Course Description:

This course is targeted toward an Information Technology (IT) professional who has

networking and administrative skills in Windows-based TCP/IP networks and familiarity with

other operating systems, such as NetWare, Macintosh, UNIX/Linux, and OS/2, who wants to:

further a career in IT by acquiring a foundational knowledge of security topics; prepare for the

CompTIA Security+ Certification examination; or use Security+ as the foundation for

advanced security certifications or career roles.

Prerequisite:

CompTIA A+ and Network+ certifications, or equivalent knowledge, and six to nine months

experience in networking

Course Objectives:

Upon successful completion of this course, students will be able to:

• identify fundamental concepts of computer security.

• identify security threats.

• harden internal systems and services.

• harden internetwork devices and services.

• secure network communications.

• manage public key infrastructure (PKI).

• manage certificates.

• enforce organizational security policies.

• monitor the security infrastructure.

Rationale:

A vendor and product neutral course which will earn the student an established industry

credential that validates their network and server expertise. Will serve as a jumping off point

for higher level certifications.

Evaluation:

Those who participate in class discussions, complete class labs and miss no more than

three class meetings will be awarded 4.0 continuing education units. Ultimate evaluation of

ITSY 1091 SecurityPlus.doc Page 2 of 8

the student will be their successfully passing the CompTIA Security + (2008 edition) (SY0-

201) examination.

Books Required: (Available at ACC Rio Grande book store)

Security+®: A CompTIA® Certification (2008 Objectives); Element K

Proposed Schedule

Lesson 1: Security Fundamentals

Topic 1A: Security Building Blocks

Security Goals – The CIA Triad

Security Factors – The Four A's

Threats

Vulnerabilities

Access Control Methods

Access Control Principles

Privilege Management

Topic 1B: Authentication Methods

Authentication Factors

User Name/Password Authentication

Challenge Handshake Authentication Protocol (CHAP)

Kerberos

Tokens

Biometrics

Multi-Factor Authentication

Mutual Authentication

Topic 1C: Cryptography Fundamentals

Encryption

Encryption Algorithms

Keys

Hashing Encryption

Hashing Encryption Algorithms

Symmetric Encryption

Asymmetric Encryption

Cipher Types

Symmetric Encryption Algorithms

Asymmetric Encryption Algorithms

Digital Signatures

Topic 1D: Security Policy Fundamentals

Security Policies

Security Policy Components

Security Policy Issues

Common Security Policy Types

Security Document Categories

Documentation Handling Measures

Lesson 2: Security Threats

Topic 2A: Social Engineering

ITSY 1091 SecurityPlus.doc Page 3 of 8

Social Engineering Attacks

Social Engineering Types

Hackers, Crackers, and Attackers

Attacker Types

Topic 2B: Software-Based Threats

Software Attacks

Malicious Code Attacks

Types of Malicious Code

Default Security Attacks

Software Exploitation Attacks

Types of Software Exploitation Attacks

Misuse of Privilege Attacks

Password Attacks

Types of Password Attacks

Backdoor Attacks

Topic 2C: Network-based Threats

Port Scanning Attacks

Eavesdropping Attacks

IP Spoofing Attacks

Hijacking Attacks

Replay Attacks

Man-in-the-Middle Attacks

Denial of Service (DoS) Attacks

Distributed Denial of Service (DDoS) Attacks

Types of DoS Attacks

Domain Name Kiting

DNS and ARP Poisoning

Topic 2D: Hardware-Based Threats

Hardware Attacks

Specific Device Vulnerabilities

Storage Media Vulnerabilities

Lesson 3: Hardening Internal Systems and Services

Topic 3A: Harden Operating Systems

System Vulnerabilities

System Vulnerability Categories

Hardening

Security Baselines

System Updates

Windows Security Policies

Patches

Windows Auditing

Services, NLMs, and Daemons

Service, NLM, and Daemon Vulnerabilities

Security Templates

Anti-Virus Software

Virtualization Technology

Topic 3B: Harden Directory Services

ITSY 1091 SecurityPlus.doc Page 4 of 8

Directory Services

Common Directory Services

Lightweight Directory Access Protocol (LDAP)

Directory Service Vulnerabilities

Topic 3C: Harden DHCP Servers

Dynamic Host Configuration Protocol (DHCP)

DHCP Vulnerabilities

Topic 3D: Harden File and Print Servers

File and Print Server Vulnerabilities

The Server Message Block (SMB) Protocol

SMB Signing

Lesson 4: Hardening Internetwork Devices and Services

Topic 4A: Secure the IP Infrastructure

Subnetting

Network Address Translation (NAT)

IP Vulnerabilities

Vampire Taps

Topic 4B: Harden the Network Infrastructure

Internetwork Devices

Unnecessary Network Protocols

Network Access Control (NAC)

Firmware Updates

Internetwork Device Vulnerabilities

Demilitarized Zones (DMZs)

Intranets

Extranets

Virtual LANs (VLANs)

Network Media

Network Media Vulnerabilities

Topic 4C: Harden DNS and BIND Servers

DNS

DNS and BIND Vulnerabilities

Topic 4D: Harden Web Servers

HTTP

Web Server Authentication

Web Server Authentication Methods

Web Server Vulnerabilities

Topic 4E: Harden File Transfer Protocol (FTP) Servers

FTP

FTP Vulnerabilities

Secure Shell (SSH)

