IT Security/Collection
IT Security[edit | edit source]
Learning Guide[edit | edit source]
This learning guide supports the Wikiversity course IT Security, available at http://en.wikiversity.org/wiki/IT_Security.
Overview[edit | edit source]
IT Security/Collection/Sidebar IT Security is an information technology topic that includes network security, operational security, threats and vulnerabilities, host security, access control, and cryptography.
This course comprises 6 sections and 33 lessons covering IT security. Each lesson includes a combination of Wikipedia readings, YouTube videos, and hands-on learning activities. The course also assists learners in preparing for CompTIA Security+ Certification.
Preparation[edit | edit source]
This is a fourth-semester, college-level course. Learners should already be familiar with introductory computer concepts, computer support concepts, and computer networking concepts.
Lessons[edit | edit source]
See Also[edit | edit source]
- Computer Skills
- Internet and Computing Core Certification (IC3)
- IT Fundamentals
- Computer Support
- Computer Networks
- Exam 98-367: Security Fundamentals
- Computer Security
- Wikibooks: Security+ Certification
External Links[edit | edit source]
References[edit | edit source]
- CompTIA: Security+ Certification Exam Objectives - Exam SY0-401
- CompTIA: Security+ Certification Exam Objectives - Exam SY0-501
- Ciampa, Mark (2015). CompTIA Security+ Guide to Network Security Fundamentals, 5th Edition. Cengage. ISBN 9781305093911
Network Security[edit | edit source]
This lesson covers network device security.
Objectives and Skills[edit | edit source]
Objectives and skills for the network devices portion of Security+ certification include:[1]
- Implement security configuration parameters on network devices and other technologies.
- Firewalls
- Routers
- Switches
- Load Balancers
- Proxies
- Web security gateways
- VPN concentrators
- NIDS and NIPS
- Behavior based
- Signature based
- Anomaly based
- Heuristic
- Protocol analyzers
- Spam filter
- UTM security appliances
- URL filter
- Content inspection
- Malware inspection
- Web application firewall vs. network firewall
- Application aware devices
- Firewalls
- IPS
- IDS
- Proxies
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Routers, Firewalls, and Switches - CompTIA Security+ SY0-401: 1.1
- YouTube: Load Balancers and Proxies - CompTIA Security+ SY0-401: 1.1
- YouTube: Web Security Gateways and UTMs - CompTIA Security+ SY0-401: 1.1
- YouTube: VPN Concentrators - CompTIA Security+ SY0-401: 1.1
- YouTube: Application-Aware Security Devices - CompTIA Security+ SY0-401: 1.1
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers network administration security.
Objectives and Skills[edit | edit source]
Objectives and skills for the network administration portion of Security+ certification include:[1]
- Given a scenario, use secure network administration principles.
- Rule-based management
- Firewall rules
- VLAN management
- Secure router configuration
- Access control lists
- Port Security
- 802.1x
- Flood guards
- Loop protection
- Implicit deny
- Network separation
- Log analysis
- Unified Threat Management
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Firewall Rules - CompTIA Security+ SY0-401: 1.2
- YouTube: VLAN Management - CompTIA Security+ SY0-401: 1.2
- YouTube: Spanning Tree Protocol and Loop Protection - CompTIA Security+ SY0-401: 1.2
- YouTube: Secure Router Configuration - CompTIA Security+ SY0-401: 1.2
- YouTube: Access Control Lists - CompTIA Security+ SY0-401: 1.2
- YouTube: Port Security and 802.1X - CompTIA Security+ SY0-401: 1.2
- YouTube: Flood Guards - CompTIA Security+ SY0-401: 1.2
- YouTube: Network Separation - CompTIA Security+ SY0-401: 1.2
- YouTube: Log Analysis - CompTIA Security+ SY0-401: 1.2
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers network design security.
Objectives and Skills[edit | edit source]
Objectives and skills for the network design portion of Security+ certification include:[1]
- Explain network design elements and components.
- DMZ
- Subnetting
- VLAN
- NAT
- Remote Access
- Telephony
- NAC
- Virtualization
- Cloud Computing
- Platform as a Service
- Software as a Service
- Infrastructure as a Service
- Private
- Public
- Hybrid
- Community
- Layered security / Defense in depth
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: DMZ - CompTIA Security+ SY0-401: 1.3
- YouTube: Subnetting the Network - CompTIA Security+ SY0-401: 1.3
- YouTube: VLANs - CompTIA Security+ SY0-401: 1.3
- YouTube: Network Address Translation - CompTIA Security+ SY0-401: 1.3
- YouTube: Remote Access - CompTIA Security+ SY0-401: 1.3
- YouTube: Telephony - CompTIA Security+ SY0-401: 1.3
- YouTube: Network Access Control - CompTIA Security+ SY0-401: 1.3
- YouTube: Virtualization - CompTIA Security+ SY0-401: 1.3
- YouTube: Cloud Computing - CompTIA Security+ SY0-401: 1.3
- YouTube: Defense in Depth - CompTIA Security+ SY0-401: 1.3
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers network protocols security.
Objectives and Skills[edit | edit source]
Objectives and skills for the network protocols portion of Security+ certification include:[1]
- Given a scenario, implement common protocols and services.
