Microsoft`s Adminstering Windows 2000 Professional
advertisement
Lesson Plans LabSim Security Pro Table of Contents Course Overview .................................................................................................. 3 Course Introduction for Instructors ........................................................................ 5 Section 1.1: Security Overview ........................................................................... 10 Section 1.2: Using the Simulator ......................................................................... 12 Section 2.1: Access Control Models ................................................................... 13 Section 2.2: Authentication ................................................................................. 16 Section 2.3: Authorization ................................................................................... 18 Section 2.4: Access Control Best Practices ........................................................ 20 Section 2.5: Windows Domain Users and Groups .............................................. 22 Section 2.6: Linux Users and Groups ................................................................. 25 Section 2.7: Linux User Security ......................................................................... 28 Section 2.8: Group Policy Overview.................................................................... 30 Section 2.9: Hardening Authentication ................................................................ 32 Section 2.10: Remote Access ............................................................................. 34 Section 2.11: Network Authentication ................................................................. 36 Section 2.12: Identity Management..................................................................... 38 Section 3.1: Cryptography .................................................................................. 39 Section 3.2: Hashing ........................................................................................... 42 Section 3.3: Symmetric Encryption ..................................................................... 44 Section 3.4: Asymmetric Encryption ................................................................... 46 Section 3.5: Public Key Infrastructure (PKI) ........................................................ 48 Section 3.6: Cryptographic Implementations ...................................................... 51 Section 4.1: Security Policies .............................................................................. 53 Section 4.2: Business Continuity ........................................................................ 57 Section 4.3: Risk Management ........................................................................... 59 Section 4.4: Incident Response .......................................................................... 61 Section 4.5: Social Engineering .......................................................................... 63 Section 4.6: Certification and Accreditation ........................................................ 66 Section 4.7: Development ................................................................................... 68 Section 4.8: Employee Management .................................................................. 70 Section 5.1: Physical Security ............................................................................. 73 Section 5.2: Hardware Security........................................................................... 75 Section 5.3: Environmental Controls ................................................................... 77 Section 5.4: Mobile Devices ................................................................................ 80 Section 5.5: Telephony ....................................................................................... 82 Section 6.1: Networking Review ......................................................................... 84 Section 6.2: Perimeter Attacks ............................................................................ 87 Section 6.3: Security Appliances ........................................................................ 90 Section 6.4: Demilitarized Zones (DMZ) ............................................................. 92 Section 6.5: Firewalls .......................................................................................... 94 Section 6.6: Network Address Translation (NAT)................................................ 96 Section 6.7: Virtual Private Networks (VPN) ....................................................... 98 Section 6.8: Web Threat Protection .................................................................. 100 ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 1 Section 6.9: Network Access Control (NAC) ..................................................... 102 Section 6.10: Wireless Attacks ......................................................................... 104 Section 6.11: Wireless Defenses ...................................................................... 106 Section 7.1: Network Devices ........................................................................... 109 Section 7.2: Network Device Vulnerabilities ...................................................... 110 Section 7.3: Switch Attacks ............................................................................... 112 Section 7.4: Router and Switch Security ........................................................... 113 Section 7.5: Intrusion Detection and Prevention ............................................... 116 Section 8.1: Malware ........................................................................................ 119 Section 8.2: Password Attacks ......................................................................... 122 Section 8.3: Windows System Hardening ......................................................... 124 Section 8.4: Hardening Enforcement ................................................................ 126 Section 8.5: File Server Security ....................................................................... 128 Section 8.6: Linux Host Security ....................................................................... 130 Section 9.1: Web Application Attacks ............................................................... 132 Section 9.2: Internet Browsers .......................................................................... 135 Section 9.3: E-mail ............................................................................................ 137 Section 9.4: Network Applications..................................................................... 139 Section 9.5: Virtualization ................................................................................. 141 Section 9.6: Application Development .............................................................. 143 Section 10.1: Redundancy ................................................................................ 145 Section 10.2: Backup and Restore.................................................................... 148 Section 10.3: File Encryption ............................................................................ 150 Section 10.4: Secure Protocols ......................................................................... 152 Section 10.5: Cloud Computing ........................................................................ 154 Section 11.1: Vulnerability Assessment ............................................................ 156 Section 11.2: Penetration Testing ..................................................................... 158 Section 11.3: Protocol Analyzers ...................................................................... 160 Section 11.4: Logs and Audits .......................................................................... 162 Security Pro Practice Exams ............................................................................ 165 Security+ Practice Exams ................................................................................. 166 SSCP Practice Exams ...................................................................................... 167 Appendix A: Approximate Time for the Course ................................................. 168 Appendix B: Security Pro Changes ................................................................... 172 Appendix C: Security Pro Objectives ................................................................ 179 Appendix D: CompTIA Security+ (2011 Edition) Exam SY0-301 Objectives .... 184 Appendix E: (ISC)2 SSCP Objectives ............................................................... 196 ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 2 Course Overview This course prepares students for TestOut’s Security Pro, CompTIA’s Security+, and (ISC)2's SSCP certification exams. Module 1 – Introduction This module introduces the students to the challenges of protecting electronic information and using the LabSim simulator. Module 2 – Access Control and Identity Management In this module students will learn concepts about controlling access to system resources. They will learn the access control models, terminology, best practices, tools, and remote and network considerations to controlling access. Module 3 – Cryptography This module teaches the students about cryptographic attacks and the tools to ensure data integrity. They will learn about hashing, symmetric and asymmetric encryption, and certificates. Methods of implementing cryptography are also presented. Module 4 – Policies, Procedures, and Awareness This module discusses security policies, procedures and security awareness. Students will learn security classification levels, documents, business continuity plans, risk management considerations, incident response, trusted computing, software development concerns, and management of employees. Module 5 – Physical Security This module examines the fundamentals of physically securing access to facilities and computer systems, protecting a computer system with proper environmental conditions and fire-suppression systems, and securing mobile devices and telephony transmissions. Module 6 – Perimeter Defenses In this module students will learn concepts about perimeter defenses to increase network security. Topics covered will include types of perimeter attacks, security zones and devices, configuring a DMZ, firewalls, NAT router, VPNs, protections against web threats, Network Access Protection (NAP) and security for wireless networks. Module 7 – Network Defenses This module discusses network device vulnerabilities and defenses, providing security for a router and switch, and implementing intrusion monitoring and prevention. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 3 Module 8 – Host Defenses In this module students will learn about the types of malware and how to protect against them, protecting against password attacks, recommendations for hardening a Windows system, configuring GPOs to enforce security, managing file system security, and procedures to increase network security of a Linux system. Module 9 – Application Defenses This module discusses basic concepts of securing web applications from attacks, fortifying the internet browser, securing e-mail from e-mail attacks, concerns about networking software, and security considerations when using a virtual machine. Module 10 – Data Defenses This module discusses the elements of securing data, such as, implementing redundancy through RAID, proper management of backups and restores, file encryption, implementing secure protocols, and cloud computing. Module 11 – Assessments and Audits This module examines tools that can be used to test and monitor the vulnerability of systems and logs that provide a system manager to track and audit a variety of events on a system. Practice Exams In Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. The practice exams are divided into three separate areas and will contain examples of the types of questions that a student will find on the actual exam: Security Pro Certification Practice Exams Security+ Practice Exams SSCP Practice Exams ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 4 Course Introduction for Instructors This course provides students with the knowledge to become industry certified as a Security professional. This course actually meets the specifications for three different industry certification programs. It prepares the student for the following: TestOut's Security Pro certification CompTIA's Security+ certification (ISC)2's SSCP certification TestOut’s Security Pro certification is a new certification which measures not just what you know, but what you can do. The TestOut Security Pro Certification (2012 edition) measures your ability to manage security threats and harden security for computer systems. The following knowledge domains are addressed: Access Control and Identity Management Policies, Procedures, and Awareness Physical Security Perimeter Defenses Network Defenses Host Defenses Application Defenses Data Defenses Audits and Assessments Security Pro objectives are listed in Appendix C: Security Pro Objectives. CompTIA’s Security+ certification is an international, vendor-neutral certification that verifies the student can apply knowledge to applying security concepts, tools and procedures to react to security incidents. Security+ Exam SY0-301(2011 edition) covers general knowledge of security concepts, threats, and tools. The following knowledge domains are addressed: Network Security Compliance and Operational Security Threats and Vulnerabilities Application, Data and Host Security Access Control and Identity Management Cryptography Security+ objectives are listed in Appendix D: CompTIA Security+ (2011 Edition) Exam SY0-301 Objectives. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 5 (ISC)2’s SSCP certification ensures students have the skills to safeguard against threats and the knowledge to apply security concepts, tools, and procedures. The following knowledge domains are addressed: Access Control Security Operations & Administration Monitoring and Analysis Risk, Response, and Recovery Cryptography Networks and Communications Malicious Code and Attacks SSCP objectives are listed in Appendix E: (ISC)2 SSCP Objectives. The section introductions in LabSim and the lesson plans list the objectives that are met for each of the exams in that section. The following icons are placed in front of lesson items in LabSim to help students quickly recognize the items in each section: = Demonstration = Exam = Lab/Simulation = Text lesson or fact sheet = Video The video and demonstration icons are used throughout the lesson plans to help instructors differentiate between the timing for the videos and demonstrations. In the lesson plans the Total Time for each section is calculated by adding the approximate time for each section which is calculated using the following elements: Video/demo times Approximate time to read the text lesson (the length of each text lesson is taken into consideration) Simulations (5 minutes is assigned per simulation. This is the amount of time it would take for a knowledgeable student to complete the lab activity. Plan that the new students will take much longer than this depending upon their knowledge level and computer experience.) Questions (1 minute per question) Appendix A: Approximate Time for the Course contains all the times for each section which are totaled for the whole course. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 6 Comparison of Security+ and SSCP Objectives Covered in LabSim Security Pro The following table maps out where the Security+ and SSCP objectives are covered in the Security Pro course. (Remember the objectives are in the appendixes.) CompTIA Security+ Exam SSCP Exam Objectives Objectives Security Pro Sections X = This section meets objectives for the identified exam. 1.0 Introduction 1.1 Security Overview 2.8 2.9 N/A N/A 2.1 Access Control Models 5.2 1.1, 1.2, 1.4 2.2 Authentication 5.2 1.3 2.3 Authorization 5.2, 5.3 1.1, 1.2 1.2 Using the Simulator 2.0 Access Control and Identity Management 2.4 Access Control Best Practices 1.2, 2.1, 5.2 2.5 Windows Domain Users and Groups 5.3 1.1, 1.2 2.6 Linux Users and Groups 5.3 1.1, 1.2 2.7 Linux User Security 5.3 1.1, 1.2 4.2, 5.2, 5.3 1.1, 1.2 2.9 Hardening Authentication 5.2, 5.3 1.1 2.10 Remote Access 1.3, 5.1 6.3 2.11 Network Authentication 3.2, 5.1 2.8 Group Policy Overview 2.12 Identity Management 1.6 3.0 Cryptography 3.1 Cryptography 4.3, 6.1, 6.2, 6.3 5.1, 5.2, 5.3 3.2 Hashing 6.1, 6.2 5.1 3.3 Symmetric Encryption 6.2, 6.2 5.1 3.4 Asymmetric Encryption 6.1, 6.2, 6.3 3.5 Public Key Infrastructure (PKI) 6.4, 5.3 3.6 Cryptography Implementations 4.3, 6.2 5.4 2.1, 2.2, 2.4 2.2, 2.3, 2.4, 2.5, 2.8 2.5 4.4 4.3 Risk Management 2.1, 2.2, 3.7 4.1 4.4 Incident Response 2.3 4.3 4.5 Social Engineering 2.4, 3.2, 3.3 7.3 2.4 5.2 4.0 Policies, Procedures, and Awareness 4.1 Security Policies 4.2 Business Continuity 4.6 Certification and Accreditation ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 7 4.7 Development 4.1 2.4 2.1, 2.4 2.1, 2.2 3.6, 5.2 4.2 2.2, 3.6, 4.2 2.2 2.6 2.4 4.2, 4.3 2.7 1.3 6.2 1.3, 1.4, 1.5 6.1 6.2 Perimeter Attacks 3.2, 3.7 7.3 6.3 Security Appliances 1.1, 1.3 6.1, 6.4 6.4 Demilitarized Zones (DMZ) 1.1, 1.3 6.5 Firewalls 1.1, 1.2 4.8 Employee Management 5.0 Physical Security 5.1 Physical Security 5.2 Hardware Security 5.3 Environmental Controls 5.4 Mobile Devices 5.5 Telephony 6.0 Perimeter Defenses 6.1 Networking Review 6.4 6.6 Network Address Translation (NAT) 1.3 6.7 Virtual Private Networks (VPN) 1.1 6.3 6.8 Web Threat Protection 1.1 4.1, 7.1 6.9 Network Access Control (NAC) 1.3 6.1 6.10 Wireless Attacks 3.4 6.5 1.2, 1.6, 5.1, 6.2 6.5 6.11 Wireless Defenses 7.0 Network Defenses 7.1 Network Devices 7.2 Network Device Vulnerabilities 7.3 Switch Attacks 1.1 3.1, 3.2, 5.3 3.2 7.4 Router and Switch Security 1.2, 1.3, 1.4, 3.6 7.5 Intrusion Detection and Prevention 1.1, 2.1, 3.6, 3.7 3.1, 3.2, 7.2 8.1 Malware 3.1, 3.6, 4.2, 7.1, 7.2, 7.3, 7.4 8.2Password Attacks 2.4, 3.6, 5.3 8.3 Windows System Hardening 3.6, 4.2, 5.2 8.4 Hardening Enforcement 4.2, 5.2, 5.3 8.0 Host Defenses 8.5 File Server Security 1.2, 1.4, 2.2, 5.2, 5.3 1.4 8.6 Linux Host Security 1.2, 2.2, 3.6 4.2 2.2, 2.4, 3.2, 3.5, 4.1, 4.2 7.1, 7.3, 7.4 9.0 Application Defenses 9.1 Web Application Attacks 9.2 Internet Browsers 9.3 E-mail 9.4 Network Applications 9.5 Virtualization 9.6 Application Development ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 3.5 3.2, 6.2 5.4, 7.1, 7.3 2.4, 3.2, 4.2 7.2 1.1, 1.3, 2.1, 4.2 1.7, 2.7 3.6, 4.1 8 10.0 Data Defenses 10.1 Redundancy 2.7 4.1 10.2 Backup and Restore 2.7 2.8 10.3 File Encryption 4.3, 6.2 10.4 Secure Protocols 1.4, 6.2 5.2 10.5 Cloud Computing 1.3, 2.1, 4.3 1.7 3.7, 3.8 4.2 11.2 Penetration Testing 3.8 4.2 11.3 Protocol Analyzers 1.1, 3.7 11.0 Assessments and Audits 11.1Vulnerability Assessment 11.4 Logs and Audits 1.2, 2.2, 3.6 3.1, 3.2 Certification Practice Exams Security Pro Practice Exams Security+ Practice Exams SSCP Practice Exams X X In addition to covering everything the student needs to know for the Security+ and SSCP exams, this course has been designed to help students gain realworld skills that they will use every day on-the-job as a Security professional. The real world skills are what is needed to pass the Security Pro Certification exam. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 9 Section 1.1: Security Overview Summary This section provides an overview of security. Basics discussed include: Security challenges Common security terms: o Confidentiality o Integrity o Availability o Non-repudiation CIA of Security Key Security Components: o Physical security o Users and administrator o Policies Risk Management items to take into account: o Asset o Threat o Threat agent o Vulnerability o Exploit Types of threat agents Steps of attack strategies: o Reconnaissance o Breach o Escalate privileges o Stage o Exploit Defense methodologies: o Layering o Principle of least privilege o Variety o Randomness o Simplicity Security+ Exam Objectives: 2.8 Exemplify the concepts of confidentiality, integrity, and availability (CIA) SSCP Exam Objectives: 2.9 Understand security concepts (e.g., confidentiality, integrity, availability, privacy) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 10 Lecture Focus Questions: What challenges does a security professional face? What is the difference between integrity and non-repudiation? What process provides confidentiality by converting data into a form that it is unlikely to be usable by an unintended recipient? What are the three main goals of the CIA of Security? Which security expression refers to verifying that someone is who they say they are? What are key components of risk management? What are three types of threat agents? Video/Demo Time 1.1.1 Security Challenges 8:22 1.1.2 Security Roles and Concepts 5:36 1.1.3 Threat Agent Types 8:20 1.1.5 General Attack Strategy 8:51 1.1.6 General Defense Strategy Total 18:25 49:34 Number of Exam Questions 12 questions Total Time About 70 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 11 Section 1.2: Using the Simulator Summary This section introduces the student to the TestOut simulator, which is used in most of the lab exercises throughout the course. Students will become familiar with the: Scenario Main Bench Shelf Selected Component Processes to complete labs. Elements of the Score Report. Students will learn how to: Read simulated component documentation and view components to make appropriate choices to meet the scenario. Add and remove simulated computer components. Change views to view and add simulated components. Use the zoom feature to view addition image details. Attach simulated cables. Use the simulation interface to identify where simulated cables connect to the computer. Video/Demo 1.2.1 Using the Simulator Time 13:19 Lab/Activity Configure a Security Appliance Install a Security Appliance Total Time About 25 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 12 Section 2.1: Access Control Models Summary This section discusses access control models. Basics discussed include: Access control involves: o Objects o Subjects o System Processes of the access control: o Identification o Authentication o Authorization o Auditing (also referred to as accounting) Access controls can be classified according to the function they perform: o Preventive o Detective o Corrective o Deterrent o Recovery o Compensative Access control measures to restrict or control access: o Administrative o Technical o Physical Directory services Common access control models: o Mandatory Access Control (MAC) o Discretionary Access Control (DAC) o Role-Based Access Control (RBAC) o Rule Set-Based Access Control (RSBAC) o Federated Access Control Discretionary access controls Access control models Academic security models: o Bell-LaPadula o Biba o Clark-Wilson o State machine o Brewer and Nash Module/Chinese Wall o Take-Grant o Combination models ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 13 Students will learn how to: Implement DAC by configuring a discretionary access control list (DACL). Security+ Exam Objectives: 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control o Access control o Mandatory access control o Discretionary access control o Role/rule-based access control o ACLs SSCP Exam Objectives: 1.1 Implement Logical Access Controls in Terms of Subjects o Requirements for access controls 1.2 Implement Logical Access Controls in Terms of Objects o Requirements for access controls o Object groups 1.4 Apply Access Control Concepts (e.g., least privilege, and separation of duties) o Discretionary Access Control (DAC) o Non-discretionary Access Control Lecture Focus Questions: What is access control and why is it important? How does the Discretionary Access Control (DAC) provide access control? What type of entries does the Discretionary Access Control List (DACL) contain? What is the function of each of the two types of labels used by the Mandatory Access Control (MAC) access model? What is the difference between role-based access control and rule-based access control? How are Rule-Based Access Control and Mandatory Access Control (MAC) similar? In security terms, what does AAA refer to? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 14 Video/Demo Time 2.1.1 Access Control Models 3:38 2.1.5 Implementing Discretionary Access Control 1:34 Total 5:12 Number of Exam Questions 15 questions Total Time About 30 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 15 Section 2.2: Authentication Summary In this section students will learn the basics of identification and authentication. Concepts covered in this section include: Ways a User can prove identity to an authentication server: o Type 1 Something you know o Type 2 Something you have o Type 3 Something you are Terms used to measure the effective of authentication solutions: o False negative o False positive o Crossover error rate o Processing rate Authentication methods used to increase security: o Two-factor o Three-factor o Multi-factor o Strong o One-factor o Mutual Considerations when implementing biometrics Single Sign-on (SSO) authentication: o Advantages of SSO o Disadvantages of SSO SSO solutions: o Kerberos o Secure European System for Applications in a Multi-Vendor Environment (SESAME) o Directory services Students will learn how to: Use a biometric scanner to enroll (record) fingerprints that can be used for authentication. Configure fingerprint settings to automate execution of an application. Use single sign-on to access all authorized resources on the network. Security+ Exam Objectives: 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control o Identification vs. authentication o Authentication (single factor) and authorization ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 16 o o o o o o o Multifactor authentication Biometrics Tokens Common access card Personal identification verification card Smart card Single sign on SSCP Exam Objectives: 1.3 Implement Authentication Mechanisms (e.g., single/multi-factor authentication, single sign-on, offline authentication) Lecture Focus Questions: What is the difference between authentication and identification? Which authentication type is the most common? Which form of authentication is generally considered the strongest? What is the difference between synchronous and asynchronous token devices? Which type of biometric processing error is more serious, a false positive or a false negative? Why? What is the difference between strong authentication, two-factor authentication, and multi-factor authentication? What are the main advantages of SSO authentication? Disadvantages? Video/Demo 2.2.1 Authentication 2.2.3 Using a Biometric Scanner 2.2.5 Using Single Sign-on Total Time 11:19 3:49 12:20 27:28 Number of Exam Questions 15 questions Total Time About 55 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 17 Section 2.3: Authorization Summary This section examines using authorization to control access to resources. Concepts covered include: Types of NTFS access lists: o Discretionary Access Control List (DACL) o System Access Control List (SACL) The role of a security principal Types of permission: o Effective Permissions o Deny Permissions o Cumulative Permissions Students will learn how to: Create a group and add members to the group. Examine the elements of an access token using whoami /all. After changes to user privileges, gain access to newly assigned resources by creating a new access token (logging on again). Security+ Exam Objectives: 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control o ACLs o Access control o Discretionary access control 5.3 Implement appropriate security controls when performing account management o Mitigates issues associated with users with multiple accounts/roles o Group based privileges o User assigned privileges SSCP exam objectives: 1.1 Implement Logical Access Controls in Terms of Subjects o Requirements for access controls 1.2 Implement Logical Access Controls in Terms of Objects o Requirements for access controls o Object groups ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 18 Lecture Focus Questions: What three types of information make up an access token? How is the access token used to control access to resources? On a Microsoft system, when is the access token generated? What types of objects are considered security principals? What is the difference between a discretionary access control list (DACL) and a system access control list (SACL)? Video/Demo Time 2.3.1 Authorization 5:15 2.3.2 Cumulative 9:32 2.3.4 Examining the Access Token 4:23 Total 19:10 Number of Exam Questions 4 questions Total Time About 25 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 19 Section 2.4: Access Control Best Practices Summary This section provides information about best practices to control access to system resources. Concepts covered include: Security practices: o Principle of least privilege o Need to know o Separation of duties o Job rotation o Defense-in-depth Creeping privileges How to avoid creeping privileges End-of-life procedures for media Students will learn how to: Enable and disable User Account Control (UAC). Use alternate credentials to run programs that require elevated privileges. Security+ Exam Objectives: 1.2 Apply and implement secure network administration principles o Implicit deny 2.1 Explain risk related concepts o Importance of policies in reducing risks 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control o Least privilege o Separation of duties o Implicit deny o Job rotation Lecture Focus Questions: What is the difference between implicit deny and explicit allow? What is the difference between implicit deny and explicit deny? Which is the strongest? How does implementing the principle of separation of duties increase the security in an organization? What aspects of security does job rotation provide? How do creeping privileges occur? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 20 Video/Demo Time 2.4.1 Access Control Best Practices 3:12 2.4.3 Viewing Implicit Deny 3:26 Total 6:38 Number of Exam Questions 12 questions Total Time About 20 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 21 Section 2.5: Windows Domain Users and Groups Summary This section discusses managing Windows domain users and groups. Concepts covered include: Active Directory components: o Domain o Trees and Forests o Organizational Unit (OU) o Generic Containers o Objects o Domain Controller Advantages of hierarchical directory databases User Account Management: o Creating users o Recommendations of managing user accounts o Directory object attributes o Managing users as groups Students will learn how to: Create domain user accounts. Modify user account properties, including changing logon and password settings in the user account. Rename a user account. Reset a user account password and unlock the account. Enable and disable an account. Security+ Exam Objectives: 5.3 Implement appropriate security controls when performing account management o Mitigates issues associated with users with multiple accounts/roles o Account policy enforcement Password complexity Expiration Recovery Length Disablement Lockout o Group based privileges o User assigned privileges ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 22 SSCP Exam Objectives: 1.1 Implement Logical Access Controls in Terms of Subjects o Requirements for access controls 1.2 Implement Logical Access Controls in Terms of Objects o Requirements for access controls o Object groups Security Pro Exam Objectives: 1.1 Create, modify, and delete user profiles o Manage Windows Domain Users and Groups Create, rename, and delete users and groups Lock and unlock user accounts Assign users to appropriate groups Change a user's password Lecture Focus Questions: What is the purpose of a domain? What is the difference between a disabled, locked out, or expired user account? What is the best way to handle a user's account when an employee quits the company and will be replaced by a new employee in the near future? What are the recommendations for using a template user account? What properties of a user account do not get duplicated when you copy the user? Video/Demo Time 2.5.1 Active Directory Introduction 9:04 2.5.2 Active Directory Structure 9:24 2.5.3 Viewing Active Directory 3:59 2.5.5 Creating User Accounts 3:13 2.5.6 Managing User Account Properties 2.5.10 Managing Groups Total 13:20 4:10 43:10 Lab/Activity Create User Accounts Manage User Accounts ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 23 Create a Group Create Global Groups Number of Exam Questions 2 questions Total Time About 75 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 24 Section 2.6: Linux Users and Groups Summary This section examines managing Linux users and groups. Concepts covered include: Options for storing Linux user and group information Files used when files are stored in the local file system: o /etc/passwd o /etc/shadow o /etc/group o /etc/gshadow Configuration files used when managing user accounts: o /etc/default/useradd o /etc/login.defs/etc/skel Manage user accounts with the following commands: o useradd o passwd o usermod o userdel Commands to manage group accounts and group membership: o groupadd o groupmod o groupdel o gpasswd o newgrp o usermod o groups Students will learn how to: Create, rename, lock, and unlock a user account. Change a user's password. Rename or remove a user account. Create groups and define the group ID. Change secondary group membership for specific user accounts. Enable a group password. Security+ Exam Objectives: 5.3 Implement appropriate security controls when performing account management o Mitigates issues associated with users with multiple accounts/roles o Account policy enforcement Password complexity ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 25 Expiration Recovery Length Disablement Lockout o Group based privileges o User assigned privileges SSCP Exam Objectives: 1.1 Implement Logical Access Controls in Terms of Subjects o Requirements for access controls 1.2 Implement Logical Access Controls in Terms of Objects o Requirements for access controls o Object groups Security Pro Exam Objectives: 1.1 Create, modify, and delete user profiles o Manage Linux Users and Groups Create, rename, and delete users and groups Assign users to appropriate groups Lock and unlock user accounts Change a user's password Lecture Focus Questions: Which directory contains configuration file templates that are copied into a new user's home directory? When using useradd to create a new user account, what type of default values create the user account? How can you view all the default values in the /etc/default/useradd file? How would you create a user with useradd that does not receive the default values in /etc/default/useradd file? Which command deletes a user and their home directory at the same time? Which usermod option changes the secondary group membership? Which command removes all secondary group memberships for specific user accounts? Which groupmod option changes the name of a group? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 26 Video/Demo 2.6.1 Linux User and Group Overview Time 19:14 2.6.2 Managing Linux Users 9:28 2.6.10 Managing Linux Groups 3:15 Total 31:57 Lab/Activity Create a User Account Rename a User Account Delete a User Change Your Password Change a User’s Password Lock and Unlock User Accounts Rename and Create Groups Add Users to a Group Remove a User from a Group Number of Exam Questions 10 questions Total Time About 100 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 27 Section 2.7: Linux User Security Summary In this section students will explore user security for Linux. Details about the following concepts will be covered: Considerations for user security Commands used to promote user security and restrictions o chage o ulimit The /etc/security/limits.conf file o Entry options: Entity Type Limits Value Students will learn how to: Configure password aging. Configure password login limits. Configure the maximum concurrent logins by a user. Use the ulimit command to restrict user resource usage. Security+ Exam Objectives: 5.3 Implement appropriate security controls when performing account management o Mitigates issues associated with users with multiple accounts/roles o Account policy enforcement Password complexity Expiration Recovery Length Disablement Lockout o Group based privileges o User assigned privileges SSCP Exam Objectives: 1.1 Implement Logical Access Controls in Terms of Subjects o Requirements for access controls 1.2 Implement Logical Access Controls in Terms of Objects o Requirements for access controls ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 28 o Object groups Security Pro Exam Objectives: 1.1 Create, modify, and delete user profiles. o Manage Linux Users and Groups. Configure password aging. o Restrict use of common access accounts. Lecture Focus Questions: When using chage to set expiration of user passwords, which option sets the number of days for the password warning message? What is the difference between hard and soft limits? When using ulimit to limit computer resources used for applications launched from the shell, which option displays the current limits? What command removes all restrictions for process memory usage? Why should passwords not expire too frequently? Video/Demo Time 2.7.1 Linux User Security and Restrictions 9:53 2.7.2 Configuring Linux Users Security and Restrictions 6:40 Total 16:33 Number of Exam Questions 5 questions Total Time About 25 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 29 Section 2.8: Group Policy Overview Summary This section provides an overview of using Group Policy to apply multiple objects within the Active Directory domain at one time. Concepts covered include: GPO Categories: o Computer Configuration o User Configuration The role of GPOs The order in which GPOs are applied Students will learn how to: View the setting defined in a GPO. Create a GPO. Link a GPO to OUs. Edit the settings of a GPO. Import GPO settings. Security+ Exam Objectives: 4.2 Carry out appropriate procedures to establish host security o Operating system security and settings 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control o Access control 5.3 Implement appropriate security controls when performing account management o Mitigates issues associated with users with multiple accounts/roles o Account policy enforcement Password complexity Expiration Recovery Length Disablement Lockout o Group based privileges SSCP Exam Objectives: 1.1 Implement Logical Access Controls in Terms of Subjects o Requirements for access controls 1.2 Implement Logical Access Controls in Terms of Objects ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 30 o Requirements for access controls o Object groups Security Pro Exam Objectives: 1.1 Create, modify, and delete user profiles. o Manage Windows Local Users and Groups Restrict use of local user accounts o Restrict use of common access accounts Lecture Focus Questions: When are user policies applied? How do computer policies differ from user policies? How do GPOs applied to an OU differ from GPOs applied to a domain? What is the order in which GPOs are applied? If a setting is undefined in one GPO and defined in another, which setting is used? If a setting is defined in two GPOs, which setting is applied? Video/Demo Time 2.8.1 Group Policy Overview 8:41 2.8.2 Viewing Group Policy 7:47 Total 16:28 Lab/Activity Create and Link a GPO Number of Exam Questions 3 questions Total Time About 30 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 31 Section 2.9: Hardening Authentication Summary This section discusses methods of hardening authentication. Basics discussed include: Methods of authentication: o Account lockout o Account restrictions o Account (password) policies Considerations for controlling user account and password security Students will learn how to: Control logical access by configuring user account and account lockout policies. Configure day/time restrictions, computer restrictions, and expiration dates for user accounts. Enable and disable user accounts. Configure the password policy for a domain. Using Group Policy Management, configure security settings such as password policy settings to define requirements for user passwords. Using Group Policy Management, configure user right assignments to identify actions users can perform on a system. Security+ Exam Objectives: 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control o Time of day restrictions 5.3 Implement appropriate security controls when performing account management o Account policy enforcement Password complexity Expiration Recovery Length Disablement Lockout Security Pro Exam Objectives: 1.1 Create, modify, and delete user profiles. o Manage Windows Local Users and Groups Restrict use of local user accounts ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 32 o Restrict use of common access accounts Lecture Focus Questions: What characteristics on a Microsoft system typically define a complex password? What is the clipping level and how does it affect an account login? What does the minimum password age setting prevent? What is a drawback to account lockout for failed password attempts? What are the advantages of a self-service password reset management system? Video/Demo 2.9.1 Hardening Authentication 2.9.2 Configuring User Account Restrictions l Time 19:31 9:30 2.9.3 Configuring Account Policies and UAC Settings 14:18 2.9.4 Hardening User Accounts 10:20 2.9.5 Configuring Smart Card Authentication Total 4:39 58:18 Lab/Activity Configure User Account Restrictions Configure Account Policies Restrict Local Accounts Secure Default Accounts Enforce User Account Control Configure Smart Card Authentication Number of Exam Questions 10 questions Total Time About 100 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 33 Section 2.10: Remote Access Summary In this section students will learn about remote access. Concepts covered include: The role of remote access. Stages in the remote access process: o Connection o Authentication o Authorization o Accounting Common AAA server solutions: o Remote Authentication Dial-In User Server (RADIUS) o Terminal Access Controller Access-Control System Plus (TACACS+) Considerations when comparing RADIUS vs. TACACS+ Students will learn how to: Configure a remote access server to accept remote access connections. Control remote access authorization using network policies. Configure ports on a VPN server to allow VPN connections. Configure a VPN client connection. Security+ Exam Objectives: 1.3 Distinguish and differentiate network design elements and compounds o Remote Access 5.1 Explain the function and purpose of authentication services o RADIUS o TACACS o TACACS+ o XTACACS SSCP Exam Objectives: 6.3 Understand remote access o Technology (e.g., think client, SSL/VPN) o Common vulnerabilities Security Pro Exam Objectives: 1.2 Harden authentication o Configure secure remote access. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 34 Lecture Focus Questions: How does EAP differ from CHAP or MS-CHAP? What is the difference between authentication and authorization? How does tunneling protect packets in transit through an unsecured network? What are examples of criteria used to restrict remote access? Which remote server solution performs better and is considered more secure? What types of attacks are remote access servers vulnerable to? Video/Demo Time 2.10.1 Remote Access 8:43 2.10.3 RADIUS and TACACS+ 6:51 Total 15:34 Number of Exam Questions 15 questions Total Time About 40 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 35 Section 2.11: Network Authentication Summary This section discusses using authentication too connect to a network and access network resources. Concepts covered include: The process of a three-way handshake Authentication methods used for network authentication: o LAN Manager (LANMAN or LM) o NT LAN Manager (NTLM) o Kerberos The role of Lightweight Directory Access Protocol (LDAP) Authentication Modes that LDAP supports when binding to a directory service: o Anonymous o Simple o Simple Authentication and Security Layer (SASL) Trusts o One-way trust o Two-way trust Transitivity: o Transitive trust o Non-transitive trust Transitive access attack Students will learn how to: Edit Kerberos Policy settings using Group Policy Management. Provide authentication backwards compatibility for pre-Windows 2000 clients using Group Policy. Security+ Exam Objectives: 3.2 Analyze and differentiate among types of attacks o Transitive access 5.1 Explain the function and purpose of authentication services o Kerberos o LDAP Security Pro Exam Objectives: 1.2 Harden authentication o Implement centralized authentication ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 36 Lecture Focus Questions: Using a challenge/response process, what information is exchanged over the network during logon? How does this provide security for logon credentials? What is the difference between authentication with LAN Manager and NT LAN Manager? What security vulnerabilities should an administrator be aware of when using Kerberos for authentication? What two entities are combined to make up the KDC? Why does Kerberos require clock synchronization between devices? What does transitivity define? How is a non-transitive trust relationship established between domains? Video/Demo Time 2.11.1 Network Authentication Protocols 14:09 2.11.2 Network Authentication via LDAP 10:30 2.11.4 Controlling the Authentication Method 3:51 2.11.6 Browsing a Directory Tree via LDAP 6:38 2.11.7 Trusts and Transitive Access 5:33 Total 40:41 Lab/Activity Configure Kerberos Policy Settings Number of Exam Questions 12 questions Total Time About 65 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 37 Section 2.12: Identity Management Summary This section discusses the role of Identity Management (IDM). Details include: The role of Identity Management IDM Advantages of IDM Terms: o Identity Vault o Identity Management Service o Automated Provisioning o Automated Maintenance o Automated De-provisioning o Automated Maintenance o Password Synchronization o Entitlement o Authoritative Source SSCP Exam Objectives: 1.6 Implement identity management o Provisioning o Maintenance o Entitlement Lecture Focus Questions: What are the advantages of implementing IDM? Disadvantages? What is the significance of the authoritative source of an item? What does entitlement define? What is automated provisioning? Video/Demo 2.12.1 Identity Management Time 16:31 Number of Exam Questions 2 questions Total Time About 20 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 38 Section 3.1: Cryptography Summary In this section students will learn the basics of cryptography. Concepts covered in this section include: Terms related to cryptography: o Plain text o Cipher text o Cryptographer o Cryptanalysis o Cryptosystem o Cryptology o Key o Algorithm o Encryption o Decryption o Steganography o Quantum cryptography o Initialization vector o Transposition Cipher o Substitution Cipher Attack Types: o Brute Force Attacks o Plaintext Attacks o Analytic o Weakness Exploitation Attacks o Encryption attacks o Man-in-the-middle attack Countermeasures to strengthen the cryptosystem Security+ Exam Objectives: 4.3 Explain the importance of data security o Hardware based encryption devices TPM HSM USB encryption Hard drive 6.1 Summarize general cryptography concepts o Non-repudiation o Steganography o Digital signatures o Use of proven technologies o Elliptic curve and quantum cryptography 6.2 Use and apply appropriate cryptographic tools and products ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 39 o One-time-pads 6.3 Explain the core concepts of public key infrastructure o Certificate authorities and digital certificates CA CRLs PKI Recovery agent Public key Private key Registration SSCP Exam Objectives: 5.1 Understand basic concepts of Cryptography (e.g., hashing, encryption mechanisms, performance) 5.2 Understand Requirements for Cryptography (e.g., data sensitivity, regulatory requirements, end-user training) 5.3 Support Certificate and Key Management o Understand basic key management concepts (e.g., public key infrastructure) Certificate authorities and digital certificates Administration and validation (e.g., key creation, exchange, revocation, escrow) Security Pro Exam Objectives: 1.3 Manage Certificates o Approve, deny, and revoke certificate requests Lecture Focus Questions: What is a legitimate use for cryptanalysis? How is the strength of a cryptosystem related to the length of the key? Which of the following is typically kept secret, the encryption algorithm or the key (or both)? What is the difference between a transposition cipher and a substitution cipher? What is a legitimate use of steganography? What methods are used in a brute force attack? What is the difference between a Registration Authority and a Certificate Authority? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 40 Video/Demo 3.1.1 Cryptography Concepts 3.1.3 Cryptography Attacks Total Time 4:29 17:47 22:16 Number of Exam Questions 15 questions Total Time About 45 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 41 Section 3.2: Hashing Summary This section examines using hashing to ensure the data integrity of files and messages in transit. Concepts covered include: The role of hashing Predominate hashing algorithms: o MD5 o SHA-1 o RIPEMD Uses of hashing: o File integrity o Secure logon credential exchange Considerations regarding hashes Students will learn how to: Generate a hash value for a file. Compare hash values to verify message integrity. Security+ Exam Objectives: 6.1 Summarize general cryptography concepts o Hashing 6.2 Use and apply appropriate cryptographic tools and products o MD5 o SHA o RIPEMD SSCP exam objectives: 5.1 Understand basic concepts of Cryptography (e.g., hashing, encryption mechanisms, performance) o Install and maintain cryptographic systems Lecture Focus Questions: What security goal or function is provided by hashes? Why doesn't a hash provide message encryption? When comparing MD5 and SHA-1, which method provides greater security? Why? What is a collision and why is this condition undesirable in a hashing algorithm? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 42 Why is high amplification an indicator of a good hashing algorithm? Video/Demo 3.2.1 Hashing 3.2.3 Using Hashes Total Time 11:31 7:43 19:14 Number of Exam Questions 12 questions Total Time About 35 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 43 Section 3.3: Symmetric Encryption Summary This section examines using symmetric encryption to encrypt and decrypt data. Concepts covered include: Symmetric encryption uses two algorithm types: o Block ciphers o Stream ciphers Common symmetric cryptography methods include: o Ron’s Cipher v2 or Ron’s Code v2 (RC2) o Ron’s Cipher v5 or Ron’s Code v5 (RC5) o International Data Encryption Algorithm (IDEA) o Data Encryption Standard (DES) o Triple DES (3DES) o Advanced Encryption Standard (AES) o Blowfish o Twofish o SkipJack The role of Hashed Keyed Message Authentication Code (HMAC) Students will learn how to: Perform a brute force analysis of encrypted data to recover original data. Security+ Exam Objectives: 6.1 Summarize general cryptography concepts o Symmetric vs. asymmetric o Fundamental differences and encryption methods 6.2 Use and apply appropriate cryptographic tools and products o MD5 o AES o DES o 3DES o HMAC o RC4 o Blowfish o TwoFish o RIPEMD SSCP exam objectives: 5.1 Understand basic concepts of Cryptography (e.g., hashing, encryption mechanisms, performance) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 44 Lecture Focus Questions: A user needs to communicate securely with 5 other users using symmetric key encryption. How many keys are required? How are symmetric keys typically exchanged between communication partners? What is an advantage of increasing the number of bits in the key? What is a disadvantage? Why are symmetric key stream ciphers considered to be slower than symmetric key block ciphers? Considering symmetric key stream ciphers and block ciphers, which would you select to process large amounts of data? Why? How does 3DES differ from DES? Video/Demo Time 3.3.1 Symmetric Encryption 5:27 3.3.2 HMAC 6:13 3.3.4 Cracking a Symmetric Encryption Key 4:11 Total 15:51 Number of Exam Questions 15 questions Total Time About 40 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 45 Section 3.4: Asymmetric Encryption Summary This section discusses using asymmetric encryption to encrypt and decrypt data. Details include: The role of the public and private key Management considerations in implementing asymmetric key cryptography Asymmetric key encryption is used for: o Data encryption o Digital signing o Key exchange Common asymmetric key cryptography systems: o Diffie-Hellman Key Exchange o ELGamal o Elliptic Curve Cryptographyi (ECC) o Merkle-Hellman Knapsack o Rivest, Shamir,Adelman (RSA) The role of a hybrid cryptography system Protocols used by asymmetric encryption: SSL/TLS IPSec VPNs (PPTP, L2TP, SSTP) S/MIME and PGP for e-mail security SSH tunnels Security+ Exam Objectives: 6.1 Summarize general cryptography concepts o Symmetric vs. asymmetric o Non-repudiation o Digital signatures o Use of proven technologies o Elliptic curve and quantum cryptography 6.2 Use and apply appropriate cryptographic tools and products o RSA 6.3 Explain the core concepts of public key infrastructure o Public key o Private key ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 46 Lecture Focus Questions: How do public keys differ from private keys? What is the relationship between the two? For which type of environment is asymmetric cryptography best suited? Why does asymmetric encryption require fewer keys than symmetric encryption? What services are provided by the cryptographic service provider (CSP)? What is the main use for the Diffie-Hellman protocol? Video/Demo 3.4.1 Asymmetric Encryption Time 8:56 Number of Exam Questions 11 questions Total Time About 25 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 47 Section 3.5: Public Key Infrastructure (PKI) Summary This section examines using a public key infrastructure (PKI) to issue and manage certificates. Details include: The role of a digital certificate Process used to request, issue, and manage certificates Example of using SSL and certificates to secure Web transactions Terms to be familiar with: o Certificate Authority (CA) o Subordinate Certificate Authority o Certificate Practice Statement (CPS) o Cryptographic Service Provider (CSP) o Online Certificate Status Protocol (OCSP) o Certificate Revocation List (CRL) o CRL Distribution Point (CDP) o Registration Authority (RA) o X.509 o Enrollment agent o Authority Information Access (AIA) A summary of the certificate lifecycle Certificate management areas: o Key protection o Certificate validation o Key archival o Key escrow o Certificate revocation o Crypto period o Certificate renewal o Key disposal Considerations when managing a public key infrastructure (PKI): o PKI hierarchy o Cross certification o Dual key pairs Students will learn how to: Manage certificates by requesting, approving, and installing certificates. Revoke a certificate and publish it to the CRL. Create and configure a subordinate CA. Manage certificate templates by deploying certificates for different purposes. Create and issue custom certificate templates. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 48 Security+ Exam Objectives: 6.4 Implement PKI, certificate management, and associated components o Certificate authorities and digital certificates CA CRLs o PKI o Recovery agent o Public key o Private key o Registration o Key escrow o Trust models SSCP Exam Objectives: 5.3 Support Certificate and Key Management o Understand basic key management concepts (e.g., public key infrastructure) Certificate authorities and digital certificates Administration and validation (e.g., key creation, exchange, revocation, escrow) Security Pro Exam Objectives: 1.3 Manage Certificates o Approve, deny, and revoke certificate requests Lecture Focus Questions: Who authorizes subordinate CAs? Why is this important? What does the issuance policy on a CA control? How does a client verify the information in an SSL certificate to determine if it trusts the certificate? What is the difference between a CSP and a CPS? What is the role of the Registration Authority (RA)? What is the difference between key archival and key escrow? How are revoked certificates identified? Under what circumstances would a certificate be revoked? What security advantage do dual key pairs provide? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 49 Video/Demo 3.5.1 Certificates Time 11:02 3.5.2 Managing Certificates 8:43 3.5.5 CA Implementation 5:17 3.5.6 Configuring a Subordinate CA 8:29 Total 35:27 Lab/Activity Manage Certificates Number of Exam Questions 15 questions Total Time About 65 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 50 Section 3.6: Cryptographic Implementations Summary In this section students will learn the basics of implementing cryptography. Concepts covered include: Implementations of cryptography: o File system encryption o Digital signatures o Digital envelope o Trusted Platform Module (TPM) o Hardware Security Modules (HSM) How technologies are implemented in LAN-and Web-based environments: o Secure Electronic Transaction (SET) o Secure Sockets Layers (SSL) o Transport Layer Security (TLS) o Secure Hyper Text Transport Protocol (S-HTTP) o Hyper Text Transport Protocol Secure (HTTPS) o Secure Shell (SSH) o Internet Protocol Security (IPSec) Encryption technologies implemented to secure e-mail messages: o Privacy Enhanced Mail (PEM) o Pretty Good Privacy (PGP) o Secure Multipurpose Internet Mail Extensions (S/MIME) o Message Security Protocol (MSP) Security+ Exam Objectives: 4.3 Explain the importance of data security o Data encryption Full disk Individual files o Hardware based encryption devices TPM HSM 6.2 Use and apply appropriate cryptographic tools and products o PGP/GPG o Whole disk encryption o Use of algorithms with transport encryption o SSL o TLS o IPSec o SSH o HTTPS ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 51 SSCP Exam Objectives: 5.4 Understand the use of Secure Protocols (e.g., difference in implementation, appropriate use) o Support the implementation of secure protocols (e.g., IPSec, SSL/TLS, S/MIME) Lecture Focus Questions: What are the advantages of asymmetric over symmetric encryption? What are the disadvantages? How are asymmetric encryption and hashing combined to create digital signatures? What is the difference between digital signatures and digital envelopes? How does the protection offered by BitLocker differ from EFS? How does S-HTTP differ from HTTPS? Which is more secure? Which types of traffic can SSL protect? Video/Demo 3.6.1 Combining Cryptographic Methods 3.6.2 Hardware Based Encryption Devices Total Time 10:30 7:12 18:42 Number of Exam Questions 15 questions Total Time About 40 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 52 Section 4.1: Security Policies Summary This section discusses using security policies to define the overall security outlook for an organization. Details include: Types of documents used to create security policies: o Regulation o Procedure o Baseline o Guideline Elements of security planning Due care and due diligence Types of security policy documents: o Acceptable use o Authorized access o Change and configuration management o Code escrow agreement o Code of ethics o Human resource policies o Organizational security policy o Password o Privacy o Resource allocation o Service Level Agreement (SLA) o User education and awareness training o User management The role of security management Components of operational security that help to establish defense and depth: o Change management o Employee management o Security awareness o Physical security Common information classification levels: o Public with full distribution o Public with limited distribution o Private internal o Private restricted Government and military classifications: o Unclassified o Sensitive but unclassified o Confidential o Secret o Top secret ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 53 Methods of disposing media to prevent data recovery: o Shredding/Burning o Partitioning/Formatting/Degaussing o Wiping a Hard Drive o Destruction Milestones to develop a manageable network plan: o Prepare to Document o Map the Network o Protect Your Network (Network Architecture) o Reach Your Network (Device Accessibility) o Control Your network (User Access) o Manage Your Network Part I (Patch Management) o Manage Your Network Part II (Baseline Management) o Document Your Network Security+ Exam Objectives: 2.1 Explain risk related concepts o Importance of policies in reducing risk Privacy policy Acceptable use Security policy Mandatory vacations Job rotation Separation of duties Least privilege 2.2 Carry out appropriate risk mitigation strategies o Change management 2.4 Explain the importance of security related awareness and training o Security policy training and procedures o Personally identifiable information o Information classification: Sensitivity of data (hard or soft) o Data labeling, handling, and disposal o Compliance with laws, best practices, and standards o User habits o Password behaviors SSCP Exam Objectives: 2.2 Perform Security Administrative Duties o Maintain adherence to security policies, baselines, standards, and procedures o Validate security controls o Data classification (e.g., control, handling, categorization) o Asset Management (e.g., hardware, software, data) o Develop and maintain systems and security control documentation ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 54 2.3 Perform Change Management Duties o Assist with the implementation of Configuration Management Plan o Understand the impact of changes to the environment 2.4 Provide security evaluation and assistance to the organization (e.g., product evaluation, data flow management) o Support certification and accreditation (i.e., security authorization) 2.5 Participate in Security Awareness Education 2.8 Comply with data management policies (e.g., storage media [paper or electronic], transmission archiving, retention requirements, destruction, duplication, data lost prevention, social network usage, information rights management [IRM]) Security Pro Exam Objectives: 2.1 Promote Information Security Awareness o Support certification and accreditation (i.e., security authorization) o Exchanging content between Home and Work o Storing of Personal Information on the Internet o Using Social Networking Sites o Password Management o Information Security Lecture Focus Questions: What is the difference between a regulation and a guideline? What are the main reasons for implementing security policies within an organization? How is due diligence different than due process? How can a code escrow agreement provide security for an organization? When a new security plan is distributed, why is it important to destroy all copies of the old version? What are the characteristics of a strong password policy? How is the government's secret classification different than the top secret classification? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 55 Video/Demo Time 4.1.1 Security Policies 7:23 4.1.2 Data Privacy Laws 9:42 4.1.6 Information Classification 5:40 4.1.7 Wiping a Hard Drive 12:58 4.1.9 Manageable Network Plan 16:49 4.1.10 Manageable Network Plan 2 14:05 Total 66:37 Number of Exam Questions 15 questions Total Time About 100 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 56 Section 4.2: Business Continuity Summary This section provides basic information about the activities that will ensure business continuity. Concepts covered include: Plans pertaining to business continuity include: o Business Continuity Plan (BCP) o Business Impact Analysis (BIA) o Disaster Recovery Plan (DRP) Considerations when creating the disaster recovery and business continuity plans The role of succession planning Security+ Exam Objectives: 2.5 Compare and contrast aspects of business continuity o Business impact analysis o Removing single points of failure o Business continuity planning and testing o Continuity of operations o Disaster recovery o IT contingency planning o Succession planning SSCP Exam Objectives: 4.4 Understand and Support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) o Understand the Components of a Business Continuity Plan (BCP) o Understand and support Disaster Recovery Plan (DRP) Security Pro Exam Objectives: 2.2 Evaluate Information Risk o Perform Risk calculation o Risk avoidance, transference, acceptance, mitigation, and deterrence Lecture Focus Questions: When is the best time to start planning for disaster recovery? How is the Disaster Recovery Plan (DRP) related to the Business Continuity Plan (BCP)? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 57 What is the top priority when planning for a disaster? How does a Business Impact Analysis (BIA) help to improve the security of an organization? In addition to planning for how to keep operations going in the event of an incident, what else should a disaster recovery plan include? How does succession planning differ from replacement planning? Video/Demo Time 4.2.1 Business Continuity 2:39 4.2.2 Succession Planning 5:23 Total 8:02 Number of Exam Questions 6 questions Total Time About 20 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 58 Section 4.3: Risk Management Summary In this section students will learn about using risk management to reduce risk for an organization. Concepts covered include: Terms related to risk analysis: o Asset o Threat o Vulnerability o Threat agent o Attack o Countermeasure o Exposure o Loss o Risk o Residual risk Processes involved in risk management: o Asset identification o Threat identification o Risk assessment o Risk response Security+ Exam Objectives: 2.1 Explain risk related concepts o Control types Technical Management Operational o Risk calculation Likelihood ALE Impact o Quantitative vs. qualitative o Risk-avoidance, transference, acceptance, mitigation, deterrence 2.2 Carry out appropriate risk mitigation strategies o Implement security controls based on risk o Implement policies and procedures to prevent data loss or theft 3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities o Risk calculations Threat vs. likelihood o Assessment types Risk Threat ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 59 Vulnerability SSCP Exam Objectives: 4.1 Understand Risk Management Process o Understand risk management concepts (e.g., impacts, threats, vulnerabilities) o Participate in risk assessment o Support mitigation activity (e.g., safeguards, countermeasures) o Address audit findings Lecture Focus Questions: What kinds of components are tangible assets? How can an asset have both a tangible and intangible value? Why is determining the value of an asset important to an organization? How is quantitative analysis different than qualitative analysis? Which components are used to measure risk quantitatively? What method is typically deployed in risk transference? Why is risk rejection not a wise risk response? Video/Demo Time 4.3.1 Risk Management 4:04 4.3.2 Security Controls 3:21 Total 7:25 Number of Exam Questions 15 questions Total Time About 30 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 60 Section 4.4: Incident Response Summary This section discusses strategies for responding to an incident during and after the incident. Concepts covered include: What is a security incident? Incident response plans Actions to take after an incident has been discovered Responding to a security incident: o Short-term (triage) actions o Mid-term (action/reaction) actions o Long-term (follow up) actions The role of the first responder The elements of incident response Considerations when responding to a security incident Ways investigations can be performed for computer systems: o Live analysis o Dead analysis Procedures for collecting and analyzing computer evidence Report the findings following the analysis Students will learn how to: Gather and authenticate forensic information from a system using a computer forensic tool. Analyze and record forensic evidence. View and build a case using the forensic evidence that has been gathered. Security+ Exam Objectives: 2.3 Execute appropriate incident response procedures o Basic forensic procedures Order of volatility Capture system image Capture video Network traffic and logs Record time offset Take hashes Screenshots Witnesses Track man hours and expense o Damage and loss control o Chain of custody o Incident response: first responder ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 61 SSCP Exam Objectives: 4.3 Participate in incident handling analysis o Understand the concepts of incident handling (e.g., discovery, escalation, reporting) o Understand the concept of forensic investigations (e.g., first responder, evidence handling, chain of custody, preservation of scene) Lecture Focus Questions: What actions should take place when an incident occurs? What types of things would a computer forensic investigator want to analyze if he selected a live analysis over a dead analysis? What methods can be used to save the contents of memory as part of a forensic investigation? How should you ensure the integrity of collected digital evidence? Why is chain of custody so important with forensic investigations? Video/Demo 4.4.1 First Responder 4.4.2 Basic Forensic Procedures 4.4.4 Using Forensic Tools Total Time 7:17 18:31 6:17 32:05 Number of Exam Questions 10 questions Total Time About 50 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 62 Section 4.5: Social Engineering Summary This section examines details about social engineering. Concepts covered include: Forms of social engineering: o Passive o Active Types of social engineering attacks: o Persuasive o Reciprocity o Social validation o Commitment o Scarcity o Friendship o Authority Social engineering attacks: o Shoulder surfing o Eavesdropping o Dumpster diving o Tailgating and Piggybacking o Masquerading o Phishing o Spear phishing o Caller ID spoofing o Hoax e-mails o Spyware/Adware o Pretexting Employee awareness training is the most effective countermeasure for social engineering Students will learn how to: Identify and ignore e-mail hoaxes to protect system resources. Train users to identify phishing scams by mousing over links, verifying the URL, and verifying HTTPS. Security+ Exam Objectives: 2.4 Explain the importance of security related awareness and training o User habits Prevent tailgating 3.2 Analyze and differentiate among types of attacks o Phishing ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 63 o Vishing o Spear phishing 3.3 Analyze and differentiate among types of social engineering attacks o Shoulder surfing o Dumpster diving o Tailgating o Impersonation o Hoaxes o Whaling o Vishing SSCP Exam Objectives: 7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data theft, DDoS, spoofing, phishing, pharming, spam) o Understand malicious web activity (e.g., cross site scripting, cross site request forgery, injection, social networking attacks) Lecture Focus Questions: How is passive social engineering different than active social engineering? What methods do attackers use to make an interaction appear legitimate? How is employee awareness training the most effective countermeasure for social engineering? What specific countermeasures should be implemented to mitigate social engineering? How is tailgating different than piggybacking? How does using bookmarks instead of e-mail links improve security? Video/Demo Time 4.5.1 Social Engineering 4:39 4.5.2 Phishing Variations 13:04 4.5.4 Investigating Social Engineering Attack Total 9:45 27:28 Lab/Activity Respond to Social Engineering ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 64 Number of Exam Questions 15 questions Total Time About 55 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 65 Section 4.6: Certification and Accreditation Summary This section examines using certification and accreditation to provide security. Concepts covered include: Security kernel Methods to determine levels of access: o Token o Security label o Capabilities list Methods used by secure operating systems to provide security: o Ring architecture o Security perimeter o Confinement o Bounds o Isolation o Layering o Abstraction o Hiding o Classification o Target of Evaluation (TOE) o Virtual machine Main modes of security used in a Protection Profile (PP): o Dedicated Security o System High o Compartmentalized o Multilevel Secure Concepts associated with the quality assurance process are: o The Target of Evaluation (TOE) o Security Target (ST) o Security Assurance Requirements (SARs) o Designated Approval authority (DAA) o Evaluation Assurance Level (EAL) No Assurance (EAL0) Functionally Tested (EAL1) Structurally Tested (EAL2) Methodically Tested and Checked (EAL3) Methodically Designed, Tested and Reviewed (EAL4) Semi-formally Designed and Tested (EAL5) Semi-formally Verified Design and Tested (EAL6) Formally Verified Design and Tested (EAL7) o Considerations regarding EAL levels o Levels of approval: Acceptance Certification ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 66 Accreditation Assurance Security+ Exam Objectives: 2.4 Provide security evaluation and assistance to the organization (e.g., product evaluation, data flow management) o Support certification and accreditation (i.e., security authorization) SSCP exam objectives: 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control o Trusted OS Lecture Focus Questions: Which methods does a reference monitor use to determine levels of access? Where is the reference monitor in relation to the security perimeter? How does layering provide security to an operating system? In a layered system, where does the operating system function? How does commercial classification labeling differ from military? How does acceptance differ from certification and accreditation? Video/Demo 4.6.1 Trusted Computing 4.6.2 Certification and Accreditation Total Time 10:01 5:20 15:21 Number of Exam Questions 12 questions Total Time About 40 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 67 Section 4.7: Development Summary In this section students will learn about the System Development Life Cycle (SDLC). SDLC is a systematic method for used for software development and implementation of system and security projects. Concepts covered include: Phases of the SDLC: o Project initiation o Functional design o System Design o Development and coding o Installation and implementation o Release o Operations and maintenance o End of life Change control Standardized models that developers use when developing new software are: o Ad-hoc o Waterfall planning o Structured programming o Prototype o Object-oriented programming o Spiral o Clean room o Extreme programming o Computer-Aided Software Engineering (CASE) Security+ Exam Objectives: 4.1 Explain the importance of application security o Secure coding concepts Error and exception handling Input validation SSCP Exam Objectives: 2.4 Provide security evaluation and assistance to the organization (e.g., product evaluation, data flow management) o Support certification and accreditation (i.e., security authorization) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 68 Lecture Focus Questions: How does the spiral model combine the waterfall model and the prototype model? How should security be employed in the different stages of development? What does functional design entail? When is change control necessary? What are the responsibilities of developers after a product is released? Video/Demo Time 4.7.1 System Development Life Cycle 8:40 4.7.2 System Development Life Cycle 2 7:49 Total 16:29 Number of Exam Questions 7 questions Total Time About 35 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 69 Section 4.8: Employee Management Summary This section discusses strategies for managing employees. Details covered include: The role of employee management Principles that should be part of employee management decisions: o Least privilege o Separation of duties o Two-man control Common employee-related security vulnerabilities: o Fraud o Collusion Employee security process: o Pre-employment o Employment o Termination Security awareness includes: o Security training o Security retraining o Random security audits Employee agreement documents: o Non-disclosure agreement (NDA) o Non-compete agreement o Ownership of materials agreement o Data handling and classification policy o Clean desk policy o Acceptable use agreement o Password security policy o Employee monitoring agreement o Exit interview cooperation agreement First day of employment documents: o Security policy o Employee Handbook o Job description Ethics Code of ethics Components of code of ethics: o Values o Principles o Management Support o Personal Responsibility o Compliance The (ISC)2 Code of Ethics canons include: ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 70 o Protect society, the common wealth, and the infrastructure (do no harm), o Act honorably, honestly, justly, responsibly, and legally (be a good person). o Provide diligent and competent service to the principles (be a good CISSP). o Advance and protect the security profession. Security+ Exam Objectives: 2.1 Explain risk related concepts o Importance of policies in reducing risk Privacy policy Acceptable use Security policy 2.4 Explain the importance of security related awareness and training o Data labeling, handling, and disposal o Compliance with laws, best practices, and standards o User habits Password behaviors Data handling Clean desk policies Prevent tailgating Personally owned devices SSCP Exam Objectives: 2.1 Adhere to Code of Ethics o Understand and comply with (ISC)2 code of ethics o Understand and comply with the organizational code of ethics 2.2 Perform Security Administrative Duties o Maintain adherence to security policies, baselines, standards, and procedures o Validate security controls Lecture Focus Questions: How can pre-employment processing improve the security of an organization? What is the role of the policy handbook regarding security? What guidelines must be considered when monitoring employees? Why should employees be required to sign employment agreements? How are separation of duties and two-man control different? How can collusion be avoided? What is the importance of a clear job description? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 71 Video/Demo 4.8.1 Employment Practices Time 13:45 Number of Exam Questions 15 questions Total Time About 40 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 72 Section 5.1: Physical Security Summary This section provides information about physical security. Concepts covered include: Factors for physical security: o Prevention o Detection o Recovery Important aspects of physical security Physical control measures: o Perimeter barriers o Closed-circuit television (CCTV) o Doors o Door locks o Physical access logs o Physical access controls The sequence of physical security: o Deter initial access attempts o Deny direct physical access o Detect the intrusion o Delay the violator to allow for response Implementing a layered defense system Tailgating and piggybacking Security+ Exam Objectives: 3.6 Analyze and differentiate among types of mitigation and deterrent techniques o Physical security Hardware locks Mantraps Video surveillance Fencing Proximity readers Access list o Detection controls vs. prevention controls Camera vs. guard 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control o Biometrics o Common access card o Personal identification verification card o Smart card ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 73 SSCP Exam Objectives: 4.2 Perform Security Assessment Activities o Review security configurations of infrastructure Security Pro Exam Objectives: 3.1 Harden Data Center Physical Access o Implement Access Rosters o Utilize Visitor Identification and control o Protect Doors and Windows o Implement Physical Intrusion Detection Systems Lecture Focus Questions: What types of physical controls can be implemented to protect the perimeter of a building? What is the difference between a mantrap and a double entry door? What types of doors are effective deterrents to piggybacking? How does an anti-passback system work? What types of devices are best suited for interior motion detection? Perimeter motion detection? How do physical access logs help to increase the security of a facility? Video/Demo 5.1.1 Physical Security 5.1.2 Tailgating and Piggybacking Total Time 18:39 3:28 22:07 Lab/Activity Implement Physical Security Number of Exam Questions 13 questions Total Time About 50 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 74 Section 5.2: Hardware Security Summary This section examines the following general hardware security guidelines: Checkout policy Room security Hardware locks Backup Storage Security+ Exam Objectives: 2.2 Carry out appropriate risk mitigation strategies o Implement policies and procedures to prevent data loss or theft 3.6 Analyze and differentiate among types of mitigation and deterrent techniques. o Physical security Hardware locks 4.2 Carry out appropriate procedures to establish host security. o Hardware security Cable locks Safe Locking cabinets SSCP Exam Objectives: 2.2 Perform Security Administrative Duties o Maintain adherence to security policies, baselines, standards, and procedures o Validate security controls o Develop and maintain systems and security control documentation Security Pro Exam Objectives: 3.1 Harden Data Center Physical Access o Utilize Visitor Identification and control o Protect Doors and Windows o Implement Physical Intrusion Detection Systems ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 75 Lecture Focus Questions: How can you protect computers that are placed in cubicles? What are the security guidelines you should implement to protect servers in your organization? How can you ensure that the memory and hard disks cannot be removed from a computer that is bolted to a desk? What types of details should a hardware checkout policy include? Video/Demo Time 5.2.1 Hardware Security Guidelines 7:50 5.2.2 Breaking into a System 7:30 Total 15:20 Number of Exam Questions 2 questions Total Time About 20 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 76 Section 5.3: Environmental Controls Summary This section discusses how environmental controls can be implemented to protect computer systems. Details covered include: Power conditions to be aware of: o Surge/Spike o Sag/Dip o Brownout o Blackout o Fault o Transient Recommendations for preventing or correcting infrastructure problems for: o HVAC system o AC power o Water and gas Interference: o Electro-magnetic interference (EMI) o Radio Frequency interference (RFI) Shielding Recommendations for the location of the data center Environmental monitoring: o Temperature o Air flow o Humidity Using hot and cold aisles with server rooms to reduce the temperature of server rooms. Elements required for fire: o Fuel o Heat o Oxygen o Chemical reaction between oxygen and the fuel Primary fire-suppression systems: o Portable o Fixed Extinguishing agents used to suppress fire: o Water o Gas that displaces oxygen o Dry chemicals such as sodium bicarbonate, wet chemicals and foam used to extinguish fuel from burning US fire classes and suppressant types Considerations when responding to fire emergencies ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 77 Security+ Exam Objectives: 2.6 Explain the impact and proper use of environmental controls o HVAC o Fire suppression o EMI shielding o Hot and cold aisles o Environmental monitoring o Temperature and humidity controls o Video monitoring SSCP Exam Objectives: 2.4 Perform Change Management Duties o Understand the impact of changes to the environment Lecture Focus Questions: What temperature range protects equipment from overheating? What is a good HVAC practice to help prevent electrostatic discharge? What is the difference between a positive pressure system and a negative pressure system? Which is the best to use in a server room? What is the difference between a sag and a brownout? How does a deluge sprinkler function differently than a wet pipe system? What should you do first in the event of a fire? When using a portable fire extinguisher, it is recommended that you use the PASS system to administer the fire suppressant. How does the PASS system work? What is the recommended range for extinguishing a small fire using a fire extinguisher? What are the advantages of using a gas as a fire suppressant? Disadvantages? Video/Demo 5.3.1 Environmental Controls 5.3.2 Environmental Monitoring 5.3.3 Hot and Cold Aisles Total ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro Time 6:00 11:33 5:17 22:50 78 Number of Exam Questions 11 questions Total Time About 45 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 79 Section 5.4: Mobile Devices Summary In this section students will explore securing mobile devices. Details about the following concepts will be covered: Mobile devices include: o Smartphones o Laptops o PC tablets o PDAs o Other small handheld computing devices Considerations for mobile devices: o Request process o Acceptable Use o Personal Identification Number (PIN) o Lockout or screen lock o Encryption o Remote wipe o Reporting system o Global Positioning System (GPS) Train employees on security considerations Security+ Exam Objectives: 4.2 Carry out appropriate procedures to establish host security o Mobile devices Screen lock Strong password Device encryption Remote wipe/sanitation Voice encryption GPS tracking 4.3 Explain the importance of data security o Data encryption Mobile devices SSCP Exam Objectives: 2.7 Understand the concepts of endpoint device security (e.g., virtualization, thin clients, thick clients, USB devices, mobile devices) Security Pro Exam Objectives: 2.1 Promote Information Security Awareness o Traveling with Personal Mobile Devices ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 80 o o o o Exchanging content between Home and Work Password Management Photo/GPS Integration Information Security Lecture Focus Questions: What types of electronic devices are considered part of the mobile devices group? How do you unlock a mobile device after it has gone into lockout? Under what conditions would you consider using remote wipe on a mobile device? What mobile device feature can display its current location if lost or stolen? What security technique ensures data confidentiality if a mobile device is lost or stolen? Video/Demo 5.4.1 Mobile Device Security 5.4.2 Securing Mobile Devices Total Time 7:33 10:20 17:53 Lab/Activity Secure an iPad Number of Exam Questions 3 questions Total Time About 30 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 81 Section 5.5: Telephony Summary In this section students will learn the basics of telephony, the transmission of voice communication. Concepts covered include: Implementations of voice communications: o Public Switched Telephone Network (PSTN) o Voice over IP (VoIP) VoIP terms: o Convergence o H.323 o IPT (Internet Protocol Telephony) o Real Time protocol (RTP) o Session Initiation Protocol (SIP) o Service Delivery Platform (SDP) o Media stream o Softswitch o Voice gateway Common exploitation attacks: o Cramming o Slamming o War dialing o Denial of Service (DoS) o Cross-site Scripting (XSS) o Cross Site Request Forgery (CSRF) Common cell phone exploitation attacks: o Cloning o Sniffing o Tumbling Considerations when managing telephony solutions Security+ Exam Objectives: 1.3 Distinguish and differentiate network design elements and compounds o Telephony SSCP Exam Objectives: 6.2 Understand Telecommunications o Technology (e.g., VoIP, facsimile, PSTN) o Common Vulnerabilities ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 82 Lecture Focus Questions: What methods can be used to send digital data through Plain Old Telephone System (POTS) lines? What are common threats to a PBX system? How do you secure the PBX? What types of security issues must be considered when using VoIP? What is the difference between cramming and slamming? What countermeasures protect against war dialing? What is the function of the SIP protocol? How can VLANs increase network security on systems with VoIP implemented? Video/Demo 5.5.1 Telephony Time 15:00 Number of Exam Questions 4 questions Total Time About 25 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 83 Section 6.1: Networking Review Summary This section reviews elements of networking design. Details covered include: Open System Interconnection (OSI) model layers o Application (Layer 7) o Presentation (Layer 6) o Session (Layer 5) o Transport (Layer 4) o Network (Layer 3) o Data Link (Layer 2) o Physical (Layer 1) IP Addresses o IPv4 address is a 32-bit binary number between 0 and 255 Converting binary to decimal and vice versa Subnet mask IPv4 classes o IPv6 address is a 128-bit binary number Prefix Interface ID The role of subnetting Custom subnet masks Major protocols: o Transmission Control Protocol (TCP) o User Datagram Protocol (UDP) o Internet Protocol (IP) o Internetwork Packet Exchange (IPX) o Network Basic Input/Output System (NetBIOS) o Internet Control Message Protocol (ICMP) o Address Resolution Protocol (ARP) o Domain Name System (DNS) o Simple Network Management Protocol (SNMP) The role of ports Internet Corporation for Assigning Names and Numbers (ICANN) categories for ports: o Well-known o Registered o Dynamic Considerations regarding ports ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 84 Students will learn how to: Configure IPv6 Configure subnetting Analyze a TCP three-way handshake Security+ Exam Objectives: 1.3 Distinguish and differentiate network design elements and compounds o Subnetting 1.4 Implement and use common protocols o IPv4 vs. IPv6 1.5 Identify commonly used default network ports o FTP o SFTP o FTPS o TFTP o TELNET o HTTP o HTTPS o SCP o SSH o NetBIOS SSCP Exam Objectives: 6.1 Understand Security issues related to Networks o OSI and TCP/IP Models o Network topographies and relationships (e.g., token ring, star, bus, Ethernet) o Commonly use ports and protocols o Network security concepts (e.g., address translation, defense in depth, IP addressing) Lecture Focus Questions: What is the OSI model and why is it important in understanding networking? What are the advantages of using a theoretical model to describe networking? What type of network would the 192.168.174.34 address represent? What are the two parts of an IPv6 address? What do they represent? Under what conditions would you choose to subnet a network? What are the major differences between TCP and UDP? How can ICMP messages be used to provide a valuable security tool? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 85 What is the best practice when deciding which protocol ports to allow through a network firewall? Why would an administrator find it important to run a port scanner on the system? Video/Demo 6.1.1 OSI Model 6.1.3 IP Addressing 6.1.5 Configuring IPv6 6.1.6 IP Subnetting Time 4:08 17:22 2:39 12:35 6.1.7 Configuring Subnetting 8:07 6.1.9 Network Protocols 4:45 6.1.11 Analyzing a TCP Three-way Handshake 2:14 6.1.12 TCP and UDP Ports 9:02 Total 60:52 Number of Exam Questions 15 questions Total Time About 95 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 86 Section 6.2: Perimeter Attacks Summary This section discusses different types of attacks and the countermeasures for them to improve security. Details covered include: Reconnaissance types: o Organizational o Technical Basic stages of reconnaissance: o Passive reconnaissance o Active scanning Countermeasures for preventing reconnaissance Denial of Service attacks (DoS) Distributed Denial of Service (DDoS) attacks Distributed Reflective Denial of Service (DRDoS) DoS attacks that use the ICMP protocol: o Ping flood o Ping of death o Smurf DoS attacks that exploit the TCP protocol: o SYN flood o LAND o Christmas (Xmas) Tree DoS attacks that exploit the UDP protocol include: o Fraggle o Teardrop Countermeasures for DoS and DDos Common methods of session based attacks include: o Man-in-the-middle o TCP/IP hijacking o HTTP (session) hijacking o Replay attack o Null session Common methods of spoofing: o IP spoofing o MAC spoofing o ARP spoofing Countermeasures to prevent spoofing DNS-based attacks Main methods to attack DNS servers o Reconnaissance o DNS poisoning o Domain name kiting Using the HOSTS file to improve security ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 87 Students will learn how to: View and analyze captured traffic using a network analyzer. Analyze captured traffic to determine the extent to which the bandwidth is being compromised. Perform a port scan on a system using netstat to determine connections and listening ports. Perform a port scan using nmap to find all the open ports on a remote system. Use a UDP flooder to test network bandwidth. Scan for MAC addresses and the corresponding IP addresses using a MAC address scanning tool. Perform an ARP poisoning attack on a host to identify vulnerabilities. Use a sniffer to detect an unusually high traffic pattern of ARP replies. Perform queries on name server records using nslookup. Restrict zone transfers to specific servers. Map malicious Web sites to a loopback address (127.0.0.1) in the HOSTS file. Identify who has registered a domain name using Whois.net and SamSpade.org. Gather organizational information using Google, job boards, or other common Internet tools. Security+ Exam Objectives: 3.2 Analyze and differentiate among types of attacks o DDoS o DoS o Smurf attack o Xmas attack o DNS poisoning and ARP poisoning o Session hijacking 3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities o Tools Port scanner SSCP Exam Objectives: 7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data theft, DDoS, spoofing, phishing, pharming, spam) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 88 Lecture Focus Questions: What types of resources make organizational reconnaissance so readily available? How is footprinting used to determine the operating system of the recipient? How does a Distributed Reflective Denial of Service (DRDoS) increase the severity of a DoS attack? What countermeasures will help to mitigate DoS and DDoS attacks? Why is a man-in-the-middle attack so dangerous for the victim? What countermeasures can be used to control TCP/IP hijacking? What methods should you employ to prevent a replay attack? What countermeasures can help prevent spoofing? What is the difference between a primary and a secondary DNS server? How does domain name kiting work? In what ways can the HOSTS file be used to improve security? Video/Demo Time 6.2.1 Reconnaissance 2:40 6.2.2 Performing Reconnaissance 9:01 6.2.4 Denial of Service (DoS) 7:49 6.2.5 Xmas Tree Attacks 3:23 6.2.7 Performing a UDP Flood Attack 3:54 6.2.8 Session and Spoofing Attacks 6:41 6.2.10 Performing ARP Poisoning 4:24 6.2.12 DNS Attacks 4:30 6.2.14 Examining DNS Attacks Total 11:12 53:34 Number of Exam Questions 15 questions Total Time About 90 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 89 Section 6.3: Security Appliances Summary This section provides basic information about security appliances. Concepts covered include: The role of security zones Common zones: o Intranet o Internet o Extranet o Demilitarized Zone Network security solutions: o Proxy server o Internet content filter o Network Access Control (NAC) o All-in-one security appliance Students will learn how to: Enable Parental Controls for a user and configure control settings for allowed Web sites, time limits, games, and specific programs. Enable activity reporting to view Web browsing activities of a user in which you have configured parental controls. Manage users on a security appliance. Restrict access to a security appliance based on IP address. Use a security appliance to set a user for LAN access only. Security+ Exam Objectives: 1.1 Explain the security function and purpose of network devices and technologies o Proxies o Spam filter, all-in-one security appliances o Web application firewall vs. network firewall o URL filtering, content inspection, malware inspection 1.3 Distinguish and differentiate network design elements and compounds o NAC SSCP Exam Objectives: 6.1 Understand Security issues related to Networks o Admission control (e.g., NAC, remediation, quarantine) 6.4 Understand Firewalls & Proxies ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 90 o Methods (e.g., application filtering, packet filtering, stateful/stateless inspection) o Types (e.g., host based, network based) Security Pro Exam Objectives: 4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance) 7.1 Implement Application Defenses o Configure Parental Controls to enforce Web content filtering Lecture Focus Questions: To which security device might you choose to restrict access by user account? What types of restrictions can be configured for proxy servers? What types of entities commonly use Internet content filtering software? What functions does keyword filtering provide? How can Network Access Controls (NAC) help to improve the security of a network? Video/Demo Time 6.3.1 Security Solutions 4:02 6.3.2 Security Zones 5:31 6.3.4 All-In-One Security Appliances 4:30 6.3.6 Configuring Network Security Appliance Access 6:55 Total 20:58 Lab/Activity Configure Network Security Appliance Access Number of Exam Questions 3 questions Total Time About 35 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 91 Section 6.4: Demilitarized Zones (DMZ) Summary This section examines the role of demilitarized zones (DMZ). Terms discussed that are related to DMZs are: Bastian or sacrificial host Screening router Duel-homed gateway Screened host gateway Screened subnet Students will learn how to: Add a server to a DMZ. Configure a DMZ port to act as a DHCP Server. Security+ Exam Objectives: 1.1 Explain the security function and purpose of network devices and technologies o Firewalls 1.3 Distinguish and differentiate network design elements and compounds o DMZ Security Pro exam objectives: 4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance) o Change the Default Username and Password o Configure a Firewall o Create a DMZ Lecture Focus Questions: How is a honey pot used to increase network security? How is a gateway different from a router? What is the typical configuration for a DMZ configured as dual-homed gateway? A screened subnet uses two firewalls. What are the functions of each firewall? What type of computers might exist inside of a demilitarized zone (DMZ)? What makes bastion hosts vulnerable to attack? What should you do to harden bastion hosts? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 92 Video/Demo Time 6.4.1 Demilitarized Zones (DMZ) 9:49 6.4.2 Configuring a DMZ 5:42 Total 15:31 Lab/Activity Configure a DMZ Number of Exam Questions 7 questions Total Time About 30 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 93 Section 6.5: Firewalls Summary This section discusses basic information about firewalls. Concepts covered include: Firewall o Network-based firewall o Host-based firewall Firewall types: o Packet filtering o Stateful o Application Managing firewalls Students will learn how to: Enable Windows Firewall and configure exceptions to control communications through the firewall. Configure inbound and outbound rules to control traffic. Create a custom rule to allow ICMP Echo Requests through a firewall. Import and export firewall rules to other machines to create firewalls with uniform settings. Security+ Exam Objectives: 1.1 Explain the security function and purpose of network devices and technologies o Firewalls o Web application firewall vs. network firewall 1.2 Apply and implement secure network administration principles o Firewall rules SSCP Exam Objectives: 6.4 Understand Firewalls & Proxies o Methods (e.g., application filtering, packet filtering, stateful/stateless inspection) o Types (e.g., host based, network based) o Common Vulnerabilities ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 94 Security Pro Exam Objectives: 4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance) o Configure a Firewall Lecture Focus Questions: What is the difference between a network-based firewall and a host-based firewall? When would you choose to implement a host-based firewall? What traffic characteristics can be specified in a filtering rule for a packet filtering firewall? How does a packet filtering firewall differ from a circuit-level gateway? Why is a packet filtering firewall a stateless device? What types of filter criteria can an application layer firewall use for filtering? Video/Demo Time 6.5.1 Firewalls 5:33 6.5.3 Configuring a Perimeter Firewall 9:46 Total 15:19 Lab/Activity Configure a Perimeter Firewall Number of Exam Questions 15 questions Total Time About 40 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 95 Section 6.6: Network Address Translation (NAT) Summary This section examines using a Network Address Translation (NAT) router to translate multiple private addresses into a single registered IP address. Concepts covered include: NAT implementations: o Network Address and port Translation o Static NAT o Dynamic and Static NAT Considerations when implementing NAT Students will learn how to: Install and configure the Network Address Translation (NAT) IP routing protocol on a router. Configure the NAT router to act as a DHCP server. Configure the NAT router to act as a DNS proxy. Security+ Exam Objectives: 1.3 Distinguish and differentiate network design elements and compounds o NAT Lecture Focus Questions: How has NAT extended the use of IPv4? How does a NAT router associate a port number with a request from a private host? What are the three ways in which NAT can be implemented? Where is NAT typically implemented? Why do private networks have a limited range of IP addresses they can use? Video/Demo 6.6.1 Network Address Translation 6.6.2 Configuring NAT Total ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro Time 15:57 5:11 21:08 96 Number of Exam Questions 6 questions Total Time About 30 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 97 Section 6.7: Virtual Private Networks (VPN) Summary This section discusses using a virtual private network (VPN) to securely send data over an untrusted network. Details include: VPNs work by using a tunneling protocol Way VPNs can be implemented: o Host-to-host VPN o Site-to-site VPN o Remote access VPN Tunnel endpoints Types of protocols used by VPNs: o Carrier protocol o Tunneling protocol o Passenger protocol Common VPN tunneling protocols: o Point-to-Point Tunneling Protocol (PPTP) o Layer 2 Forwarding (L2F) o Layer Two Tunneling Protocol (L2TP) o Internet Protocol Security (IPSec) o Secure Sockets Layer (SSL) Students will learn how to: Configure a remote access VPN connection. Security+ Exam Objectives: 1.1 Explain the security function and purpose of network devices and technologies o VPN concentrator SSCP Exam Objectives: 6.3 Understand remote access o Technology (e.g., think client, SSL/VPN) o Common vulnerabilities Security Pro Exam Objectives: 4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance) o Configure a Firewall ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 98 Lecture Focus Questions: What are the three ways VPNs can be implemented? What is a VPN concentrator? What function do VPN endpoints provide? Which IPsec mode does not encrypt the header of a transmission? Why? What are the three types of protocols used by VPNs? Which IPsec protocol does not encrypt data? Video/Demo 6.7.1 Virtual Private networks (VPNs) 6.7.2 Configuring a VPN Total Time 10:16 4:25 14:41 Lab/Activity Configure a Remote Access VPN Configure a VPN Connection iPad Number of Exam Questions 11 questions Total Time About 40 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 99 Section 6.8: Web Threat Protection Summary In this section students will learn about following protections against web threats. Website/URL content filtering Web threat filtering Gateway E-mail Spam blockers Virus blockers Antiphishing software Students will learn how to: Configure web threat protection. Security+ Exam Objectives: 1.1 Explain the security function and purpose of network devices and technologies o URL filtering, content inspection, malware inspection Security Pro Exam Objectives: 4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance) o Implement Web Threat Protection 7.1 Implement Application Defenses o Configure Parental Controls to enforce Web content filtering Lecture Focus Questions: How have web threats become more sophisticated? Which web threat protections prevent a user from visiting restricted websites? How is web threat filtering implemented? What types of filters can be used by spam blockers? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 100 Video/Demo Time 6.81 Web Threat Protection 9:29 6.8.2 Configuring Web Threat Protection 4:26 Total 13:55 Lab/Activity Configure web threat protection. Number of Exam Questions 2 questions Total Time About 25 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 101 Section 6.9: Network Access Control (NAC) Summary In this section students will explore network access control (NAC). Details about the following concepts will be covered: Components of Network Access Protection (NAP): o NAP Client o NAP Server o Enforcement Server (ES) o Remediation Server Enforcement point types: o DHCP o Remote Desktop (RD) Gateway o VPN o 802.1x o IPSec Students will learn how to: Configure Network Access Protection to restrict network access to only clients that meet specified health criteria. Add the necessary role services to implement Network Access Protection (NAP). Enable NAP on an enforcement point. Create domain and server isolation rules. Configure system health validator and health policy settings. Security+ Exam Objectives: 1.3 Distinguish and differentiate network design elements and compounds o NAC SSCP Exam Objectives: 6.1 Understand Security issues related to Networks o Admission control (e.g., NAC, remediation, quarantine) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 102 Lecture Focus Questions: How do remediation servers and auto-remediation help clients become compliant? What server role service do you add to configure a server as an enforcement point for NAP? How do you define the quarantine network when using 802.1x enforcement? Which enforcement method uses a Health Registration Authority (HRA)? What type of communication occurs in the boundary network when using IPsec enforcement? Video/Demo Time 6.9.1 Network Access Protection 19:58 6.9.2 Implementing NAP with DHCP Enforcement 15:56 Total 35:54 Number of Exam Questions 4 questions Total Time About 45 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 103 Section 6.10: Wireless Attacks Summary In this section students will learn about security attacks that wireless networks are vulnerable to: Rogue access point War driving War chalking Packet sniffing Initialization Vector (IV) attack Interference Bluetooth Security+ Exam Objectives: 3.4 Analyze and differentiate among types of wireless attacks o Rogue access points o Interference o Evil twin o War driving o Bluejacking o Bluesnarfing o War chalking o IV attack o Packet sniffing SSCP Exam Objectives: 6.5 Understand Wireless and Cellular Technologies o Common Vulnerabilities Lecture Focus Questions: What steps can you take to protect your wireless network from data emanation? What is the difference between bluejacking and bluesnarfing? Why is a successful bluebugging attack more dangerous for the victim than a bluesnarfing attack? What is the best method to protect against attacks directed towards Bluetooth capabilities? What is the difference between a rogue access point and evil twin? How can you protect your network against rogue access points? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 104 Video/Demo 6.10.1 Wireless Attacks 6.10.3 Using Wireless Attack Tools Total Time 13:28 9:06 22:34 Number of Exam Questions 12 questions Total Time About 40 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 105 Section 6.11: Wireless Defenses Summary This section discusses defenses to secure wireless transmissions. Details include: Wireless networking concepts: o Wireless access point (WAP) o Wireless interface o Wireless bridge o Wireless configuration o Worldwide interoperability for Microwave Access (WiMAX) o SM (Global System for Mobile Communications) o Near field communication (NFC) Precautions to protect sensitive data transmitted over wireless devices: o Always treat a wireless network as though it were a publicly accessible network o Implement standard security measures o Set the WEP broadcast traffic key to be renegotiated at a certain interval o Disable DHCP on the WAP Additional security considerations: o SSID Configuration o MAC address filtering o Antenna placement, power level, and orientation o Encryption o Authentication Methods used to provide security for wireless networking: o Wired Equivalent Privacy (WEP) o Wi-Fi Protected Access (WPA) o Wi-Fi Protected Access 2 (WPA2) or 802.11i Considerations when using 802.1x authentication for wireless networks Extensible protocols that support 802.1x authentication: o Extensible Authentication Protocol (EAP) o Light-weight Extensible Authentication Protocol (LEAP) o Protected Extensible Authentication Protocol (PEAP) Students will learn how to: Configure a wireless access point by disabling the SSID broadcast and enabling security. Configure a wireless network profile to automatically connect even if the SSID broadcast is turned off. Scan a network to detect wireless access points and determine if the access points are secure. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 106 Security+ Exam Objectives: 1.2 Apply and implement secure network administration principles o 802.1x 1.6 Implement a wireless network in a secure manner o WPA o WPA2 o WEP o EAP o PEAP o LEAP o MAC filter o SSID broadcast o TKIP o CCMP o Antenna Placement o Power level controls 5.1 Explain the function and purpose of authentication services o RADIUS 6.2 Use and apply appropriate cryptographic tools and products o WEP vs. WPA/WPA2 and preshared key SSCP Exam Objectives: 6.5 Understand Wireless and Cellular Technologies o Protocols (e.g., WPA, WPA2, TKIP) o Technology (e.g., Bluetooth, RFID, 802.11, WiMax, GSM, 3G, NFC) Security Pro Exam Objectives: 4.2 Secure a Wireless Access Point (WAP) o Change the Default Username, Password, and Administration limits o Implement WPA2 o Configure Enhanced Security MAC filtering SSID cloaking Power Control Lecture Focus Questions: How does turning off the SSID broadcast help to secure the wireless network? What methods can you use to secure a wireless network from data emanation? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 107 What does open authentication use for authenticating a device? Why is this not a very secure solution? What two additional components are required to implement 802.1x authentication? What does WEP use for the encryption key? Why does this present a security problem? Why should you not use shared key authentication with WEP? What is the difference between WPA Personal and WPA Enterprise? You have an access point that currently supports only WEP. What would you typically need to do to support WPA2? What is the encryption method used with WPA? WPA2? Video/Demo 6.11.1 Wireless Networking Overview 6.11.2 Wireless Security Considerations Time 5:35 12:54 6.11.4 Wireless Encryption 6:45 6.11.5 Wireless Authentication 4:40 6.11.7 Configuring a Wireless Access Point 19:54 6.11.8 Configuring a Wireless Connection 12:22 Total 62:10 Lab/Activity Secure a Wireless Network Secure a Wireless Network 2 Configure a Wireless Profile Number of Exam Questions 15 questions Total Time About 105 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 108 Section 7.1: Network Devices Summary This section examines the characteristics of the following common network devices: Network Interface Card (NIC) Hub Wireless Access Point (WAP) Switch Bridge Router Gateway Security+ Exam Objectives: 1.1 Explain the security function and purpose of network devices and technologies o Routers o Switches Lecture Focus Questions: What are the security advantages of using switches over hubs? What security problems could static routing pose on a large network? What security threat do broadcasts allow? What information does a router ACL use to allow or reject packets? Video/Demo 7.1.1 Network Devices Time 5:51 Number of Exam Questions 6 questions Total Time About 15 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 109 Section 7.2: Network Device Vulnerabilities Summary In this section students will learn about the following network device vulnerabilities: Default accounts and passwords Weak passwords Privilege escalation Backdoor Students will learn how to: Search a database for default passwords for network devices. Security+ Exam Objectives: 3.1 Analyze and differentiate among types of malware o Backdoors 3.2 Analyze and differentiate among types of attacks o Privilege escalation 5.3 Implement appropriate security controls when performing account management o Account policy enforcement Password complexity Expiration Recovery Length Disablement Lockout Lecture Focus Questions: For security considerations, what is the first thing you should do when new hardware and software is turned on for the first time? What are the characteristics of a complex password? How is privilege escalation different than hacking into a system to gain access to resources? What measures should be completed to protect against backdoors? Video/Demo Time 7.2.1 Device Vulnerabilities 1:47 7.2.3 Searching Defaultpasswords.com 1:30 ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 110 7.2.4 Securing a Switch Total 3:21 6:38 Lab/Activity Secure a Switch Number of Exam Questions 2 questions Total Time About 15 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 111 Section 7.3: Switch Attacks Summary This section discusses common attacks that are perpetrated against switches: MAC flooding ARP spoofing/poisoning MAC spoofing Dynamic Trunking Protocol (DTP) Students will learn how to: Secure a switch. Security+ Exam Objectives: 3.2 Analyze and differentiate among types of attacks o Spoofing o DNS poisoning and ARP poisoning Security Pro Exam Objectives: 5.1 Harden Network Devices (using a Cisco Small Business Switch) o Implement Port Security Lecture Focus Questions: What types of attacks are commonly perpetrated against switches? How does MAC flooding make a switch function as a hub? What is this state called? How are switches indirectly involved in ARP poisoning? How does the attacker hide his identity when performing MAC spoofing? What is a more secure alternative to using the Dynamic Trunking Protocol (DTP)? Video/Demo 7.3.1 Switch Attacks Time 5:04 Number of Exam Questions 4 questions Total Time About 10 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 112 Section 7.4: Router and Switch Security Summary This section discusses actions to take to increase router and switch security. Concepts covered include: General actions to secure routers: o Secure passwords o Secure protocols o Physical security o Secure configuration file Switch features that can be implemented to increase network security: o Virtual LAN (VLAN) o MAC filtering/port security o Port authentication (802.1x) Considerations when implementing switch security Switching loop Types of ports used by the spanning tree protocol: o Root ports o Designated ports o Blocked ports Ports in the spanning tree protocol exist in one of five states: o Blocking o Listening o Learning o Forwarding o Disabled Students will learn how to: Create VLANs and assign switch ports to VLANs. Configure a trunk port on a switch. Harden a switch. Secure access to a new switch. Security+ Exam Objectives: 1.2 Apply and implement secure network administration principles o VLAN management o Secure router configuration o Port Security o 802.1x o Flood guards o Loop protection 1.3 Distinguish and differentiate network design elements and compounds ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 113 o VLAN 1.4 Implement and use common protocols o SSH o HTTPS o SCP 3.6 Analyze and differentiate among types of mitigation and deterrent techniques o Physical security o Hardware locks Mantraps Video surveillance Fencing Proximity readers Access list o Port security MAC limiting and filtering 802.1x Disabling unused ports Lecture Focus Questions: How does a switch identify devices that are in different VLANs? What is the function of a trunk port? When trunking is used, how is the receiving switch able to identify which VLAN the frame belongs to? What is required for devices to communicate between VLANs? How is port security different from port filtering? Which secure protocols should you use to remotely manage a router? Video/Demo Time 7.4.1 Router Security 8:56 7.4.3 Switch Security 13:01 7.4.4 Switch Loop Protection 10:46 7.4.6 Configuring VLANs from the CLI 4:32 7.4.8 Configuring VLANs 3:32 7.4.10 Hardening a Switch Total ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 14:10 54:57 114 Lab/Activity Explore VLANs from the CLI Explore VLANs Harden a Switch Secure Access to a Switch Secure Access to a Switch 2 Number of Exam Questions 14 questions Total Time About 100 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 115 Section 7.5: Intrusion Detection and Prevention Summary In this section students will learn the basics of intrusion detection and prevention. Concepts covered include: The role of an intrusion detection system (IDS) State of how IDS is labeled: o Positive o False positive o Negative o False negative Typical detection systems: o Response capability o Recognition method o Detection scope Fake resources to protect servers and networks: o Honeypot o Honeynet o Tarpit (also called a sticky honeypot) Students will learn how to: Monitor network activity using intrusion detection software to capture and view network traffic. Security+ Exam Objectives: 1.1 Explain the security function and purpose of network devices and technologies o NIDS and NIPS (Behavior based, signature based, anomaly based, heuristic) 2.1 Explain risk related concepts o False positives 3.6 Analyze and differentiate among types of mitigation and deterrent techniques o Detection controls vs. prevention controls IDS vs. IPS 3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities o Vulnerability scanning and interpret results o Tools Honeypots Honeynets ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 116 SSCP Exam Objectives: 3.1 Maintain Effective Monitoring Systems (e.g., continuous monitoring) o Monitor Intrusion Detection/Prevention Systems o Review systems for unauthorized changes (i.e., file integrity checkers, honeypots, unauthorized connections) o Monitor deviations from normal activity (e.g., white lists, anomaly detection, profiling) o Install and configure agents and management systems 3.2 Analyze Monitoring Results (e.g., review and analysis of log and reports, false positives, communicate findings) 7.2 Implement Malicious Code Countermeasures o Scanners (e.g., heuristic, integrity checker, signatures) o Deploy and manage anti-malware o Containment & Remediation Lecture Focus Questions: What does it mean when traffic is labeled as a false negative? What data sources does an IDS system use to gather information that it will analyze to find attacks? How does an IPS differ from an IDS? What type of recognition method is used by most virus scanning software? What is the advantage to using a network-based IDS instead of a hostbased IDS? What are the security reasons for using a honeypot or honeynet? After an attack, what types of data should you backup to retain information about the attack for future investigations? Video/Demo Time 7.5.1 Intrusion Detection 7:31 7.5.2 Detection vs. Prevention Controls 7:50 7.5.4 Implementing Intrusion Monitoring 3:33 7.5.5 Implementing Intrusion Prevention 7:51 Total 26:45 Lab/Activity Implement Intrusion Prevention ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 117 Number of Exam Questions 15 questions Total Time About 55 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 118 Section 8.1: Malware Summary This section provides an overview of malware. Concepts covered include: Common malware: o Virus o Worm o Trojan horse o Zombie o Botnet o Rootkit o Logic bomb o Spyware o Adware o Ransomware o Scareware o Crimeware Terms related to exploiting software and system vulnerabilities: o Hacker o Cracker o Script kiddy o Phreaker Historic malware events: o Stoned o Michelangelo o CHI/Chernobyl Virus o Melissa o I Love You o Code Red o Nimda o Klez Actions to take to prevent being infected with malware Actions to take to recover from malware Students will learn how to: Scan a system with anti-malware software to identify potential threats. Configure Windows Defender protections to secure a network from malware. Quarantine and remove malware. Analyze startup programs to detect possible malware. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 119 Security+ Exam Objectives: 3.1 Analyze and differentiate among types of malware o Adware o Virus o Worms o Spyware o Trojan o Rootkits o Backdoors o Logic bomb o Botnets 3.6 Analyze and differentiate among types of mitigation and deterrent techniques o Monitoring system logs Event logs Access logs o Reporting Alarms Alerts Trends o Detection controls vs. prevention controls IDS vs. IPS 4.2 Carry out appropriate procedures to establish host security o Operating system security and settings o Anti-malware Anti-virus Anti-spam Anti-spyware Pop-up blockers SSCP Exam Objectives: 7.1 Identify Malicious Code (e.g., virus, worms, Trojan horses, logic bombs) o Understand the concepts of rootkits o Understand types of malware (e.g., spyware, scareware, ransomware) o Understand the concepts of Trapdoors & Backdoors o Understand the concepts of Botnets o Understand the concepts of Mobile Code 7.2 Implement Malicious Code Countermeasures o Scanners (e.g., heuristic, integrity checker, signatures) o Deploy and manage anti-malware o Containment & Remediation ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 120 o Software Security (e.g., code signing, application review, server side input validation) 7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data theft, DDoS, spoofing, phishing, pharming, spam) o Understand malicious web activity (e.g., cross site scripting, cross site request forgery, injection, social networking attacks) o Understand the concept of zero day exploits o Understand the concept of Advanced Persistent Threat (APT) 7.4 Implement Malicious Activity Countermeasures (e.g., user awareness, system hardening). Lecture Focus Questions: What is the difference between a virus and a worm? Which types of malware can be spread through e-mail? How are Trojans and botnets related? What does it mean for software to be quarantined? Why is it a good practice to show file extensions? In addition to implementing virus scanning software, what must you do to ensure that you are protected from the latest virus variations? Video/Demo 8.1.1 Malware Time 9:28 8.1.4 Implementing Malware Protections 23:43 8.1.5 Using Windows Defender 14:22 Total 47:33 Lab/Activity Configure Windows Defender Number of Exam Questions 14 questions Total Time About 80 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 121 Section 8.2: Password Attacks Summary This section provides information about password attacks. Concepts covered include: Methods that threat agents use to discover or crack passwords o Tools to check for unencrypted or weakly encrypted passwords o Social engineering o Brute force attacks o Tools to crack passwords: Programs such as SnadBoy’sRevelation Keylogging software Rainbow tables Hashed passwords collection methods Strategies to protect against password attacks o Educate users on how to create and remember strong passwords o Protect access to the password file o Salt the has to mitigate rainbow table attacks o Implement two-factor authentication Students will learn how to: Analyze the strength of passwords by using a rainbow table to perform a cryptanalysis attack on the hashed values of passwords. Use SnadBoy's Revelation to reveal a password. Use a keylogger to capture a password. Security+ Exam Objectives: 2.4 Explain the importance of security related awareness and training o User habits Password behaviors 3.6 Analyze and differentiate among types of mitigation and deterrent techniques o Hardening Password protection 5.3 Implement appropriate security controls when performing account management o Account policy enforcement Password complexity Lockout ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 122 Lecture Focus Questions: How are attackers able to recover passwords? What are the characteristics of a complex password? What are the differences between brute force and dictionary attacks? How does account lockout help secure an account? What technique will mitigate rainbow table attacks? Video/Demo Time 8.2.1 Password Attacks 2:04 8.2.3 Using Rainbow Tables 4:48 8.2.4 Capturing Passwords 5:40 Total 12:32 Number of Exam Questions 3 questions Total Time About 20 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 123 Section 8.3: Windows System Hardening Summary In this section students will learn about hardening a Windows system. Concepts covered include: The role of hardening to secure devices and hardware Recommendations for hardening systems Types of updates o Hotfix o Patch o Service pack Consideration when managing updates Students will learn how to: Harden a system by changing default account passwords and verifying user and group assignments. Lock down system security by installing only required software and roles and disabling unnecessary services. Use security templates to apply or audit security settings on your system. Use Group Policy to deploy multiple settings to multiple machines in an Active Directory domain. Use Windows Updates and WSUS to automate patch management of your Windows system. Security+ Exam Objectives: 3.6 Analyze and differentiate among types of mitigation and deterrent techniques. o Hardening Disabling unnecessary services Protecting management interfaces and applications Password protection Disabling unnecessary accounts o Security posture Initial baseline configuration 4.2 Carry out appropriate procedures to establish host security. o Operating system security and settings o Patch management 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control o Trusted OS ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 124 Lecture Focus Questions: What is hardening? How does it benefit the security of an organization? How do you reduce the attack surface of a device? What is a security baseline? What is the difference between a hotfix and a patch? Why would you use one over the other? Video/Demo Time 8.3.1 Operating System Hardening 5:13 8.3.3 Hardening an Operating System 6:41 8.3.4 Managing Automatic Updates 18:31 8.3.6 Configuring Windows Firewall 10:11 8.3.8 Configuring Windows Firewall Advanced Features 16:59 8.3.9 Configuring Parent Controls 18:21 Total 75:56 Lab/Activity Configure Automatic Updates Configure Windows Firewall Configure Parental Controls Number of Exam Questions 8 questions Total Time About 105 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 125 Section 8.4: Hardening Enforcement Summary This section discusses hardening enforcement using GPOs. Concepts covered include: The role of GPOs Using GPOs to perform specific hardening tasks Using the Security Configuration and Analysis snap-in Considerations when using GPOs Students will learn how to: Configure a GPO. Implement controls using a security template. Security+ Exam Objectives: 4.2 Carry out appropriate procedures to establish host security o Operating system security and settings 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control o Access control 5.3 Implement appropriate security controls when performing account management o Mitigates issues associated with users with multiple accounts/roles o Account policy enforcement Password complexity Expiration Recovery Length Disablement Lockout o Group based privileges Security Pro Exam Objectives: 6.1 Harden Computer Systems Against Attack o Configure a GPO to enforce Workstation/Server security settings o Configure Domain Servers GPO to remove unneeded services (such as File and Printer Sharing) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 126 Lecture Focus Questions: How do GPOs ensure the consistent application of controls? Which hardening tasks can be implemented using a GPO? How can you determine that the security controls implemented are still enforced? What are security templates and how are they used? What is the easiest way to set controls on a Windows system according the NSA recommendation? Video/Demo Time 8.4.1 Hardening Enforcement with GPOs 1:50 8.4.2 Using Security Templates and Group Policy 6:53 8.4.3 Configuring GPOs to Enforce Security Total 15:24 24:07 Lab/Activity Manage Services with Group Policy Number of Exam Questions 4 questions Total Time About 35 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 127 Section 8.5: File Server Security Summary This section examines managing file server security. Details include: Considerations when managing file system security Considerations for securing file transfer using the following TCP/IP protocols: o File Transfer Protocol (FTP) o Trivial File Transfer Protocol (TFTP) o Secure Copy Protocol (SCP) o Secure Shell File Transfer Protocol (SFTP) o Secure FTP o FTP Secure (FTPS) File Server Resource Manager (FSRM) Managing file system permissions: o Share permissions o NTFS permissions o Effective permissions Students will learn how to: Configure the NTFS permissions by turning off the permissions inheritance. Assign NTFS permission for a folder to the appropriate group. Security+ Exam Objectives: 1.2 Apply and implement secure network administration principles o Implicit deny 1.4 Implement and use common protocols o TCP/IP o FTPS o SFTP o SCP 2.2 Carry out appropriate risk mitigation strategies o Implement security controls based on risk o User rights and permissions reviews 5.2 Explain the fundamental concepts of and best practices related to authentication, authorization, and access control o ACLs o Access control 5.3 Implement appropriate security controls when performing account management o Group based privileges ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 128 o User assigned privileges SSCP exam objectives: 1.4 Apply Access Control Concepts (e.g., least privilege, and separation of duties) o Discretionary Access Control (DAC) o Non-discretionary Access Control Security Pro exam objectives: 8.2 Protect Data Transmissions across open, public networks o Implement secure protocols Lecture Focus Questions: How can you identify if a permission has been inherited? How do Share and NTFS permissions differ? On what elements can NTFS permissions be set? How can you view the users that have permissions for a particular drive? How can permissions inheritance influence the effective permissions that a user has? How can you determine if a permission is inherited or specifically assigned? As the administrator, you have given Fred the write permission to the SalesReport file, but he cannot write to the file. What items would you check to determine why Fred can't write to the file? Video/Demo Time 8.5.1 File Server Security 7:58 8.5.2 Scanning for Open Ports 3:52 8.5.5 Configuring NTFS Permissions Total 16:41 28:31 Lab/Activity Configure NTFS Permissions Number of Exam Questions 8 questions Total Time About 50 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 129 Section 8.6: Linux Host Security Summary In this section students will learn the basics of securing a Linux host. General procedures and the commands to perform them include: Removing unneeded software Checking for unneeded network services Locating open ports Checking network connections Students will learn how to: Scan for open ports on Linux. Identify open network connections on Linux. Security+ Exam Objectives: 1.2 Apply and implement secure network administration principles o Port Security 2.2 Carry out appropriate risk mitigation strategies o Implement security controls based on risk o Implement policies and procedures to prevent data loss or theft 3.6 Analyze and differentiate among types of mitigation and deterrent techniques o Hardening Disabling unnecessary services SSCP Exam Objectives: 4.2 Perform Security Assessment Activities o Scan for vulnerabilities o Review security configurations of infrastructure Lecture Focus Questions: What is a socket? Which utility will scan for all listening and non-listening sockets? Which utility will identify open ports on the Linux system? Which commands should you use to disable unneeded daemons? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 130 Video/Demo ` Time 8.6.1 Linux Host Security 7:10 8.6.2 Removing Unneeded Services and Scanning Ports 6:29 Total 13:39 Number of Exam Questions 4 questions Total Time About 20 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 131 Section 9.1: Web Application Attacks Summary This section discusses the following Web application attacks: Drive-by download Buffer overflow Cross-site scripting (XSS) Cross-site Request Forgery (CSRF/XSRF) LDAP injection XML injection Command injection SQL injection DLL injection Directory traversal Header manipulation Zero day Client-side Students will learn how to: Improve security by using a Firefox add-on, NoScript, to protect against XSS and drive-by-downloadings. Configure pop-up blockers to block or allow pop-ups. Implement phishing protection within the browser. Configure Internet Explorer Enhanced Security Configuration security settings to manage the security levels of security zones. Security+ Exam Objectives: 2.2 Carry out appropriate risk mitigation strategies o Implement security controls based on risk o Implement policies and procedures to prevent data loss or theft 2.4 Explain the importance of security related awareness and training o Threat awareness Zero days exploits 3.2 Analyze and differentiate among types of attacks o Client-side attacks 3.5 Analyze and differentiate among types of application attacks o Cross-site scripting o SQL injection o LDAP injection o XML injection o Directory traversal/command injection o Buffer overflow ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 132 o Zero day o Cookies and attachments o Malicious add-ons o Session hijacking o Header manipulation 4.1 Explain the importance of application security o Cross-site scripting prevention o Cross-site Request Forgery (XSRF) prevention 4.2 Carry out appropriate procedures to establish host security o Pop-up blockers SSCP Exam Objectives: 7.1 Identify Malicious Code (e.g., virus, worms, Trojan horses, logic bombs) o Understand the concepts of Mobile Code 7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data theft, DDoS, spoofing, phishing, pharming, spam) o Understand malicious web activity (e.g., cross site scripting, cross site request forgery, injection, social networking attacks) o Understand the concept of zero day exploits o Understand the concept of Advanced Persistent Threat (APT) 7.4 Implement Malicious Activity Countermeasures (e.g., user awareness, system hardening) Lecture Focus Questions: What are two ways that drive-by download attacks occur? What countermeasures can be used to eliminate buffer overflow attacks? How can cross-site scripting (XSS) be used to breach the security of a Web user? What is the best method to prevent SQL injection attacks? What mitigation practices will help to protect Internet-based activities from Web application attacks? Video/Demo 9.1.1 Web Application Attacks Time 2:49 9.1.2 Cross-site Request Forgery (XSRF) Attack 10:51 9.1.3 Injection Attacks 14:30 9.1.4 Header Manipulation 9:01 9.1.5 Zero Day Application Attacks 6:59 ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 133 9.1.6 Client Side Attacks 6:22 9.1.8 Preventing Cross-site Scripting 4:05 Total 54:37 Number of Exam Questions 12 questions Total Time About 70 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 134 Section 9.2: Internet Browsers Summary This section provides information about configuring internet browsers to enhance the privacy and security of a system. Concepts covered include: Indications of an unsecured connection or attack Configuring security settings in Internet Explorer: o Zones o Add-ons o Privacy Students will learn how to: Customize security levels and security settings for security zones in Internet Explorer. Download and manage add-ons in Internet Explorer. Protect privacy by configuring cookie handling. Clear the browser cache. Security+ Exam Objectives: 3.5 Analyze and differentiate among types of application attacks o Cookies and attachments o Malicious add-ons Lecture Focus Questions: What types of information do cookies store? Why could this be a security concern? What steps should you take to secure the browser from add-ons that are not appropriate for your environment? For security's sake, what should you do whenever you use a public computer to access the Internet and retrieve personal data? What elements might indicate an unsecured connection or an attack? Why should you turn off the remember search and form history feature? Video/Demo 9.2.1 Managing Security Zones and Add-ons 9.2.2 Configuring IE Enhanced Security 9.2.3 Managing Cookies 9.2.5 Clearing the Browser Cache ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro Time 20:26 9:11 12:38 9:28 135 9.2.7 Implementing Popup Blockers 7:26 9.2.10 Enforcing IE Settings through GPO 8:38 Total 67:47 Lab/Activity Configure Cookie Handling Clear the Browser Cache Configure IE Popup Blocker Enforce IE Settings through GPO Number of Exam Questions 6 questions Total Time About 100 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 136 Section 9.3: E-mail Summary This section discusses how to secure e-mail from attacks. Details include: E-mail attacks: o Virus o Spam o Open SMTP relay o Phishing To secure email use: o Secure/Multipurpose Internet Mail Extensions (S/MIME) o Pretty Good Privacy (PGP) Students will learn how to: Filter junk mail by selecting the level of junk e-mail protection you want. Control spam on the client by configuring safe sender, blocked senders, white lists, and black lists. Configure e-mail filtering to block e-mails from specified countries and languages. Configure relay restrictions to specify who can relay through the SMTP server. Security+ Exam Objectives: 3.2 Analyze and differentiate among types of attacks o Spam o Phishing 6.2 Use and apply appropriate cryptographic tools and products o PGP/GPG SSCP Exam Objectives: 5.4 Understand the use of Secure Protocols (e.g., difference in implementation, appropriate use) o Support the implementation of secure protocols (e.g., IPSec, SSL/TLS, S/MIME) 7.1 Identify Malicious Code (e.g., virus, worms, Trojan horses, logic bombs) 7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data theft, DDoS, spoofing, phishing, pharming, spam) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 137 Security Pro Exam Objectives: 2.1 Promote Information Security Awareness o Utilizing E-mail best practices 3.2 Harden mobile devices (iPad) o Configure Secure e-Mail Settings Lecture Focus Questions: What are the advantages of scanning for e-mail viruses at the server instead of at the client? How can spam cause denial of service? What is a best practice when configuring an SMTP relay to prevent spammers from using your mail server to send mail? How can you protect yourself against phishing attacks? What services do S/MIME and PGP provide for e-mail? How does S/MIME differ from PGP? Video/Demo 9.3.1 E-mail Security 9.3.3 Protecting a client from Spam Time 4:43 10:29 9.3.4 Securing an E-mail Server 2:45 9.3.6 Securing E-mail on iPad 5:52 Total 23:49 Lab/Activity Configure E-mail Filters Secure E-mail on iPad Number of Exam Questions 6 questions Total Time About 45 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 138 Section 9.4: Network Applications Summary This section provides information about security concerns for the following networking software: Peer-to-peer (P2P) Instant Messaging (IM) Students will learn how to: Set up content filters for downloading or uploading copyrighted materials. Use P2P file sharing programs to search for and share free files. Block ports used by P2P software. Secure instant messaging by blocking invitations from unknown persons. Security+ Exam Objectives: 2.4 Explain the importance of security related awareness and training o Use of social networking and P2P 3.2 Analyze and differentiate among types of attacks o Spim 4.2 Carry out appropriate procedures to establish host security o Operating system security and settings o Anti-malware Anti-spam SSCP Exam Objectives: 7.2 Implement malicious code countermeasures o Deploy and manage anti-malware Lecture Focus Questions: What kinds of security problems might you have with P2P software? What types of malware are commonly spread through instant messaging (IM)? What security concerns should you be aware of with instant messaging software? What security measures should you incorporate to control the use of networking software? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 139 Video/Demo Time 9.4.1Network Application Security 2:19 9.4.2 Spim 3:43 9.4.4 Using Peer-to-peer Software 3:04 9.4.5 Securing Windows Messenger 2:48 Total 20:58 Number of Exam Questions 3 questions Total Time About 25 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 140 Section 9.5: Virtualization Summary This section provides information about virtualization. Concepts covered include: Components of virtualization: o Physical machine o Virtual machine o Virtual Hard Disk (VHD) o Hypervisor Advantages of virtualization: o Networked o Server consolidation o Isolation o Applications virtualization Disadvantages of virtualization Security considerations for a virtual machine Load Balancing methods with virtualization include: o Resource pooling o Workload balancing Students will learn how to: Create and configure a new virtual machine. Configure the virtual machine by allocating resources for memory and a virtual hard disk. Create a virtual network and configure it as an external, internal, or private virtual network. Security+ Exam Objectives: 1.1 Explain the security function and purpose of network devices and technologies o Load Balancers 1.3 Distinguish and differentiate network design elements and compounds o Virtualization 2.1 Risks associated to Cloud Computing and Virtualization 4.2 Carry out appropriate procedures to establish host security o Virtualization ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 141 SSCP Exam Objectives: 1.7 Understand basic security concepts related to cloud computing (e.g., virtualization, data control, storage, privacy, compliance) 2.7 Understand the concepts of endpoint device security (e.g., virtualization, thin clients, thick clients, USB devices, mobile devices) Lecture Focus Questions: What is the relationship between the host and the guest operating systems? What is the function of the hypervisor? How can virtualization be used to increase the security on a system? What are the advantages of virtualization? Disadvantages? What is the purpose of load balancing? What type of load balancing distributes a workload? Video/Demo Time 9.5.1 Virtualization Introduction 4:01 9.5.2 Virtualization Benefits 3:08 9.5.3 Load Balancing and Virtualization 10:39 9.5.5 Managing Virtual Machines 20:37 Total 38:25 Number of Exam Questions 5 questions Total Time About 50 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 142 Section 9.6: Application Development Summary This section discusses hardening applications. Concepts covered include: Secure coding concepts: o Error and exception handling o Input validation Basic hardening guidelines for applications Techniques used for application hardening: o Block process spawning o Control access to executable files o Protect OS components o Use exception rules o Monitor logs o Use Data Execution Prevention o Implement third-party applications hardening tools Students will learn how to: Use AppArmor to harden a Linux system. Implement application whitelisting with AppLocker. Security+ Exam Objectives: 3.6 Analyze and differentiate among types of mitigation and deterrent techniques o Hardening Protecting management interfaces and applications 4.1 Explain the importance of application security o Fuzzing o Secure coding concepts Error and exception handling Input validation o Application configuration baseline (proper settings) o Application hardening o Application patch management Security Pro Exam Objectives: 7.1 Implement Application Defenses o Configure a GPO for Application Whitelisting o Enable Data Execution Prevention (DEP) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 143 Lecture Focus Questions: What is the purpose of fuzzing? What will input validation ensure? What are the basic techniques for application hardening? When should you update applications with the latest patches? Video/Demo Time 9.6.1 Secure Coding Concepts 16:18 9.6.2 Application Hardening 11:02 9.6.4 Hardening Applications on Linux 9.6.5 Implementing Application Whitelisting with AppLocker 9.6.7 Implementing Data Execution Preventions (DEP) Total 4:26 13:03 4:01 48:50 Lab/Activity Implement Application Whitelisting with AppLocker Implement Data Execution Preventions (DEP) Number of Exam Questions 2 questions Total Time About 65 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 144 Section 10.1: Redundancy Summary In this section students will explore methods for providing redundancy for network services. Details about the following concepts will be covered: Types of redundancy solutions: o Hot site o Warm site o Cold site The role of a service bureau Important facts about redundant facilities Redundancy measurement parameters: o Recovery Time Objective (RTO) o Recovery Point Objective (RPO) o Mean Time Between Failures (MTBF) o Mean Time to Repair (MTTR) o Maximum Tolerable Downtime (MTD) Common RAID levels: o RAID 0 (striping) o RAID 5 (striping with distributed parity) o RAID 1 (mirroring) o RAID 0+1 o RAID 1+0 The role of clustering A high availability cluster (HA) A load balancing cluster Students will learn how to: Configure a mirrored or a RAID 5 volume for data redundancy. Security+ Exam Objectives: 2.7 Execute disaster recovery plans and procedures o Redundancy and fault tolerance Hardware RAID Clustering Load balancing Servers o High availability o Cold site, hot site, warm site o Mean time to restore, mean time between failures, recovery time objectives and recovery point objectives ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 145 SSCP Exam Objectives: 4.1 Understand Risk Management Process o Support mitigation activity (e.g., safeguards, countermeasures) Security Pro Exam Objectives: 8.1 Protect and maintain the integrity of data files o Implement redundancy and failover mechanisms Lecture Focus Questions: What is the usual activation goal time for a hot site? How does that differ from a warm site? Why is a hot site so much more expensive to operate than a warm site? Why is it important that two companies with a reciprocal agreement should not be located too closely to each other? Of the three redundancy solutions, which is the most common redundant site type? Why is it the most common? Which functions should be returned first when returning services from the backup facility back to the primary facility? Why should you locate redundant sites at least 25 miles from the primary site? What is the main advantage of RAID 0? Disadvantage? What is the difference between RAID 0+1 and RAID 1+0? Video/Demo Time 10.1.1 Redundancy 4:55 10.1.2 Redundancy Measurement Parameters 5:12 10.1.4 RAID 7:27 10.1.5 Implementing RAID 5:22 10.1.8 Clustering 9:06 Total 32:02 Lab/Activity Configure Fault Tolerant Volumes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 146 Number of Exam Questions 15 questions Total Time About 65 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 147 Section 10.2: Backup and Restore Summary This section covers the following details about backup and restore. Types of backups: o Full o Incremental o Differential o Image o Copy o Daily Backup strategies: o Full Backup o Full + Incremental o Full + Differential Considerations when managing backups Backup media rotation systems: o Grandfather Father Son (GFS) o Tower of Hanoi o Round Robin Types of data that can be backed up: o System state data o Application data o User data Students will learn how to: Back up a Windows system. Schedule automatic backups for Windows computers. Security+ Exam Objectives: 2.7 Execute disaster recovery plans and procedures o Backups / backout contingency plans or policies o Backups, execution and frequency SSCP Exam Objectives: 2.8 Comply with data management policies (e.g., storage media (paper or electronic), transmission archiving, retention requirements, destruction, duplication, data lost prevention, social network usage, information rights management (IRM)) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 148 Security Pro Exam Objectives: 8.1 Protect and maintain the integrity of data files o Perform data backups and recovery Lecture Focus Questions: How is an incremental backup different than a differential backup? When is the archive bit set? Which backup types reset the archive bit? What is the advantage of the Full + Incremental backup strategy? What is the disadvantage? Why should backup tapes be stored offsite? What are common types of backup media rotation systems used to provide protection to adequately restore data? How do you back up Active Directory? What should you regularly do to make sure your backup strategy is working properly? Video/Demo 10.2.1 Backup and Restore 10.2.4 Performing System Backups Total Time 13:27 7:22 20:49 Lab/Activity Schedule an Automatic Backup Number of Exam Questions 15 questions Total Time About 45 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 149 Section 10.3: File Encryption Summary In this section students will learn about the following file encryption programs: Encrypting File System (EFS) GNU Privacy Guard (GPG) and Pretty Good Privacy (PGP) Whole disk encryption (BitLocker) Students will learn how to: Encrypt a file to secure data using EFS. Authorize additional users who can access files encrypted with EFS. Encrypt a file using GPG. Protect hard drive contents with BitLocker. Configure settings to control BitLocker using Group Policy. Security+ Exam Objectives: 4.3 Explain the importance of data security o Data encryption Full disk Database Individual files 6.2 Use and apply appropriate cryptographic tools and products o PGP/GPG o Whole disk encryption Security Pro Exam Objectives: 8.1 Protect and maintain the integrity of data files o Implement encryption technologies Lecture Focus Questions: On which computers should you implement EFS? What is the FEK? How is it used? Under what conditions can EFS encryption be compromised? What happens when an EFS encrypted file is copied over the network using the SMB protocol? Once a system encrypted with Bitlocker boots, who is able to access files? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 150 Video/Demo Time 10.3.1 Encrypting File System (EFS) 11:47 10.3.2 Securing Files using EFS 11:45 10.3.4 PGP and GPG 4:34 10.3.5 Encrypting Files with GPG 4:58 10.3.6 BitLocker and Database Encryption 10.3.7 Configuring BitLocker Total 13:02 6:17 52:23 Lab/Activity Encrypt Files with EFS Configure BitLocker with a TPM Number of Exam Questions 6 questions Total Time About 75 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 151 Section 10.4: Secure Protocols Summary This section discusses secure protocols. Details include: Types of secure protocols: o Secure Sockets Layer (SSL) o Transport Layer Security (TLS) o Secure Shell (SSH) Protocols to secure HTTP: o HTTPS o S-HTTP IPSec includes two protocols: o Authentication Header (AH) o Encapsulating Security Payload (ESP) Modes of operation that can be implemented with IPSec: o Transport mode o Tunnel mode Security Association (SA) Internet Key Exchange (IKE) Students will learn how to: Add SSL bindings to a Web site to support secure connections. Modify Web site settings to require SSL. Use SSL from a browser to create a secure connection. Enforce the use of IPSec through Connection Security Rules. Security+ Exam Objectives: 1.4 Implement and use common protocols o IPSec o SSH o TLS o SSL o HTTPS 6.2 Use and apply appropriate cryptographic tools and products o Use of algorithms with transport encryption SSL TLS IPSec SSH HTTPS ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 152 SSCP Exam Objectives: 5.2 Understand the use of Secure Protocols (e.g., difference in implementation, appropriate use) o Support the implementation of secure protocols (e.g., IPSec, SSL/TLS, S/MIME) Security Pro Exam Objectives: 2.1 Promote Information Security Awareness o Using SSL Encryption Lecture Focus Questions: How does SSL verify authentication credentials? What protocol is the successor to SSL 3.0? How can you tell that a session with a Web server is using SSL? What is the difference between HTTPS and S-HTTP? What does it mean when HTTPS is referenced as being stateful? What is the difference between IPSec tunnel mode and transport mode? Video/Demo 10.4.1 Secure Protocols 10.4.3 Secure Protocols 2 Time 8:44 15:26 10.4.4 Adding SSL to a Web Site 5:23 10.4.6 IPSec 5:14 10.4.8 Requiring IPSec for Communications Total 14:22 49:09 Lab/Activity Allow SSL Connections Number of Exam Questions 15 questions Total Time About 75 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 153 Section 10.5: Cloud Computing Summary This section provides students with an overview of cloud computing. Concepts covered include: The role of cloud computing The advantages of cloud computing Cloud computing service models: o Infrastructure as a Service (IaaS) o Platform as a Service (PaaS) o Software as a Service (SaaS) Ways that cloud computing service providers reduce the risk of security breaches Security+ Exam Objectives: 1.3 Distinguish and differentiate network design elements and compounds o Cloud Computing Platform as a Service Software as a Service Infrastructure as a Service 2.1 Explain risk related concepts o Risks associated to Cloud Computing and Virtualization 4.3 Explain the importance of data security o Cloud computing SSCP Exam Objectives: 1.7 Understand basic security concepts related to cloud computing (e.g., virtualization, data control, storage, privacy, compliance) Lecture Focus Questions: What are the advantages of cloud computing? Which cloud computing service model delivers software applications to the client? What is the difference between Infrastructure as a Service and Platform as a Service? How does the cloud computing service reduce the risk of security breaches? ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 154 Video/Demo 10.5.1 Cloud Computing Introduction 10.5.2 Cloud Computing Security Issues Total Time 15:59 6:32 22:31 Number of Exam Questions 3 questions Total Time About 30 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 155 Section 11.1: Vulnerability Assessment Summary This section provides information about using vulnerability assessment to identify the vulnerabilities in a system or network. Tools to monitor vulnerability include: Vulnerability scanner Ping scanner Port Scanner Network mapper Password cracker Open Vulnerability and Assessment Language (OVAL) Students will learn how to: Scan a network with a vulnerability scanner, such as Nessus or MBSA, to identify risk factors. Download the latest security update information before starting a vulnerability scan. View security scan reports and identify vulnerabilities. Perform a port scan using nmap on a single machine. Use a password cracker to analyze a network for password vulnerabilities. Security+ Exam Objectives: 3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities o Vulnerability scanning and interpret results o Tools Protocol analyzer Vulnerability scanner Port scanner o Risk calculations Threat vs. likelihood 3.8 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning o Vulnerability scanning Passively testing security controls Identify vulnerability Identify lack of security controls Identify common misconfiguration SSCP Exam Objectives: 4.2 Perform Security Assessment Activities ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 156 o Scan for vulnerabilities o Interpret results of scanning and testing Security Pro Exam Objectives: 9.4 Review vulnerability reports, implement remediation Lecture Focus Questions: Why should an administrator perform a vulnerability assessment on the system? What is the most important step to perform before running a vulnerability scan? Why? How does a port scanner identify devices with ports that are in a listening state? How do network mappers discover devices and identify open ports on those devices? What types of items does OVAL identify as a definition? Video/Demo 11.1.1 Vulnerability Assessment Time 4:54 11.1.3 Scanning a Network and Nessus 18:26 11.1.4 Scanning a Network with Retina 12:12 11.1.5 Scanning for Vulnerabilities Using MBSA 6:02 11.1.9 Performing Port and Ping Scans 2:36 11.1.10 Checking for Weak Passwords 9:21 Total 53:31 Lab/Activity Review a Vulnerability Scan 1 Review a Vulnerability Scan 2 Review a Vulnerability Scan 3 Number of Exam Questions 12 questions Total Time About 85 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 157 Section 11.2: Penetration Testing Summary This section discusses penetration testing. Details include: Steps included in the penetration testing process: o Verifying that a threat exists o Bypassing security controls o Actively testing security controls o Exploiting vulnerabilities Defining the Rules of Engagement (ROE) Types of penetration testing: o Physical penetration o Operations penetration o Electronic penetration Classifications of penetration testing: o Zero knowledge test (black box test) o Full knowledge test (white box test) o Partial knowledge test (grey box test) o Single blind test o Double blind test The Open Source Security Testing Methodology Manual (OSSTMM) Students will learn how to: Identify available penetration testing tools that can be used to analyze the security of a network. Utilize penetration testing tools to identify vulnerabilities in information systems. Verify the distribution of a security tool to ensure its integrity. Security+ Exam Objectives: 3.8 Within the realm of vulnerability assessments, explain the proper use of penetration testing verses vulnerability scanning o Penetration testing Verify a threat exists Bypass security controls Actively test security controls Exploiting vulnerabilities o Black box o White box o Gray box ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 158 SSCP Exam Objectives: 4.2 Perform Security Assessment Activities o Participate in penetration testing o Interpret results of scanning and testing Lecture Focus Questions: What is the main goal of penetration testing? What type of tools or methods does a penetration test use? Why should you be careful in the methods you deploy? What should you do first before performing a penetration test? How does a penetration test differ from a vulnerability assessment or scan? What types of details do the Rules of Engagement identify? What types of actions might a tester perform when attempting a physical penetration? What security function does the Open Source Security Testing Methodology Manual (OSSTMM) provide? Video/Demo 11.2.1 Penetration Testing Time 2:32 11.2.3 Exploring Penetration Testing Tools 11:22 Total 13:54 Number of Exam Questions 9 questions Total Time About 25 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 159 Section 11.3: Protocol Analyzers Summary In this section students will learn about the role of protocol analyzers. Concepts covered include: Other names for protocol analyzers: o Packet sniffers o Packet analyzers o Network analyzers o Network sniffers o Network scanners Use a protocol analyzer to: o Monitor and log network traffic o Check for specific protocols on the network o Identify frames that might cause errors o Examine the data contained within a packet o Analyze network performance o Troubleshoot communication problems or investigate the source of heavy network traffic Using a packet sniffer requires the following configuration changes o Configure the NIC in promiscuous mode (sometimes called pmode) o Configure port mirroring on the switch Filtering frames when using a protocol analyzer Protocol tools can be used with protocol analyzers for active interception of network traffic to perform attacks Common protocol analyzers include: o Wireshark o Ethereal o dSniff o Ettercap o Tcpdump o Microsoft Network Monitor Students will learn how to: Capture and analyze packets to troubleshoot a network using Wireshark. Security+ Exam Objectives: 1.1 Explain the security function and purpose of network devices and technologies o Protocol analyzers o Sniffers ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 160 3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities o Vulnerability scanning and interpret results o Tools Protocol analyzer Sniffer Lecture Focus Questions: What types of information can a protocol analyzer provide? When using a protocol analyzer, why is it necessary to configure the NIC in promiscuous mode? When running a protocol analyzer on a switch, how does port mirroring work? What are some common protocol analyzers? Video/Demo Time 11.3.1 Protocol Analyzers 3:07 11.3.3 Analyzing Network Traffic 6:50 Total 9:57 Number of Exam Questions 8 questions Total Time About 20 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 161 Section 11.4: Logs and Audits Summary This section discusses information about logs and audits. Details include: Types of events a log should include: o Internet connection o System level o Application level o User level o Access o Performance o Firewall The operating system audit subsystem provides the mechanism whereby system events are monitored and logged: o Kernel o Device driver o Daemon o Manager interface o Data analysis and reduction Considerations when setting up a log archive: o Retention Policies o System requirements o Security Students will learn how to: Use Event Viewer to troubleshoot a system by viewing details of a logged event. Manage logging by saving or clearing logs, configuring filtering of logs, or attaching a task to a log or event. Identify operating system activities, warnings, informational messages, and error messages using system logs. Configure the audit logon events policy to audit the failure of a logon attempt. View and evaluate the recorded logs under Security in Event Viewer. Security+ Exam Objectives: 1.2 Apply and implement secure network administration principles o Log analysis 2.2 Carry out appropriate risk mitigation strategies o Perform routine audits 3.6 Analyze and differentiate among types of mitigation and deterrent techniques ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 162 o Monitoring system logs Event logs Audit logs Security logs Access logs SSCP Exam Objectives: 3.1 Maintain Effective Monitoring Systems (e.g., continuous monitoring) o Review systems for unauthorized changes (i.e., file integrity checkers, honeypots, unauthorized connections) o Monitor deviations from normal activity (e.g., white lists, anomaly detection, profiling) o Install and configure agents and management systems 3.2 Analyze Monitoring Results (e.g., review and analysis of log and reports, false positives, communicate findings) Security Pro Exam Objectives: 9.1 Implement Logging and Auditing 9.2 Review security logs and violation reports, implement remediation 9.3 Review audit reports, implement remediation 9.4 Review vulnerability reports, implement remediation Lecture Focus Questions: How does logging affect system resources? What factors should you take into consideration when archiving log files? How can you protect log files from access and modification attacks? What types of information are included in events recorded in logs? When would you choose an external auditor over an internal auditor? How can escalation auditing help to secure the system? Video/Demo Time 11.4.1 Logs 3:24 10.4.3 Logging Events with Event Viewer 3:52 10.4.4 Audits 3:13 10.4.6 Auditing the Windows Security Log 10.4.8 Auditing Device Logs Total ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 11:41 7:01 29:11 163 Lab/Activity Configure Advanced Audit Policy Enable Device Logs Number of Exam Questions 15 questions Total Time About 65 minutes ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 164 Security Pro Practice Exams Summary This section provides information to help prepare students to take the Security Pro Certification exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 5-10 minutes (depending upon the complexity and their level of knowledge) to complete each simulation question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. Security Pro Domain 1: Access Control and Identity Management (21 simulation questions) Security Pro Domain 2: Policies, Procedures, Awareness (1 simulation question) Security Pro Domain 3: Physical Security (3 simulation questions) Security Pro Domain 4: Perimeter Defenses (9 simulation questions) Security Pro Domain 5: Network Defenses (7 simulation questions) Security Pro Domain 6: Host Defenses (7 simulation questions) Security Pro Domain 7: Application Defenses (8 simulation questions) Security Pro Domain 8: Data Defenses (5 simulation questions) Security Pro Domain 9: Audits and Assessments (5 simulation questions) The Security Pro Certification Practice Exam consists of 15 simulation questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 90 minutes. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 165 Security+ Practice Exams Summary This section provides information to help prepare students to take the Security+ exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. Security+ Domain 1: Network Security (153 questions) Security+ Domain 2: Compliance and Operational Security (122 questions) Security+ Domain 3: Threats and Vulnerabilities (142 questions) Security+ Domain 4: Application, Data and Host Security (30 questions) Security+ Domain 5: Access Control and Identity Management (85 questions) Security+ Domain 6: Cryptography (88 questions) The Security+ Certification Practice Exam consists of 100 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 90 minutes. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 166 SSCP Practice Exams Summary This section provides information to help prepare students to take the SSCP exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. SSCP Domain 1: Access Control (58 questions) SSCP Domain 2: Security Operations & Administration (64 questions) SSCP Domain 3: Monitoring and Analysis (22 questions) SSCP Domain 4: Risk, Response, and Recovery (42 questions) SSCP Domain 5: Cryptography (90 questions) SSCP Domain 6: Networks and Communications (87 questions) SSCP Domain 7: Malicious Code and Attacks (87 questions) The SSCP Certification Practice Exam consists of 125 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 3 hours. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 167 Appendix A: Approximate Time for the Course The total time for the LabSim Security Pro course is approximately 85 hours and 5 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements: Video/demo times Approximate time to read the text lesson (the length of each text lesson is taken into consideration) Simulations (5 minutes assigned per simulation) Questions (1 minute per question) The breakdown for this course is as follows: Module Sections Time Total HR:MM 70 25 95 1:35 30 55 25 20 75 100 25 30 100 40 65 20 585 9:45 45 35 40 25 65 40 250 4:10 1.0 Introduction 1.1 Security Overview 1.2 Using the Simulator 2.0 Access Control and Identity Management 2.1 Access Control Models 2.2 Authentication 2.3 Authorization 2.4 Access Control Best Practices 2.5 Windows Domain Users and Groups 2.6 Linux Users and Groups 2.7 Linux User Security 2.8 Group Policy Overview 2.9 Hardening Authentication 2.10 Remote Access 2.11 Network Authentication 2.12 Identity Management 3.0 Cryptography 3.1 Cryptography 3.2 Hashing 3.3 Symmetric Encryption 3.4 Asymmetric Encryption 3.5 Public Key Infrastructure (PKI) 3.6 Cryptography Implementations ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 168 4.0 Policies, Procedures, and Awareness 4.1 Security Policies 4.2 Business Continuity 4.3 Risk Management 4.4 Incident Response 4.5 Social Engineering 4.6 Certification and Accreditation 4.7 Development 4.8 Employee Management 100 20 30 50 55 40 35 40 370 6:10 50 20 45 30 25 170 2:50 95 90 35 30 40 30 40 25 45 40 105 575 9:35 15 15 10 100 55 195 3:15 5.0 Physical Security 5.1 Physical Security 5.2 Hardware Security 5.3 Environmental Controls 5.4 Mobile Devices 5.5 Telephony 6.0 Networking 6.1 Networking Review 6.2 Perimeter Attacks 6.3 Security Appliances 6.4 Demilitarized Zones (DMZ) 6.5 Firewalls 6.6 Network Address Translation (NAT) 6.7 Virtual Private Networks (VPN) 6.8 Web Threat Protection 6.9 Network Access Control (NAC) 6.10 Wireless Attacks 6.11 Wireless Defenses 7.0 Network Defenses 7.1 Network Devices 7.2 Network Device Vulnerabilities 7.3 Switch Attacks 7.4 Router and Switch Security 7.5 Intrusion Detection and Prevention 8.0 Host Defenses 8.1 Malware 8.2 Password Attacks 8.3 Windows System Hardening 8.4 Hardening Enforcement ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 80 20 105 35 169 8.5 File Server Security 8.6 Linux Host Security 50 20 310 5:10 70 100 45 25 50 65 355 5:55 65 45 75 75 30 290 4:50 85 25 20 65 195 3:15 105 5 15 45 35 35 40 25 25 90 420 7:00 9.0 Application Defenses 9.1 Web Application Attacks 9.2 Internet Browsers 9.3 E-mail 9.4 Network Applications 9.5 Virtualization 9.6 Application Development 10.0 Data Defenses 10.1 Redundancy 10.2 Backup and Restore 10.3 File Encryption 10.4 Secure Protocols 10.5 Cloud Computing 11.0 Assessments and Audits 11.1 Vulnerability Assessment 11.2 Penetration Testing 11.3 Protocol Analyzers 11.4 Logs and Audits Security Pro Practice Exams Domain 1: Access Control and Identity Management (21 sims) Domain 2: Policies, Procedures, Awareness (1 sim) Domain 3: Physical Security (3 sims) Domain 4: Perimeter Defenses (9 sims) Domain 5: Network Defenses (7 sims) Domain 6: Host Defenses (7 sims) Domain 7: Application Defenses (8 sims) Domain 8: Data Defenses (5 sims) Domain 9: Audits and Assessments (5 sims) Security Pro Certification Practice Exam (15 sims) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 170 Security+ Practice Exams Domain 1: Network Security (153 questions) 153 Domain 2: Compliance and Operational Security (122 questions) 122 Domain 3: Threats and Vulnerabilities (142 questions) 142 Domain 4: Application, Data and Host Security (30 questions) 30 Domain 5: Access Control and Identity Management (85 questions) Domain 6: Cryptography (88 questions) 85 88 Security+ Certification Practice Exam (100 questions) 100 720 12:00 575 9:35 5105 85:05 SSCP Practice Exams Domain 1: Access Control (58 questions) Domain 2: Security Operations & Administration (64 questions) Domain 3: Monitoring and Analysis (22 questions) Domain 4: Risk, Response, and Recovery (42 questions) Domain 5: Cryptography (90 questions) Domain 6: Networks and Communications (87 questions) Domain 7: Malicious Code and Attacks (87 questions) SSCP Certification Practice Exam (125 questions) 58 64 22 42 90 87 87 125 Total Time ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 171 Appendix B: Security Pro Changes Instructors who have taught the previous LabSim Security+ version of this course may find the following information valuable. This report details all the changes that were made from the previous course such as: A new video, demo, simulation or text that has been created A video, demo or text that has been updated New questions that have been added to a section A new section that has been added to a module Section Title All 1.2 Using the Simulator 2.2 Authentication 2.5 Windows Domain Users and Groups 2.6 Linux Users and Groups 2.7 Linux User Security Index Simulations Videos Text 1.2.1 1.2.2 1.2.3 2.2.5 2.5.5 2.5.6 2.5.8 2.5.9 2.5.10 2.5.11 2.5.12 2.6.1 2.6.2 2.6.4 2.6.5 2.6.6 2.6.7 2.6.8 2.6.9 2.6.10 2.6.12 2.6.13 2.6.14 2.7.1 2.7.2 ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro Resource and Change Updated Environment – Increased Functionality Reformatted Re-themed – Updated for SSCP New Demo: Using the Simulator New Sim: Configure a Security Appliance New Sim: Install a Security Appliance Updated Demo: Using Single Sign-on New Demo: Creating User Accounts New Demo: Managing User Account Properties New Sim: Create User Accounts New Sim: Manage User Accounts New Demo: Managing Groups Updated Sim: Create a Group New Sim: Create Global Groups New Video: Linux User and Group Overview New Demo: Managing Linux Users New Sim: Create a User Account New Sim: Rename a User Account New Sim: Delete a User New Sim: Change Your Password New Sim: Change a User's Password New Sim: Lock and Unlock User Accounts New Video: Managing Linux Groups New Sim: Rename and Create Groups New Sim: Add Users to a Group New Sim: Remove a User from a Group New Video: Linux User Security and Restrictions New Demo: Configuring Linux User Security and Restrictions 172 2.9 Hardening Authentication 2.9.1 2.9.2 2.9.3 2.9.4 2.9.5 2.9.7 2.9.8 2.9.9 2.9.10 2.9.11 2.9.12 2.12 Identity Management 3.1 Cryptography 3.5 Public Key Infrastructure (PKI) 4.1 Security Policies 2.12.1 New Video: Hardening Authentication New Demo: Configuring User Account Restrictions New Demo: Configuring Account Policies and UAC Settings New Demo: Hardening User Accounts New Demo: Configuring Smart Card Authentication Updated Sim: Configure User Account Restrictions Updated Sim: Configure Account Policies New Sim: Restrict Local Accounts New Sim: Secure Default Accounts Updated Sim: Enforce User Account Control New Sim: Configure Smart Card Authentication New Video: Identity Management 3.1.3 3.5.3 Updated Video: Cryptographic Attacks Update Sim: Manage Certificates 4.1.7 4.1.9 4.1.10 4.5.5 4.6.1 4.6.2 4.7.1 4.7.2 4.8.1 New Demo: Wiping a Hard Drive New Video: Manageable Network Plan New Video: Manageable Network Plan 2 New Sim: Respond to Social Engineering Updated Video: Trusted Computing Updated Video: Certification and Accreditation Updated Video: System Development Life Cycle Updated Video: System Development Life Cycle 2 Updated Video: Employment Practices 5.1.1 5.1.4 5.2.2 5.4.2 5.4.4 5.5.1 6.3.6 6.3.7 Updated Video: Physical Security New Sim: Implement Physical Security New Demo: Breaking into a System New Demo: Securing Mobile Devices New Sim: Secure an iPad Updated Video: Telephony New Demo: Configuring Network Security Appliance Access New Sim: Configure Network Security Appliance Access New Video: Demilitarized Zones New Demo: Configuring a DMZ New Sim: Configure a DMZ New Demo: Configuring a Perimeter Firewall New Sim: Configure a Perimeter Firewall Updated Video: Network Address Translation New Demo: Configuring NAT New Demo: Configuring a VPN 4.5 Social Engineering 4.6 Certification and Accreditation 4.7 Development 4.8 Employee Management 5.1 Physical Security 5.2 Hardware Security 5.4 Mobile Devices 5.5 Telephony 6.3 Security Appliances 6.4 Demilitarized Zones (DMZ) 6.5 Firewalls 6.6 Network Address Translation (NAT) 6.7 Virtual Private 6.4.1 6.4.2 6.4.3 6.5.3 6.5.4 6.6.1 6.6.2 6.7.2 ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 173 Networks (VPN) 6.8 Web Threat Protection 6.9 Network Access Control (NAC) 6.10 Wireless Attacks 6.11 Wireless Defenses 7.2 Network Device Vulnerabilities 7.4 Router and Switch Security 7.5 Intrusion Detection and Prevention 8.1 Malware 8.3 Windows System Hardening 6.7.3 6.7.4 6.8.1 6.8.2 6.8.3 6.9.1 6.9.2 6.10.1 6.11.7 6.11.8 6.11.9 6.11.10 7.2.4 7.2.5 7.4.8 7.4.9 7.4.10 7.4.11 7.4.12 7.4.13 7.5.5 7.5.6 8.1.4 8.1.5 8.1.6 8.3.4 8.3.5 8.3.6 8.3.7 8.3.8 8.3.9 8.3.10 8.4 Hardening Enforcement 8.4.1 8.4.3 8.4.5 8.5 File Server Security 8.5.5 8.6 Linux Host 8.6.1 Security 8.6.2 9.2 Internet Browsers 9.2.1 9.2.2 9.2.3 9.2.5 ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro New Sim: Configure a Remote Access VPN New Sim: Configure a VPN Connection iPad New Video: Web Threat Protection New Demo: Configuring Web Threat Protection New Sim: Configure Web Threat Protection Updated Video: Network Access Protection Updated Demo: Implementing NAP with DHCP Enforcement New Video: Wireless Attacks New Demo: Configuring a Wireless Access Point Updated Demo: Configuring a Wireless Connection New Sim: Secure a Wireless Network New Sim: Secure a Wireless Network 2 New Demo: Securing a Switch New Sim: Secure a Switch New Demo: Configuring VLANs New Sim: Explore VLANs New Demo: Hardening a Switch New Sim: Harden a Switch New Sim: Secure Access to a Switch New Sim: Secure Access to a Switch 2 New Demo: Implementing Intrusion Prevention New Sim: Implement Intrusion Prevention Updated Demo: Implementing Malware Protections Updated Demo: Using Windows Defender Updated Sim: Configure Windows Defender Updated Demo: Managing Automatic Updates Updated Sim: Configure Automatic Updates Updated Demo: Configuring Windows Firewall Updated Sim: Configure Windows Firewall Updated Demo: Configuring Windows Firewall Adv Features Updated Demo: Configuring Parental Controls Updated Sim: Configure Parental Controls New Video: Hardening Enforcement with GPOs New Demo: Configuring GPOs to Enforce Security New Sim: Manage Services with Group Policy Updated Demo: Configuring NTFS Permissions New Video: Linux Host Security New Demo: Removing Unneeded Services and Scanning Ports Updated Demo: Managing Security Zones and Addons Updated Demo: Configuring IE Enhanced Security Updated Demo: Managing Cookies 174 9.2.7 9.2.10 9.2.11 9.3 E-mail 9.5 Virtualization 9.6 Application Development 10.2 Backup and Restore 10.3 File Encryption 10.4 Secure Protocols 9.3.3 9.3.5 9.3.6 9.3.7 9.5.5 9.6.5 9.6.6 9.6.7 9.6.8 10.2.1 10.2.4 10.2.5 10.3.1 10.3.2 10.3.7 10.3.8 10.4.1 10.4.2 10.4.8 11.1 Vulnerability Assessment 10.1.3 10.1.4 10.1.5 11.1.6 11.1.7 11.1.8 11.2 Penetration Testing 11.4 Logs and Audits 11.2.3 11.4.6 11.4.7 11.4.8 11.4.9 Security Pro Practice Exams Security+ Practice Exams ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro Updated Demo: Clearing the Browser Cache Updated Demo: Implementing Popup Blockers New Demo: Enforcing IE Settings through GPO New Sim: Enforce IE Settings through GPO Updated Demo: Protecting a Client from Spam New Sim: Configure E-mail Filters New Demo: Securing E-mail on iPad New Sim: Secure E-mail on iPad Updated Demo: Managing Virtual Machines New Demo: Implementing App Whitelisting with AppLocker New Sim: Implement Application Whitelisting with AppLocker New Demo: Implementing Data Execution Preventions (DEP) New Sim: Implement Data Execution Preventions (DEP) Updated Video: Backup and Restore Updated Demo: Performing System Backups Updated Sim: Schedule an Automatic Backup Updated Video: Encrypting File System (EFS) Updated Demo: Securing Files using EFS New Demo: Configuring BitLocker New Sim: Configure BitLocker with a TPM Updated Video: Secure Protocols Updated Video: Secure Protocols 2 Updated Demo: Requiring IPSec for Communications Updated Demo: Scanning a Network with Nessus New Demo: Scanning a Network with Retina Updated Demo: Scanning for Vulnerabilities Using MBSA New Sim: Review a Vulnerability Scan 1 New Sim: Review a Vulnerability Scan 2 New Sim: Review a Vulnerability Scan 3 Exploring Penetration Testing Tools Updated Demo: Auditing the Windows Security Log New Sim: Configure Advanced Audit Policy New Demo: Auditing Device Logs New Sim: Enable Device Logs 9 Domains: 66 Simulation questions Security Pro Certification Practice Exam: 15 Simulations 6 Domains: 620 Questions Security+ (SY0-301) Certification Practice Exam: 100 175 SSCP Practice Exams Questions 7 Domains: 450 Questions SSCP Certification Practice Exam: 125 Questions New: Feature was not in previous course – new feature Updated: Replaces previous feature - new version ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 176 The order of some sections has changed between the LabSim Security+ course and the TestOut Security Pro course. The following table maps these changes: Map of Course Content From the TestOut Security+ Course To the new TestOut Security Pro Course Security+ 0.1 Security Overview 0.2 Windows Networking 1.1 Access Control Models 1.2 Authentication 1.3 User Accounts and Passwords 1.4 Authorization 1.5 Physical Security 1.6 Access Control Best Practices 2.1 Cryptography 2.2 Hashing 2.3 Symmetric Encryption 2.4 Asymmetric Encryption 2.5 Public Key Infrastructure (PKI) 2.6 Cryptography Implementations 2.7 Secure Protocols 3.1 OSI Model Review 3.2 Protocols and Ports 3.3 IP Addressing 3.4 Network Devices 3.5 Network Authentication 3.6 Remote Access 3.7 RADIUS and TACACS+ 3.8 Wireless Networking 3.9 Cloud Computing 4.1 Reconnaissance 4.2 Denial of Service (DoS) 4.3 Session and Spoofing Attacks 4.4 DNS Attacks 4.5 Switch Attacks ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro Security Pro 1.1 Security Overview 2.5 Windows Domain Users and Groups 2.8 Group Policy Overview 2.1 Access Control Models 2.2 Authentication 2.9 Hardening Authentication 2.3 Authorization 5.1 Physical Security 2.4 Access Control Best Practices 3.1 Cryptography 3.2 Hashing 3.3 Symmetric Encryption 3.4 Asymmetric Encryption 3.5 Public Key Infrastructure (PKI) 