SlideShare ist ein Scribd-Unternehmen logo

What's New In CompTIA Security+ - Course Technology Computing Conference

Als PPTX, PDF herunterladen
Cengage Learning
Cengage Learning

What's New In CompTIA Security+ - Course Technology Computing Conference Presenter: Mark Ciampa, Western Kentucky University The new CompTIA Security+ exam (SY0-401) is projected to be rolled out in the late spring of 2014. This exam will have several significant changes from the previous exam. These include an expanded emphasis on topics such as securing mobile devices, cloud computing, cryptography, and threats and vulnerabilities. In addition, CompTIA is continuing to use performance-based questions on Security+ exams, requiring test-takers to configure firewall access control lists, match ports with services, and analyze log files. What exactly will the new Security+ exam cover? How will the updated Cengage Security+ Guide to Network Security Fundamentals 5th Edition address these changes? And what are the best ways to help students be prepared for the new Security+ exam with its performance-based questions? This session will look at what's new in CompTIA Security+ and how we can teach security to our students.

Bildung
1 von 105
What's New In CompTIA Security+ Mark Ciampa
431 Million • A – The current population of the U.S. • B – How many steps are needed to reach your room here in the Opryland Hotel • C – The number of adults worldwide who experienced cybercrime last year 2
14 Each Second • A – The number of infants born worldwide every day • B – The number of emails you receive from your most needy student • C – The frequency of a cybercrime incident worldwide 3
79% • A – Average pay raise of college presidents over the last 5 years • B – The number of Cengage employees who use cengage as a password • C – Percentage of Internet users spending 49+ hours per week online who are a victim of cybercrime 4
Illicit Drugs • A – The biggest threat on your campus • B – What you will need after enduring this presentation • C – The only activity that nets more revenue than cybercrime 5
More Bad News • Web pages that infect by simply looking at them (6,000 new infected pages daily, or 1 every 14 seconds) • More attacks originate in U.S. than any other country (33%) • Home users were the most highly targeted sector (93% all targeted attacks) • An infected U.S. computer has an average of 8 instances of malware • U.S. has highest number of infected computers 6
Users Are Still Confused • Massive data breach from computers belonging to South Carolina's Department of Revenue (DOR) • Exposed Social Security numbers of 3.8 million taxpayers plus credit card & bank account data for total of 74.7 GB • Started with employee's computer infected with malware after user opened phishing e-mail • Attacker captured the person's username and password • Installed tools that captured user account passwords on 6 servers • Eventually gained access to 36 other systems 7
Users Are Still Confused • 2012 survey of American, British and German adult computer users • 40% not always update software on computers when they initially prompted • 25% said do not clearly understand what software updates do • 25% said do not understand the benefits of updating regularly • 75% said saw update notifications but over half said needed to see notification between 2-5 times before decided • 25% said do not know how to check if their software needs updating 8
Uses Are Still Confused • 88% use their home computer for online banking, stock trading, reviewing personal medical information, and storing financial information, health records, and resumes • 98% agree important to be able to know risk level of a web site before visiting it (But 64% admit don’t know how to) • 92% think that their anti-virus software is up to date (But only 51% have current anti-virus software that been updated within last 7 days) 9
Users Are Still Confused • 44% don’t understand firewalls • 25% have not even heard of the term “phishing” and only 13% can accurately define it • 22% have anti-spyware software installed, an enabled firewall, and anti-virus protection that has been updated within last 7 days 10
Why Increase In Attacks • Speed of attacks • More sophisticated attacks • Simplicity of attack tools • Faster detection weaknesses • Delays in user patching • Distributed attacks • Exploit user ignorance & confusion 11
User Confusion • Confusion over different attacks: Worm or virus? Adware or spyware? Rootkit or Trojan? • Confusion over different defenses: Antivirus? Firewall? Patches? • Users asked to make security decisions and perform technical procedures 12
Think Of a User • Will you grant permission to open this port? • Is it safe to un-quarantine this attachment? • May I install this add-in? 13
User Misconceptions • I don’t have anything on my computer they want • I have antivirus software so I’m protected • The IT Department takes care of security here at school or work • My Apple computer is safe. 14
What's New In CompTIA Security+ • The new CompTIA Security+ exam (SY0-401) is projected to be rolled out in the late spring of 2014. This exam will have several significant changes from the previous exam. These include an expanded emphasis on topics such as securing mobile devices, cloud computing, cryptography, and threats and vulnerabilities. In addition, CompTIA is continuing to use performance-based questions on Security+ exams, requiring test-takers to configure firewall access control lists, match ports with services, and analyze log files. What exactly will the new Security+ exam cover? How will the updated Cengage Security+ Guide to Network Security Fundamentals 5th Edition address these changes? And what are the best ways to help students be prepared for the new Security+ exam with its performance-based questions? This session will look what's new in CompTIA Security+ and how we can teach security to our students.
What's New In CompTIA Security+ • Current state of security • New CompTIA Security+ exam (SY0-401) • Teaching Security+ • Security+ Guide to Network Security Fundamentals 5th Edition
What's New In CompTIA Security+ Current State of Security
18
Number of Target Victims • Current US Population • 110,000,000 – Target victims 19
How It All Started • Malwarebytes antivirus • Phishing email message 20
Real-time Protection 21
Phishing Email 22
23
Wireless Baby Monitor • Marc G. was his kitchen when started hear strange sounds coming from the nursery of his two-year-old daughter Allyson • Marc and wife entered the nursery and heard a stranger's voice calling out Allyson's name, cursing at her and calling her vile names • Voice was coming from the electronic baby monitor in Allyson's room that contained a camera, microphone, and speaker connected to their home Wi-Fi network • Because they did not have any security set on their wireless network, the attacker had been able to take control of the baby monitor from an unknown remote location • Parents surmised that the attacker knew their daughter's name because he saw "Allyson" spelled out on the wall in her room • Estimated that there are more than 100,000 wireless cameras that can be easily be exploited because they have virtually no security. 24
25
Twitter• Twitter account of Associated Press (AP) was broken into and a fictitious tweet was posted claiming there were "two explosions in the White House and [the U.S. President] is injured“ • Even though the tweet was only visible for a matter of minutes before it was removed, because of this fictitious tweet the Dow Jones industrial average dropped immediately (it recovered later in the day) • CBS television websites 60 Minutes and 48 Hours, the New York Times, the Wall Street Journal, the Washington Post, Burger King, and Jeep have been victims of recent Twitter break-ins • U.S. Securities and Exchange Commission (SEC) recently said that it would allow public companies to disclose corporate information on social media sites like Twitter 26
27
Prepaid Debit Cards • Attackers penetrated the network of a credit card processing company that handles prepaid debit cards • Manipulated the balances and limits on just 5 prepaid cards then used withdraw cash from ATMs • One month almost $5 million was fraudulently withdrawn from ATM machines around the world in 5700 transactions • Cell in New York City withdrew $400,000 in 750 fraudulent transactions at 140 ATM locations in the city in only 2.5 hours • A similar attack manipulated balances and withdrawal limits on 12 more cards to withdraw an additional $40 million from ATM machines around the world • New York City cell withdrew $2.4 million in 3000 ATM transactions in just 10 hours. 28
29
Economic Development Administration • Recently Department of Homeland Security (DHS) warned Commerce Department that a "potential" malware infection could be occurring within its networks • Security administrators at the Commerce Department identified potentially infected computers as belonging to Economic Development Administration (EDA) • Email sent by Commerce Department security administrators to the EDA said that they found 146 EDA systems that could potentially be infected • In reality, only 2 actually were infected 30
Economic Development Administration • Next day Commerce Department sent a follow-up email correcting the numbers but second email was vague and did not point out the first email was inaccurate • EDA interpreted the second email as a confirmation of the first warning • Confirmed when EDA performed a forensic analysis on 2 computers listed in the second email and found evidence of an infection • Commerce Department told the EDA to reimage the computers (meaning 2 computers) to clean them of malware • But the EDA interpreted it as an instruction to clean at least 146 systems • When EDA said that there were too many computers to reimage (across a network 50 computers can easily be re-imaged in one day) the Commerce Department incorrectly assumed that the EDA had found more computers that were infected • Chief Information Officer (CIO) of EDA instructed that their computers should be isolated from the network 31
