Architecture and Design are critical components to maintaining a successful security posture. This course covers the concepts you need to understand and the technologies used to create a secure environment and protect company assets.
Security is the number one thing that every company needs, and with each massive breach this becomes more and more apparent. IT security is a multi-pronged approach and employs defense-in-depth principles. In this course, Architecture and Design for CompTIA Security+, you'll learn architecture and design for CompTIA Securty+. First, you'll start by learning the best practices and frameworks required for creating a secure environment. Next, you'll discover designing secure networks, honeypots, VPNs, firewalls, and various security infrastructure. Then, you'll explore the virtualization techniques, and how IaaS and PaaS, coupled with cloud technologies can increase security. Finally, you'll learn about the importance of physical security and how that can strengthen or weaken your overall security posture. By the end of this course, you'll have a better understanding of critical components to maintaining a successful security posture.
Chris is a lifelong learner and professional information technologist, trainer and IT Manager. Married with 3 children, Chris is interested in martial arts, working out, spending time with family and friends and being creative whenever possible.
Course Overview Hey, everyone. My name is Christopher Rees, and welcome to my course, Architecture and Design for CompTIA Security Plus. In addition to being a trainer here at Pluralsight, I'm a former a law enforcement officer who specialized in computer crimes, and I have over 20 years of enterprise IT experience. I have also been training students from all over the world since 1998. In this course, we're going to cover the various concepts and technologies associated with architecting and designing a secure infrastructure for your company. You'll learn the various frameworks, infrastructure components, automation technologies, and security controls required to ensure your company's data is secure and highly available. Some of the major topics that we'll cover include secure network architecture concepts, including topologies, segmentation concepts, virtualization, and air gaps, we'll talk about security staging, and establishing baselines in environments for test, dead, staging, and production environments, security concerns with embedded systems, virtualization and cloud security concepts, including infrastructure as a service, platform as a service, and also software as a service models, architecting for resiliency and high availability, and then physical security controls, including alarms, guards, biometrics, and key management best practices. By the end of this course, you'll know the key concepts and technologies required to work on designing and architecting a secure environment for your company, no matter how big or small, or in what industry. Before beginning the course, having some exposure to CompTIA's a plus and, or network plus concepts is helpful, but not a requirement. Form here, you should feel comfortable diving into advanced security topics, with courses on CompTIA's Advanced Security Practitioner, and also Malware Analysis, The Big Picture. So I hope you will join me on this journey to learn secure architecture and design concepts, with the Architecture and Design for CompTIA's Secuirty Plus course, here at Pluralsight.
Frameworks, Best Practices, and Secure Configuration Guides Hey, welcome back to Pluralsight. I'm your instructor, Christpher Rees, and in this course, we're going to be covering architecture and design, specifically in this module, frameworks, best practices, and secure configuration guides. So, a lot to cover, important stuff that you need to be aware of from a regulatory standpoint to make sure you're in compliance with the various regulatory or oversight committees, or just frameworks in general, to make sure you're as secure as possible, but also in compliance with these various agencies. So let's take a look at what we're going to cover today, and we're going to talk about several things. Industry-standard frameworks and reference architectures. Alright, so it's important that you understand what a reference architecture is. We'll talk about regulatory, non-regulatory, national versus international, because obviously there's some differentiation there, and also industry-specific frameworks. We'll also talk about benchmarks and secure configuration guides, talking about platform and vendor-specific guides, then we'll talk about things like web servers and also things like operating systems, application servers, network infrastructure devices, general purpose guides, and so forth. To make sure that we understand that there is a clear and methodical approach to making sure these different types of platforms and operating systems are in fact as locked down and as secure as possible. And then we'll talk about defense-in-depth and layered security, basically vendor diversity, and also control diversity. Now we've talked about defense-in-depth and so forth in other modules as well, and then we'll talk about a few other control types, such as administrative controls and also technical controls. So a lot of important stuff here, so let's go ahead and jump right in.
Security Implications of Embedded Systems Hey, welcome back to Pluralsight. I'm your instructor, Christopher Rees. And in this module, we're going to be covering the security implications of embedded systems, so let's go ahead and get started. So, the main goal here or the module goal, embedded systems they're literally everywhere. They control things from thermostats to critical infrastructure, so what I want you to do is to think about, from a security mindset, is to just realize that really, everything is a target. Be aware of all the things around you in your environment, things you may take for granted. Obviously, the big things that everyone thinks about, routers, switches, infrastructures, servers, storage, all of those things are the main components that makeup our network and makeup our infrastructure, are natural things to focus on, but the other things too, the wearables or the IoT devices, all of these things become attack vectors and attack surfaces. There are ways for hackers to get their foot in the door. And as we know, once their foot is in the door, they elevate privileges, they install persistence, they maintain persistence, they can come and go as they please, they pivot, once they're inside of our network, jump from network to network and explore, they extract things of value or they destroy or they just sit there and wait. Different groups have different methods of operation and different goals obviously. Some are easy to detect, some are difficult. The easiest way to avoid all of that obviously is to not let them in in the first place. The thing that compounds that obviously is the fact that these things can leave our environment, go outside of our perimeter, go outside of our safety zones, and then come back in to our network. It used to be that laptops were the primary culprit for that, but now with wearables and the IoT devices, things can come and go much more easily. So, in this module, we have a few things to cover. We have SCADA systems and ICS, smart devices as I mentioned, Internet of Things or IoT devices, wearable technology, home automation, and so forth. HVAC, we have SoC or Systems on a Chip. We have Real-Time Operating Systems or RTOS, printers and MFDs or Multi-Function Devices, camera systems, and then special purpose things like medical devices, vehicles, aircraft, and then the unmanned aircraft, right, the UAVs, so let's go ahead and get started.
