Home / Tutorials / CompTIA Security+ SY0-201 with SY0-301, JK0-018 updates

It's also for you if you're an IT Manager or CIO and want to extend your security knowledge. Or you're preparing for a high-level certification. Or you're making a career change. Or you're working in industries governed by HIPAA, SOx or the office of Homeland Security.Corporations often have trouble finding qualified applicants to fill their security vacancies. This training, which maps to CompTIA's Network+ exam, separates you from the crowd and increases your value to any employer.Convincing your IT manager that the network is secure, translates into job security.
This series includes updates that meet the requirements of the current SYO-301/JK0-018 exam.



1

Introduction to Security+ 2008
In this introductory nugget you will find out about the six domains of the Security+ Exam, the Security+ certification and the information to be covered in this series.
00:12:11
2

Evaluating Common Security Threats
In this nugget you will get an overview of common security threats such as various forms of malware, spyware, adware, botnets and logic bombs. You will also learn about security risks to hardware and peripherals.
00:43:55
3

Operating System Hardening
You will really enjoy this nugget as you explore the procedures for hardening workstations and servers. Topics include: hotfixes, service packs, security templates, patches, and more.
00:33:10
4

Application Security
This nugget of the Security+ series covers methodologies for establishing application security. You will learn about Active X and Java, cookies, instant messaging, P2P file-sharing, SMTP open relays, scripting, and XSS.
00:47:16
5

Implementing Security Applications
This nugget is a broad overview of functionality of the common application threat mitigation tools like HIDS, HIPS, personal firewalls, security suites, Antivirus, anti-spam. and pop-up blockers.
00:37:29
6

Network Infrastructure Attacks (Part 1)
This nugget will differentiate between the different ports and protocols, their threats and mitigation techniques. Concepts include: TCP/IP hijacking, Null sessions, Spoofing, Man-in-the-middle, Replay, DOS, DDOS, Domain Name Kiting, DNS poisoning, ARP poisoning, weak passwords, back doors, and default account vulnerability.
00:34:56
7

Network Infrastructure Attacks (Part 2)
This is a step-by-step exploration of DMZs, VLAN, NAT, Network interconnections, NAC, and subnetting.
00:35:52
8

Network Design Elements and Components
In this nugget, you will get an overview of security design elements and components.
00:27:06
9

Network Security Tools
This nugget presents the appropriate use and application of network security tools such as NIDS, NIPS, Firewalls, Proxy servers, Honeypot, Content filters, and Protocol analyzers.
00:32:01
10
Preview
Wireless Network Security
This very interesting nugget takes on the topic of wireless networking security including data emanation, war driving, SSID broadcast, Blue jacking, Bluesnarfing, Rogue access points and weak encryption.
00:33:45
11
Preview
Access Control (Part 1)
Probably one of the most vital aspects of network security is access control. This nuggets teaches you how to identify and apply industry best practices for access control methods. You explore common access control models like MAC, DAC, and RBAc as well as the differences between each. You'll learn how to organize users and computers into appropriate security groups and roles, apply appropriate security controls to file and print resources, and compare logical access control methods.
00:42:09
12
Preview
Access Control (Part 2)
Taking up where Access Control Part 1 leaves off, this nugget presents various authentication models and identifies the components of each - such as Biometric readers, RADIUS, TACACS, RAS, VPN, Kerberos, CHAP, 802.1x and much more. We also explore physical access security methods including tokens, surveillance, and man-traps.
00:31:09
13
Preview
Assessments and Audits (Part 1)
This nugget tackles the following topics: Port scanners; Vulnerability scanners; Protocol analyzers; OVAL; Password crackers; Network mappers; Performance monitor; Systems monitor; and Performance baselines.
00:40:46
14
Preview
Assessments and Audits (Part 2)
This nugget covers the various types of monitoring methodologies including Behavior-based, Signature-based, and Anomaly-based. You'll learn about proper logging procedures and evaluation of DNS, System, Performance, Access, Firewall, and Antivirus. User access and rights review, storage and retention policies, and group policies are also covered.
00:30:30
15
Preview
General Cryptography Concepts
This nugget covers the fundamentals of cryptography including symmetric vs. asymmetric encryption. The security assurance model of C.I.A.N. is explored as well as comparative strength of algorithms.
00:32:06
16
Preview
Cryptography Algorithms and Protocols
This second nugget of the Cryptography domain lays out hashing concepts and algorithms like MD5 and SHA. Basic algorithms and encryption concepts are explored including: DES; 3DES; RSA; PGP; Elliptic curve (ECC); AES/AES256; One time pad; SSL/TLS; S/MIME; and PPTP/L2TP.
00:38:20
17
Preview
Public Key Infrastructure (PKI)
The final nugget of the Cryptography domain lays out the core concepts of a Public Key Infrastructure (PKI).
00:37:29
18
Preview
Organizational Security (Part 1)
This nugget explains redundancy planning and the components, implementation of disaster recovery procedures, and incident response procedures.
00:32:27
19
Preview
Organizational Security (Part 2)
A wide array of organizational security topics and terms are covered here including: Secure disposal of computers; Acceptable- use policies; Password complexity; Change management; Classification of information; Mandatory vacations; Personally Identifiable Information (PII); Due care/diligence/process; SLA; Security-related HR policy; and User education and awareness training.
00:26:37
20
Preview
Organizational Security (Part 3)
The final nugget of the Security+ series lays out the importance of environmental controls like Fire suppression, HVAC, and Shielding. Social Engineering threats such as phishing, hoaxes, shoulder surfing, and dumpster diving are explored.
00:14:35
21

Network Security Domain Update
This first Security+ update Nugget deals with All-in-One security appliances, layer 2 security, virtualization and cloud computing, IPv4 vs. IPv6, and enhancements to wireless security.
00:47:50
22

Compliance and Operational Security Domain Update
Here you will learn about handling risk, basic forensics procedures, environmental controls, risks of virtualization, and risks of cloud computing.
00:43:48
23

Threats and Vulnerabilities Domain Update
Let's update threats and vulnerabilities! Here we dive into Phishing, Vishing, SPIM, Pharming, DNS and ARP poisoning, application attacks, and assessment types and techniques.
00:37:11
24

Application, Data, and Host Security Domain Update
Some new concepts of Security+ are explored including fuzzing, cross-site scripting (XSS), XSRF, mobile device security, and hardware-based encryption devices.
00:22:14
25

Access Control and Identity Management Domain Update
This update is a deeper exploration of authentication, authorization, and accounting including some really cool demos of a firewall and a AAA server.
00:29:00
26

Cryptography Domain Update
The cryptography domain is updated here with additional cryptosystems including RIPEMD, PGP, GPG, whole disk encryption, and Twofish. You will investigate the SSL/TLS phases, PKI advanced topics, and finishing up with a review of acronyms.