CompTIA Security+ Certification SY0-601: The Total Course

1. Promo

This video introduces you to the course and what it covers.

2. Introduction

Mike and Dan introduce the CompTIA Security+ (SY0-601) video course from Total Seminars.

3. About the Security+ (SY0-601) Exam

This episode goes over the domains of the CompTIA Security+ (SY0-601) exam objectives and the various topics that are covered.

4. Defining Risk

Managing risk involves identifying threat actors from script kiddies to state-sponsored attackers. Mitigating threats is achieved by identifying assets and putting security controls in place to mitigate risks.

5. Threats and Vulnerabilities

The CIA security triad (confidentiality, integrity and availability) describes how solutions such as encryption, hashing, and data backups can address potential attack vectors that might be exploited by threat actors.

6. Threat Intelligence

With the ever-changing IT threat landscape, how can you keep up with the latest security issues? Threat intelligence refers to the wide variety of open-source intelligence (OSINT) and proprietary IT security sources that use standards such as STIX and TAXII for cybersecurity intelligence sharing.

7. Risk Management Concepts

A risk management framework aids in identifying and managing risks and is sometimes required for compliance with data privacy regulations such as GDPR and HIPAA. Organization security policies are often influenced by data privacy regulations.

8. Security Controls

Various security standards such as PCI DSS and the Cloud Controls Matrix (CCM) define what types of security controls to put in place to mitigate risk both on-premises and in the cloud. The specific type of attack vector determines whether managerial, operational, or technical controls should be deployed.

9. Risk Assessments and Treatments

How can you determine whether assets are adequately protected from threats? One way is running periodic risk assessments to address the ever-changing threat landscape to define the likelihood and impact of security incidents.

10. Quantitative Risk Assessments

Is the cost of a security control justified? A quantitative risk assessment uses various calculations against an asset to determine the maximum yearly spend for protecting that asset.

11. Qualitative Risk Assessments

The same risk can have a different impact to various organizations. Qualitative risk assessment use subjective priority ratings for risks rather than dollar values.

12. Business Impact Analysis

In addition to deploying effective security controls to protect assets, what can be done to ensure business continuity in the event of a security incident. A business impact analysis involves proactive planning to help reduce downtime and data loss when negative events occur.

13. Data Types and Roles

Protecting personally identifiable information, or PII, is crucial and required by security regulations such as GDPR, but of the vast amounts of data in an organization, how do you know which data is sensitive? The answer is through data roles and responsibilities assigned to personnel in conjunction with data discovery and classification tools on-premises and in the cloud.

14. Security and the Information Life Cycle

Security must be applied to all phases of the information life cycle, from collection to its eventual archiving and deletion. This includes data security techniques such as tokenization and masking while considering how laws apply to data based on its location (data sovereignty).

15. Data Destruction

Digital data resides on physical storage devices. Secure storage media disposal mechanisms, such as shredding, cryptographic erasure, degaussing, and disk wiping, must be put in place to ensure sensitive data cannot be retrieved by unauthorized users.

16. Personnel Risk and Policies

Hiring the right employees and contractors for the job always matters. Enacting internal security controls such as background checks, mandatory vacations, job rotation, and separation of duties goes a long way in ensuring the integrity of business processes.

17. Third-Party Risk Management

Some business activities cannot be completed entirely within an organization and must be outsourced. Ensuring that proper security safeguards are in place throughout the hardware, software, and personnel supply chain results in a properly secured data, such as through data loss prevention (DLP) tools.

18. Agreement Types

When organizations enter into business partnerships with third-party service providers, the agreements and contracts they both sign protect both organizations legally, as well as establish the terms of service. This episode covers the various types of business agreements.

19. Chapter 1 Exam Question Review

Threats are executed by a variety of different threat actors, each type having a different motivation for executing attacks. This episode presents a scenario where the correct type of threat actor must be selected.

20. Wiping Disks with the dd Command Lab

When storage media has reached the end of its useful life, data must be wiped from it in a secure manner which can include using some built-in operating system tools. Linux administrators can use the dd command to wipe disk partitions by overwriting them with random data.

