IT Security Fundamentals: CompTIA Security+ 2015

Learn what Security+ is by understanding how to build, manage, and protect the critical asset that is the network.
4.0 (323 ratings) Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
5,238 students enrolled
$19
$200
90% off
Take This Course
  • Lectures 442
  • Length 24.5 hours
  • Skill Level All Levels
  • Languages English, captions
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works

Discover

Find online courses made by experts from around the world.

Learn

Take your courses with you and learn anywhere, anytime.

Master

Learn and practice real-world skills and achieve your goals.

About This Course

Published 10/2015 English Closed captions available

Course Description

Welcome to IT Security Fundamentals: CompTIA Security+ 2015 from LearnSmart.

With the skills you gain here, you’re equipped to pursue the Security+ certification from CompTIA.

The Security+ Certification by CompTIA is an international and vendor-neutral certification that has been endorsed and recognized by industry computing manufacturers and organizations. This course provides foundational knowledge of the principles, techniques, and tools needed to successfully prepare for the SY0-401 exam. With the skills you gain here, you’re equipped to pursue a number of security certifications including the Security+ from CompTIA and the CEH from EC-Council.

The CompTIA Security+ certification is paramount to organizations as cloud computing and mobile devices have changed the way we do business. With the massive amounts of data transmitted and stored on networks throughout the world, it’s essential to have effective security practices in place. Gain the right skills to secure a network and deter hackers and you’re ready for the job.

This course also qualifies as Continuing Education Units (CEUs). If you're up for renewal, you can earn CEUs through this series and additional courses. Please see the CompTIA Security+ Continuing Education Options for a complete rundown of those courses. With this course you will be able to claim 41 CEUs.

The sections listed below are can be taken in any order, as a review of a particular concept or exam domain. However, if you are just becoming familiar with the monitoring the system and how hackers gain access, it is recommended that you view the courses sequentially.

Note: This course covers many of the same concepts taught in our "IT Security and Ethical Hacking" course. Most customers will want to purchase one or the other but likely not both.

Course Overview:

This course is designed to prepare the student for the Security+ certification. Students will take a look at network security standards and the organizations that create them. We have paired this course with demos that will help give a visual example of the concepts that will be talked about.

In this course, you will learn the network infrastructure services for the CompTIA Security Plus certification exam. The topics that will be covered include: Introduction to Ethical Hacking, Penetration Testing, System Hacking, Spyware & Keyloggers, Trojans and Backdoors, Viruses and Worms, Denial of Service, Hacking Web and App Servers, SQL Injections, Session Hijacking, Buffer Overflows, Cross-Site Scripting, Hacking Wireless Networks, Mobile Hacking Basics, Wireless Types and Vulnerabilities, Advanced Exploitation Techniques and much more. These courses are paired with a variety of demos and quizzes giving a real world look at some of the concepts that will be discussed.

Course Breakdown:

Section 1: In the pre-assessment quiz you'll face questions from all sections of this Security+ Certification training. Test your current knowledge and know your strengths and weaknesses.

Sections 2: Be introduced to various concepts on ethical hacking. We will be talking about vulnerabilities, exploits, defense strategy, penetration testing, pentest types and methodology, vulnerability management, incident management, and security policy development.

Section 3: Be able to identify a risk and the effect that it has on daily operations. You will gain an understanding of Disaster Recovery, be able to define what a disaster is, rank a disaster, and create a plan that will define how to recover from a disaster, as well as, successfully recovering your data.

Section 4: Business continuity plans are important if the organization wishes to continue its normal operations in disasters, whether it is man-made or natural. Business continuity plans study all kinds of threats and estimates the damage resulting from those threats. Delve further into the development process for a business continuity plan, and learn all the necessary steps that are involved in initiating the plan as well.

Section 5: Pentesting is an intentional attack on a system to discover security weaknesses. These can be left either by the security officer or the security controls. At the end of this section we will have reviewed security and vulnerability assessment, and the differences between automatic and manual testing.

Section 6: Watch in-depth demos on several of the vulnerability assessment tools that are available, as well as in-depth discussions on the benefits of these tools. We will be able to create a comprehensive VA program, identify key vulnerabilities, and perform mitigation actions before those vulnerabilities can be exploited

Section 7: Traditional cryptography uses a secret key for encrypting and decrypting a message. This is also known as a symmetric key. In public key cryptography, the CA creates private and public keys using the same algorithm, but it functions asymmetrically Learn the steps to create and manage a public key infrastructure, and the relationship between public key infrastructures and certificate authority, as well as both traditional cryptography and public key cryptography, the implementation of certificates, and managing certificates.