Economic Development Administration • Later CIO decided that these computers should be physically destroyed: not just the hard drives cleaned or replaced, but the entire systems--along with mice and keyboards--should be crushed • In 8 months EDA had spent all of the money allocated for this destruction--$170,000--and had to stop • Had their sights set on destroying over $3 million worth of computer systems • The next month the EDA requested from the Commerce Department's IT Review Board over $26 million over the next three years to fund its recovery efforts (request was denied) • EDA spent 50% of its entire IT budget ($2.7 million) in personnel and related costs to address a total of 2 infected computers 32
Economic Development Administration • Department of Commerce launched a "comprehensive incident response improvement project“ • Project has already used a third party to review its incident response capabilities, hired three experienced incident handlers, and put a new security incident tracking system in place • It is unknown how much this new project will finally cost. 33
Emily Williams • U.S. federal government agency that specialized in "offensive cybersecurity" had been resistant to technology-based penetration testing in the past • Pen testers turned to social engineering • Created a fake online profile of "Emily Williams," an attractive 28-year- old who graduated from MIT and had several years of security experience • Profiles of Emily were posted Facebook and LinkedIn, along with a photo (that of a server from a local restaurant that many of the employees of this same government agency frequented) • Testers also posted on several of MIT's university forums using the name Emily Williams • After only 15 hours Emily had 60 Facebook and 55 LinkedIn connections with employees from the targeted government agency and its contractors • After 24 hours she already had 3 job offers from other companies 34
Emily Williams • Emily then started receiving LinkedIn endorsements for her skills, and males who worked at the government agency offered to help her get a jump- start on a new job within the agency • These males said they would help her by-pass normal procedures for receiving a laptop computer and network access, giving her higher levels of access than a new hire would normally have • During Christmas holiday testers created web site with a Christmas card and posted a link to it on Emily's social media profiles 35
Emily Williams • Anyone who visited the site was prompted to execute a Java applet, which was actually a Trojan that exploited a vulnerability • Pen testers were able to gain administrative rights over these agency computers and capture user passwords, install applications, and steal sensitive documents, which, in more irony, contained information about state-sponsored attacks on foreign governments • One of the contractors for this agency who fell for this ploy actually worked as a developer for an antivirus vendor and had access to the antivirus source code, which the testers were able to see 36
Emily Williams • Pen team saw that two of the agency's employees had exchanged information on Facebook about the upcoming birthday of the agency's head of information security • Head did not have a Facebook or LinkedIn account (perhaps for security reasons), so testers directly sent to him an email with a birthday card that pretended to come from one of these agency's employees • The head of security fell victim by opening the card and infecting his computer, thus exposing the crown jewels of the entire system 37
Emily Williams • Pen testers accomplished all of their goals using Emily Williams in 7 days • Test validated what is widely known: because attractive females often receive special treatment in the male-dominated IT industry, social engineering attacks frequently take advantage of this • Pen team also tried a similar test by planting a fake male social media profile to see if any of the females at the agency would fall for it • They did not. 38
39
Craigslist & EBay• Federal Bureau of Investigation (FBI) is warning buyers to beware • Attackers masquerading as legitimate sellers frequently advertise items at "too-good-to-be-true" prices to entice a large number of victims • Attackers do not post photos of the item for sale but instead offer to send a photo as an email attachment or as a link upon request • Photo attachments contain malware: when the recipients open the attachment their computers become infected • Potential buyers are encouraged request original posting be modified so that it includes a photo 40
41
Apple• Apple's Secure Transport library found in all versions of its operating systems since iOS 6 and OS X 10.9 • Handles establishing encrypted connection for Apple applications (Apple Mail, iBooks, FaceTime, Calendar, Keynote, Safari browser, and Software Update applications) • Library is used for the most common cryptographic transport algorithms of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) • A coding error in the Apple library is responsible for a security vulnerability 42
Apple if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final . . . 43
Apple• 2 "goto fail" lines in a row • First line would be executed if there is an error triggered by the "if ((err = SSLHashSHA1.update" line • Second line is not based on a condition (even though it is indented) and "goto fail" will always be executed, even if there was not an error • Code leaps over another call and result is that a verification will always succeed and never fail • Attackers could perform man-in-the-middle attack and return false data that appears that it came from a valid web server and has been cryptographically verified 44
45
Deadliest Attack• Insulin pump worn by diabetics that administers insulin as an alternative to multiple daily injections • Diabetic security researcher demonstrated wireless attack on an insulin pump that could secretly change the delivery dosage of insulin to the patient up to 300 feet away • Another security researcher broke into defibrillator used to stabilize heartbeats and reprogrammed it, then disabled power-save mode so the battery ran down in hours instead of years • Threat was so real that a former vice president of the U.S. had his defibrillator removed and replaced with one that lacked capabilities that an attacker might exploit 46
Deadliest Attack• Department of Homeland Security (DHS) report entitled "Attack Surface: Healthcare and Public Health Sector" says “now becoming a major concern. . . . pose a significant threat to the public and private sector" • Food and Drug Administration (FDA), which regulates the design and manufacture of medical devices issued an "FDA Safety Communication" document recommending that medical device manufacturers and health care facilities should "take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack” • FDA has stated that for any medical devices that do not "appropriately address" security risks "might consider" withholding its approval of the device 47
Director of National Intelligence • What is our greatest global threat? • A – Terrorism • B – Weapons of mass destruction • C – Cybersecurity 48
What's New In CompTIA Security+ • Current state of security • New CompTIA Security+ exam (SY0-401) • Teaching Security+ • Security+ Guide to Network Security Fundamentals 5th Edition
What's New In CompTIA Security+ New CompTIA exam (SY0-401)
SY0-201 (2008-2011) 51
SY0-301 (2011-2014) 52
SY0-401 (2014-2017) 53
5 Security+ SY0-401 contains primarily updates and expansion of existing SY0-301 objectives to include current technologies and security concerns.  There are more scenario based objectives, which are often used for performance based questions in CompTIA exams. Notable updates  Expansion of common protocols and services  More content devoted to risk, including risks due to systems integration with third parties and how to plan for them  New emphasis on mobile security and BYOD  Risk mitigation in static environments including SCADA and Android/iOS.  Expanded and elevated (scenario based) authentication, authorization and access control, including federation. Changes in SY0-401 (Spring 2014)
. July 2013 August 2013 September 2013 October 2013 November 2013 December 2013 January 2014 February 2014 March 2014 Remaining 2014 2013-2014 Translation Schedule Exam Retirements CompTIA 2013 Product Calendar Effective October 1, 2013 dates subject to change A+ (701/702) 8/31/13-English 12/31/13- All Languages Green IT IT for Sales 12/31/13 PDI+ 1/31/2014 CDIA+ (225-030) 3/31/14-All Languages Healthcare IT A+ (800 Series) Japanese-June 2013 German- September 2013 LAM Spanish- Q4 2013 Thai- Q4 2013 Arabic- Q1 2014 French- Q4 2013 Chinese- Q4 2013 Security+ (SYO-004) Item Writing September 16-20,2013 Mobility+ (MBO-001) Cut Score Workshop Aug 19-23 Network+ (N10-005) Item Refresh Aug 26-30 CASP Refresh JTA Oct 7-11, 2013 October 1, 2013 Launch CVO-001 iOS: IOS-001 Android : ADR-001 October 15, 2013 Launch Security+ (SY0-401) May 2014 CASP (CAS-002) August 2014 Network+ (NI0-006) Q4 2014 Strata IT Fundamentals (FC0-U51) Security+ (SY0-004) JTA July 8-12, 2013 Security+ (SY0-401) Objectives Release Security+ Refresh Cut Score Nov 11-15, 2013 MB0-001 November 1, 2013 Launch
