Comptia Security Eckel Technology Consultants Introduction Netlearn IT

  • Slides: 49
Download presentation
Comptia Security+ Eckel Technology Consultants

Comptia Security+ Eckel Technology Consultants

Introduction Netlearn IT training and Consulting LLC. Specializing in : Comptia Training Novell Suse

Introduction Netlearn IT training and Consulting LLC. Specializing in : Comptia Training Novell Suse Linux Training Linux Consulting Citrix Xenserver Consulting

Partners Citrix Comptia Novell Phd Virtual Backup Solutions Vmware Symantec

Partners Citrix Comptia Novell Phd Virtual Backup Solutions Vmware Symantec

Contact Information Kevin Eckel sales@netlearnit. com 1239 Bower Hill Rd. Pittsburgh PA 15243 Phone

Contact Information Kevin Eckel sales@netlearnit. com 1239 Bower Hill Rd. Pittsburgh PA 15243 Phone 412 -401 -6852 Fax 412 -894 -9012

The Exam SY 0 -201 Time: 90 minutes Number of Questions: 100 Passing Score:

The Exam SY 0 -201 Time: 90 minutes Number of Questions: 100 Passing Score: 750 /1000 Some Beta Questions which do not count towards your score Exam Format: Multiple choice where you chose the best answer (radio buttons) or multiple correct answers ( square )

Tested Material Breakdown Network Security 21% Compliance and Operational Security 18% Threats and Vulnerabilities

Tested Material Breakdown Network Security 21% Compliance and Operational Security 18% Threats and Vulnerabilities 21% Application, Data and Host Security 16% Access Control 13% Cryptography 11%

Objectives Network Security Network Devices Firewalls Routers Switches Load Balancers Proxies Web Security Gateways

Objectives Network Security Network Devices Firewalls Routers Switches Load Balancers Proxies Web Security Gateways VPN Concentrators NIDS and NIPS ( Behavior, signature and anamoly, Heuristic ) Protocol Analyzers Spam filters Web Application Filters URL filtering

Network Security Cont. Implementation Rule based Vlans ACLs Port Security Wireless Flood Guards Loop

Network Security Cont. Implementation Rule based Vlans ACLs Port Security Wireless Flood Guards Loop Protection Implicit Deny Log Analysis

Network Security Cont. 2 Network Design Elements DMZ Subnet Vlan Nat Remote Access Control

Network Security Cont. 2 Network Design Elements DMZ Subnet Vlan Nat Remote Access Control NAC Virtulization Cloud Computing ( PAAS, SAAS, IAAS )

Wireless Wireless Protocols WEP, WPA 2, EAP, PEAP Wireless Security Mac Filtering SSID TKIP

Wireless Wireless Protocols WEP, WPA 2, EAP, PEAP Wireless Security Mac Filtering SSID TKIP CCMP Antenna Placement Power Level Controls

Compliance and Operational Security Control Types Technical Management Operational False Positives Policies Privacy Acceptable

Compliance and Operational Security Control Types Technical Management Operational False Positives Policies Privacy Acceptable Use Security Mandatory Vacations Job Rotation Separation of Duties Least Privilege

Risk Calculation Likelihood ALE Impact Quantitative VS Qualitative Risk Management Procedures Avoidance Transference Acceptance

Risk Calculation Likelihood ALE Impact Quantitative VS Qualitative Risk Management Procedures Avoidance Transference Acceptance Mitigation Deterence

Basic Forensics Order of volatility Capture System Image Network Traffic and Logs Capture Video

Basic Forensics Order of volatility Capture System Image Network Traffic and Logs Capture Video Record Time Offset Take Hashes Screenshots Witness Track People Hours and expense

Forensics Cont. Damage and Loss Control Chain of Custody Incident Response Security Training PII

Forensics Cont. Damage and Loss Control Chain of Custody Incident Response Security Training PII

Risk Mitigation Security Controls Change Management Incident Management User Rights Audits Policies and Procedures

Risk Mitigation Security Controls Change Management Incident Management User Rights Audits Policies and Procedures Incident Response Procedures

Network Security Cont. 3 Implementing Common Protocols IPSEC SNMP SSH, SCP DNS TLS HTTP,

Network Security Cont. 3 Implementing Common Protocols IPSEC SNMP SSH, SCP DNS TLS HTTP, HTTPS, SSL TCP/IP, IPv 4, IPv 6 TFTP, SFTP, FTPS NETBIOS

Hardware Security Bios USB Devices Cell Phones Removeable Storage NAS

Hardware Security Bios USB Devices Cell Phones Removeable Storage NAS

OS hardening Hotfixes Service Packs Patches Patch Management Group Policies Security Templates Configuration Baselines

OS hardening Hotfixes Service Packs Patches Patch Management Group Policies Security Templates Configuration Baselines

Establishing Security

Establishing Security

Security Awareness Training Security Policy training PII Data Classification Compliance User Habits Password Data

Security Awareness Training Security Policy training PII Data Classification Compliance User Habits Password Data Handling Clean desk policies Tailgating Threat Awareness Phlishing Zero Day Attacks Social Networking

Business Continuity Business Impact Analysis (BIA) Single point of failure Continuity of operations Disaster

Business Continuity Business Impact Analysis (BIA) Single point of failure Continuity of operations Disaster Recovery IT contingency planning Succession Planning

Environmental Controls HVAC Fire Suppression EMI Hot and Cold Aisles Environmental monitoring Temperature and

Environmental Controls HVAC Fire Suppression EMI Hot and Cold Aisles Environmental monitoring Temperature and humidity controls Video Monitoring

Execute disaster Recovery Plans Backup/Backout contingency plans Backup, execution and frequency Redundancy and fault

Execute disaster Recovery Plans Backup/Backout contingency plans Backup, execution and frequency Redundancy and fault tolerance Hardware Raid Cluster Load balancing HA Cold site, hot site, warm site Mean time to restore, mean time between failures, recovery time objectives and recovery point objectives.