Section 8: Cryptography is the science of writing in secret code and is considered an ancient art. Learn weaknesses in cryptography and ways to improve your security. We will also cover the use of symmetric and asymmetric keys and the use of hybrid keys, as well as the use of hashing algorithms and digital signatures.

Section 9: Whenever we login to a computer system, we provide information to identify ourselves. We refer to this as authentication. Authentication has been developed to contain more than just username and password because we want added layers of security. Learn about authentication factors, forms of authentication, and authentication protocols.

Section 10: Social engineering is the art of extorting employees for information. It can take the form of human-based or digital. Learn what social engineering is, who's at risk, and how to protect and educate your employees against social engineering.

Section 11: Network scanning is the scanning of public or private networks to find out which systems are running, their IP addresses, and which services they are running. In Network Scanning, you will learn techniques for private and public network scanning using various tools. Accompanied with in-depth demos and discussions on how to use Angry IP, Nmap, Hping, and Zmap network scanners. Through this, you will learn the steps to network scanning, how to draw a network map, and plan an attack accordingly.

Section 12: When a port is scanned on a server, the port returns a response indicating that the it is open and a service is listening. Gain key port scanning methods and techniques, port scanning tools, and port scanning countermeasures.

Section 13: Ensure that you know everything involved in securing a Windows system against attack. You'll get into Windows passwords — how they’re created, how they’re stored, and different methods used to crack them. You’ll discover different methods used for guessing passwords and breaking the different security methods used within the Windows operating system.

Section 14: You will take a good look at spyware, the activities it performs, different types of spyware, and the countermeasures needed in order to prevent hackers from utilizing these types of techniques against your company. Understand the three different types of keyloggers that we see used in today's environments: hardware, software, and kernel/driver keyloggers.

Section 15: As an ethical hacker, there are times when you need to hide software from the company that you are performing the test against in order to verify that the defensive strategy isn't able to find your software. Trojans and Backdoors is the section where our software is going to be going undercover.

Section 16: You will discover what viruses and worms are and how they can infect computers and systems. You’ll study their nature, how they function, and their impact. You will also spend time going through discussions on varieties of each, along with some real life examples. Refine your understanding of viruses and worms to better your system.

Section 17: Cover the basics of packet sniffing, ARP cache poisoning, DNS spoofing, SSL sniffing, VoIP phone calls, and sniffing remote desktop connections. This is coupled with demos on Wireshark, ARP poisoning, and XARP.

Section 18: There are various ways that attackers have at their disposal to cover any tracks that may lead to their unwanted eviction, or worse yet, to an audit trail that would lead directly back to them. Learn about disabling auditing during or after an event, steps to take once it is disabled, and destroying any evidence. We will be going over various ways to avoid detection on Linux machines, and this will include several in-depth demos on various operations for the Linux machines.

Section 19: Become familiar with the following concepts: denial-of-service, distributed denial-of-service, and how the denial-of-service and distributed denial-of-service attacks take place. Gain different countermeasures, so that you can plan, prepare, and establish the relevant countermeasures to protect your organization.

Section 20: Hacking Web and Application Servers, is a section course that will give you a good idea about vulnerabilities and attacks available for web servers and web applications. Understand various ways to collect information from web servers, application server attacks, and finding vulnerabilities in a server.

Section 21: SQL injection is the most used of all attacks. In this section understand SQL injection methodology, attacks, buffer overflow exploit, testing for SQL injection, countermeasures, and detection tools.

Section 22: Have you heard the words session hijacking? Simply put, it is defined as an intruder taking over a genuine session between two computers and using it for sinister purposes. Learn details about session hijacking, well-known techniques employed by aggressors, the steps involved in session hijacking, various types of session hijacking, tools for hijacking sessions, ways you can protect yourselves from session hijacking, and how pentesting can be used to identify vulnerabilities.

Section 23: Buffer overflow occurs when you try to store more data than what the allocated buffer or storage area can hold. In this section you will be introduced to the concepts of buffer overflows, how they happen, and how attackers take advantage of them. You will also learn how to defend against buffer overflow attacks, and what security measures you can take to protect your data.

Section 24: As a security tester or security analyst, it is important that you are aware of cross-site scripting vulnerabilities and how they may be exploited by attackers. We gain a comprehensive understanding of cross-site scripting, you will learn how to prevent it, and how you can test to identify cross-site scripting vulnerabilities. You will also learn what cross-site scripting is and what the different types of cross-site scripting you may come across.