What's New In CompTIA Security+ • SY0-401 exam objectives released to general public December 2013 • SY0-401 exam goes live May 2014 • SY0-301 exam objectives 11 pages • SY0-401 exam objectives 15 pages
1.0 Network Security • +Layered defenses • +Common protocols • +Common services • +Unified Threat Managers
2.0 Compliance & Operational Security • +Information security terminology • -Physical defenses • +Data Loss Prevention
3.0 Threats & Vulnerabilities • -Worms, keyloggers • +Social engineering • +Arbitrary/Remote code execution • ?WEP/IV Attacks • ?Rainbow tables
4.0 Application, Data, Host Security • +Securing static environments • +Big Data • +Storage Area Networks • +Virtualization & Cloud computing • ++Mobile devices • ??Mainframe
5.0 Access Control & ID Mngt • +Authentication credentials • +Account management
6.0 Cryptography • +Comparative strengths & performance of algorithms • +Key stretching • +Certificate authorities • +Perfect forward secrecy
Personal Observations • Somewhat deceptive about how much new material has been added • New material is more an expansion of existing topics than entirely new topics (going deeper instead of wider) • Watch for Given a scenario as trigger for performance-based questions
Personal Observations • Ignore Suggested Classroom Equipment list • Ignore Security+ Acronym list
What's New In CompTIA Security+ • Current state of security • New CompTIA Security+ exam (SY0-401) • Teaching Security+ • Security+ Guide to Network Security Fundamentals 5th Edition
What's New In CompTIA Security+ Teaching Security+
Practical Principles • Tradeoff • We can’t win • The Chain • What it takes 67
Tradeoff 68
We Can’t Win • Information security should not be viewed as a war to be won or lost • Just as crime like burglary can never be completely eradicated neither can attacks against technology • The goal is not a complete victory but instead maintaining equilibrium 69
We Can’t Win • As attackers take advantage of a weakness in a defense, defenders must respond with an improved defense • Information security is an endless cycle between attacker and defender 70
The Chain 71
What It Takes 72
Practical Principles • Tradeoff • We can’t win • The Chain • What it takes 73
Which Is Better? • thisisaverylongpassword • Xp4!e% • Length always trumps complexity
Length Over Complexity • Keyboard had only 3 keys: A, B, and C • Had to create a 2-character password • How many different passwords could we create? • What’s the relationship between those numbers?
Length Over Complexity Number-of-Keyboard-Keys ^ Password-Length = Total-Number-of- Possible-Passwords Keyboard Keys Password Length Possible Passwords 95 2 9,025 95 3 857,375 95 4 81,450,625 95 6 735,091,890,62 5 189 6 4.5579633e+13
77 Test Passwords • How Secure Is My Password
Tennessee Password Policy • Have 3 of the following 4 characteristics: • Upper case characters (A-Z) • Lower case characters (a-z) • Digits (0-9) • Non alphanumeric characters (~ ! # % * _ -) • Is not a word in any language, slang, dialect, or jargon, etc. • Is not based on personal information. • Minimum of eight (8) characters
Password Paradox • Password paradox – For password to remain secure it should never be written down but must be committed to memory. • Password should also be of a sufficient length and complexity that an attacker cannot easily determine • Paradox: although lengthy and complex passwords should be used and never written down, it is very difficult to memorize these types of passwords. • Users have multiple accounts for computers at work, school, and home, e-mail accounts, banks, online Internet stores, and each account has its own password
Weak Passwords • Common word (Eagles) • Short passwords (ABCDEF) • Personal information (name of a child or pet) • Write password down • Predictable use of characters • Not change password • Reuse same password
Top 10 Passwords
Password Principles 1. Any password that can be memorized is a weak password 2. Any password that is repeated on multiple accounts is a weak password
Password Management Application • Use technology instead of our memory for password management • Password management application – Allow user to store username and password, along with other account details • Application is itself protected by a single strong password, and can even require the presence of a file on a USB flash drive before the program will open • Allows user to retrieve usernames and passwords without the need to remember or even type them • Allows for very strong passwords:
My Password ÞtqâƒGøÑÆ»¬ŠñB±.Û©¸ùÏŽ"$@mgÉ 84
Password Management Application • In-memory protection - Passwords are encrypted while the application is running to conceal passwords • Key files - In order to open the password database key file must also be present • Lock to user account - The database can be locked so that it can only be opened by the same person who created it • Password groupings - User passwords can be arranged as a tree, so that a group can have subgroups • Random password generator - A built-in random password generator can create strong random passwords based on different settings
KeePass 86
If You Rely On Memory Only • Length is more important than complexity • Do not use passwords that consist of dictionary words or phonetic words • Do not use birthdays, family member names, pet names, addresses, or any personal information • Do not repeat characters (xxx) or use sequences (abc, 123, qwerty) • Minimum of 12 characters in length or for accounts that require higher security a minimum of 18 characters is recommended • Consider using a longer passphrase but not in normal English sequence: not theraininspainfallsmainlyontheplain but instead use in sequence mainlyinonthethespainrainfalls • Use nonkeyboard characters
88 Use Nonkeyboard Characters • Make passwords stronger with special characters not on keyboard • Created by holding down ALT key while simultaneously typing a number on numeric keypad (but not the numbers across the top of the keyboard); ALT + 0163 produces £. • To see a list of all the available non-keyboard characters click Start and Run and enter charmap.exe; click on character and the code ALT + 0xxx will appear in lower-right corner if can be reproduced in Windows
89 Use Nonkeyboard Characters
Tools • One-Time Pad •SSL Test •Online keylogger •OpenPuff 90
What's New In CompTIA Security+ • Current state of security • New CompTIA Security+ exam (SY0-401) • Teaching Security+ • Security+ Guide to Network Security Fundamentals 5th Edition
What's New In CompTIA Security+ Security+ Textbook 5th Edition
Security+ 5e • Security+ Guide to Network Security Fundaments, 5e (9781305093911) • Available August 1, 2014 • Maps completely to new SY0-401 exam objectives • Retains popular format • Increased from 14 to 15 chapters (new chapter on Mobile Device Security) • Increased chapter length by 2-3 pages
Security+ 5e • Cryptography moved up to Chapters 5-6 • New “Today’s Attacks & Defenses” openers • New sectional units • New and updated Review Questions, Hands-On Projects, Case Projects • New lecture videos • New material on companion web site to be updated regularly
Security+ 5e • Chapter 1: Introduction to Security – Challenges of Securing Information – What Is Information Security? – Who Are the Attackers? – Attacks and Defenses
Security+ 5e THREATS • Chapter 2: Malware and Social Engineering Attacks – Attacks Using Malware – Social Engineering Attacks • Chapter 3: Application and Networking-Based Attacks – Application Attacks – Networking-Based Attacks
Security+ 5e BASIC SECURITY • Host, Application, and Data Security – Securing the Host – Securing static environments – Application Security – Securing Data
Security+ 5e CRYPTOGRAPHY • Chapter 5: Basic Cryptography – Defining Cryptography – Cryptographic Algorithms – Using Cryptography • Chapter 6: Advanced Cryptography – Digital Certificates – Public Key Infrastructure (PKI) – Key Management – Transport Encryption Algorithms
Security+ 5e NETWORK SECURITY • Chapter 7: Network Security – Security through network devices – Security through network technologies – Security through network design elements • Chapter 8: Administering a Secure Network – Common Network Protocols – Network Administration Principles – Securing Network Applications
Security+ 5e MOBILE SECURITY • Chapter 9: Wireless Network Security – Wireless Attacks – Vulnerabilities of IEEE 802.11 Security – Wireless Security Solutions • Chapter 10: Mobile Device Security – Types Mobile Devices – Mobile Device Risks – Securing Mobile Devices
Security+ 5e ACCESS CONTROL AND IDENTITY MANAGEMENT • Chapter 11: Access Control Fundamentals – What is access control? – Implementing access control – Authentication Services • Chapter 12: Authentication and Account Management – Authentication Credentials – Single sign-on – Account Management
Security+ 5e COMPLIANCE & OPERATIONAL SECURITY • Chapter 13: Business Continuity – What is business continuity? – Disaster recovery – Environmental Controls – Incident Response Procedures – Forensics • Chapter 14: Risk Mitigation – Controlling Risk – Reducing Risk through Policies – Awareness and Training
Security+ 5e COMPLIANCE & OPERATIONAL SECURITY • Chapter 15: Vulnerability Assessment and Third Party Integration –Vulnerability Assessment –Vulnerability Scanning vs. Penetration Testing –Third Party Integration –Summary
What's New In CompTIA Security+ • Current state of security • New CompTIA Security+ exam (SY0-401) • Teaching Security+ • Security+ Guide to Network Security Fundamentals 5th Edition
What's New In CompTIA Security+ mark.ciampa@wku.edu

