Skillport Login|Financing

CompTIA Security+ Curriculum Outline

CompTIA Security + 2008: Threat Mitigation

Overview/Description
The central goals of network security are integrity, confidentiality, and availability. Even the most secure data systems are threatened on a daily basis, providing the challenge to administrators as well as users to maintain security. A decision must be made as to whether or not the cost of adding additional security outweighs possible losses that may be incurred with current configurations. Companies are constantly deciding how much risk is acceptable. This course introduces methods used to perform core system maintenance, manage viruses and spyware, securing browser software, and identify and mitigate social engineering threats. This course is one of a series in the SkillSoft learning path that covers the objectives for the CompTIA Security+ (2008 Edition) certification exam.

Target Audience
Organizations involved in IT services or training that need to have personnel qualified for onwards delivery of IT support or training; businesses that will need up-to-date Security+ training for their own internal networking support purposes; individuals who are personally interested in establishing credentials for the benefit of their own career prospects.

Prerequisites
Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience with an emphasis on security. The CompTIA Network+ certification is also recommended.

Expected Duration (hours)
2.0

Lesson Objectives

CompTIA Security + 2008: Threat Mitigation

Identify key threats to network security

Secure the operating system

Configure Windows Firewall

Distinguish between network security threats

Scan a system for spyware

Configure Windows Mail to prevent spam

Secure the core system

Mitigate system threats

Recognize the security vulnerabilities and safeguards of JavaScript

Recognize the security vulnerabilities and safeguards of ActiveX

Recognize the security vulnerabilities and safeguards of Java applets

Manage pop-ups

Recognize the security vulnerabilities and safeguards of cookies

Recognize input validation attacks and how to prevent them

Recognize social engineering threats and safeguards

Manage pop-ups

Recognize how to mitigate social engineering attacks

Back to List

CompTIA Security + 2008: Cryptography

Overview/Description
The central goal of cryptography is to hide information from others. Modern cryptographers use advanced algorithms and computational models to create layers of security and trusts in order to protect information. This course introduces encryption methods using both symmetric and asymmetric encryption techniques, along with trust models, certificates, and algorithms. This course is one of a series in the SkillSoft learning path that covers the objectives for the CompTIA Security+ (2008 Edition) certification exam.

Target Audience
Organizations involved in IT services or training that need to have personnel qualified for onwards delivery of IT support or training; businesses that will need up-to-date Security+ training for their own internal networking support purposes; individuals who are personally interested in establishing credentials for the benefit of their own career prospects.

Prerequisites
Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience with an emphasis on security. The CompTIA Network+ certification is also recommended.

Expected Duration (hours)
2.0

Lesson Objectives

CompTIA Security + 2008: Cryptography

Recognize the main characteristics of encryption

Encrypt and decrypt data

Calculate hashes

Recognize key characteristics of steganography

Encrypt and decrypt data

Calculate hashes

Recognize scenarios for using common asymmetric ciphers

Examine certificates

Recognize features of the PKI system and their functions

Recognize scenarios for using trust models

Examine certificate trusts

Recognize the advantages of using dual-sided certificates

Examine certificates and certificate trusts

Determine how to use asymmetric encryption to secure data

Back to List

CompTIA Security + 2008: Authentication Methods

Overview/Description
Developing authentication methods that ensure that a user is who they claim to be has been a challenge for administrators since shared networking was first introduced. There are many authentication models and strategies available today. This course introduces the learner to the concepts of AAA, hashing, multi-factor authentication, Kerberos, and domain security. This course is one of a series in the SkillSoft learning path that covers the objectives for the CompTIA Security+ (2008 Edition) certification exam.

Target Audience
Organizations involved in IT services or training that need to have personnel qualified for onwards delivery of IT support or training; businesses that will need up-to-date Security+ training for their own internal networking support purposes; individuals who are personally interested in establishing credentials for the benefit of their own career prospects.

Prerequisites
Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience with an emphasis on security. The CompTIA Network+ certification is also recommended.

Expected Duration (hours)
2.0

Lesson Objectives

CompTIA Security + 2008: Authentication Methods

Recognize key considerations when creating strong passwords

Identify the components of authentication

Recognize examples appropriate to authentication factors

Recognize key functions of a protocol analyzer

Recognize key functions of Active Directory Domain Services

Recognize key aspects of Kerberos v5, NTLM, and LM

Recognize password cracking techniques

Identify the components of authentication

Assess security measures appropriate to one, two, and three-factor authentication

Recognize password cracking tools

Recognize examples of identity proofing

Distinguish between when to use CHAP, EAP, PAP, and mutual authentication

Recognize the Kerberos authentication process

Recognize the security weaknesses of Kerberos

Discuss scenarios appropriate to CHAP and Kerberos authentication, and to mutual authentication

Back to List

CompTIA Security + 2008: Messaging, User, and Role Security

Overview/Description
E-mail and instant messaging have taken over from snail mail, memos, and even to a large extent from phone conversations in modern office environments. The challenge is to ensure that these forms of communication are secure, readily accessible, and that the identity of both parties involved can be confirmed. This course analyzes and demonstrates the methods for securing e-mail and instant messages along with creating security on the Active Directory domain and client computers so that these forms of communication can be done with confidentiality, integrity, availability and nonrepudiation. This course is one of a series in the SkillSoft learning path that covers the objectives for the CompTIA Security+ (2008 Edition) certification exam.

