O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CompTIA Security+ (SY0-401)

Video Description

The CompTIA Security+ course enables the students to gain the basic knowledge needed to plan, implement, and maintain information security in a vendor-neutral format. The course includes topics such as risk management, host and network security, authentication and access control systems, cryptography, and organizational security. The course contents are based on the CompTIA Security+ (SY0-401) certification exam and completely covers all the exam topics through theoretical and scenario-based learning examples. The CompTIA Security+ is the premier vendor-neutral security certification. This preparatory course for the CompTIA Security+ certification exam assures that the students completely learn and understand the exam topics. The students will be able to demonstrate their knowledge of security concepts, tools, and procedures. It also confirms their ability to react to security incidents, and validates their skills in anticipating security risks and guarding against them.

Table of Contents

  1. Course Introduction
    1. Introduction 00:00:10
    2. Course Introduction 00:01:51
    3. Instructor Introduction 00:00:51
  2. Security Fundamentals
    1. Introduction 00:00:48
    2. Topic A: The Information Security Cycle 00:00:29
    3. What Is Information Security? 00:02:23
    4. What to Protect 00:04:57
    5. Goals of Security 00:02:51
    6. Risk 00:04:49
    7. Threats 00:03:09
    8. A Vulnerability 00:04:52
    9. Intrusions 00:01:53
    10. Attacks 00:05:31
    11. Controls 00:03:10
    12. Types of Controls 00:00:36
    13. The Security Management Process 00:01:01
    14. Topic B: Information Security Controls 00:00:55
    15. The CIA Triad 00:01:59
    16. Non-repudiation 00:02:10
    17. Identification 00:02:06
    18. Authentication 00:01:29
    19. Authentication Factors 00:03:15
    20. Authorization 00:01:29
    21. Access Control 00:00:42
    22. Access Control Models 00:04:13
    23. Accounting and Auditing 00:02:22
    24. Common Security Practices 00:00:24
    25. Implicit Deny 00:03:14
    26. Least Privilege 00:02:36
    27. Separation of Duties 00:02:33
    28. Job Rotation 00:01:54
    29. Mandatory Vacation 00:00:49
    30. Time of Day Restrictions 00:01:47
    31. Privilege Management 00:01:56
    32. Topic C: Authentication Methods 00:00:28
    33. User Name/Password Authentication 00:01:02
    34. Tokens 00:02:15
    35. Biometrics 00:00:57
    36. Geolocation 00:01:15
    37. Keystroke Authentication 00:00:44
    38. Multi-factor Authentication 00:00:51
    39. Mutual Authentication 00:01:25
    40. Topic D: Cryptography Fundamentals 00:01:14
    41. Cryptography 00:00:40
    42. Encryption and Decryption 00:01:10
    43. Ciphers 00:01:09
    44. Cipher Types 00:01:54
    45. Encryption and Security Goals 00:01:44
    46. Demo - Exploring Public Key Cryptography 00:05:35
    47. Steganography 00:02:57
    48. Demo - Sharing a Secret Message with Steganography 00:04:48
    49. A Key 00:03:05
    50. Hashing Encryption 00:05:15
    51. Hashing Encryption Algorithms 00:01:29
    52. Demo - Calculating Hashes 00:03:47
    53. Symmetric Encryption 00:05:23
    54. Symmetric Encryption Algorithms 00:01:19
    55. Asymmetric Encryption 00:02:44
    56. Asymmetric Encryption Techniques 00:02:38
    57. Key Exchange 00:00:58
    58. Digital Signatures 00:02:27
    59. Cipher Suites 00:02:34
    60. Session Keys 00:02:02
    61. Key Stretching 00:01:35
    62. Topic E: Security Policy Fundamentals 00:00:34
    63. A Security Policy 00:02:13
    64. Security Policy Components 00:00:30
    65. Common Security Policy Types 00:02:01
    66. Group Policy 00:01:19
    67. Security Document Categories 00:01:00
    68. Change Management 00:01:43
    69. Documentation Handling Measures 00:01:35
    70. Section Review 00:00:50
  3. Identifying Security Threats and Vulnerabilities
