CompTIA Security+
Accredited by:

Computing Technology Industry Association (CompTIA), USA

 

Program Description:

CompTIA Security+ not only ensures that candidates will apply knowledge of security concepts, tools, and procedures to react to security incidents; it ensures that security personnel are anticipating security risks and guarding against them.

CompTIA Security+ is an international, vendor-neutral certification that demonstrates competency in:

• Network security

• Compliance and operational security

• Threats and vulnerabilities

• Application, data and host security

• Access control and identity management

• Cryptography

CompTIA Security+ not only ensures that candidates will apply knowledge of security concepts, tools, and procedures to react to security incidents; it ensures that security personnel are anticipating security risks and guarding against them.

 

Module Outline:

Module 01

Topic A :  System Maintenance

• Causes of Compromised Security

• Technology Weaknesses

• Configuration Weaknesses

• Policy Weaknesses

• Human Error and Malice

• Securing the Operating System

• Microsoft Update

• Windows Update Categories

• Demo – A-2: Updating the Operating System

• Patch Management

• Demo – A-3: Managing Software Patches

• Service Packs

• Demo – A-4: Checking for and Installing Service Packs

• BIOS Version

• BIOS Update

• Demo – A-5: Determining Whether you Need to Update your Computer’s BIOS

• Windows Firewall

• User Account Control

• Demo – A-6: Configuring Windows Firewall

Topic B: Application Security

• Application Vulnerabilities

• Countermeasure

• Demo – B-1: Managing Application Security

Topic C :  Physical Security

• Physical Access Control

• Smart Card and Reader

• Fingerprint Scanner

• Biometric Devices

• Plant Security

• Cipher Lock

• Man-Trap

Topic D: Malware

• Malware Varieties

• Malware Effects Anti-malware

• Antivirus Software

• Anti-malware Products

• Demo – D-2: Installing Antivirus Software

• Windows Defender

• Demo – D-3: Scanning your System for Spyware

Topic E: Social Engineering

• Social Engineering

• Types of Social Engineering

• Social Engineering Countermeasures

• Pishing

• Demo – E-2: Examining Phishing

• Spam

• Social Networking

• Unit 01 Review

Module  02 – Cryptography

Topic A: Symmetric Cryptography

• ROT13 Cipher

• Keys

• Symmetric Encryption in Action

• Common Symmetric Ciphers

• Hashes

• Uses for Hashes

• MD5 Hash Algorithm

• SHA

• Hash Vulnerabilities

• Demo – A-2: Calculating Hashes

• Steganography

• Demo – A-3: Sharing a Secret Message with Steganography

Topic B: Public Key Cryptography

• Public Key Cryptography

• Asymmetric Encryption in Action

• Common Asymmetric Ciphers

• Demo – B-1: Exploring Public Key Cryptography

• Digital Signatures

• Signature Process

• Features of Signatures

• Digital Certificates

• Certificate Types

• Demo – B-2: Examining Certificates

• Public Key Infrastructure

• Certificate Policy

• Certificate Practice Statement

• Trust Models

• Single-authority Trust Model

• Hierarchical Trust Model

• Web of Trust Model

• Demo – B-3: Examining Certificate Trusts Single- and Dual-key Certificates

• Quantum Cryptography

• Module 02 Review

Module 03 – Authentication

Topic A: Authentication Factors and Requirements

• Three Steps to Secure Resources

• Authentication Factors

• One-factor Authentication

• Two-factor Authentication

• Three-factor Authentication

• Considerations

• Identification and Authentication

• Identity Proofing

• Single Sign-on

Topic B: Authentication Systems

Authentication Protocols

• NTLM

• NTLM Challenge-response

• NTLM Vulnerabilities

• Kerberos

• Kerberos System Composed of:

• Kerberos Data Types:

