CompTIA Security+ (2011 objectives): Part 1

Part 1 of 3 in the CompTIA Security+ (2011 objectives) series. This CompTIA Security+ course will provide networking professionals with the fundamental concepts necessary to anticipate and address security risks.
Course info
Rating
(187)
Level
Beginner
Updated
Dec 27, 2011
Duration
3h 46m
Table of contents
Getting Started with CompTIA Security+ Training
Introduction to IT Security
Types of Attacks
Malware Prevention and Cleanup
Network Device Security
Secure Network Administration
Secure Network Design
TCP/IP Protocols and Port Security
Attacks on Wireless Networks
Securing Wireless Networks
Description
Course info
Rating
(187)
Level
Beginner
Updated
Dec 27, 2011
Duration
3h 46m
Description

Part 1 of 3 in the CompTIA Security+ (2011 objectives) series. This CompTIA Security+ course will provide networking professionals with the fundamental concepts necessary to anticipate and address security risks. In this course, you will learn network security, operational security, threats and vulnerabilities, access control and identity management, and cryptography. To get the most out of this course, you should hold a CompTIA Network+ certification or have equivalent experience.

About the author
About the author

Lisa specializes in systems design and security, and holds a Master of Science in Computer Science degree as well as a Bachelor degree in Education.

Section Introduction Transcripts
Section Introduction Transcripts

Getting Started with CompTIA Security+ Training
Hello and welcome to TrainSignal. You're watching the course titled CompTIA Security+ Training, and this lesson is called Getting Started with CompTIA Security+ Training. I'm your instructor, Lisa Szpunar. We just have two topics for this short introductory lesson. You'll learn about your instructor and about this course. Let's get started!

Introduction to IT Security
Hi, I'm Lisa Szpunar and you're watching Introduction to IT Security, which is part of the CompTIA Security+ training course. So like I said, we're going to be doing an intro to IT Security, and this lesson is important because it will give you the foundation you need for moving forward through this course. We'll start with What is IT Security? Then we'll get some key terms out of the way. Next we'll talk about what is called the IT Security triad, or CIA, that's Confidentiality, Integrity, and Availability. Those are three things that IT Security pros are always fighting for to have for their systems. Then we'll do the AAA protocol, which are three concepts used for control: Authentication, Authorization, and Accounting. And the exam objective that we'll be able to check off in this lesson is 2. 8, Exemplify the concepts of confidentiality, integrity, and availability.

Types of Attacks
Hi, I'm Lisa Szpunar, and you're watching the lesson Types of Attacks, which is part of the CompTIA Security+ training course. As an IT Security professional, you'll need to know what kind of attacks are out there. You'll need to know what you're up against. So this lesson introduces you to a number of common assaults that you'll need to recognize and maybe even do battle against out in the field. Things like attacks on your data while it's being transmitted, those are spoofing attacks, pharming, man-in-the-middle, replay attacks, denial of service, and distributed denial of service, something called a Smurf attack, and then the use of network scanners and sniffers by unauthorized individuals to find vulnerabilities in your organization. Then we have attacks that come by way of email, those are spam, we all know about spam, right? But we're going to talk about just how dangerous and costly spam can be, and then phishing, with a ph. You can see that phishing has a ph, pharming has a ph, that's just a common naming convention for cyber attacks. And lastly, some other attacks we'll discuss are privilege escalation, transitive access, and client-side attacks. So the test objective that we're going to cover in this lesson is Analyze and differentiate among types of attacks. Let's do just that.

Malware Prevention and Cleanup
Hi, I'm Lisa Szpunar, and this lesson is Malware Prevention and Cleanup, which is part of the CompTIA Security+ training course. And in this lesson, we will be talking about the different types of malware. We will go over the malicious code, like viruses, worms, and Trojans, then talk about the malicious software, which is spyware and adware. Next I will discuss rootkits and backdoors, which are ways for attackers to gain continued access to your machines. And after that, we've got botnets and ransomware. Finally, the last two topics I will go over are how to mitigate or attempt to prevent malware infections, and then some tips on how to remove the malicious code once it has weaseled its way into your life. The test objective is to analyze and differentiate the types of malware. Let's get started.

