CompTIA Security Plus Overview

accelerate your ambition
CompTIA Security Session @
ITProCamp Jax
Joseph Holbrook, CompTIA SME June 11 , 2016

accelerate your ambition 2
1. In IT industry – You going to need a security certification
2. In the US Military or a government contractor- required in most cases
3. (DoD 8570.01-M) / State Department Skills Incentive Program
4. Short Video about Security +
5. Exam Objectives
6. Exam Content
7. Taking the exam
8. Download instructions for training content
9. Be an IT Superhero
CompTIA Security Plus

In IT industry – You going to need a security certification

Why you need a Security Certification?
Why
• Critical to establishing a baseline knowledge
• Establishes you as “knowledgeable”
• Required for accessing IT Resources
• Government mandate in some cases.
Some IT Security Certifications
• CompTIA Security +
• CompTIA CASP
• CISSP
• CISA (ISC)
• CCNA – Security (CISCO)

In the US Military or a government contractor- required in
most cases for IT Pros

US Military DOD 8570-M
 Department of Defense Directive 8570 (DoDD 8570) provides guidance
and procedures for the training, certification, and management of all
government employees who conduct Information Assurance functions in
assigned duty positions. These individuals are required to carry an
approved certification for their particular job classification. GIAC
certifications are among those required for Technical, Management, CND,
and IASAE classifications. SANS courses prepare you to take a GIAC
exam.
 DDoDD 8570 Requires:
 •By the end of CY 2010, all personnel performing IAT and IAM functions
must be certified.
 •By the end of CY 2011 all personnel performing CND-SP and IASAE roles
must be certified.
 •All IA jobs will be categorized as 'Technical' or 'Management' Level I, II, or
III, and to be qualified for those jobs, you must be certified

Security Plus Video
https://certification.comptia.org/certifications/security

CompTIA Security Plus Exam Objectives

Preparing for the
CompTIA Security+
Examination
Chapter 1
Network Device Configuration

Network Devices
Part I Network Security Chapter 1 Network Device Configuration
Networks are comprised of devices and are
configured via software to perform the desired
activities. The correct configuration of network devices
is a key element of securing the network
infrastructure. Proper configuration can greatly assist
in the network security posture. Learning how to
properly configure network devices is important for
passing the CompTIA Security+ exam
A complete network computer solution in today’s business environment consists
of more than just client computers and servers.
• Devices are used to connect the clients and servers and to regulate the
traffic between them.
• Devices are also needed to expand this network beyond simple client
computers and servers to include yet other devices, such as wireless
and handheld systems.
Pg. 3

FIREWALLS
A firewall can be hardware, software, or a combination whose purpose is
to enforce a set of network security policies across network connections.
A firewall is a filtering device that has two or more interfaces to determine
the traffic that is allowed to flow through the interfaces. A dual-homed
firewall has two network interfaces. An embedded firewall is
integrated into a router. A hardware firewall is also referred to as an
appliance firewall. There are software firewalls and hardware
firewalls. A hardware firewall is purchased with a fixed number of
interfaces available and a software firewall is configurable.
Security policies are rules that define what traffic is permissible and what
traffic is to be blocked or denied. These are not universal rules, and many
different sets of rules are created for a single company with multiple
connections. A firewall is used to create a demilitarized zone (DMZ)
Pg. 3

How Do Firewalls Work
Firewalls enforce the established security policies through a variety of
mechanisms, including the following:
• Network Address Translation (NAT). NAT router/firewalls act as
the interface between a local area network and the Internet
using one IP address.
• Basic Packet Filtering - A packet-filtering firewall only looks at a
data packet to obtain the source and destination addresses
and the protocol and port used
• Stateful Packet Filtering. The firewall maintains, or knows, the
context of a conversation
• Access Control Lists (ACLs). A list of permissions used to access
an object.
• Application Layer Proxies. Packets are not allowed to traverse the
firewall, but data instead flows up to an application that in turn
decides what to do with it
Pg. 5

Configuring a Firewall
You need to configure the firewall to meet the following requirements:
Pg. 5
• The Research computer should only be allowed to connect to the file server using SCP.
• The Sales computer should only be allowed to connect to the Web server using HTTPS.
• No other connections from the server network to the DMZ should be allowed.

