisoning and ARP poisoning
- Transitive access
- Client-side attacks
- Password attacks
- Brute force
- Dictionary attacks
- Hybrid
- Birthday attacks
- Rainbow tables
- Typo squatting/URL hijacking
- Watering hole attack
Readings
editMultimedia
edit- YouTube: Man-in-the-Middle Attacks - CompTIA Security+ SY0-401: 3.2
- YouTube: Denial of Service - CompTIA Security+ SY0-401: 3.2
- YouTube: Replay Attacks - CompTIA Security+ SY0-401: 3.2
- YouTube: Spoofing - CompTIA Security+ SY0-401: 3.2
- YouTube: Spam - CompTIA Security+ SY0-401: 3.2
- YouTube: Phishing - CompTIA Security+ SY0-401: 3.2
- YouTube: Vishing - CompTIA Security+ SY0-401: 3.2
- YouTube: Christmas Tree Attack - CompTIA Security+ SY0-401: 3.2
- YouTube: Privilege Escalation - CompTIA Security+ SY0-401: 3.2
- YouTube: Insider Threats - CompTIA Security+ SY0-401: 3.2
- YouTube: Transitive and Client-side Attacks - CompTIA Security+ SY0-401: 3.2
- YouTube: Password Attacks - CompTIA Security+ SY0-401: 3.2
- YouTube: URL Hijacking - CompTIA Security+ SY0-401: 3.2
- YouTube: Watering Hole Attack - CompTIA Security+ SY0-401: 3.2
Activities
editSee Also
editReferences
editThis lesson covers social engineering.
Objectives and Skills
editObjectives and skills for the social engineering portion of Security+ certification include:[1]
- Summarize social engineering attacks and the associated effectiveness with each attack.
- Shoulder surfing
- Dumpster diving
- Tailgating
- Impersonation
- Hoaxes
- Whaling
- Vishing
- Principles (reasons for effectiveness)
- Authority
- Intimidation
- Consensus/Social proof
- Scarcity
- Urgency
- Familiarity/liking
- Trust
Readings
editMultimedia
edit- YouTube: Shoulder Surfing - CompTIA Security+ SY0-401: 3.3
- YouTube: Dumpster Diving - CompTIA Security+ SY0-401: 3.3
- YouTube: Tailgating - CompTIA Security+ SY0-401: 3.3
- YouTube: Impersonation - CompTIA Security+ SY0-401: 3.3
- YouTube: Hoaxes - CompTIA Security+ SY0-401: 3.3
- YouTube: Whaling - CompTIA Security+ SY0-401: 3.3
- YouTube: The Effectiveness of Social Engineering - CompTIA Security+ SY0-401: 3.3
Activities
editSee Also
editReferences
editThis lesson covers wireless attacks.
Objectives and Skills
editObjectives and skills for the wireless attacks portion of Security+ certification include:[1]
- Explain types of wireless attacks.
- Rogue access points
- Jamming/Interference
- Evil twin
- War driving
- Bluejacking
- Bluesnarfing
- War chalking
- IV attack
- Packet sniffing
- Near field communication
- Replay attacks
- WEP/WPA attacks
- WPS attacks
Readings
editMultimedia
edit- YouTube: Rogue Access Points and Evil Twins - CompTIA Security+ SY0-401: 3.4
- YouTube: Wireless Interference - CompTIA Security+ SY0-401: 3.4
- YouTube: Wardriving and Warchalking - CompTIA Security+ SY0-401: 3.4
- YouTube: Bluejacking and Bluesnarfing - CompTIA Security+ SY0-401: 3.4
- YouTube: Wireless IV Attacks - CompTIA Security+ SY0-401: 3.4
- YouTube: Wireless Packet Analysis - CompTIA Security+ SY0-401: 3.4
- YouTube: Near Field Communication - CompTIA Security+ SY0-401: 3.4
- YouTube: Wireless Replay and WEP Attacks - CompTIA Security+ SY0-401: 3.4
- YouTube: WPA Attacks - CompTIA Security+ SY0-401: 3.4
- YouTube: WPS Attacks - CompTIA Security+ SY0-401: 3.4
Activities
editSee Also
editReferences
editThis lesson covers application attacks.
Objectives and Skills
editObjectives and skills for the application attacks portion of Security+ certification include:[1]
- Explain types of application attacks.