Target Audience
Organizations involved in IT services or training that need to have personnel qualified for onwards delivery of IT support or training; businesses that will need up-to-date Security+ training for their own internal networking support purposes; individuals who are personally interested in establishing credentials for the benefit of their own career prospects.

Prerequisites
Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience with an emphasis on security. The CompTIA Network+ certification is also recommended.

Expected Duration (hours)
3.0

Lesson Objectives

CompTIA Security + 2008: Messaging, User, and Role Security

Recognize the types of e-mail attacks and how to combat them

Recognize how to secure an e-mail server

Recognize how PGP encrypts e-mail messages

Recognize how S/MIME encrypts e-mail messages

Recognize how to send an e-mail message with restricted permission

Recognize how to obtain a digital ID and digitally sign e-mail messages

Recognize e-mail attacks and how to defend against them

Recognize how e-mail messages are encrypted

Recognize the security risks of instant messaging and combat them

Recognize the guidelines for IM client security

Configure IM client security

Implement IM security

Create a console to manage local security policies

Recognize how to design domain GPOs

Implement domain GPOs

Analyze a Windows Vista computers security

Create users and groups based on security needs

Secure file resources

Secure printer resources

Configure and secure users and resources

Back to List

CompTIA Security + 2008: Public Key Infrastructure and Access Security

Overview/Description
Access security, both within a network and on the Internet, is paramount to corporate security. Modern network environments use key encryption technologies in order to provide security and availability to both employees and customers. This course explores the use of certificate servers and certificates to provide a secure environment both within a network and when dealing with web servers and internet validations. It also examines how to secure the physical environment and data access. This course is one of a series in the SkillSoft learning path that covers the objectives for the CompTIA Security+ (2008 Edition) certification exam.

Target Audience
Organizations involved in IT services or training that need to have personnel qualified for onwards delivery of IT support or training; businesses that will need up-to-date Security+ training for their own internal networking support purposes; individuals who are personally interested in establishing credentials for the benefit of their own career prospects.

Prerequisites
Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience with an emphasis on security. The CompTIA Network+ certification is also recommended.

Expected Duration (hours)
3.5

Lesson Objectives

CompTIA Security + 2008: Public Key Infrastructure and Access Security

Recognize when to use the centralized and decentralized key-management models

Distinguish between the processes in the setup phase of key life-cycle management

Distinguish between the processes in the administrative phase of key life-cycle management

Distinguish between the processes in the cancellation phase of key life-cycle management

Install a standalone root Certificate Authority

Implement a file-based certificate request

Manage a certificate server

Install and manage a standalone root CA

Grant users the log on locally right

Revoke a certificate

Establish an EFS recovery agent

Establish web server security with PKI

Enable an EFS recovery agent

Set up web server security with PKI

Recognize key considerations in the use of biometrics

Recognize physical access security measures

Recognize security threats to system peripherals and components, and how to counteract them

Configure security policy settings for mitigating risks to peripherals

Encrypt individual files

Encrypt an entire disk

Configure security policy settings for mitigating risks to peripherals

Secure an individual file and an entire disk

Back to List

CompTIA Security + 2008: Ports, Protocols, and Network Security

Overview/Description
Internetwork communications are the foundation of the modern Internet. Selecting the correct devices, properly configuring those devices, and placing them in the correct locations both within and outside a network to defend against attack is a task every network administrator faces on a daily basis. This course discusses, TCP/IP configuration and attack defences, network devices selection and proper placement, and securing the networking environment. This course is one of a series in the SkillSoft learning path that covers the objectives for the CompTIA Security+ (2008 Edition) certification exam.

Target Audience
Organizations involved in IT services or training that need to have personnel qualified for onwards delivery of IT support or training; businesses that will need up-to-date Security+ training for their own internal networking support purposes; individuals who are personally interested in establishing credentials for the benefit of their own career prospects.

Prerequisites
Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience with an emphasis on security. The CompTIA Network+ certification is also recommended.

