Successfully reported this slideshow.

Why Security Plus 2008 Exam


Published on

Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa

Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).

  • Be the first to comment

Why Security Plus 2008 Exam

  1. 1. Teaching the New Security+ 2008 Edition Exam
  2. 2. Teaching the New Security+ 2008 Edition Exam Mark Ciampa [email_address]
  3. 3. Teaching the New Security+ 2008 Edition Exam Security Quiz
  4. 4. 90 <ul><li>How old you will feel by Friday after sitting through all these sessions </li></ul><ul><li>Average number of traffic lights per mile in Las Vegas </li></ul><ul><li>Percentage of e-mail that is spam </li></ul>
  5. 5. 1,500 <ul><li>Where the stock market will finally bottom out </li></ul><ul><li>Number of mouse clicks needed to navigate the Cengage Web site </li></ul><ul><li>Number users who still respond weekly to “Nigerian General” spam </li></ul>
  6. 6. 1 Out Of 4 <ul><li>Odds that most gamblers in Las Vegas think they have of winning a million dollars </li></ul><ul><li>Number of your students who by midterm still don’t know your name </li></ul><ul><li>How many personal computers are part of a botnet </li></ul>
  7. 7. 50% <ul><li>Price your flat panel TV dropped the month after you bought it </li></ul><ul><li>How much your IRA has lost in the last 12 months </li></ul><ul><li>Percentage of Americans who had their credit card or SSN exposed online </li></ul>
  8. 8. 39 Seconds <ul><li>Time took the person sitting next to you at lunch today to inhale their desert </li></ul><ul><li>How often you keep checking your watch to see when this presentation is finally over </li></ul><ul><li>Frequency a computer is probed on the Internet </li></ul>
  9. 9. Outline <ul><ul><li>Security Employment Trends </li></ul></ul><ul><ul><li>Overview of Security Certifications </li></ul></ul><ul><ul><li>CompTIA Security+ 2008 Certification </li></ul></ul><ul><ul><li>Community Server Web Site for Security+ 3ed </li></ul></ul>
  10. 10. Teaching the New Security+ 2008 Edition Exam Security Employment Trends
  11. 11. Average Pay IT Noncertified vs. Certified Skills
  12. 12. Examples of Average Pay Decrease for IT Certified <ul><li>Web Development (-16.3% in last quarter 2008) </li></ul><ul><li>Networking Operating System (-9.7%) </li></ul><ul><li>Programming (-5.3%) </li></ul><ul><li>Systems Administration (-2.2%) </li></ul>
  13. 13. Examples of Average Pay Increase for IT Certified <ul><li>Project Management (+3.1% in last quarter 2008) </li></ul><ul><li>Networking/Internetworking (+1.1%) </li></ul><ul><li>Security (+0.8%) </li></ul><ul><li>- </li></ul>
  14. 14. Wage-Boosting Skills <ul><li>Security (+4.6%) </li></ul><ul><li>Web Infrastructure (+4.2%) </li></ul><ul><li>Data Management (+4.2%) </li></ul><ul><li>Networking (+4.1%) </li></ul><ul><li>Business Intelligence (+4.0%). </li></ul><ul><li> </li></ul>
  15. 15. Titles Higher-Than-Average Gains Total Compensation <ul><li>Network Administrator (+4.8%) </li></ul><ul><li>Information Security Manager (+4.5%) </li></ul><ul><li>Storage Administrator/Architect (+4.5%) </li></ul><ul><li>E-Commerce/Internet Manager (+4.3%) </li></ul><ul><li>Quality Assurance Specialist (+4.2%). </li></ul>
  16. 16. Job Titles Percentage Increase 2008 <ul><li>CIO/CTO/Senior VP IT (+2.9%) </li></ul><ul><li>IT security director/manager/strategist (+2.6%) </li></ul><ul><li>Security architect/administrator/manager (+2.3%) </li></ul><ul><li>Telecommunications director/manager (+2.1%) </li></ul><ul><li>Data manager (+1.7%). </li></ul><ul><li> </li></ul>
  17. 17. Employment Trends <ul><li>As attacks continue to escalate, need for trained security personnel also increases </li></ul><ul><li>Demand for IT security professionals is approaching highest levels in 5 years </li></ul><ul><li>Patriot Act, Homeland Security Act, and Sarbanes-Oxley Act legislation still drives security employment </li></ul><ul><li>Unlike computer programming and help desk support, security is not being off-shored and rarely out-sourced </li></ul><ul><li>Security positions are not “on the job training” where a person can learn as they go </li></ul>