    1. Introduction 00:00:28
    2. Topic A:Social_Engineering 00:00:12
    3. Social Engineering Attacks 00:01:32
    4. Social Engineering Effectiveness 00:04:04
    5. Types of Social Engineering 00:09:07
    6. Hackers and Attackers 00:01:06
    7. Categories of Attackers 00:02:36
    8. Demo 00:12:07
    9. Topic B:Malware 00:00:25
    10. Malicious Code Attacks 00:01:29
    11. Viruses 00:01:43
    12. Demo - Installing Antivirus Software 00:03:57
    13. Worms 00:01:24
    14. Adware 00:01:12
    15. Spyware 00:01:04
    16. Demo - Scanning Your System for Spyware 00:02:51
    17. Trojan Horses 00:01:01
    18. Rootkits 00:02:55
    19. Logic Bombs 00:00:51
    20. Botnets 00:01:16
    21. Ransomware 00:01:01
    22. Polymorphic Malware 00:03:14
    23. Armored Viruses 00:00:45
    24. Topic C : Software-Based Threats 00:00:31
    25. Software Attacks 00:00:58
    26. Password Attacks 00:00:56
    27. Types of Password Attacks 00:06:50
    28. Backdoor Attacks 00:01:45
    29. Application Attacks 00:01:36
    30. Types of Application Attacks Part1 00:05:23
    31. Types of Application Attacks Part2 00:01:45
    32. Demo - Managing Application Security 00:01:57
    33. Topic D: Network-Based Threats 00:00:50
    34. TCP/IP Basics 00:07:08
    35. Port Scanning Attacks 00:04:19
    36. Eavesdropping Attacks 00:03:02
    37. Man-in-the-Middle Attacks 00:02:51
    38. Replay Attacks 00:01:32
    39. Social Network Attacks 00:04:59
    40. DoS Attacks 00:01:10
    41. DDoS Attacks 00:00:33
    42. Types of DoS Attacks 00:04:33
    43. Session Hijacking 00:01:32
    44. P2P Attacks 00:00:45
    45. ARP Poisoning 00:01:21
    46. Transitive Access Attacks 00:00:39
    47. DNS Vulnerabilities 00:03:38
    48. Topic E: Wireless Threats and Vulnerabilities 00:00:57
    49. Wireless Security 00:01:50
    50. Demo - Configuring a Wireless Access Point 00:12:07
    51. Demo - Configuring a Wireless Client 00:01:19
    52. Rogue Access Points 00:02:46
    53. Evil Twins 00:02:22
    54. Jamming 00:02:11
    55. Bluejacking 00:01:37
    56. Bluesnarfing 00:01:24
    57. Near Field Communication 00:00:51
    58. War Driving and War Chalking 00:02:56
    59. IV Attacks 00:02:34
    60. Packet Sniffing 00:01:05
    61. Wireless Replay Attacks 00:02:08
    62. Sinkhole Attacks 00:01:33
    63. WEP and WPA Attacks 00:03:58
    64. WPS Attacks 00:01:41
    65. Topic F: Physical Threats and Vulnerabilities 00:00:19
    66. Physical Security 00:01:50
    67. Physical Security Threats and Vulnerabilities 00:01:03
    68. Hardware Attacks 00:03:49
    69. Environmental Threats and Vulnerabilities 00:02:06
    70. Section Review 00:00:49
  4. Managing Data, Application, and Host Security
    1. Introduction 00:00:21
    2. Topic A: Manage Data Security 00:00:53
    3. Layered Security 00:03:07
    4. Defense in Depth 00:06:29
    5. What Is Data Security? 00:01:05
    6. Data Security Vulnerabilities 00:01:41
    7. Data Storage Methods 00:01:46
    8. Data Encryption Methods 00:06:12
    9. Hardware -Based Encryption Devices 00:01:23
    10. Types of Hardware -Based Encryption Devices 00:03:28
    11. Data States 00:01:59
    12. Permissions and Access Control Lists 00:02:27
    13. Handling Big Data 00:05:32
    14. Data Policies 00:03:24
    15. Guidelines for Managing Data Security 00:00:43
    16. Demo - Managing Data Security 00:06:50
    17. Topic B: Manage Application Security 00:01:22
    18. What Is Application Security? 00:01:30
    19. Patch Management 00:01:58
    20. Application Security Methods 00:03:50
    21. Input Validation 00:03:36
    22. Input Validation Vulnerabilities 00:02:12
    23. Client -Side and Server -Side Validation 00:07:53
    24. Error and Exception Handling 00:02:33
    25. XSS 00:01:21
    26. XSRF 00:02:46
    27. Cross-Site Attack Prevention Methods 00:01:27
    28. Fuzzing 00:01:40
    29. Web Browser Security 00:01:24
    30. Demo - Configuring a Web Browser 00:14:22