- Protocols
- IPSec
- SNMP
- SSH
- DNS
- TLS
- SSL
- TCP/IP
- FTPS
- HTTPS
- SCP
- ICMP
- IPv4
- IPv6
- iSCSI
- Fibre Channel
- FCoE
- FTP
- SFTP
- TFTP
- TELNET
- HTTP
- NetBIOS
- NTP
- Ports
- 21
- 22
- 25
- 53
- 80
- 110
- 123
- 139
- 143
- 443
- 3389
- OSI relevance
- Protocols
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: IPv4 and IPv6 - CompTIA Security+ SY0-401: 1.4
- YouTube: IPsec - CompTIA Security+ SY0-401: 1.4
- YouTube: ICMP and SNMP - CompTIA Security+ SY0-401: 1.4
- YouTube: Telnet and SSH - CompTIA Security+ SY0-401: 1.4
- YouTube: Transferring Files - CompTIA Security+ SY0-401: 1.4
- YouTube: DNS - CompTIA Security+ SY0-401: 1.4
- YouTube: HTTPS and TLS/SSL - CompTIA Security+ SY0-401: 1.4
- YouTube: Storage Area Networking - CompTIA Security+ SY0-401: 1.4
- YouTube: NetBIOS - CompTIA Security+ SY0-401: 1.4
- YouTube: Common Network Ports - CompTIA Security+ SY0-401: 1.4
- YouTube: Protocols and the OSI Model - CompTIA Security+ SY0-401: 1.4
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers wireless network security.
Objectives and Skills[edit | edit source]
Objectives and skills for the wireless network portion of Security+ certification include:[1]
- Given a scenario, troubleshoot security issues related to wireless networking.
- WPA
- WPA2
- WEP
- EAP
- PEAP
- LEAP
- MAC filter
- Disable SSID broadcast
- TKIP
- CCMP
- Antenna Placement
- Power level controls
- Captive portals
- Antenna types
- Site surveys
- VPN (over open wireless)
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Wireless Encryption - CompTIA Security+ SY0-401: 1.5
- YouTube: EAP, LEAP, and PEAP - CompTIA Security+ SY0-401: 1.5
- YouTube: MAC Address Filtering - CompTIA Security+ SY0-401: 1.5
- YouTube: SSID Management - CompTIA Security+ SY0-401: 1.5
- YouTube: TKIP and CCMP - CompTIA Security+ SY0-401: 1.5
- YouTube: Wireless Power and Antenna Placement - CompTIA Security+ SY0-401: 1.5
- YouTube: Captive Portals - CompTIA Security+ SY0-401: 1.5
- YouTube: Antenna Types - CompTIA Security+ SY0-401: 1.5
- YouTube: Site Surveys - CompTIA Security+ SY0-401: 1.5
- YouTube: VPN Over Open Wireless Networks - CompTIA Security+ SY0-401: 1.5
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
Operational Security[edit | edit source]
This lesson covers risk concepts.
Objectives and Skills[edit | edit source]
Objectives and skills for the risk concepts portion of Security+ certification include:[1]
- Explain the importance of risk related concepts.
- Control types
- Technical
- Management
- Operational
- False positives
- False negatives
- Importance of policies in reducing risk
- Privacy policy
- Acceptable use
- Security policy
- Mandatory vacations
- Job rotation
- Separation of duties
- Least privilege
- Risk calculation
- Likelihood
- ALE
- Impact
- SLE
- ARO
- MTTR
- MTTF
- MTBF
- Quantitative vs. qualitative
- Vulnerabilities
- Threat vectors
- Probability / threat likelihood
- Risk-avoidance, transference, acceptance, mitigation, deterrence
- Risks associated with Cloud Computing and Virtualization
- Recovery time objective and recovery point objective
- Control types
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Control Types - CompTIA Security+ SY0-401: 2.1
- YouTube: False Positives and False Negatives - CompTIA Security+ SY0-401: 2.1
- YouTube: Reducing Risk with Security Policies - CompTIA Security+ SY0-401: 2.1
- YouTube: Calculating Risk - CompTIA Security+ SY0-401: 2.1
- YouTube: Quantitative and Qualitative Risk Assessment - CompTIA Security+ SY0-401: 2.1
- YouTube: Vulnerabilities, Threat Vectors, and Probability - CompTIA Security+ SY0-401: 2.1
- YouTube: Risk Avoidance - CompTIA Security+ SY0-401: 2.1
- YouTube: Risks with Cloud Computing and Virtualization - CompTIA Security+ SY0-401: 2.1
- YouTube: Recovery Time Objectives - CompTIA Security+ SY0-401: 2.1
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers systems integration security.
Objectives and Skills[edit | edit source]
Objectives and skills for the systems integration portion of Security+ certification include:[1]
- Summarize the security implications of integrating systems and data with third parties.
- On-boarding/off-boarding business partners
- Social media networks and/or applications
- Interoperability agreements
- SLA
- BPA
- MOU
- ISA
- Privacy considerations
- Risk awareness
- Unauthorized data sharing
- Data ownership
- Data backups
- Follow security policy and procedures
- Review agreement requirements to verify compliance and performance standards
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: On-boarding and Off-boarding Business Partners - CompTIA Security+ SY0-401: 2.2
- YouTube: Security Implications of Social Media - CompTIA Security+ SY0-401: 2.2
- YouTube: Interoperability Agreements - CompTIA Security+ SY0-401: 2.2
- YouTube: Privacy Considerations and Data Ownership with Third Parties - CompTIA Security+ SY0-401: 2.2
- YouTube: Risk Awareness with Third Parties - CompTIA Security+ SY0-401: 2.2
- YouTube: Data Ownership and Unauthorized Data Sharing - CompTIA Security+ SY0-401: 2.2
- YouTube: Data Backups with Third Parties - CompTIA Security+ SY0-401: 2.2
- YouTube: Security Policy Considerations with Third Parties - CompTIA Security+ SY0-401: 2.2
- YouTube: Third-Party Security Compliance - CompTIA Security+ SY0-401: 2.2
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers risk mitigation.