• Kerberos Authentication Process

• Cross-realm Authentication

• Kerberos Security Weaknesses

• Null Sessions

Topic C: Authentication System Variables

• Authentication Vulnerabilities

• Secure Passwords

• Password Realities

• Least Privilege

• Demo – C-1: Identifying Authentication Vulnerabilities

• Wireshark

• Demo – C-2: Capturing Passwords with a Protocol Analyzer

• Password Cracking

• Password Guessing

• SAM and SYSTEM Files

• Demo – C-3: Cracking Passwords

• Module 03 Review

Module 04 – User – and Role-based Security

Topic A: Baseline Security Policies

• Security Baselines

• Demo – A-1: Using MBSA to Analyze Security

• Group Policy Settings

• Local GPO Types

• GPO Editor

• Local Computer GPO Nodes

• Demo – A-2: Creating a Console to Manage Local Security Policies

• Policy Properties Dialog Box

• Container Types

• Types of Domain GPOs

• GPOs Applied in this Order

• Demo – A-3: Using the GPMC

Topic B: Resource Access Groups

• Demo – B-1: Creating Users and Groups Based on Security Needs Permissions

• File System Security

• Access Control Models

• Demo – B-2: Securing File Resources

• Module 04 Review

Module 05 – Peripheral Security

Topic A: File and Disk Encryption

• File and Disk Encryption

• File-level Encryption

• Demo – A-1: Enabling File-based Encryption

• Whole Disk Encryption

• Windows BitLocker

• BitLocker Life Cycle

• Recovery

• Other Disk Encryption Tools

• Demo – A-2: Creating an Encrypted Volume

• Demo – A-3: Mounting, Using, and Dismounting an Encrypted Volume

Topic B: Peripheral and Component Security

• Peripherals and Components

• USB Drives

• Laptops

• Shredding Standards

• Demo – B-2: Using Windows Policies to Mitigate the Risks of Peripherals

Topic C: Mobile Device Security

• Mobile Device Risks

• Additional Concerns

• Mitigating Risks

• Screen Lock

• Android Security Settings

• WaveSecure

• Risks and Threats

• Unit 05 Review

Module 06 – Public Key Infrastructure

Topic A: Public Key Cryptography

• Management

• Setup and Initialization Phase

• Administration Phase

• Cancellation and Key History

• Administrative Responsibilities

Topic B: Implementing Public Key Infrastructure

• Microsoft Certificate Services

• AD Integration Options

• Demo – B-1: Installing a Standalone Root Certificate Authority

• Demo – B-2: Installing an Enterprise Subordinate CA

• Demo – B-3: Implementing a File-based Certificate Request

• Demo – B-4: Managing your Certificate Server

• User Certificates

• Demo – B-5: Requesting a User Certificate

• Certificate Revocation

• Demo – B-6: Revoking a Certificate

• Key Escrow and Recovery

• Key Recovery Agent

• Demo – B-7: Enabling the EFS Recovery Agent Template

• Demo – B-8: Enrolling for a Recovery Agent Certificate

• Demo – B-9: Enabling Key Archival

• Demo – B-10: Re-enrolling All Certificates

Topic C: Web Server Security with PKI

• Securing Web Servers Commercial Certificate

• Demo – C-1: Requesting and Installing a Web Server Certificate

• Demo – C-2: Enabling SSL for the Certificate Server Website

• HTTPS Connections Demo – C-3: Making a Secure Connection

• Demo – C-4: Requesting a Client Certificate via the Web

• Unit 06 Review

Unit 07 – Application and Messaging Security

Topic A:  Application Security

• Application Security

• Programmer’s Perspective

• Administrator’s Perspective

• User’s Perspective

• Application Attacks

Topic B:  E-mail Security

• E-mail Security

• E-mail Application Security

• Demo – B-2: Configuring an E-mail Client to Use Secure Authentication

• Signed and Encrypted Mail

• PGP

 

Duration:

6 Days

 

Prerequisite:

1. Thorough Knowledge of TCP/IP.

2. Network+ certification or equivalent knowledge and experience.

 

Training Method:

Instructor-Led-Hands-on-Practical Training , Workshop & Exam Prep

 

Assessment Methods:

1. Pre - Test

2. Post - Test

3. Final Exam - Certification by CompTIA

 

What is the core competency do I get by earning this certificate?

At the end of this course, students will be able to:

• Demonstrate knowledge of security threats.

• Understand communication and infrastructure security.

• Understand cryptography, access control and authentication

• Prevent against external attack

• Demonstrate knowledge of operational and organization security

​It is also the main course you will take to prepare for the CompTIA Security+ certification exam. (Exam number SY0-401).  In this course, you'll build on your knowledge and professional experience with computer hardware, operating systems, and networks as you acquire the specific skills required to implement basic security services on any type of computer network.

​​

What will I able to do as a result earning this certificate?

You will implement and monitor security on networks and computer systems, and respond to security breaches.

CompTIA Security+ not only ensures that candidates will apply knowledge of security concepts, tools, and procedures to react to security incidents; it ensures that security personnel are anticipating security risks and guarding against them.

CompTIA Security+ is an international, vendor-neutral certification that demonstrates competency in:

• Network security

• Compliance and operational security

​

How will earning this certificate benefits me and my employer?

Career Prospect with CompTIA Security+ Professional Certification;

CompTIA Security+ is the certification globally trusted to validate foundational, vendor-neutral IT security knowledge and skills. As a benchmark for best practices in IT security, this certification covers the essential principles for network security and risk management – making it an important stepping stone of an IT security career.

IT security is paramount to organizations as cloud computing and mobile devices have changed the way we do business. With the massive amounts of data transmitted and stored on networks throughout the world, it’s essential to have effective security practices in place.

 

Max Class Capacity:

20 - 30 persons.

 

Suitable For:

IT (Security) Student , IT Technician, IT Support

​

Career Pathway:

Security Administrator, Security Architect, Security Manager, Security Consultant

​

Course Date:

To be adviced (TBA) - Please contact us.