teaching the new security+ 2008 edition exam. 2 mark ciampa mark.ciampa@wku.edu
Post on 26-Dec-2015
217 Views
Preview:
TRANSCRIPT
Teaching the New Security+ 2008 Edition Exam
2
Teaching the New Security+ 2008 Edition
Exam
Mark Ciampa
mark.ciampa@wku.edu
3
Teaching the New Security+ 2008 Edition
Exam
Security Quiz
4
90 A. How old you will feel by Friday
after sitting through all these sessions
B. Average number of traffic lights per mile in Las Vegas
C. Percentage of e-mail that is spam
5
1,500 A. Where the stock market will finally
bottom outB. Number of mouse clicks needed
to navigate the Cengage Web site C. Number users who still respond
weekly to “Nigerian General” spam
6
1 Out Of 4 A. Odds that most gamblers in Las
Vegas think they have of winning a million dollars
B. Number of your students who by midterm still don’t know your name
C. How many personal computers are part of a botnet
7
50%A. Price your flat panel TV dropped
the month after you bought itB. How much your IRA has lost in
the last 12 monthsC. Percentage of Americans who
had their credit card or SSN exposed online
8
39 Seconds A. Time took the person sitting next
to you at lunch today to inhale their desert
B. How often you keep checking your watch to see when this presentation is finally over
C. Frequency a computer is probed on the Internet
9
Outline• Security Employment Trends
• Overview of Security Certifications
• CompTIA Security+ 2008 Certification
• Community Server Web Site for Security+ 3ed
10
Teaching the New Security+ 2008 Edition
Exam
Security Employment Trends
Average Pay IT Noncertified vs. Certified Skills
11
12
Examples of Average Pay Decrease for IT Certified
Web Development (-16.3% in last quarter 2008)
Networking Operating System (-9.7%)
Programming (-5.3%)Systems Administration (-2.2%)
13
Examples of Average Pay Increase for IT Certified
Project Management (+3.1% in last quarter 2008)
Networking/Internetworking (+1.1%)
Security (+0.8%)- www.footepartners.com/htscpi_latest.htm
14
Wage-Boosting Skills
Security (+4.6%)Web Infrastructure (+4.2%)Data Management (+4.2%)Networking (+4.1%)Business Intelligence (+4.0%).
-computerworld.com/08/salaries
15
Titles Higher-Than-Average Gains Total Compensation
Network Administrator (+4.8%) Information Security Manager (+4.5%) Storage Administrator/Architect (+4.5%) E-Commerce/Internet Manager (+4.3%) Quality Assurance Specialist (+4.2%).
16
Job Titles Percentage Increase 2008
CIO/CTO/Senior VP IT (+2.9%) IT security director/manager/strategist (+2.6%) Security architect/administrator/manager
(+2.3%) Telecommunications director/manager (+2.1%) Data manager (+1.7%).
-www.nwdocfinder.com/8135
17
Employment Trends• As attacks continue to escalate, need for trained
security personnel also increases
• Demand for IT security professionals is approaching highest levels in 5 years
• Patriot Act, Homeland Security Act, and Sarbanes-Oxley Act legislation still drives security employment
• Unlike computer programming and help desk support, security is not being off-shored and rarely out-sourced
• Security positions are not “on the job training” where a person can learn as they go
18
Employment Trends• Department of Defense Directive 8570 requires 110,000
information assurance professionals in assigned duty positions to have security certification within 5 years
• Also requires certification of all 400,000 full- and part-time military service members, contractors, and local nationals who are performing information assurance functions
19
Required Certifications for DoD
20
Categories Security Positions
• Managerial – Administration and management of plans, policies, people
• Technical – Design, configure, install, and maintain technical security equipment
21
Security Positions• Chief Information Security Officer
(CISO)• Security Manager• Security Administrator• Security Technician
22
Chief Information Security Officer
• CISO is primarily responsible for assessment, management, and implementation of security
• Other titles Manager for Security and Security Administrator
• Reports directly to the CIO (large organizations may have more layers of management between)
• Average salary $140,000
23
Security Manager• Accountable for the day-to-day operation
of the information security program• Report to CISO and supervises
technicians, administrators, and staff• Work on tasks identified by CISO and
resolve issues identified by technicians• Requires understanding of configuration
and operation but not necessarily technical mastery
• Average salary $75,000
24
Security Administrator• Has both technical knowledge and managerial
skill• Manage daily operations of security technology• May assist in development and conduct of
security policy and training • May analyze and design security solutions within
a specific entity (honeypot, firewall)• Identify the users’ needs and understand
technology• Average salary $64,000
25
Security Technician• Provide technical support to configure
security hardware (firewalls, IDS), implement security software, diagnose and troubleshoot problems
• Generally entry-level position with technical skills
• Focus on major security technology group• Average salary $40,000
26
Teaching the New Security+ 2008 Edition
Exam
Overview of Security Certifications
27
Required Certifications for DoD
28@ Copyright 2007 SCP
29
Certified Information Systems Security Professional (CISSP)
• Considered most prestigious high-level security certification
• Offered by International Information Systems Security Certification Consortium (ISC)2 (www.isc2.org)
• Designed “to recognize mastery of an international standard for information security and understanding of common body of knowledge”
• Minimum 5 years of direct full-time security professional work experience in 2+ domains (or 4 years with bachelor’s degree)
30
CISSP Ten domains1. Access control2. Application security3. Business continuity & disaster recovery planning4. Cryptography5. Information security & risk management6. Legal, regulations, compliance & investigations7. Operations security8. Physical security9. Security architecture & design10.Telecommunications & network security
31
Systems SecurityCertified Practitioner (SSCP)
• Less rigorous, more focused certifications• Offered by International Information Systems
Security Certification Consortium (ISC)2 (www.isc2.org)
• More applicable to security manager than technician
• Focuses on “practices, roles and responsibilities as defined by experts from major IS industries”
• Minimum 1 year experience in 1 of 7 domains
32
Systems SecurityCertified Practitioner (SSCP)
Seven domains
1. Access controls
2. Administration
3. Audit and monitoring
4. Risk, response, and recovery
5. Cryptography
6. Data communications
7. Malicious code/malware
33
Global Information Assurance Certification (GIAC)
• Series of technical security certifications in 1999 known as the GIAC (www.giac.org).
• Offered by the System Administration, Networking and Security Organization, or SANS (www.sans.org)
• GIAC Security Engineer (GSE) and GIAC Information Security Officer (GISO) is overview certification combines basic technical knowledge with understanding of threats, risks, and best practices, similar to the SSCP
34
35
Teaching the New Security+ 2008 Edition
Exam
CompTIA Security+ 2008 Exam
36
Security+ Certification Exam• Considered the fundamental foundation security
certification• Can be used as an alternative on the Microsoft
MCSE and MCSA certification paths• Security+ Exam first introduced 2002 (SY0-101)• CompTIA started process to revise exam in
2006
37
Security+ SY0-201• Security+ 2008 Edition Exam (SY0-201) went
live October 14, 2008 • Previous edition exam (SY0-101) retirement
extended from April 15 to July 31, 2009 • No wait time fixed between the first and second
attempt, but after third attempt wait 30 days• Test fee is $258
Security+ SY0-201
38
39
New SY0-201 Features• Added new domain
• Includes “how-to” material
• Reorganized material
• Updated content
Security+ SY0-101
40
Security+ SY0-201
41
Assessments & Audits
42
Assessments & Audits
43
Assessments & Audits
44
Assessments & Audits
45
46
How-To Material• Some objectives now place more
importance on knowing “how to” rather than just knowing or recognizing security concepts
• “Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges (3.3)”
• “Apply appropriate security controls to file and print resources (3.4)”
47
How-To Material• “No multiple choice exam is really going to test
for “hands-on” skills. On the other hand, as I mentioned in my previous notes to courseware providers, I notice a difference in emphasis in the new exam objectives from the old ones, in that there is more emphasis on implementing or applying than strictly on knowing…the questions written for this exam will require people to know what to do, versus just knowing what something is”
-Carol Balkcom, CompTIA Product Manager Security+
48
Reorganized Material• In SY1-101 one objective was listed in
three different places!• Material organization greatly improved• Still issues• 1.4 – There are separate bullets for
“Cross-site scripting” and “XXS” (and the standard abbreviation for cross-site scripting is “XSS” instead of “XXS”)
• 2.6 – “Vampire taps” (10Base-5 connectors) instead of “network taps”
49
Reorganized Material• 3.7 - “TACACS” instead of “TACACS+”
(very different and TACACS is an antiquated protocol)
• 5.2 - “NTLM”, better reference is NTLM v. 2
50
Updated Content• Privilege escalation (1.1)• Spyware (1.1) • Adware (1.1)• Rootkits (1.1)• Botnets (1.1)• BIOS (1.2)• USB devices (1.2) • Network attached storage (NAS) (1.2) • Cell Phones (1.2)
51
Updated Content• Java (1.4)• Buffer overflow (1.4)• Cross-site scripting (1.4)• Input validation (1.4)• Antivirus (1.5)• Popup blockers (1.5)• Anti-Spam (1.5)• Attacks on Virtualized Systems (1.6)
52
Question Type1. When should a technician perform penetration testing?
A. When the technician suspects that weak passwords exist on the network
B. When the technician is trying to guess passwords on a network
C. When the technician has permission from the owner of the network
D. When the technician is war driving and trying to gain access
53
Question Type2. An administrator has implemented a new SMTP service
on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the server’s public IP address is now reported in a spam real-time block list. Which of the following is wrong with the server?
A. SMTP open relaying is enabled.
B. It does not have a spam filter.
C. The amount of sessions needs to be limited.
D. The public IP address is incorrect.
54
Question Type3. Which of the following is a reason why a
company should disable the SSID broadcast of the wireless access points?
A. Rogue access points
B. War driving
C. Weak encryption
D. Session hijacking
55
Question Type4. A user wants to implement secure LDAP
on the network. Which of the following port numbers secure LDAP use by default?
A. 53
B. 389
C. 443
D. 636
56
Question Type5. A programmer has decided to alter the server variable in
the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed?
A. Change management
B. Secure disposal
C. Password complexity
D. Chain of custody
57
Bridge Exam• Not required to regularly renew Security+
certification• What if want to demonstrate up-to-date
with security by showing new CompTIA Security+ 2008 Edition certification instead of older Security+ 2002 Edition?
• Those who already hold the Security+ certification CompTIA is offering CompTIA Security+ Bridge Exam (BR0-001)
58
Bridge Exam• Covers only the differences between the
previous 2002 exam objectives (SY0-101) and the new 2008 exam (SY0-201)
• Bridge exam is 50 questions and the minimum passing score is 560 on a scale of 100-900
• Only available to individuals who currently hold the CompTIA Security+ certification
59
Teaching the New Security+ 2008 Edition
Exam
Community Server Companion Web Site
60
Security+ 3ed• Security+ Guide to Network Security
Fundamentals 3ed published Nov 2008• Essentially new textbook• Maps to Security+ 2008 Edition Exam
(SY0-101)• Expanded coverage specific areas
(wireless, passwords)• New Hands-On Projects and Case
Projects• Two different lab manuals
61
Web Site• Companion Web site to 3ed textbook• Ask the author questions• Author’s blog• Podcasts• One hour lecture video on each chapter• Demonstration video on a chapter Hands-
On Project• Additional Hands-On Project labs• One-page articles
62
Web Site• Entirely free to any Internet user• Can sign up for additional capabilities• All content can be downloaded except the
chapter video lectures (only available to instructors but can be freely distributed to students)
• Special day-long online session in early April with prizes, interactions, games, etc.
• http://community.cengage.com/Infosec/
63
Teaching the New Security+ 2008 Edition
Exam
Mark Ciampa
mark.ciampa@wku.edu
top related