Autoplay
Autocomplete
Previous Lesson
Complete and Continue
CompTIA Security+ Certification (Exam number SY0-501)
Course Introduction
Course Introduction (1:55)
Courseware Information (0:15)
Instructor Introduction (1:33)
Chapter 01 - Identifying Security Fundamentals
Identifying Security Fundamentals (1:11)
Topic A: Identify Information Security Concepts (0:53)
Information Security (1:18)
Goals of Information Security (1:56)
Risk (3:08)
Vulnerabilities (2:06)
Threats (0:58)
Attacks (1:16)
Controls (1:31)
Types of Controls (1:27)
The Security Management Process (1:45)
Demo - Identifying Information Security Basics (2:41)
Topic B: Identify Basic Security Controls (0:37)
The CIA Triad (0:28)
The CIA Triad (cont.) (5:09)
Non-repudiation (0:43)
Identification (1:05)
Authentication (0:47)
Authentication Factors (4:01)
Authorization (0:58)
Access Control (0:46)
Accounting and Auditing (1:02)
Principle of Least Privilege (1:58)
Privilege Management (3:02)
Demo - Identifying Basic Security Controls (1:58)
Topic C: Identify Basic Authentication and Authorization Concepts (0:49)
Passwords (2:04)
Tokens (1:27)
Biometrics (1:53)
Geolocation (1:26)
Keystroke Authentication (1:18)
Multi-factor Authentication (1:36)
Mutual Authentication (0:36)
Demo - Identifying Basic Authentication and Authorization Concepts (2:31)
Topic D: Identify Basic Cryptography Concepts (0:37)
Cryptography (1:34)
Encryption and Decryption (1:56)
Encryption and Decryption (cont.) (0:53)
Encryption and Security Goals (1:34)
Ciphers (1:20)
A Key (2:11)
Symmetric Encryption (0:55)
Asymmetric Encryption (1:45)
Asymmetric Encryption ( cont.) (1:56)
Hashing (1:54)
Steganography (1:46)
Demo - Identifying Basic Cryptography Concepts (4:43)
Chapter 01 Review (0:55)
Chapter 02 - Analyzing Risk
Analyzing Risk (1:06)
Topic A: Analyze Organizational Risk (0:37)
Risk Management (1:10)
Components of Risk Analysis (2:17)
Phases of Risk Analysis (2:41)
Categories of Threat Types (1:38)
Risk Analysis Methods (1:36)
Risk Calculation (3:10)
Risk Response Techniques (2:08)
Risk Mitigation and Control Types (2:20)
Change Management (2:00)
Change Management (cont.) (1:15)
Guidelines for Analyzing Risk (1:15)
Demo - Analyzing Risks to the Organization (3:03)
Topic B: Analyze the Business Impact of Risk (0:42)
BIA (1:14)
Impact Scenarios (1:17)
Impact Scenarios (cont.1) (0:40)
Impact Scenarios (cont.2) (1:43)
Privacy Assessments (2:06)
Critical Systems and Functions (1:04)
Maximum Tolerable Downtime (0:54)
Recovery Point Objective (1:01)
Recovery Time Objective (0:38)
Mean Time to Failure (0:34)
Mean Time to Repair (0:39)
Mean Time Between Failures (1:03)
Guidelines for Performing a Business Impact Analysis (0:55)
Demo - Performing a Business Impact Analysis (3:49)
Chapter 02 Review (0:51)
Chapter 03 - Identifying Security Threats
Identifying Security Threats (1:44)
Topic A: Identify Types of Attackers (0:29)
Hackers and Attackers (2:42)
Hackers and Attackers (cont.) (2:00)
Threat Actors (2:12)
Threat actors (cont.) (0:21)
Threat Actor Attributes (2:35)
Threat Actor Attributes (cont.) (1:18)
Open-Source Intelligence (1:35)
Demo - Identifying Types of Attackers (2:46)
Topic B: Identify Social Engineering Attacks (1:27)
Social Engineering (1:46)
Social Engineering (cont.) (1:56)
Effectiveness (5:49)
Impersonation (1:47)
Phishing and Related Attacks (4:12)
Phishing and Related Attacks (cont.) (2:40)
