IT Security/Collection

From Wikiversity
Jump to navigation Jump to search

IT Security

[edit | edit source]

Learning Guide

[edit | edit source]

This learning guide supports the Wikiversity course IT Security, available at http://en.wikiversity.org/wiki/IT_Security.

Overview

[edit | edit source]

IT Security/Collection/Sidebar IT Security is an information technology topic that includes network security, operational security, threats and vulnerabilities, host security, access control, and cryptography.

This course comprises 6 sections and 33 lessons covering IT security. Each lesson includes a combination of Wikipedia readings, YouTube videos, and hands-on learning activities. The course also assists learners in preparing for CompTIA Security+ Certification.

This entire Wikiversity course can be downloaded in book form by selecting Download Learning Guide in the sidebar.

Preparation

[edit | edit source]

This is a fourth-semester, college-level course. Learners should already be familiar with introductory computer concepts, computer support concepts, and computer networking concepts.

Lessons

[edit | edit source]

See Also

[edit | edit source]
[edit | edit source]

References

[edit | edit source]
  • CompTIA: Security+ Certification Exam Objectives - Exam SY0-401
  • CompTIA: Security+ Certification Exam Objectives - Exam SY0-501
  • Ciampa, Mark (2015). CompTIA Security+ Guide to Network Security Fundamentals, 5th Edition. Cengage. ISBN 9781305093911
Educational level: this is a tertiary (university) resource.

Network Security

[edit | edit source]

This lesson covers network device security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the network devices portion of Security+ certification include:[1]

Implement security configuration parameters on network devices and other technologies.
  • Firewalls
  • Routers
  • Switches
  • Load Balancers
  • Proxies
  • Web security gateways
  • VPN concentrators
  • NIDS and NIPS
    • Behavior based
    • Signature based
    • Anomaly based
    • Heuristic
  • Protocol analyzers
  • Spam filter
  • UTM security appliances
    • URL filter
    • Content inspection
    • Malware inspection
  • Web application firewall vs. network firewall
  • Application aware devices
    • Firewalls
    • IPS
    • IDS
    • Proxies

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Routers, Firewalls, and Switches - CompTIA Security+ SY0-401: 1.1
  2. YouTube: Load Balancers and Proxies - CompTIA Security+ SY0-401: 1.1
  3. YouTube: Web Security Gateways and UTMs - CompTIA Security+ SY0-401: 1.1
  4. YouTube: VPN Concentrators - CompTIA Security+ SY0-401: 1.1
  5. YouTube: Application-Aware Security Devices - CompTIA Security+ SY0-401: 1.1

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers network administration security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the network administration portion of Security+ certification include:[1]

Given a scenario, use secure network administration principles.
  • Rule-based management
  • Firewall rules
  • VLAN management
  • Secure router configuration
  • Access control lists
  • Port Security
  • 802.1x
  • Flood guards
  • Loop protection
  • Implicit deny
  • Network separation
  • Log analysis
  • Unified Threat Management

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Firewall Rules - CompTIA Security+ SY0-401: 1.2
  2. YouTube: VLAN Management - CompTIA Security+ SY0-401: 1.2
  3. YouTube: Spanning Tree Protocol and Loop Protection - CompTIA Security+ SY0-401: 1.2
  4. YouTube: Secure Router Configuration - CompTIA Security+ SY0-401: 1.2
  5. YouTube: Access Control Lists - CompTIA Security+ SY0-401: 1.2
  6. YouTube: Port Security and 802.1X - CompTIA Security+ SY0-401: 1.2
  7. YouTube: Flood Guards - CompTIA Security+ SY0-401: 1.2
  8. YouTube: Network Separation - CompTIA Security+ SY0-401: 1.2
  9. YouTube: Log Analysis - CompTIA Security+ SY0-401: 1.2

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers network design security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the network design portion of Security+ certification include:[1]

Explain network design elements and components.
  • DMZ
  • Subnetting
  • VLAN
  • NAT
  • Remote Access
  • Telephony
  • NAC
  • Virtualization
  • Cloud Computing
    • Platform as a Service
    • Software as a Service
    • Infrastructure as a Service
    • Private
    • Public
    • Hybrid
    • Community
  • Layered security / Defense in depth

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: DMZ - CompTIA Security+ SY0-401: 1.3
  2. YouTube: Subnetting the Network - CompTIA Security+ SY0-401: 1.3
  3. YouTube: VLANs - CompTIA Security+ SY0-401: 1.3
  4. YouTube: Network Address Translation - CompTIA Security+ SY0-401: 1.3
  5. YouTube: Remote Access - CompTIA Security+ SY0-401: 1.3
  6. YouTube: Telephony - CompTIA Security+ SY0-401: 1.3
  7. YouTube: Network Access Control - CompTIA Security+ SY0-401: 1.3
  8. YouTube: Virtualization - CompTIA Security+ SY0-401: 1.3
  9. YouTube: Cloud Computing - CompTIA Security+ SY0-401: 1.3
  10. YouTube: Defense in Depth - CompTIA Security+ SY0-401: 1.3

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers network protocols security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the network protocols portion of Security+ certification include:[1]

Given a scenario, implement common protocols and services.
  • Protocols
    • IPSec
    • SNMP
    • SSH
    • DNS
    • TLS
    • SSL
    • TCP/IP
    • FTPS
    • HTTPS
    • SCP
    • ICMP
    • IPv4
    • IPv6
    • iSCSI
    • Fibre Channel
    • FCoE
    • FTP
    • SFTP
    • TFTP
    • TELNET
    • HTTP
    • NetBIOS
    • NTP
  • Ports
    • 21
    • 22
    • 25
    • 53
    • 80
    • 110
    • 123
    • 139
    • 143
    • 443
    • 3389
  • OSI relevance

