Comptia Security+ Eckel Technology Consultants

Introduction  Netlearn IT training and Consulting LLC.  Specializing in :  Comptia Training  Novell Suse Linux Training  Linux Consulting  Citrix Xenserver Consulting

Partners  Citrix  Comptia  Novell  Phd Virtual Backup Solutions  Vmware  Symantec

Contact Information  Kevin Eckel   1239 Bower Hill Rd.  Pittsburgh PA  Phone  Fax

The Exam SY0-201  Time: 90 minutes  Number of Questions: 100  Passing Score: 750 /1000  Some Beta Questions which do not count towards your score  Exam Format: Multiple choice where you chose the best answer (radio buttons) or multiple correct answers ( square )

Tested Material Breakdown  Network Security 21%  Compliance and Operational Security 18%  Threats and Vulnerabilities 21%  Application, Data and Host Security 16%  Access Control 13%  Cryptography 11%

Objectives  Network Security  Network Devices  Firewalls  Routers  Switches  Load Balancers  Proxies  Web Security Gateways  VPN Concentrators  NIDS and NIPS ( Behavior, signature and anamoly, Heuristic )  Protocol Analyzers  Spam filters  Web Application Filters  URL filtering

Network Security Cont.  Implementation  Rule based  Vlans  ACLs  Port Security  Wireless  Flood Guards  Loop Protection  Implicit Deny  Log Analysis

Network Security Cont. 2  Network Design Elements  DMZ  Subnet  Vlan  Nat  Remote Access Control  NAC  Virtulization  Cloud Computing ( PAAS, SAAS, IAAS )

Wireless  Wireless Protocols  WEP,WPA,WPA2,EAP,PEAP  Wireless Security  Mac Filtering  SSID  TKIP  CCMP  Antenna Placement  Power Level Controls

Compliance and Operational Security  Control Types  Technical  Management  Operational  False Positives  Policies  Privacy  Acceptable Use  Security  Mandatory Vacations  Job Rotation  Separation of Duties  Least Privilege

Risk Calculation  Likelihood  ALE  Impact  Quantitative VS Qualitative  Risk Management Procedures  Avoidance  Transference  Acceptance  Mitigation  Deterence

Basic Forensics  Order of volatility  Capture System Image  Network Traffic and Logs  Capture Video  Record Time Offset  Take Hashes  Screenshots  Witness  Track People Hours and expense

Forensics Cont.  Damage and Loss Control  Chain of Custody  Incident Response  Security Training  PII

Risk Mitigation  Security Controls  Change Management  Incident Management  User Rights  Audits  Policies and Procedures  Incident Response Procedures

Network Security Cont. 3  Implementing Common Protocols  IPSEC  SNMP  SSH,SCP  DNS  TLS  HTTP,HTTPS,SSL  TCP/IP,IPv4,IPv6  TFTP,FTP,SFTP,FTPS  NETBIOS

Hardware Security  Bios  USB Devices  Cell Phones  Removeable Storage  NAS

OS hardening  Hotfixes  Service Packs  Patches  Patch Management  Group Policies  Security Templates  Configuration Baselines

Establishing Security

Security Awareness Training  Security Policy training  PII  Data Classification  Compliance  User Habits  Password  Data Handling  Clean desk policies  Tailgating  Threat Awareness  Phlishing  Zero Day Attacks  Social Networking

Business Continuity  Business Impact Analysis (BIA)  Single point of failure  Continuity of operations  Disaster Recovery  IT contingency planning  Succession Planning

Environmental Controls  HVAC  Fire Suppression  EMI  Hot and Cold Aisles  Environmental monitoring  Temperature and humidity controls  Video Monitoring

Execute disaster Recovery Plans  Backup/Backout contingency plans  Backup, execution and frequency  Redundancy and fault tolerance  Hardware  Raid  Cluster  Load balancing  HA  Cold site, hot site, warm site  Mean time to restore, mean time between failures, recovery time objectives and recovery point objectives.

Pillars of Security  Confidentiality  Integrity  Availability

Threats and Vulnerabilities  Types of malware  Adware  Virus  Worm  Spyware  Trojan  Rootkits  Backdoors  Logic Bomb  Botnets

Types of attacks  Man in the middle  Ddos  Dos  Replay  Smurf  Spoofing  Spam  Phlishing

Attacks Cont.  Spim  Vishing  Spear Phishing  Xmas Attack  Pharming  Privilege Escalation  Malicious Insider Threat  Dns Poisoning and Arp Poisoning  Transitive Access  Client Side Attacks

Social Engineering Attacks  Shoulder surfing  Dumpster Diving  Tailgating  Impersonation  Hoaxes  Whaling  Vishing

Wireless Attacks  Rogue Access Points  Interference  Evil Twin  War Driving  Bluejacking  Bluesnarfing  War Chalking  IV attack  Packet Sniffing

Application Attacks  Cross Site scripting  SQL injection  LDAP  XML injection  Directory transversal/command injection  Buffer Overflow  Zero Day  Cookies  Malicous Add-ons  Session Hijacking  Header Manipulation

Mitigation Techniques Failsafe/secure Logs – Event Logs – Audit Logs – Security – Access Logs

Physical Security Hardware Locks Mantraps Video Surveillance Fencing Proximity Readers Access List

Hardening Disable Unnecessary Services Protect Management Services Password Protection Disable Unnecessary Accounts

Port Security Mac filtering 802.1x Disable unused ports

Security Posture Initial Baseline Configuration Continuous Security Monitoring Remediation

Reporting Alarms Alerts Trends

Correction vs Prevention IDS vs IPS Camera vs guard Vulnerability scans Tools – Protocol Analyzer – Sniffer – Vulnerability Scanner – Honey Pots – Honey Nets – Port Scanner

Risk Calculation Threat vs Likelihood

Assessment Technique Baseline Reporting Code Review Determine Attack Surface Architecture Design Review Penetration Testing Vulnerability Testing Black vs White vs Grey Box testing

Application Data and Host Security Fuzzing Secure coding concepts Error and exception handling Input validation Cross site scripting Prevention Cross site request forgery Application configuration baseline Application hardening Application Patch Mgmt

Host Security OS security and settings Ant: – Virus – Spam – Spyware – Pop-ups Host based firewalls Patch mgmt

Hardware Security Cable locks Safe Locking cabinets Host security baselining

Mobile Devices – Screen lock – Strong Password – Device Encryption – Remote Wipe – Voice Encryption – GPS tracking

Virtualization Guest Operating Systems Isolated from each other and hypervisor Each guest needs to be patched individually

Data Security Data Loss Prevention – Full Disk Encryption – Database – Removable media – Mobile files

Hardware based Encryption TPM HSM USB Hard Drive Cloud Computing

Access Control and Identity management Radius TACACS+ Kerberos LDAP XTACACS

Authentication Authorization Auditing Identification Authentication Multifactor Authentication