CompTIA Server+ Online Learning

Description

Module 1 – Security Threats and Controls

• Security Controls • Why is Security Important? • Security Policy • Security Controls • Identification • Authentication • Authorization • Basic Authorization Policies • Accounting
• Threats and Attacks • Vulnerability, Threat, and Risk • Social Engineering • Phishing • Malware • Trojans and Spyware • Preventing Malware • Anti-Virus Software • Removing Malware
• Network Attacks • Network Fundamentals • Sniffers and Protocol Analyzers • ARP Attacks • IP Spoofing and Hijacking • Network Mappers and Port Scanners • Denial of Service Attacks
• Assessment Tools and Techniques • Vulnerability Assessments and Pentests • Security Assessment Techniques • Vulnerability Scanners • Honeypots and Honeynets

Module 2 – Cryptography and Access Control

• Cryptography Uses of Cryptography • Cryptographic Terminology and Ciphers • Encryption Technologies • Cryptographic Hash Functions • Symmetric Encryption • Asymmetric Encryption • Diffie-Hellman • ECC and Quantum Cryptography • Transport Encryption • Cryptographic Attacks • Steganography • Labs • Steganography
• Public Key Infrastructure • PKI and Certificates • Certificate Authorities • Implementing PKI • Creating Keys • Key Recovery Agents • Key Status and Revocation • PKI Trust Models • Cryptographic Standards • PGP / GPG • Labs • Configuring Certificate Services
• Password Authentication • LAN Manager / NTLM • Kerberos • PAP and CHAP • Password Protection • Password Attacks
• Strong Authentication • Token-based Authentication • Biometric Authentication • Common Access Card • Extensible Authentication Protocol • RADIUS and TACACS+ • Federation and Trusts
• Authorization and Account Management • Privilege Policies • Directory Services • Lightweight Directory Access Protocol • Windows Active Directory • Creating and Managing User Accounts • Managing Group Accounts • Account Policy Enforcement • User Rights, Permissions, and Access Reviews

Module 3 – Network Security

• Secure Network Design • Secure Network Topologies • Demilitarized Zones • Other Security Zones • Network Device Exploitation • Switches and VLANs • Switch Vulnerabilities and Exploits • Routers • Network Address Translation
• Security Appliances and Applications • Basic Firewalls • Stateful Firewalls • Proxies and Gateways • Implementing a Firewall or Gateway • Web and Email Security Gateways • Intrusion Detection Systems • IDS Analysis Engines • Monitoring System Logs
• Wireless Network Security • Wireless LANs • WEP and WPA • Wi-Fi Authentication • Additional Wi-Fi Security Settings • Wi-Fi Site Security
• VPN and Remote Access Security • Remote Access • Virtual Private Networks • IPSec • Remote Access Servers • Remote Administration Tools • Hardening Remote Access Infrastructure
• Network Application Security • Application Layer Security • DHCP Security • DNS Security • SNMP Security • Storage Area Network Security • IPv4 versus IPv6 • Telephony

Module 4 – Host, Data, and Application Security

• Host Security • Computer Hardening • Host Security Management Plan • OS Hardening • Patch Management • Endpoint Security • Network Access Control • Labs • Network Access Protection
• Data Security • Data Handling • Data Encryption • Data Loss Prevention • Backup Plans and Policies • Backup Execution and Frequency • Restoring Data and Verifying Backups • Data Wiping and Disposal
• Web Services Security • HyperText Transport Protocol • SSL / TLS • Web Servers • Load Balancers • File Transfer
• Web Application Security • Web Application Technologies • Web Application Databases • Web Application Exploits • Web Application Browser Exploits • Secure Web Application Design • Auditing Web Applications • Web Browser Security
• Virtualization and Cloud Security • Virtualization Technologies • Virtual Platform Applications • Virtualization Best Practices • Cloud Computing • Risks of Cloud Computing

Module 5 – Operational Security

• Site Security • Site Layout and Access • Gateways and Locks • Alarm Systems • Surveillance • Hardware Security • Environmental Controls • Hot and Cold Aisles • RFI / EMI • Fire Prevention and Suppression
• Mobile and Embedded Device Security • Static Environments • Mitigating Risk in Static Environments • Mobile Device Security • Mobile Device Management • BYOD Concerns • Mobile Application Security • Bluetooth and NFC
• Risk Management • Business Continuity Concepts • Risk Calculation • Risk Mitigation • Integration with Third Parties • Service Level Agreements • Change and Configuration Management
• Disaster Recovery • Disaster Recovery Planning • IT Contingency Planning • Clusters and Sites
• Incident Response and Forensics • Incident Response Procedures • Preparation • Detection, and Analysis • Containment • Eradication, and Recovery • Forensic Procedures • Collection of Evidence • Handling and Analyzing Evidence
• Security Policies and Training • Corporate Security Policy • Operational Policies • Privacy and Employee Policies • Standards and Best Practice • Security Policy Training and User Habits