Objectives and Skills[edit | edit source]
Objectives and skills for the risk mitigation portion of Security+ certification include:[1]
- Given a scenario, implement appropriate risk mitigation strategies.
- Change management
- Incident management
- User rights and permissions reviews
- Perform routine audits
- Enforce policies and procedures to prevent data loss or theft
- Enforce technology controls
- Data Loss Prevention (DLP)
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Change Management - CompTIA Security+ SY0-401: 2.3
- YouTube: Incident Management - CompTIA Security+ SY0-401: 2.3
- YouTube: User Rights and Permissions - CompTIA Security+ SY0-401: 2.3
- YouTube: Security Audits - CompTIA Security+ SY0-401: 2.3
- YouTube: Data Loss and Theft Policies - CompTIA Security+ SY0-401: 2.3
- YouTube: Data Loss Prevention - CompTIA Security+ SY0-401: 2.3
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers forensics procedures.
Objectives and Skills[edit | edit source]
Objectives and skills for the forensics procedures portion of Security+ certification include:[1]
- Given a scenario, implement basic forensic procedures.
- Order of volatility
- Capture system image
- Network traffic and logs
- Capture video
- Record time offset
- Take hashes
- Screenshots
- Witnesses
- Track man hours and expense
- Chain of custody
- Big Data analysis
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Order of Volatility - CompTIA Security+ SY0-401: 2.4
- YouTube: Capturing System Images - CompTIA Security+ SY0-401: 2.4
- YouTube: Capturing Network Traffic and Logs - CompTIA Security+ SY0-401: 2.4
- YouTube: Capturing Video - CompTIA Security+ SY0-401: 2.4
- YouTube: Recording Time Offsets - CompTIA Security+ SY0-401: 2.4
- YouTube: Taking Hashes - CompTIA Security+ SY0-401: 2.4
- YouTube: Taking Screenshots - CompTIA Security+ SY0-401: 2.4
- YouTube: Interviewing Witnesses - CompTIA Security+ SY0-401: 2.4
- YouTube: Tracking Man-Hours and Expenses - CompTIA Security+ SY0-401: 2.4
- YouTube: Chain of Custody - CompTIA Security+ SY0-401: 2.4
- YouTube: Big Data Analysis - CompTIA Security+ SY0-401: 2.4
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers incident response.
Objectives and Skills[edit | edit source]
Objectives and skills for the incident response portion of Security+ certification include:[1]
- Summarize common incident response procedures.
- Preparation
- Incident identification
- Escalation and notification
- Mitigation steps
- Lessons learned
- Reporting
- Recovery/reconstitution procedures
- First responder
- Incident isolation
- Quarantine
- Device removal
- Data breach
- Damage and loss control
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Preparing for an Incident - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Identification - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Escalation and Notification - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Mitigation and Isolation - CompTIA Security+ SY0-401: 2.5
- YouTube: Lessons Learned from Incidents - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Reporting - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Recovery and Reconstitution - CompTIA Security+ SY0-401: 2.5
- YouTube: First Responder - CompTIA Security+ SY0-401: 2.5
- YouTube: Data Breaches - CompTIA Security+ SY0-401: 2.5
- YouTube: Incident Damage and Loss Control - CompTIA Security+ SY0-401: 2.5
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers security training.
Objectives and Skills[edit | edit source]
Objectives and skills for the security training portion of Security+ certification include:[1]
- Explain the importance of security related awareness and training.
- Security policy training and procedures
- Role-based training
- Personally identifiable information
- Information classification
- High
- Medium
- Low
- Confidential
- Private
- Public
- Data labeling, handling and disposal
- Compliance with laws, best practices and standards
- User habits
- Password behaviors
- Data handling
- Clean desk policies
- Prevent tailgating
- Personally owned devices
- New threats and new security trends/alerts
- New viruses
- Phishing attacks
- Zero-day exploits
- Use of social networking and P2P
- Follow up and gather training metrics to validate compliance and security posture
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Security Policy Training and Procedures - CompTIA Security+ SY0-401: 2.6
- YouTube: Personally Identifiable Information - CompTIA Security+ SY0-401: 2.6
- YouTube: Information Classification - CompTIA Security+ SY0-401: 2.6
- YouTube: Data Labeling, Handling, and Disposal - CompTIA Security+ SY0-401: 2.6
- YouTube: Compliance Best-Practices and Standards - CompTIA Security+ SY0-401: 2.6
- YouTube: User Habits - CompTIA Security+ SY0-401: 2.6
- YouTube: New Threats and Security Trends - CompTIA Security+ SY0-401: 2.6
- YouTube: Social Networking and Peer-to-Peer Security - CompTIA Security+ SY0-401: 2.6
- YouTube: Gathering Training Metrics - CompTIA Security+ SY0-401: 2.6
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers physical security.
Objectives and Skills[edit | edit source]
Objectives and skills for the physical security portion of Security+ certification include:[1]
- Compare and contrast physical security and environmental controls.