    31. Guidelines for Establishing Web Browser Security 00:00:49
    32. NoSQL Databases 00:01:48
    33. Database Security 00:03:00
    34. Guidelines for Managing Application Security 00:01:16
    35. Topic C: Manage Device and Host Security 00:01:11
    36. Hardening 00:01:28
    37. Demo - Hardening a Server 00:09:53
    38. Operating System Security 00:04:02
    39. Operating System Security Settings 00:04:43
    40. TCB 00:02:45
    41. Security Baselines 00:02:21
    42. Software Updates 00:02:20
    43. Application Blacklisting and Whitelisting 00:01:55
    44. Logging 00:01:30
    45. Auditing 00:01:08
    46. Demo - Implementing Auditing 00:07:30
    47. Anti-malware Software 00:02:24
    48. Types of Anti-malware Software 00:02:23
    49. Virtualization Security Techniques 00:06:00
    50. Hardware Security Controls 00:03:31
    51. Non-standard Hosts 00:04:14
    52. Security Controls for Non-standard Hosts 00:03:22
    53. Strong Passwords 00:03:09
    54. Guidelines for Establishing Device & Host Security Part1 00:01:44
    55. Guidelines for Establishing Device & Host Security Part2 00:00:52
    56. Topic D: Manage Mobile Security 00:00:29
    57. Mobile Device Types 00:00:31
    58. Mobile Device Vulnerabilities 00:00:37
    59. Mobile Device Security Controls 00:02:31
    60. Mobile Application Security Controls 00:01:22
    61. BYOD Controls 00:02:20
    62. Guidelines for Managing Mobile Security 00:02:20
    63. Section Review 00:00:22
  5. Implementing Network Security
    1. Introduction 00:00:43
    2. Topic A: Configure Security Parameters on Network Devices and Technologies 00:00:51
    3. Network Components 00:00:59
    4. Network Devices 00:08:36
    5. Demo - Configuring Firewall Parameters 00:10:04
    6. Network Analysis Tools 00:01:07
    7. IDS 00:01:35
    8. NIDS 00:02:55
    9. Demo - Configuring a Network Intrusion Detection System 00:09:01
    10. Wireless IDS 00:02:08
    11. IPS 00:02:27
    12. NIPS 00:00:17
    13. WIPS 00:01:18
    14. Types of Network Monitoring Systems 00:03:11
    15. VPN 00:01:06
    16. VPN Concentrator 00:00:54
    17. Web Security Gateways 00:02:06
    18. Topic B: Network Design Elements and Components 00:00:55
    19. NAC 00:04:04
    20. DMZ 00:02:22
    21. VLAN 00:04:48
    22. Subnet 00:02:13
    23. NAT 00:04:21
    24. Remote Access 00:00:57
    25. Telephony Components 00:01:48
    26. Virtualization 00:01:10
    27. Cloud Computing 00:01:36
    28. Cloud Computing Deployment Models 00:01:11
    29. Cloud Computing Service Types 00:00:55
    30. Topic C: Implement Networking Protocols and Services 00:01:19
    31. OSI Model 00:08:21
    32. OSI Model and Security 00:01:38
    33. TCP/IP 00:06:29
    34. DNS 00:01:24
    35. HTTP 00:00:59
    36. SSL/TLS 00:02:32
    37. HTTPS 00:00:22
    38. SSH 00:01:38
    39. SNMP 00:02:56
    40. ICMP 00:05:12
    41. IPSec 00:03:40
    42. Demo - Securing Network Traffic Using IP Security 00:08:06
    43. iSCSI 00:02:39
    44. Fibre Channel 00:01:27
    45. FCoE 00:00:44
    46. Telnet 00:00:48
    47. NetBIOS 00:01:26
    48. File Transfer Protocols 00:02:24
    49. Ports and Port Ranges 00:06:18
    50. Demo - Installing an IIS Web Server 00:08:49
    51. Topic D: Apply Secure Network Administration Principles 00:00:24
    52. Rule-Based Management 00:00:42
    53. Network Administration Security Methods 00:07:32
    54. Unified Threat Management 00:00:35
    55. Guidelines for Applying Network Security Administration Principles 00:03:06
    56. Topic E: Secure Wireless Traffic 00:00:46
    57. Wireless Networks 00:01:27
    58. Wireless Antenna Types 00:03:06
    59. 802.11 Standards 00:04:27
    60. Wireless Security Protocols 00:03:36
    61. VPNs and Open Wireless 00:00:59
    62. Wireless Security Methods 00:04:53
    63. Captive Portals 00:01:35
    64. Site Surveys 00:02:10
    65. Guidelines for Securing Wireless Traffic 00:02:37
