Security+ Certification

Objectives A basic understanding of security issues Familiarity with encryption, secure remote connections and protocols Successful preparation to pass the CompTIA Security+ Certification Exam Text: CompTIA Security+ Certification, CompTIA Press Get the Security+ Exam Objectives at http://certification.comptia.org/Training/testingcenters/examobjectives.aspx Day 1 Introductions, skill assessment Chapter 1: Mitigating threats Chapter 2: Cryptography Day 2 Chapter 3: Authentication systems …

1.0 Network Security

Domain 1.0 Network Security – 21% Hardening networks: Firmware upgrades Computers, routers and other network equipment store fixed firmware in ROM modules, including: Erasable Programmable Read-Only Memory (EPROM) Electronically Erasable Programmable Read-Only Memory (EEPROM) Computer manufacturers (such as Dell), chipset manufacturers (such as Intel) and router manufacturers (such as Cisco) frequently issue firmware updates. The …

4.0 Application, Data and Host Security

Domain 4.0 – Application, Data and Host Security – 16% System Security is our initial set of best practices. It includes: Disabling non-essential systems and services Hardening operating systems by Applying updates and Securing file systems Hardening applications by Hardening servers (daemons or services) and Hardening data stores Hardening networks through Firmware upgrades and Secure …

5.0 Access Control and Identity Management

Domain 5.0 Access Control and Identity Management – 13% Authentication, Access Control & Auditing Know For The Security+ Test: The three “pillars” or “foundations” of information security are Authentication, Access Control and Auditing. (The mnemonic “AAA” may help you remember.) Authentication: By What You Know – A password, PIN, or mother’s maiden name By What …

6.0 Cryptography

Domain 6.0 Cryptography – 11%   Symmetric Cyphers Type Block or Stream Key Rounds Details DES 64 bit block 56 bit 16 Used in the electronic payment industry. 3DES/TDES/3TDES 64 bit block 56 bit 16 x 3 different keys TDES is used in commercial data transfers. AES (Rijndael – “Rhine doll”) 128 bit block 128/192/256 …

Security+ Security Tools

My Favorite Free Security Tools Command-Line Tools Command Description Example Explanation Linux dig Queries DNS servers for host name/IP address mappings. dig dig <hostname> Queries hosts listed in /etc/resolve.conf or the host named. ping Requests a response from a host. Keeps going until Ctrl-C. ping google.com Asks the computer handling requests for google.com for a …