21. Chapter 1 Ask Me Anything (AMA)

The use of social media platforms has skyrocketed in recent years. Organizations must take the appropriate steps to ensure that sensitive data is not leaked through this mechanism.

1. Cryptography Basics

Cryptography is the practice of disguising information in a way that looks random. This episode explores the history of cryptography and how it has evolved into the complex systems today.

2. Data Protection

Data is not all the same. Whether data is at rest, in use, or in transit will affect how you can best secure it.

3. Cryptographic Methods

This episode introduces various methods used to protect the critical keys in cryptography that keep communication secure.

4. Symmetric Cryptosystems

In this episode, Mike describes encrypting and decrypting data with the same key. He also covers how symmetric algorithms can either be block or streaming and use various types of ciphers depending on which one is used.

5. Symmetric Block Modes

Symmetric block algorithms have limitations depending on which kind of cipher is used. This episode explores the different block modes.

6. Asymmetric Cryptosystems

In this episode, Mike describes encrypting and decrypting data with different keys and the magic that happens when key pairs are generated.

7. Diffie-Hellman

Learn the Diffie-Hellman key exchange agreement and methods in this very complex algorithm.

8. Hashing

Hashes provide assurance of data integrity using fascinating mathematical calculations. Passwords are a very common use for hashing.

9. Understanding Digital Certificates

Digital certificates are used in many different places to verify the identity of a public key owner. They can also include verification from third parties for an added layer of security.

10. Trust Models

Web of trust is a mostly outdated method of proving identities, however it is helpful to understand as the predecessor of Public Key Infrastructure (PKI) which is widely used today.

11. Public Key Infrastructure

In this episode, Mike discusses Public Key Infrastructure (PKI), used to enable commerce and other secure activities over the Internet.

12. Certificate Types

Mike reviews different types of certificates including web, email, code-signing, machine/computer, and user.

13. Touring Certificates

Mike tours various certificates in this episode.

14. Cryptographic Attacks

In this episode, Mike explains how encrypted information is at risk and explores ways to protect it.

15. Password Cracking

Passwords are often stored in hash format but can still be susceptible to attacks. The various password attacks include brute force, dictionary, and rainbow table. Salting and key stretching add another layer of security to hashed passwords.

16. Password Cracking Demo

Dan demonstrates how to use a password cracking tool to turn hashed passwords into cleartext.

17. Chapter 2 Exam Question Review

Protecting sensitive data can be done using many techniques. In this episode, the viewer is tested on the best security control for a given scenario.

18. SSH Public Key Authentication Lab

Multifactor authentication should always be used for administrative accounts. In this demo, SSH public key authentication is configured for a Linux host.

19. Chapter 2 Ask Me Anything (AMA)

Digital cryptocurrencies provide a centralized public way to pay for goods and services. This video explains the relationship between cryptocurrency, public ledgers and the blockchain.

1. Identification, Authentication, and Authorization

Authorization to access resources occurs after the successful proving of one's identity through authentication.

2. Enabling Multifactor Authentication

Multifactor authentication (MFA) hardens user sign-in by requiring more than one factor, or category of authentication, such as something you know combined with something you have.

3. Authorization

What role does authorization play in Identity and Access Management (IAM)? Authorization relates to resource permissions granted to a security principal such as a user or device.

4. Accounting

The 3 As-authentication, authorization, and accounting/auditing-play a big role in IT security. Tracking activity through auditing provides accountability for access to resources such as files on a file server or database rows.

5. Authentication Methods

Have you ever had trouble remembering usernames and passwords for multiple web apps? Password vaults serve as a protected credential repository in addition to common authentication methods such as one-time password codes, certificate-based authentication, and SSH public key authentication.

6. Access Control Schemes

Controlling access to resources begins with policies governing how credentials are managed. Permissions to use resources can be configured through Attribute-Based Access Control (ABAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), and for high security environments, Mandatory Access Control (MAC).