- Environmental controls
- HVAC
- Fire suppression
- EMI shielding
- Hot and cold aisles
- Environmental monitoring
- Temperature and humidity controls
- Physical security
- Hardware locks
- Mantraps
- Video Surveillance
- Fencing
- Proximity readers
- Access list
- Proper lighting
- Signs
- Guards
- Barricades
- Biometrics
- Protected distribution (cabling)
- Alarms
- Motion detection
- Control types
- Deterrent
- Preventive
- Detective
- Compensating
- Technical
- Administrative
- Environmental controls
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: HVAC, Temperature, and Humidity Controls - CompTIA Security+ SY0-401: 2.7
- YouTube: Fire Suppression - CompTIA Security+ SY0-401: 2.7
- YouTube: EMI Shielding - CompTIA Security+ SY0-401: 2.7
- YouTube: Hot and Cold Aisles - CompTIA Security+ SY0-401: 2.7
- YouTube: Environmental Monitoring - CompTIA Security+ SY0-401: 2.7
- YouTube: Physical Security - CompTIA Security+ SY0-401: 2.7
- YouTube: Physical Security Control Types - CompTIA Security+ SY0-401: 2.7
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers risk management best practices.
Objectives and Skills[edit | edit source]
Objectives and skills for the risk management best practies portion of Security+ certification include:[1]
- Summarize risk management best practices.
- Business continuity concepts
- Business impact analysis
- Identification of critical systems and components
- Removing single points of failure
- Business continuity planning and testing
- Risk assessment
- Continuity of operations
- Disaster recovery
- IT contingency planning
- Succession planning
- High availability
- Redundancy
- Tabletop exercises
- Fault tolerance
- Hardware
- RAID: software (mdadm) or hardware
- Clustering
- Load balancing
- Servers
- Disaster recovery concepts
- Backup plans/policies
- Backup execution/frequency
- Cold site
- Hot site
- Warm site
- Business continuity concepts
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Business Impact Analysis - CompTIA Security+ SY0-401: 2.8
- YouTube: Critical Systems and Components - CompTIA Security+ SY0-401: 2.8
- YouTube: Redundancy and Single Points of Failure - CompTIA Security+ SY0-401: 2.8
- YouTube: Continuity of Operations - CompTIA Security+ SY0-401: 2.8
- YouTube: Disaster Recovery Planning and Testing - CompTIA Security+ SY0-401: 2.8
- YouTube: IT Contingency Planning - CompTIA Security+ SY0-401: 2.8
- YouTube: Succession Planning - CompTIA Security+ SY0-401: 2.8
- YouTube: Tabletop Exercises - CompTIA Security+ SY0-401: 2.8
- YouTube: Redundancy, Fault Tolerance, and High Availability - CompTIA Security+ SY0-401: 2.8
- YouTube: Cold Site, Hot Site, and Warm Site - CompTIA Security+ SY0-401: 2.8
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers security controls.
Objectives and Skills[edit | edit source]
Objectives and skills for the security controls portion of Security+ certification include:[1]
- Given a scenario, select the appropriate control to meet the goals of security.
- Confidentiality
- Encryption
- Access controls
- Steganography
- Integrity
- Hashing
- Digital signatures
- Certificates
- Non-repudiation
- Availability
- Redundancy
- Fault tolerance
- Patching
- Safety
- Fencing
- Lighting
- Locks
- CCTV
- Escape plans
- Drills
- Escape routes
- Testing controls
- Confidentiality
Readings[edit | edit source]
Multimedia[edit | edit source]
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
Threats[edit | edit source]
This lesson covers malware.
Objectives and Skills[edit | edit source]
Objectives and skills for the malware portion of Security+ certification include:[1]
- Explain types of malware.
- Adware
- Virus
- Spyware
- Trojan
- Rootkits
- Backdoors
- Logic bomb
- Botnets
- Ransomware
- Polymorphic malware
- Armored virus
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Malware Overview - CompTIA Security+ SY0-401: 3.1
- YouTube: Viruses and Worms - CompTIA Security+ SY0-401: 3.1
- YouTube: Adware and Spyware - CompTIA Security+ SY0-401: 3.1
- YouTube: Trojans and Backdoors - CompTIA Security+ SY0-401: 3.1
- YouTube: Rootkits - CompTIA Security+ SY0-401: 3.1
- YouTube: Logic Bombs - CompTIA Security+ SY0-401: 3.1
- YouTube: Botnets - CompTIA Security+ SY0-401: 3.1
- YouTube: Ransomware - CompTIA Security+ SY0-401: 3.1
- YouTube: Polymorphic Malware - CompTIA Security+ SY0-401: 3.1
- YouTube: Armored Virus - CompTIA Security+ SY0-401: 3.1
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers attacks.
Objectives and Skills[edit | edit source]
Objectives and skills for the attacks portion of Security+ certification include:[1]
- Summarize various types of attacks.
