Security+ course description
A hands on course aimed at getting delegates successfully through the CompTia Security+ examination.
Who will benefit?
Technical network staff.
Technical server staff.
Technical desktop staff.
Technical security staff.
Security+ training course prerequisites
TCP/IP Foundation.
Security+ training course objectives
By the end of the course delegates will be able to:
- Pass the CompTia Security+ exam.
- Explain general security concepts
- Describe the security concepts in communications.
- Describe how to secure an infrastructure.
- Recognise the role of cryptography.
- Describe operational/organisational security.
Duration: 5 days
Security+ training course: Dates, prices & bookings
Back to Security courses overview
|
 |
Security+ course contents
General security concepts
Non essential services and protocols. Access control: MAC, DAC, RBAC. Security attacks: DOS, DDOS, back doors, spoofing, man in the middle, replay, hijacking, weak keys, social engineering, mathematical, password guessing, brute force, dictionary, software exploitation. Authentication: Kerberos, CHAP, certificates, usernames/passwords, tokens, biometrics. Malicious code: Viruses, trojan horses, logic bombs, worms. Auditing, logging, scanning.
Communication security
Remote access: 802.1x, VPNs, L2TP, PPTP, IPsec, RADIUS, TACACS, SSH. Email: S/MIME, PGP, spam, hoaxes. Internet: SSL, TLS, HTTPS, IM, packet sniffing, privacy, Javascript, ActiveX, buffer overflows, cookies, signed applets, CGI, SMTP relay. LDAP. sftp, anon ftp, file sharing, sniffing, 8.3 names. Wireless: WTLS, 802.11, 802.11x, WEP/WAP.
Infrastructure security
Firewalls, routers, switches, wireless, modems, RAS, PBX, VPN, IDS, networking monitoring, workstations, servers, mobile devices. Media security: Coax, UTP, STP, fibre. Removable media. Topologies: Security zones, DMZ, Intranet, Extranet, VLANs, NAT, Tunnelling. IDS: Active/passive, network/host based, honey pots, incident response. Security baselines: Hardening OS/NOS, networks and applications.
Cryptography basics
Integrity, confidentiality, access control, authentication, non repudiation. Standards and protocols. Hashing, symmetric, asymmetric. PKI: Certificates, policies, practice statements, revocation, trust models. Key management and certificate lifecycles. Storage: h/w, s/w, private key protection. Escrow, expiration, revocation, suspension, recovery, destruction, key usage.
Operational/Organisation security
Physical security: Access control, social engineering, environment. Disaster recovery: Backups, secure disaster recovery plans. Business continuity: Utilities, high availability, backups. Security policies: AU, due care, privacy, separation of duties, need to know, password management, SLAs, disposal, destruction, HR policies. Incident response policy. Privilege management: Users, groups, roles, single sign on, centralised/decentralised. Auditing. Forensics: Chain of custody, preserving and collecting evidence. Identifying risks: Assets, risks, threats, vulnerabilities. Role of education/training. Security documentation.
|