7. Account Management

Accountability for resource access is possible only with people using their own unique user accounts where the principle of least privilege has been applied, ideally through group-assigned permissions. Account policies can determine conditions that allow or deny resource access, such as the location of a user.

8. Network Authentication

Older network authentication protocols such as Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) have been deprecated in favor of protocols such as Kerberos and Extensible Authentication Protocol (EAP). Variations of the RADIUS authentication protocol are still used to authenticate users and devices to networks.

9. Identity Management Systems

How can authentication be removed from individual apps? The answer is identity federation, which uses a centralized identity provider that is trusted by resources, such as Web apps, and can also support single sign-on (SSO).

10. Chapter 3 Exam Question Review

There are a variety of ways in which user authentication can be implemented prior to allowing user access to the Internet. This question presents a scenario require user sign-off to a term of agreement before gaining Internet access.

11. Creating Linux Users and Groups Lab

User and group management in Linux can be performed at the command line. This demo makes use of the user add and group add commands to create authentication identities.

12. Chapter 3 Ask Me Anything (AMA)

Authentication can be configured and managed within a single organization to control access to IT resources. This episode covers identity federation and its relationship to identity and resource providers.

1. Touring the CLI

The Command-Line Interface (CLI) allows technicians to interact with Windows, Linux, and MacOS systems by typing in commands such as ping and ipconfig. Windows uses a command prompt, MacOS uses a terminal shell, and Linux can use a variety of shells including Bash. Microsoft PowerShell is an object-oriented CLI supported on Windows, Linux, and MacOS.

2. Shells

Shells allow technicians to enter commands, such as a Linux bash shell or a Windows command prompt. Reverse shells are the result of infected victim machines that reach out to an attacker station.

3. The Windows Command Line

The Windows command line is spawned by cmd.exe. Security technicians can automate tasks using batch file scripts containing commands such as whoami and ipconfig. Powershell.exe can be spawned from a Windows command prompt in order to use PowerShell cmdlets.

4. Microsoft PowerShell

Is there a better way to automate operating system commands than through scripts and text manipulation? Yes! Microsoft PowerShell is an object-oriented cross-platform command environment that uses a verb-noun type of syntax, such as with the Get-Service cmdlet.

5. Linux Shells

A Linux shell is a case-sensitive command line environment that supports scripting and comes in various flavors including Bash, Korn, and C shells.

6. Python Scripts

Python is a multi-platform case-sensitive scripting language that requires a Python interpreter to be installed.

7. Windows Command-Line Tools

Security technicians must be comfortable with Windows commands for standard maintenance and security tasks using commands such as ping, netstat, and icalcs.

8. Linux Command-Line Tools

Security technicians must be comfortable with Linux commands for standard maintenance and security tasks using commands such as head, tail, grep, dig, and setting filesystem permissions with chmod.

9. Network Scanners

How do attackers discover networks and hosts? Network scanners such as Nmap are used by attackers as well as legitimate security technicians to perform network reconnaissance.

10. Network Scanning with Nmap

Nmap is the most commonly used network scanning tool. Scans can be saved as XML files. Nmap can be used at the command line, but it also has a frontend GUI named Zenmap.

11. Network Protocol Analyzers

Network traffic can be captured, saved, and analyzed using a properly placed hardware or software network protocol analyzer such as the free Wireshark tool. Capture analysis can result in identifying indicators of compromise or the use of insecure protocols.

12. Using Wireshark to Analyze Network Traffic

Wireshark is a free open-source network traffic analyzer that can capture, analyze, filter, and save captured network packets.

13. Using tcpdump to Analyze Network Traffic

tcpdump is a built-in Unix and Linux command-line tool that can capture, analyze, filter, and save captured network packets.

14. Log Files

Log files can provide valuable insights related to suspicious network, host or application activity, but only if log file integrity can be ensured. Centralized logging in the enterprise on a secured logging host ensures an accurate copy of log files can be used for security and performance analysis.