Empfohlen

Ch01
Ch01Ch01
Ch01
Alitta Aisyawati
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
primeteacher32
 
hacker culture
hacker culturehacker culture
hacker culture
Amy McMullin
 
Chapter 9 PowerPoint
Chapter 9 PowerPointChapter 9 PowerPoint
Chapter 9 PowerPoint
Amy McMullin
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
Chapter 2 Presentation
Chapter 2 PresentationChapter 2 Presentation
Chapter 2 Presentation
Amy McMullin
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to Security
Information Technology
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
Amy McMullin
 

Empfohlen

Ch01
Ch01Ch01
Ch01
Alitta Aisyawati
 
Intro to Security
Intro to SecurityIntro to Security
Intro to Security
primeteacher32
 
hacker culture
hacker culturehacker culture
hacker culture
Amy McMullin
 
Chapter 9 PowerPoint
Chapter 9 PowerPointChapter 9 PowerPoint
Chapter 9 PowerPoint
Amy McMullin
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
Chapter 2 Presentation
Chapter 2 PresentationChapter 2 Presentation
Chapter 2 Presentation
Amy McMullin
 
Ch01 Introduction to Security
Ch01 Introduction to SecurityCh01 Introduction to Security
Ch01 Introduction to Security
Information Technology
 
Chapter 3 Presentation
Chapter 3 PresentationChapter 3 Presentation
Chapter 3 Presentation
Amy McMullin
 
Chapter 15 Presentation
Chapter 15 PresentationChapter 15 Presentation
Chapter 15 Presentation
Amy McMullin
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
Amy McMullin
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
Ganbayar Sukhbaatar
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
Amy McMullin
 
Chapter 11 Presentation
Chapter 11 PresentationChapter 11 Presentation
Chapter 11 Presentation
Amy McMullin
 
Chapter 12 Presentation
Chapter 12 PresentationChapter 12 Presentation
Chapter 12 Presentation
Amy McMullin
 
Chapter 8 Presentaion
Chapter 8 PresentaionChapter 8 Presentaion
Chapter 8 Presentaion
Amy McMullin
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
Anne Starr
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
Sam Bowne
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
Al Balqa Applied University
 
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securityCcna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+security
mysoria
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
MLG College of Learning, Inc
 
Chapter 2 phisycal security threat
Chapter 2 phisycal security threatChapter 2 phisycal security threat
Chapter 2 phisycal security threat
Syaiful Ahdan
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
Kabul Education University
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
Kabul Education University
 
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityChapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
Dr. Ahmed Al Zaidy
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015
Samuel Kamuli
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
IBM Security
 
Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 Presentation
Amy McMullin
 
Chapter 7 Presentation
Chapter 7 PresentationChapter 7 Presentation
Chapter 7 Presentation
Amy McMullin
 

Weitere ähnliche Inhalte

Was ist angesagt?

CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
Ganbayar Sukhbaatar
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
Anne Starr
 
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securityCcna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+security
mysoria
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015
Samuel Kamuli
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
IBM Security
 

Was ist angesagt? (20)

Chapter 15 Presentation
Chapter 15 PresentationChapter 15 Presentation
Chapter 15 Presentation
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
Chapter 11 Presentation
Chapter 11 PresentationChapter 11 Presentation
Chapter 11 Presentation
 
Chapter 12 Presentation
Chapter 12 PresentationChapter 12 Presentation
Chapter 12 Presentation
 
Chapter 8 Presentaion
Chapter 8 PresentaionChapter 8 Presentaion
Chapter 8 Presentaion
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Incident response
Incident responseIncident response
Incident response
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
 
22 need-for-security
22 need-for-security22 need-for-security
22 need-for-security
 
Ccna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+securityCcna+sec+ch01+ +overview+security
Ccna+sec+ch01+ +overview+security
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
 
Chapter 2 phisycal security threat
Chapter 2 phisycal security threatChapter 2 phisycal security threat
Chapter 2 phisycal security threat
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
 
Chapter 8 Wireless Network Security
Chapter 8 Wireless Network SecurityChapter 8 Wireless Network Security
Chapter 8 Wireless Network Security
 
Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015Gartner technologies for Infosec 2014-2015
Gartner technologies for Infosec 2014-2015
 
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?
 

Andere mochten auch

Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
Information Technology
 
Security Assessment Plan (Template)
Security Assessment Plan (Template)Security Assessment Plan (Template)
Security Assessment Plan (Template)
GovCloud Network
 

Andere mochten auch (11)

Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 Presentation
 
Chapter 7 Presentation
Chapter 7 PresentationChapter 7 Presentation
Chapter 7 Presentation
 
Chapter 5 Presentation
Chapter 5 PresentationChapter 5 Presentation
Chapter 5 Presentation
 
A+ Chapter 3 Review
A+ Chapter 3 ReviewA+ Chapter 3 Review
A+ Chapter 3 Review
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
Management in healthcare
Management in healthcareManagement in healthcare
Management in healthcare
 
CompTIA Security+ Guide
CompTIA Security+ GuideCompTIA Security+ Guide
CompTIA Security+ Guide
 
Security Assessment Plan (Template)
Security Assessment Plan (Template)Security Assessment Plan (Template)
Security Assessment Plan (Template)
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
 
Ch01
Ch01Ch01
Ch01
 
Network Security
Network SecurityNetwork Security
Network Security
 

Ähnlich wie What's New In CompTIA Security+ - Course Technology Computing Conference