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: IPv4 and IPv6 - CompTIA Security+ SY0-401: 1.4
  2. YouTube: IPsec - CompTIA Security+ SY0-401: 1.4
  3. YouTube: ICMP and SNMP - CompTIA Security+ SY0-401: 1.4
  4. YouTube: Telnet and SSH - CompTIA Security+ SY0-401: 1.4
  5. YouTube: Transferring Files - CompTIA Security+ SY0-401: 1.4
  6. YouTube: DNS - CompTIA Security+ SY0-401: 1.4
  7. YouTube: HTTPS and TLS/SSL - CompTIA Security+ SY0-401: 1.4
  8. YouTube: Storage Area Networking - CompTIA Security+ SY0-401: 1.4
  9. YouTube: NetBIOS - CompTIA Security+ SY0-401: 1.4
  10. YouTube: Common Network Ports - CompTIA Security+ SY0-401: 1.4
  11. YouTube: Protocols and the OSI Model - CompTIA Security+ SY0-401: 1.4

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers wireless network security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the wireless network portion of Security+ certification include:[1]

Given a scenario, troubleshoot security issues related to wireless networking.
  • WPA
  • WPA2
  • WEP
  • EAP
  • PEAP
  • LEAP
  • MAC filter
  • Disable SSID broadcast
  • TKIP
  • CCMP
  • Antenna Placement
  • Power level controls
  • Captive portals
  • Antenna types
  • Site surveys
  • VPN (over open wireless)

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Wireless Encryption - CompTIA Security+ SY0-401: 1.5
  2. YouTube: EAP, LEAP, and PEAP - CompTIA Security+ SY0-401: 1.5
  3. YouTube: MAC Address Filtering - CompTIA Security+ SY0-401: 1.5
  4. YouTube: SSID Management - CompTIA Security+ SY0-401: 1.5
  5. YouTube: TKIP and CCMP - CompTIA Security+ SY0-401: 1.5
  6. YouTube: Wireless Power and Antenna Placement - CompTIA Security+ SY0-401: 1.5
  7. YouTube: Captive Portals - CompTIA Security+ SY0-401: 1.5
  8. YouTube: Antenna Types - CompTIA Security+ SY0-401: 1.5
  9. YouTube: Site Surveys - CompTIA Security+ SY0-401: 1.5
  10. YouTube: VPN Over Open Wireless Networks - CompTIA Security+ SY0-401: 1.5

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

Operational Security

[edit | edit source]

This lesson covers risk concepts.

Objectives and Skills

[edit | edit source]

Objectives and skills for the risk concepts portion of Security+ certification include:[1]

Explain the importance of risk related concepts.
  • Control types
    • Technical
    • Management
    • Operational
  • False positives
  • False negatives
  • Importance of policies in reducing risk
    • Privacy policy
    • Acceptable use
    • Security policy
    • Mandatory vacations
    • Job rotation
    • Separation of duties
    • Least privilege
  • Risk calculation
    • Likelihood
    • ALE
    • Impact
    • SLE
    • ARO
    • MTTR
    • MTTF
    • MTBF
  • Quantitative vs. qualitative
  • Vulnerabilities
  • Threat vectors
  • Probability / threat likelihood
  • Risk-avoidance, transference, acceptance, mitigation, deterrence
  • Risks associated with Cloud Computing and Virtualization
  • Recovery time objective and recovery point objective

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Control Types - CompTIA Security+ SY0-401: 2.1
  2. YouTube: False Positives and False Negatives - CompTIA Security+ SY0-401: 2.1
  3. YouTube: Reducing Risk with Security Policies - CompTIA Security+ SY0-401: 2.1
  4. YouTube: Calculating Risk - CompTIA Security+ SY0-401: 2.1
  5. YouTube: Quantitative and Qualitative Risk Assessment - CompTIA Security+ SY0-401: 2.1
  6. YouTube: Vulnerabilities, Threat Vectors, and Probability - CompTIA Security+ SY0-401: 2.1
  7. YouTube: Risk Avoidance - CompTIA Security+ SY0-401: 2.1
  8. YouTube: Risks with Cloud Computing and Virtualization - CompTIA Security+ SY0-401: 2.1
  9. YouTube: Recovery Time Objectives - CompTIA Security+ SY0-401: 2.1

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers systems integration security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the systems integration portion of Security+ certification include:[1]

Summarize the security implications of integrating systems and data with third parties.
  • On-boarding/off-boarding business partners
  • Social media networks and/or applications
  • Interoperability agreements
    • SLA
    • BPA
    • MOU
    • ISA
  • Privacy considerations
  • Risk awareness
  • Unauthorized data sharing
  • Data ownership
  • Data backups
  • Follow security policy and procedures
  • Review agreement requirements to verify compliance and performance standards

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: On-boarding and Off-boarding Business Partners - CompTIA Security+ SY0-401: 2.2
  2. YouTube: Security Implications of Social Media - CompTIA Security+ SY0-401: 2.2
  3. YouTube: Interoperability Agreements - CompTIA Security+ SY0-401: 2.2
  4. YouTube: Privacy Considerations and Data Ownership with Third Parties - CompTIA Security+ SY0-401: 2.2
  5. YouTube: Risk Awareness with Third Parties - CompTIA Security+ SY0-401: 2.2
  6. YouTube: Data Ownership and Unauthorized Data Sharing - CompTIA Security+ SY0-401: 2.2
  7. YouTube: Data Backups with Third Parties - CompTIA Security+ SY0-401: 2.2
  8. YouTube: Security Policy Considerations with Third Parties - CompTIA Security+ SY0-401: 2.2
  9. YouTube: Third-Party Security Compliance - CompTIA Security+ SY0-401: 2.2

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers risk mitigation.