Secure Application Development and Deployment Hey everyone, welcome back to Pluralsight, I'm your instructor, Christopher Rees, and in this module we're going to be covering Secure Application Development and Deployment. So, in this module, we have a few things I want to cover. Some important information that I definitely want you to incorporate into your overall mindset. So we're going to talk about development life-cycle models, we'll talk about secure DevOps, we'll talk about version control and change management, the importance of that, provisioning and deprovisioning, secure coding techniques, and then also code quality and testing, and then compiled versus runtime code. Now each of these has some subtopics, again very important, so let's go ahead and get started. Okay, so the main takeaways for this module, is three main things. I want you to understand the need and the importance of managing change to ensure security. We really can't just do things willy nilly, we can't do things without a plan, as I talked about before, when you fail to plan, you plan to fail. So everything has to be managed properly and has to be managed in a secure fashion. Alright, change management is very important. Next, always develop secure code. I know a lot of the tenets of DevOp is very quick iteration and quick feedback loop and get things out, coded and tested and into production very quickly, and that may seem at odds with security, which likes to take their time and do things a little more slowly, fully test, regression test and so forth, but the two can coexist. But you have to have security in mind from the outset, alright, so always develop secure code. And then lastly, think and test like an attacker. Right, we want to have that hacker mindset. Always look at your environment, your code, your applications and so forth, the various pieces of your infrastructure, and always think like an attacker. How would they try to get in, what ways and methods would they use, where's the weak links in the chain? So if we take that mindset and not have security as an afterthought, we stand a much better chance of securing the environment, both internally and externally.
Cloud and Virtualization Hey everyone, welcome back. I'm your instructor Christopher Rees, And in this module, we'll be covering Cloud and Virtualization. So, some good information here, Cloud is everywhere, Virtualization is everywhere, so, these skills are definitely going to be important to you, as you move forward throughout your career, no matter which path you take. So, I would recommend you definitely pay close attention and internalize this information. So, we start of with Hypervisor Types. We have Type I, Type II, and then Application cells/containers. We also have something we refer to as VM sprawl avoidance. So, something you definitely want to pay attention to. VM escape protection, again another security concern. Also talk about Cloud storage, and then we'll talk about Cloud deployment models, Software as a service, Platform as a service, and Infrastructure as a service. We'll talk about the Cloud Types being Public, Public and Hybrid. And I'll also talk about Community Clouds. We'll talk about On-premise vs. hosted vs. cloud, along with VDI or Virtual Desktop Infrastructure, and VDE, And then we'll also talk about Cloud Access Security Broker, and then Security as a Service. So, let's go ahead and get started.
Physical Security Controls Hey, everyone, welcome back to Pluralsight. I'm your instructor Christopher Rees, and in this module we're going to be covering physical security controls. So, a lot of information to cover in this module, so we'll talk about lighting, signs, fencing, security guards and alarms, safes, and secure cabinets and enclosures. We'll also talk about protected distribution and protected cabling, also the concept of an airgap network, mantraps, Faraday cages, lock types, and biometrics. We'll also talk about barricades and bollards, tokens and cards, and then various environmental controls, including HVAC, hot and cold aisles, and fire suppression, along with cable locks, screen filters, cameras, motion detection, logs, infrared detection, and key management. So that's (laughs) a mouthful for sure. A lot of important information, however, for a number of reasons, all right? So there's a few goals in this module. Number one, to understand the importance of maintaining physical security. Now, as we know, security is everyone's responsibility, and also to understand that breaches can come from many sources. So a lot of the times physical security gets overlooked, but the reality is physical security is where things start. Breaches can occur just as easily from the outside as they can the inside, and, in fact, a large number of breaches actually start internally. So by understanding the true importance of maintaining physical security, my goal here is to make sure that everyone has that in the back of their mind, so if you see something you say something, and also just making sure that physical security controls are in place and maintained. If a light bulb's out, if a door's cracked open, if a fence isn't working, things along these lines. If you see something, make sure you fix it. Don't assume it's somebody else's job. Security is everyone's responsibility. So let's go ahead and get started.