Section 25: Wireless attacks have become so easy even unskilled people with little computer literacy can accomplish them. This is because of the many automated tools available to perform this hack. In the section Hacking Wireless Networks, we will not be focusing on weaknesses of your wireless networks or how to protect them; instead, we will focus on how to gain access to a wireless network.

Section 26: Mobile security is a challenge. Not many of us realize the extent of the threat nor do we realize the ease in which we are hacked. At the end of this section, we want you to walk away today with that understanding. Learn the areas of IT that need to be considered when looking at security for your mobile devices.

Section 27: Wireless networks enable people to communicate and access applications and information without wires. This provides freedom of movement and the ability to extend applications to different parts of a building, city, or nearly anywhere in the world. In this section you will learn about wireless types and vulnerabilities. We will discuss different standards, systems, and attacks. This will be paired with demos on InSSIDer, Jammer, Fake AP, and Capsa.

Section 28: What kind of security measures do you take to protect your facilities, equipment, resources, personnel, and property from damage caused by unauthorized access? Security is very important to any organization and physical security is no exception. Learn the physical security planning process, how to protect assets, internal support systems, and perimeter security.

Section 29: Discuss what firewalls and honeypots, and also how attackers get around these preventive programs. You will learn about the different types of firewalls and how they may be evaded.

Section 30: Intrusion Detection System (IDS) is a device or software that monitors network activities and system activities. While monitoring, it looks for suspicious activities and security policy violations. In this section review the vulnerabilities in an IS, types of IDS, types of evasion, techniques used to evade IDS, IDS tools, and how to carry out penetration testing so you can put a prevention plan in place.

Section 31: Exploit is a common term in the computer security community that refers to a piece of software that takes advantage of a bug or glitch. Learn what advanced exploitation techniques are and how you can use them in your penetration testing.

Section 32: Handling incidents often needs preparation. There are plans and procedures to be taken, and drills to prepare the team. A successful handling team can prevent loss of money for an organization in the case of incident. It is an investment rather than a cost if it is done correctly. Be able to recognize what an incident is and where they potentially come from along with the steps to handling incidents and implementing those steps into your everyday policies and procedures.

Section 33: Today’s threats and cyber intelligence have made it mandatory for us to use devices for protection. Threats can come from inside our network and the internet. This makes it so that a firewall alone is not sufficient. We need to design a secure network. Learn of the many security devices that you have at your disposal, with an in-depth discussion on firewalls and their uses. Included in this course will be detailed demos on Firewall and Proxy, NAT, DMZ, and IDS-IPS.

The content in this course comes from CompTIA Security+ (SY0-401) exam certification topics.

Recommendations:

Learn from others! Here are some reviews from participants (Click on reviews to see full list of reviews)

  • Great Material - This course is a great reference and way to refresh your skills for the new Net+ exam! I needed a good refresh before taking the exam and this course is clearly laid out and copiously covers the material for the exam. Great course, well worth the money! -- M.B.
  • Perfect Course - Not only do you get great lectures that are pretty much PowerPoints with an instructor teaching you the concepts, there are also Demo lectures that show you how each of the concepts works in real life. This is such valuable information to have when taking the test. I feel very confident that this course is the best Network+ course on Udemy. -- D.R. Jr.
  • A Complete Jumpstart - What has impressed me the most is the depth of the content to this coarse. Each HD video is crystal clear in both the visual and audio, even including quality closed captioning (great for reading along with the lectures). I wasn't interested in the flashcards or the crossword puzzles when I started the program, but I've found them to be very useful in staying engaged in the class when away from home. This is everything you need to get started and have a classroom quality experience from home. Dive in and stay focused! -- P.C.

What are the requirements?

  • No prerequisites for this course - A computer with Internet
  • Generic knowledge about Network+ and Security+ is helpful, but not necessary w/this lifetime access! This is a great starting place
  • The majority of the tools used in this series must be run on a Windows machine. There might be a MAC equivalent, but the tools demonstrated were all run on a Windows machine.

What am I going to get from this course?