    66. Demo - Securing Wireless Traffic 00:05:37
    67. Section Review 00:00:30
  6. Implementing Access Control, Authentication, and Account Management
    1. Introduction 00:00:21
    2. Topic A: Access Control and Authentication Services 00:00:39
    3. Directory Services 00:01:28
    4. LDAP 00:02:24
    5. LDAPS 00:00:54
    6. Common Directory Services 00:01:11
    7. Demo - Backing Up Active Directory 00:06:46
    8. Remote Access Methods 00:01:58
    9. Tunneling 00:03:59
    10. Remote Access Protocols 00:03:20
    11. HOTP 00:01:21
    12. TOTP 00:01:12
    13. PAP 00:01:16
    14. CHAP 00:02:01
    15. Guidelines for Securing Remote Access 00:01:50
    16. PGP 00:01:26
    17. RADIUS 00:03:54
    18. TACACS 00:01:51
    19. Kerberos 00:03:09
    20. SAML 00:01:50
    21. Topic B: Implement Account Management Security Controls 00:00:36
    22. Identity Management 00:01:18
    23. Account Management 00:01:36
    24. Account Privileges 00:02:15
    25. Account Policy 00:04:40
    26. Multiple Accounts 00:00:53
    27. Shared Accounts 00:01:44
    28. Account Federation 00:01:41
    29. Account Management Security Controls 00:02:05
    30. Demo - Account Management Security Controls 00:10:40
    31. Credential Management 00:01:30
    32. Group Policy 00:03:22
    33. Guidelines for Implementing Account Management Security Controls 00:01:08
    34. Section Review 00:00:18
  7. Managing Certificates
    1. Introduction 00:00:32
    2. Topic A: Install a CA Hierarchy 00:00:32
    3. Digital Certificates 00:00:50
    4. Certificate Authentication 00:03:00
    5. PKI 00:03:24
    6. PKI Components 00:01:39
    7. CA Hierarchies 00:01:11
    8. The Root CA 00:02:13
    9. Public and Private Roots 00:02:00
    10. Subordinate CAs 00:00:45
    11. Offline Root CAs 00:00:39
    12. CA Hierarchy Design Options 00:01:33
    13. Demo - Installing a Certificate Authority 00:07:20
    14. Topic B: Enroll Certificates 00:00:18
    15. The Certificate Enrollment Process 00:01:23
    16. Demo - Enrolling for Certificates 00:07:23
    17. The Certificate Life Cycle 00:02:37
    18. Certificate Life Cycle Management 00:01:15
    19. Topic C: Secure Network Traffic by Using Certificates 00:00:14
    20. The SSL Enrollment Process 00:03:33
    21. Topic D: Renew Certificates 00:00:04
    22. Certificate Renewal 00:00:27
    23. Topic E: Back Up and Restore Certificates and Private Keys 00:00:15
    24. Private Key Protection Methods 00:03:03
    25. Key Escrow 00:00:51
    26. Private Key Restoration Methods 00:00:22
    27. The Private Key Replacement Process 00:01:11
    28. Topic F: Revoke Certificates 00:00:52
    29. Certificate Revocation 00:00:54
    30. Demo - Revoking Certificates 00:01:55
    31. A CRL 00:01:35
    32. OCSP 00:02:26
    33. Section Review 00:00:27
  8. Implementing Compliance and Operational Security
    1. Introduction 00:00:30
    2. Topic A: Physical Security 00:00:15
    3. Physical Security Controls 00:05:08
    4. Physical Security Control Types 00:06:43
    5. Environmental Exposures 00:01:43
    6. Environmental Controls 00:03:06
    7. Environmental Monitoring 00:00:59
    8. Safety 00:01:33
    9. Topic B: Legal Compliance 00:00:27
    10. Compliance Laws and Regulations 00:02:39
    11. Legal Requirements 00:02:43
    12. Types of Legal Requirements 00:01:43
    13. Forensic Requirements 00:02:50
    14. Topic C: Security Awareness and Training 00:00:24
    15. Security Policy Awareness 00:01:55
    16. Role-Based Training 00:01:25
    17. PII 00:00:57
    18. Classification of Information 00:01:35
    19. The Employee Education Process 00:00:51
    20. User Security Responsibilities 00:02:40
    21. Validation of Training Effectiveness 00:01:17
    22. Topic D: Integrate Systems and Data with Third Parties 00:00:22
    23. Business Partners 00:01:04
    24. Social Media Networks and Applications 00:01:53
    25. Interoperability Agreements 00:01:23
