In IT industry – You going to need a security certification
In the US Military or a government contractor- required in most cases
(DoD 8570.01-M) / State Department Skills Incentive Program
Short Video about Security +
Exam Objectives
Exam Content
Taking the exam
Practice Questions
Tips to Prepare
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
CompTIA Security Plus Mini Bootcamp Session
1. Joseph Holbrook, Cloud Consulting Architect and Technical Trainer
CompTIA Subject Matter Expert (SME)
Cloudbursting Corp(AWS Partner) in Jacksonville, FL.
05/27/2017
COMPTIA SECURITY + CERTIFICATION
(EXAM SYO-401)
SHORT REVIEW SESSION
2. • Joe Holbrook, owner of Cloudbursting Corp in Jacksonville, FL.
• Cloud Consulting Architect & Technical Trainer who has been consulting in
the Cloud Computing, IT Security Data Storage areas for over 15 years.
• Government contractor and consultant for 10 years. DOD 8570
• IT Security mainly around Cryptography and secure communications for
Federal Gov.
• CompTIA Subject Matter Expert (SME)
• Holds numerous vendor and CompTIA Certs
ABOUT YOUR INSTRUCTOR
CLOUDBURSTING CORP 5/27/2017 2
3. 1. In IT industry – You going to need a security certification
2. In the US Military or a government contractor- required in most cases
3. (DoD 8570.01-M) / State Department Skills Incentive Program
4. Short Video about Security +
5. Exam Objectives
6. Exam Content
7. Taking the exam
8. Practice Questions
9. Tips to Prepare
COMPTIA SECURITY PLUS
5. IN IT INDUSTRY – YOU GOING TO NEED A SECURITY
CERTIFICATION
6. WHY YOU NEED A SECURITY CERTIFICATION?
• Why
• Critical to establishing a baseline knowledge
• Establishes you as “knowledgeable”
• Required for accessing IT Resources
• Government mandate in some cases.
Some IT Security Certifications
• CompTIA Security +
• CompTIA CASP
• CompTIA CSA +
• CISSP
• CISA (ISC)
• CCNA – Security (CISCO)
5/27/2017CLOUDBURSTING CORP 6
7. IN THE US MILITARY OR A GOVERNMENT
CONTRACTOR- REQUIRED IN MOST CASES FOR IT PROS
8. The DoD 8570 Information Assurance
Training, Certification and Workforce
Management program addresses this
threat by proactively educating and
certifying commercial contractors, and
military and civilian personnel to perform
their critical duties as Information
Assurance professionals.
Under the 8570 Mandate, all personnel
with "privileged access" to DoD systems
must obtain an ANSI-approved
commercial certification.
DOD 8570 & ISO/ANSI 17024
CLOUDBURSTING CORP 5/27/2017 8
9. US MILITARY DOD 8570-M
Department of Defense Directive 8570 (DoDD 8570) provides guidance and
procedures for the training, certification, and management of all government
employees who conduct Information Assurance functions in assigned duty
positions. These individuals are required to carry an approved certification for
their particular job classification. GIAC certifications are among those required
for Technical, Management, CND, and IASAE classifications. SANS courses
prepare you to take a GIAC exam.
DoD 8570 Requires:
•By the end of CY 2010, all personnel performing IAT and IAM functions must be
certified.
•By the end of CY 2011 all personnel performing CND-SP and IASAE roles must
be certified.
•All IA jobs will be categorized as 'Technical' or 'Management' Level I, II, or III,
and to be qualified for those jobs, you must be certified
5/27/2017CLOUDBURSTING CORP 9
16. NETWORK DEVICES
Chapter 1 Network Device Configuration
Networks are comprised of devices and are
configured via software to perform the desired
activities. The correct configuration of network devices
is a key element of securing the network infrastructure.
Proper configuration can greatly assist in the network
security posture. Learning how to properly configure
network devices is important for passing the CompTIA
Security+ exam
A complete network computer solution in today’s business environment consists
of more than just client computers and servers.