  18. 18. Employment Trends <ul><li>Department of Defense Directive 8570 requires 110,000 information assurance professionals in assigned duty positions to have security certification within 5 years </li></ul><ul><li>Also requires certification of all 400,000 full- and part-time military service members, contractors, and local nationals who are performing information assurance functions </li></ul>
  19. 19. Required Certifications for DoD
  20. 20. Categories Security Positions <ul><li>Managerial – Administration and management of plans, policies, people </li></ul><ul><li>Technical – Design, configure, install, and maintain technical security equipment </li></ul>
  21. 21. Security Positions <ul><li>Chief Information Security Officer (CISO) </li></ul><ul><li>Security Manager </li></ul><ul><li>Security Administrator </li></ul><ul><li>Security Technician </li></ul>
  22. 22. Chief Information Security Officer <ul><li>CISO is primarily responsible for assessment, management, and implementation of security </li></ul><ul><li>Other titles Manager for Security and Security Administrator </li></ul><ul><li>Reports directly to the CIO (large organizations may have more layers of management between) </li></ul><ul><li>Average salary $140,000 </li></ul>
  23. 23. Security Manager <ul><li>Accountable for the day-to-day operation of the information security program </li></ul><ul><li>Report to CISO and supervises technicians, administrators, and staff </li></ul><ul><li>Work on tasks identified by CISO and resolve issues identified by technicians </li></ul><ul><li>Requires understanding of configuration and operation but not necessarily technical mastery </li></ul><ul><li>Average salary $75,000 </li></ul>
  24. 24. Security Administrator <ul><li>Has both technical knowledge and managerial skill </li></ul><ul><li>Manage daily operations of security technology </li></ul><ul><li>May assist in development and conduct of security policy and training </li></ul><ul><li>May analyze and design security solutions within a specific entity (honeypot, firewall) </li></ul><ul><li>Identify the users’ needs and understand technology </li></ul><ul><li>Average salary $64,000 </li></ul>
  25. 25. Security Technician <ul><li>Provide technical support to configure security hardware (firewalls, IDS), implement security software, diagnose and troubleshoot problems </li></ul><ul><li>Generally entry-level position with technical skills </li></ul><ul><li>Focus on major security technology group </li></ul><ul><li>Average salary $40,000 </li></ul>
  26. 26. Teaching the New Security+ 2008 Edition Exam Overview of Security Certifications
  27. 27. Required Certifications for DoD
  28. 28. @ Copyright 2007 SCP
  29. 29. Certified Information Systems Security Professional (CISSP) <ul><li>Considered most prestigious high-level security certification </li></ul><ul><li>Offered by International Information Systems Security Certification Consortium (ISC) 2 ( ) </li></ul><ul><li>Designed “ to recognize mastery of an international standard for information security and understanding of common body of knowledge” </li></ul><ul><li>Minimum 5 years of direct full-time security professional work experience in 2+ domains (or 4 years with bachelor’s degree) </li></ul>
  30. 30. CISSP <ul><li>Ten domains </li></ul><ul><li>Access control </li></ul><ul><li>Application security </li></ul><ul><li>Business continuity & disaster recovery planning </li></ul><ul><li>Cryptography </li></ul><ul><li>Information security & risk management </li></ul><ul><li>Legal, regulations, compliance & investigations </li></ul><ul><li>Operations security </li></ul><ul><li>Physical security </li></ul><ul><li>Security architecture & design </li></ul><ul><li>Telecommunications & network security </li></ul>
  31. 31. Systems Security Certified Practitioner (SSCP) <ul><li>Less rigorous, more focused certifications </li></ul><ul><li>Offered by International Information Systems Security Certification Consortium (ISC) 2 ( ) </li></ul><ul><li>More applicable to security manager than technician </li></ul><ul><li>Focuses on “practices, roles and responsibilities as defined by experts from major IS industries” </li></ul><ul><li>Minimum 1 year experience in 1 of 7 domains </li></ul>