Expected Duration (hours)
3.0

Lesson Objectives

CompTIA Security + 2008: Ports, Protocols, and Network Security

Distinguish between TCP/IP protocols

Recognize examples of IPv4 addresses

Recognize examples of IPv6 addresses

Recognize DoS and DDoS attacks and how to prevent them

Configure a server to prevent SYN flood attacks

Recognize man-in-the-middle attacks and how to prevent them

Mitigate protocol-based attacks

Configure a server to prevent SYN flood attacks

Recognize the function of each layer in the OSI Reference Model

Recognize key characteristics of common networking devices

Recognize key characteristics of firewalls

Recognize key network device weaknesses

Recognize ways to prevent device attacks

Design a security strategy for protocol-based attacks and attacks that exploit network devices

Recognize security considerations when designing network topologies

Configure the Phishing Filter

Set security zones

Set privacy options

Recognize the benefits of virtualization

Set browser-related security

Back to List

CompTIA Security + 2008: Wi-Fi and Remote Access

Overview/Description
Remote access is becoming more and more prevalent in todays working world. The telecommuter has become the daily businessperson of today. Plane trips, hotel stays, and long distance meetings have made the need for wireless networking and wireless security paramount. This course examines wireless security configuration options along with remote access strategies, VPN configurations, and security measures. This course is one of a series in the SkillSoft learning path that covers the objectives for the CompTIA Security+ (2008 Edition) certification exam.

Target Audience
Organizations involved in IT services or training that need to have personnel qualified for onwards delivery of IT support or training; businesses that will need up-to-date Security+ training for their own internal networking support purposes; individuals who are personally interested in establishing credentials for the benefit of their own career prospects.

Prerequisites
Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience with an emphasis on security. The CompTIA Network+ certification is also recommended.

Expected Duration (hours)
2.0

Lesson Objectives

CompTIA Security + 2008: Wi-Fi and Remote Access

Recognize 802.11 standards

Recognize how to secure a wireless network

Recognize wireless configurations

Recognize transmission encryption techniques

Recognize wireless device-to-device security attacks and how to prevent them

Recognize wireless infrastructure attacks

Assess wireless network security

Assess wireless device security

Distinguish RADIUS, Diameter, and LDAP remote access authentication systems

Distinguish TACACS+, RADIUS, and 802.1x remote access authentication systems

Configure Network Policy Server

Deploy Network Policy Server

Recognize key characteristics of VPNs

Back to List

CompTIA Security + 2008: Risk Analysis, Vulnerability Testing, IDS, and Forensics

Overview/Description
Ensuring that modern network environments are secure is of paramount importance in todays IT world. The use of risk analysis techniques and vulnerability scanners, along with intrusion detection systems and forensic methodologies have become the backbone of modern IT security. This course looks at modern risk analysis techniques, forensic methodologies, IDS systems and methods to harden network devices and operating systems. This course is one of a series in the SkillSoft learning path that covers the objectives for the CompTIA Security+ (2008 Edition) certification exam.

Target Audience
Organizations involved in IT services or training that need to have personnel qualified for onwards delivery of IT support or training; businesses that will need up-to-date Security+ training for their own internal networking support purposes; individuals who are personally interested in establishing credentials for the benefit of their own career prospects.

Prerequisites
Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience with an emphasis on security. The CompTIA Network+ certification is also recommended.

Expected Duration (hours)
1.5

Lesson Objectives

CompTIA Security + 2008: Risk Analysis, Vulnerability Testing, IDS, and Forensics

Recognize how to conduct risk analysis

Analyze a system using the MBSA

Scan for system vulnerabilities with OVAL

Scan for system vulnerabilities with Nessus

Analyze a system using the MBSA

Scan for system vulnerabilities

Recognize key characteristics of IDS

Recognize the uses of NIDS and HIDS

Recognize the use of honeypots

Recognize how key computer forensics procedures are performed

Perform a chain of custody

Perform evidence preservation

Perform evidence collection

Back to List

CompTIA Security + 2008: Auditing, Security Policies, and Disaster Recovery

Overview/Description
Network Administrators create security polices, generate audit reports, and prepare disaster recovery contingency plans in the hope of both avoiding network security failures and being prepared should they actually occur. This course examines the methods used to secure a network environment through security policies, user education, and resource monitoring. The course also explores business continuity planning, backups, and disaster recovery planning. This course is one of a series in the SkillSoft learning path that covers the objectives for the CompTIA Security+ (2008 Edition) certification exam.

Target Audience
Organizations involved in IT services or training that need to have personnel qualified for onwards delivery of IT support or training; businesses that will need up-to-date Security+ training for their own internal networking support purposes; individuals who are personally interested in establishing credentials for the benefit of their own career prospects.

Prerequisites
Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience with an emphasis on security. The CompTIA Network+ certification is also recommended.

Expected Duration (hours)
2.5

Lesson Objectives

CompTIA Security + 2008: Auditing, Security Policies, and Disaster Recovery

Recognize scenarios related to device and application logging

Recognize how to monitor system performance

Recognize what auditing systems involves

Run a DCS and view DCS reports

Recognize how to create a security policy

Recognize how to create a human resources policy

Recognize how to create an incident response policy

Recognize the function of a change management process for a network

Recognize the educational and training needs for users and administrators

Recognize how to dispose of IT equipment

Assess the security structures for an organization

Recognize how to create a redundancy plan

Recognize how to create a disaster recovery plan

Recognize the data backup schemes

Recognize the backup media rotation schemes

Recognize the controls used to protect network environments

Prepare key elements of a disaster recovery plan

Back to List