Objectives and Skills

[edit | edit source]

Objectives and skills for the risk mitigation portion of Security+ certification include:[1]

Given a scenario, implement appropriate risk mitigation strategies.
  • Change management
  • Incident management
  • User rights and permissions reviews
  • Perform routine audits
  • Enforce policies and procedures to prevent data loss or theft
  • Enforce technology controls
    • Data Loss Prevention (DLP)

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Change Management - CompTIA Security+ SY0-401: 2.3
  2. YouTube: Incident Management - CompTIA Security+ SY0-401: 2.3
  3. YouTube: User Rights and Permissions - CompTIA Security+ SY0-401: 2.3
  4. YouTube: Security Audits - CompTIA Security+ SY0-401: 2.3
  5. YouTube: Data Loss and Theft Policies - CompTIA Security+ SY0-401: 2.3
  6. YouTube: Data Loss Prevention - CompTIA Security+ SY0-401: 2.3

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers forensics procedures.

Objectives and Skills

[edit | edit source]

Objectives and skills for the forensics procedures portion of Security+ certification include:[1]

Given a scenario, implement basic forensic procedures.
  • Order of volatility
  • Capture system image
  • Network traffic and logs
  • Capture video
  • Record time offset
  • Take hashes
  • Screenshots
  • Witnesses
  • Track man hours and expense
  • Chain of custody
  • Big Data analysis

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Order of Volatility - CompTIA Security+ SY0-401: 2.4
  2. YouTube: Capturing System Images - CompTIA Security+ SY0-401: 2.4
  3. YouTube: Capturing Network Traffic and Logs - CompTIA Security+ SY0-401: 2.4
  4. YouTube: Capturing Video - CompTIA Security+ SY0-401: 2.4
  5. YouTube: Recording Time Offsets - CompTIA Security+ SY0-401: 2.4
  6. YouTube: Taking Hashes - CompTIA Security+ SY0-401: 2.4
  7. YouTube: Taking Screenshots - CompTIA Security+ SY0-401: 2.4
  8. YouTube: Interviewing Witnesses - CompTIA Security+ SY0-401: 2.4
  9. YouTube: Tracking Man-Hours and Expenses - CompTIA Security+ SY0-401: 2.4
  10. YouTube: Chain of Custody - CompTIA Security+ SY0-401: 2.4
  11. YouTube: Big Data Analysis - CompTIA Security+ SY0-401: 2.4

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers incident response.

Objectives and Skills

[edit | edit source]

Objectives and skills for the incident response portion of Security+ certification include:[1]

Summarize common incident response procedures.
  • Preparation
  • Incident identification
  • Escalation and notification
  • Mitigation steps
  • Lessons learned
  • Reporting
  • Recovery/reconstitution procedures
  • First responder
  • Incident isolation
    • Quarantine
    • Device removal
  • Data breach
  • Damage and loss control

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Preparing for an Incident - CompTIA Security+ SY0-401: 2.5
  2. YouTube: Incident Identification - CompTIA Security+ SY0-401: 2.5
  3. YouTube: Incident Escalation and Notification - CompTIA Security+ SY0-401: 2.5
  4. YouTube: Incident Mitigation and Isolation - CompTIA Security+ SY0-401: 2.5
  5. YouTube: Lessons Learned from Incidents - CompTIA Security+ SY0-401: 2.5
  6. YouTube: Incident Reporting - CompTIA Security+ SY0-401: 2.5
  7. YouTube: Incident Recovery and Reconstitution - CompTIA Security+ SY0-401: 2.5
  8. YouTube: First Responder - CompTIA Security+ SY0-401: 2.5
  9. YouTube: Data Breaches - CompTIA Security+ SY0-401: 2.5
  10. YouTube: Incident Damage and Loss Control - CompTIA Security+ SY0-401: 2.5

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers security training.

Objectives and Skills

[edit | edit source]

Objectives and skills for the security training portion of Security+ certification include:[1]

Explain the importance of security related awareness and training.
  • Security policy training and procedures
  • Role-based training
  • Personally identifiable information
  • Information classification
    • High
    • Medium
    • Low
    • Confidential
    • Private
    • Public
  • Data labeling, handling and disposal
  • Compliance with laws, best practices and standards
  • User habits
    • Password behaviors
    • Data handling
    • Clean desk policies
    • Prevent tailgating
    • Personally owned devices
  • New threats and new security trends/alerts
    • New viruses
    • Phishing attacks
    • Zero-day exploits
  • Use of social networking and P2P
  • Follow up and gather training metrics to validate compliance and security posture

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Security Policy Training and Procedures - CompTIA Security+ SY0-401: 2.6
  2. YouTube: Personally Identifiable Information - CompTIA Security+ SY0-401: 2.6
  3. YouTube: Information Classification - CompTIA Security+ SY0-401: 2.6
  4. YouTube: Data Labeling, Handling, and Disposal - CompTIA Security+ SY0-401: 2.6
  5. YouTube: Compliance Best-Practices and Standards - CompTIA Security+ SY0-401: 2.6
  6. YouTube: User Habits - CompTIA Security+ SY0-401: 2.6
  7. YouTube: New Threats and Security Trends - CompTIA Security+ SY0-401: 2.6
  8. YouTube: Social Networking and Peer-to-Peer Security - CompTIA Security+ SY0-401: 2.6
  9. YouTube: Gathering Training Metrics - CompTIA Security+ SY0-401: 2.6

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers physical security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the physical security portion of Security+ certification include:[1]