- Man-in-the-middle
- DDoS
- DoS
- Replay
- Smurf attack
- Spoofing
- Spam
- Phishing
- Spim
- Vishing
- Spear phishing
- Xmas attack
- Pharming
- Privilege escalation
- Malicious insider threat
- DNS poisoning and ARP poisoning
- Transitive access
- Client-side attacks
- Password attacks
- Brute force
- Dictionary attacks
- Hybrid
- Birthday attacks
- Rainbow tables
- Typo squatting/URL hijacking
- Watering hole attack
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Man-in-the-Middle Attacks - CompTIA Security+ SY0-401: 3.2
- YouTube: Denial of Service - CompTIA Security+ SY0-401: 3.2
- YouTube: Replay Attacks - CompTIA Security+ SY0-401: 3.2
- YouTube: Spoofing - CompTIA Security+ SY0-401: 3.2
- YouTube: Spam - CompTIA Security+ SY0-401: 3.2
- YouTube: Phishing - CompTIA Security+ SY0-401: 3.2
- YouTube: Vishing - CompTIA Security+ SY0-401: 3.2
- YouTube: Christmas Tree Attack - CompTIA Security+ SY0-401: 3.2
- YouTube: Privilege Escalation - CompTIA Security+ SY0-401: 3.2
- YouTube: Insider Threats - CompTIA Security+ SY0-401: 3.2
- YouTube: Transitive and Client-side Attacks - CompTIA Security+ SY0-401: 3.2
- YouTube: Password Attacks - CompTIA Security+ SY0-401: 3.2
- YouTube: URL Hijacking - CompTIA Security+ SY0-401: 3.2
- YouTube: Watering Hole Attack - CompTIA Security+ SY0-401: 3.2
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers social engineering.
Objectives and Skills[edit | edit source]
Objectives and skills for the social engineering portion of Security+ certification include:[1]
- Summarize social engineering attacks and the associated effectiveness with each attack.
- Shoulder surfing
- Dumpster diving
- Tailgating
- Impersonation
- Hoaxes
- Whaling
- Vishing
- Principles (reasons for effectiveness)
- Authority
- Intimidation
- Consensus/Social proof
- Scarcity
- Urgency
- Familiarity/liking
- Trust
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Shoulder Surfing - CompTIA Security+ SY0-401: 3.3
- YouTube: Dumpster Diving - CompTIA Security+ SY0-401: 3.3
- YouTube: Tailgating - CompTIA Security+ SY0-401: 3.3
- YouTube: Impersonation - CompTIA Security+ SY0-401: 3.3
- YouTube: Hoaxes - CompTIA Security+ SY0-401: 3.3
- YouTube: Whaling - CompTIA Security+ SY0-401: 3.3
- YouTube: The Effectiveness of Social Engineering - CompTIA Security+ SY0-401: 3.3
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers wireless attacks.
Objectives and Skills[edit | edit source]
Objectives and skills for the wireless attacks portion of Security+ certification include:[1]
- Explain types of wireless attacks.
- Rogue access points
- Jamming/Interference
- Evil twin
- War driving
- Bluejacking
- Bluesnarfing
- War chalking
- IV attack
- Packet sniffing
- Near field communication
- Replay attacks
- WEP/WPA attacks
- WPS attacks
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Rogue Access Points and Evil Twins - CompTIA Security+ SY0-401: 3.4
- YouTube: Wireless Interference - CompTIA Security+ SY0-401: 3.4
- YouTube: Wardriving and Warchalking - CompTIA Security+ SY0-401: 3.4
- YouTube: Bluejacking and Bluesnarfing - CompTIA Security+ SY0-401: 3.4
- YouTube: Wireless IV Attacks - CompTIA Security+ SY0-401: 3.4
- YouTube: Wireless Packet Analysis - CompTIA Security+ SY0-401: 3.4
- YouTube: Near Field Communication - CompTIA Security+ SY0-401: 3.4
- YouTube: Wireless Replay and WEP Attacks - CompTIA Security+ SY0-401: 3.4
- YouTube: WPA Attacks - CompTIA Security+ SY0-401: 3.4
- YouTube: WPS Attacks - CompTIA Security+ SY0-401: 3.4
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers application attacks.
Objectives and Skills[edit | edit source]
Objectives and skills for the application attacks portion of Security+ certification include:[1]
- Explain types of application attacks.
- Cross-site scripting
- SQL injection
- LDAP injection
- XML injection
- Directory traversal/command injection
- Buffer overflow
- Integer overflow
- Zero-day
- Cookies and attachments
- LSO (Locally Shared Objects)
- Flash Cookies
- Malicious add-ons
- Session hijacking
- Header manipulation
- Arbitrary code execution / remote code execution
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Cross-Site Scripting - CompTIA Security+ SY0-401: 3.5
- YouTube: SQL Injection, XML Injection, and LDAP Injection - CompTIA Security+ SY0-401: 3.5
- YouTube: Directory Traversal and Command Injection - CompTIA Security+ SY0-401: 3.5
- YouTube: Buffer Overflows and Integer Overflows - CompTIA Security+ SY0-401: 3.5
- YouTube: Zero-Day Attacks - CompTIA Security+ SY0-401: 3.5
- YouTube: Cookies, Header Manipulation, and Session Hijacking - CompTIA Security+ SY0-401: 3.5
- YouTube: Locally Shared Objects and Flash Cookies - CompTIA Security+ SY0-401: 3.5
- YouTube: Malicious Add-ons and Attachments - CompTIA Security+ SY0-401: 3.5
- YouTube: Arbitrary and Remote Code Execution - CompTIA Security+ SY0-401: 3.5
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers threat mitigation.
Objectives and Skills[edit | edit source]
Objectives and skills for the threat mitigation portion of Security+ certification include:[1]
- Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.
