1 / 80

Teaching the New Security+ SY0-301 Exam

Teaching the New Security+ SY0-301 Exam. Presenter. Mark Ciampa, PhD Western Kentucky University Author Security+ Guide to Network Security Fundamentals 4e (July 2011) m ark.ciampa@wku.edu. Agenda. Update on Security Security Certifications SY0-301 Security+ Exam CompTIA Changes.

april-hamilton
Télécharger la présentation

Teaching the New Security+ SY0-301 Exam

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Teaching the New Security+ SY0-301 Exam

  2. Presenter • Mark Ciampa, PhD • Western Kentucky University • Author Security+ Guide to Network Security Fundamentals 4e (July 2011) • mark.ciampa@wku.edu

  3. Agenda • Update on Security • Security Certifications • SY0-301 Security+ Exam • CompTIAChanges

  4. Update on Security

  5. $9.3 Billion • Nigerian 419 Advanced Fee Fraud ("419" is the Nigerian criminal code that addresses fraud) • Over $41 billion dollars have been lost by victims in this scam, with $9.3 billion lost in one year • FBI says scam was the #1 type of Internet fraud last year and is growing at a rate of 5% annually

  6. Cybercrime Report • 431 million adults experienced cybercrime in last year • 1+ million daily victims (14 each second) • 79% Internet users online 49+ hours per week been victims • 1 in 2.27 = odds consumer become cybercrime victim • $388 billion total cost cybercrime

  7. Command & Control • Twitter - Use status messages to send out new links to contact, then these contain Base64 encoded commands • Facebook - Use note • Gmail - Malware has account info hardcoded and transmits using SSL; zombies leave draft saved in dynamic area quickly overwritten

  8. Barry’s WiFi • Get even with neighbors • Broke WiFi WEP encryption • Created fictitious MySpace page with the husband's name on it and posted picture of child pornography • Included note that husband was a lawyer and could get away "doing anything“

  9. Barry’s WiFi • Barry e-mailed the same pornography to the husband's co-workers • Sent flirtatious e-mail to women in the husband's office • Sent threatening e-mails to the Vice President from husband's Yahoo account saying he was a terrorist and would kill the VP

  10. Barry’s WiFi • Husband’s law office hired forensics investigator installed a protocol analyzer • In data surrounding threatening VP e-mail was Barry's name and account information • FBI searched Barry's house, found evidence also done the same to a previous neighbor

  11. Barry’s WiFi • Offered 2-year sentence but turned it down, so prosecutors piled on more charges • Pled guilty and sentenced to 18 years in prison and to forfeit his house • Defense was he sharing a jail cell with a double-murderer who was "terrorizing" him

  12. Security Certifications

  13. Vendor Security Certs • Cisco – Several security certifications • Entry-level Cisco Certified Network Associate (CCNA) Security • Intermediate Cisco Certified Network Professional (CCNP) Security • Advanced Cisco Certified Internetwork Expert (CCIE) • Check Point - Multi-level certification program on knowledge/skills using their network protection products

  14. Vendor Security Certs • Red Hat – Several security and related certs • Red Hat Certified System Administrator (RHCSA) • Red Hat Certified Engineer (RHCE) • Red Hat Certified Security Specialist (RHCSS) • Microsoft - No longer offers specific security certifications but many certs include security components in context of Microsoft products • Microsoft Certified Technology Specialist (MCTS) • Microsoft Certified IT Professional (MCITP)

  15. Vendor Security Certs • IBM • Oracle • RSA • Symantec • Guidance Software • Fortinet • Sourcefire • Websense

  16. Neutral Security Certs • EC-Council - Several types certifications • Certified Ethical Hacker • Computer Hacker Forensics Investigator • Licensed Penetration Tester • Certified Security Analyst • Network Security Administrator • Requires background checks, ethics, and professionalism, in addition to training and exams

  17. Neutral Security Certs • ISACA - International professional association focuses on IT governance • Certified Information Security Manager (CISM) • Certified Information Systems Auditor (CISA) • Certified in Risk and Information Systems Control (CRISC) certs • Significant experience requirements

  18. Neutral Security Certs • ISC2 • Systems Security Certified Practitioner (SSCP) • Certified Information Systems Security Professional (CISSP) • 3 CISSP concentrations (Architecture, Engineering, and Management) and others • SSCP covers 7 of Common Body of Knowledge (CBK) domains while CISSP covers all domains

  19. Neutral Security Certs • SANS - Global Information Assurance Certification (GIAC) program • GIAC Information Security Fundamentals (GISF) • GIAC Security Essentials Certification (GSEC) • Certs intended those responsible for designing, implementing, and maintaining a high-tech security infrastructure, which may include incident handling and emergency response team management

  20. CompTIA SY0-301

  21. CompTIA Security+ • Still premier entry-level security certification • May serve as requirement or acceptable substitute in several other certs (EC-Council, Microsoft, others) • 65,000+ certified individuals • Now accredited by International Organization for Standardization (ISO) and American National Standards Institute (ANSI)

  22. SY0-101 (2001-2008)

  23. SY0-201 (2008-2011) • Security+ 2008 Edition Exam (SY0-201) went live October 2008 • Significant differences between SY0-101 (2002) and SY0-201 (2008) exam objectives