• Devices are used to connect the clients and servers and to regulate the
traffic between them.
• Devices are also needed to expand this network beyond simple client
computers and servers to include yet other devices, such as wireless
and handheld systems.
Pg. 3
5/27/2017CLOUDBURSTING CORP 16
17. FIREWALLS
Chapter 1 Network Device Configuration
A firewall can be hardware, software, or a combination whose purpose is to
enforce a set of network security policies across network connections. A
firewall is a filtering device that has two or more interfaces to determine the
traffic that is allowed to flow through the interfaces. A dual-homed
firewall has two network interfaces. An embedded firewall is
integrated into a router. A hardware firewall is also referred to as an
appliance firewall. There are software firewalls and hardware
firewalls. A hardware firewall is purchased with a fixed number of
interfaces available and a software firewall is configurable.
Security policies are rules that define what traffic is permissible and what
traffic is to be blocked or denied. These are not universal rules, and many
different sets of rules are created for a single company with multiple
connections. A firewall is used to create a demilitarized zone (DMZ) Pg. 3
5/27/2017CLOUDBURSTING CORP 17
18. HOW DO FIREWALLS WORK
Chapter 1 Network Device Configuration
Firewalls enforce the established security policies through a variety of
mechanisms, including the following:
• Network Address Translation (NAT). NAT router/firewalls act as
the interface between a local area network and the Internet
using one IP address.
• Basic Packet Filtering - A packet-filtering firewall only looks at a
data packet to obtain the source and destination addresses
and the protocol and port used
• Stateful Packet Filtering. The firewall maintains, or knows, the
context of a conversation
• Access Control Lists (ACLs). A list of permissions used to access
an object.
• Application Layer Proxies. Packets are not allowed to traverse the
firewall, but data instead flows up to an application that in turn
decides what to do with it
Pg. 5
5/27/2017CLOUDBURSTING CORP 18
19. CONFIGURING A FIREWALL
Part I Network Security Chapter 1 Network Device Configuration
You need to configure the firewall to meet the following requirements:
Pg. 5
• The Research computer should only be allowed to connect to the file server using SCP.
• The Sales computer should only be allowed to connect to the Web server using HTTPS.
• No other connections from the server network to the DMZ should be allowed.
5/27/2017CLOUDBURSTING CORP 19
21. ROUTERS
Chapter 1 Network Device Configuration
Routers are network traffic management devices used to connect
different network segments together. Routers operate at the network
layer (layer 3) of the Open Systems Interconnection (OSI) reference
model (discussed in Chapter 3), routing traffic using the network
address utilizing routing protocols to determine optimal paths across a
network. Routers form the backbone of the Internet, moving traffic from
network to network, inspecting packets from every communication as they
move traffic in optimal paths.
Routers operate by examining each packet, looking at the destination
address, and using algorithms and tables to determine where to send the
packet next. This process of examining the header to determine the next
hop can be done in quick fashion. A router is a device that is designed
to transmit all data that is not specifically denied between networks,
and to do so in the most efficient manner possible. Pg. 7
5/27/2017CLOUDBURSTING CORP 21
22. ROUTERS
Chapter 1 Network Device Configuration
Routers use ACLs as a method of deciding whether a packet is
allowed to enter the network. With ACLs, it is also possible to examine
the source address and determine whether or not to allow a packet to
pass. This allows routers equipped with ACLs to drop packets
according to rules built in the ACLs. The ACLs will improve network
security by confining sensitive data traffic to computers on a
specific subnet.
One serious operational security issue with routers concerns the
access to a router and control of its internal functions. Routers can be
accessed using the Simple Network Management Protocol (SNMP)
and Telnet and can be programmed remotely
Pg. 7
5/27/2017CLOUDBURSTING CORP 22
23. SWITCHES
Chapter 1 Network Device Configuration
Switches form the basis for connections in most Ethernet-based local
area networks (LANs). Although hubs and bridges still exist, in today’s
high-performance network environment, switches have replaced both.
A switch, like a bridge, can connect two or more LAN segments
together.
A switch has separate collision domains for each port. This means that
for each port, two collision domains exist: one from the port to the
client on the downstream side and one from the switch to the network
upstream. When full duplex is employed, collisions are virtually
eliminated from the two nodes, host and client. This also acts as a
security factor in that a sniffer can see only limited traffic, as opposed
to a hub-based system, where a single sniffer can see all of the traffic
to and from connected devices. Pg. 8
5/27/2017CLOUDBURSTING CORP 23
24. SWITCHES
Chapter 1 Network Device Configuration
Switches operate at the data link layer of the OSI model, while routers
act at the network layer. For intranets, switches have become what
routers are on the Internet—the device of choice for connecting
machines. As switches have become the primary net-work connectivity
device, additional functionality has been added to them. A switch is
usually a layer 2 device, but layer 3 switches incorporate routing
functionality.
Switches can also perform a variety of security functions.
Port address security based on Media Access Control
(MAC) addresses can determine whether a packet is
allowed or blocked from a connection. You should
replace the hub with a switch. This will provide some
protection against traffic sniffing. In a network that
uses hubs, packets are visible to every node on the
network
Pg. 8
5/27/2017CLOUDBURSTING CORP 24
25. SWITCHES
Chapter 1 Network Device Configuration
Simple Network Management Protocol (SNMP) provides management
functions to many network devices. SNMPv1 and SNMPv2
authenticate using a cleartext password, allowing anyone monitoring
packets to capture the password and have access to the network
equipment. SNMPv3.
To secure a switch, you should disable all
access protocols other than a secure serial line
or a secure protocol such as Secure Shell
(SSH). Using only secure methods to access a
switch will limit the exposure to hackers and
malicious users.
Three Best Practices for securing a switch
• Ensure that wiring closets are locked.
• Ensure that TCP and UDP ports are
managed properly.
• Ensure that the MAC address of
connected devices are monitored. Pg. 9
5/27/2017CLOUDBURSTING CORP 25
26. 1. The CompTIA Security Plus Bootcamp is 3-5 days of training.
2. The cost of this training is around $2000.00 -$3000.00 for the week
3. Hundreds of training providers
4. Ill be hosting a special bootcamp over in Late July or early August so pay attention to the
http://www.meetup.com/JaxFISG/
5. Cost will be around $500 -$ 800.00 depending on venue and number of attendees.
6. Thank you
COMPTIA SECURITY PLUS COURSES
33. 1. What network design elements allows for many internal devices to share
one public IP address
- NAT
- PAT
- DHCP
- BGP
MOCK QUESTIONS
34. 2. While working as a security administrator, you observed some suspicious
activity on your network and believe you have a breach. Which appliance is
designed to stop an intrusion on the network?
- IDS
- NIPS
- Firewall
- Honeypot
MOCK QUESTIONS
35. 3. Which of the following flags are used for TCP to establish a connection?
- ACK
- SYN
-Reboot
-FIN
MOCK QUESTIONS
36. 4. You organization has witness a rogue application that appears to push out
unusual HTML tags and they are filtering content. What Layer of the TCP
stack are we dealing with?
- Layer 1
- Layer 2
-Layer 5
-Layer 7
MOCK QUESTIONS
37. 5. You are a newly minted Security Plus expert. Your new role you are
expected to block web traffic from Iceland because of numerous issues from
that country. How do you block specific countries such as Iceland? Select
Three choices
- URL Filtering
- Proxy
- HIDS
- Spam Filter
- Firewall
MOCK QUESTIONS
39. 1. Available for Consulting
- VMWare, HDS Storage, Brocade Communications, Cloud Computing and ITIL
• Data Center Transformation and Cloud Migrations.
1. Available Training
• - CompTIA, Cloud Credential Council, ITIL and major storage vendors.
• - Google Cloud Platform and Amazon Web Services.
• Customized and Content Development
CONSULTING AND TRAINING