- Monitoring system logs
- Event logs
- Audit logs
- Security logs
- Access logs
- Hardening
- Disabling unnecessary services
- Protecting management interfaces and applications
- Password protection
- Disabling unnecessary accounts
- Network security
- MAC limiting and filtering
- 802.1x
- Disabling unused interfaces and unused application service ports
- Rogue machine detection
- Security posture
- Initial baseline configuration
- Continuous security monitoring
- Remediation
- Reporting
- Alarms
- Alerts
- Trends
- Detection controls vs. prevention controls
- Intrusion Detection Systems (IDS) vs. Intrusion Prevention Systems (IPS)
- Camera vs. guard
- Monitoring system logs
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Monitoring System Logs - CompTIA Security+ SY0-401: 3.6
- YouTube: Operating System Hardening - CompTIA Security+ SY0-401: 3.6
- YouTube: Physical Port Security - CompTIA Security+ SY0-401: 3.6
- YouTube: Security Posture - CompTIA Security+ SY0-401: 3.6
- YouTube: Reporting - CompTIA Security+ SY0-401: 3.6
- YouTube: Detection vs. Prevention - CompTIA Security+ SY0-401: 3.6
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers security tools.
Objectives and Skills[edit | edit source]
Objectives and skills for the security tools portion of Security+ certification include:[1]
- Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.
- Interpret results of security assessment tools
- Tools
- Protocol analyzer
- Vulnerability scanner
- Honeypots
- Honeynets
- Port scanner
- Passive vs. active tools
- Banner grabbing
- Risk calculations
- Threat vs. likelihood
- Assessment types
- Risk
- Threat
- Vulnerability
- Assessment technique
- Baseline reporting
- Code review
- Determine attack surface
- Review architecture
- Review designs
Readings[edit | edit source]
- Wikipedia: Vulnerability Scanner and related articles.
Multimedia[edit | edit source]
- YouTube: Vulnerability Scanning Overview - CompTIA Security+ SY0-401: 3.7
- YouTube: Assessment Tools - CompTIA Security+ SY0-401: 3.7
- YouTube: Assessment Types - CompTIA Security+ SY0-401: 3.7
- YouTube: Assessment Techniques - CompTIA Security+ SY0-401: 3.7
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers security testing.
Objectives and Skills[edit | edit source]
Objectives and skills for the security testing portion of Security+ certification include:[1]
- Explain the proper use of penetration testing versus vulnerability scanning.
- Penetration testing<ref>
- Verify a threat exists
- Bypass security controls
- Actively test security controls
- Exploiting vulnerabilities
- Vulnerability scanning
- Passively testing security controls
- Identify vulnerability
- Identify lack of security controls
- Identify common misconfigurations
- Intrusive vs. non-intrusive
- Credentialed vs. non-credentialed
- False positive
- Black box
- White box
- Gray box
- Penetration testing<ref>
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Penetration Testing - CompTIA Security+ SY0-401: 3.8
- YouTube: Vulnerability Scanning - CompTIA Security+ SY0-401: 3.8
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
Host Security[edit | edit source]
This lesson covers application security.
Objectives and Skills[edit | edit source]
Objectives and skills for the application security portion of Security+ certification include:[1]
- Explain the importance of application security controls and techniques.
- Fuzzing
- Secure coding concepts
- Error and exception handling
- Input validation
- Cross-site scripting prevention
- Cross-site Request Forgery (XSRF) prevention
- Application configuration baseline (proper settings)
- Application hardening
- Application patch management
- NoSQL databases vs. SQL databases
- Server-side vs. Client-side validation
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Fuzzing - CompTIA Security+ SY0-401: 4.1
- YouTube: Secure Coding Concepts - CompTIA Security+ SY0-401: 4.1
- YouTube: Application Configuration Baselining and Hardening - CompTIA Security+ SY0-401: 4.1
- YouTube: Application Patch Management - CompTIA Security+ SY0-401: 4.1
- YouTube: SQL and NoSQL Databases - CompTIA Security+ SY0-401: 4.1
- YouTube: Server-side vs. Client-side Validation - CompTIA Security+ SY0-401: 4.1
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers mobile security.
Objectives and Skills[edit | edit source]
Objectives and skills for the mobile security portion of Security+ certification include:[1]
- Summarize mobile security concepts and technologies.
- Device security
- Full device encryption
- Remote wiping
- Lockout
- Screen-locks
- GPS
- Application control
- Storage segmentation
- Asset tracking
- Inventory control
- Mobile device management
- Device access control
- Removable storage
- Disabling unused features
- Application security
- Key management
- Credential management
- Authentication
- Geo-tagging
- Encryption
- Application whitelisting
- Transitive trust/authentication
- BYOD concerns
- Data ownership
- Support ownership
- Patch management
- Antivirus management
- Forensics
- Privacy
- On-boarding/off-boarding
- Adherence to corporate policies
- User acceptance
- Architecture/infrastructure considerations
- Legal concerns
- Acceptable use policy
- On-board camera/video
- Device security
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Mobile Device Security - CompTIA Security+ SY0-401: 4.2
- YouTube: Mobile Application Security - CompTIA Security+ SY0-401: 4.2
- YouTube: Mobile BYOD Concerns - CompTIA Security+ SY0-401: 4.2
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers host security.
Objectives and Skills[edit | edit source]
Objectives and skills for the host security portion of Security+ certification include:[1]
- Given a scenario, select the appropriate solution to establish host security.
