Watch Security (Exam SY0-401)

In this episode, Wes and Daniel cover a variety of topics that pertain to the Security+ exam. Here they cover application security, hypervisor host security, file permissions, user accounts and identity management, and cryptography systems like RIPEMD, Bcrypt and Public Key Infrastructures(PKI) Registration Authority(RA).

In this episode Mike and Don take a look at cryptography concepts. They explain the differences between the various types while offering a demo of steganography. They breakdown the cryptographic methods outlined in the exam objectives. They also demonstrate PKI and working with certificates.

In this episode Nate and Don take a look at identity management in the form of authentication, authorization, and access control. They compare various authentication services such as RADIUS, Kerberos and SAML. They also discuss concepts to provide authentication with various examples of access controls. They conclude with discussing some best practices with administering account management.

Nate and Don explain the solution available to security professionals to help ensure data is secure on host systems, in static environments and the tools to do so. They discuss host security concepts such as host-based intrusion detection systems and OS hardening. They also provide insight on how to protect our data when dealing with embedded systems from SCADA systems to game consoles.

In this episode Nate and Don take a look at application and mobile security controls and concepts. They discuss controls such as application hardening and patch management as well as concepts such as fuzzing and client-side vs server-side validation. They also discuss the influx of mobile devices in the workplace and how to implement security controls to limit their impact.

In this episode, Ronnie and Wes continue to look at different application attacks. This time, they begin with taking a look at how someone can gain access to directories beyond the web server. They also describe the use of attachments, cookies and session hijacking to compromise machines.

In this episode, Ronnie and Wes explain the some of the different types of injection attacks.These attacks are normally carried out against web servers connected to the internet, according to the guys. They also take a moment to talk about how to deal with these types of attacks as well.

Ronnie and Wes help us to identify some of the more aggressive types of attacks on wireless technologies. These types of attacks typically require more skill and knowledge to accomplish. We see this in the demonstrations that Wes presents on the reply attack as well as in bluejacking and bluesnarfing. He demonstrates the capture of initialization vectors and attempts to break WEP encryption.

Ronnie and Wes help us to identify some of the most common wireless attacks that IT professionals will have to face in their job skills. They discuss some of the common attacks and they demonstrates the use of packet sniffing. These are foundational skills in a wireless attacks. They also talk about the context in which we'll see things like Rogue Access Points.

In this episode Nate and Don delve into the world of vulnerability and penetration testing. They introduce various tools used to determine the ports and systems in use as well as baiting attackers away from critical infrastructure through the use of honeypots and honeynets. They conclude with a brief discussion on the penetration testing process and the different levels they can be performed at.

** Part 1 of this episode is the previous episode, Types of Malware ** Nate and Ronnie continue to describe various software attacks and social engineering attacks. The new Sy0-401 objectives call out not only the social engineering attack but also what makes them so effective. The guys spend some time going over what makes each of the social engineering attacks as successful as they are.

In this episode, Mike and Ronnie describe different Information System attacks. They explain some of the malware security professionals should be familiar with.

In this episode Nate and Don take a look at types of mitigation and deterrent techniques. They explain the importance of hardening systems and monitoring system logs. They also discuss how an initial baseline configuration can help determine whether network issues are present or not as well as the differences between the various reporting systems.

In this episode Wes and Mike take a look at security awareness and security controls. They begin with discussing the importance of awareness training among users such as information classification and data labeling and handling. They also explain various physical and environmental controls such as HVAC systems, fire suppression systems and alarms and barricades.

In this episode, Nathan and Ronnie describe implementing security controls in content. They describe the use of procedures and practices used to mitigate security risks, next Nathan and Ronnie discuss the benefits of knowing and using basic forensic process responses and they close the show describing the basic controls used to help meet the security goals of an organization.

In this episode Wes and Mike take a look at risk management and incident response. They begin with discussing the implications of integrating systems with third parties such as interoperability agreements and data ownership. They go on to discuss incident response procedures such as incident identification and mitigation steps. They conclude with describing risk assessments and tabletop exercises.

Nate and Ronnie share some of the Information Systems Risk Concepts. They define risk in an information security context. They talk about risk responses, risk analysis. Using the scenario of a building fire and data entry error, they show how to monetize the risk using a risk calculation formula. They also describe the most common policies that implemented to reduce risk to a business.

In this episode Wes and Mike take a look at the solutions and technologies available to network administrators for securing system networks such as rule-based management and access control lists. They go on to discuss common security issues with wireless networking such as WEP and antenna placement and how to mitigate them.

In this episode, Mike and Ronnie begin to take a look at some of the most common security devices that are implemented across a production network. They emphasize where devices are generally used on the network as well as describe the devices basic security features and uses.

In this episode Wes and Mike take a look at the protocols and ports every Security+ candidate should be familiar with. They discuss the associated technology with each port and protocol and how it relates to the OSI model.

In this episode Mike and Ronnie take a look the components used to create a secure network design. They discuss items such as DMZ and subnetting as well as VLANs and remote access and when to implement them. They conclude with discussing cloud computing and how it can be securely used in today's businesses.

CompTIA Security+ professionals help to implement, administer and maintain a secure computing environment for any organization. Earning the Security+ certification is foundational for anyone who wants to start a network security career. Learners will attain knowledge and skills to identify security issues, deter threats, apply security controls and implement an organization's security policies.