Hoaxes (1:14)
Physical Exploits (1:57)
Watering Hole Attacks (0:58)
Demo - Identifying Social Engineering Attacks (2:09)
Topic C: Identify Malware (0:30)
Malicious Code (0:53)
Malicious Code (cont.) (1:07)
Viruses (1:58)
Worms (0:59)
Adware (0:42)
Spyware (1:08)
Trojan Horses (1:02)
Keyloggers (1:22)
Remote Access Trojans (0:37)
Logic Bombs (1:20)
Botnets (2:28)
Bonets (cont.) (0:19)
Ransomware (3:19)
Ransomware (cont.) (0:56)
Advance Persistent Threats (1:04)
Demo - Identifying Types of Malware (2:44)
Topic D: Identify Software-Based Threats (0:37)
Software Attacks (0:45)
Password Attacks (0:52)
Types of Password Attacks (2:20)
Types of Password Attacks (cont.) (2:13)
Cryptographic Attacks (0:48)
Types of Cryptographic Attacks (2:36)
Types of Cryptographic Attacks (cont.) (1:21)
Backdoor Attacks (1:15)
Backdoor Attaxks (cont.) (0:18)
Application Attacks (1:08)
Application Attacks (cont.) (0:28)
Types of Application Attacks (4:29)
Driver Manipulation (1:23)
Privilege Escalation (1:21)
Privilege Escalation (cont.) (0:20)
Demo - Identifying Password Attacks (7:51)
Topic E: Identify Network-Based Threats (1:04)
TCP/IP Basics (3:06)
TCP/IP (cont.) (3:50)
Spoofing Attacks (0:52)
IP and MAC Address Spoofing (1:10)
IP and MAC Address Spoofing (cont.) (0:47)
ARP Poisoning (2:33)
DNS Poisoning (1:57)
Port Scanning Attacks (2:09)
Port Scanning Attacks (cont.) (0:13)
Scan Types (1:13)
Scan Types (cont.) (0:54)
Eavesdropping Attacks (1:21)
Man-in-the-Middle Attacks (0:44)
Man-in-the-Middle Attacks (cont.) (0:37)
Man-in-the-Browser Attacks (1:00)
Replay Attacks (0:37)
Replay Attacks (cont.) (0:34)
DoS Attacks (1:39)
DDoS Attacks (1:22)
Hijacking Attacks (1:24)
Hijacking Attacks (cont.) (1:29)
Amplification Attacks (0:35)
Amplification Attacks (cont.) (1:57)
Pass the Hash Attacks (1:08)
Demo - Identifying Threats to DNS (4:01)
Demo - Identifying Port Scanning Threats (7:26)
Topic F: Identify Wireless Threats (0:40)
Rogue Access Points (0:51)
Evil Twins (1:03)
Jamming (0:36)
Bluejacking (1:27)
Bluesnarfing (0:57)
Near Field Communication Attacks (1:03)
RFID System Attacks (0:58)
War Driving, War Walking, and War Chalking (1:11)
Packet Sniffing (0:44)
IV Attacks (1:16)
Wireless Replay Attacks (0:23)
WEP and WPA Attacks (2:38)
WPS Attacks (1:04)
Wireless Disassociation (0:57)
Demo - Identifying Wireless Threats (3:02)
Topic G: Identify Physical Threats (0:55)
Physical Threats and Vulnerabilities (0:50)
Hardware Attacks (0:44)
Environmental Threats and Vulnerabilities (2:01)
Environmental Threats and Vulnerabilities (cont.) (1:06)
Demo - Identifying Physical Threats (1:58)
Chapter 03 Review (1:16)
Chapter 04 - Conducting Security Assessments
Conducting Security Assessments (0:53)
Topic A: Identify Vulnerabilities (0:26)
Host Vulnerabilities (3:17)
Software Vulnerabilities (4:04)
Encryption Vulnerabilities (1:59)
Network Architecture Vulnerabilities (2:05)
Account Vulnerabilities (1:23)
Operations Vulnerabilities (3:06)
Demo - Identifying Vulnerabilities (2:57)
Topic B: Assess Vulnerabilities (0:24)
Security Assessment (1:56)
Security Assessment Techniques (2:43)
Vulnerability Assessment Tools (3:16)
Types of Vulnerability Scans (1:45)
False Positives (2:25)
Guidelines for Assessing Vulnerabilities (2:27)
Demo - Capturing Network Data with Wireshark (8:25)
Demo - Scanning for General Vulnerabilities (5:20)
