- Security+ SY0-601 Certification
- Security+ SY0-601: Passing the Security+ Exam
- Security+ SY0-601: Definitions and Catchwords
- Security+ SY0-601: 1.0 Threats, Attacks, and Vulnerabilities
- Security+ SY0-601: 1.1 Social Engineering Techniques
- Security+ SY0-601: 1.2 Indicators of Attack
- Security+ SY0-601: 1.3 Application Attacks
- Security+ SY0-601: 1.4: Network Attack Indicators
- Security+ SY0-601: 1.5: Threat Actors, Vectors, and Intelligence Sources
- Security+ SY0-601: 1.6: Vulnerabilities
- Security+ SY0-601: 1.7: Security Assessment
- Security+ SY0-601: 1.8: Penetration Testing
- Security+ SY0-601: 2.0 Architecture and Design
- Security+ SY0-601: 2.1 Enterprise Security Architecture
- Security+ SY0-601: 2.2: Virtualization and Cloud Security
- Security+ SY0-601: 2.3: Secure Application Development, Deployment and Automation
- Security+ SY0-601: 2.4: Authentication and Authorization
- Security+ SY0-601: 2.5: Implementing Cybersecurity Resilience
- Security+ SY0-601: 2.6: Embedded and Specialized Systems
- Security+ SY0-601: 2.7: Physical Security Controls
- Security+ SY0-601: 2.8: Cryptography
- Security+ SY0-601: 3.0: Implementation
- Security+ SY0-601: 3.1 Secure Protocols
- Security+ SY0-601: 3.2: Host and Application Security
- Security+ SY0-601: 3.3: Secure Network Design
- Security+ SY0-601: 3.4: Wi-Fi Security
- Security+ SY0-601: 3.5: Secure Mobile Solutions
- Security+ SY0-601: 3.6: Cybersecurity Solutions in the Cloud
- Security+ SY0-601: 3.7: Identity and Account Management Controls
- Security+ SY0-601: 3.8: Implement Authentication and Authorization Solutions
- Security+ SY0-601: 3.9: Public Key Infrastructure
- Security+ SY0-601: 4.0: Operations and Incident Response
- Security+ SY0-601: 4.1: Tools to Assess Organizational Security
- Security+ SY0-601: 4.2: Policies, Processes, and Procedures for Incident Response
- Security+ SY0-601: 4.3: Appropriate Data Sources for Investigation
- Security+ SY0-601: 4.4: Mitigation Techniques
- Security+ SY0-601: 4.5: Digital Forensics
- Security+ SY0-601: 5.0: Governance, Risk, and Compliance
- Security+ SY0-601: 5.1: Types of Controls
- Security+ SY0-601: 5.2 Regulations, Standards, and Frameworks
- Security+ SY0-601: 5.3: Policies and Organizational Security
- Security+ SY0-601: 5.4: Risk Management Processes and Concepts
- Security+ SY0-601: 5.5: Privacy and Sensitive Data
- Security+: My Favorite Free Tools
- Security+ : Sample Questions
- Passing the CompTIA Exams
- Understanding CompTIA Objectives Using Bloom’s Taxonomy
Chapter 17: Implementing Secure Protocols
Protocols
Domain Name System Security Extensions (DNSSEC)
DNS (UDP 53) –> DNSSEC (TCP 53)
Origin authentication (signatures)
Integrity (signatures/hashing)
Denial of existence
SSH
Telnet (23) –> SSH (22)
Secure/Multipurpose Internet Mail Extensions (S/MIME)
Encryption
Authentication
Integrity
Nonrepudiation
Secure Real-time Transport Protocol (SRTP)
RTP –> SRTP
Lightweight Directory Access Protocol Over SSL (LDAPS)
LDAP –> LDAPS
File Transfer Protocol, Secure (FTPS)
FTP (20,21) –> FTPS (TLS, 989 and 990)
SSH File Transfer Protocol (SFTP using SSH)
FTP (20,21) –> SFTP (SSH, 22)
Simple Network Management Protocol, version 3 (SNMPv3)
SNMPv1 –> SNMPv3
SNMP Proxy Agents:
https://www.dpstele.com/snmp/8things-you-need-to-know.php
Hypertext transfer protocol over SSL/TLS (HTTPS)
HTTP (80) –> HTTPS (443)
IPSec
Authentication header (AH)
Encapsulating Security Payloads (ESP)
Tunnel mode
Transport mode
Post Office Protocol (POP3, 110)
Secure POP3 (995)
Internet Message Access Protocol (IMAP4, 143)
Secure IMAP (993)
Use Cases
Voice and video (streaming media, VOIP)
RTP vs. SRTP
Time synchronization (NTP, 123)
Email and web
File transfer
Directory services
Remote access
Domain name resolution
Routing and switching
Network address allocation
Subscription services
SaaS