Pillars of Security Confidentiality Integrity Availability

Pillars of Security Confidentiality Integrity Availability

Threats and Vulnerabilities Types of malware Adware Virus Worm Spyware Trojan Rootkits Backdoors Logic

Threats and Vulnerabilities Types of malware Adware Virus Worm Spyware Trojan Rootkits Backdoors Logic Bomb Botnets

Types of attacks Man in the middle Ddos Dos Replay Smurf Spoofing Spam Phlishing

Types of attacks Man in the middle Ddos Dos Replay Smurf Spoofing Spam Phlishing

Attacks Cont. Spim Vishing Spear Phishing Xmas Attack Pharming Privilege Escalation Malicious Insider Threat

Attacks Cont. Spim Vishing Spear Phishing Xmas Attack Pharming Privilege Escalation Malicious Insider Threat Dns Poisoning and Arp Poisoning Transitive Access Client Side Attacks

Social Engineering Attacks Shoulder surfing Dumpster Diving Tailgating Impersonation Hoaxes Whaling Vishing

Social Engineering Attacks Shoulder surfing Dumpster Diving Tailgating Impersonation Hoaxes Whaling Vishing

Wireless Attacks Rogue Access Points Interference Evil Twin War Driving Bluejacking Bluesnarfing War Chalking

Wireless Attacks Rogue Access Points Interference Evil Twin War Driving Bluejacking Bluesnarfing War Chalking IV attack Packet Sniffing

Application Attacks Cross Site scripting SQL injection LDAP XML injection Directory transversal/command injection Buffer

Application Attacks Cross Site scripting SQL injection LDAP XML injection Directory transversal/command injection Buffer Overflow Zero Day Cookies Malicous Add-ons Session Hijacking Header Manipulation

Mitigation Techniques • • Failsafe/secure Logs – – Event Logs Audit Logs Security Access

Mitigation Techniques • • Failsafe/secure Logs – – Event Logs Audit Logs Security Access Logs

Physical Security • • • Hardware Locks Mantraps Video Surveillance Fencing Proximity Readers Access

Physical Security • • • Hardware Locks Mantraps Video Surveillance Fencing Proximity Readers Access List

Hardening • • Disable Unnecessary Services Protect Management Services Password Protection Disable Unnecessary Accounts

Hardening • • Disable Unnecessary Services Protect Management Services Password Protection Disable Unnecessary Accounts

Port Security • • • Mac filtering 802. 1 x Disable unused ports

Port Security • • • Mac filtering 802. 1 x Disable unused ports

Security Posture • • • Initial Baseline Configuration Continuous Security Monitoring Remediation

Security Posture • • • Initial Baseline Configuration Continuous Security Monitoring Remediation

Reporting • • • Alarms Alerts Trends

Reporting • • • Alarms Alerts Trends

Correction vs Prevention • • IDS vs IPS Camera vs guard Vulnerability scans Tools

Correction vs Prevention • • IDS vs IPS Camera vs guard Vulnerability scans Tools – – – Protocol Analyzer Sniffer Vulnerability Scanner Honey Pots Honey Nets Port Scanner

Risk Calculation • Threat vs Likelihood

Risk Calculation • Threat vs Likelihood

Assessment Technique • • Baseline Reporting Code Review Determine Attack Surface Architecture Design Review

Assessment Technique • • Baseline Reporting Code Review Determine Attack Surface Architecture Design Review Penetration Testing Vulnerability Testing Black vs White vs Grey Box testing

Application Data and Host Security • • • Fuzzing Secure coding concepts Error and

Application Data and Host Security • • • Fuzzing Secure coding concepts Error and exception handling Input validation Cross site scripting Prevention Cross site request forgery Application configuration baseline Application hardening Application Patch Mgmt

Host Security • • OS security and settings Ant: • • Host based firewalls

Host Security • • OS security and settings Ant: • • Host based firewalls Patch mgmt – – Virus Spam Spyware Pop-ups

Hardware Security • • • Cable locks Safe Locking cabinets • Host security baselining

Hardware Security • • • Cable locks Safe Locking cabinets • Host security baselining

Mobile Devices – – – Screen lock Strong Password Device Encryption Remote Wipe Voice

Mobile Devices – – – Screen lock Strong Password Device Encryption Remote Wipe Voice Encryption GPS tracking

Virtualization • • Guest Operating Systems Isolated from each other and hypervisor Each guest

Virtualization • • Guest Operating Systems Isolated from each other and hypervisor Each guest needs to be patched individually

Data Security • Data Loss Prevention – – Full Disk Encryption Database Removable media

Data Security • Data Loss Prevention – – Full Disk Encryption Database Removable media Mobile files

Hardware based Encryption • • • TPM HSM USB Hard Drive Cloud Computing

Hardware based Encryption • • • TPM HSM USB Hard Drive Cloud Computing

Access Control and Identity management • • • Radius TACACS+ Kerberos LDAP XTACACS

Access Control and Identity management • • • Radius TACACS+ Kerberos LDAP XTACACS

Authentication Authorization Auditing • • • Identification Authentication Multifactor Authentication

Authentication Authorization Auditing • • • Identification Authentication Multifactor Authentication