Compare and contrast physical security and environmental controls.
  • Environmental controls
    • HVAC
    • Fire suppression
    • EMI shielding
    • Hot and cold aisles
    • Environmental monitoring
    • Temperature and humidity controls
  • Physical security
    • Hardware locks
    • Mantraps
    • Video Surveillance
    • Fencing
    • Proximity readers
    • Access list
    • Proper lighting
    • Signs
    • Guards
    • Barricades
    • Biometrics
    • Protected distribution (cabling)
    • Alarms
    • Motion detection
  • Control types
    • Deterrent
    • Preventive
    • Detective
    • Compensating
    • Technical
    • Administrative

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: HVAC, Temperature, and Humidity Controls - CompTIA Security+ SY0-401: 2.7
  2. YouTube: Fire Suppression - CompTIA Security+ SY0-401: 2.7
  3. YouTube: EMI Shielding - CompTIA Security+ SY0-401: 2.7
  4. YouTube: Hot and Cold Aisles - CompTIA Security+ SY0-401: 2.7
  5. YouTube: Environmental Monitoring - CompTIA Security+ SY0-401: 2.7
  6. YouTube: Physical Security - CompTIA Security+ SY0-401: 2.7
  7. YouTube: Physical Security Control Types - CompTIA Security+ SY0-401: 2.7

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers risk management best practices.

Objectives and Skills

[edit | edit source]

Objectives and skills for the risk management best practies portion of Security+ certification include:[1]

Summarize risk management best practices.
  • Business continuity concepts
    • Business impact analysis
    • Identification of critical systems and components
    • Removing single points of failure
    • Business continuity planning and testing
    • Risk assessment
    • Continuity of operations
    • Disaster recovery
    • IT contingency planning
    • Succession planning
    • High availability
    • Redundancy
    • Tabletop exercises
  • Fault tolerance
    • Hardware
    • RAID: software (mdadm) or hardware
    • Clustering
    • Load balancing
    • Servers
  • Disaster recovery concepts
    • Backup plans/policies
    • Backup execution/frequency
    • Cold site
    • Hot site
    • Warm site

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Business Impact Analysis - CompTIA Security+ SY0-401: 2.8
  2. YouTube: Critical Systems and Components - CompTIA Security+ SY0-401: 2.8
  3. YouTube: Redundancy and Single Points of Failure - CompTIA Security+ SY0-401: 2.8
  4. YouTube: Continuity of Operations - CompTIA Security+ SY0-401: 2.8
  5. YouTube: Disaster Recovery Planning and Testing - CompTIA Security+ SY0-401: 2.8
  6. YouTube: IT Contingency Planning - CompTIA Security+ SY0-401: 2.8
  7. YouTube: Succession Planning - CompTIA Security+ SY0-401: 2.8
  8. YouTube: Tabletop Exercises - CompTIA Security+ SY0-401: 2.8
  9. YouTube: Redundancy, Fault Tolerance, and High Availability - CompTIA Security+ SY0-401: 2.8
  10. YouTube: Cold Site, Hot Site, and Warm Site - CompTIA Security+ SY0-401: 2.8

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers security controls.

Objectives and Skills

[edit | edit source]

Objectives and skills for the security controls portion of Security+ certification include:[1]

Given a scenario, select the appropriate control to meet the goals of security.
  • Confidentiality
    • Encryption
    • Access controls
    • Steganography
  • Integrity
    • Hashing
    • Digital signatures
    • Certificates
    • Non-repudiation
  • Availability
    • Redundancy
    • Fault tolerance
    • Patching
  • Safety
    • Fencing
    • Lighting
    • Locks
    • CCTV
    • Escape plans
    • Drills
    • Escape routes
    • Testing controls

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Confidentiality, Integrity, Availability, and Safety - CompTIA Security+ SY0-401: 2.9

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

Threats

[edit | edit source]

This lesson covers malware.

Objectives and Skills

[edit | edit source]

Objectives and skills for the malware portion of Security+ certification include:[1]

Explain types of malware.
  • Adware
  • Virus
  • Spyware
  • Trojan
  • Rootkits
  • Backdoors
  • Logic bomb
  • Botnets
  • Ransomware
  • Polymorphic malware
  • Armored virus

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Malware Overview - CompTIA Security+ SY0-401: 3.1
  2. YouTube: Viruses and Worms - CompTIA Security+ SY0-401: 3.1
  3. YouTube: Adware and Spyware - CompTIA Security+ SY0-401: 3.1
  4. YouTube: Trojans and Backdoors - CompTIA Security+ SY0-401: 3.1
  5. YouTube: Rootkits - CompTIA Security+ SY0-401: 3.1
  6. YouTube: Logic Bombs - CompTIA Security+ SY0-401: 3.1
  7. YouTube: Botnets - CompTIA Security+ SY0-401: 3.1
  8. YouTube: Ransomware - CompTIA Security+ SY0-401: 3.1
  9. YouTube: Polymorphic Malware - CompTIA Security+ SY0-401: 3.1
  10. YouTube: Armored Virus - CompTIA Security+ SY0-401: 3.1

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers attacks.

