|
|
Title |
Duration |
|
|
|
Introduction to Security+ 2008
In this introductory nugget you will find out about the six domains of the Security+ Exam, the Security+ certification and the information to be covered in this series.
|
00:12:11 |
|
|
|
Evaluating Common Security Threats
In this nugget you will get an overview of common security threats such as various forms of malware, spyware, adware, botnets and logic bombs. You will also learn about security risks to hardware and peripherals.
|
00:43:55 |
|
|
|
Operating System Hardening
You will really enjoy this nugget as you explore the procedures for hardening workstations and servers. Topics include: hotfixes, service packs, security templates, patches, and more.
|
00:33:10 |
|
|
|
Application Security
This nugget of the Security+ series covers methodologies for establishing application security. You will learn about Active X and Java, cookies, instant messaging, P2P file-sharing, SMTP open relays, scripting, and XSS.
|
00:47:16 |
|
|
|
Implementing Security Applications
This nugget is a broad overview of functionality of the common application threat mitigation tools like HIDS, HIPS, personal firewalls, security suites, Antivirus, anti-spam. and pop-up blockers.
|
00:37:29 |
|
|
|
Network Infrastructure Attacks (Part 1)
This nugget will differentiate between the different ports and protocols, their threats and mitigation techniques. Concepts include: TCP/IP hijacking, Null sessions, Spoofing, Man-in-the-middle, Replay, DOS, DDOS, Domain Name Kiting, DNS poisoning, ARP poisoning, weak passwords, back doors, and default account vulnerability.
|
00:34:56 |
|
|
|
|
00:35:52 |
|
|
|
|
00:27:06 |
|
|
|
Network Security Tools
This nugget presents the appropriate use and application of network security tools such as NIDS, NIPS, Firewalls, Proxy servers, Honeypot, Content filters, and Protocol analyzers.
|
00:32:01 |
|
|
|
Wireless Network Security
This very interesting nugget takes on the topic of wireless networking security including data emanation, war driving, SSID broadcast, Blue jacking, Bluesnarfing, Rogue access points and weak encryption.
|
00:33:45 |
|
|
|
Access Control (Part 1)
Probably one of the most vital aspects of network security is access control. This nuggets teaches you how to identify and apply industry best practices for access control methods. You explore common access control models like MAC, DAC, and RBAc as well as the differences between each. You'll learn how to organize users and computers into appropriate security groups and roles, apply appropriate security controls to file and print resources, and compare logical access control methods.
|
00:42:09 |
|
|
|
Access Control (Part 2)
Taking up where Access Control Part 1 leaves off, this nugget presents various authentication models and identifies the components of each - such as Biometric readers, RADIUS, TACACS, RAS, VPN, Kerberos, CHAP, 802.1x and much more. We also explore physical access security methods including tokens, surveillance, and man-traps.
|
00:31:09 |
|
|
|
Assessments and Audits (Part 1)
This nugget tackles the following topics: Port scanners; Vulnerability scanners; Protocol analyzers; OVAL; Password crackers; Network mappers; Performance monitor; Systems monitor; and Performance baselines.
|
00:40:46 |
|
|
|
Assessments and Audits (Part 2)
This nugget covers the various types of monitoring methodologies including Behavior-based, Signature-based, and Anomaly-based. You'll learn about proper logging procedures and evaluation of DNS, System, Performance, Access, Firewall, and Antivirus. User access and rights review, storage and retention policies, and group policies are also covered.
|
00:30:30 |
|
|
|
General Cryptography Concepts
This nugget covers the fundamentals of cryptography including symmetric vs. asymmetric encryption. The security assurance model of C.I.A.N. is explored as well as comparative strength of algorithms.
|
00:32:06 |
|
|
|
Cryptography Algorithms and Protocols
This second nugget of the Cryptography domain lays out hashing concepts and algorithms like MD5 and SHA. Basic algorithms and encryption concepts are explored including: DES; 3DES; RSA; PGP; Elliptic curve (ECC); AES/AES256; One time pad; SSL/TLS; S/MIME; and PPTP/L2TP.
|
00:38:20 |
|
|
|
|
00:37:29 |
|
|
|
Organizational Security (Part 1)
This nugget explains redundancy planning and the components, implementation of disaster recovery procedures, and incident response procedures.
|
00:32:27 |
|
|
|
Organizational Security (Part 2)
A wide array of organizational security topics and terms are covered here including: Secure disposal of computers; Acceptable- use policies; Password complexity; Change management; Classification of information; Mandatory vacations; Personally Identifiable Information (PII); Due care/diligence/process; SLA; Security-related HR policy; and User education and awareness training.
|
00:26:37 |
|
|
|
Organizational Security (Part 3)
The final nugget of the Security+ series lays out the importance of environmental controls like Fire suppression, HVAC, and Shielding. Social Engineering threats such as phishing, hoaxes, shoulder surfing, and dumpster diving are explored.
|
00:14:35 |
|
|
|
Network Security Domain Update
This first Security+ update Nugget deals with All-in-One security appliances, layer 2 security, virtualization and cloud computing, IPv4 vs. IPv6, and enhancements to wireless security.
|
00:47:50 |
|
|
|
|
00:43:48 |
|
|
|
Threats and Vulnerabilities Domain Update
Let's update threats and vulnerabilities! Here we dive into Phishing, Vishing, SPIM, Pharming, DNS and ARP poisoning, application attacks, and assessment types and techniques.
|
00:37:11 |
|
|
|
|
00:22:14 |
|
|
|
|
00:29:00 |
|
|
|
Cryptography Domain Update
The cryptography domain is updated here with additional cryptosystems including RIPEMD, PGP, GPG, whole disk encryption, and Twofish. You will investigate the SSL/TLS phases, PKI advanced topics, and finishing up with a review of acronyms.
|
00:40:58 |