  • Upon completion of this course, students will have a basic introduction to information technology security and its various concepts.
  • Expand your knowledge on the various concepts of Security+
  • Be introduced to various concepts on ethical hacking. We will be talking about vulnerabilities, exploits, defense strategy, penetration testing, pentest types and methodology, vulnerability management, incident management, and security policy development
  • Be able to identify a risk and the effect that it has on daily operations. You will gain an understanding of security measures and how they are implemented, as well as, the importance and the process of managing risk in your environment.
  • Delve further into the development process for a business continuity plan, and learn all the necessary steps that are involved in initiating your plan.
  • Learn what kind of risks computer-based attacks and social media present and know how to create a security policy, and how to deal with the threat of human-based attacks from both outside and inside the company
  • Learn about Cryptopgraphy and their weaknesses in cryptography and ways to improve your security.
  • Ensure that you know everything involved in securing a Windows system against attack.
  • Test your knowledge and skills. Prove to yourself, and others, that you are ready ​CompTIA Security+ (​SY0-401) Exam
  • Watch in-depth demos that take you step by step on ensuring the top security for you and your networks.

What is the target audience?

  • This course is intended for individuals looking to expand their knowledge of different IT Security principals.
  • Professionals who would like to prepare themselves for the CompTIA Security+ (​SY0-401) certification exam.
  • If you are a Network Administrator, Security Administrator, System Administrator, Security Engineer, Security Architect, Information Assurance Professional -- -- this course reviews basic and important concepts that these professionals are expected to know and execute on a daily basis.
  • Security+ helps IT Professionals around the world advance their careers. Don't just take our word for it
  • Required to fulfill Continuing Education Units? Looking to maintain your Certification? With in this course you can claim 41 CEUs
  • LearnSmart is accredited and in the CompTIA Authorized Partner Program
  • Please review our course map to see just how we align and partner with CompTIA in providing this training: https://drive.google.com/open?id=0B-bU4vzmt_NyX2NSelc0X1ZBcEE

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.

Curriculum

Orientation Video
Preview
01:13
Section 1: Pre-Assessment
7 questions

The topics covered in these lectures directly align with the certified ethical hacker exam objectives as published by EC-Council®. These sections can be taken in any order, as a review of a concept or knowledge area.

However, if you are just becoming familiar with CEH and the EC-Council®, it is recommended that you view the sections sequentially.

Quizzes in your LearnSmart Online Training help you determine your level of command of the material covered in this training course. This Pre-Assessment quiz is designed so that you will be able to see the progression you have as you complete the course. Whether you have pre-existing knowledge or not, the answers given do not effect any scores or required for certification, but helps get you ready and in the mind-set of what this course will be covering.

Section 2: Introduction to Ethical Hacking
10:00

Introduction to Ethical Hacking, will be introducing you to various concepts on ethical hacking. You will learn about vulnerabilities, exploits, defense strategy, penetration testing, and pentest types and methodology. You will also learn about vulnerability management, incident management, and security policy development.

This lecture will discuss the topics to be covered within Introduction to Ethical Hacking, as well as its implementations within the hacking world.


Topics Covered Include:
  • Hacking
  • Ethical Hacking
  • Vulnerability
  • Exploits
06:58

Vulnerability management is a continuous practice involving scanning for vulnerabilities, classifying them, putting steps to remediate them, and working to mitigate the risk due to vulnerabilities. So, a vulnerability can pose a risk to the organization and the organization works to remediate and/or mitigate it.

This lecture will discuss the vulnerabilities within ethical hacking, as well as several topics related to hacking vulnerabilities.

Topics Covered Include:
  • Confidentiality
  • Integrity
  • Availability
  • Malware
03:25

The principle of defense­-in­-depth is layered security mechanisms. The layered security enhances the security of the system as a whole. During an attack, if one layer gets impacted, other layers can still “hold down the fort.” Implementing defense-­in­-depth strategy is not an easy mechanism. Implementing this approach could add to the complexity of the system.

This lecture will discuss the components of Defence-in-depth, as well as how to implement it within ethical hacking.


Topics Covered Include:
  • Data Layer
  • Host Level
  • Defence-in-depth
07:28

The purpose of a penetration test is to test the security implementations and policy of an organization. The goal is to see if the organization has implemented security measures as specified in the security policy. A penetration test normally uses the same methods a hacker uses to gain unauthorized access to a network or system with a view to compromise them.

This lecture will discuss the components within penetration testing, as well as why it it used within ethical hacking.

Topics Covered Include: 

  • Penetration Test
  • Penetration Testing
  • Methodology
05:17

This lecture will show one of four demonstrations on how to carry out a Penetration Test.

02:20

This lecture will show the second of four demonstrations on how to carry out a Penetration Test.

03:10

This lecture will show the second of four demonstrations on how to carry out a Penetration Test.

