Technical Training

Security+ Boot Camp $1,499
Information and Course Curriulum

ComTIA's Security+ certification is universally recognized as the entry-level standard for security professionals. The Security+ certification demonstrates the student's knowledge of system security and equips them with the skills necessary to withstand hackers and decrease costs associated with security breaches. The Security+ 4-day course is taught from a vendor-neutral perspective and similar to other ComTIA certifications. The Security+ designation does not expire.

What Marketbridge Offers You
Marketbridge class instruction holds a high degree of respect among the most demanding clients in both the public and private sector. Our professional instruction guarantees that students are taught by real-world consultants, and unlike others, instruction for this course is performed in both Linux and Windows environments. A maximum of 12 students per class is permitted and students are provided with access to their own workstation, one class manual and CompTIA study guides. Also included in the course costs are snacks and refreshments. One of our end goals is to assist students in obtaining the necessary knowledge and skills to help them obtain Security+ designation!

Prerequesities
The 4-day training is aimed at IT professionals who have up to two years on-the-job networking experience.

What Students Will Learn
Course topics include communication security, infrastructure security, cryptography, access control, authentication, external attack, operational and organization security. Through our Security+ course, you will acquire valuable skills which are required in the real world to help protect various network infrastructures against intrustions. This course will also help you pass the Security+ exam (SY0–101) and obtain the certification. Complete course outline details noted below and it is also available in PDF format.

Target Audience The 4-day training is aimed at IT professionals who have up to two years on-the-job networking experience. Our students come from a wide array of fields and positions. The student profiles include call center and technology support staff, network administrators, engineers and managers alike. Those wishing to establish their credibility as a security professional, also find this credential valuable, as it applies to any industry. Persons working towards Microsoft certification tracks, or the ISC2 SSCP, CISSP, and the SANS GIAC, can apply their Security+ towards these paths. To learn how to learn more about how you can use your Security+ certification to obtain Microsoft designations, such as the Microsoft Certified Systems Administrator (MCSA) or the Microsoft Certified Systems Engineer (MCSE), please view the following: http://www.comptia.org/certification/related/microsoft.aspx For more detailed information on the ComTIA's Security+ certification, view the following: http://www.comptia.com/certification/security/default.asp

Our Guarantee
Marketbridge has a gained a strong reputation as a leader in the field of IT Training. Should you think that Marketbridge has not met up to your expectations, we will gladly welcome you back to a second class free of charge with another Instructor. We take our training and reputation very seriously.

Course Curriculum

Module 1: General Security Concepts

  • Access Control
    • MAC/DAC/RBAC
  • Authentication
    • Kerberos
    • CHAP
    • Certificates
    • Username/Password
    • Tokens
    • MultiFactor
    • Mutual Authentication
    • Biometrics
  • Nonessential Services and Protocols Disabling unnecessary systems / process / programs
  • Attacks
    • DOS/DDOS
    • Back Door
    • Spoofing
    • Man in the Middle
    • Replay
    • TCP/IP Hijacking
    • Weak Keys
    • Mathematical
    • Social Engineering
    • Birthday
    • Password Guessing
      • Brute Force
      • Dictionary
    • Software Exploitation
  • Malicious Code
    • Viruses
    • Trojan Horses
    • Logic Bombs
    • Worms

  • Social Engineering

  • Auditing Logging, system scanning
Module 2: Communication Security

  • Remote Access
    • 802.1x
    • VPN
    • RADIUS
    • TACACS/+
    • L2TP/PPTP
    • SSH
    • IPSEC
    • Vulnerabilities

  • Email
    • S/MIME
    • PGP
    • Vulnerabilities
      • Spam
      • Hoaxes
  • Web
    • SSL/TLS
    • HTTP/S
    • Instant Messaging
      • Vulnerabilities
      • "8.3" Naming Conventions
      • Packet Sniffing
      • Privacy
    • Vulnerabilities
      • Java Script
      • ActiveX
      • Buffer Overflows
      • Cookies
      • Signed Applets
      • CGI
      • SMTP Relay

  • Directory Recognition not administration
    • SSL/TLS
    • LDAP

  • File Transfer
    • S/FTP
    • Blind FTP/Anonymous
    • File sharing
    • Vulnerabilities
    • Packet Sniffing