  32. 32. Systems Security Certified Practitioner (SSCP) <ul><li>Seven domains </li></ul><ul><li>Access controls </li></ul><ul><li>Administration </li></ul><ul><li>Audit and monitoring </li></ul><ul><li>Risk, response, and recovery </li></ul><ul><li>Cryptography </li></ul><ul><li>Data communications </li></ul><ul><li>Malicious code/malware </li></ul>
  33. 33. Global Information Assurance Certification (GIAC) <ul><li>Series of technical security certifications in 1999 known as the GIAC ( ). </li></ul><ul><li>Offered by the System Administration, Networking and Security Organization, or SANS ( ) </li></ul><ul><li>GIAC Security Engineer (GSE) and GIAC Information Security Officer (GISO) is overview certification combines basic technical knowledge with understanding of threats, risks, and best practices, similar to the SSCP </li></ul>
  34. 34.
  35. 35. Teaching the New Security+ 2008 Edition Exam CompTIA Security+ 2008 Exam
  36. 36. Security+ Certification Exam <ul><li>Considered the fundamental foundation security certification </li></ul><ul><li>Can be used as an alternative on the Microsoft MCSE and MCSA certification paths </li></ul><ul><li>Security+ Exam first introduced 2002 (SY0-101) </li></ul><ul><li>CompTIA started process to revise exam in 2006 </li></ul>
  37. 37. Security+ SY0-201 <ul><li>Security+ 2008 Edition Exam (SY0-201) went live October 14, 2008 </li></ul><ul><li>Previous edition exam (SY0-101) retirement extended from April 15 to July 31, 2009 </li></ul><ul><li>No wait time fixed between the first and second attempt, but after third attempt wait 30 days </li></ul><ul><li>Test fee is $258 </li></ul>
  38. 38. Security+ SY0-201
  39. 39. New SY0-201 Features <ul><li>Added new domain </li></ul><ul><li>Includes “how-to” material </li></ul><ul><li>Reorganized material </li></ul><ul><li>Updated content </li></ul>
  40. 40. Security+ SY0-101
  41. 41. Security+ SY0-201
  42. 42. Assessments & Audits
  43. 43. Assessments & Audits
  44. 44. Assessments & Audits
  45. 45. Assessments & Audits
  46. 46. How-To Material <ul><li>Some objectives now place more importance on knowing “how to” rather than just knowing or recognizing security concepts </li></ul><ul><li>“ Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges (3.3)” </li></ul><ul><li>“ Apply appropriate security controls to file and print resources (3.4)” </li></ul>
  47. 47. How-To Material <ul><li>“ No multiple choice exam is really going to test for “hands-on” skills.  On the other hand, as I mentioned in my previous notes to courseware providers, I notice a difference in emphasis in the new exam objectives from the old ones, in that there is more emphasis on implementing or applying than strictly on knowing…the questions written for this exam will require people to know what to do, versus just knowing what something is” </li></ul><ul><li>-Carol Balkcom, CompTIA Product Manager Security+ </li></ul>
  48. 48. Reorganized Material <ul><li>In SY1-101 one objective was listed in three different places! </li></ul><ul><li>Material organization greatly improved </li></ul><ul><li>Still issues </li></ul><ul><li>1.4 – There are separate bullets for “Cross-site scripting” and “XXS” (and the standard abbreviation for cross-site scripting is “XSS” instead of “XXS”) </li></ul><ul><li>2.6 – “Vampire taps” (10Base-5 connectors) instead of “network taps” </li></ul>
  49. 49. Reorganized Material <ul><li>3.7 - “TACACS” instead of “TACACS+” (very different and TACACS is an antiquated protocol) </li></ul><ul><li>5.2 - “NTLM”, better reference is NTLM v. 2 </li></ul>
  50. 50. Updated Content <ul><ul><ul><ul><li>Privilege escalation (1.1) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Spyware (1.1) </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Adware (1.1) </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Rootkits (1.1) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Botnets (1.1) </li></ul></ul></ul></ul><ul><li>BIOS (1.2) </li></ul><ul><li>USB devices (1.2) </li></ul><ul><li>Network attached storage (NAS) (1.2) </li></ul><ul><li>Cell Phones (1.2) </li></ul>