04:56

This lecture will show the second of four demonstrations on how to carry out a Penetration Test.

02:37

Penetration Testing is one form of ethical hacking; when you try to penetrate into a system or network, if you are not successful, what would you do? Be happy! You're happy that you couldn't find any vulnerability. But don't stop there. Think like a hacker. Penetration testing methodology will allow you to do so.

This lecture will discuss the tools within Pentesting Methodology, and how they are used to successfully test hacking techniques.

Topics Covered Include:
  • Methodology for Testing
  • Attack Vectors
Chapter 1 Quiz
7 questions
01:14

Vulnerability management — the discovery of vulnerabilities and assessment of the risk to the network — is a critical part of the business landscape for long term success. Vulnerability management involves the identification, classification, and potential remediation and/or mitigation of the same.

This lecture will discuss the reasons for vulnerability management within an organization, as well as ways to successfully evaluate vulnerabilities and manage them.

Topics Covered Include:
  • Vulnerability Management
02:40

Incidents are errors that interrupt or reduce the quality of the business processes. The incident management process helps to quickly resolve these incidents, with minimal impact on the business. An organization that implements the incident management process derives dual benefits for its IT services and business.

This lecture will discuss the benefits of incident management within an organization, as well as some of the ways to successfully evaluate and manage incidents.

Topics Covered Include:
  • Incident Management
01:52

Vulnerabilities, penetration testing, incident management plans, etc. Do they work together or are they done in isolation? They can all work together in the form of a security policy. It is absolutely necessary to have a security policy within any organization.

This lecture will discuss the importance of a security policy within an organization, as well as ways to create one and what needs to be considered when doing so.

Topics Covered Include:
  • Collaborations
  • Security Policy
00:55

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Disaster Recovery and Risk Management.

Final: Introduction to Ethical Hacking
24 questions
Section 3: Disaster Recovery and Risk Management
02:15

An event that may have an effect on the daily operations of a given entity is called a risk. The effect could vary from downtime and disrupting the usual operations to losing money and sensitive information. Risk management requires an understanding of how security measures are implemented in your environment and how a threat can affect your daily operations.

This lecture will discuss the basics of Risk Management and Disaster Recovery, as well as what will be covered additional in this section.

Topics Covered Include:
  • Risk
  • Risk Management
02:12

For each scenario, the strategy for managing risks may vary When planning to implement new hardware or new software you need to test the product in a lab or testing environment and perform vulnerability assessment against the product.

This is one way of strategizing risk. This lecture will discuss the different ways of strategizing risk pertaining to potential hackers.

Topics Covered Include:
  • Risk Management Scenarios
05:23

Risk analysis is tight with vulnerability assessment, thus each identified threat should be analyzed and security measures should be taken to manage the risk posed. Risk analysis is based on qualitative and quantitative analysis.

This lecture will discuss the ways in which an organization can analyze risk in order to protect itself from unethical hacking.


Topics Covered Include:
  • Risk Analysis
  • Risk Domains
  • Likelihood
18:16

This lecture contains a demonstration on how to carry out risk assessment for a project, taking you through each of the steps within risk assessment.

Chapter 1 Quiz
7 questions
05:03

The DRP (Disaster Recovery Plan) is a policy that defines how an organization will recover from a disaster, whether it's a natural or man­made disaster. The DRP should protect both people and assets of a given organization.

This lecture will discuss how to create a DRP for an organization, as well its benefits.


Topics Covered Include:
  • Disaster Recovery Plan
  • Long Term
  • Data Backup
02:15

DRP needs maintenance and evaluation on a timely basis. At least once a year the DRP plan should be re­evaluated to make sure of it's effectiveness. Changes will be made as necessary.

This lecture will discuss the benefits of updating the DRP within an organization, as well as simple ways to do so.

Topics Covered Include:
  • DRP
01:00

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Penetration Testing.

Final: Disaster Recovery and Risk Management
24 questions
Section 4: Business Continuity
Introduction to BCP
01:44
BCP Development
09:06
Risk Assessment
05:40
Training
01:38
Chapter 1 Quiz
5 questions
BCP Appraisal
01:05
Incident Response
01:59
Conclusion
00:28
Final: Business Continuity
25 questions
Section 5: Penetration Testing
05:48

Pentesting is an intentional attack on a system to discover security weaknesses left by either the security officer who designed the defense strategy or the security controls that are incapable to defend against a given threat.

This lecture will discuss the benefits of Penetration Testing within an organization, as well as how it will assist an organization to protect itself from unethical hacking.