Objectives and Skills

[edit | edit source]

Objectives and skills for the attacks portion of Security+ certification include:[1]

Summarize various types of attacks.
  • Man-in-the-middle
  • DDoS
  • DoS
  • Replay
  • Smurf attack
  • Spoofing
  • Spam
  • Phishing
  • Spim
  • Vishing
  • Spear phishing
  • Xmas attack
  • Pharming
  • Privilege escalation
  • Malicious insider threat
  • DNS poisoning and ARP poisoning
  • Transitive access
  • Client-side attacks
  • Password attacks
    • Brute force
    • Dictionary attacks
    • Hybrid
    • Birthday attacks
    • Rainbow tables
  • Typo squatting/URL hijacking
  • Watering hole attack

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Man-in-the-Middle Attacks - CompTIA Security+ SY0-401: 3.2
  2. YouTube: Denial of Service - CompTIA Security+ SY0-401: 3.2
  3. YouTube: Replay Attacks - CompTIA Security+ SY0-401: 3.2
  4. YouTube: Spoofing - CompTIA Security+ SY0-401: 3.2
  5. YouTube: Spam - CompTIA Security+ SY0-401: 3.2
  6. YouTube: Phishing - CompTIA Security+ SY0-401: 3.2
  7. YouTube: Vishing - CompTIA Security+ SY0-401: 3.2
  8. YouTube: Christmas Tree Attack - CompTIA Security+ SY0-401: 3.2
  9. YouTube: Privilege Escalation - CompTIA Security+ SY0-401: 3.2
  10. YouTube: Insider Threats - CompTIA Security+ SY0-401: 3.2
  11. YouTube: Transitive and Client-side Attacks - CompTIA Security+ SY0-401: 3.2
  12. YouTube: Password Attacks - CompTIA Security+ SY0-401: 3.2
  13. YouTube: URL Hijacking - CompTIA Security+ SY0-401: 3.2
  14. YouTube: Watering Hole Attack - CompTIA Security+ SY0-401: 3.2

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers social engineering.

Objectives and Skills

[edit | edit source]

Objectives and skills for the social engineering portion of Security+ certification include:[1]

Summarize social engineering attacks and the associated effectiveness with each attack.
  • Shoulder surfing
  • Dumpster diving
  • Tailgating
  • Impersonation
  • Hoaxes
  • Whaling
  • Vishing
  • Principles (reasons for effectiveness)
    • Authority
    • Intimidation
    • Consensus/Social proof
    • Scarcity
    • Urgency
    • Familiarity/liking
    • Trust

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Shoulder Surfing - CompTIA Security+ SY0-401: 3.3
  2. YouTube: Dumpster Diving - CompTIA Security+ SY0-401: 3.3
  3. YouTube: Tailgating - CompTIA Security+ SY0-401: 3.3
  4. YouTube: Impersonation - CompTIA Security+ SY0-401: 3.3
  5. YouTube: Hoaxes - CompTIA Security+ SY0-401: 3.3
  6. YouTube: Whaling - CompTIA Security+ SY0-401: 3.3
  7. YouTube: The Effectiveness of Social Engineering - CompTIA Security+ SY0-401: 3.3

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers wireless attacks.

Objectives and Skills

[edit | edit source]

Objectives and skills for the wireless attacks portion of Security+ certification include:[1]

Explain types of wireless attacks.
  • Rogue access points
  • Jamming/Interference
  • Evil twin
  • War driving
  • Bluejacking
  • Bluesnarfing
  • War chalking
  • IV attack
  • Packet sniffing
  • Near field communication
  • Replay attacks
  • WEP/WPA attacks
  • WPS attacks

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Rogue Access Points and Evil Twins - CompTIA Security+ SY0-401: 3.4
  2. YouTube: Wireless Interference - CompTIA Security+ SY0-401: 3.4
  3. YouTube: Wardriving and Warchalking - CompTIA Security+ SY0-401: 3.4
  4. YouTube: Bluejacking and Bluesnarfing - CompTIA Security+ SY0-401: 3.4
  5. YouTube: Wireless IV Attacks - CompTIA Security+ SY0-401: 3.4
  6. YouTube: Wireless Packet Analysis - CompTIA Security+ SY0-401: 3.4
  7. YouTube: Near Field Communication - CompTIA Security+ SY0-401: 3.4
  8. YouTube: Wireless Replay and WEP Attacks - CompTIA Security+ SY0-401: 3.4
  9. YouTube: WPA Attacks - CompTIA Security+ SY0-401: 3.4
  10. YouTube: WPS Attacks - CompTIA Security+ SY0-401: 3.4

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers application attacks.

Objectives and Skills

[edit | edit source]

Objectives and skills for the application attacks portion of Security+ certification include:[1]

Explain types of application attacks.
  • Cross-site scripting
  • SQL injection
  • LDAP injection
  • XML injection
  • Directory traversal/command injection
  • Buffer overflow
  • Integer overflow
  • Zero-day
  • Cookies and attachments
  • LSO (Locally Shared Objects)
  • Flash Cookies
  • Malicious add-ons
  • Session hijacking
  • Header manipulation
  • Arbitrary code execution / remote code execution

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Cross-Site Scripting - CompTIA Security+ SY0-401: 3.5
  2. YouTube: SQL Injection, XML Injection, and LDAP Injection - CompTIA Security+ SY0-401: 3.5
  3. YouTube: Directory Traversal and Command Injection - CompTIA Security+ SY0-401: 3.5
  4. YouTube: Buffer Overflows and Integer Overflows - CompTIA Security+ SY0-401: 3.5
  5. YouTube: Zero-Day Attacks - CompTIA Security+ SY0-401: 3.5
  6. YouTube: Cookies, Header Manipulation, and Session Hijacking - CompTIA Security+ SY0-401: 3.5
  7. YouTube: Locally Shared Objects and Flash Cookies - CompTIA Security+ SY0-401: 3.5
  8. YouTube: Malicious Add-ons and Attachments - CompTIA Security+ SY0-401: 3.5
  9. YouTube: Arbitrary and Remote Code Execution - CompTIA Security+ SY0-401: 3.5

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers threat mitigation.