Secure FTP (SFTP)

Topic 4F: Harden Network News Transfer Protocol (NNTP) Servers

NNTP

NNTP Vulnerabilities

Topic 4G: Harden Email Servers

Simple Mail Transfer Protocol (SMTP)

ITSY 1091 SecurityPlus.doc Page 5 of 8

Email Vulnerabilities

Pretty Good Privacy (PGP)

Secure Multipurpose Internet Mail Extensions (S/MIME)

SPAM

Anti-SPAM Software

Topic 4H: Harden Conferencing and Messaging Servers

Conferencing and Messaging Vulnerabilities

Lesson 5: Securing Network Communications

Topic 5A: Protect Network Traffic with IP Security (IPSec)

IPSec

IPSec Algorithms

IPSec Transport Protocols

Internet Key Exchange (IKE)

Security Associations (SAs)

IPSec Policies

Default IPSec Policies

IPSec Policy Rules

Topic 5B: Secure Wireless Traffic

Wireless Protocol Standards

Wireless Protocol Implementations

Wireless Security Protocols

Wireless Vulnerabilities

Topic 5C: Harden a Web Browser

Browser Vulnerabilities

Internet Explorer Security Settings

Mozilla Firefox Security Settings

Apple Safari Security Settings

Pop-up Blockers

Ad Blockers

Topic 5D: Secure the Network Telephony Infrastructure

Telephony Components

Telecommunications Vulnerabilities

Topic 5E: Secure the Remote Access Channel

Remote Access Methods

Tunneling

Virtual Private Networks (VPNs)

VPN Protocols

VPN Security Protocols

Remote Access Vulnerabilities

Topic 5F: Secure Network Applications

Scripting Methods

Buffer Overflows

Cookies

SMTP Open Relays

P2P

Input Validation

ITSY 1091 SecurityPlus.doc Page 6 of 8

Lesson 6: Managing Public Key Infrastructure (PKI)

Topic 6A: Install a Certificate Authority (CA) Hierarchy

Digital Certificates

Certificate Authentication

Single vs. Dual Certificates

Public Key Infrastructure (PKI)

PKI Components

CA Hierarchies (Trust Models)

The Root CA

Public and Private Roots

Subordinate CAs

Centralized and Decentralized CA Hierarchies

Topic 6B: Harden a Certificate Authority

Certificate Policies

Multiple and Dual Key Pairs

The Certificate Life Cycle

CA Vulnerabilities

Topic 6C: Back Up a CA

Topic 6D: Restore a CA

Lesson 7: Managing Certificates

Topic 7A: Enroll Certificates

The Certificate Enrollment Process

Topic 7B: Secure Network Traffic by Using Certificates

Secure Sockets Layer (SSL)

HTTPS

Transport Layer Security (TLS)

Topic 7C: Renew Certificates

Topic 7D: Revoke Certificates

Certificate Revocation

The Certificate Revocation List (CRL)

Topic 7E: Back Up Certificates and Private Keys

Private Key Protection Methods

Topic 7F: Restore Certificates and Private Keys

Private Key Restoration Methods

Private Key Replacement

Lesson 8: Enforcing Organizational Security Policies

Topic 8A: Perform Risk Assessment

What is Risk?

Risk Identification

The Risk Analysis Process

Risk Types

Vulnerability Assessment

Topic 8B: Enforce Corporate Security Policy Compliance

Due Care

Due Diligence

ITSY 1091 SecurityPlus.doc Page 7 of 8

Due Process

Topic 8C: Enforce Legal Compliance

Legal Requirements

Forensic Requirements

Human Resources (HR) Policies

Topic 8D: Enforce Physical Security Compliance

Physical Security Vulnerabilities

Physical Security Measures

Environmental Controls

Topic 8E: Educate Users

The Employee Education Process

User Security Responsibilities

Topic 8F: Plan for Disaster Recovery

Business Continuity Plans (BCPs)

Disaster Recovery Plans (DRPs)

Service Level Agreements (SLAs)

Alternate Sites

Secure Backups

Secure Recovery

Backup Storage Locations

Single Point of Failure

Redundancy Measures

Topic 8G: Conduct a Security Audit

Security Audit Process

User Access Monitoring

Storage and Retention Policies

Group Policies

Lesson 9: Monitoring the Security Infrastructure

Topic 9A: Scan for Vulnerabilities

The Hacking Process

Ethical Hacking

Vulnerability Assessment Tools

Security Utilities

Types of Vulnerability Scans

Port Ranges

Topic 9B: Monitor for Security Anomalies

Monitoring Methodologies

Network Monitoring Utilities

Intrusion Detection Systems (IDSs)

Host, Network, and Application-based IDS

Passive and Active IDS

Signature and Anomaly IDS Analysis

Intrusion Prevention Systems (IPS)

Topic 9C: Set Up a Honeypot

Honeypots

Types of Honeypots

Topic 9D: Respond to Security Incidents

Attachment	Size
CompTia Security+.pdf	0 bytes