    26. Risk Awareness 00:01:09
    27. Data Sharing and Backups 00:01:34
    28. Guidelines for Securely Integrating Systems and Data with Third Parties 00:01:05
    29. Section Review 00:00:18
  9. Risk Management
    1. Introduction 00:00:23
    2. Topic A: Risk Analysis 00:00:31
    3. Risk Management 00:03:24
    4. Security Assessment Types 00:01:18
    5. Risk Types 00:01:05
    6. Components of Risk Analysis 00:02:01
    7. Phases of Risk Analysis 00:02:37
    8. Risk Analysis Methods 00:01:35
    9. Risk Calculation 00:01:26
    10. Risk Response Strategies 00:01:38
    11. Risk Mitigation and Control Types 00:01:04
    12. Topic B: Implement Vulnerability Assessment Tools and Techniques 00:00:09
    13. Vulnerability Assessment Techniques 00:01:39
    14. Vulnerability Assessment Tools 00:02:53
    15. Topic C: Scan for Vulnerabilities 00:00:30
    16. The Hacking Process 00:04:16
    17. Ethical Hacking 00:02:17
    18. Vulnerability Scanning and Penetration Testing 00:02:55
    19. Types of Vulnerability Scans 00:01:49
    20. Demo - Scanning for Port Vulnerabilities 00:05:17
    21. Demo - Scanning for Password Vulnerabilities 00:05:13
    22. Box Testing Methods 00:01:53
    23. Security Utilities 00:03:16
    24. Topic D: Mitigation and Deterrent Techniques 00:00:32
    25. Security Posture 00:01:14
    26. DLP 00:05:17
    27. Demo - Capturing Network Data 00:06:32
    28. Detection Controls and Prevention Controls 00:01:01
    29. Risk Mitigation Strategies 00:01:02
    30. Types of Mitigation and Deterrent Techniques 00:01:18
    31. Failsafe, Failsecure, and Failopen 00:02:03
    32. Section Review 00:00:21
  10. Troubleshooting and Managing Security Incidents
    1. Introduction 00:00:11
    2. Topic A: Respond to Security Incidents 00:00:40
    3. Security Incident Management 00:01:51
    4. Computer Crime 00:01:00
    5. An IRP 00:01:35
    6. First Responders 00:01:30
    7. Chain of Custody 00:03:58
    8. Computer Forensics 00:01:37
    9. Order of Volatility 00:02:37
    10. Basic Forensic Process 00:03:54
    11. Basic Forensic Response Procedures for IT 00:02:31
    12. Big Data Analysis 00:00:30
    13. Guidelines for Responding to Security Incidents 00:00:59
    14. Topic B: Recover from a Security Incident 00:00:22
    15. Basic Incident Recovery Process 00:01:41
    16. Damage Assessment 00:00:48
    17. Recovery Methods 00:01:25
    18. An Incident Report 00:00:43
    19. Guidelines for Recovering from a Security Incident Part1 00:01:37
    20. Guidelines for Recovering from a Security Incident Part2 00:02:08
    21. Guidelines for Recovering from a Security Incident Part3 00:00:46
    22. Section Review 00:00:15
  11. Business Continuity and Disaster Recovery Planning
    1. Introduction 00:00:25
    2. Topic A: Business Continuity 00:00:41
    3. A BCP 00:01:05
    4. BIA 00:03:13
    5. MTD 00:01:18
    6. RPO 00:01:26
    7. RTO 00:00:30
    8. Continuity of Operations Plan 00:00:43
    9. Alternate Sites 00:03:18
    10. IT Contingency Planning 00:00:36
    11. Succession Planning 00:00:43
    12. Business Continuity Testing Methods 00:03:34
    13. Topic B: Plan for Disaster Recovery 00:00:22
    14. A DRP 00:00:48
    15. Fault Tolerance 00:01:25
    16. Redundancy Measures 00:03:23
    17. Demo - Creating a RAID Array Through Software 00:06:33
    18. High Availability 00:02:11
    19. Disaster Recovery Testing and Maintenance 00:00:58
    20. Guidelines for Planning for Disaster Recovery 00:01:12
    21. Topic C: Execute DRPs and Procedures 00:00:37
    22. The Disaster Recovery Process 00:01:28
    23. Recovery Team 00:00:34
    24. Secure Recovery 00:00:33
    25. Backup Types and Recovery Plans 00:04:43
    26. A Backout Contingency Plan 00:00:59
    27. Secure Backups 00:01:58
    28. Backup Storage Locations 00:00:55
    29. Guidelines for Executing DRPs and Procedures 00:01:09
    30. Section Review 00:00:21
    31. Course Closure 00:01:06