- Operating system security and settings
- OS hardening
- Anti-malware
- Antivirus
- Anti-spam
- Anti-spyware
- Pop-up blockers
- Patch management
- White listing vs. black listing applications
- Trusted OS
- Host-based firewalls
- Host-based intrusion detection
- Hardware security
- Cable locks
- Safe
- Locking cabinets
- Host software baselining
- Virtualization
- Snapshots
- Patch compatibility
- Host availability/elasticity
- Security control testing
- Sandboxing
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Operating System Security and Settings - CompTIA Security+ SY0-401: 4.3
- YouTube: Anti-Malware - CompTIA Security+ SY0-401: 4.3
- YouTube: Patch Management - CompTIA Security+ SY0-401: 4.3
- YouTube: White Listing and Black Listing Applications - CompTIA Security+ SY0-401: 4.3
- YouTube: Trusted Operating Systems - CompTIA Security+ SY0-401: 4.3
- YouTube: Host-based Security - CompTIA Security+ SY0-401: 4.3
- YouTube: Hardware Security - CompTIA Security+ SY0-401: 4.3
- YouTube: Host Software Baselining - CompTIA Security+ SY0-401: 4.3
- YouTube: Virtualization Security - CompTIA Security+ SY0-401: 4.3
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers data security.
Objectives and Skills[edit | edit source]
Objectives and skills for the data security portion of Security+ certification include:[1]
- Implement the appropriate controls to ensure data security.
- Cloud storage
- SAN
- Handling Big Data
- Data encryption
- Full disk
- Database
- Individual files
- Removable media
- Mobile devices
- Hardware based encryption devices
- TPM
- HSM
- USB encryption
- Hard drive
- Data in-transit, Data at-rest, Data in-use
- Permissions/ACL
- Data policies
- Wiping
- Disposing
- Retention
- Storage
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Cloud and SAN Storage Data Security - CompTIA Security+ SY0-401: 4.4
- YouTube: Data Encryption - CompTIA Security+ SY0-401: 4.4
- YouTube: Hardware-based Encryption - CompTIA Security+ SY0-401: 4.4
- YouTube: States of Data - CompTIA Security+ SY0-401: 4.4
- YouTube: Permissions and ACLs - CompTIA Security+ SY0-401: 4.4
- YouTube: Data Policies - CompTIA Security+ SY0-401: 4.4
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers environmental mitigation.
Objectives and Skills[edit | edit source]
Objectives and skills for the environmental mitigation portion of Security+ certification include:[1]
- Compare and contrast alternative methods to mitigate security risks in static environments.
- Environments
- SCADA
- Embedded (Printer, Smart TV, HVAC control)
- Android
- iOS
- Mainframe
- Game consoles
- In-vehicle computing systems
- Methods
- Network segmentation
- Security layers
- Application firewalls
- Manual updates
- Firmware version control
- Wrappers
- Control redundancy and diversity
- Environments
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Embedded System Security - CompTIA Security+ SY0-401: 4.5
- YouTube: Static OS Environments - CompTIA Security+ SY0-401: 4.5
- YouTube: Mitigating Risk in Static Environments - CompTIA Security+ SY0-401: 4.5
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
Access Control[edit | edit source]
This lesson covers authentication services from CompTIA Security + certification
Objectives and Skills[edit | edit source]
Objectives and skills for the authentication services portion of Security+ certification include:[1]
- Compare and contrast the function and purpose of authentication services.
- RADIUS
- TACACS+
- Kerberos
- LDAP
- XTACACS
- SAML
- Secure LDAP
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: RADIUS and TACACS - CompTIA Security+ SY0-401: 5.1
- YouTube: Kerberos - CompTIA Security+ SY0-401: 5.1
- YouTube: LDAP and Secure LDAP - CompTIA Security+ SY0-401: 5.1
- YouTube: SAML - CompTIA Security+ SY0-401: 5.1
Activities[edit | edit source]
See Also[edit | edit source]
- Single Sign-on (SSO)
- Multi Factor Authentication (MFA)
References[edit | edit source]
This lesson covers authentication and authorization.
Objectives and Skills[edit | edit source]
Objectives and skills for the authentication and authorization of Security+ certification include:[1]
- Given a scenario, select the appropriate authentication, authorization or access control.
- Identification vs. authentication vs. authorization
- Authorization
- Least privilege
- Separation of duties
- ACLs
- Mandatory access
- Discretionary access
- Rule-based access control
- Role-based access control
- Time of day restrictions
- Authentication
- Tokens
- Common access card
- Smart card
- Multifactor authentication
- TOTP
- HOTP
- CHAP
- PAP
- Single sign-on
- Access control
- Implicit deny
- Trusted OS
- Authentication factors
- Something you are
- Something you have
- Something you know
- Somewhere you are
- Something you do
- Identification
- Biometrics
- Personal identification verification card
- Username
- Federation
- Transitive trust/authentication
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Identification, Authentication, and Authorization - CompTIA Security+ SY0-401: 5.2
- YouTube: Authorization and Access Control - CompTIA Security+ SY0-401: 5.2
- YouTube: Single-factor Authentication - CompTIA Security+ SY0-401: 5.2
- YouTube: Multi-factor Authentication - CompTIA Security+ SY0-401: 5.2
- YouTube: One-time Password Algorithms - CompTIA Security+ SY0-401: 5.2
- YouTube: CHAP and PAP - CompTIA Security+ SY0-401: 5.2
- YouTube: Single Sign-on - CompTIA Security+ SY0-401: 5.2
- YouTube: Federation and Transitive Trust - CompTIA Security+ SY0-401: 5.2
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers account management.
Objectives and Skills[edit | edit source]
Objectives and skills for the account management portion of Security+ certification include:[1]
- Install and configure security controls when performing account management, based on best practices.