Topic C: Implement Penetration Testing (0:28)
Penetration Testing (1:07)
Penetration Testing Techniques (3:05)
Box Testing Methods (1:28)
Penetration Testing Tools (0:58)
Guidelines for Implementing Penetration Testing (0:59)
Demo - Implementing Penetration Testing (4:50)
Chapter 04 Review (0:55)
Chapter 05 - Implementing Host and Software Security
Implementing Host and Software Security (1:04)
Topic A: Implement Host Security (0:23)
Hardening (1:58)
Operating System Security (1:41)
Operating System Hardening Techniques (1:34)
Trusted Computing Base (1:37)
Hardware and Firmware Security (2:01)
Hardware and Firmware Security (cont.) (1:18)
Security Baselines (0:57)
Software Updates (2:44)
Application Blacklisting and Whitelisting (1:32)
Logging (1:07)
Auditing (1:57)
Anti-malware Software (1:49)
Types of Anti-malware Software (2:42)
Hardware Peripheral Security (3:30)
Embedded Systems (1:29)
Security Implications for Embedded Systems (2:04)
Security Implications for Embedded System (cont.) (2:10)
Guidelines for Securing Hosts (1:47)
Demo - Implementing Auditing (4:41)
Demo - Hardening a Server (6:01)
Topic B: Implement Cloud and Virtualization Security (0:28)
Virtualization (2:50)
Hypervisors (1:35)
Hypervisors (cont.) (1:42)
Virtual Desktop Infrastructure (0:56)
Virtualization Security (2:42)
Cloud Computing (2:46)
Cloud Deployment Models (3:56)
Cloud Service Types (3:41)
Guidelines for Securing Virtualized and Cloud-Based Resources (1:22)
Demo - Securing Virtual Machine Networking (2:14)
Topic C: Implement Mobile Device Security (0:38)
Mobile Device Connection Methods (2:15)
Mobile Device Connection Methods (cont.) (1:52)
Mobile Device Management (0:42)
Mobile Device Security Controls (2:42)
Mobile Device Security Controls (cont.) (2:18)
Mobile Device Monitoring and Enforcement (3:08)
Mobile Device Monitoring and Enforcement (cont.) (2:44)
Mobile Deployment Models (3:10)
BYOD Security Controls (2:46)
Guidelines for Implementing Mobile Device Security (1:39)
Demo - Implementing Mobile Device Security (2:10)
Topic D: Incorporate Security in the Software Development Lifecycle (0:32)
Software Development Lifecycle (0:55)
Software Development Models (2:48)
DevOps (1:36)
Versioning (1:16)
Secure Coding Techniques (3:01)
Secure Coding Techniques (cont.) (1:42)
Code Testing Methods (1:35)
Guidelines for Incorporating Security in the Software Development Lifecycle (0:57)
Demo - Performing Static Code Analysis (4:30)
Chapter 05 Review (0:35)
Chapter 06 - Implementing Network Security
Mobile Device Monitoring and Enforcement (0:47)
Topic A: Configure Network Security Technologies (0:40)
Network Components (1:24)
Network Devices (0:29)
Routers (2:00)
Switches (2:42)
Proxies (2:28)
Firewalls (3:04)
Load Balancer (2:29)
Network Scanners and Analysis Tools (1:05)
Intrusion Detection Systems (0:45)
Network IDS (1:47)
Intrusion Prevention Systems (1:19)
Network IPS (0:47)
Types of Network Monitoring Systems (1:45)
Security Information and Event Management (1:08)
Data Loss/Leak Prevention (1:34)
Virtual Private Networks (1:14)
VPN Concentrators (1:06)
Security Gateways (1:16)
Unified Threat Management (1:18)
Guidelines for Configuring Network Security Technologies (1:56)
Demo - Configuring a Network IDS (7:53)
Topic B: Secure Network Design Elements (0:20)
Network Access Control (1:57)
Demilitarized Zones (0:59)
Network Isolation (1:46)
