Security+ Certification

The Computer Institute is a unique training institute and we offer personalized service that no other training institute can match.

Take a moment to learn about the Computer Institute.

Read our newsletters and get latest information.

We help our graduates secure top jobs in the IT industry.

After browsing our class schedule, register to take any of our classes.

We work closely with our partners to provide you with a wide variety of services.

Financing is never a problem. For qualified applicants, We can help to secure funds to further their education and find employment that utilizes new skills.

Find out about job openings at the Computer Institute.

The Computer Institute class schedule is posted online for your convenience.

Get detailed information about certification workshops offered by the Computer Institute.

As a Microsoft Certified Technical Education Center (CTEC) we offer quality education in partnership with Microsoft.

Get detailed information about A+ certification workshops offered by the Computer Institute.

Get detailed information about Network+ certification workshops offered every month by the Computer Institute.

Get detailed information about Security+ certification offered every month by the Computer Institute.

Get detailed information about Microsoft Certified Systems Engineer certification (MCSE) program offered by the Computer Institute.

Learn how to become Cisco certified by taking workshops offered by the Computer Institute.

Get detailed information about Novell CNA certification workshops offered by the Computer Institute.

Get detailed information about Oracle Certified Developer courses offered by the Computer Institute.

Get detailed information about Oracle Certified DBA courses offered by the Computer Institute.

Get detailed information about Oracle Certified Developer & DBA courses offered by the Computer Institute.

Learn about courses offered for Web designers and developers.

1335 Rockville Pike
Rockville, MD 20852
(301) 424-0044
(301) 424-1693 (fax)

COMPUTER

INSTITUTE

Wednesday, August 20, 2008

Course Outline: Security+ Certification

General Security Concepts

1.1. Access Control

1.1.1. MAC/DAC/RBAC

1.2. Authentication

1.2.1. Kerberos
1.2.2. CHAP
1.2.3. Certificates
1.2.4. Username/Password
1.2.5. Tokens
1.2.6. Multi-Factor
1.2.7. Mutual Authentication
1.2.8. Biometrics

1.3. Non-essential Services and Protocols - Disabling unnecessary systems / process / programs.

1.4. Attacks

1.4.1. DOS/DDOS
1.4.2. Back Door
1.4.3. Spoofing
1.4.4. Man in the Middle
1.4.5. Replay
1.4.6. TCP/IP Hijacking
1.4.7. Weak Keys
1.4.8. Mathematical
1.4.9. Social Engineering
1.4.10. Birthday
1.4.11. Password Guessing

1.4.11.1. Brute Force
1.4.11.2. Dictionary

1.4.12. Software Exploitation

1.5. Malicious Code

1.5.1. Viruses
1.5.2. Trojan Horses
1.5.3. Logic Bombs
1.5.4. Worms

1.6. Social Engineering

1.7. Auditing - Logging, system scanning

Communication Security

1.1. Remote Access

1.1.1. 802.1x
1.1.2. VPN
1.1.3. RADIUS
1.1.4. TACACS/+
1.1.5. L2TP/PPTP
1.1.6. SSH
1.1.7. IPSEC
1.1.8. Vulnerabilities

1.2. Email

1.2.1. S/MIME
1.2.2. PGP
1.2.3. Vulnerabilities

1.2.3.1. Spam
1.2.3.2. Hoaxes

1.3. Web

1.3.1. SSL/TLS
1.3.2. HTTP/S
1.3.3. Instant Messaging

2.3.3.1 Vulnerabilities
2.3.3.2 8.3 Naming Conventions
2.3.3.3 Packet Sniffing
2.3.3.4 Privacy

1.3.4. Vulnerabilities

1.3.4.1. Java Script
1.3.4.2. ActiveX
1.3.4.3. Buffer Overflows
1.3.4.4. Cookies
1.3.4.5. Signed Applets
1.3.4.6. CGI
1.3.4.7. SMTP Relay

1.4. Directory - Recognition not administration

1.4.1. SSL/TLS
1.4.2. LDAP

1.5. File Transfer

1.5.1. S/FTP
1.5.2. Blind FTP/Anonymous
1.5.3. File sharing
1.5.4. Vulnerabilities

1.5.4.1. Packet Sniffing

1.6. Wireless

1.6.1. WTLS
1.6.2. 802.11x
1.6.3. WEP/WAP
1.6.4. Vulnerabilities

1.6.4.1. Site Surveys

Infrastructure Security

1.1. Devices

1.1.1. Firewalls
1.1.2. Routers
1.1.3. Switches
1.1.4. Wireless
1.1.5. Modems
1.1.6. RAS
1.1.7. Telecom/PBX
1.1.8. VPN
1.1.9. IDS
1.1.10. Network Monitoring/Diagnostic
1.1.11. Workstations
1.1.12. Servers
1.1.13. Mobile Devices