  • Wireless
    • WTLS
    • 802.11x
    • WEP/WAP
    • Vulnerabilities
    • Site Surveys
Module 3: Infrastructure Security

  • Devices
    • Firewalls
    • Routers
    • Switches
    • Wireless
    • Modems
    • RAS
    • Telecom/PBX
    • VPN
    • IDS
    • Network Monitoring/Diagnostic
    • Workstations
    • Servers
    • Mobile Devices
  • Media
    • Coax
    • UTP/STP
    • Fiber
    • Removable media
      • Tape
      • CDR
      • Hard drives
      • Diskettes
      • Flashcards
      • Smartcards
  • Security Topologies
    • Security Zones
      • DMZ
      • Intranet
      • Extranet
    • VLANs
    • NAT
    • Tunneling
  • Intrusion Detection
    • Network Based
      • Active Detection
      • Passive Detection
    • Host Based
      • Active Detection
      • Passive Detection
    • Honey pots
    • Incident Response
  • Security Baselines
    • OS/NOS Hardening (Concepts and processes)
      • File System
      • Updates (Hotfixes, Service Packs, Patches)
    • Network Hardening
      • Updates (Firmware)
      • Configuration
        • Enabling and Disabling Services and Protocols
        • Access control lists

  • Application Hardening
    • Updates (Hotfixes, Service Packs, Patches)
    • Web Servers
    • Email Servers
    • FTP Servers
    • DNS Servers
    • NNTP Servers
    • File/Print Servers
    • DHCP Servers
    • Data Repositories
      • Directory Services
      • Databases
Module 4: Basics of Cryptography

  • Algorithms
    • Hashing
    • Symmetric
    • Asymmetric

  • Concepts of Using Cryptography
    • Confidentiality
    • Integrity
      • Digital Signatures
    • Authentication
    • NonRepudiation
      • Digital Signatures
    • Access Control
  • PKI
    • Certificates Distinguish which certificates are used for what purpose. Basic ba only.
      • Certificate Policies
      • Certificate Practice Statement
    • Revocation
    • Trust Models

  • Standards and Protocols

  • Key Management/Certificate Lifecycle
    • Centralized vs. Decentralized
    • Storage
      • Hardware vs. Software
      • Private Key Protection
    • Escrow
    • Expiration
    • Revocation
      • Status Checking
    • Suspension
      • Status Checking
    • Recovery
      • M of N Control
    • Renewal
    • Destruction
      • Key Usage
      • Multiple Key Pairs (Single, Dual)

Module 5: Operational/Organizational Security

  • Physical Security
    • Access Control
      • Physical Barriers
      • Biometrics
    • Social Engineering
    • Environment
      • Wireless Cells
      • Location
      • Shielding
      • Fire Suppression

  • 1.2. Disaster Recovery
    • Backups
      • Off Site Storage
    • Secure Recovery
      • Alternate Sites
    • Disaster Recovery Plan

  • Business Continuity
    • Utilities
    • High Availability / Fault Tolerance
    • Backups

  • Policy and Procedures
    • Security Policy
      • Acceptable Use
      • Due Care
      • Privacy
      • Separation of duties
      • Need to Know
      • Password Management
      • SLA
      • Disposal / Destruction
      • HR Policy
        • Termination Adding / revoking passwords, privileges, etc.
        • Hiring Adding / revoking passwords, privileges
        • Code of Ethics
    • Incident Response Policy

  • Privilege Management
    • User/Group/Role Management
    • Single Signon
    • Centralized vs. Decentralized
    • Auditing (Privilege, Usage, Escalation)
    • MAC/DAC/RBAC

  • Forensics (Awareness, conceptual knowledge and understanding know what your role is)
    • Chain of Custody
    • Preservation of Evidence
    • Collection of Evidence

  • Risk Identification
    • Asset Identification
    • Risk Assessment
    • Threat Identification
    • Vulnerabilities

  • Education Training of end users, executives and HR
    • Communication
    • User Awareness
    • Education
    • Online Resources

  • Documentation
    • Standards and Guidelines
    • Systems Architecture
    • Change Documentation
    • Logs and Inventories
    • Classification
      • Notification
    • Retention/Storage
    • Destruction
Marketbridge Technologies © Copyright 2006. All Rights Reserved.