Network Isolation (cont.) (0:18)
Virtual Local Area Networks (1:12)
Virtual Local Area Networks (cont.) (0:28)
Network Security Device Placement (2:29)
Network Address Translation (1:09)
Software-Defined Networking (0:48)
Guidelines for Securing Network Design Elements (1:20)
Demo - Securing Network Design Elements (3:32)
Topic C: Implement Secure Networking Protocols and Services (0:26)
The Open Systems Interconnection Model (3:45)
OSI Model and Security (0:45)
Internet Protocol Suite (4:01)
Domain Name System (2:34)
Hypertext Transfer Protocol (0:55)
Secure Sockets Layer/Transport Layer Security (1:51)
Secure Sockets Layer/Transport Layer Security (cont.) (1:09)
HTTP Secure (0:28)
Secure Shell (0:58)
Simple Network Management Protocol (1:10)
Real-Time Transport Protocol (1:13)
Internet Control Message Protocol (1:23)
Internet Protocol Security (3:27)
Network Basic Input/Output System (1:05)
File Transfer Protocols (1:57)
Email Protocols (2:48)
Additional Networking Protocols and Services (1:36)
Ports and Port Ranges (1:37)
Demo - Installing an Internet Information Services Web Server with Basic Security (10:36)
Demo - Securing Network Traffic Using IPSec (6:00)
Topic D: Secure Wireless Traffic (0:18)
Wireless Networks (1:32)
Wireless Antenna Types (2:32)
802.11 Protocols (3:04)
Wireless Cryptographic Protocols (2:17)
Wireless Authentication Protocols (2:34)
VPNs and Open Wireless (1:16)
Wireless Client Authentication Methods (1:46)
Wireless Access Point Security (2:05)
Captive Portals (0:42)
Site Surveys (0:52)
Guidelines for Securing Wireless Traffic (1:29)
Demo - Securing Wireless Traffic (6:12)
Chapter 06 Review (0:33)
Chapter 07 - Managing Identity and Access
Managing Identify and Access (0:58)
Topic A: Implement Identity and Access Management (0:26)
Identity and Access Management (2:10)
Access Control Models (4:47)
Physical Access Control Devices (1:08)
Biometric Devices (3:26)
Certificate-Based Authentication (1:45)
File System and Database Access (2:11)
Guidelines for Implementing IAM (1:29)
Demo - Implementing DAC for a File Share (6:17)
Topic B: Configure Directory Services (0:19)
Directory Services (1:16)
Directory Services (cont.) (0:44)
Lightweight Directory Access Protocol (1:48)
Secure LDAP (0:44)
Common Directory Services (2:17)
Demo - Backing Up Active Directory (8:15)
Topic C: Configure Access Services (0:24)
Remote Access Methods (1:19)
Tunneling (1:21)
Remote Access Protocols (2:09)
HMAC-Based One-Time Password (1:26)
Time-Based OTP (0:42)
Password Authentication Protocol (0:43)
Challenge-Handshake Authentication Protocol (2:34)
NT LAN Manager (1:19)
Authentication, Authorization, and Accounting (0:51)
Remote Authentication Dial-In User Service (0:55)
Remote Authentication Dial-In User Service (cont.) (1:00)
Terminal Access Controller Access-Control System (1:04)
Kerberos (1:19)
Kerberos (Cont.) (2:54)
Demo - Configuring a Remote Access Server (6:06)
Demo - Setting Up Remote Access Authentication (4:17)
Topic D: Manage Accounts (0:20)
Account Management (0:44)
Account Privileges (2:07)
Account Types (2:42)
Account Policy (1:55)
Password Policy (3:06)
Multiple Accounts (1:15)
Shared Accounts (1:43)
Account Management Security Controls (3:29)
Credential Management (1:05)
Group Policy (1:03)
Identity Federation (2:40)
Identity Federation Methods (2:07)
Guidelines for Managing Accounts (1:14)
Demo - Managing Accounts (5:13)