  24. SY0-201 (2008-2011)

  25. SY0-201 How-To Material • Some objectives stated more importance on knowing “how to” rather than just knowing or recognizing security concepts • “Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges (3.3)” • “Apply appropriate security controls to file and print resources (3.4)”

  26. SY0-201 How-To Material • “No multiple choice exam is really going to test for “hands-on” skills.  On the other hand, as I mentioned in my previous notes to courseware providers, I notice a difference in emphasis in the new exam objectives from the old ones, in that there is more emphasis on implementing or applying than strictly on knowing…the questions written for this exam will require people to know what to do, versus just knowing what something is” -Carol Balkcom, CompTIA Product Manager Security+

  27. Question Type A user wants to implement secure LDAP on the network. Which of the following port numbers secure LDAP use by default? A. 53 B. 389 C. 443 D. 636

  28. Question Type When should a technician perform penetration testing? A. When the technician suspects that weak passwords exist on the network B. When the technician is trying to guess passwords on a network C. When the technician has permission from the owner of the network D. When the technician is war driving and trying to gain access

  29. Question Type A programmer has decided to alter the server variable in the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed? A. Change management B. Secure disposal C. Password complexity D. Chain of custody

  30. Question Type An administrator has implemented a new SMTP service on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the server’s public IP address is now reported in a spam real-time block list. Which of the following is wrong with the server? A. SMTP open relaying is enabled. B. It does not have a spam filter. C. The amount of sessions needs to be limited. D. The public IP address is incorrect.

  31. SY0-301 • SY0-301 went live May 2011 • Significant evolutionary differences between SY0-201 and SY0-301 exam objectives • SY0-201 retired end of 2011

  32. SY0-301

  33. Updated Domains • Only domain remained unchanged in name/focus was Cryptography (dropped weight from 15% to 11%) • All other domains renamed and repurposed

  34. Updated Topic: Risk • Need to know key strategies • Acceptance • Deterrence • Mitigation • Transference • Calculated either qualitatively or quantitatively

  35. Updated Topic: Wireless • Evil twin attacks • WIDS (Wireless Intrusion Detection System) and WIPS (Wireless Intrusion Prevention System) • Specifics of WPA2/802.11i) and CCMP

  36. New Topic Examples • Cryptography • Data loss prevention (DLP) • Cloud computing

  37. Elliptic Curve Cryptography • Instead of using large prime numbers ECC uses sloping curves • An elliptic curve is a function drawn on an X-Y axis as a gently curved line • By adding the values of two points on the curve, a third point on the curve can be derived

  38. Elliptic Curve Cryptography

  39. Elliptic Curve Cryptography • With ECC users share one elliptic curve and one point on the curve. • One user chooses a secret random number and computes a public key based on a point on the curve; the other user does the same. • They can now exchange messages because the shared public keys can generate a private key on an elliptic curve

  40. Elliptic Curve Cryptography • ECC considered alternative for prime-number based asymmetric cryptography for mobile and wireless devices • Because mobile devices are limited in terms of computing power due to their smaller size, ECC offers security that is comparable to other asymmetric cryptography but with smaller key sizes • Can result in faster computations and lower power consumption

  41. NTRUEncrypt Cryptography • A relatively new asymmetric cryptographic algorithm • Uses a different foundation than prime numbers or points on a curve (ECC) • Uses lattice-based cryptography that relies on a set of points in space

  42. NTRUEncrypt Cryptography

  43. Data Loss Prevention • DLP is system of security tools used to recognize and identify data that is critical to the organization and ensure that it is protected • Protection involves monitoring who is using the data and how it is being accessed • DLP’s goal is to protect it from any unauthorized users • DLP is sometimes called Data Leak Prevention

  44. Data Loss Prevention • DLP typically examines data as it resides in any of three states: • Data in use (actions being performed by “endpoint devices” such as printing a report from a desktop computer) • Data in motion (actions that transmit the data across a network like a file being retrieved from a server) • Data at rest (data that is stored on a DVD or other media) • Data that is considered critical to the organization or needs to be confidential can be tagged as such

  45. Data Loss Prevention • Most DLP systems use content inspection (a security analysis of the transaction within its approved context) • Content inspection looks at not only what the security level of the data, but also who is requesting it, where the data is stored, when it was requested, and where it is going • All done from a centralized management framework

  46. Data Loss Prevention • DLPs can be configured to look for specific data (such as Social Security and credit card numbers), lines of computer software source code, words in a sequence (to prevent a report from leaving the network), maximum file sizes, and file types • Each host (desktop, wireless laptop, smartphone, gateway server) runs a local DLP agent, which is sent over the network to the devices and runs as an OS service • DLP agent continuously monitors the host to identify sensitive data within files

  47. Data Loss Prevention • Scan different types of storage devices (USB flash drive, card readers, hard disk drives, CDs and DVDs) • Read inside compressed (ZIP) files and binary files (such as Microsoft Office non-XML files) • Monitor multiple protocols (including HTTP, SMTP, POP, IMAP, FTP and Telnet) • When a policy violation is detected can block data, redirect it to person to examine request, quarantine data until later, or alert a supervisor of the request.

  48. Data Loss Prevention

  49. Data Loss Prevention

  50. Cloud Computing • Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction • Cloud computing can be understood when it is compared to a similar model known as hosted services

More Related