- Cross-site scripting
- SQL injection
- LDAP injection
- XML injection
- Directory traversal/command injection
- Buffer overflow
- Integer overflow
- Zero-day
- Cookies and attachments
- LSO (Locally Shared Objects)
- Flash Cookies
- Malicious add-ons
- Session hijacking
- Header manipulation
- Arbitrary code execution / remote code execution
Readings
editMultimedia
edit- YouTube: Cross-Site Scripting - CompTIA Security+ SY0-401: 3.5
- YouTube: SQL Injection, XML Injection, and LDAP Injection - CompTIA Security+ SY0-401: 3.5
- YouTube: Directory Traversal and Command Injection - CompTIA Security+ SY0-401: 3.5
- YouTube: Buffer Overflows and Integer Overflows - CompTIA Security+ SY0-401: 3.5
- YouTube: Zero-Day Attacks - CompTIA Security+ SY0-401: 3.5
- YouTube: Cookies, Header Manipulation, and Session Hijacking - CompTIA Security+ SY0-401: 3.5
- YouTube: Locally Shared Objects and Flash Cookies - CompTIA Security+ SY0-401: 3.5
- YouTube: Malicious Add-ons and Attachments - CompTIA Security+ SY0-401: 3.5
- YouTube: Arbitrary and Remote Code Execution - CompTIA Security+ SY0-401: 3.5
Activities
editSee Also
editReferences
editThis lesson covers threat mitigation.
Objectives and Skills
editObjectives and skills for the threat mitigation portion of Security+ certification include:[1]
- Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.
- Monitoring system logs
- Event logs
- Audit logs
- Security logs
- Access logs
- Hardening
- Disabling unnecessary services
- Protecting management interfaces and applications
- Password protection
- Disabling unnecessary accounts
- Network security
- MAC limiting and filtering
- 802.1x
- Disabling unused interfaces and unused application service ports
- Rogue machine detection
- Security posture
- Initial baseline configuration
- Continuous security monitoring
- Remediation
- Reporting
- Alarms
- Alerts
- Trends
- Detection controls vs. prevention controls
- Intrusion Detection Systems (IDS) vs. Intrusion Prevention Systems (IPS)
- Camera vs. guard
- Monitoring system logs
Readings
editMultimedia
edit- YouTube: Monitoring System Logs - CompTIA Security+ SY0-401: 3.6
- YouTube: Operating System Hardening - CompTIA Security+ SY0-401: 3.6
- YouTube: Physical Port Security - CompTIA Security+ SY0-401: 3.6
- YouTube: Security Posture - CompTIA Security+ SY0-401: 3.6
- YouTube: Reporting - CompTIA Security+ SY0-401: 3.6
- YouTube: Detection vs. Prevention - CompTIA Security+ SY0-401: 3.6
Activities
editSee Also
editReferences
editThis lesson covers security tools.
Objectives and Skills
editObjectives and skills for the security tools portion of Security+ certification include:[1]
- Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.
- Interpret results of security assessment tools
- Tools
- Protocol analyzer
- Vulnerability scanner
- Honeypots
- Honeynets
- Port scanner
- Passive vs. active tools
- Banner grabbing
- Risk calculations
- Threat vs. likelihood
- Assessment types
- Risk
- Threat
- Vulnerability
- Assessment technique
- Baseline reporting
- Code review
- Determine attack surface
- Review architecture
- Review designs
Readings
edit- Wikipedia: Vulnerability Scanner and related articles.
Multimedia
editActivities
editSee Also
editReferences
editThis lesson covers security testing.
Objectives and Skills
editObjectives and skills for the security testing portion of Security+ certification include:[1]
- Explain the proper use of penetration testing versus vulnerability scanning.
- Penetration testing<ref>
- Verify a threat exists
- Bypass security controls
- Actively test security controls
- Exploiting vulnerabilities
- Vulnerability scanning
- Passively testing security controls
- Identify vulnerability
- Identify lack of security controls
- Identify common misconfigurations
- Intrusive vs. non-intrusive
- Credentialed vs. non-credentialed
- False positive
- Black box
- White box
- Gray box
- Penetration testing<ref>
Readings
editMultimedia
editActivities
editSee Also
editReferences
editHost Security
editThis lesson covers application security.
Objectives and Skills
editObjectives and skills for the application security portion of Security+ certification include:[1]
- Explain the importance of application security controls and techniques.
- Fuzzing
- Secure coding concepts
- Error and exception handling
- Input validation
- Cross-site scripting prevention
- Cross-site Request Forgery (XSRF) prevention
- Application configuration baseline (proper settings)
- Application hardening
- Application patch management
- NoSQL databases vs. SQL databases
- Server-side vs. Client-side validation
Readings
editMultimedia
edit- YouTube: Fuzzing - CompTIA Security+ SY0-401: 4.1
- YouTube: Secure Coding Concepts - CompTIA Security+ SY0-401: 4.1
- YouTube: Application Configuration Baselining and Hardening - CompTIA Security+ SY0-401: 4.1
- YouTube: Application Patch Management - CompTIA Security+ SY0-401: 4.1
- YouTube: SQL and NoSQL Databases - CompTIA Security+ SY0-401: 4.1
- YouTube: Server-side vs. Client-side Validation - CompTIA Security+ SY0-401: 4.1
Activities
editSee Also
editReferences
editThis lesson covers mobile security.
Objectives and Skills
editObjectives and skills for the mobile security portion of Security+ certification include:[1]
- Summarize mobile security concepts and technologies.
- Device security
- Full device encryption
- Remote wiping
- Lockout
- Screen-locks
- GPS
- Application control
- Storage segmentation
- Asset tracking
- Inventory control
- Mobile device management
- Device access control
- Removable storage
- Disabling unused features
- Application security
- Key management
- Credential management
- Authentication
- Geo-tagging
- Encryption
- Application whitelisting
- Transitive trust/authentication
- BYOD concerns
- Data ownership
- Support ownership
- Patch management
- Antivirus management
- Forensics
- Privacy
- On-boarding/off-boarding
- Adherence to corporate policies
- User acceptance
- Architecture/infrastructure considerations
- Legal concerns
- Acceptable use policy
- On-board camera/video
- Device security
Readings
editMultimedia
editActivities
editSee Also
editReferences
editThis lesson covers host security.
Objectives and Skills
editObjectives and skills for the host security portion of Security+ certification include:[1]
- Given a scenario, select the appropriate solution to establish host security.
- Operating system security and settings
- OS hardening
- Anti-malware
- Antivirus
- Anti-spam
- Anti-spyware
- Pop-up blockers
- Patch management
- White listing vs. black listing applications
- Trusted OS
- Host-based firewalls
- Host-based intrusion detection
- Hardware security
- Cable locks
- Safe
- Locking cabinets
- Host software baselining
- Virtualization
- Snapshots
- Patch compatibility
- Host availability/elasticity
- Security control testing
- Sandboxing
Readings
editMultimedia
edit- YouTube: Operating System Security and Settings - CompTIA Security+ SY0-401: 4.3
- YouTube: Anti-Malware - CompTIA Security+ SY0-401: 4.3
- YouTube: Patch Management - CompTIA Security+ SY0-401: 4.3
- YouTube: White Listing and Black Listing Applications - CompTIA Security+ SY0-401: 4.3
- YouTube: Trusted Operating Systems - CompTIA Security+ SY0-401: 4.3
- YouTube: Host-based Security - CompTIA Security+ SY0-401: 4.3
- YouTube: Hardware Security - CompTIA Security+ SY0-401: 4.3
- YouTube: Host Software Baselining - CompTIA Security+ SY0-401: 4.3
- YouTube: Virtualization Security - CompTIA Security+ SY0-401: 4.3
Activities
editSee Also
editReferences
editThis lesson covers data security.
Objectives and Skills
editObjectives and skills for the data security portion of Security+ certification include:[1]
- Implement the appropriate controls to ensure data security.
- Cloud storage
- SAN
- Handling Big Data
- Data encryption
- Full disk
- Database
- Individual files
- Removable media
- Mobile devices
- Hardware based encryption devices
- TPM
- HSM
- USB encryption
- Hard drive
- Data in-transit, Data at-rest, Data in-use
- Permissions/ACL
- Data policies
- Wiping
- Disposing
- Retention
- Storage
Readings
editMultimedia
edit- YouTube: Cloud and SAN Storage Data Security - CompTIA Security+ SY0-401: 4.4
- YouTube: Data Encryption - CompTIA Security+ SY0-401: 4.4
- YouTube: Hardware-based Encryption - CompTIA Security+ SY0-401: 4.4
- YouTube: States of Data - CompTIA Security+ SY0-401: 4.4
- YouTube: Permissions and ACLs - CompTIA Security+ SY0-401: 4.4
- YouTube: Data Policies - CompTIA Security+ SY0-401: 4.4
Activities
editSee Also
editReferences
editThis lesson covers environmental mitigation.
Objectives and Skills
editObjectives and skills for the environmental mitigation portion of Security+ certification include:[1]
- Compare and contrast alternative methods to mitigate security risks in static environments.
- Environments
- SCADA
- Embedded (Printer, Smart TV, HVAC control)
- Android
- iOS
- Mainframe
- Game consoles
- In-vehicle computing systems
- Methods
- Network segmentation
- Security layers
- Application firewalls
- Manual updates
- Firmware version control
- Wrappers
- Control redundancy and diversity
- Environments
Readings
editMultimedia
editActivities
editSee Also
editReferences
editAccess Control
editThis lesson covers authentication services from CompTIA Security + certification
Objectives and Skills
editObjectives and skills for the authentication services portion of Security+ certification include:[1]
- Compare and contrast the function and purpose of authentication services.
- RADIUS
- TACACS+
- Kerberos
- LDAP
- XTACACS
- SAML
- Secure LDAP
Readings
editMultimedia
editActivities
editSee Also
edit- Single Sign-on (SSO)
- Multi Factor Authentication (MFA)
References
editThis lesson covers authentication and authorization.
Objectives and Skills
editObjectives and skills for the authentication and authorization of Security+ certification include:[1]
- Given a scenario, select the appropriate authentication, authorization or access control.
- Identification vs. authentication vs. authorization
- Authorization
- Least privilege
- Separation of duties
- ACLs
- Mandatory access
- Discretionary access
- Rule-based access control
- Role-based access control
- Time of day restrictions
- Authentication
- Tokens
- Common access card
- Smart card
- Multifactor authentication
- TOTP
- HOTP
- CHAP
- PAP
- Single sign-on
- Access control
- Implicit deny
- Trusted OS
- Authentication factors
- Something you are
- Something you have
- Something you know
- Somewhere you are
- Something you do
- Identification
- Biometrics
- Personal identification verification card
- Username
- Federation
- Transitive trust/authentication
Readings
editMultimedia
edit- YouTube: Identification, Authentication, and Authorization - CompTIA Security+ SY0-401: 5.2
- YouTube: Authorization and Access Control - CompTIA Security+ SY0-401: 5.2
- YouTube: Single-factor Authentication - CompTIA Security+ SY0-401: 5.2
- YouTube: Multi-factor Authentication - CompTIA Security+ SY0-401: 5.2
- YouTube: One-time Password Algorithms - CompTIA Security+ SY0-401: 5.2
- YouTube: CHAP and PAP - CompTIA Security+ SY0-401: 5.2
- YouTube: Single Sign-on - CompTIA Security+ SY0-401: 5.2
- YouTube: Federation and Transitive Trust - CompTIA Security+ SY0-401: 5.2
Activities
editSee Also
editReferences
editThis lesson covers account management.
Objectives and Skills
editObjectives and skills for the account management portion of Security+ certification include:[1]
- Install and configure security controls when performing account management, based on best practices.
- Mitigate issues associated with users with multiple account/roles and/or shared accounts
- Account policy enforcement
- Credential management
- Group policy
- Password complexity
- Expiration
- Recovery
- Disablement
- Lockout
- Password history
- Password reuse
- Password length
- Generic account prohibition
- Group based privileges
- User assigned privileges
- User access reviews
- Continuous monitoring
Readings
editMultimedia
edit- YouTube: Roles and Account Credentials - CompTIA Security+ SY0-401: 5.3
- YouTube: Group Policy - CompTIA Security+ SY0-401: 5.3
- YouTube: Managing Password Policies - CompTIA Security+ SY0-401: 5.3
- YouTube: Privileges - CompTIA Security+ SY0-401: 5.3
- YouTube: User Access Reviews and Monitoring - CompTIA Security+ SY0-401: 5.3
Activities
editSee Also
editReferences
editCryptography
editThis lesson covers cryptography concepts.
Objectives and Skills
editObjectives and skills for the cryptography concepts portion of Security+ certification include:[1]
- Given a scenario, utilize general cryptography concepts.