Insurance Cyber Risks Presentation
Insurance Cyber Risks PresentationInsurance Cyber Risks Presentation
Insurance Cyber Risks Presentation
Neville Cartwright
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
apyn
 
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
MHM (Mayer Hoffman McCann P.C.)
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
Rochester Security Summit
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
Simpletel
 

Ähnlich wie What's New In CompTIA Security+ - Course Technology Computing Conference (20)

Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
Course Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay SecureCourse Tech 2013, Mark Ciampa, Helping Students Stay Secure
Course Tech 2013, Mark Ciampa, Helping Students Stay Secure
 
Insurance Cyber Risks Presentation
Insurance Cyber Risks PresentationInsurance Cyber Risks Presentation
Insurance Cyber Risks Presentation
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Mis chapter 9
Mis chapter 9Mis chapter 9
Mis chapter 9
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
 
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
Webinar Slides: Not-for-Profits Are Not Exempt from Risk: What You Need to Kn...
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 
Business under cyberassault
Business under cyberassaultBusiness under cyberassault
Business under cyberassault
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
 
L007 Managing System Security (2016)
L007 Managing System Security (2016)L007 Managing System Security (2016)
L007 Managing System Security (2016)
 
Lecture5
Lecture5Lecture5
Lecture5
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Brooks18
Brooks18Brooks18
Brooks18
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
 

Mehr von Cengage Learning

Are Your Students Ready for Lab?
Are Your Students Ready for Lab?Are Your Students Ready for Lab?
Are Your Students Ready for Lab?
Cengage Learning
 
5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and Outcomes5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and Outcomes
Cengage Learning
 
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
Cengage Learning
 
Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?
Cengage Learning
 
You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...
Cengage Learning
 
Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes
Cengage Learning
 
Preparing Students for Career Success
Preparing Students for Career Success Preparing Students for Career Success
Preparing Students for Career Success
Cengage Learning
 

Mehr von Cengage Learning (20)

Discovering History Through Digital Newspaper Collection
Discovering History Through Digital Newspaper CollectionDiscovering History Through Digital Newspaper Collection
Discovering History Through Digital Newspaper Collection
 
Are Your Students Ready for Lab?
Are Your Students Ready for Lab?Are Your Students Ready for Lab?
Are Your Students Ready for Lab?
 
5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and Outcomes5 Course Design Tips to Increase Engagement and Outcomes
5 Course Design Tips to Increase Engagement and Outcomes
 
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
The Journey to Digital: Incorporating Technology to Strengthen Critical Minds
 
Google Drive Plus TexQuest Equals a Match Made in Research Heaven
Google Drive Plus TexQuest Equals a Match Made in Research HeavenGoogle Drive Plus TexQuest Equals a Match Made in Research Heaven
Google Drive Plus TexQuest Equals a Match Made in Research Heaven
 
Improving Time Management: Tips that Will Help College Students Start the Yea...
Improving Time Management: Tips that Will Help College Students Start the Yea...Improving Time Management: Tips that Will Help College Students Start the Yea...
Improving Time Management: Tips that Will Help College Students Start the Yea...
 
Mind Tap Open Trial Cengage Learning
Mind Tap Open Trial Cengage LearningMind Tap Open Trial Cengage Learning
Mind Tap Open Trial Cengage Learning
 
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
Getting Started with Enhanced WebAssign 8/11/15 Presented by: Mike Lafreniere...
 
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 InitiativeTaming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
Taming the Digital Tiger: Implementing a Successful Digital or 1:1 Initiative
 
Decimal and Fraction Jeopardy - A Game for Developmental Math
Decimal and Fraction Jeopardy - A Game for Developmental MathDecimal and Fraction Jeopardy - A Game for Developmental Math
Decimal and Fraction Jeopardy - A Game for Developmental Math
 
Game it up! Introducing Game Based Learning for Developmental Math
Game it up! Introducing Game Based Learning for Developmental MathGame it up! Introducing Game Based Learning for Developmental Math
Game it up! Introducing Game Based Learning for Developmental Math
 
Overcoming Textbook Fatigue
Overcoming Textbook FatigueOvercoming Textbook Fatigue
Overcoming Textbook Fatigue
 
Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?Adult Student Success: How Does Awareness Correlate to Program Completion?
Adult Student Success: How Does Awareness Correlate to Program Completion?
 
You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...You're responsible for teaching, and your students are resonsible for learnin...
You're responsible for teaching, and your students are resonsible for learnin...
 
What is the Impact of the New Standard on the Intermediate Accounting Course?
What is the Impact of the New Standard on the Intermediate Accounting Course?What is the Impact of the New Standard on the Intermediate Accounting Course?
What is the Impact of the New Standard on the Intermediate Accounting Course?
 
The ABCs Approach to Goal Setting and Implementation
The ABCs Approach to Goal Setting and ImplementationThe ABCs Approach to Goal Setting and Implementation
The ABCs Approach to Goal Setting and Implementation
 
Competency-based Education: Out with the new, in with the old?
Competency-based Education: Out with the new, in with the old? Competency-based Education: Out with the new, in with the old?
Competency-based Education: Out with the new, in with the old?
 
Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes Student-to-Student Learning, Powered by FlashNotes
Student-to-Student Learning, Powered by FlashNotes
 
Creating Career Success: A Flexible Plan for the World of Work
Creating Career Success: A Flexible Plan for the World of WorkCreating Career Success: A Flexible Plan for the World of Work
Creating Career Success: A Flexible Plan for the World of Work
 
Preparing Students for Career Success
Preparing Students for Career Success Preparing Students for Career Success
Preparing Students for Career Success
 

