Lecture Security+ Certification: Chapter 1 - Trung tâm Athena
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (179.51 KB, 18 trang )
Security + Certification
About The Certification
Security_Certification
• Has some Obsolete Links
• CC:Http://www.commoncriteria.org
• The International CC Project has discontinued the
www.commoncriteria.org Information/Knowledge
Management Portal.
• NIST: />computer security resource Center.
• RFC:
ATHENA
The Security+ Certification Program
ATHENA
The Security+ Certification is a testing program
sponsored by the Computing Technology
Industry Association(CompTIA) that certifies
the knowledge of the networking technicians
who have accumulated 24 months of experience
in the information technology(IT) industry.
Http://www.comptia.org/certification.
Course Introduction
ATHENA
Chapter 1- Overview
Chapter 2- Authentication
Chapter 3- Attacks
Chapter 4- Remote Access
Chapter 5- Wireless
Chapter 6- Email and Web Security
Chapter 7- Devices and Media
Chapter 8- Network Topology and IDS
Chapter 9- System Hardening
Course Introduction
ATHENA
Chapter 10- Basic of Security
Chapter 11- Public key infrastructure
Chapter 12 - Incident Response
Chapter 13 - Policies and Disaster Recovery
Learning Objectives
ATHENA
Understand network security
Understand security threat trends
Understand the goals of network security
Determine the factors involved in a secure
network strategy
Security Certification
Information Security
ATHENA
Information Security
“Information Security is a
PROCESS , not TOOLS”
ATHENA
Understanding Network Security
Network security (Information Security)
• Tasks of guarding digital information, which is
typically processed by a computer (such as a
personal computer), stored on a magnetic or optical
storage device (such as a hard drive or DVD), and
transmitted over a network spacing
• Process by which digital information assets are
protected
ATHENA
Understanding Network Security
Security ensures that users:
• Perform only tasks they are authorized to do
• Obtain only information they are authorized to have
• Cannot cause damage to data, applications, or
operating environment
ATHENA
Security threat trends
ATHENA
A vulnerability is a weakness in a system, such
as mis-configured hardware or software, poor
design, user carelessness, etc.
A threat is an unauthorized access to a network.
Security Terminology
ATHENA
Goals of Information Security
Confidentiality
• Protection of data from unauthorized disclosure to a
third party
Integrity
• Assurance that data is not altered or destroyed in an
unauthorized manner
Availability
• Continuous operation of computing systems
ATHENA
Causes of network security vulnerabilities
Technology weaknesses
Configuration weaknesses
Policy weaknesses
Human error
ATHENA
Creating a Secure Network Strategy
ATHENA
Human factors
Know your weaknesses
Limit access to resources – use “Principle of
Least Privilege”
Remember physical security
Use the concept of “Defense in Depth”
Creating a Secure Network Strategy
ATHENA
Firewalls
Web and file servers – harden and test
configuration of mission-critical machines
Access control
Change management
Encryption
Intrusion detection system (IDS)
Security Certification
CompTIA Security+
•
•
SCP (SCNA + SCNP)
•
•
exams (499 USD)
CCSP Cisco Certified Security Professional
•
•
•
•
•
ATHENA
4 exams (2*150 USD, 2*180 USD)
Distributing and detail information
CISSP (Certified Information Systems Security Professional
•
1 exam (225 USD)
General information
Securing Cisco IOS® Networks
Cisco Secure PIX Firewall Advanced
Cisco Secure Intrusion Detection System
Cisco Secure Virtual Networks
Cisco Secure SAFE Implementation
Summary
ATHENA
Understanding network security
Security threats
Goals of network security
Creating a secure network strategy
Security Certification
