Security + Certification - Chapter 1: Overview - Athena

Security + Certification About The Certification  Security_Certification • Has some Obsolete Links • CC: • The International CC Project has discontinued the www.commoncriteria.org Information/Knowledge Management Portal. • NIST: computer security resource Center. • RFC: ATHENA The Security+ Certification Program  The Security+ Certification is a testing program sponsored by the Computing Technology Industry Association(CompTIA) that certifies the knowledge of the networking technicians who have accumulated 24 months of experience in the information technology(IT) industry.  ATHENA Course Introduction  Chapter 1- Overview  Chapter 2- Authentication  Chapter 3- Attacks  Chapter 4- Remote Access  Chapter 5- Wireless  Chapter 6- Email and Web Security  Chapter 7- Devices and Media  Chapter 8- Network Topology and IDS  Chapter 9- System Hardening ATHENA Course Introduction  Chapter 10- Basic of Security  Chapter 11- Public key infrastructure  Chapter 12 - Incident Response  Chapter 13 - Policies and Disaster Recovery ATHENA Learning Objectives  Understand network security  Understand security threat trends  Understand the goals of network security  Determine the factors involved in a secure network strategy  Security Certification ATHENA Information Security ATHENA Information Security “Information Security is a PROCESS , not TOOLS” ATHENA Understanding Network Security  Network security (Information Security) • Tasks of guarding digital information, which is typically processed by a computer (such as a personal computer), stored on a magnetic or optical storage device (such as a hard drive or DVD), and transmitted over a network spacing • Process by which digital information assets are protected ATHENA Understanding Network Security  Security ensures that users: • Perform only tasks they are authorized to do • Obtain only information they are authorized to have • Cannot cause damage to data, applications, or operating environment ATHENA Security threat trends  A vulnerability is a weakness in a system, such as mis-configured hardware or software, poor design, user carelessness, etc.  A threat is an unauthorized access to a network. ATHENA Security Terminology ATHENA Goals of Information Security  Confidentiality • Protection of data from unauthorized disclosure to a third party  Integrity • Assurance that data is not altered or destroyed in an unauthorized manner  Availability • Continuous operation of computing systems ATHENA Causes of network security vulnerabilities Technology weaknesses Configuration weaknesses Policy weaknesses Human error ATHENA Creating a Secure Network Strategy  Human factors  Know your weaknesses  Limit access to resources – use “Principle of Least Privilege”  Remember physical security  Use the concept of “Defense in Depth” ATHENA Creating a Secure Network Strategy  Firewalls Web and file servers – harden and test configuration of mission-critical machines  Access control  Change management  Encryption  Intrusion detection system (IDS) ATHENA Security Certification  CompTIA Security+ • 1 exam (225 USD) • General information  SCP (SCNA + SCNP) • 4 exams (2*150 USD, 2*180 USD) • Distributing and detail information  CISSP (Certified Information Systems Security Professional • exams (499 USD)  CCSP Cisco Certified Security Professional • Securing Cisco IOS® Networks • Cisco Secure PIX Firewall Advanced • Cisco Secure Intrusion Detection System • Cisco Secure Virtual Networks • Cisco Secure SAFE Implementation ATHENA Summary  Understanding network security  Security threats  Goals of network security  Creating a secure network strategy  Security Certification ATHENA