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 

What's New In CompTIA Security+ - Course Technology Computing Conference

  • 1. What's New In CompTIA Security+ Mark Ciampa
  • 2. 431 Million • A – The current population of the U.S. • B – How many steps are needed to reach your room here in the Opryland Hotel • C – The number of adults worldwide who experienced cybercrime last year 2
  • 3. 14 Each Second • A – The number of infants born worldwide every day • B – The number of emails you receive from your most needy student • C – The frequency of a cybercrime incident worldwide 3
  • 4. 79% • A – Average pay raise of college presidents over the last 5 years • B – The number of Cengage employees who use cengage as a password • C – Percentage of Internet users spending 49+ hours per week online who are a victim of cybercrime 4
  • 5. Illicit Drugs • A – The biggest threat on your campus • B – What you will need after enduring this presentation • C – The only activity that nets more revenue than cybercrime 5
  • 6. More Bad News • Web pages that infect by simply looking at them (6,000 new infected pages daily, or 1 every 14 seconds) • More attacks originate in U.S. than any other country (33%) • Home users were the most highly targeted sector (93% all targeted attacks) • An infected U.S. computer has an average of 8 instances of malware • U.S. has highest number of infected computers 6
  • 7. Users Are Still Confused • Massive data breach from computers belonging to South Carolina's Department of Revenue (DOR) • Exposed Social Security numbers of 3.8 million taxpayers plus credit card & bank account data for total of 74.7 GB • Started with employee's computer infected with malware after user opened phishing e-mail • Attacker captured the person's username and password • Installed tools that captured user account passwords on 6 servers • Eventually gained access to 36 other systems 7
  • 8. Users Are Still Confused • 2012 survey of American, British and German adult computer users • 40% not always update software on computers when they initially prompted • 25% said do not clearly understand what software updates do • 25% said do not understand the benefits of updating regularly • 75% said saw update notifications but over half said needed to see notification between 2-5 times before decided • 25% said do not know how to check if their software needs updating 8
  • 9. Uses Are Still Confused • 88% use their home computer for online banking, stock trading, reviewing personal medical information, and storing financial information, health records, and resumes • 98% agree important to be able to know risk level of a web site before visiting it (But 64% admit don’t know how to) • 92% think that their anti-virus software is up to date (But only 51% have current anti-virus software that been updated within last 7 days) 9
  • 10. Users Are Still Confused • 44% don’t understand firewalls • 25% have not even heard of the term “phishing” and only 13% can accurately define it • 22% have anti-spyware software installed, an enabled firewall, and anti-virus protection that has been updated within last 7 days 10
  • 11. Why Increase In Attacks • Speed of attacks • More sophisticated attacks • Simplicity of attack tools • Faster detection weaknesses • Delays in user patching • Distributed attacks • Exploit user ignorance & confusion 11
  • 12. User Confusion • Confusion over different attacks: Worm or virus? Adware or spyware? Rootkit or Trojan? • Confusion over different defenses: Antivirus? Firewall? Patches? • Users asked to make security decisions and perform technical procedures 12
  • 13. Think Of a User • Will you grant permission to open this port? • Is it safe to un-quarantine this attachment? • May I install this add-in? 13
  • 14. User Misconceptions • I don’t have anything on my computer they want • I have antivirus software so I’m protected • The IT Department takes care of security here at school or work • My Apple computer is safe. 14
  • 15. What's New In CompTIA Security+ • The new CompTIA Security+ exam (SY0-401) is projected to be rolled out in the late spring of 2014. This exam will have several significant changes from the previous exam. These include an expanded emphasis on topics such as securing mobile devices, cloud computing, cryptography, and threats and vulnerabilities. In addition, CompTIA is continuing to use performance-based questions on Security+ exams, requiring test-takers to configure firewall access control lists, match ports with services, and analyze log files. What exactly will the new Security+ exam cover? How will the updated Cengage Security+ Guide to Network Security Fundamentals 5th Edition address these changes? And what are the best ways to help students be prepared for the new Security+ exam with its performance-based questions? This session will look what's new in CompTIA Security+ and how we can teach security to our students.
  • 16. What's New In CompTIA Security+ • Current state of security • New CompTIA Security+ exam (SY0-401) • Teaching Security+ • Security+ Guide to Network Security Fundamentals 5th Edition
  • 17. What's New In CompTIA Security+ Current State of Security
  • 18. 18
  • 19. Number of Target Victims • Current US Population • 110,000,000 – Target victims 19
  • 20. How It All Started • Malwarebytes antivirus • Phishing email message 20
  • 23. 23
  • 24. Wireless Baby Monitor • Marc G. was his kitchen when started hear strange sounds coming from the nursery of his two-year-old daughter Allyson • Marc and wife entered the nursery and heard a stranger's voice calling out Allyson's name, cursing at her and calling her vile names • Voice was coming from the electronic baby monitor in Allyson's room that contained a camera, microphone, and speaker connected to their home Wi-Fi network • Because they did not have any security set on their wireless network, the attacker had been able to take control of the baby monitor from an unknown remote location • Parents surmised that the attacker knew their daughter's name because he saw "Allyson" spelled out on the wall in her room • Estimated that there are more than 100,000 wireless cameras that can be easily be exploited because they have virtually no security. 24
  • 25. 25
  • 26. Twitter• Twitter account of Associated Press (AP) was broken into and a fictitious tweet was posted claiming there were "two explosions in the White House and [the U.S. President] is injured“ • Even though the tweet was only visible for a matter of minutes before it was removed, because of this fictitious tweet the Dow Jones industrial average dropped immediately (it recovered later in the day) • CBS television websites 60 Minutes and 48 Hours, the New York Times, the Wall Street Journal, the Washington Post, Burger King, and Jeep have been victims of recent Twitter break-ins • U.S. Securities and Exchange Commission (SEC) recently said that it would allow public companies to disclose corporate information on social media sites like Twitter 26
  • 27. 27
  • 28. Prepaid Debit Cards • Attackers penetrated the network of a credit card processing company that handles prepaid debit cards • Manipulated the balances and limits on just 5 prepaid cards then used withdraw cash from ATMs • One month almost $5 million was fraudulently withdrawn from ATM machines around the world in 5700 transactions • Cell in New York City withdrew $400,000 in 750 fraudulent transactions at 140 ATM locations in the city in only 2.5 hours • A similar attack manipulated balances and withdrawal limits on 12 more cards to withdraw an additional $40 million from ATM machines around the world • New York City cell withdrew $2.4 million in 3000 ATM transactions in just 10 hours. 28
  • 29. 29
  • 30. Economic Development Administration • Recently Department of Homeland Security (DHS) warned Commerce Department that a "potential" malware infection could be occurring within its networks • Security administrators at the Commerce Department identified potentially infected computers as belonging to Economic Development Administration (EDA) • Email sent by Commerce Department security administrators to the EDA said that they found 146 EDA systems that could potentially be infected • In reality, only 2 actually were infected 30
  • 31. Economic Development Administration • Next day Commerce Department sent a follow-up email correcting the numbers but second email was vague and did not point out the first email was inaccurate • EDA interpreted the second email as a confirmation of the first warning • Confirmed when EDA performed a forensic analysis on 2 computers listed in the second email and found evidence of an infection • Commerce Department told the EDA to reimage the computers (meaning 2 computers) to clean them of malware • But the EDA interpreted it as an instruction to clean at least 146 systems • When EDA said that there were too many computers to reimage (across a network 50 computers can easily be re-imaged in one day) the Commerce Department incorrectly assumed that the EDA had found more computers that were infected • Chief Information Officer (CIO) of EDA instructed that their computers should be isolated from the network 31
