Video 1
Introduction to Security
- Instructor Introduction
- CompTIA Overview
- Security+ Domains
- Course Objectives
- Exam Overview
Video 2
Security Overview
- What is Security?
- How Did We Get Here?
- Security Areas - Physical, Information, Systems
- Defense in Depth - Security in Layers
Video 3
Security Management
- Management’s Involvement in IT Security
- Components of Security Management
- Security Controls - Admin, Technical and Physical
- Principles of IT Security
- CIA - Confidentiality, Integrity and Availability
- AAA - Access, Authentication and Auditing
Section 1: Organizational Security
Video 4
Redundancy and Fault Tolerance
- Redundancy vs. Fault Tolerance
- Single Point of Failure
- UPS
- Backup Generator
- Redundant Servers
- RAID
- Redundant Connections
- Redundant ISP
- Hot Site
- Warm Site
- Cold Site
- Spare Parts
Video 5
Implement Disaster Recovery Procedures
- Planning
- Disaster Recovery Exercises
- Backup Techniques and Practices - Storage
- Schemes
- Restoration
Video 6
Environmental Controls
- Fire Suppression
- HVAC
- Shielding
Video 7
Incident Response Procedures
- Forensics
- Chain of Custody
- First Responders
- Damage and Loss Control
- Reporting - Disclosure of
Video 8
Social Engineering
- Phishing
- Hoaxes
- Shoulder Surfing
- Dumpster Diving
Video 9
Organization Policies and Applicable Legislation
- Secure Disposal of Computers
- Acceptable Use Policies
- Password Complexity
- Change Management
- Classification of Information
- Mandatory Vacations
- Personally Identifiable Information (PII)
- Due Care
- Due Diligence
- Due Process
- SLA
- Security-related HR Policy
- Data Retention Policy
- User Education and Awareness Training
Section 2: Assessments and Audits
Video 10
System Scanning and Monitoring
- IDS
- Behavior-based
- Signature-based
- Anomaly-based
- Networking Tools
- Port Scanners
- Vulnerability Scanners
- Protocol Analyzers
- Network Mappers
- OVAL
- Penetration Testing
- Performance Monitoring
- System Monitors
- SNMP
- Agent Based
Video 11
Logging
- Centralized vs. Distributed Logging
- System Logs
- Security Logs
- Performance Logs
- Application Logs
- DNS
- Antivirus
- Firewall
- Log Rotation and Retention
Video 12
Auditing
- Risk Assessments and Mitigation
- User Access and Rights Review
Video 13
System Hardening
- Disabling Non-essential Systems
- Disabling Non-essential Services
- Disabling Non-essential Processes
- Disabling Non-essential Programs
- Disabling Non-essential Protocols
- Bastian Hosts
Section 3: Network Infrastructure
Video 14
Network Design Components
- DMZ
- VLAN
- NAT
- Network Interconnections
- NAC
- Subnetting
- Telephony
Video 15
Network Devices
- Hubs
- Switches
- Routers
- Firewalls
- Packet Filtering Firewalls
- Stateful Inspection Firewalls
- Application Layer Firewalls
- Modems
- RAS
Video 16
Network Media
- 10Base2 and 10Base5
- Vampire Taps
- 10BaseT, 100BaseTX and FX, Gigabit Ethernet
- Fiber Cables
Video 17
Networking Protocols and Ports
- Antiquated Protocols
- IPS/SPX
- AppleTalk
- NetBeui
- TCP/IP
- TCP/IP Hijacking
Video 18
Protocol Exploits
- Null Sessions
- Spoofing
- Man-in-the-Middle
- Replay
- DOS
- DDOS
- Domain Name Kiting
- DNS Poisoning
- ARP Poisoning
- Privilege Escalation
- Weak Passwords
- Back Doors
- Default Accounts
Video 19
Network Security Tools
- NIDS
- NIPS
- Firewalls
- Proxy Servers
- Honeypot
- Internet Content Filters
- Protocol Analyzers
Video 20
Remote Access Security
- 802.1x
- EAP
- Media Access Control Authentication
- VPN
- Site-to-Site
- Remote Access VPN
- PPTP
- L2TP
- SSH
- IPSec
- Known Vulnerabilities
Video 21
Wireless Networks
- Wireless Communications
- RF Communications
- Spread Spectrum
- Wireless Network Architecture
- Wireless LANs
- WAP
- WTLS
- IEEE 802.11
- 802.11b
- 802.11g
- 802.11n
- 802.11i
- WEP
- TKIP
Video 22
Wireless Exploits
- Passive Attacks
- Active Attacks
- MITM
- WAP Vulnerabilities
- WEP Vulnerabilities
- Spoofing
- Data Emanation
- War Driving
- SSID Broadcast
- Blue Jacking