Topics Covered Include:
  • Pentesting
  • Vulnerability Assessment
  • Security Assessment
04:32

Penetration testing simulates a real attack. Penetration testing can be performed either externally or internally. Both tests have the known categories black box, white box, and grey box. The difference between external and internal testing is what to test.

This lecture will discuss the different types of Penetration Testing and what is encompassed within each type.

Topics Covered Include:
  • Penetration Testing
  • External Testing
  • Performable Tests
  • Internal Testing
10:36

This lecture contains a demonstration of vulnerability assessment.

04:45

Penetration testing is not complete without testing the human behavior. Usually the easiest way to gain access to sensitive information is by exploiting human trust. Hackers attempt to gain the trust of an employee in order to reveal corporate secrets.

This lecture will discuss the areas within Penetration Testing, as well as some of the ways to protect an organization from the different areas.

Topics Covered Include:
  • Penetration Testing
Chapter 1 Quiz
5 questions
01:37

Conducting a security audit is necessary to be compliant with certain ISO acts or standards. Depending on the the different types of business processes that occur in an organization there will more likely be at least one of the regulatory standards that the organization will need to be compliant with.

This lecture will discuss the different types of business processes and their regulatory standards an organization needs to comply with to assist them in becoming aware of potential threats.


Topics Covered Include:
  • PCI DSS
  • FERPA
  • COPPA
01:25

Educating employees about security threats and cyber attacks should not be considered a waste of money, but rather an investment in mitigating threats. Also it is prudent that employees know who to contact and what procedures to take in case they suspect a hacking attempt or any other threat.

This lecture will discuss the benefits that will come as a result of training employees to be able to recognize threats within as well as without an organization.

Topics Covered Include:
  • Education
  • Policies
01:04

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Vulnerability Assessment.

Final: Penetration Testing
26 questions
Section 6: Vulnerability Assessment
02:34

A vulnerability assessment is the process in which one can identify, quantify, and prioritize or rank the vulnerabilities in a network infrastructure or a system/ systems. Vulnerability analysis can estimate the effectiveness of proposed countermeasures and can evaluate their actual effectiveness after they are put into use.

This lecture will introduce you to vulnerability assessment as well as some of the topics associated within the concept.

Topics Covered Include:

  • Concepts
  • Vulnerability Assessment
00:50

Most vulnerability assessment tools have a GUI front end. So you will start off with the target network or an individual specific URL or IP address of the targets. Then you will run the test.

This lecture will discuss an overview of the vulnerability tools and how they will aid an organization to generate a detailed report.

Topics Covered Include:
  • Tools
04:09

The National Vulnerability Database, is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance.

This lecture will discuss security alerts that come from the National Vulnerability Database and how they can be implemented within an organization to protect against potential threats.


Topics Covered Include:
  • SANS Top 20
  • Common Vulnerabilities
  • CVSS
04:21

Nessus uses powerful detection, scanning, and auditing features. Nessus is the world's most widely used vulnerability scanner, with extensive management and collaboration functions.

This lecture will discuss the different methods of vulnerability scanning and the benefits of each.

Topics Covered Include:
  • Nessus
  • IBM Security AppScan
  • GFI
  • iScanOnline
04:17

This lecture contains a demonstration on how to use Nessus to conduct a vulnerability assessment.

02:54

This lecture contains a demonstration on how to use IBM AppScan to conduct a vulnerability assessment.

01:34

This lecture contains a demonstration on how to use GFI Languard to conduct a vulnerability assessment.

Chapter 1 Quiz
5 questions
04:32

Professional pen testers will not simply rely on the test result but he or she will ensure that the result is meaningful and there is no false positive. So he or she has to: Assess risk presented by vulnerabilities, Compare the results to security policy, Verify vulnerabilities and prioritize vulnerabilities.

This lecture will discuss the importance of analyzing any type of scan result in order to achieve the best result possible.

Topics Covered Include:
  • Analyzing Scan Results
  • Reports
  • Report Types
01:54

The generation of reports against your collected assessment data is very critical to your vulnerability testing program. Providing the right data to the right people is the key to a successful effort.

This lecture will discuss the ways of generating vulnerability assessment reports and how they aid an organization in protecting itself from potential threats.

Topics Covered Include:
  • Report Templates
07:47

A well developed and designed remediation plan will add value while reducing risks and vulnerabilities. The remediation team must be a dedicated core team with the support of subject matter experts from both the business and technology areas in order to be successful.