Chapter 07 Review (0:30)
Chapter 08 - Implementing Cryptography
Implementing Crytography (0:52)
Topic A: Identify Advanced Cryptography Concepts (0:21)
Cryptography Elements (3:01)
Hashing Concepts (1:33)
Data States (1:51)
Key Exchange (1:30)
Key Exchange (cont.) (0:17)
Digital Signatures (0:49)
Digital Signatures (cont.) (0:40)
Cipher Suites (1:35)
Session Keys (1:16)
Key Stretching (0:43)
Special Considerations for Cryptography (2:20)
Demo - Identifying Advanced Cryptographic Concepts (2:55)
Topic B: Select Cryptographic Algorithms (0:14)
Types of Ciphers (1:43)
Types of Hashing Algorithms (1:36)
Types of Symmetric Encryption Algorithms (2:25)
Types of Asymmetric Encryption Techniques (2:09)
Types of Key Stretching Algorithms (0:54)
Substitution Ciphers (1:14)
Exclusive Or (1:24)
Cryptographic Modules (1:14)
Demo - Selecting Cryptographic Algorithms (2:22)
Topic C: Configure a Public Key Infrastructure (0:32)
Public Key Infrastructure (0:59)
PKI Components (2:54)
CA Hierarchies (2:39)
The Root CA (0:39)
Subordinate CAs (0:44)
Offline Root CAs (0:43)
Types of Certificates (2:23)
Types of Certificates (cont.) (2:41)
X.509 (0:56)
Certificate File Formats (2:00)
CA Hierarchy Design Options (2:08)
Demo - Installing a CA (5:30)
Demo - Securing a Windows Server 2016 CA (7:39)
Topic D: Enroll Certificates (0:26)
The Certificate Enrollment Process (1:23)
The Certificate Lifecycle (1:22)
Certificate Lifecycle Management (1:46)
The SSL/TLS Connection Process (1:02)
Demo - Enrolling Certificates (4:32)
Demo - Securing Network Traffic with Certificates (2:26)
Topic E: Back Up and Restore Certificates and Private Keys (0:28)
Private Key Protection Methods (1:12)
Key Escrow (2:20)
Private Key Restoration Methods (2:01)
Private Key Replacement (0:38)
Demo - Backing Up a Certificate and Private Key (3:28)
Demo - Restoring a Certificate and Private Key (1:16)
Topic F: Revoke Certificates (0:17)
Certificate Revocation (1:04)
Certificate Revocation List (1:40)
Certificate Revocation List (cont.) (0:22)
Online Certificate Status Protocol (1:38)
Demo - Revoking Certificates (2:36)
Chapter 08 Review (1:03)
Chapter 09 - Implementing Operational Security
Implementing Operational Security (0:41)
Topic A: Evaluate Security Frameworks and Guidelines (0:21)
Security Frameworks (1:27)
Security Framework Examples (1:37)
Security Configuration Guides (1:37)
Compliance (1:30)
Layered Security (1:07)
Defense in Depth (0:46)
Demo - Evaluating Security Frameworks and Guidelines (2:53)
Topic B: Incorporate Documentation in Operational Security (0:19)
Security Policies (1:11)
Security Policies (cont.) (0:43)
Common Security Policy Types (2:57)
Personnel Management (0:51)
Separation of Duties (0:53)
Job Rotation (1:17)
Mandatory Vacation (0:54)
Additional Personnel Management Tasks (1:35)
Training and Awareness (2:01)
Business Agreements (1:43)
Guidelines for Incorporating Documentation in Operational Security (1:08)
Demo - Incorporating Documentation in Operational Security (3:48)
Topic C: Implement Security Strategies (0:26)
Security Automation (1:42)
Scalability (1:03)
Elasticity (1:17)
Redundancy (1:15)
Fault Tolerance (0:50)
Redundant Array of Independent Disks (1:33)
Non-persistence (1:27)
High Availability (1:08)
Deployment Environments (1:44)
Guidelines for Implementing Security Strategies (1:15)
Demo - Implementing Virtual Machine Snapshots (2:37)
