CompTIA Security+ validates knowledge of communication security, infrastructure security, cryptography, operational security, and general security concepts.
CompTIA Security+ is aimed at IT professionals with job roles such as security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator and network administrator.
On course completion, students will be able to:
Identify network attack strategies and defenses.
Know the technologies and uses of encryption standards and products.
Describe how remote access security is enforced.
Identify strategies for ensuring business continuity, fault tolerance, and disaster recovery.
Understand the principles of organizational security and the elements of effective security policies.
Identify network- and host-based security technologies and practices.
Describe the standards and products used to enforce security on web and communications technologies.
This course will prepare students to take the SY0-301 CompTIA Security+ Certification exam, for the objectives released in April 2011. This course is pending approval through the CompTIA Authorized Quality Curriculum program.
CompTIA Security+ Certification has been created as a benchmark for entry-level security skills. Major corporations such as Sun, IBM/Tivoli Software Group, Symantec, Motorola, Hitachi Electronics Services and VeriSign value the CompTIA Security+ certification and recommend or require it of their IT employees.
Students should meet the following criteria prior to taking the course:
Recommended that students have taken CompTIA Network+ certification course and exam, together with 24 months experience of networking support/IT administration
Able to use Windows to create and manage files and use basic administrative features (Explorer, Control Panel and Management Consoles)
Understand TCP/IP addressing, core protocols and troubleshooting tools
Know the function and basic features of PC components
Know basic network terminology and functions (such as OSI Model, toplogy, Ethernet, TCP/IP, switches and touters)
Module 1 – Security Threats and Controls
Security Controls Why is Security Important? • Security Policy • Security Controls • Identification • Authentication • Authorization • Basic Authorization Policies • Accounting
Threats and Attacks • Vulnerability, Threat, and Risk • Social Engineering • Phishing • Malware • Trojans and Spyware • Preventing Malware • Anti-Virus Software • Removing Malware
Network Attacks • Network Fundamentals • Sniffers and Protocol Analyzers • ARP Attacks • IP Spoofing and Hijacking • Network Mappers and Port Scanners • Denial of Service Attacks
Assessment Tools and Techniques • Vulnerability Assessments and Pentests • Security Assessment Techniques • Vulnerability Scanners • Honeypots and Honeynets
Module 3 – Network Security
Secure Network Design Secure Network Topologies • Demilitarized Zones • Other Security Zones • Network Device Exploitation • Switches and VLANs • Switch Vulnerabilities and Exploits • Routers • Network Address Translation
Security Appliances and Applications • Basic Firewalls • Stateful Firewalls • Proxies and Gateways • Implementing a Firewall or Gateway • Web and Email Security Gateways • Intrusion Detection Systems • IDS Analysis Engines • Monitoring System Logs
Wireless Network Security • Wireless LANs • WEP and WPA • Wi-Fi Authentication • Additional Wi-Fi Security Settings • Wi-Fi Site Security
VPN and Remote Access Security • Remote Access • Virtual Private Networks • IPSec • Remote Access Servers • Remote Administration Tools • Hardening Remote Access Infrastructure
Network Application Security • Application Layer Security • DHCP Security • DNS Security • SNMP Security • Storage Area Network Security • IPv4 versus IPv6 • Telephony
Module 5 – Operational Security
Site Security Site Layout and Access • Gateways and Locks • Alarm Systems • Surveillance • Hardware Security • Environmental Controls • Hot and Cold Aisles • RFI / EMI • Fire Prevention and Suppression
Mobile and Embedded Device Security • Static Environments • Mitigating Risk in Static Environments • Mobile Device Security • Mobile Device Management • BYOD Concerns • Mobile Application Security • Bluetooth and NFC
Risk Management • Business Continuity Concepts • Risk Calculation • Risk Mitigation • Integration with Third Parties • Service Level Agreements • Change and Configuration Management
Disaster Recovery • Disaster Recovery Planning • IT Contingency Planning • Clusters and Sites
Incident Response and Forensics • Incident Response Procedures • Preparation • Detection, and Analysis • Containment • Eradication, and Recovery • Forensic Procedures • Collection of Evidence • Handling and Analyzing Evidence
Security Policies and Training • Corporate Security Policy • Operational Policies • Privacy and Employee Policies • Standards and Best Practice • Security Policy Training and User Habits
Module 2 – Cryptography and Access Control
Cryptography Uses of Cryptography • Cryptographic Terminology and Ciphers • Encryption Technologies • Cryptographic Hash Functions • Symmetric Encryption • Asymmetric Encryption • Diffie-Hellman • ECC and Quantum Cryptography • Transport Encryption • Cryptographic Attacks • Steganography • Labs • Steganography
Public Key Infrastructure • PKI and Certificates • Certificate Authorities • Implementing PKI • Creating Keys • Key Recovery Agents • Key Status and Revocation • PKI Trust Models • Cryptographic Standards • PGP / GPG • Labs • Configuring Certificate Services
Password Authentication • LAN Manager / NTLM • Kerberos • PAP and CHAP • Password Protection • Password Attacks
Strong Authentication • Token-based Authentication • Biometric Authentication • Common Access Card • Extensible Authentication Protocol • RADIUS and TACACS+ • Federation and Trusts
Authorization and Account Management • Privilege Policies • Directory Services • Lightweight Directory Access Protocol • Windows Active Directory • Creating and Managing User Accounts • Managing Group Accounts • Account Policy Enforcement • User Rights, Permissions, and Access Reviews
Module 4 – Host, Data, and Application Security
Host Security Computer Hardening • Host Security Management Plan • OS Hardening • Patch Management • Endpoint Security • Network Access Control • Labs • Network Access Protection
Data Security • Data Handling • Data Encryption • Data Loss Prevention • Backup Plans and Policies • Backup Execution and Frequency • Restoring Data and Verifying Backups • Data Wiping and Disposal
Web Services Security • HyperText Transport Protocol • SSL / TLS • Web Servers • Load Balancers • File Transfer
Web Application Security • Web Application Technologies • Web Application Databases • Web Application Exploits • Web Application Browser Exploits • Secure Web Application Design • Auditing Web Applications • Web Browser Security
Virtualization and Cloud Security • Virtualization Technologies • Virtual Platform Applications • Virtualization Best Practices • Cloud Computing • Risks of Cloud Computing