- Mitigate issues associated with users with multiple account/roles and/or shared accounts
- Account policy enforcement
- Credential management
- Group policy
- Password complexity
- Expiration
- Recovery
- Disablement
- Lockout
- Password history
- Password reuse
- Password length
- Generic account prohibition
- Group based privileges
- User assigned privileges
- User access reviews
- Continuous monitoring
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Roles and Account Credentials - CompTIA Security+ SY0-401: 5.3
- YouTube: Group Policy - CompTIA Security+ SY0-401: 5.3
- YouTube: Managing Password Policies - CompTIA Security+ SY0-401: 5.3
- YouTube: Privileges - CompTIA Security+ SY0-401: 5.3
- YouTube: User Access Reviews and Monitoring - CompTIA Security+ SY0-401: 5.3
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
Cryptography[edit | edit source]
This lesson covers cryptography concepts.
Objectives and Skills[edit | edit source]
Objectives and skills for the cryptography concepts portion of Security+ certification include:[1]
- Given a scenario, utilize general cryptography concepts.
- Symmetric vs. asymmetric
- Session keys
- In-band vs. out-of-band key exchange
- Fundamental differences and encryption methods
- Block vs. stream
- Transport encryption
- Non-repudiation
- Hashing
- Key escrow
- Steganography
- Digital signatures
- Use of proven technologies
- Elliptic curve and quantum cryptography
- Ephemeral key
- Perfect forward secrecy
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Cryptography Overview - CompTIA Security+ SY0-401: 6.1
- YouTube: Symmetric vs. Asymmetric Encryption - CompTIA Security+ SY0-401: 6.1
- YouTube: Public Keys and Private Keys - CompTIA Security+ SY0-401: 6.1
- YouTube: Session Keys - CompTIA Security+ SY0-401: 6.1
- YouTube: Block vs. Stream Ciphers - CompTIA Security+ SY0-401: 6.1
- YouTube: Transport Encryption - CompTIA Security+ SY0-401: 6.1
- YouTube: Non-Repudiation - CompTIA Security+ SY0-401: 6.1
- YouTube: Hashing - CompTIA Security+ SY0-401: 6.1
- YouTube: Key Escrow - CompTIA Security+ SY0-401: 6.1
- YouTube: Steganography - CompTIA Security+ SY0-401: 6.1
- YouTube: Elliptic Curve and Quantum Cryptography - CompTIA Security+ SY0-401: 6.1
- YouTube: Perfect Forward Secrecy - CompTIA Security+ SY0-401: 6.1
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers cryptography methods.
Objectives and Skills[edit | edit source]
Objectives and skills for the cryptography methods portion of Security+ certification include:[1]
- Given a scenario, use appropriate cryptographic methods.
- WEP vs. WPA/WPA2 and preshared key
- MD5
- SHA
- RIPEMD
- AES
- DES
- 3DES
- HMAC
- RSA
- Diffie-Hellman
- RC4
- One-time pads
- NTLM
- NTLMv2
- Blowfish
- PGP/GPG
- TwoFish
- DHE
- ECDHE
- CHAP
- PAP
- Comparative strengths and performance of algorithms
- Use of algorithms/protocols with transport encryption
- SSL
- TLS
- IPSec
- SSH
- HTTPS
- Cipher suites
- Strong vs. weak ciphers
- Key stretching
- PBKDF2
- Bcrypt
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: WEP vs. WPA - CompTIA Security+ SY0-401: 6.2
- YouTube: Cryptographic Hash Functions - CompTIA Security+ SY0-401: 6.2
- YouTube: Symmetric Encryption Ciphers - CompTIA Security+ SY0-401: 6.2
- YouTube: Asymmetric Cryptography Algorithms - CompTIA Security+ SY0-401: 6.2
- YouTube: One-Time Pads - CompTIA Security+ SY0-401: 6.2
- YouTube: NTLM - CompTIA Security+ SY0-401: 6.2
- YouTube: Transport Encryption Algorithms - CompTIA Security+ SY0-401: 6.2
- YouTube: Strong vs. Weak Encryption - CompTIA Security+ SY0-401: 6.2
Activities[edit | edit source]
See Also[edit | edit source]
References[edit | edit source]
This lesson covers public key infrastructure (PKI).
Objectives and Skills[edit | edit source]
Objectives and skills for the PKI portion of Security+ certification include:[1]
- Given a scenario, use appropriate PKI, certificate management and associated components.
- Certificate authorities and digital certificates
- CA
- CRLs
- OCSP
- CSR
- PKI
- Recovery agent
- Public key
- Private key
- Registration
- Key escrow
- Trust models
- Certificate authorities and digital certificates
Readings[edit | edit source]
Multimedia[edit | edit source]
- YouTube: Certificate Authorities - CompTIA Security+ SY0-401: 6.3
- YouTube: Key Revocation - CompTIA Security+ SY0-401: 6.3
- YouTube: Digital Certificates - CompTIA Security+ SY0-401: 6.3
- YouTube: Public Key Infrastructure - CompTIA Security+ SY0-401: 6.3
- YouTube: Key Recovery - CompTIA Security+ SY0-401: 6.3
- YouTube: Public and Private Keys - CompTIA Security+ SY0-401: 6.3
- YouTube: Key Registration - CompTIA Security+ SY0-401: 6.3
- YouTube: Key Escrow - CompTIA Security+ SY0-401: 6.3
- YouTube: Trust Models - CompTIA Security+ SY0-401: 6.3