Objectives and Skills

[edit | edit source]

Objectives and skills for the threat mitigation portion of Security+ certification include:[1]

Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.
  • Monitoring system logs
    • Event logs
    • Audit logs
    • Security logs
    • Access logs
  • Hardening
    • Disabling unnecessary services
    • Protecting management interfaces and applications
    • Password protection
    • Disabling unnecessary accounts
  • Network security
    • MAC limiting and filtering
    • 802.1x
    • Disabling unused interfaces and unused application service ports
    • Rogue machine detection
  • Security posture
    • Initial baseline configuration
    • Continuous security monitoring
    • Remediation
  • Reporting
    • Alarms
    • Alerts
    • Trends
  • Detection controls vs. prevention controls

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Monitoring System Logs - CompTIA Security+ SY0-401: 3.6
  2. YouTube: Operating System Hardening - CompTIA Security+ SY0-401: 3.6
  3. YouTube: Physical Port Security - CompTIA Security+ SY0-401: 3.6
  4. YouTube: Security Posture - CompTIA Security+ SY0-401: 3.6
  5. YouTube: Reporting - CompTIA Security+ SY0-401: 3.6
  6. YouTube: Detection vs. Prevention - CompTIA Security+ SY0-401: 3.6

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers security tools.

Objectives and Skills

[edit | edit source]

Objectives and skills for the security tools portion of Security+ certification include:[1]

Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.
  • Interpret results of security assessment tools
  • Tools
    • Protocol analyzer
    • Vulnerability scanner
    • Honeypots
    • Honeynets
    • Port scanner
    • Passive vs. active tools
    • Banner grabbing
  • Risk calculations
    • Threat vs. likelihood
  • Assessment types
    • Risk
    • Threat
    • Vulnerability
  • Assessment technique
    • Baseline reporting
    • Code review
    • Determine attack surface
    • Review architecture
    • Review designs

Readings

[edit | edit source]
  1. Wikipedia: Vulnerability Scanner and related articles.

Multimedia

[edit | edit source]
  1. YouTube: Vulnerability Scanning Overview - CompTIA Security+ SY0-401: 3.7
  2. YouTube: Assessment Tools - CompTIA Security+ SY0-401: 3.7
  3. YouTube: Assessment Types - CompTIA Security+ SY0-401: 3.7
  4. YouTube: Assessment Techniques - CompTIA Security+ SY0-401: 3.7

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers security testing.

Objectives and Skills

[edit | edit source]

Objectives and skills for the security testing portion of Security+ certification include:[1]

Explain the proper use of penetration testing versus vulnerability scanning.
  • Penetration testing<ref>
    • Verify a threat exists
    • Bypass security controls
    • Actively test security controls
    • Exploiting vulnerabilities
  • Vulnerability scanning
    • Passively testing security controls
    • Identify vulnerability
    • Identify lack of security controls
    • Identify common misconfigurations
    • Intrusive vs. non-intrusive
    • Credentialed vs. non-credentialed
    • False positive
  • Black box
  • White box
  • Gray box

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Penetration Testing - CompTIA Security+ SY0-401: 3.8
  2. YouTube: Vulnerability Scanning - CompTIA Security+ SY0-401: 3.8

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

Host Security

[edit | edit source]

This lesson covers application security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the application security portion of Security+ certification include:[1]

Explain the importance of application security controls and techniques.
  • Fuzzing
  • Secure coding concepts
    • Error and exception handling
    • Input validation
  • Cross-site scripting prevention
  • Cross-site Request Forgery (XSRF) prevention
  • Application configuration baseline (proper settings)
  • Application hardening
  • Application patch management
  • NoSQL databases vs. SQL databases
  • Server-side vs. Client-side validation

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Fuzzing - CompTIA Security+ SY0-401: 4.1
  2. YouTube: Secure Coding Concepts - CompTIA Security+ SY0-401: 4.1
  3. YouTube: Application Configuration Baselining and Hardening - CompTIA Security+ SY0-401: 4.1
  4. YouTube: Application Patch Management - CompTIA Security+ SY0-401: 4.1
  5. YouTube: SQL and NoSQL Databases - CompTIA Security+ SY0-401: 4.1
  6. YouTube: Server-side vs. Client-side Validation - CompTIA Security+ SY0-401: 4.1

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers mobile security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the mobile security portion of Security+ certification include:[1]

Summarize mobile security concepts and technologies.
  • Device security
    • Full device encryption
    • Remote wiping
    • Lockout
    • Screen-locks
    • GPS
    • Application control
    • Storage segmentation
    • Asset tracking
    • Inventory control
    • Mobile device management
    • Device access control
    • Removable storage
    • Disabling unused features
  • Application security
    • Key management
    • Credential management
    • Authentication
    • Geo-tagging
    • Encryption
    • Application whitelisting
    • Transitive trust/authentication
  • BYOD concerns
    • Data ownership
    • Support ownership
    • Patch management
    • Antivirus management
    • Forensics
    • Privacy
    • On-boarding/off-boarding
    • Adherence to corporate policies
    • User acceptance
    • Architecture/infrastructure considerations
    • Legal concerns
    • Acceptable use policy
    • On-board camera/video

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Mobile Device Security - CompTIA Security+ SY0-401: 4.2
  2. YouTube: Mobile Application Security - CompTIA Security+ SY0-401: 4.2
  3. YouTube: Mobile BYOD Concerns - CompTIA Security+ SY0-401: 4.2

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers host security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the host security portion of Security+ certification include:[1]

Given a scenario, select the appropriate solution to establish host security.
  • Operating system security and settings
  • OS hardening
  • Anti-malware
    • Antivirus
    • Anti-spam
    • Anti-spyware
    • Pop-up blockers
  • Patch management
  • White listing vs. black listing applications
  • Trusted OS
  • Host-based firewalls
  • Host-based intrusion detection
  • Hardware security
    • Cable locks
    • Safe
    • Locking cabinets
  • Host software baselining
  • Virtualization
    • Snapshots
    • Patch compatibility
    • Host availability/elasticity
    • Security control testing
    • Sandboxing