15. Centralized Logging

Network infrastructure and host and application logs can be stored centrally such as with Linux or Windows log forwarding. This can then be fed into a centralized log ingestion and analysis system, otherwise called SIEM.

16. Configuring Linux Log Forwarding

Centralized Linux log hosts can be configured using the rsyslog daemon on Linux hosts.

17. Chapter 4 Exam Question Review

Managing Linux host authentication can involve the use of many command-line utilities. This episode focuses on the sequence of steps needed to enable SSH public key authentication.

18. Linux Shell Script Lab

Shell scripts contain Linux command that can be invoked simply by calling upon the script name. In this demo, a simple utility menu loop is created in a bash shell script.

19. Nmap Lab

IT network reconnaissance begins with discover hosts and services on the network. This episode uses the nmap command to map out hosts on the network.

20. Chapter 4 Ask Me Anything (AMA)

Malware is malicious software that comes in many different shapes and sizes. This episode tackles examples of malicious code and how it related to Visual Basic for Applications (VBA).

1. Malware

Malicious software is referred to as malware and includes various types including ransomware, fileless viruses, worms, keyloggers, and trojan horses. Infected computers that periodically contact command and control servers are called bots or zombies.

2. Weak Configurations

A lack of secure configurations for networks, devices, and hosts results in an increased attack surface. Default settings, especially credentials, should not be used. Deprecated security protocols such as WEP and SSL should also be avoided.

3. Common Attacks

Staying up-to-date with the latest types of security attacks is form of attack mitigation. Keeping systems hardened helps protect against zero-day attacks. Software developers must adhere to secure coding practices to ensure deployed code does not contain security flaws.

4. Driver and Overflow Attacks

Malicious actors can trick victims into installing malicious code such as driver shims. Software programming flaws related to memory allocation can result in security threats. Secure coding, patching, and user awareness go a long way in mitigating these types of security issues.

5. Password Attacks

Username and password authentication remains common, as do related dictionary and brute-force attacks. Account lockout threshold can mitigate password attacks other than password spraying attacks.

6. Bots and Botnets

Distributed Denial of Service (DDoS) attacks use collections of infected bots, or zombies in a botnet, to flood victims hosts or networks. Bots periodically contact a malicious user-controlled command and control server.

7. Disk RAID Levels

Data availability, including through disk redundancy, is an aspect of IT security. There are various RAID levels that organize physical disks together to provide performance and/or fault tolerant benefits.

8. Securing Hardware

All IT solutions, in the end, run on hardware somewhere. Restricting physical access to IT hardware such as through locked server rooms and encryption of data at rest provide a layer of security.

9. Securing Endpoints

In the enterprise, endpoint detection and response solutions report to a centralized SIEM solution when abnormal activity, including malware, is detected on hosts and devices. Intrusion detection and prevention systems (IDS/IPS) are the engine for this type of solution and can be configured with allow/deny lists.

10. Chapter 3 Exam Question Review

Monitoring the network for intrusions is paramount to ensure a timely mitigation. This episode presents a monitoring scenario that requires the viewer to identify which type of attack took place.

11. Linux Software RAID Lab

RAID configurations can enhance the performance and availability of stored data, depending on the level of RAID used. In this demo, software RAID level 1 (disk mirroring) is configured in Linux.

12. Chapter 3 Ask Me Anything (AMA)

Securing hosts properly should involve both a proactive and a reactive approach. This episode discusses what can be done about zero-day attacks.

1. The OSI Model

Is there a standard model for describing and mapping network hardware and software? Yes, the 7-layer conceptual OSI model! Understanding network security and selecting the appropriate security solutions requires a solid understanding of the OSI model.

2. ARP Cache Poisoning

ARP is used to resolve an IP address to a 48-bit hexadecimal hardware MAC address. Attackers with network access can fraudulently send ARP updates to hosts in order to force network traffic through the attacker station.

3. Other Layer 2 Attacks

Layer 2 of the OSI model (Data Link layer) accessing network media and addressing using MAC addresses. MAC address flooding attacks and broadcast storms can be mitigated with network switches configuring with BPDU and STP.