  • 32. Economic Development Administration • Later CIO decided that these computers should be physically destroyed: not just the hard drives cleaned or replaced, but the entire systems--along with mice and keyboards--should be crushed • In 8 months EDA had spent all of the money allocated for this destruction--$170,000--and had to stop • Had their sights set on destroying over $3 million worth of computer systems • The next month the EDA requested from the Commerce Department's IT Review Board over $26 million over the next three years to fund its recovery efforts (request was denied) • EDA spent 50% of its entire IT budget ($2.7 million) in personnel and related costs to address a total of 2 infected computers 32
  • 33. Economic Development Administration • Department of Commerce launched a "comprehensive incident response improvement project“ • Project has already used a third party to review its incident response capabilities, hired three experienced incident handlers, and put a new security incident tracking system in place • It is unknown how much this new project will finally cost. 33
  • 34. Emily Williams • U.S. federal government agency that specialized in "offensive cybersecurity" had been resistant to technology-based penetration testing in the past • Pen testers turned to social engineering • Created a fake online profile of "Emily Williams," an attractive 28-year- old who graduated from MIT and had several years of security experience • Profiles of Emily were posted Facebook and LinkedIn, along with a photo (that of a server from a local restaurant that many of the employees of this same government agency frequented) • Testers also posted on several of MIT's university forums using the name Emily Williams • After only 15 hours Emily had 60 Facebook and 55 LinkedIn connections with employees from the targeted government agency and its contractors • After 24 hours she already had 3 job offers from other companies 34
  • 35. Emily Williams • Emily then started receiving LinkedIn endorsements for her skills, and males who worked at the government agency offered to help her get a jump- start on a new job within the agency • These males said they would help her by-pass normal procedures for receiving a laptop computer and network access, giving her higher levels of access than a new hire would normally have • During Christmas holiday testers created web site with a Christmas card and posted a link to it on Emily's social media profiles 35
  • 36. Emily Williams • Anyone who visited the site was prompted to execute a Java applet, which was actually a Trojan that exploited a vulnerability • Pen testers were able to gain administrative rights over these agency computers and capture user passwords, install applications, and steal sensitive documents, which, in more irony, contained information about state-sponsored attacks on foreign governments • One of the contractors for this agency who fell for this ploy actually worked as a developer for an antivirus vendor and had access to the antivirus source code, which the testers were able to see 36
  • 37. Emily Williams • Pen team saw that two of the agency's employees had exchanged information on Facebook about the upcoming birthday of the agency's head of information security • Head did not have a Facebook or LinkedIn account (perhaps for security reasons), so testers directly sent to him an email with a birthday card that pretended to come from one of these agency's employees • The head of security fell victim by opening the card and infecting his computer, thus exposing the crown jewels of the entire system 37
  • 38. Emily Williams • Pen testers accomplished all of their goals using Emily Williams in 7 days • Test validated what is widely known: because attractive females often receive special treatment in the male-dominated IT industry, social engineering attacks frequently take advantage of this • Pen team also tried a similar test by planting a fake male social media profile to see if any of the females at the agency would fall for it • They did not. 38
  • 39. 39
  • 40. Craigslist & EBay• Federal Bureau of Investigation (FBI) is warning buyers to beware • Attackers masquerading as legitimate sellers frequently advertise items at "too-good-to-be-true" prices to entice a large number of victims • Attackers do not post photos of the item for sale but instead offer to send a photo as an email attachment or as a link upon request • Photo attachments contain malware: when the recipients open the attachment their computers become infected • Potential buyers are encouraged request original posting be modified so that it includes a photo 40
  • 41. 41
  • 42. Apple• Apple's Secure Transport library found in all versions of its operating systems since iOS 6 and OS X 10.9 • Handles establishing encrypted connection for Apple applications (Apple Mail, iBooks, FaceTime, Calendar, Keynote, Safari browser, and Software Update applications) • Library is used for the most common cryptographic transport algorithms of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) • A coding error in the Apple library is responsible for a security vulnerability 42
  • 43. Apple if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final . . . 43
  • 44. Apple• 2 "goto fail" lines in a row • First line would be executed if there is an error triggered by the "if ((err = SSLHashSHA1.update" line • Second line is not based on a condition (even though it is indented) and "goto fail" will always be executed, even if there was not an error • Code leaps over another call and result is that a verification will always succeed and never fail • Attackers could perform man-in-the-middle attack and return false data that appears that it came from a valid web server and has been cryptographically verified 44
  • 45. 45
  • 46. Deadliest Attack• Insulin pump worn by diabetics that administers insulin as an alternative to multiple daily injections • Diabetic security researcher demonstrated wireless attack on an insulin pump that could secretly change the delivery dosage of insulin to the patient up to 300 feet away • Another security researcher broke into defibrillator used to stabilize heartbeats and reprogrammed it, then disabled power-save mode so the battery ran down in hours instead of years • Threat was so real that a former vice president of the U.S. had his defibrillator removed and replaced with one that lacked capabilities that an attacker might exploit 46
  • 47. Deadliest Attack• Department of Homeland Security (DHS) report entitled "Attack Surface: Healthcare and Public Health Sector" says “now becoming a major concern. . . . pose a significant threat to the public and private sector" • Food and Drug Administration (FDA), which regulates the design and manufacture of medical devices issued an "FDA Safety Communication" document recommending that medical device manufacturers and health care facilities should "take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack” • FDA has stated that for any medical devices that do not "appropriately address" security risks "might consider" withholding its approval of the device 47
  • 48. Director of National Intelligence • What is our greatest global threat? • A – Terrorism • B – Weapons of mass destruction • C – Cybersecurity 48
  • 49. What's New In CompTIA Security+ • Current state of security • New CompTIA Security+ exam (SY0-401) • Teaching Security+ • Security+ Guide to Network Security Fundamentals 5th Edition
  • 50. What's New In CompTIA Security+ New CompTIA exam (SY0-401)
  • 54. 5 Security+ SY0-401 contains primarily updates and expansion of existing SY0-301 objectives to include current technologies and security concerns.  There are more scenario based objectives, which are often used for performance based questions in CompTIA exams. Notable updates  Expansion of common protocols and services  More content devoted to risk, including risks due to systems integration with third parties and how to plan for them  New emphasis on mobile security and BYOD  Risk mitigation in static environments including SCADA and Android/iOS.  Expanded and elevated (scenario based) authentication, authorization and access control, including federation. Changes in SY0-401 (Spring 2014)
  • 55. . July 2013 August 2013 September 2013 October 2013 November 2013 December 2013 January 2014 February 2014 March 2014 Remaining 2014 2013-2014 Translation Schedule Exam Retirements CompTIA 2013 Product Calendar Effective October 1, 2013 dates subject to change A+ (701/702) 8/31/13-English 12/31/13- All Languages Green IT IT for Sales 12/31/13 PDI+ 1/31/2014 CDIA+ (225-030) 3/31/14-All Languages Healthcare IT A+ (800 Series) Japanese-June 2013 German- September 2013 LAM Spanish- Q4 2013 Thai- Q4 2013 Arabic- Q1 2014 French- Q4 2013 Chinese- Q4 2013 Security+ (SYO-004) Item Writing September 16-20,2013 Mobility+ (MBO-001) Cut Score Workshop Aug 19-23 Network+ (N10-005) Item Refresh Aug 26-30 CASP Refresh JTA Oct 7-11, 2013 October 1, 2013 Launch CVO-001 iOS: IOS-001 Android : ADR-001 October 15, 2013 Launch Security+ (SY0-401) May 2014 CASP (CAS-002) August 2014 Network+ (NI0-006) Q4 2014 Strata IT Fundamentals (FC0-U51) Security+ (SY0-004) JTA July 8-12, 2013 Security+ (SY0-401) Objectives Release Security+ Refresh Cut Score Nov 11-15, 2013 MB0-001 November 1, 2013 Launch
  • 56. What's New In CompTIA Security+ • SY0-401 exam objectives released to general public December 2013 • SY0-401 exam goes live May 2014 • SY0-301 exam objectives 11 pages • SY0-401 exam objectives 15 pages
  • 57. 1.0 Network Security • +Layered defenses • +Common protocols • +Common services • +Unified Threat Managers