- Bluesnarfing
- Rogue Access Points
- Weak Encryption
- DoS and Flooding
Section 4: System Security
Video 23
System Security Threats
- Privilege Escalation
- Virus
- Worm
- Trojan
- Spyware
- Spam
- Adware
- Rootkits
- Botnets
- Logic Bomb
Video 24
Operating System Hardening
- Hotfixes
- Service Packs
- Patches
- Patch Management
- Group Policies
- Security Templates
- Configuration Baselines
Video 25
Application Security Concerns
- ActiveX
- Java
- Scripting
- Browser
- Buffer Overflows
- Cookies
- Instant Messaging
- P2P
- Input Validation
- Cross-site Scripting (XSS)
Video 26
Hardware Security Concerns
- BIOS
- USB Devices
- Cell Phones
- Removable Storage
- Network Attached Storage
Video 27
Implementing Security Applications
- HIDS
- Personal Software Firewalls
- Antivirus
- Anti-spam
- Popup Blockers
- Virtualization Considerations
Video 28
E-mail Security
- MIME
- S/MIME
- PGP
- Vulnerabilities
- SMTP Open Relays
- Spoofing
- Viruses
- Spam
- Hoaxes
- Phishing
Video 29
Web Security
- Web Server Security
- Access Control
- Directory and Data Structures
- Scripting Vulnerabilities
- Logging
- Backups
- Rogue Web Servers
- Browser Exploits
- Browser Vulnerabilities
- Cookies
- Web Spoofing
- Web Server Exploits
- Browsing Protocols
- SSL and TLS
- HTTP
- HTTP/s
- S-HTTP
- Instant Messaging (IM)
- IM Message Vulnerabilities
- Text Messages Ad SMS
Video 30
Web Based Vulnerabilities
- Java Script
- ActiveX
- Preventing Java and ActiveX Issues
- Code Signing
- CGI
- CGI Wrappers
- Buffer Overflows
- Hardening Browsers and E-Mail Clients
Video 31
FTP Security
- Active and Passive FTP
- S/FTP
- Secure Copy
- Blind FTP
- FTP Sharing
- Sniffing FTP Transmissions
Section 5: Access Control
Video 32
Access Control Methods
- Implicit Deny
- Least Privilege
- Separation of Duties
- Job Rotation
Video 33
Access Control Models
- MAC
- DAC
- Role Based Access Control
- Rule Based Access Control
- Users, Groups, Rights and Privileges
- Security Controls for Files and Printers
Video 34
Logical Access Controls
- ACL
- Group Policies
- Password Policy
- Domain Password Policy
- User Names and Passwords
- Time of Day Restrictions
- Account Expiration
- Logical Tokens
Video 35
Physical Access Controls
- Physical Access Logs/Lists
- Hardware Locks
- Physical Access Control - ID Badges
- Door Access Systems
- Man-trap
- Physical Tokens
- Video Surveillance - Camera Types and Positioning
Video 36
Authentication Models
- Identification vs. Authentication
- One, Two and Three-factor Authentication
- Single Sign-on
- Biometric Reader
- RADIUS
- RAS
- LDAP
- LDAP Directories
- OU
- Object Attributes
- Securing LDAP
- Remote Access Policies
- Remote Authentication
- VPN
- Kerberos
- CHAP
- PAP
- Mutual
- 802.1x
- TACACS
Section 6: Cryptography
Video 37
Cryptographic Algorithms
- Ciphers
- Block Ciphers
- Stream Ciphers
- Symmetric Keys
- DES and Triple DES
- AES and AES256 Rijndael
- IDEA
- Blowfish
- CAST5
- Rivest’s Cipher - RC2, RC4, RC5, RC6
- Serpent
- Twofish
- Skipjack
- Asymmetric Keys
- Diffie-Hellman
- El Gamal
- RSA
- PGP
- Elliptical Curve Cryptography (ECC)
- Hashing Algorythms
- What is Hashing?
- SHA
- MD5
- LANMAN
- NTLM
Video 38
Using Cryptography
- Confidentiality
- Integrity and Availability
- Digital Signatures
- Single vs. Dual Sided Certificates
- Authentication
- Non-repudiation
- Access Control
- One-time Pad
- Whole Disk Encryption
- Trusted Platform Module (TPM)
- Steganography
Video 39
Public Key Infrastructure (PKI)
- PKI Overview
- Public Key
- Private Key
- Trust Models
- Web-of-Trust
- Single Certificate Authority
- Hierarchical Model
- Root CA
- Intermediate CA
- Leaf CA
- Subordinate CA
- Registration Authority (RA)
- Certificates
- X.509
- Certificate Policies
- Certificate Practice Statements
- Certificate Revocation
- Certificate Revocation List
- OSCP
- Key Management
- Centralized vs. Decentralized
- Storage
- Escrow
- Expiration
- Status Checking
- Revocation
- Suspension
- Key Recovery
- Key Renewal
- Key Destruction