4. Network Planning

Which security considerations are important when planning your network design? IP addressing and network segmentation using screened subnets can be used for hosting public servers. VLANs can improve network performance and provide network isolation for security purposes.

5. Load Balancing

Active/active and active/passive load balancing can efficiently route client application requests to backend servers. Load balancing improves application performance and resiliency to a single application server failure.

6. Securing Network Access

Securing networks restricts access to the network while securing services on the network. 802.1x network edge devices can limit network access. Rogue DHCP servers can be mitigated with DHCP snooping configurations. Secure remote server management is possible using a jump box/bastion host which has both public and private network connections.

7. Honeypots

How can malicious attacker and malware activity be monitored without allowing the compromise of production systems? Honeypots are fake decoy systems designed to attract malicious activity for the purpose of logging and tracing activity.

8. Firewalls

Packet filtering firewalls apply to layer 4 (Transport layer) of the OSI model and examine only packet headers to allow or deny network traffic. Content filtering firewalls apply to OSI layer 7 (Application layer) and can examine packet headers as well as content to allow or deny traffic. A Web Application Firewall (WAF) protects web apps from common web application attacks.

9. Proxy Servers

Forward proxies sit between internal user devices and the Internet and fetch Internet content on behalf of internal users. Reverse proxies map public network service IPs to private IPs; they route client requests for a network service to the backend server private IP.

10. Network and Port Address Translation

Network Address Translation (NAT) maps external public IPs to internal private IPs to protect the true identity of servers. Port Address Translation (PAT) allows multiple internal network clients with private IPs to access the Internet using a single public IP assigned to the NAT device public interface.

11. IP Security (IPsec)

The IPsec network security protocol suite can be used to secure any type of network traffic through integrity, authentication and encryption. Many VPNs use IPsec to establish an encrypted network tunnel.

12. Virtual Private Networks (VPNs)

VPNs provide an encrypted network tunnel over the Internet to provide secure access to a remote network. Client-to-site VPNs allow individual device access where site-to-site VPNs can securely link branch offices over the Internet or securely link an on-premises network to the cloud through a L2TP or TLS VPN.

13. Intrusion Detection and Prevention Systems (IDS/IPS)

Intrusion detection can detect, log, report, and send alerts when suspicious activity is detected on a host or on the network, whereas intrusion prevention can be configured to stop the suspicious activity. Anomaly detection can be signature-based or heuristic/behavior-based. Unified Threat Management (UTM) solutions combine firewall, IDS, IPS, and other security functions.

14. Chapter 6 Exam Question Review

Address Resolution Protocol (ARP) is used by the TCP/IP protocol suite. This episode discussed ARP poisoning attacks and potential mitigations.

15. Linux Snort IDS Lab

An Intrusion Detection System (IDS) is designed to detect suspicious network or host activity and then log or notify the incident. In this episode, the Snort IDS is configured and tested in Linux.

16. Chapter 6 Ask Me Anything (AMA)

Secure Sockets Layer (SSL) has long been used to secure network communication on LANs and WANs. This episode discusses how Transport Layer Security (TLS) supersedes SSL in addition to continued backwards-compatibility support that remains for SSL.

1. Wi-Fi Encryption Standards

Securing Wi-Fi networks is crucial since physical access is not required to gain network access. In this video Wi-Fi security standards such as WEP, WPA, and WPS are discussed.

2. RFID, NFC, and Bluetooth

While there are many wireless network standards, which ones are designed for close proximity? This video covers RFID, NFC and Bluetooth wireless network communications.

3. Wi-Fi Coverage and Performance

Optimizing Wi-Fi communication means ensuring there is proper coverage over a given area and that there are no wireless interference issues from other transmitting devices. A wireless site survey with a heat map can identify overlapping Wi-Fi channels or wireless dead spots where connectivity may need to be improved.

