Security+ COURSE DETAILS

1.1 Indicators of compromise

  •   Why is security important?
  •   Security policy
  •   Threat actor types
  •   The kill chain
  •   Social engineering
  •   Phishing
  •   Malware types
  •   Trojans and spyware
  •   Open source intelligence

1.2 Critical security controls

  •   Security control types
  •   Defense in depth
  •   Frameworks and compliance
  •   Vulnerability scanning and pentests
  •   Security assessment techniques
  •   Pentesting concepts
  •   Vulnerability scanning concepts
  •   Exploitation frameworks

1.3 Security posture assessment tools

  •   Topology discovery
  •   Service discovery
  •   Packet capture
  •   Packet capture tools
  •   Remote access Trojans
  •   Honeypots and honeynets

1.4 Incident response

  •   Incident response procedures
  •   Preparation phase
  •   Identification phase
  •   Containment phase
  •   Eradication and recovery phases

2.1 Cryptography

  •   Uses of cryptography
  •   Cryptographic terminology and ciphers
  •   Cryptographic products
  •   Hashing algorithms
  •   Symmetric algorithms
  •   Asymmetric algorithms
  •   Diffie-Hellman and elliptic curve
  •   Transport encryption
  •   Cryptographic attacks

2.2 Public key infrastructure

  •   PKI standards
  •   Digital certificates
  •   Certificate authorities
  • Types of certificate
  •   Implementing PKI
  •   Storing and distributing keys
  •   Key status and revocation
  •   PKI trust models
  •   PGP/GPG

2.3 Identification and authentication

  •   Access Control systems
  •   Identification
  •   Authentication
  •   LAN manager/NTLM
  •   Kerberos
  •   PAP, CHAP and MS-CHAP
  •   Password attacks
  •   Token-based authentication
  •   Biometric authentication
  •   Common access card

2.4 Identity and access services

  •   Authorization
  •   Directory services
  •   Radius and TACACS+
  •   Federation and trusts
  •   Federated identity protocols

2.5 Account management

  •   Formal access control models
  •   Account types
  •   Windows active directory
  •   Creating and managing accounts
  •   Account policy enforcement
  •   Credential management policies
  •   Account restrictions
  •   Accounting and auditing

3.1 Secure network design

  •   Network zones and segments
  • Subnetting
  •   Switching infrastructure
  •   Switching attacks and hardening
  •   Endpoint security
  •   Network access control
  •   Routing infrastructure
  •   Network address translation
  •   Software defined networking

3.2 Firewalls and load balancers

  •   Basic firewalls
  •   Stateful firewalls
  •   Implementing a firewall or gateway
  •   Web application firewalls
  •   Proxies and gateways
  •   Denial-of-service attacks
  •   Load balancers

3.3 IDS and SIEM

  •   Intrusion detection systems
  •   Configuring IDS
  •   Log review and SIEM
  •   Data loss prevention
  •   Malware and intrusion response

3.4 Secure wireless access

  •   Wireless LANs
  •   WEP and WPA
  •   Wi-Fi authentication
  •   Extensible authentication protocol
  •   Additional Wi-Fi security settings
  •   Wi-Fi site security
  •   Personal area networks

3.5 Physical security controls

  •   Site layout and access
  •   Gateways and locks
  • Alarm systems
  •   Surveillance
  •   Hardware security
  •   Environmental controls

4.1 Secure protocols and services

  •   DHCP security
  •   DNS security
  •   Network management protocols
  • Http and web servers
  •   SSL / TLS and HTTPS
  •   Web security gateways
  •   Email services
  •   S/mime
  •   File transfer
  •   Voice and video services
  •   Voice over IP (VOIP)

4.2 Secure remote access

  • Remote access architecture
  •   Virtual private networks
  •   IPSEC and IKE
  •   Remote access servers
  •   Remote administration tools
  •   Hardening remote access infrastructure

4.3 Secure systems design

  •   Trusted computing
  •   Hardware / firmware security
  •   Peripheral device security
  •   Secure configurations
  •   OS hardening
  •   Patch management
  •   Embedded systems
  •   Security for embedded systems

4.4 Secure mobile device services

  •   Mobile device deployments
  •   Mobile connection methods
  •   Mobile access control systems
  •   Enforcement and monitoring

4.5 Secure virtualization and cloud services

  •   Virtualization technologies
  •   Virtualization security best practices
  •   Cloud computing
  •   Cloud security best practices

5.1 Forensics

  •   Forensic procedures
  •   Collecting evidence
  •   Capturing system images
  •   Handling and analyzing evidence

5.2 Disaster recovery and resiliency

  •   Continuity of operations planning
  •   Disaster recovery planning
  •   Resiliency strategies
  •   Recovery sites
  •   Backup plans and policies
  •   Resiliency and automation strategies

5.3 Risk management

  •   Business impact analysis
  •   Identification of critical systems
  •   Risk assessment
  •   Risk mitigation

5.4 Secure application development

  •   Application vulnerabilities
  •   Application exploits
  •   Web browser exploits
  •   Secure application design
  •   Secure coding concepts
  •   Auditing applications
  •   Secure DevOps

5.5 Organizational security

  •   Corporate security policy
  •   Personnel management policies
  •   Interoperability agreements
  •   Data roles
  •   Data sensitivity labeling and handling
  •   Data wiping and disposal
  •   Privacy and employee conduct policies
  •   Security policy training

Training clients in the fufilling and lucrative industry of cyber security.