Category
Security
Description
Security+ opens the door to a career in cybersecurity!
CompTIA Security+ is a global certification that validates the fundamental skills required to perform core security functions and pursue a career in IT security.
Course Content
28 MODULEs • 3 months total length
Overview of Security • CIA Triad • AAA of Security • Security Threats • Mitigating Threats • Hackers • Threat Actors • Threat intelligence and sources • Threat Hunting • Attack Frameworks
Malware • Viruses • Worms • Trojans • Ransomware • Spyware • Rootkits • Spam
Malware Infections • Common delivery methods • Phishing • Botnets and Zombies • Active Interception and Privilege Escalations • Privilege Escalation • Backdoors and Logic Bombs • Symptoms of Infection • Removing Malware • Preventing Malware • Malware Exploitation
Security Applications and Devices • Software Firewalls • Software Firewalls • IDS • Pop-up Blockers • Data Loss Prevention (DLP) • Securing the BIOS • Securing Storage Devices • Disk Encryption • Endpoint Analysis
Mobile Device Security • Securing Wireless Devices • Mobile Malware • SIM Cloning & ID Theft • Bluetooth Attacks • Mobile Device Theft • Security of Apps • BYOD • Hardening Mobile Devices
Hardening • Unnecessary Applications • Restricting Applications • Demo: Unnecessary Services • Trusted Operating System • Updates and Patches • Patch Management • Group Policies • Demo: Group Policies • File Systems and Hard Drives
Supply Chain Assessment • Root of Trust • Trusted Firmware • Secure Processing
Virtualization • Hypervisors • Demo: How to create a VM • Threats to VMs • Securing VMs
Application Security • Web Browser Security • Web Browser Concerns • Demo: Web Browser Configuration • Securing Applications
Software Development • SDLC Principles • Testing Methods • Software Vulnerabilities and Exploits • Buffer Overflows • Demo: Buffer Overflow Attack • XSS and XSRF • SQL Injection • Demo: SQL Injection • XML Vulnerabilities • Race Conditions • Design Vulnerabilities
Network Security • The OSI Model • Switches • Routers • Network Zones • ** Jumpbox • Network Access Control • VLANs • Subnetting • Network Address Translation • Telephony • PERIMETER SECURITY • Perimeter Security • Firewalls • SOHO Firewall • Proxy Servers • Honeypots and Honeynets • Data Loss Prevention • NIDS and NIPS • Unified Threat Management
Cloud Computing • Cloud Types • As a Service • Cloud Security • Defending Servers • Cloud-based Infrastructure • CASB • API • FAAS and Serverless • Cloud Threats
Workflow Orchestration • DevSecOps • IAC • Machine Learning
Network Attacks • Ports and Protocols • Memorization of Ports • Unnecessary Ports • Denial of Service • DDoS • Stopping a DDoS • Spoofing • Hijacking • Replay Attack • Transitive Attacks • DNS Attacks • ARP Poisoning
Securing Networks • Securing Network Devices • Securing Network Media • Securing WiFi Devices • Wireless Encryption • Wireless Access Points • Wireless Attacks • Demo: Wireless Attack • WPA3 • Other Wireless Technologies • PHYSICAL SECURITY • Physical Security • Surveillance • Door Locks • Demo: Lock Picking • Biometric Readers
Facilities Security • Fire Suppression • HVAC • Shielding (OBJ 2.7 • Vehicular Vulnerabilities • IoT Vulnerabilities • Embedded System Vulnerabilities • ICS and SCADA Vulnerabilities • Mitigating Vulnerabilities • Premise System Vulnerabilities
Authentication • Authentication Models • LDAP and Kerberos • Remote Desktop Services • Remote Access Service • VPN • RADIUS vs TACACS+ • Authentication Attacks
Access Control Models • Best Practices • Users and Groups • Permissions • Usernames and Passwords • User Account Control
Qualitative Risk • Quantitative Risk • Methodologies • Security Controls • Types of Risk
Vulnerability Management • Penetration Testing • Training and Exercises • OVAL • Vulnerability Assessments • Demo: Nmap Scanning • Demo: Vulnerability Scanning • Password Analysis • Demo: Password Cracking
Monitoring Types • Performance Baselining • Protocol Analyzers • SNMP • Demo: Analytical Tools • Auditing • Demo: Auditing Files • Logging • Log Files • SIEM • Syslog • SOAR
Cryptography • Symmetric vs Asymmetric • Symmetric Algorithms • Public Key Cryptography • Asymmetric Algorithms • Pretty Good Privacy • Key Management • One-Time Pad • Cryptography Considerations
Hashing • Hashing Attacks • Increasing Hash Security
Public Key Infrastructure • Digital Certificates • Demo: Certificates • Certificate Authorities • Web of Trust
Security Protocols • S/MIME • SSL and TLS • SSH • VPN Protocols • Demo: Setting up a VPN
Planning for the Worst • Redundant Power •Backup Power • Data Redundancy • Demo: RAIDs • Network Redundancy • Server Redundancy • Redundant Sites • Data Backup • Tape Rotation • Disaster Recovery Plan • Business Impact Analysis
Social Engineering • Demo: Pretexting • Insider Threat • Phishing • Motivation Factors • More Social Engineering • Fraud and Scams • Influence Campaigns • User Education
Policies and Procedures • Data Classifications • Data Ownership • PII and PHI • Legal Requirements • Privacy Technologies • Security Policies • User Education • Vendor Relationships • Disposal Policies • IT Security Frameworks
Incident Response Procedures • Incident Response Planning • Investigative Data • Forensic Procedures • Data Collection Procedures • Demo: Disk Imaging • Security Tools