4. Wi-Fi Discovery and Attacks

Is your Wi-Fi network completely invisible if you disable SSID broadcasting? No! Periodic beacon frames are still sent wirelessly with the WLAN name field excluded. Freely available tools can be used to discover and crack WEP and WPA passphrases.

5. Cracking WPA2

One way to crack WPA2 passphrases is to de-authenticate an existing connected client, then capture and analyze the client re-authenticating. This episode will demonstrate how to perform an offline dictionary attack using a WPA2 authentication packet capture file.

6. Wi-Fi Hardening

There are many options for securing Wi-Fi networks. Disabling items such as WLAN name broadcast, DHCP, and public network management are the first consideration. Using WPA3 enterprise mode and changing default settings also help harden your Wi-Fi network.

7. Chapter 7 Exam Question Review

Malicious users will often mimic legitimate services in an attempt to trick unsuspecting victims into connecting to the service. This episode presents a scenario where the viewer must determine what type of attack has taken place.

8. WPA2 Cracking Lab

Wi-Fi Protected Access (WPA) protects Wi-Fi network communications. This episode demonstrates how there are ways to crack a WPA2 using offline attack methods.

9. Chapter 7 Ask Me Anything (AMA)

Some wireless networking attacks involve deception. In this episode, Mike describes how there are variations of Evil Twin attacks including through DNS.

1. Defining a Public Server

Public servers offer services to internet users. These servers should be hardened and placed on an isolated network such as a screened subnet or DMZ so that in the case of compromise, lateral movement by the attacker will not allow access to other sensitive hosts.

2. Common Attacks and Mitigations

Public servers are subjected to many types of attacks that can be mitigated by hardening the network and host using a wide variety of methods. This episode covers common attacks include DDoS, URL hijacking/redirection, session replay, and pass-the-hash.

3. Containers and Software-Defined Networking

Modern software development often uses application containers which serve as a logical boundary for app files and settings outside of the operating system. This episode also covers Software-Defined Networking (SDN).

4. Hypervisors and Virtual Machines

Hypervisors are servers configured to host virtual machine guests. This episode will discuss Type 1 and Type 2 hypervisors as well as hardening.

5. Cloud Deployment Models

Virtualization alone does not constitute cloud computing; a number of characteristics such as resource pooling and metered usage must also be involved. This episode discusses public, private, hybrid, and community clouds.

6. Cloud Service Models

Cloud computing services are categorized using the term "as a service" (aaS). This episode discusses IaaS, Paas, SaaS, and where responsibility lies for each type of service.

7. Securing the Cloud

Cloud security is generally split between the Cloud Service Provider (CSP) and the cloud tenant, depending on which type of cloud service is being used. Security solutions include firewalls, data loss prevention tools as well as a Cloud Access Security Broker which enforces cloud computing security policies.

8. Chapter 8 Exam Question Review

Public servers can be hosted as virtual machines in the public cloud. In this episode, a scenario is presented where a virtual machine requires access to specific cloud-based resources.

9. Docker Container Lab

Containerized applications are self-contained boundaries consisting of only application files, not an operating system. This demo shows how to work with Docker containers on the Linux platform.

10. Chapter 8 Ask Me Anything (AMA)

Virtual machines, often referred to as instances, are widely used both on-premises and in the cloud. This episode tackles issues related to being aware of deployed instances in the interest of reducing the attack surface.

1. Embedded Systems

Embedded systems use an operating system burned into one or more chips and have a defined function, such as running an elevator or proving Wi-Fi services. In this episode, Industrial Control Systems, Internet of Things (IoT), Raspberry PI, and Arduinos are discussed.

2. Industrial Control System (ICS)

ICSs use computing devices to automate tasks in a fast dependable way using Programmable Logic Controllers (PLCs). This episode also covers Supervisory Control and Data Acquisition (SCADA).

3. Internet of Things (IoT) Devices

IoT devices are function-specific and can communicate over the Internet. Examples include environmental control devices, medical devices, and video surveillance systems. This episode also covers the Zigbee smart home automation protocol.