  • 58. 2.0 Compliance & Operational Security • +Information security terminology • -Physical defenses • +Data Loss Prevention
  • 59. 3.0 Threats & Vulnerabilities • -Worms, keyloggers • +Social engineering • +Arbitrary/Remote code execution • ?WEP/IV Attacks • ?Rainbow tables
  • 60. 4.0 Application, Data, Host Security • +Securing static environments • +Big Data • +Storage Area Networks • +Virtualization & Cloud computing • ++Mobile devices • ??Mainframe
  • 61. 5.0 Access Control & ID Mngt • +Authentication credentials • +Account management
  • 62. 6.0 Cryptography • +Comparative strengths & performance of algorithms • +Key stretching • +Certificate authorities • +Perfect forward secrecy
  • 63. Personal Observations • Somewhat deceptive about how much new material has been added • New material is more an expansion of existing topics than entirely new topics (going deeper instead of wider) • Watch for Given a scenario as trigger for performance-based questions
  • 64. Personal Observations • Ignore Suggested Classroom Equipment list • Ignore Security+ Acronym list
  • 65. What's New In CompTIA Security+ • Current state of security • New CompTIA Security+ exam (SY0-401) • Teaching Security+ • Security+ Guide to Network Security Fundamentals 5th Edition
  • 66. What's New In CompTIA Security+ Teaching Security+
  • 67. Practical Principles • Tradeoff • We can’t win • The Chain • What it takes 67
  • 69. We Can’t Win • Information security should not be viewed as a war to be won or lost • Just as crime like burglary can never be completely eradicated neither can attacks against technology • The goal is not a complete victory but instead maintaining equilibrium 69
  • 70. We Can’t Win • As attackers take advantage of a weakness in a defense, defenders must respond with an improved defense • Information security is an endless cycle between attacker and defender 70
  • 73. Practical Principles • Tradeoff • We can’t win • The Chain • What it takes 73
  • 74. Which Is Better? • thisisaverylongpassword • Xp4!e% • Length always trumps complexity
  • 75. Length Over Complexity • Keyboard had only 3 keys: A, B, and C • Had to create a 2-character password • How many different passwords could we create? • What’s the relationship between those numbers?
  • 76. Length Over Complexity Number-of-Keyboard-Keys ^ Password-Length = Total-Number-of- Possible-Passwords Keyboard Keys Password Length Possible Passwords 95 2 9,025 95 3 857,375 95 4 81,450,625 95 6 735,091,890,62 5 189 6 4.5579633e+13
  • 77. 77 Test Passwords • How Secure Is My Password
  • 78. Tennessee Password Policy • Have 3 of the following 4 characteristics: • Upper case characters (A-Z) • Lower case characters (a-z) • Digits (0-9) • Non alphanumeric characters (~ ! # % * _ -) • Is not a word in any language, slang, dialect, or jargon, etc. • Is not based on personal information. • Minimum of eight (8) characters
  • 79. Password Paradox • Password paradox – For password to remain secure it should never be written down but must be committed to memory. • Password should also be of a sufficient length and complexity that an attacker cannot easily determine • Paradox: although lengthy and complex passwords should be used and never written down, it is very difficult to memorize these types of passwords. • Users have multiple accounts for computers at work, school, and home, e-mail accounts, banks, online Internet stores, and each account has its own password
  • 80. Weak Passwords • Common word (Eagles) • Short passwords (ABCDEF) • Personal information (name of a child or pet) • Write password down • Predictable use of characters • Not change password • Reuse same password
  • 82. Password Principles 1. Any password that can be memorized is a weak password 2. Any password that is repeated on multiple accounts is a weak password
  • 83. Password Management Application • Use technology instead of our memory for password management • Password management application – Allow user to store username and password, along with other account details • Application is itself protected by a single strong password, and can even require the presence of a file on a USB flash drive before the program will open • Allows user to retrieve usernames and passwords without the need to remember or even type them • Allows for very strong passwords:
  • 85. Password Management Application • In-memory protection - Passwords are encrypted while the application is running to conceal passwords • Key files - In order to open the password database key file must also be present • Lock to user account - The database can be locked so that it can only be opened by the same person who created it • Password groupings - User passwords can be arranged as a tree, so that a group can have subgroups • Random password generator - A built-in random password generator can create strong random passwords based on different settings
  • 87. If You Rely On Memory Only • Length is more important than complexity • Do not use passwords that consist of dictionary words or phonetic words • Do not use birthdays, family member names, pet names, addresses, or any personal information • Do not repeat characters (xxx) or use sequences (abc, 123, qwerty) • Minimum of 12 characters in length or for accounts that require higher security a minimum of 18 characters is recommended • Consider using a longer passphrase but not in normal English sequence: not theraininspainfallsmainlyontheplain but instead use in sequence mainlyinonthethespainrainfalls • Use nonkeyboard characters
  • 88. 88 Use Nonkeyboard Characters • Make passwords stronger with special characters not on keyboard • Created by holding down ALT key while simultaneously typing a number on numeric keypad (but not the numbers across the top of the keyboard); ALT + 0163 produces £. • To see a list of all the available non-keyboard characters click Start and Run and enter charmap.exe; click on character and the code ALT + 0xxx will appear in lower-right corner if can be reproduced in Windows
  • 90. Tools • One-Time Pad •SSL Test •Online keylogger •OpenPuff 90
  • 91. What's New In CompTIA Security+ • Current state of security • New CompTIA Security+ exam (SY0-401) • Teaching Security+ • Security+ Guide to Network Security Fundamentals 5th Edition
  • 92. What's New In CompTIA Security+ Security+ Textbook 5th Edition
  • 93. Security+ 5e • Security+ Guide to Network Security Fundaments, 5e (9781305093911) • Available August 1, 2014 • Maps completely to new SY0-401 exam objectives • Retains popular format • Increased from 14 to 15 chapters (new chapter on Mobile Device Security) • Increased chapter length by 2-3 pages
  • 94. Security+ 5e • Cryptography moved up to Chapters 5-6 • New “Today’s Attacks & Defenses” openers • New sectional units • New and updated Review Questions, Hands-On Projects, Case Projects • New lecture videos • New material on companion web site to be updated regularly
  • 95. Security+ 5e • Chapter 1: Introduction to Security – Challenges of Securing Information – What Is Information Security? – Who Are the Attackers? – Attacks and Defenses
  • 96. Security+ 5e THREATS • Chapter 2: Malware and Social Engineering Attacks – Attacks Using Malware – Social Engineering Attacks • Chapter 3: Application and Networking-Based Attacks – Application Attacks – Networking-Based Attacks
  • 97. Security+ 5e BASIC SECURITY • Host, Application, and Data Security – Securing the Host – Securing static environments – Application Security – Securing Data
  • 98. Security+ 5e CRYPTOGRAPHY • Chapter 5: Basic Cryptography – Defining Cryptography – Cryptographic Algorithms – Using Cryptography • Chapter 6: Advanced Cryptography – Digital Certificates – Public Key Infrastructure (PKI) – Key Management – Transport Encryption Algorithms
  • 99. Security+ 5e NETWORK SECURITY • Chapter 7: Network Security – Security through network devices – Security through network technologies – Security through network design elements • Chapter 8: Administering a Secure Network – Common Network Protocols – Network Administration Principles – Securing Network Applications
  • 100. Security+ 5e MOBILE SECURITY • Chapter 9: Wireless Network Security – Wireless Attacks – Vulnerabilities of IEEE 802.11 Security – Wireless Security Solutions • Chapter 10: Mobile Device Security – Types Mobile Devices – Mobile Device Risks – Securing Mobile Devices
  • 101. Security+ 5e ACCESS CONTROL AND IDENTITY MANAGEMENT • Chapter 11: Access Control Fundamentals – What is access control? – Implementing access control – Authentication Services • Chapter 12: Authentication and Account Management – Authentication Credentials – Single sign-on – Account Management
  • 102. Security+ 5e COMPLIANCE & OPERATIONAL SECURITY • Chapter 13: Business Continuity – What is business continuity? – Disaster recovery – Environmental Controls – Incident Response Procedures – Forensics • Chapter 14: Risk Mitigation – Controlling Risk – Reducing Risk through Policies – Awareness and Training
  • 103. Security+ 5e COMPLIANCE & OPERATIONAL SECURITY • Chapter 15: Vulnerability Assessment and Third Party Integration –Vulnerability Assessment –Vulnerability Scanning vs. Penetration Testing –Third Party Integration –Summary
  • 104. What's New In CompTIA Security+ • Current state of security • New CompTIA Security+ exam (SY0-401) • Teaching Security+ • Security+ Guide to Network Security Fundamentals 5th Edition
  • 105. What's New In CompTIA Security+ mark.ciampa@wku.edu