- Symmetric vs. asymmetric
- Session keys
- In-band vs. out-of-band key exchange
- Fundamental differences and encryption methods
- Block vs. stream
- Transport encryption
- Non-repudiation
- Hashing
- Key escrow
- Steganography
- Digital signatures
- Use of proven technologies
- Elliptic curve and quantum cryptography
- Ephemeral key
- Perfect forward secrecy
Readings
editMultimedia
edit- YouTube: Cryptography Overview - CompTIA Security+ SY0-401: 6.1
- YouTube: Symmetric vs. Asymmetric Encryption - CompTIA Security+ SY0-401: 6.1
- YouTube: Public Keys and Private Keys - CompTIA Security+ SY0-401: 6.1
- YouTube: Session Keys - CompTIA Security+ SY0-401: 6.1
- YouTube: Block vs. Stream Ciphers - CompTIA Security+ SY0-401: 6.1
- YouTube: Transport Encryption - CompTIA Security+ SY0-401: 6.1
- YouTube: Non-Repudiation - CompTIA Security+ SY0-401: 6.1
- YouTube: Hashing - CompTIA Security+ SY0-401: 6.1
- YouTube: Key Escrow - CompTIA Security+ SY0-401: 6.1
- YouTube: Steganography - CompTIA Security+ SY0-401: 6.1
- YouTube: Elliptic Curve and Quantum Cryptography - CompTIA Security+ SY0-401: 6.1
- YouTube: Perfect Forward Secrecy - CompTIA Security+ SY0-401: 6.1
Activities
editSee Also
editReferences
editThis lesson covers cryptography methods.
Objectives and Skills
editObjectives and skills for the cryptography methods portion of Security+ certification include:[1]
- Given a scenario, use appropriate cryptographic methods.
- WEP vs. WPA/WPA2 and preshared key
- MD5
- SHA
- RIPEMD
- AES
- DES
- 3DES
- HMAC
- RSA
- Diffie-Hellman
- RC4
- One-time pads
- NTLM
- NTLMv2
- Blowfish
- PGP/GPG
- TwoFish
- DHE
- ECDHE
- CHAP
- PAP
- Comparative strengths and performance of algorithms
- Use of algorithms/protocols with transport encryption
- SSL
- TLS
- IPSec
- SSH
- HTTPS
- Cipher suites
- Strong vs. weak ciphers
- Key stretching
- PBKDF2
- Bcrypt
Readings
editMultimedia
edit- YouTube: WEP vs. WPA - CompTIA Security+ SY0-401: 6.2
- YouTube: Cryptographic Hash Functions - CompTIA Security+ SY0-401: 6.2
- YouTube: Symmetric Encryption Ciphers - CompTIA Security+ SY0-401: 6.2
- YouTube: Asymmetric Cryptography Algorithms - CompTIA Security+ SY0-401: 6.2
- YouTube: One-Time Pads - CompTIA Security+ SY0-401: 6.2
- YouTube: NTLM - CompTIA Security+ SY0-401: 6.2
- YouTube: Transport Encryption Algorithms - CompTIA Security+ SY0-401: 6.2
- YouTube: Strong vs. Weak Encryption - CompTIA Security+ SY0-401: 6.2
Activities
editSee Also
editReferences
editThis lesson covers public key infrastructure (PKI).
Objectives and Skills
editObjectives and skills for the PKI portion of Security+ certification include:[1]
- Given a scenario, use appropriate PKI, certificate management and associated components.
- Certificate authorities and digital certificates
- CA
- CRLs
- OCSP
- CSR
- PKI
- Recovery agent
- Public key
- Private key
- Registration
- Key escrow
- Trust models
- Certificate authorities and digital certificates
Readings
editMultimedia
edit- YouTube: Certificate Authorities - CompTIA Security+ SY0-401: 6.3
- YouTube: Key Revocation - CompTIA Security+ SY0-401: 6.3
- YouTube: Digital Certificates - CompTIA Security+ SY0-401: 6.3
- YouTube: Public Key Infrastructure - CompTIA Security+ SY0-401: 6.3
- YouTube: Key Recovery - CompTIA Security+ SY0-401: 6.3
- YouTube: Public and Private Keys - CompTIA Security+ SY0-401: 6.3
- YouTube: Key Registration - CompTIA Security+ SY0-401: 6.3
- YouTube: Key Escrow - CompTIA Security+ SY0-401: 6.3
- YouTube: Trust Models - CompTIA Security+ SY0-401: 6.3