Network Device Security
Hello, I'm Lisa Spzunar, and you're watching the Network Device Security lesson in the CompTIA Security+ training course. In this lesson, we're going to do exactly what the objective says and talk about the security function and purpose of different network devices and technologies. We'll talk about firewalls, different networking devices like routers, switches, load balancers, and proxies. We'll discuss appliances, like web security gateways and VPN concentrators. Then we've got network-based intrusion detection and network-based intrusion prevention systems. We will also talk about other security appliances, like hardware spam filters. We are going to go into some more detail about protocol analyzers and sniffers, and last I will demonstrate how to utilize host-based filtering tools, like URL filters and content advisers. Many of these devices are designed specifically to help secure a network, and some have a different primary purpose, but still perform a security function. Either way, each has its strengths and each has its weaknesses, so let's get started.

Secure Network Administration
Hi, this is Lisa Szpunar, and you're watching the Secure Network Administration lesson in the CompTIA Security+ training course. In this lesson, we will go over the topics that are critical to secure network administration. We will discuss rule-based management, which includes access control lists and firewall rules. Then, we will go over the best practices for secure router configuration. Next we will talk about some port security topics, like 802. 1X and MAC address limiting. Then, we'll move onto flood guards and loop prevention, which both help with availability. After that, we will discuss what network bridging is and how to prevent it with network separation. And last, I will introduce you to the potentially enormous task of log analysis. We will be going over most of the test objectives for objective 1. 2, but we also have some port security topics from 3. 6. Let's get started.

Secure Network Design
Welcome to the Secure Network Design lesson in the CompTIA Security+ training course. I'm your instructor, Lisa Szpunar. In this lesson, we want to look at some security considerations for when you are putting a network design together. We'll start with security zones and designing different levels of security depending on who will be accessing what. Then we'll dive deeper into one of those security zones, the DMZ. After that, we will look at the network separation concepts of subnetting and VLANs. Next is network address translation, and then we will go over ways to securely share resources with branch offices and remote users with remote access and VPNs. The security concerns for telephony is after that, and then I'll introduce you to network access control to make sure that the machines that are connecting to your network are patched and virus free. And last we will talk about the security considerations for virtualization and cloud computing. The test objective we will be checking off in this lesson is Distinguish and differentiate network design elements and compounds. Let's get started.

TCP/IP Protocols and Port Security
Hi, this is instructor Lisa Spzunar coming to you from the TCP/IP Protocols and Port Security lesson in the CompTIA Security+ training course. In this lesson, we will be going over common TCP/IP protocols and their default ports, and looking at the security considerations for each. We will start with a review of what TCP/IP is, then we will talk about the application protocols, FTP, SSH and SCP, Telnet, SMTP, DNS, TFTP, HTTP, SFTP, SNMP, HTTPS, and FTPS. We will also talk about how SSL and TLS, an extra application layer security. Next, we will talk about transport layer protocols, the two big guys, TCP and UDP. Then at the internet layer, the protocols IP, ICMP, and ARP. And we'll finish off the lesson with IP Security. Our exam objectives are Implement and use common protocols, and Identify commonly used default network ports. It's important to know the basics of TCP/IP so you can understand what is happening behind the scenes when you communicate over networks, and being familiar with the most common protocols and ports and their security vulnerabilities and strengths will help you to set policy and make configurations on the job, because you need to make sure you have only the ports and services that are secure and needed running and don't have any antiquated protocols still enabled in your environment. Let's get started.

Attacks on Wireless Networks
Hello, I'm Lisa Szpunar, your instructor for this lesson called Attacks on Wireless Networks, which is part of the CompTIA Security+ training course. It is super important to know what attacks are out there and what we can do to try to prevent them. We have already talked about wired network attacks like denial-of-service and man-in-the-middle; those all still apply to wireless networks. But in this lesson, we will be going over the attacks that target wireless networks specifically. We'll start by discussing two attacks where the attacker uses their own access point that they control to launch attacks on your network or your users. Those are called rogue access points and evil twin attacks. Then, we will move on to wardriving and warchalking, which are two ways for attackers to find and keep track of unsecured networks. Then, we will talk about initialization vector attacks, which take advantage of the weaknesses built into older and weaker wireless encryption methods. After that, we will revisit packet sniffing and see just how dangerous plain text transmissions can be. Bluetooth makes a tiny wireless network, and it has its attack types, too. So we'll talk about bluejacking and bluesnarfing. And last, we will discuss intentional wireless interference. And the exam objective for this lesson is Analyze and differentiate among types of wireless attacks. Let's get started.