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Operating System Security and Settings - CompTIA Security+ SY0-401: 4.3
  2. YouTube: Anti-Malware - CompTIA Security+ SY0-401: 4.3
  3. YouTube: Patch Management - CompTIA Security+ SY0-401: 4.3
  4. YouTube: White Listing and Black Listing Applications - CompTIA Security+ SY0-401: 4.3
  5. YouTube: Trusted Operating Systems - CompTIA Security+ SY0-401: 4.3
  6. YouTube: Host-based Security - CompTIA Security+ SY0-401: 4.3
  7. YouTube: Hardware Security - CompTIA Security+ SY0-401: 4.3
  8. YouTube: Host Software Baselining - CompTIA Security+ SY0-401: 4.3
  9. YouTube: Virtualization Security - CompTIA Security+ SY0-401: 4.3

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers data security.

Objectives and Skills

[edit | edit source]

Objectives and skills for the data security portion of Security+ certification include:[1]

Implement the appropriate controls to ensure data security.
  • Cloud storage
  • SAN
  • Handling Big Data
  • Data encryption
    • Full disk
    • Database
    • Individual files
    • Removable media
    • Mobile devices
  • Hardware based encryption devices
    • TPM
    • HSM
    • USB encryption
    • Hard drive
  • Data in-transit, Data at-rest, Data in-use
  • Permissions/ACL
  • Data policies
    • Wiping
    • Disposing
    • Retention
    • Storage

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Cloud and SAN Storage Data Security - CompTIA Security+ SY0-401: 4.4
  2. YouTube: Data Encryption - CompTIA Security+ SY0-401: 4.4
  3. YouTube: Hardware-based Encryption - CompTIA Security+ SY0-401: 4.4
  4. YouTube: States of Data - CompTIA Security+ SY0-401: 4.4
  5. YouTube: Permissions and ACLs - CompTIA Security+ SY0-401: 4.4
  6. YouTube: Data Policies - CompTIA Security+ SY0-401: 4.4

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers environmental mitigation.

Objectives and Skills

[edit | edit source]

Objectives and skills for the environmental mitigation portion of Security+ certification include:[1]

Compare and contrast alternative methods to mitigate security risks in static environments.
  • Environments
    • SCADA
    • Embedded (Printer, Smart TV, HVAC control)
    • Android
    • iOS
    • Mainframe
    • Game consoles
    • In-vehicle computing systems
  • Methods
    • Network segmentation
    • Security layers
    • Application firewalls
    • Manual updates
    • Firmware version control
    • Wrappers
    • Control redundancy and diversity

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Embedded System Security - CompTIA Security+ SY0-401: 4.5
  2. YouTube: Static OS Environments - CompTIA Security+ SY0-401: 4.5
  3. YouTube: Mitigating Risk in Static Environments - CompTIA Security+ SY0-401: 4.5

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

Access Control

[edit | edit source]

This lesson covers authentication services from CompTIA Security + certification

Objectives and Skills

[edit | edit source]

Objectives and skills for the authentication services portion of Security+ certification include:[1]

Compare and contrast the function and purpose of authentication services.
  • RADIUS
  • TACACS+
  • Kerberos
  • LDAP
  • XTACACS
  • SAML
  • Secure LDAP

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: RADIUS and TACACS - CompTIA Security+ SY0-401: 5.1
  2. YouTube: Kerberos - CompTIA Security+ SY0-401: 5.1
  3. YouTube: LDAP and Secure LDAP - CompTIA Security+ SY0-401: 5.1
  4. YouTube: SAML - CompTIA Security+ SY0-401: 5.1

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers authentication and authorization.

Objectives and Skills

[edit | edit source]

Objectives and skills for the authentication and authorization of Security+ certification include:[1]

Given a scenario, select the appropriate authentication, authorization or access control.
  • Identification vs. authentication vs. authorization
  • Authorization
    • Least privilege
    • Separation of duties
    • ACLs
    • Mandatory access
    • Discretionary access
    • Rule-based access control
    • Role-based access control
    • Time of day restrictions
  • Authentication
    • Tokens
    • Common access card
    • Smart card
    • Multifactor authentication
    • TOTP
    • HOTP
    • CHAP
    • PAP
    • Single sign-on
    • Access control
    • Implicit deny
    • Trusted OS
  • Authentication factors
    • Something you are
    • Something you have
    • Something you know
    • Somewhere you are
    • Something you do
  • Identification
    • Biometrics
    • Personal identification verification card
    • Username
  • Federation
  • Transitive trust/authentication

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Identification, Authentication, and Authorization - CompTIA Security+ SY0-401: 5.2
  2. YouTube: Authorization and Access Control - CompTIA Security+ SY0-401: 5.2
  3. YouTube: Single-factor Authentication - CompTIA Security+ SY0-401: 5.2
  4. YouTube: Multi-factor Authentication - CompTIA Security+ SY0-401: 5.2
  5. YouTube: One-time Password Algorithms - CompTIA Security+ SY0-401: 5.2
  6. YouTube: CHAP and PAP - CompTIA Security+ SY0-401: 5.2
  7. YouTube: Single Sign-on - CompTIA Security+ SY0-401: 5.2
  8. YouTube: Federation and Transitive Trust - CompTIA Security+ SY0-401: 5.2

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers account management.