4. Connecting to Dedicated and Mobile Systems

There are many modern wireless communication standards. This episode discussed the Global Positioning System (GPS), 4G and 5G cellular, Wi-Fi Direct, and mobile device tethering.

5. Security Constraints for Dedicated Systems

Some dedicated device security settings are limited, or patches are not available, and should be placed on isolated networks that do not contain sensitive systems or data. Mobile devices have limited CPU and battery power which limits characteristics such as the ability to quickly process cryptographic algorithms.

6. Mobile Device Deployment and Hardening

Organizations normally allow the use of personal or work-issued mobile devices for work purposes through provisioning schemes such as Bring Your Own Device (BYOD) and Choose Your Own Device (CYOD). This episode also discusses Subscriber Identity Module (SIM) cards and mobile device hardening.

7. Chapter 9 Exam Question Review

Critical infrastructure IT systems can sometimes be vulnerable to attacks. In this episode, a scenario is presented in which the best solution must be implemented to protect Programmable Logic Controllers (PLCs).

8. Smartphone Hardening Lab

Smartphones are small computers that almost everybody carries around with them. Many standard desktop computers hardening techniques can be applied to smartphones.

9. Chapter 9 Ask Me Anything (AMA)

Some IT solutions are dedicated to serving specific functions. In this episode, Mike discusses the security aspect of using Zigbee devices.

1. Physical Security Overview

Physical security matters because all digital IT systems and data rely upon physical equipment somewhere.

2. Physical Security

This episode covers physical security controls such as door lock types and bollards, as well as encryption of data at rest.

3. Keylogger Demo

Limited access to network computers can prevent malicious actors from installing components such as hardware key loggers, which can capture all user keystrokes and make them available to an attacker over a Wi-Fi network.

4. Environmental Controls

Computing equipment must be kept at the correct temperature and humidity levels to function efficiently. This episode covers air flow management using hot and cold aisles as well as environmental monitoring.

5. Chapter 10 Exam Question Review

IT systems are greatly affected by physical security. This episode presents a scenario in which only some security controls effectively mitigate a security problem.

6. Physical Security Lab

A full IT security audit always includes physical security. In this episode, physical security considerations are presented.

7. Chapter 10 Ask Me Anything (AMA)

Some physical security controls protect physical property which includes hardware IT devices. In this episode, IP cameras and CCTV are discussed.

1. DNS Security

DNS is a crucial network service used by everybody to resolve names to IP addresses and as a result, it is a target for attackers. This episode also discusses other protocols such has Simple Network Management Protocol (SNMP) and Secure Shell (SSH).

2. FTP Packet Capture

FTP continues to be used for file transfers over the Internet, but it is inherently insecure. This episode also discusses how to harden the use of FTP by instead using secure variations such as SSH File Transfer Protocol (SFTP) and File Transfer Protocol, Secure (FTPS).

3. Secure Web and E-mail

This episode covers how to harden web and e-mail servers using load balancers, proxy servers and NAT. POP, IMAP, SMTP, and S/MIME are also covered.

4. Request Forgery Attacks

Hijacked authenticated user sessions can result in Cross-Site Request Forgery (CSRF) attacks. This episode explains how these attacks occur and how they can be mitigated.

5. Cross-Site Scripting Attacks

Web apps that do not properly validate or sanitize user-supplied input could be susceptible to Cross-Site Scripting (XSS) attacks.

6. Web Application Security

The OWASP Top 10 identifies common web application attacks. This episode also discusses secure coding practices that should be applied to each System (Or Software) Development Life Cycle (SDLC) phase.

7. Web App Vulnerability Scanning

This episode shows how specialized web application vulnerability scanning tools can be used to identity security flaws in a web application.

8. Chapter 11 Exam Question Review

Connecting to any Internet resource commonly uses DNS to resolve host names to IP addresses. In this episode, the viewer is presented with a DNS scenario and must determine which type of attack has occurred.