  51. 51. Updated Content <ul><li>Java (1.4) </li></ul><ul><li>Buffer overflow (1.4) </li></ul><ul><li>Cross-site scripting (1.4) </li></ul><ul><li>Input validation (1.4) </li></ul><ul><li>Antivirus (1.5) </li></ul><ul><li>Popup blockers (1.5) </li></ul><ul><li>Anti-Spam (1.5) </li></ul><ul><li>Attacks on Virtualized Systems (1.6) </li></ul>
  52. 52. Question Type <ul><li>1. When should a technician perform penetration testing? </li></ul><ul><li>A. When the technician suspects that weak passwords exist on the network </li></ul><ul><li>B. When the technician is trying to guess passwords on a network </li></ul><ul><li>C. When the technician has permission from the owner of the network </li></ul><ul><li>D. When the technician is war driving and trying to gain access </li></ul>
  53. 53. Question Type <ul><li>2. An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the server’s public IP address is now reported in a spam real-time block list. Which of the following is wrong with the server? </li></ul><ul><li>A. SMTP open relaying is enabled . </li></ul><ul><li>B. It does not have a spam filter. </li></ul><ul><li>C. The amount of sessions needs to be limited. </li></ul><ul><li>D. The public IP address is incorrect. </li></ul>
  54. 54. Question Type <ul><li>3. Which of the following is a reason why a company should disable the SSID broadcast of the wireless access points? </li></ul><ul><li>A. Rogue access points </li></ul><ul><li>B. War driving </li></ul><ul><li>C. Weak encryption </li></ul><ul><li>D. Session hijacking </li></ul>
  55. 55. Question Type <ul><li>4. A user wants to implement secure LDAP on the network. Which of the following port numbers secure LDAP use by default? </li></ul><ul><li>A. 53 </li></ul><ul><li>B. 389 </li></ul><ul><li>C. 443 </li></ul><ul><li>D. 636 </li></ul>
  56. 56. Question Type <ul><li>5. A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed? </li></ul><ul><li>A. Change management </li></ul><ul><li>B. Secure disposal </li></ul><ul><li>C. Password complexity </li></ul><ul><li>D. Chain of custody </li></ul>
  57. 57. Bridge Exam <ul><li>Not required to regularly renew Security+ certification </li></ul><ul><li>What if want to demonstrate up-to-date with security by showing new CompTIA Security+ 2008 Edition certification instead of older Security+ 2002 Edition? </li></ul><ul><li>Those who already hold the Security+ certification CompTIA is offering CompTIA Security+ Bridge Exam (BR0-001) </li></ul>
  58. 58. Bridge Exam <ul><li>Covers only the differences between the previous 2002 exam objectives (SY0-101) and the new 2008 exam (SY0-201) </li></ul><ul><li>Bridge exam is 50 questions and the minimum passing score is 560 on a scale of 100-900 </li></ul><ul><li>Only available to individuals who currently hold the CompTIA Security+ certification </li></ul>
  59. 59. Teaching the New Security+ 2008 Edition Exam Community Server Companion Web Site
  60. 60. Security+ 3ed <ul><li>Security+ Guide to Network Security Fundamentals 3ed published Nov 2008 </li></ul><ul><li>Essentially new textbook </li></ul><ul><li>Maps to Security+ 2008 Edition Exam (SY0-101) </li></ul><ul><li>Expanded coverage specific areas (wireless, passwords) </li></ul><ul><li>New Hands-On Projects and Case Projects </li></ul><ul><li>Two different lab manuals </li></ul>
  61. 61. Web Site <ul><li>Companion Web site to 3ed textbook </li></ul><ul><li>Ask the author questions </li></ul><ul><li>Author’s blog </li></ul><ul><li>Podcasts </li></ul><ul><li>One hour lecture video on each chapter </li></ul><ul><li>Demonstration video on a chapter Hands-On Project </li></ul><ul><li>Additional Hands-On Project labs </li></ul><ul><li>One-page articles </li></ul>
  62. 62. Web Site <ul><li>Entirely free to any Internet user </li></ul><ul><li>Can sign up for additional capabilities </li></ul><ul><li>All content can be downloaded except the chapter video lectures (only available to instructors but can be freely distributed to students) </li></ul><ul><li>Special day-long online session in early April with prizes, interactions, games, etc. </li></ul><ul><li> </li></ul>
  63. 63. Teaching the New Security+ 2008 Edition Exam Mark Ciampa [email_address]