Objectives and Skills

[edit | edit source]

Objectives and skills for the account management portion of Security+ certification include:[1]

Install and configure security controls when performing account management, based on best practices.
  • Mitigate issues associated with users with multiple account/roles and/or shared accounts
  • Account policy enforcement
    • Credential management
    • Group policy
    • Password complexity
    • Expiration
    • Recovery
    • Disablement
    • Lockout
    • Password history
    • Password reuse
    • Password length
    • Generic account prohibition
  • Group based privileges
  • User assigned privileges
  • User access reviews
  • Continuous monitoring

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Roles and Account Credentials - CompTIA Security+ SY0-401: 5.3
  2. YouTube: Group Policy - CompTIA Security+ SY0-401: 5.3
  3. YouTube: Managing Password Policies - CompTIA Security+ SY0-401: 5.3
  4. YouTube: Privileges - CompTIA Security+ SY0-401: 5.3
  5. YouTube: User Access Reviews and Monitoring - CompTIA Security+ SY0-401: 5.3

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

Cryptography

[edit | edit source]

This lesson covers cryptography concepts.

Objectives and Skills

[edit | edit source]

Objectives and skills for the cryptography concepts portion of Security+ certification include:[1]

Given a scenario, utilize general cryptography concepts.
  • Symmetric vs. asymmetric
  • Session keys
  • In-band vs. out-of-band key exchange
  • Fundamental differences and encryption methods
    • Block vs. stream
  • Transport encryption
  • Non-repudiation
  • Hashing
  • Key escrow
  • Steganography
  • Digital signatures
  • Use of proven technologies
  • Elliptic curve and quantum cryptography
  • Ephemeral key
  • Perfect forward secrecy

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Cryptography Overview - CompTIA Security+ SY0-401: 6.1
  2. YouTube: Symmetric vs. Asymmetric Encryption - CompTIA Security+ SY0-401: 6.1
  3. YouTube: Public Keys and Private Keys - CompTIA Security+ SY0-401: 6.1
  4. YouTube: Session Keys - CompTIA Security+ SY0-401: 6.1
  5. YouTube: Block vs. Stream Ciphers - CompTIA Security+ SY0-401: 6.1
  6. YouTube: Transport Encryption - CompTIA Security+ SY0-401: 6.1
  7. YouTube: Non-Repudiation - CompTIA Security+ SY0-401: 6.1
  8. YouTube: Hashing - CompTIA Security+ SY0-401: 6.1
  9. YouTube: Key Escrow - CompTIA Security+ SY0-401: 6.1
  10. YouTube: Steganography - CompTIA Security+ SY0-401: 6.1
  11. YouTube: Elliptic Curve and Quantum Cryptography - CompTIA Security+ SY0-401: 6.1
  12. YouTube: Perfect Forward Secrecy - CompTIA Security+ SY0-401: 6.1

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers cryptography methods.

Objectives and Skills

[edit | edit source]

Objectives and skills for the cryptography methods portion of Security+ certification include:[1]

Given a scenario, use appropriate cryptographic methods.
  • WEP vs. WPA/WPA2 and preshared key
  • MD5
  • SHA
  • RIPEMD
  • AES
  • DES
  • 3DES
  • HMAC
  • RSA
  • Diffie-Hellman
  • RC4
  • One-time pads
  • NTLM
  • NTLMv2
  • Blowfish
  • PGP/GPG
  • TwoFish
  • DHE
  • ECDHE
  • CHAP
  • PAP
  • Comparative strengths and performance of algorithms
  • Use of algorithms/protocols with transport encryption
    • SSL
    • TLS
    • IPSec
    • SSH
    • HTTPS
  • Cipher suites
    • Strong vs. weak ciphers
  • Key stretching
    • PBKDF2
    • Bcrypt

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: WEP vs. WPA - CompTIA Security+ SY0-401: 6.2
  2. YouTube: Cryptographic Hash Functions - CompTIA Security+ SY0-401: 6.2
  3. YouTube: Symmetric Encryption Ciphers - CompTIA Security+ SY0-401: 6.2
  4. YouTube: Asymmetric Cryptography Algorithms - CompTIA Security+ SY0-401: 6.2
  5. YouTube: One-Time Pads - CompTIA Security+ SY0-401: 6.2
  6. YouTube: NTLM - CompTIA Security+ SY0-401: 6.2
  7. YouTube: Transport Encryption Algorithms - CompTIA Security+ SY0-401: 6.2
  8. YouTube: Strong vs. Weak Encryption - CompTIA Security+ SY0-401: 6.2

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]

This lesson covers public key infrastructure (PKI).

Objectives and Skills

[edit | edit source]

Objectives and skills for the PKI portion of Security+ certification include:[1]

Given a scenario, use appropriate PKI, certificate management and associated components.
  • Certificate authorities and digital certificates
    • CA
    • CRLs
    • OCSP
    • CSR
  • PKI
  • Recovery agent
  • Public key
  • Private key
  • Registration
  • Key escrow
  • Trust models

Readings

[edit | edit source]

Multimedia

[edit | edit source]
  1. YouTube: Certificate Authorities - CompTIA Security+ SY0-401: 6.3
  2. YouTube: Key Revocation - CompTIA Security+ SY0-401: 6.3
  3. YouTube: Digital Certificates - CompTIA Security+ SY0-401: 6.3
  4. YouTube: Public Key Infrastructure - CompTIA Security+ SY0-401: 6.3
  5. YouTube: Key Recovery - CompTIA Security+ SY0-401: 6.3
  6. YouTube: Public and Private Keys - CompTIA Security+ SY0-401: 6.3
  7. YouTube: Key Registration - CompTIA Security+ SY0-401: 6.3
  8. YouTube: Key Escrow - CompTIA Security+ SY0-401: 6.3
  9. YouTube: Trust Models - CompTIA Security+ SY0-401: 6.3

Activities

[edit | edit source]

See Also

[edit | edit source]

References

[edit | edit source]