This lecture will discuss the importance of remediation in order for an organization to better protect itself from potential threats.

Topics Covered Include:
  • Review Results
  • Remediation
  • Remediating Planning
  • Remediation Commencement
01:28

Patch management is an important area of systems management. This involves acquiring, testing, and installing multiple patches to your computer system. Patch management tasks are maintaining current knowledge to ensure that patches are installed properly.

This lecture will discuss the necessity for expert patch management within an organization so that it can fully prepare itself against potential attacks.

Topics Covered Include:
  • Patch Management
01:03

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the next Section: Physical Security.

Final: Vulnerability Assessment
15 questions
Section 7: Cryptography
00:30

Security is very important to any organization and physical security is no exception. Physical security has a different set of threats, vulnerabilities, and risks when compared to other security issues.

This lecture will introduce the concept of physical security, as well as some of the concepts this section will cover.

Topics Covered Include:
  • Introduction
02:29

The physical security of computers and their resources are more challenging today than they were in the 1960s and 70s. In those days, computers were mostly mainframes locked in server rooms. Today, nearly everyone has access to at least one computer.

This lecture will discuss the importance of physical security for an organizational as well as for an individual.

Topics Covered Include:
  • Physical Security Threats
  • Physical Security
  • Security Professionals
11:33

A physical security program should consider safety and security mechanisms. Safety means the protection of life and assets against fire, natural disasters, and devastating accidents. Security should protect against vandalism, theft, and attacks by individuals.

This lecture will discuss the steps to planning a physical security program, as well as the benefits it will have for an organization.


Topics Covered Include:
  • Physical Security Program
  • Safety Mechanisms
  • Threat Profile
00:48

Crime prevention through environmental design (or CPTED) is a discipline which outlines how the properly designed physical environment can prevent crime by directly affecting human behavior.

This lecture will discuss the benefits of CPTED within an organization and how it will aid in protecting against potential threats.


Topics Covered Include:
  • Natural Access Control
  • Natural Surveillance
  • Natural Territorial Reinforcement
07:54

It is not enough to have included the details of an asset into a register. Today, valuables such as laptops are being stolen. It is not just money that thieves may get when sold in grey markets. The data that they could get their hands on is a major concern. You will have to take a few precautions to mitigate the risk.

This lecture will discuss the necessity for an organization to protect their assets and the steps taken to do so.

Topic Covered Include:
  • Protecting Asset Precautions
CRL Demo
04:08
Enroll Certificate Demo
02:52
Chapter 1 Quiz
7 questions
03:00

Key factors in running an office, when this is said, what things come to your mind? Internal Support Systems should be one of them. They are assumed to be functioning, and they are assumed to have proper plans to set up, operate, and maintain.

This lecture will introduce the concepts that will be discussed throughout the second portion of this section.

Topics Covered Include:
  • Internal Support Systems
  • Support Systems
01:59

Both computing and communication have become an essential part of our lives. These two rely heavily, or we could even say, solely on a power supply. Therefore, power failure is much more devastating to a business than it was 10 or 20 years ago.

This lecture will discuss the importance of having a protection plan in place in the case of a power failure within an organization.


Topics Covered Include:
  • Power Supply Protection
  • UPS
  • Power Disturbances
06:21

If you don't have proper environment controls, they can cause damage to services, equipment, and lives. To prevent this from happening, you must involve a physical security team to set­up proper controls.

This lecture will discuss the risks involved within an organization from the environment as well as ways to control those risks.

Topics Covered Include:
  • Physical Security Team
  • During Facility Construction
  • Climate Control
  • Ventilation
00:35

You will want to be prepared in case a fire starts on your premises. First, you want to prevent fires as much as you can. However, if there is a fire, you want to be alerted quickly, before it becomes unmanageable.

This lecture will discuss the measures that must be taken within an organization to prevent fire, as well as what steps to take if a fire does occur.

Topics Covered Include:
  • Fire Prevention
  • Construction and Design
  • Fire Suppression Systems
  • Fire Suppression Caution
Final: Cryptography
22 questions
Section 8: Cryptography Weaknesses
02:30

Cryptography is the science of writing in secret code and is an ancient art. The first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non­standard hieroglyphs in an inscription.

This lecture will introduce you to Encryption.

Topics Covered Include:
  • Encryption
  • Encryption Ensures
04:16

This lecture contain a demonstration on how to use BitLocker.

