Courses
Courses Designed For Beginners, Seasoned IT Pros & Everyone In Between
CompTIA Security+ (2011 objectives)
View All CoursesThis CompTIA Security+ course will provide networking professionals with the fundamental concepts necessary to anticipate and address security risks. In this course, you will learn network security, operational security, threats and vulnerabilities, access control and identity management, and cryptography. To get the most out of this course, you should hold a CompTIA Network+ certification or have equivalent experience.
Lessons
-
Lesson Clips
- Introduction
- About Your Instructor
- About This Course
-
Lesson Clips
- Introduction
- What is IT Security?
- Key Terms You Should Know
- The Information Security Triad - CIA
- The AAA Protocol
- What We Covered
-
Lesson Clips
- Introduction
- Spoofing/Poisoning
- Pharming
- Man-in-the-Middle
- Replay Attack
- Denial of Service (DoS)
- Distributed Denial of Service (DDoS)
- Smurf Attack
- Scanners and Sniffers
- Spam
- Phishing
- Privilege Escalation
- Transitive Access
- Client-side Attacks
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Malware
- Viruses
- Worms
- Trojans
- Spyware
- Adware and Pop-ups
- Rootkits
- Backdoors
- Logic Bombs
- Botnets
- Ransomware
- Malware Mitigation
- Malware Removal
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Firewalls
- Routers
- Switches
- Load Balancers
- Proxies
- Web Security Gateways
- VPN Concentrators
- Network-based Intrusion Detection Systems (NIDS)
- Network-based Intrusion Prevention Systems (NIPS)
- Kinds of NIDS and NIPS
- Other Security Appliances
- Protocol Analyzers/Sniffers
- Host-based Filtering Tools
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Rule-based Management
- Access Control Lists (ACLs)
- Firewall Rules
- Secure Router Configuration
- Port Security
- Flood Guards
- Network Separation and Network Bridging
- Log Analysis
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Security Zones
- DMZ (Demilitarized Zone)
- Subnetting
- Virtual Local Area Network (VLAN)
- Network Address Translation (NAT)
- Remote Access
- Virtual Private Network (VPN)
- Telephony
- Network Access Control (NAC)
- Virtualization
- Cloud Computing
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- TCP/IP
- FTP
- SSH and SCP
- Telnet
- SMTP
- DNS
- TFTP
- HTTP
- SFTP
- SNMP
- HTTPS
- FTPS
- SSL and TLS
- TCP
- UDP
- IP
- ICMP
- ARP
- TCP/IP Ports to Remember
- IPSec
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Rogue Access Points
- Evil Twin
- Wardriving
- Warchalking
- IV Attack
- Packet Sniffing
- Attacks on Bluetooth
- Interference
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- IEEE 802.11x Wireless Standards
- WEP
- WPA and WPA2
- TKIP
- CCMP
- WAP
- EAP, PEAP, and LEAP
- Securing Wireless Routers and Access Points Best Practices
- Change the SSID and Turn off SSID Broadcast
- Consider Using MAC Filtering
- Work with Antenna Placement and Power Level Controls
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Antimalware
- Host-based Firewalls
- Updates and Patch Management
- Disabling Unused Services
- Users and Accounts
- Virtualization
- Host Software Baselining
- Securing Servers
- Securing Mobile Devices
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Cookies
- Session Hijacking
- Header Manipulation
- Cross-site Scripting (XSS)
- Cross-site Request Forgery (XSRF or CSRF)
- Injection Attacks
- Preventing Injection Attacks
- Buffer Overflow
- Java Applets and JavaScript
- ActiveX Controls
- Demo: Internet Explorer Security Settings
- Malicious Add-ons, Attachments, and Zero Day Exploits
- Secure Coding Concepts
- Fuzzing
- Application Hardening
- What We Covered
-
Lesson Clips
- Introduction
- Data Loss Protection (DLP)
- Individual Files/Folders Encryption
- Full Disk/Whole Disk Encryption
- Database Encryption
- Removable Media Encryption
- Mobile Device Encryption
- Trusted Platform Module (TPM)
- Hardware Security Module (HSM)
- USB Encryption
- Hard Drive Encryption
- Encryption Key Management
- Data in the Cloud
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Identification vs. Authentication
- Authentication and Authorization
- Something You Know, Something You Have, Something You Are
- Single Factor vs. Multifactor Authentication
- Types of Access Control
- Information Models
- Mandatory Vacations
- Job Rotation
- Separation of Duties
- Trusted OS
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Physical Security
- Fencing
- Mantraps
- Access Lists
- Proximity Readers
- Video Surveillance and Monitoring
- Hardware Locks
- Environmental Security
- HVAC Considerations
- Hot and Cold Aisles
- Environmental Monitoring and Controls