3.6 Cryptography Implementations 10.4 Secure Protocols 6.1 Networking Review 6.1 Networking Review 6.1 Networking Review 7.1 Network Devices 2.11 Network Authentication 2.10 Remote Access 6.7 Virtual Private Networks (VPN) 2.10 Remote Access 6.11 Wireless Defenses 10.5 Cloud Computing 6.2 Perimeter Attacks 6.2 Perimeter Attacks 6.2 Perimeter Attacks 6.2 Perimeter Attacks 7.3 Switch Attacks 177 4.6 Wireless Attacks 4.7 Network Device Vulnerabilities 5.1 Firewalls 5.2 Security Zones 5.3 Intrusion Detection 5.4 Router and Switch Security 5.5 Security Solutions 5.6 Mobile Devices 5.7 Telephony 6.1 Malware 6.2 Password Attacks 6.3 Operating System Hardening 6.4 Hardware Security 6.5 File Security 7.1 Web Application Attacks 7.2 Internet Explorer 7.3 E-mail 7.4 Network Applications 7.5 Virtualization 7.6 Application Development 8.1 Security Policies 8.2 Business Continuity 8.3 Redundancy 8.4 Backup and Restore 8.5 Environmental Controls 8.6 Social Engineering 8.7 Incident Response 9.1 Risk Management 9.2 Vulnerability Assessment 9.3 Penetration Testing 9.4 Protocol Analyzers 9.5 Logs and Audits ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 6.10 Wireless Attacks 7.2:Network Device Vulnerabilities 6.5 Firewalls 6.3 Security Appliances 7.5 Intrusion Detection and Prevention 7.4 Router and Switch Security 6.3 Security Appliances 5.4 Mobile Devices 5.5 Telephony 8.1 Malware 8.2 Password Attacks 8.3 Windows System Hardening 5.2 Hardware Security 8.5 File Server Security 9.1 Web Application Attacks 9.2 Internet Browsers 9.3 E-mail 9.4 Network Applications 9.5 Virtualization 9.6 Application Development 4.1 Security Policies 4.2 Business Continuity 10.1 Redundancy 10.2 Backup and Restore 5.3 Environmental Controls 4.5 Social Engineering 4.4 Incident Response 4.3 Risk Management 11.1 Vulnerability Assessment 11.2 Penetration Testing 11.3 Protocol Analyzers 11.4 Logs and Audits 178 Appendix C: Security Pro Objectives The Security Pro certification exam (2012 edition) covers the following: # Domain 1.0 Access Control and Identity Management 1.1 Create, modify, and delete user profiles Module.Section 2.5, 2.6, 2.8, 2.11 8.4 Manage Windows Domain Users and Groups o Create, rename, and delete users and groups o Assign users to appropriate groups o Lock and unlock user accounts o Change a user's password Manage Linux Users and Groups o Create, rename, and delete users and groups o Assign users to appropriate groups o Lock and unlock user accounts o Change a user's password o Configure password aging Manage Windows Local Users and Groups o Restrict use of local user accounts Restrict use of common access accounts 1.2 Harden authentication Configure Domain GPO Account Policy to enforce a robust password policy Configure the Domain GPO to control local administrator group membership and Administrator password Disable or rename default accounts such as Guest and Administrator Configure the Domain GPO to enforce User Account Control Configure a GPO for Smart Card authentication for sensitive resources Configure secure Remote Access Implement centralized authentication 1.3 Manage Certificates 2.2, 2.8, 2.9, 2.10, 2.11, 2.12 7.2 8.4 2.2, 2.5, 2.11 3.1, 3.5 Approve, deny, and revoke certificate requests Configure Domain GPO Kerberos Settings ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 179 2.0 Policies, Procedures, and Awareness 2.1 Promote Information Security Awareness Traveling with Personal Mobile Devices Exchanging content between Home and Work Storing of Personal Information on the Internet Using Social Networking Sites Using SSL Encryption Utilizing E-mail best practices Password Management Photo/GPS Integration Information Security 2.2 Evaluate Information Risk 2.9 4.1, 4.8 5.4 8.2 9.3 10.4 4.3 10.5 Perform Risk calculation Risk avoidance, transference, acceptance, mitigation, and deterrence 2.3 Maintain Hardware and Software Inventory 3.0 Physical Security 3.1 Harden Data Center Physical Access 4.2, 4.8 10.1 4.5 5.1 Implement Access Rosters Utilize Visitor Identification and control Protect Doors and Windows Implement Physical Intrusion Detection Systems 3.2 Harden mobile devices (iPad) 5.4 6.10, 6.11 Apply the latest Software Updates Enable Auto-lock and Passcode Lock Disable Network Discovery Disable Bluetooth Configure Secure Browser Settings Configure Secure E-mail Settings 3.3 Harden mobile devices (Laptop) 5.4 6,10, 6.11 Set a BIOS Password Set a Login Password Implement full disk encryption ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 180 4.0 Perimeter Defenses 4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance) Change the Default Username and Password Configure a Firewall Create a DMZ Configure NAT Configure VPN Implement Web Threat Protection 4.2 Secure a Wireless Access Point (WAP) 2.1, 2.5, 2.9, 2.10 3.6 5.1 6.2, 6.4, 6.6, 6.7, 6.8, 6.9, 6.11 7.5 8.2, 8.3, 8.4, 8.5 10.4 6.2, 6.10, 6.11 Change the Default Username, Password, and Administration limits Implement WPA2 Configure Enhanced Security o MAC filtering o SSID cloaking o Power Control 5.0 Network Defenses 5.1 Harden Network Devices (using a Cisco Small Business Switch) Change the Default Username and Password on network devices Use secure passwords Shutdown unneeded services and ports Implement Port Security Remove unsecure protocols (FTP, telnet, rlogin, rsh) Implement access lists, deny everything else Run latest IOS version Turn on logging with timestamps Segment Traffic using VLANs 5.2 Implement Intrusion Detection/Prevention (using a Cisco Network Security Appliance) 2.1, 2.9, 2.10, 2.11 5.1 6.4 8.2, 8.4 7.5 Enable IPS protection for a LAN and DMZ Apply IPS Signature Updates Configure IPS Policy ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 181 6.0 Host Defenses 6.1 Harden Computer Systems Against Attack Configure a GPO to enforce Workstation/Server security settings Configure Domain GPO to enforce use of Windows Firewall Configure Domain Servers GPO to remove unneeded services (such as File and Printer Sharing) Protect against spyware and unwanted software using Windows Defender Configure NTFS Permissions for Secure file sharing 6.2 Implement Patch Management/System Updates 2.2, 2.5, 2.6, 2.8, 2.9, 2.10, 2.11, 2.12 7.2 8.3, 8.4 8.3, 8.4 Configure Windows Update 6.3 Perform System Backups and Recovery 7.0 Application Defenses 7.1 Implement Application Defenses Configure a GPO to enforce Internet Explorer settings Configure a GPO for Application Whitelisting Enable Data Execution Prevention (DEP) Configure Web Application Security Configure Parental Controls to enforce Web content filtering 7.2 Implement Patch Management/Software Updates 10.2 2.8 6.3 8.3, 8.4 9.2, 9.4, 9.6 8.3 Configure Microsoft Update 8.0 Data Defenses 8.1 Protect and maintain the integrity of data files Implement encryption technologies Perform data backups and recovery Implement redundancy and failover mechanisms ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 2.2, 2.5, 2.10 3.1, 3.3, 3.4, 3.5, 3.6 6.2, 6.7, 6.10, 6.11 8.2, 8.5 9.3, 9.4 10.1, 10.2, 10.3, 10.4 182 8.2 Protect Data Transmissions across open, public networks Encrypt Data Communications Implement secure protocols Remove unsecure protocols 9.0 Audits and Assessments 9.1 Implement Logging and Auditing Configure Domain GPO Audit Policy Configure Domain GPO for Event Logging 9.2 Review security logs and violation reports, implement remediation 9.3 Review audit reports, implement remediation 9.4 Review vulnerability reports, implement remediation ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 2.2, 2.5, 2.10 3.1, 3.3, 3.4, 3.6 5.4 6.2, 6.7, 6.10, 6.11 8.5, 9.3, 9.4 10.4 2.1, 2.3, 2.5, 2.8, 2.9 8.2, 8.3, 8.4 11.4 4.4, 6.5, 7.5 8.1, 8.4, 9.6, 11.4 4.1, 4.4 7.5, 11.4 11.1 183 Appendix D: CompTIA Security+ (2011 Edition) Exam SY0-301 Objectives The Security + exam tests general knowledge of security concepts, threats, and tools. The exam covers the following topics. # Objective 1.0 Network Security 1.1 Explain the security function and purpose of network devices and technologies Firewalls Routers Switches Load Balancers Proxies Web security gateways VPN concentrators NIDS and NIPS (Behavior based, signature based, anomaly based, heuristic) Protocol analyzers Sniffers Spam filter, all-in-one security appliances Web application firewall vs. network firewall URL filtering, content inspection, malware inspection 1.2 Apply and implement secure network administration principles Rule-based management Firewall rules VLAN management Secure router configuration Access control lists Port Security 802.1x Flood guards Loop protection Implicit deny Prevent network bridging by network separation Log analysis 1.3 Distinguish and differentiate network design elements and compounds DMZ ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro Module.Section 6.3, 6.4, 6.5, 6.7 ,6.8 7.1, 7.5 11.3 2.1, 2.4, 2.12 6.5 7.4 8.5, 8.6 9.5 11.4 2.10 5.5 6.1, 6.3, 6.4, 6.6, 6.9 184 Subnetting VLAN NAT Remote Access Telephony NAC Virtualization Cloud Computing o Platform as a Service o Software as a Service o Infrastructure as a Service 1.4 Implement and use common protocols IPSec SNMP SSH DNS TLS SSL TCP/IP FTPS HTTPS SFTP SCP ICMP IPv4 vs. IPv6 1.5 Identify commonly used default network ports 7.4 9.5 10.5 6.1 7.4 8.5 10.4 6.1 FTP SFTP FTPS TFTP TELNET HTTP HTTPS SCP SSH NetBIOS 1.6 Implement wireless network in a secure manner 6.11 WPA WPA2 WEP EAP PEAP LEAP ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 185 MAC filter SSID broadcast TKIP CCMP Antenna Placement Power level controls 2.0 Compliance and Operational Security 2.1 Explain risk related concepts Control types o Technical o Management o Operational False positives Importance of policies in reducing risk o Privacy policy o Acceptable use o Security policy o Mandatory vacations o Job rotation o Separation of duties o Least privilege Risk calculation o Likelihood o ALE o Impact Quantitative vs. qualitative Risk-avoidance, transference, acceptance, mitigation, deterrence Risks associated to Cloud Computing and Virtualization 2.2 Carry out appropriate risk mitigation strategies Implement security controls based on risk Change management Incident management User rights and permissions reviews Perform routine audits Implement policies and procedures to prevent data loss or theft 2.3 Execute appropriate incident response procedures 2.4 4.1, 4.3, 4.8 7.5 9.5 10.5 4.1, 4.3 5.2 8.5, 8.6 9.1 11.4 4.4 Basic forensic procedures o Order of volatility o Capture system image ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 186 o Network traffic and logs o Capture video o Record time offset o Take hashes o Screenshots o Witnesses o Track man hours and expense Damage and loss control Chain of custody Incident response: first responder 2.4 Explain the importance of security related awareness and training 4.1, 4.5, 4.6, 4.8 8.2 9.1, 9.4 Security policy training and procedures Personally identifiable information Information classification: Sensitivity of data (hard or soft) Data labeling, handling, and disposal Compliance with laws, best practices, and standards User habits o Password behaviors o Data handling o Clean desk policies o Prevent tailgating o Personally owned devices Threat awareness o New viruses o Phishing attacks o Zero day exploits Use of social networking and P2P 2.5 Compare and contrast aspects of business continuity 4.2 Business impact analysis Removing single points of failure Business continuity planning and testing Continuity of operations Disaster recovery IT contingency planning Succession planning 2.6 Explain the impact and proper use of environmental controls 5.3 HVAC Fire suppression EMI shielding Hot and cold aisles Environmental monitoring ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 187 Temperature and humidity controls Video monitoring 2.7 Execute disaster recovery plans and procedures 10.2 Backup / backout contingency plans or policies Backups, execution, and frequency Redundancy and fault tolerance o Hardware o RAID o Clustering o Load balancing o Servers High availability Cold site, hot site, warm site Mean time to restore, mean time between failures, recovery time objectives, and recovery point objectives 2.8 Exemplify the concepts of confidentiality, integrity and availability (CIA) 3.0 Threats and Vulnerabilities 3.1 Analyze and differentiate among types of malware 1.1 7.2 8.1 Adware Virus Worms Spyware Trojan Rootkits Backdoors Logic bomb Botnets 3.2 Analyze and differentiate among types of attacks Man-in-the-middle DDoS DoS Replay Smurf attack Spoofing Spam Phishing Spim Vishing Spear phishing ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 2.11 4.5 6.2 7.2, 7.3 9.1, 9.3, 9.4 188 Xmas attack Pharming Privilege escalation Malicious insider threat DNS poisoning and ARP poisoning Transitive access Client-side attacks 3.3 Analyze and differentiate among types of social engineering attacks 4.5 Shoulder surfing Dumpster diving Tailgating Impersonation Hoaxes Whaling Vishing 3.4 Analyze and differentiate among types of wireless attacks 6.10 Rogue access points Interference Evil twin War driving Bluejacking Bluesnarfing War chalking IV attack Packet sniffing 3.5 Analyze and differentiate among types of application attacks 9.1, 9.2 Cross-site scripting SQL injection LDAP injection XML injection Directory traversal/command injection Buffer overflow Zero day Cookies and attachments Malicious add-ons Session hijacking Header manipulation 3.6 Analyze and differentiate among types of mitigation and deterrent techniques ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 5.1, 5.2 7.4, 7.5 189 Manual bypassing of electronic controls Failsafe/secure vs. failopen Monitoring system logs o Event logs o Audit logs o Security logs o Access logs Physical security o Hardware locks o Mantraps o Video surveillance o Fencing o Proximity readers o Access list Hardening o Disabling unnecessary services o Protecting management interfaces and applications o Password protection o Disabling unnecessary accounts Port security o MAC limiting and filtering o 802.1x o Disabling unused ports Security posture o Initial baseline configuration o Continuous security monitoring o Remediation Reporting o Alarms o Alerts o Trends Detection controls vs. prevention controls o IDS vs. IPS o Camera vs. guard 3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities Vulnerability scanning and interpret results Tools o Protocol analyzer o Sniffer o Vulnerability scanner o Honeypots o Honeynets o Port scanner Risk calculations o Threat vs. likelihood Assessment types o Risk ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 8.1, 8.2, 8.3, 8.6 9.6 11.4 4.3 6.3 7.5 11.1, 11.3 190 o Threat o Vulnerability Assessment technique o Baseline reporting o Code review o Determine attack surface o Architecture o Design reviews 3.8 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning 11.1, 11.2 Penetration testing o Verify a threat exists o Bypass security controls o Actively test security controls o Exploiting vulnerabilities Vulnerability scanning o Passively testing security controls o Identify vulnerability o Identify lack of security controls o Identify common misconfiguration Black box White box Gray box 4.0 Application, Data and Host Security 4.1 Explain the importance of application security 4.7 9.1, 9.6 Fuzzing Secure coding concepts o Error and exception handling o Input validation Cross-site scripting prevention Cross-site Request Forgery (XSRF) prevention Application configuration baseline (proper settings) Application hardening Application patch management 4.2 Carry out appropriate procedures to establish host security Operating system security and settings Anti-malware o Anti-virus o Anti-spam o Anti-spyware o Pop-up blockers ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 2.8 5.2, 5.4 8.1, 8.3 9.1, 9.5 191 o Host-based firewalls Patch management Hardware security o Cable locks o Safe o Locking cabinets Host software baselining Mobile devices o Screen lock o Strong password o Device encryption o Remote wipe/sanitation o Voice encryption o GPS tracking Virtualization 4.3 Explain the importance of data security Data Loss Prevention (DLP) Data encryption o Full disk o Database o Individual files o Removable media o Mobile devices Hardware based encryption devices o TPM o HSM o USB encryption o Hard drive Cloud computing 5.0 Access Control and Identity Management 5.1 Explain the function and purpose of authentication services 3.1, 3.6 5.4 10.3, 10.5 2.10, 2.11 6.11 RADIUS TACACS TACACS+ Kerberos LDAP XTACACS 5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control Identification vs. authentication Authentication (single factor) and authorization Multifactor authentication ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 1.2 2.1, 2.2, 2.3, 2.4, 2.8, 2.9 5.1 8.3, 8.4, 8.5 192 Biometrics Tokens Common access card Personal identification verification card Smart card Least privilege Separation of duties Single sign on ACLs Access control Mandatory access control Discretionary access control Role/rule-based access control Implicit deny Time of day restrictions Trusted OS Mandatory vacations Job rotation 5.3 Implement appropriate security controls when performing account management Mitigates issues associated with users with multiple accounts/roles Account policy enforcement o Password complexity o Expiration o Recovery o Length o Disablement o Lockout Group based privileges User assigned privileges 6.0 Cryptography 6.1 Summarize general cryptography concepts 2.3, 2.5, 2.6, 2.7, 2.8, 2.9 7.2 8.2, 8.4, 8.5 3.1, 3.2, 3.3, 3.4 Symmetric vs. asymmetric Fundamental differences and encryption methods o Block vs. stream Transport encryption Non-repudiation Hashing Key escrow Steganography Digital signatures Use of proven technologies Elliptic curve and quantum cryptography ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 193 6.2 Use and apply appropriate cryptographic tools and products WEP vs. WPA/WPA2 and preshared key MD5 SHA RIPEMD AES DES 3DES HMAC RSA RC4 One-time-pads CHAP PAP NTLM NTLMv2 Blowfish PGP/GPG Whole disk encryption TwoFish Comparative strengths of algorithms Use of algorithms with transport encryption o SSL o TLS o IPSec o SSH o HTTPS 6.3 Explain the core concepts of public key infrastructure 3.1, 3.2, 3.3, 3.4, 3.6 6.11 9.3 10.3, 10.4 3.1, 3.4, 3.5 Certificate authorities and digital certificates o CA o CRLs PKI Recovery agent Public key Private key Registration Key escrow Trust models 6.4 Implement PKI, certificate management, and associated components 3.1, 3.5 6.3, 6.4 Certificate authorities and digital certificates o CA o CRLs PKI Recovery agent Public key ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 194 Private keys Registration Key escrow Trust models ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 195 Appendix E: (ISC)2 SSCP Objectives The SSCP certification exam (2012 edition) covers 7 content domains as follows: # Domain 1.0 Access Control 1.1 Implement Logical Access Controls in Terms of Subjects Module.Section 2.1, 2.3, 2.8 8.4 Requirements for access controls 1.2 Implement Logical Access Controls in Terms of Objects 2.1, 2.3, 2.8 8.4 Requirements for access controls Object groups 1.3 Implement Authentication Mechanisms (e.g., single/multi-factor authentication, single sign-on, offline authentication) 1.4 Apply Access Control Concepts (e.g., least privilege, and separation of duties) 2.2 2.1, 2.4 8.5 Discretionary Access Control (DAC) Non-discretionary Access Control 1.5 Manage Internetwork Trust Architectures (e.g., extranet, third party connections, federated access) 1.6 Implement identity management 2.1, 2.10 6.4 2.12 Provisioning Maintenance Entitlement 1.7 Understand basic security concepts related to cloud computing (e.g., virtualization, data control, storage, privacy, compliance) 2.0 Security Operations & Administration 2.1 Adhere to Code of Ethics 9.5, 10.5 4.8 Understand and comply with (ISC)2 code of ethics Understand and comply with the organizational code of ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 196 ethics 2.2 Perform Security Administrative Duties 4.1 5.2 Maintain adherence to security policies, baselines, standards, and procedures Validate security controls Data classification (e.g., control, handling, categorization) Asset Management (e.g., hardware, software, data) Develop and maintain systems and security control documentation 2.3 Perform Change Management Duties 4.1 5.3 Assist with the implementation of Configuration Management Plan Understand the impact of changes to the environment Test patches fixes and updates (e.g., operating systems, application, SDLC) 2.4 Provide security evaluation and assistance to the organization (e.g., product evaluation, data flow management) 4.1, 4.7 Support certification and accreditation (i.e., security authorization) 2.5 Participate in Security Awareness Education 2.6 Assess the information communication technology infrastructure using appropriate tools (e.g., discovery, security) 4.1 11.1, 11.2, 11.3 Understand the impact of security testing 2.7 Understand the concepts of endpoint device security (e.g., virtualization, thin clients, thick clients, USB devices, mobile devices) 5.4, 6.3, 6.7 8.6, 9.5 10.4 2.8 Comply with data management policies (e.g., storage media (paper or electronic), transmission archiving, retention requirements, destruction, duplication, data lost prevention, social network usage, information rights management (IRM)) 4.1 10.2 2.9 Understand security concepts (e.g., confidentiality, integrity, availability, privacy) 1.1 2.1 ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 197 3.0 Monitoring and Analysis 3.1 Maintain Effective Monitoring Systems (e.g., continuous monitoring) 7.5 11.3, 11.4 Monitor Intrusion Detection/Prevention Systems Monitor event correlation systems (e.g., SIM, SEM, SIEM) Review systems for unauthorized changes (i.e., file integrity checkers, honeypots, unauthorized connections) Monitor deviations from normal activity (e.g., white lists, anomaly detection, profiling) Install and configure agents and management systems 3.2 Analyze Monitoring Results (e.g., review and analysis of log and reports, false positives, communicate findings) 4.0 Risk, Response, and Recovery 4.1 Understand Risk Management Process Understand risk management concepts (e.g., impacts, threats, vulnerabilities) Participate in risk assessment Support mitigation activity (e.g., safeguards, countermeasures) Address audit findings 4.2 Perform Security Assessment Activities Scan for vulnerabilities Participate in penetration testing Review security configurations of infrastructure Interpret results of scanning and testing 4.3 Participate in incident handling analysis 7.5 11.4 4.3 6.8 10.1 5.1 8.6 11.1, 11.2 4.4 Understand the concepts of incident handling (e.g., discovery, escalation, reporting) Understand the concept of forensic investigations (e.g., first responder, evidence handling, chain of custody, preservation of scene) Participate in the implementation of countermeasures 4.4 Understand and Support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 4.2 198 Understand the Components of a Business Continuity Plan (BCP) Understand and support Disaster Recovery Plan (DRP) 5.0 Cryptography 5.1 Understand basic concepts of Cryptography (e.g., hashing, encryption mechanisms, performance) 3.1, 3.2, 3.3 Install and maintain cryptographic systems 5.2 Understand Requirements for Cryptography (e.g., data sensitivity, regulatory requirements, end-user training) 5.3 Support Certificate and Key Management 3.1, 4.6, 10.4 3.1, 3.5 Understand basic key management concepts (e.g., public key infrastructure) Administration and validation (e.g., key creation, exchange, revocation, escrow) 5.4 Understand the use of Secure Protocols (e.g., difference in implementation, appropriate use) 3.6 9.3 Support the implementation of secure protocols (e.g., IPSec, SSL/TLS, S/MIME) 6.0 Networks and Communications 6.1 Understand Security issues related to Networks 6.1, 6.3, 6.9 OSI and TCP/IP Models Network topographies and relationships (e.g., token ring, star, bus, Ethernet) Commonly use ports and protocols Admission control (e.g., NAC, remediation, quarantine) Network security concepts (e.g., address translation, defense in depth, IP addressing) 6.2 Understand Telecommunications 5.5 Technology (e.g., VoIP, facsimile, PSTN) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 199 Common Vulnerabilities 6.3 Understand Remote Access 2.10 6.7 Technology (e.g., think client, SSL/VPN) Common Vulnerabilities 6.4 Understand Firewalls & Proxies 5.6 6.5 Methods (e.g., application filtering, packet filtering, stateful/stateless inspection) Types (e.g., host based, network based) Common Vulnerabilities 6.5 Understand Wireless and Cellular Technologies 6.10, 6.11 Protocols (e.g., WPA, WPA2, TKIP) Technology (e.g., Bluetooth, RFID, 802.11, WiMax, GSM, 3G, NFC) Common Vulnerabilities 7.0 Malicious Code and Attacks 7.1 Identify Malicious Code (e.g., virus, worms, Trojan horses, logic bombs) 8.1 9.1, 9.3 Understand the concepts of rootkits Understand types of malware (e.g., spyware, scareware, ransomware) Understand the concepts of Trapdoors & Backdoors Understand the concepts of Botnets Understand the concepts of Mobile Code 7.2 Implement Malicious Code Countermeasures Scanners (e.g., heuristic, integrity checker, signatures) Deploy and manage anti-malware Containment & Remediation Software Security (e.g., code signing, application review, server side input validation) 7.3 Identify Malicious Activity (e.g., social engineering, insider threat, data theft, DDoS, spoofing, phishing, pharming, spam) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 7.5 8.1 9.4 4.5 6.2 8.1 200 9.1, 9.3 Understand malicious web activity (e.g., cross site scripting, cross site request forgery, injection, social networking attacks) Understand the concept of zero day exploits Understand the concept of Advanced Persistent Threat (APT) 7.4 Implement Malicious Activity Countermeasures (e.g., user awareness, system hardening) ©2013 TestOut Corporation (Rev 1/13) LabSim Security Pro 8.1, 9.1 201