Topic D: Manage Data Security Processes (0:24)
Data Security (0:53)
Data Security Vulnerabilities (0:51)
Data Storage Methods (1:14)
Data Encryption Methods (1:04)
Data Sensitivity (1:32)
Data Management Roles (1:28)
Data Retention (1:00)
Data Disposal (2:18)
Guidelines for Managing Data Security (0:54)
Demo - Destroying Data Securely (6:36)
Demo - Encrypting a Storage Device (3:48)
Topic E: Implement Physical Controls (0:26)
Physical Security Controls (1:20)
Physical Security Control Types (1:56)
Physical Security Controls Types (cont. Part 1) (1:38)
Physical Security Controls Types (cont. Part 2) (1:23)
Physical Security Controls Types (cont. Part 3) (0:46)
Environmental Exposures (0:36)
Environmental Controls (1:19)
Environmental Controls (cont.) (1:14)
Environmental Monitoring (0:37)
Safety (0:45)
Guidelines for Implementing Physical Controls (0:53)
Demo - Implementing Physical Controls (1:41)
Chapter 09 Review (0:31)
Chapter 10 - Addressing Security Issues
Addressing Security Issues (0:59)
Topic A: Troubleshoot Common Security Issues (0:24)
Access Control Issues (1:54)
Encryption Issues (1:21)
Data Exfiltration (1:08)
Anomalies in Event Logs (1:21)
Security Configuration Issues (2:11)
Baseline Deviations (1:14)
Software Issues (1:10)
Personnel Issues (1:53)
Asset Management Issues (1:06)
Demo - Identifying Event Log Anomalies (3:41)
Topic B: Respond to Security Incidents (0:14)
Incident Response (0:51)
Incident Preparation (1:00)
Incident Detection and Analysis (0:57)
Incident Containment (0:49)
Incident Eradication (0:32)
Incident Recovery (1:01)
Lessons Learned (0:43)
Incident Response Plans (1:31)
First Responders (0:31)
An Incident Report (0:42)
Guidelines for Responding to Security Incidents (0:33)
Demo - Responding to a Security Incident (2:39)
Topic C: Investigate Security Incidents (0:17)
Computer Forensics (0:42)
The Basic Forensic Process (1:34)
Preservation of Forensic Data (1:34)
Basic Forensic Response Procedure (1:29)
Basic Forensic Response Procedure (cont.) (1:03)
Order of Volatility (0:34)
Chain of Custody (0:24)
Guidelines for Investigating Security Incidents (0:53)
Demo - Implementing Forensic Procedures (5:39)
Chapter 10 Review (0:33)
Chapter 11 - Ensuring Business Continuity
Ensuring Business Continuity (0:43)
Topic A: Select Business Continuity and Disaster Recovery Processes (0:22)
Business Continuity and Disaster Recovery (1:55)
The Disaster Recovery Process (1:50)
Recovery Team (0:40)
Order of Restoration (1:46)
Recovery Sites (1:13)
Secure Recovery (0:34)
Backup Types (Full) (0:44)
Backup Types (Differential vs. Incremental) (1:37)
Secure Backups (1:21)
Geographic Considerations (1:27)
Guidelines for Selecting Business Continuity and Disaster Recovery Processes (1:28)
Demo - Selecting Business Continuity and Disaster Recovery Processes (2:14)
Topic B: Develop a Business Continuity Plan (0:16)
Business Continuity Plans (1:15)
Business Continuity Plans (cont.) (0:17)
Disaster Recovery Plans (1:00)
Disaster Recovery Plans (cont.) (0:25)
IT Contingency Plans (0:50)
Succession Plans (0:23)
Failover (1:08)
Alternate Business Practices (0:42)
Testing Exercises (1:05)
After-Action Reports (1:06)
Guidelines for Developing a BCP (0:58)
Demo - Developing a BCP (1:58)
Chapter 11 Review (0:26)
Course Closure (2:24)
Elasticity
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock