Transcript Teaching the New Security+ 2008 Edition Exam

Teaching the New
Security+ 2008 Edition
Exam
Teaching the New
Security+ 2008 Edition
Exam
Mark Ciampa
[email protected]
2
Teaching the New
Security+ 2008 Edition
Exam
Security Quiz
3
90
A. How old you will feel by Friday
after sitting through all these
sessions
B. Average number of traffic
lights per mile in Las Vegas
C. Percentage of e-mail that is
spam
4
1,500
A. Where the stock market will finally
bottom out
B. Number of mouse clicks needed
to navigate the Cengage Web site
C. Number users who still respond
weekly to “Nigerian General”
spam
5
1 Out Of 4
A. Odds that most gamblers in Las
Vegas think they have of winning
a million dollars
B. Number of your students who by
midterm still don’t know your
name
C. How many personal computers
are part of a botnet
6
50%
A. Price your flat panel TV dropped
the month after you bought it
B. How much your IRA has lost in
the last 12 months
C. Percentage of Americans who
had their credit card or SSN
exposed online
7
39 Seconds
A. Time took the person sitting next
to you at lunch today to inhale
their desert
B. How often you keep checking
your watch to see when this
presentation is finally over
C. Frequency a computer is probed
on the Internet
8
Outline
•
•
•
•
Security Employment Trends
Overview of Security Certifications
CompTIA Security+ 2008 Certification
Community Server Web Site for
Security+ 3ed
9
Teaching the New
Security+ 2008 Edition
Exam
Security Employment
Trends
10
Average Pay IT Noncertified vs.
Certified Skills
11
Examples of Average Pay
Decrease for IT Certified
Web Development (-16.3% in last
quarter 2008)
Networking Operating System
(-9.7%)
Programming (-5.3%)
Systems Administration (-2.2%)
12
Examples of Average Pay
Increase for IT Certified
Project Management
(+3.1% in last quarter 2008)
Networking/Internetworking
(+1.1%)
Security (+0.8%)
- www.footepartners.com/htscpi_latest.htm
13
Wage-Boosting Skills
Security (+4.6%)
Web Infrastructure (+4.2%)
Data Management (+4.2%)
Networking (+4.1%)
Business Intelligence (+4.0%).
-computerworld.com/08/salaries
14
Titles Higher-Than-Average
Gains Total Compensation
 Network Administrator (+4.8%)
 Information Security Manager (+4.5%)
 Storage Administrator/Architect (+4.5%)
 E-Commerce/Internet Manager (+4.3%)
 Quality Assurance Specialist (+4.2%).
15
Job Titles Percentage
Increase 2008
 CIO/CTO/Senior VP IT (+2.9%)
 IT security director/manager/strategist (+2.6%)
 Security architect/administrator/manager
(+2.3%)
 Telecommunications director/manager (+2.1%)
 Data manager (+1.7%).
-www.nwdocfinder.com/8135
16
Employment Trends
• As attacks continue to escalate, need for trained
security personnel also increases
• Demand for IT security professionals is approaching
highest levels in 5 years
• Patriot Act, Homeland Security Act, and Sarbanes-Oxley
Act legislation still drives security employment
• Unlike computer programming and help desk support,
security is not being off-shored and rarely outsourced
• Security positions are not “on the job training” where a
person can learn as they go
17
Employment Trends
• Department of Defense Directive 8570 requires 110,000
information assurance professionals in assigned duty
positions to have security certification within 5 years
• Also requires certification of all 400,000 full- and parttime military service members, contractors, and local
nationals who are performing information assurance
functions
18
Required Certifications for
DoD
19
Categories Security Positions
• Managerial – Administration and
management of plans, policies,
people
• Technical – Design, configure, install,
and maintain technical security
equipment
20
Security Positions
• Chief Information Security Officer
(CISO)
• Security Manager
• Security Administrator
• Security Technician
21
Chief Information Security Officer
• CISO is primarily responsible for
assessment, management, and
implementation of security
• Other titles Manager for Security and
Security Administrator
• Reports directly to the CIO (large
organizations may have more layers of
management between)
• Average salary $140,000
22
Security Manager
• Accountable for the day-to-day operation
of the information security program
• Report to CISO and supervises
technicians, administrators, and staff
• Work on tasks identified by CISO and
resolve issues identified by technicians
• Requires understanding of configuration
and operation but not necessarily technical
mastery
• Average salary $75,000
23
Security Administrator
• Has both technical knowledge and managerial
skill
• Manage daily operations of security technology
• May assist in development and conduct of
security policy and training
• May analyze and design security solutions within
a specific entity (honeypot, firewall)
• Identify the users’ needs and understand
technology
• Average salary $64,000
24
Security Technician
• Provide technical support to configure
security hardware (firewalls, IDS),
implement security software, diagnose and
troubleshoot problems
• Generally entry-level position with
technical skills
• Focus on major security technology group
• Average salary $40,000
25
Teaching the New
Security+ 2008 Edition
Exam
Overview of Security
Certifications
26
Required Certifications for
DoD
27
@ Copyright 2007 SCP
28
Certified Information Systems
Security Professional (CISSP)
• Considered most prestigious high-level security
certification
• Offered by International Information Systems Security
Certification Consortium (ISC)2 (www.isc2.org)
• Designed “to recognize mastery of an international
standard for information security and understanding
of common body of knowledge”
• Minimum 5 years of direct full-time security
professional work experience in 2+ domains (or 4
years with bachelor’s degree)
29
CISSP
 Ten domains
1. Access control
2. Application security
3. Business continuity & disaster recovery planning
4. Cryptography
5. Information security & risk management
6. Legal, regulations, compliance & investigations
7. Operations security
8. Physical security
9. Security architecture & design
10. Telecommunications & network security
30
Systems Security
Certified Practitioner (SSCP)
• Less rigorous, more focused certifications
• Offered by International Information Systems
Security Certification Consortium (ISC)2
(www.isc2.org)
• More applicable to security manager than
technician
• Focuses on “practices, roles and
responsibilities as defined by experts from
major IS industries”
• Minimum 1 year experience in 1 of 7 domains
31
Systems Security
Certified Practitioner (SSCP)

1.
2.
3.
4.
5.
6.
7.
Seven domains
Access controls
Administration
Audit and monitoring
Risk, response, and recovery
Cryptography
Data communications
Malicious code/malware
32
Global Information Assurance
Certification (GIAC)
• Series of technical security certifications in 1999
known as the GIAC (www.giac.org).
• Offered by the System Administration, Networking
and Security Organization, or SANS (www.sans.org)
• GIAC Security Engineer (GSE) and GIAC Information
Security Officer (GISO) is overview certification
combines basic technical knowledge with
understanding of threats, risks, and best practices,
similar to the SSCP
33
34
Teaching the New
Security+ 2008 Edition
Exam
CompTIA Security+
2008 Exam
35
Security+ Certification Exam
• Considered the fundamental foundation security
certification
• Can be used as an alternative on the Microsoft
MCSE and MCSA certification paths
• Security+ Exam first introduced 2002 (SY0-101)
• CompTIA started process to revise exam in
2006
36
Security+ SY0-201
• Security+ 2008 Edition Exam (SY0-201) went
live October 14, 2008
• Previous edition exam (SY0-101) retirement
extended from April 15 to July 31, 2009
• No wait time fixed between the first and second
attempt, but after third attempt wait 30 days
• Test fee is $258
37
Security+ SY0-201
38
New SY0-201 Features
• Added new domain
• Includes “how-to” material
• Reorganized material
• Updated content
39
Security+ SY0-101
40
Security+ SY0-201
41
Assessments & Audits
42
Assessments & Audits
43
Assessments & Audits
44
Assessments & Audits
45
How-To Material
• Some objectives now place more
importance on knowing “how to” rather
than just knowing or recognizing security
concepts
• “Organize users and computers into
appropriate security groups and roles
while distinguishing between appropriate
rights and privileges (3.3)”
• “Apply appropriate security controls to file
and print resources (3.4)”
46
How-To Material
• “No multiple choice exam is really going to test
for “hands-on” skills. On the other hand, as I
mentioned in my previous notes to courseware
providers, I notice a difference in emphasis in
the new exam objectives from the old ones, in
that there is more emphasis on implementing or
applying than strictly on knowing…the questions
written for this exam will require people to know
what to do, versus just knowing what something
is”
-Carol Balkcom, CompTIA Product Manager Security+
47
Reorganized Material
• In SY1-101 one objective was listed in
three different places!
• Material organization greatly improved
• Still issues
• 1.4 – There are separate bullets for
“Cross-site scripting” and “XXS” (and the
standard abbreviation for cross-site
scripting is “XSS” instead of “XXS”)
• 2.6 – “Vampire taps” (10Base-5
connectors) instead of “network taps”
48
Reorganized Material
• 3.7 - “TACACS” instead of “TACACS+”
(very different and TACACS is an
antiquated protocol)
• 5.2 - “NTLM”, better reference is NTLM v.
2
49
•
•
•
•
•
•
•
•
•
Updated Content
Privilege escalation (1.1)
Spyware (1.1)
Adware (1.1)
Rootkits (1.1)
Botnets (1.1)
BIOS (1.2)
USB devices (1.2)
Network attached storage (NAS) (1.2)
Cell Phones (1.2)
50
•
•
•
•
•
•
•
•
Updated Content
Java (1.4)
Buffer overflow (1.4)
Cross-site scripting (1.4)
Input validation (1.4)
Antivirus (1.5)
Popup blockers (1.5)
Anti-Spam (1.5)
Attacks on Virtualized Systems (1.6)
51
Question Type
1. When should a technician perform penetration testing?
A. When the technician suspects that weak passwords
exist on the network
B. When the technician is trying to guess passwords on a
network
C. When the technician has permission from the owner
of the network
D. When the technician is war driving and trying to gain
access
52
Question Type
2. An administrator has implemented a new SMTP service
on a server. A public IP address translates to the
internal SMTP server. The administrator notices many
sessions to the server, and gets notification that the
server’s public IP address is now reported in a
spam real-time block list. Which of the following is
wrong with the server?
A. SMTP open relaying is enabled.
B. It does not have a spam filter.
C. The amount of sessions needs to be limited.
D. The public IP address is incorrect.
53
Question Type
3. Which of the following is a reason why a
company should disable the SSID
broadcast of the wireless access points?
A. Rogue access points
B. War driving
C. Weak encryption
D. Session hijacking
54
Question Type
4. A user wants to implement secure LDAP
on the network. Which of the following
port numbers secure LDAP use by
default?
A. 53
B. 389
C. 443
D. 636
55
Question Type
5. A programmer has decided to alter the server variable in
the coding of an authentication function for a
proprietary sales application. Before implementing the
new routine on the production application server,
which of the following processes should be followed?
A. Change management
B. Secure disposal
C. Password complexity
D. Chain of custody
56
Bridge Exam
• Not required to regularly renew Security+
certification
• What if want to demonstrate up-to-date
with security by showing new CompTIA
Security+ 2008 Edition certification instead
of older Security+ 2002 Edition?
• Those who already hold the Security+
certification CompTIA is offering CompTIA
Security+ Bridge Exam (BR0-001)
57
Bridge Exam
• Covers only the differences between the
previous 2002 exam objectives (SY0-101)
and the new 2008 exam (SY0-201)
• Bridge exam is 50 questions and the
minimum passing score is 560 on a scale
of 100-900
• Only available to individuals who currently
hold the CompTIA Security+ certification
58
Teaching the New
Security+ 2008 Edition
Exam
Community Server
Companion Web Site
59
Security+ 3ed
• Security+ Guide to Network Security
Fundamentals 3ed published Nov 2008
• Essentially new textbook
• Maps to Security+ 2008 Edition Exam
(SY0-101)
• Expanded coverage specific areas
(wireless, passwords)
• New Hands-On Projects and Case
Projects
• Two different lab manuals
60
•
•
•
•
•
•
Web Site
Companion Web site to 3ed textbook
Ask the author questions
Author’s blog
Podcasts
One hour lecture video on each chapter
Demonstration video on a chapter HandsOn Project
• Additional Hands-On Project labs
• One-page articles
61
Web Site
• Entirely free to any Internet user
• Can sign up for additional capabilities
• All content can be downloaded except the
chapter video lectures (only available to
instructors but can be freely distributed to
students)
• Special day-long online session in early
April with prizes, interactions, games, etc.
• http://community.cengage.com/Infosec/
62
Teaching the New
Security+ 2008 Edition
Exam
Mark Ciampa
[email protected]
63