- Fire Suppression
- Power Systems
- Electromagnetic Emissions: Interference and Shielding
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Introduction to Authentication Services
- RADIUS
- TACACS+
- TACACS and XTACACS
- Kerberos
- LDAP
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Privilege Management
- Group Based Privileges
- User Account Policy
- Password Policies
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Risk Management Vocabulary
- Risk Management Steps
- Impact Analysis
- Risk Calculation
- Options for Handling Risk
- Control Types
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Assessment Types
- Assessment Techniques
- Tools
- Vulnerability Scanning
- Penetration Testing
- Black, White, and Gray Box Testing
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Security Posture
- Manual Bypassing of Electronic Controls
- Change Management
- Implement Security Controls Based on Risk
- Detection vs. Prevention Controls
- Hardening
- Perform Routine Audits
- Data Loss or Theft Prevention
- Security Policies
- Privacy Policies
- Acceptable Use Policies (AUP)
- Other Policies
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Reporting
- Monitoring and Analyzing Logs
- Log Types
- Logs Management
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Business Continuity vs. Disaster Recovery
- Business Continuity Planning (BCP) and Testing
- Business Impact Analysis
- IT Contingency Planning
- Continuity of Operations
- Succession Planning
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Disaster Recovery Plan
- Service Level Agreement (SLA)
- Utilities
- Backup Types
- Backup Plans
- Backup Storage Options
- Recovering from Backups
- Backup and Recovery Considerations
- Redundancy
- Fault Tolerance
- RAID: Redundant Array of Independent Disks
- Load Balancing
- Clustering
- Alternative/Backup Sites
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Incident Response Plan
- Damage and Loss Control
- Chain of Custody
- First Responder
- Basic Forensic Procedures
- What We Covered
-
Lesson Clips
- Introduction
- Security Policy Training and Procedures
- Threat Awareness
- Personally Identifiable Information (PII)
- Regulatory Compliance
- Social Networking
- Peer to Peer (P2P) File Sharing
- User Habits
- Information Classification
- Data Labeling, Handling, and Disposal
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Social Engineering Overview
- Impersonation
- Tailgating
- Dumpster Diving
- Shoulder Surfing
- Phishing
- Hoaxes
- Reverse Social Engineering
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Cryptography Overview
- Symmetric vs. Asymmetric Encryption
- Digital Signatures
- Non-repudiation
- Encryption/Decryption Methods
- Cryptographic Hashing
- Transport Encryption
- Steganography
- Use of Proven Technologies
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- DES
- 3DES
- RC4
- AES
- Blowfish
- Twofish
- Diffie-Hellman
- RSA
- ECC
- Collisions
- SHA
- MD5
- RIPEMD
- HMAC
- SSL/TLS and HTTPS
- SSH
- IPSec
- Wi-Fi Authentication
- PGP/GPG
- NTLM and NTLMv2
- One-time Pads (OTP)
- CHAP and PAP
- Whole Disk Encryption
- Comparative Strengths of Algorithms
- What We Covered
-
Lesson Clips
- Introduction
- Public Key Infrastructure (PKI) Overview
- Digital Certificates
- Certificate Authorities (CA)
- How PKI Works
- Registration Authorities
- Certificate Revocation Lists (CRL)
- Recovery Agents
- Key Escrow
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- Publicly Trusted Certificate Authorities
- Internal Certificate Authorities
- Working with Registration Authorities
- Key Management
- Certificate Management
- Trust Models
- Key Terms You Should Know
- What We Covered
-
Lesson Clips
- Introduction
- About the Exam
- Mapping Exam Objectives to this Course
- Studying for the Exam
- Test Day Tips
-
Lesson Clips
- Introduction
- What We Have Covered in This Course
- My Favorite Supporting Resources
- Get Certified
- Continue Learning
- Join the Community
Instructor
Lisa Szpunar
Lisa started her career in education as an elementary school computer teacher and librarian, but as the most technically savvy person in the school she also took over the helpdesk and network administer roles, concurrently launching her career in IT. Lisa specializes in systems design and security, and holds a Master of Science in Computer Science degree as well as a Bachelor degree in Education. Her fun and engaging teaching style makes learning complex concepts a snap. Working for TrainSignal, Lisa gets to live out both of her passions for technology and education. She gets to keep up with the latest technologies and help her students do the same.