Configuring a Firewall
Pg. 5
<SOURCE IP> <DESTINATION IP> <PORT> <PROTOCOL><ALLOW/DENY>
Source: 192.168.0.2 - Destination: 172.16.0.2 - Port: 22 - TCP – Allow
Source: 192.168.0.3 - Destination: 172.16.0.3 - Port: 443 - TCP – Allow
Source: 192.168.0.0/16 - Destination: 172.16.0.0/12 - Port: Any - TCP/UDP - Deny

Routers
Routers are network traffic management devices used to connect
different network segments together. Routers operate at the network
layer (layer 3) of the Open Systems Interconnection (OSI) reference
model (discussed in Chapter 3), routing traffic using the network
address utilizing routing protocols to determine optimal paths across a
network. Routers form the backbone of the Internet, moving traffic from
network to network, inspecting packets from every communication as
they move traffic in optimal paths.
Routers operate by examining each packet, looking at the destination
address, and using algorithms and tables to determine where to send the
packet next. This process of examining the header to determine the next
hop can be done in quick fashion. A router is a device that is
designed to transmit all data that is not specifically denied between
networks, and to do so in the most efficient manner possible.
Pg. 7

Routers
Routers use ACLs as a method of deciding whether a packet is
allowed to enter the network. With ACLs, it is also possible to examine
the source address and determine whether or not to allow a packet to
pass. This allows routers equipped with ACLs to drop packets
according to rules built in the ACLs. The ACLs will improve network
security by confining sensitive data traffic to computers on a
specific subnet.
One serious operational security issue with routers concerns the
access to a router and control of its internal functions. Routers can be
accessed using the Simple Network Management Protocol (SNMP)
and Telnet and can be programmed remotely
Pg. 7

Switches
Switches form the basis for connections in most Ethernet-based local
area networks (LANs). Although hubs and bridges still exist, in today’s
high-performance network environment, switches have replaced both.
A switch, like a bridge, can connect two or more LAN segments
together.
A switch has separate collision domains for each port. This means that
for each port, two collision domains exist: one from the port to the
client on the downstream side and one from the switch to the network
upstream. When full duplex is employed, collisions are virtually
eliminated from the two nodes, host and client. This also acts as a
security factor in that a sniffer can see only limited traffic, as opposed
to a hub-based system, where a single sniffer can see all of the traffic
to and from connected devices.
Pg. 8

Switches
Switches operate at the data link layer of the OSI model, while routers
act at the network layer. For intranets, switches have become what
routers are on the Internet—the device of choice for connecting
machines. As switches have become the primary net-work
connectivity device, additional functionality has been added to them. A
switch is usually a layer 2 device, but layer 3 switches incorporate
routing functionality.
Switches can also perform a variety of security
functions. Port address security based on Media Access
Control (MAC) addresses can determine whether a
packet is allowed or blocked from a connection. You
should replace the hub with a switch. This will
provide some protection against traffic sniffing. In a
network that uses hubs, packets are visible to every
node on the network
Pg. 8

Switches
Simple Network Management Protocol (SNMP) provides management
functions to many network devices. SNMPv1 and SNMPv2
authenticate using a cleartext password, allowing anyone monitoring
packets to capture the password and have access to the network
equipment. SNMPv3.
To secure a switch, you should disable all
access protocols other than a secure serial
line or a secure protocol such as Secure Shell
(SSH). Using only secure methods to access a
switch will limit the exposure to hackers and
malicious users.
Three Best Practices for securing a switch
• Ensure that wiring closets are locked.
• Ensure that TCP and UDP ports are
managed properly.
• Ensure that the MAC address of
connected devices are monitored. Pg. 9

1. The CompTIA Security Plus Bootcamp is 3-5 days of training.
2. The cost of this training is around $2000.00 -$3000.00 for the week
3. Hundreds of training providers
4. Ill be hosting a special bootcamp over in Late July or early August so pay attention to the
http://www.meetup.com/JaxFISG/
5. Cost will be around $500 -$ 800.00 depending on venue and number of attendees.
6. Thank you
CompTIA Security Plus Courses

CompTIA Security Plus Exam
https://certification.comptia.org/testing/schedule-exam

Download Exam Materials and EBook

https://spaces.hightail.com/space/NMDqK Access Code itprocamp2016
Download Materials (FREE) from my Hightail Space

Funny Video… Its so true about IT Users. https://www.youtube.com/watch?v=hgeaya7Yg4A
Are you an IT Superhero?

1. Available for Consulting
- VMWare, HDS Storage, Brocade Communications, Cloud Computing and ITIL
Data Center Transformation and Cloud Migrations.
1. Available Training
- CompTIA, Cloud Credential Council, ITIL and major storage vendors.
Customized and Content Development
Consulting and Training

Joseph Holbrook
CompTIA Subject Matter Expert
VCP Cloud, EMC Proven Professional
Expert, HPE ASE, HDS Architect
Nutanix NPP and Brocade Distinguished
Architect (BDA)
Joseph.holbrook@dimensiondata.com
jholbrook2015@switchsanguru.com
www.switchsanguru.com
www.dimensiondata.com
(703) 269-7044

CompTIA Security Plus Overview

More Related Content

What's hot

Viewers also liked

Similar to CompTIA Security Plus Overview

More from Joseph Holbrook, Chief Learning Officer (CLO)

Recently uploaded

CompTIA Security Plus Overview