CompTIA Security+
General Security Concepts
Overview/Description
To introduce the key principles of security for the enterprise
Target Audience
Network administrators, firewall administrators, system administrators,
application developers, and IT security officers
Prerequisites
Knowledge and skills equivalent of those tested for in the CompTIA A+ and
Network+ certification exams
Expected Duration
6 to 12 Hours
General Security Concepts
-
Describe how to
achieve CompTIA Security + Certification
-
Discuss access
control concepts
-
Discuss access
control types and models
-
Discuss resource
access control and system access control
-
Identify the
requirements for system access control and resource access control
-
Explain how to
implement resource access control and system access control
-
Define the principles
of authentication and discuss authentication methods
-
Explain the features
and operation of Kerberos
-
Explain the
authentication mechanisms used in PPP
-
Describe threats to
information security and network infrastructure
-
Explain how different
types of denial-of-service attacks affect a network
-
Describe some of the
common attacks that are carried out on networks
-
Detail threats that
arise specifically from hackers
-
Set up and monitor a
Telnet session using a protocol analyzer
-
Discuss the threat of
social engineering
-
Describe how
passwords are stored and explain why they are vulnerable to attack
-
Explain why a strong
password policy is important and what can be done to protect password files
on UNIX and Windows systems
-
Use the password
cracking utility LC4 and employ it to audit passwords from a number of
locations
Communications Security
Overview/Description
To introduce the key issues in communications security
Target Audience
Network administrators, firewall administrators, system administrators,
application developers, and IT security officers
Prerequisites
Knowledge and skills equivalent of those tested for in the CompTIA A+ and
Network+ certification exams
Expected Duration
6 to 12 Hours
Communications Security
-
Explain the
technologies used to implement VPNs for secure WAN communications
-
Detail the features
of a VPN solution for secure remote connectivity
-
Implement a VPN
solution for secure remote access
-
Outline the RADIUS
authentication mechanism
-
Outline the TACACS+
authentication mechanism and compare it to the RADIUS authentication
mechanism
-
Describe WEP and the
differences between the various wireless LAN standards
-
Describe wireless LAN
security attacks and explain how to prevent them
-
Identify the
strengths and weaknesses of various wireless LAN security techniques
-
Identify appropriate
security solutions for wireless LANs
-
Explain corporate
security policies and outline the procedures involved in performing a site
survey
-
Conduct a wireless
LAN site survey
-
Describe the WAP
protocol and discuss mechanisms for protecting the WAP gateway
-
Provide an overview
of the various threats to web security
-
Describe how Gnutella
and peer-to-peer networks work and outline the security issues that arise
from their use
-
Understand the FTP
protocol and outline the measures used to secure FTP
-
Discuss the security
implications of popular instant messaging applications
-
Identify the various
components of LDAP
-
Describe the security
methods associated with LDAP
Infrastructure Security
Overview/Description
To describe how to detect and respond to network intruders, understand operating
system security, and describe LAN devices and topology
Target Audience
Network administrators, firewall administrators, system administrators,
application developers, and IT security officers
Prerequisites
Knowledge and skills equivalent of those tested for in the CompTIA A+ and
Network+ certification exams
Expected Duration
7.25 to 14.5 Hours
Infrastructure Security
-
Discuss the
principles of detecting network intruders
-
Describe how to
distract network intruders and limit the damage they can cause
-
Set up a decoy
account and monitor both failed and successful login attempts
-
Describe the
characteristics and features of intrusion detection systems
-
Describe the
different types of intrusion detection mechanisms
-
Discuss the
deployment of intrusion detection systems
-
Discuss how to
respond to and manage computer-related security incidents
-
Recognize the
functionality and deployment issues of intrusion detection
-
Describe network
components and their application
-
Explain the role of
bridges, switches, and routers in a network
-
Describe the basic
operation of firewalls and proxy servers
-
Describe the various
frauds that are carried out on PBX systems
-
Identify the
different types of networking media that are used at the physical layer of
the OSI model
-
Describe Windows NT
and Windows 2000 security issues
-
Identify the threats
to system security, both intentional and unintentional
-
Run a security scan
on a networked workstation
-
Outline the main
components of OS security
-
Explain changes that
can be made to an OS to make it more secure
-
Discuss Windows 2000
Registry security
-
Perform tasks to
improve the security of the Windows OS
-
Describe how VLANs
operate
-
List the components
of NAT and explain when NAT should be implemented
Encryption Technologies
Overview/Description
To discuss techniques for encrypting information
Target Audience
Network administrators, firewall administrators, system administrators,
application developers, and IT security officers
Prerequisites
Knowledge and skills equivalent of those tested for in the CompTIA A+ and
Network+ certification exams
Expected Duration
4.75 to 9.5 Hours
Encryption Technologies
-
Outline the history
of encryption and the reasons why encryption is important
-
Outline the
principles of symmetric encryption
-
Explain what a block
cipher is and identify the algorithms that use them
-
Discuss the
fundamentals of asymmetric encryption
-
Explain the
functionality of hashes and message functions in protecting the integrity of
encrypted data
-
Describe the
processes involved in symmetric and asymmetric encryption
-
Outline the different
methods of managing encryption keys
-
Discuss some
practical applications of encryption
-
Implement a secure
encryption scheme on a computer
-
Exchange encrypted
e-mails
-
Explain the use of
certificates for trusted secure public-key implementation
-
Describe revocation
and nonrepudiation of public-key certificates
-
Discuss the X.509
standard for public-key certificates
-
Describe public-key
infrastructure and Secure Electronic Transactions (SETs)
-
Outline certificate
practices, policies, and paths
Operational and
Organizational Security
Overview/Description
To present the key issues and policy requirements for organizational and
operational security
Target Audience
Network administrators, firewall administrators, system administrators,
application developers, and IT security officers
Prerequisites
Knowledge and skills equivalent of those tested for in the CompTIA A+ and
Network+ certification exams
Expected Duration
6 to 12 Hours
Operational and Organizational Security
-
Discuss the reason
for business continuity plans
-
Discuss the reason
for and the process involved in creating a disaster recovery plan
-
Discuss the reasons
why business continuity plans are used and how to create them
-
Describe how to
develop a business impact assessment and a business continuity plan
-
Discuss the process
involved in maintaining and testing a disaster recovery plan
-
Explain the
underlying concepts and principles of security management
-
List and explain the
recognized industry standards and recommendations that address information
and network security
-
Define security
policy and identify issue-specific security policy documents
-
Design a security
policy document
-
Discuss employment
practices in the workplace
-
Describe the controls
that are available to protect resources, restrict privileges, and limit the
risk of access abuse in a network environment
-
Describe the
technologies and controls that make a working environment secure
-
Describe the
technologies and controls that make a safe working environment
-
Identify the
environmental safeguards and security strategies required to make a site
secure
-
Describe the
technologies and controls that restrict access to a working environment and
control data confidentiality
-
Discuss risk
management and its requirements with reference to security issues
-
Describe the
processes involved in implementing information risk management
-
Explain how computer
crime investigations are conducted