1.2. Media

1.2.1. Coax
1.2.2. UTP/STP
1.2.3. Fiber
1.2.4. Removable media

1.2.4.1. Tape
1.2.4.2. CDR
1.2.4.3. Hard drives
1.2.4.4. Diskettes
1.2.4.5. Flashcards
1.2.4.6. Smartcards

1.3. Security Topologies

1.3.1. Security Zones

1.3.1.1. DMZ
1.3.1.2. Intranet
1.3.1.3. Extranet

1.3.2. VLANs
1.3.3. NAT
1.3.4. Tunneling

1.4. Intrusion Detection

1.4.1. Network Based

1.4.1.1. Active Detection
1.4.1.2. Passive Detection

1.4.2. Host Based

1.4.2.1. Active Detection
1.4.2.2. Passive Detection

1.4.3. Honey pots
1.4.4. Incident Response

1.5. Security Baselines

1.5.1. OS/NOS Hardening (Concepts and processes)

1.5.1.1. File System
1.5.1.2. Updates (Hotfixes, Service Packs, Patches)

1.5.2. Network Hardening

1.5.2.1. Updates (Firmware)
1.5.2.2. Configuration

1.5.2.2.1. Enabling and Disabling Services and Protocols
1.5.2.2.2. Access control lists

1.5.3. Application Hardening

1.5.3.1. Updates (Hotfixes, Service Packs, Patches)
1.5.3.2. Web Servers
1.5.3.3. Email Servers
1.5.3.4. FTP Servers
1.5.3.5. DNS Servers
1.5.3.6. NNTP Servers
1.5.3.7. File/Print Servers
1.5.3.8. DHCP Servers
1.5.3.9. Data Repositories

1.5.3.9.1. Directory Services
1.5.3.9.2. Databases

Basics of Cryptography

1.1. Algorithms

1.1.1. Hashing
1.1.2. Symmetric
1.1.3. Asymmetric

1.2. Concepts of Using Cryptography

1.2.1. Confidentiality
1.2.2. Integrity

1.2.2.1. Digital Signatures

1.2.3. Authentication
1.2.4. Non-Repudiation

1.2.4.1. Digital Signatures

1.2.5. Access Control

1.3. PKI

1.3.1. Certificates - Distinguish which certificates are used for what purpose. Basics only.

1.3.1.1. Certificate Policies
1.3.1.2. Certificate Practice Statements

1.3.2. Revocation
1.3.3. Trust Models

1.4. Standards and Protocols

1.5. Key Management/Certificate Lifecycle

1.5.1. Centralized vs. Decentralized
1.5.2. Storage

1.5.2.1. Hardware vs. Software
1.5.2.2. Private Key Protection

1.5.3. Escrow
1.5.4. Expiration
1.5.5. Revocation

1.5.5.1. Status Checking

1.5.6. Suspension

1.5.6.1. Status Checking

1.5.7. Recovery

1.5.7.1. M of N Control

1.5.8. Renewal
1.5.9. Destruction
1.5.10. Key Usage

1.5.10.1. Multiple Key Pairs (Single, Dual)

Operational/Organizational Security

1.1. Physical Security

1.1.1. Access Control

1.1.1.1. Physical Barriers
1.1.1.2. Biometrics

1.1.2. Social Engineering
1.1.3. Environment

1.1.3.1. Wireless Cells
1.1.3.2. Location
1.1.3.3. Shielding

1.1.3.4. Fire Suppression

1.2. Disaster Recovery

1.2.1. Backups

1.2.1.1. Off Site Storage

1.2.2. Secure Recovery

1.2.2.1. Alternate Sites

1.2.3. Disaster Recovery Plan

1.3. Business Continuity

1.3.1. Utilities
1.3.2. High Availability / Fault Tolerance
1.3.3. Backups

1.4. Policy and Procedures

1.4.1. Security Policy

1.4.1.1. Acceptable Use
1.4.1.2. Due Care
1.4.1.3. Privacy
1.4.1.4. Separation of duties
1.4.1.5. Need to Know
1.4.1.6. Password Management
1.4.1.7. SLA
1.4.1.8. Disposal / Destruction
5.4.1.9 HR Policy

5.4.1.9.1 Termination - Adding / revoking passwords, privileges, etc.
5.4.1.9.2 Hiring - Adding / revoking passwords, privileges, etc.
5.4.1.9.3 Code of Ethics

1.4.2. Incident Response Policy

1.5. Privilege Management

1.5.1. User/Group/Role Management
1.5.2. Single Sign-on
1.5.3. Centralized vs. Decentralized
1.5.4. Auditing (Privilege, Usage, Escalation)
1.5.5. MAC/DAC/RBAC

1.6. Forensics (Awareness, conceptual knowledge and understanding - know what your role is)

1.6.1. Chain of Custody
1.6.2. Preservation of Evidence
1.6.3. Collection of Evidence

1.7. Risk Identification

1.7.1. Asset Identification
1.7.2. Risk Assessment
1.7.3. Threat Identification
1.7.4. Vulnerabilities

1.8. Education - Training of end users, executives and HR

1.8.1. Communication
1.8.2. User Awareness
1.8.3. Education
1.8.4. Online Resources

1.9. Documentation

1.9.1. Standards and Guidelines
1.9.2. Systems Architecture
1.9.3. Change Documentation
1.9.4. Logs and Inventories
1.9.5. Classification
1.9.5.1. Notification
1.9.6. Retention/Storage
1.9.7. Destruction

Back to the Top of this page


Copyright Computer Institute 1999 Last Updated: Wednesday, August 20, 2008