00:47

There are, in general, three types of cryptographic schemes typically used to accomplish these goals: secret key (or symmetric) cryptography, public-­key (or asymmetric) cryptography, and hash functions.

This lecture will discuss the different schemes used to accomplish cryptography.

Topics Covered Include:
  • Cryptographic Schemes
01:57

Public key cryptography was first described at Stanford University, by Professor Martin Hellman and student Whitfield Diffie in 1976. They described how to use a two-­key cryptosystem in which two entities can communicate securely over insecure networks without the use of shared secret key.

This lecture will introduce you to Asymmetric Encryption.

Topics Covered Include:
  • Public Key Cryptography
02:42

This lecture contain a demonstration on how to use Symmetric Encryption.

03:42

Symmetric keys are categorized as a stream cipher or block cipher. Stream ciphers operate on a single bit at a time and send back some form of feedback so that the key changes constantly. Block ciphers encrypt one block of data at a time using a key on each block.

This lecture will discuss the difference between Stream ciphers and Block ciphers and how each of them are use within Symmetric Encryption.


Topics Covered Include:
  • Difference
  • Synchronous
  • Cipher Feedback
09:39

The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

This lecture will discuss the AES form of ciphering and how it is used within a business.


Topics Covered Include:
  • Symmetric Keys
  • Blowfish
  • Computational Cipher
Chapter 1 & 2 Quiz
5 questions
01:01

There are, in general, three types of cryptographic schemes typically used to accomplish these goals: secret key (or symmetric) cryptography, public-­key (or asymmetric) cryptography, and hash functions.

This lecture will discuss the different schemes used to accomplish cryptography.

Topics Covered Include:
  • Cryptographic Schemes
03:13

This lecture contain a demonstration on how to use Asymmetric Encryption.

03:39

The Key Exchange Algorithm (KEA) is a variation on Diffin-­Hellman. It was proposed as the key exchange method for Capstone. Diffie–Hellman key exchange (D–H) is a specific method of exchanging cryptographic keys.

This lecture will discuss the use of the Key Exchange Method within Asymmetric Encryption.

Topics Covered Include:
  • Common Asymmetric Keys
01:00

Hash function, also known as message digest or one-­way encryption, is an algorithm that uses no key; instead, a fixed length hash value is calculated based on the plaintext or document, which makes it impossible to recover the content or length of the data.

This lecture will discuss the concept of Hashing and how it is used as an Encryption method.

Topics Covered Include:
  • Hash
01:37

This lecture contain a demonstration on how to use Hashcalc for Encryption.

03:51

Message Digest (MD) algorithms are a series of byte-oriented algorithms that produce a 128­bit hash value from an arbitrary­-length message. MD2 (RFC 1319) is designed for systems with limited memory, such as smart cards.MD2 has been relegated to historical status, per RFC 6149.

This lecture will discuss the uses of Hash Algorithms for Encryption.


Topics Covered Include:
  • Message Digest Algorithms
  • Secure Hash Algorithm
  • Keccak
Chapter 3 & 4 Quiz
3 questions
01:27

This lecture contain a demonstration on how to use Signature for Digital Signatures.

04:09

This lecture contains a demonstration on how to use the Exploit Database.

02:52

Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.

This lecture will discuss the ways of providing internet security with Encryption.

Topics Covered Include:
  • Internet Protocol Security
  • Internet Security
00:38

This lecture will take you through some of the key points covered throughout the duration of this section. Upon Completion of this section you will be prepared to move on to the Final.

Final: Cryptography Weaknesses
22 questions
Section 9: Authentication Systems

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

LearnSmart LLC, Smarter Training. Never Open a Textbook Again.

LearnSmart has served the learning community with high-quality professional skills and IT certification training since 1997. In that time, the company has helped thousands earn career-related certifications from respected vendors, such as Project Management Institute (PMI)®, Cisco, Microsoft, CompTIA, Oracle, and EC-Council. LearnSmart offers over 1,000 courses covering IT, project management, administrative, HR, and workplace safety topics. With a rapidly growing clientele of individuals and corporations, LearnSmart serves a broad range of Fortune 500 companies to universities, as well as government institutions and the armed forces.

LearnSmart is able to meet diverse career and learning needs through its extensive selection of training. LearnSmart uses industry experts to give learners the most up-to-date content in a video format as well as training resources including; reference tools, pretests, study guides and labs. For more information about how we can help pinpoint and solve your individual or multi-user training challenges.

PMI is a registered trademark of the Project Management Institute, Inc.

Ready to start learning?
Take This Course