Introduction:

CompTIA's Security+ is the premier vendor-neutral security certification and is included in the approved list of certifications to meet DoD Directive 8570.1 requirements. Our Security+ courseware has received CompTIA Authorized Quality Curriculum (CAQC) approval. The CompTIA CAQC symbol assures you that all test objectives are covered in the training material. In this course, you will perform over 80 hands-on activities to reinforce Security+ concepts such as managing browser security, encrypting and digitally signing e-mail messages, and installing and configuring vulnerability scanners and intrusion detection systems. You will establish the essential components of a public key infrastructure, including starting a certificate authority, granting and revoking certificates, and configuring a secure web server using SSL. You will configure group policies and access control methods for restricting access to file shares. You will assess computer security using a baseline analyzer, and you will test user security by attempting to crack passwords and scan systems for vulnerable ports

Customize it:

This 5-6-day Security+ course will be customized to your needs and specifications. Eno.com will assist you in identifying those needs and specifications. A word to the wise, there are many vendors of Security+ training. They will typically have a broad and general course, one size fits all, already developed and just put your organization’s name on the title slide. This minimizes their effort and time investment. At Eno.com, every course is made to your exact and exacting specifications. We help you ensure what you are getting is what you really eed even if at the beginning you weren’t too sure of what that was. We fit the class to your needs. We never fit you into our “standard”, one size fits all, class.

Objectives:

What you'll learn:: Mitigating threats Cryptography Authentication systems Messaging security User and role-based security Public key infrastructure Access security Ports and protocols Network security Wireless security Remote access security Auditing, logging, and monitoring Vulnerability testing Organizational security Business continuity CompTIA Security+ objectives map CompTIA Security+ acronyms

Course Outline

1. Mitigating Threats Core system maintenance Identifying common security threats Updating the operating system Managing software patches Installing service packs Determining whether you need to update your computer's BIOS Configuring Windows Firewall Virus and spyware management Installing antivirus software Scanning your system for spyware Configuring Windows Mail to prevent spam Browser security Managing pop-ups Managing cookies Managing scripting, Java, and ActiveX components Examining input validation, buffer overflows, and XSS Social engineering threats Discussing social engineering Examining phishing 2. Cryptography Symmetric cryptography Encrypting and decrypting data Calculating hashes Sharing a secret message with steganography Public key cryptography Exploring public key cryptography Examining certificates Examining certificate trusts Comparing single- and dual-sided certificates Mapping algorithms to applications 3. Authentication Systems Authentication Identifying the components of authentication Comparing one-, two-, and three-factor authentication Capturing passwords with a protocol analyzer Installing Active Directory Services Joining a domain Hashing Hashing data Cracking passwords Authentication systems Identifying the requirements of a secure authentication system Examining the components of Kerberos Examining null sessions Comparing authentication systems 4. Messaging Security E-mail security Identifying the security risks of an e-mail system Configuring security on an e-mail server Digitally signing a message Sending an encrypted message Messaging and peer-to-peer security Identifying the security risks of messaging systems Configuring security on an IM server Configuring IM client security 5. User and Role-Based Security Security policies Creating a console to manage local security policies Using the GPMC Implementing domain GPOs Analyzing a Windows Vista computer's security Securing file and print resources Creating users and groups based on security needs Securing file resources Securing printer resources 6. Public Key Infrastructure (PKI) Key management and life cycle Understanding certificate life cycle and management Setting up a certificate server Installing a stand-alone root certificate authority (CA) Installing an enterprise subordinate CA Implementing a file-based certificate request Managing your certificate server Side trip: Granting the log on locally right Requesting a user certificate Revoking a certificate Enabling the EFS recovery agent template Enrolling for a recovery agent certificate Enabling key archival Re-enrolling all certificates Web server security with PKI Requesting and installing a web server certificate Enabling SSL for the certificate server web site Making a secure connection Requesting a client certificate via the web 7. Access Security Biometric systems Identifying biometric authentication systems Installing a fingerprint reader Physical access security Identifying the risks associated with physical access to systems Examining logging and surveillance best practices Peripheral and component security Identifying the risks associated with common peripherals Mitigating security risks of peripherals Storage device security Enabling file-based encryption Enabling whole disk encryption systems (optional) 8. Ports and Protocols TCP/IP review Examining protocols in the TCP/IP suite Comparing IPv4 and IPv6 packets Protocol-based attacks Preventing common protocol-based attacks Assessing your vulnerability to DDoS attacks Port scanning Checking ARP cache Examining spoofing attacks Examining replay and hijacking attacks Examining antiquated protocols 9. Network Security Common network devices Examining switches and bridges Examining routers Examining NAT/PAT devices Examining firewalls and proxy servers Identifying inherent weaknesses in network devices Examining the ways to overcome device threats Secure network topologies Comparing firewall-based secure topologies Identifying the benefits of NAC Examining the security enabled by VPNs Browser-related network security Configuring the Phishing Filter Setting security zones Setting privacy options Virtualization Exploring the benefits of virtualization technologies 10. Wireless Security Wi-Fi network security Identifying wireless networking vulnerabilities Scanning for insecure access points Installing third-party router firmware Configuring basic router security Enabling transmission encryption Non-PC wireless devices Identifying cell phone and PDA-related threats 11. Remote Access Security Remote access Examining RADIUS and Diameter authentication Examining the role of LDAP in a remote access environment Examining TACACS+ authentication Examining how 802.1x adds security to your network Installing Network Policy and Access Services Configuring an NPS network policy Configuring NPS accounting Virtual private networks Comparing VPN protocols Installing Routing and Remote Access Services Enabling a VPN Configuring NPS to provide RADIUS authentication for your VPN Making a VPN connection 12. Auditing, Logging, and Monitoring System logging Viewing event logs Discussing device and application logging Server monitoring Monitoring with Performance Monitor Running a Data Collector Set Viewing a Data Collector Set report Considering auditing policies and practices 13. Vulnerability Testing Risk and vulnerability assessment Analyzing risks Installing the MBSA Analyzing your system with the MBSA Downloading and installing OVAL Downloading an OVAL XML file Scanning with OVAL Downloading and installing Nessus Scanning with Nessus IDS and IPS Discussing IDS characteristics Installing and monitoring with the Snort IDS Comparing HIDS and NIDS Examining the role and use of honeypots Forensics Examining the forensics process 14. Organizational Security Organizational policies Creating a security policy Creating a human resources policy Creating an incidence response and reporting policy Implementing change management Education and training Identifying the need for user education and training Identifying education opportunities and methods Disposal and destruction Deciding whether to destroy or dispose of IT equipment 15. Business Continuity Redundancy planning Identifying the need for and appropriate use of redundancy Creating a disaster recovery plan Backups Selecting backup schemes Backing up data Restoring data Identifying appropriate media rotation and storage plans Environmental controls Examining environmental controls

For organizational purchases, please send us a message at salesinfo@eno.com or complete and submit this form .

Other Expertise:

Oracle Applications Training and Consulting Peoplesoft Applications Training and Consulting SAP Applications Training and Consulting Security Technologies Training and Consulting Telecommunications Training and Consulting Wireless Technology Training and Consulting