9. OWASP ZAP Web App Scan Lab

The OWASP to 10 is a list of the most common web application attacks. Using the OWASP Zed Attack Proxy (ZAP) provides a method for testing a web application for common vulnerabilities.

10. Chapter 11 Ask Me Anything (AMA)

Securing web applications involves not only IT administrators but also software developers. In this episode, Mike provides a distinction between input validation and input sanitization.

1. Testing Infrastructure Overview

With so many security vulnerabilities out there, a good IT security tech must know how to robustly test their network and physical security measures.

2. Social Engineering

Tricking people into doing something or divulging sensitive information - this is social engineering. This episode discusses a pretext, or believable story, that often goes along with this type of activity.

3. Social Engineering Attacks

Social engineering attacks can take place over the phone, in person, or through technology. This episode discusses concepts such as spam, phishing and DNS URL redirection.

4. Vulnerability Assessments

This episode discusses how to use tools to identify security flaws on hosts or for a specific application. Topics include credential vs non-credential scans and keeping the vulnerability database up to date.

5. Penetration Testing

This episode focuses on how penetration testing discovers and exploits security vulnerabilities. Concepts covered include known, partially known, and unknown testing types as well as the role that red, white, blue, and purple teams play.

6. Security Assessment Tools

Open-source and proprietary (paid) security assessment tools are used by security analysts and malicious actors; what differs is the reason they are being used. The scanless tool uses web sites to perform port scans while the hping3 tool allows for the creation of spoofed packets, among other capabilities.

7. The Metasploit Framework

Penetration testers can use the cross-platform Metasploit framework command-line tool for discovering and exploiting security flaws on hosts.

8. Chapter 12 Exam Question Review

Penetration testing provides insight as to how secure an organization's physical and IT infrastructure really is. In this episode, a pen testing scenario is provided.

9. hping3 Forged Packet Lab

The hping3 tool provides many services, including the creation of network packets based on command-line parameters. This episode demonstrates craft packets using the hping3 tool.

10. Chapter 12 Ask Me Anything (AMA)

One aspect of security testing is determining if internal employees have an awareness of common security problems. In this episode, Mike discusses phishing and whaling.

1. Incident Response Overview

Responding to incidents in a timely and effective manner is the result of proactive planning with defined roles and responsibilities.

2. Incident Response Plans (IRPs)

An IRP provides guidance on how security incidents are dealt with effectively while they are occurring. The IRP includes roles, responsibilities, a contact list and escalation procedures. IRPs should be updated periodically through lessons learned from past incidents.

3. Threat Analysis and Mitigating Actions

Stepping through how attackers manage to compromise a system or exfiltrate data helps harden environments to prevent future incidents. This episode covers the Cyber Kill Chain, the Mitre ATT&CK Framework, the Diamond Model of Intrusion Analysis, and how Security Orchestration, Automation, and Response (SOAR) tools can reduce incident response time.

4. Digital Forensics

The application of computer science to legal situations include evidence gathering is referred to as digital forensics. This episode covers e-discovery and steganography.

5. Gathering Digital Evidence

This episode covers chain of custody, evidence order of volatility, and digital forensics tools used to acquire evidence.

6. Business Continuity and Alternate Sites

Business continuity ensures that business processes can continue despite interruptions. Continuity of Operations (COOP), Disaster Recovery Plans (DRPs), as well as hot, warm, and cold alternate sites are discussed.

7. Data Backup

Backing data up provides availability in the event of data deletion, corruption, or encryption through ransomware. This episode discusses backup settings such as compression and encryption, as well as full, differential, and incremental backup types.

8. Chapter 13 Exam Question Review

Incident response strives to minimize security issues as they are happening. In this episode, an incident response scenario is presented.

9. Autopsy Forensic Browser Lab

Digital forensics is the cross-pollination of computer science and law. In this demonstration, Dan shows how to use the Autopsy forensic tool to work with a disk image to retrieve a deleted file.

10. Chapter 13 Ask Me Anything (AMA)

There is much to be learned by analyzing past security incidents. In this episode, Dan discussed the Cyber Kill Chain.