Teaching the New Security+ 2008 Edition Exam

2

Teaching the New Security+ 2008 Edition

Exam

Mark Ciampa

mark.ciampa@wku.edu

3

Teaching the New Security+ 2008 Edition

Exam

Security Quiz

4

90 A. How old you will feel by Friday

after sitting through all these sessions

B. Average number of traffic lights per mile in Las Vegas

C. Percentage of e-mail that is spam

5

1,500 A. Where the stock market will finally

bottom outB. Number of mouse clicks needed

to navigate the Cengage Web site C. Number users who still respond

weekly to “Nigerian General” spam

6

1 Out Of 4 A. Odds that most gamblers in Las

Vegas think they have of winning a million dollars

B. Number of your students who by midterm still don’t know your name

C. How many personal computers are part of a botnet

7

50%A. Price your flat panel TV dropped

the month after you bought itB. How much your IRA has lost in

the last 12 monthsC. Percentage of Americans who

had their credit card or SSN exposed online

8

39 Seconds A. Time took the person sitting next

to you at lunch today to inhale their desert

B. How often you keep checking your watch to see when this presentation is finally over

C. Frequency a computer is probed on the Internet

9

Outline• Security Employment Trends

• Overview of Security Certifications

• CompTIA Security+ 2008 Certification

• Community Server Web Site for Security+ 3ed

10

Teaching the New Security+ 2008 Edition

Exam

Security Employment Trends

Average Pay IT Noncertified vs. Certified Skills

11

12

Examples of Average Pay Decrease for IT Certified

Web Development (-16.3% in last quarter 2008)

Networking Operating System (-9.7%)

Programming (-5.3%)Systems Administration (-2.2%)

13

Examples of Average Pay Increase for IT Certified

Project Management (+3.1% in last quarter 2008)

Networking/Internetworking (+1.1%)

Security (+0.8%)- www.footepartners.com/htscpi_latest.htm

14

Wage-Boosting Skills

Security (+4.6%)Web Infrastructure (+4.2%)Data Management (+4.2%)Networking (+4.1%)Business Intelligence (+4.0%).

-computerworld.com/08/salaries

15

Titles Higher-Than-Average Gains Total Compensation

Network Administrator (+4.8%) Information Security Manager (+4.5%) Storage Administrator/Architect (+4.5%) E-Commerce/Internet Manager (+4.3%) Quality Assurance Specialist (+4.2%).

16

Job Titles Percentage Increase 2008

CIO/CTO/Senior VP IT (+2.9%) IT security director/manager/strategist (+2.6%) Security architect/administrator/manager

(+2.3%) Telecommunications director/manager (+2.1%) Data manager (+1.7%).

-www.nwdocfinder.com/8135

17

Employment Trends• As attacks continue to escalate, need for trained

security personnel also increases

• Demand for IT security professionals is approaching highest levels in 5 years

• Patriot Act, Homeland Security Act, and Sarbanes-Oxley Act legislation still drives security employment

• Unlike computer programming and help desk support, security is not being off-shored and rarely out-sourced

• Security positions are not “on the job training” where a person can learn as they go

18

Employment Trends• Department of Defense Directive 8570 requires 110,000

information assurance professionals in assigned duty positions to have security certification within 5 years

• Also requires certification of all 400,000 full- and part-time military service members, contractors, and local nationals who are performing information assurance functions

19

Required Certifications for DoD

20

Categories Security Positions

• Managerial – Administration and management of plans, policies, people

• Technical – Design, configure, install, and maintain technical security equipment

21

Security Positions• Chief Information Security Officer

(CISO)• Security Manager• Security Administrator• Security Technician

22

Chief Information Security Officer

• CISO is primarily responsible for assessment, management, and implementation of security

• Other titles Manager for Security and Security Administrator

• Reports directly to the CIO (large organizations may have more layers of management between)

• Average salary $140,000

23

Security Manager• Accountable for the day-to-day operation

of the information security program• Report to CISO and supervises

technicians, administrators, and staff• Work on tasks identified by CISO and

resolve issues identified by technicians• Requires understanding of configuration

and operation but not necessarily technical mastery

• Average salary $75,000

24

Security Administrator• Has both technical knowledge and managerial

skill• Manage daily operations of security technology• May assist in development and conduct of

security policy and training • May analyze and design security solutions within

a specific entity (honeypot, firewall)• Identify the users’ needs and understand

technology• Average salary $64,000

25

Security Technician• Provide technical support to configure

security hardware (firewalls, IDS), implement security software, diagnose and troubleshoot problems

• Generally entry-level position with technical skills

• Focus on major security technology group• Average salary $40,000

26

Teaching the New Security+ 2008 Edition

Exam

Overview of Security Certifications

27

Required Certifications for DoD

28@ Copyright 2007 SCP

29

Certified Information Systems Security Professional (CISSP)

• Considered most prestigious high-level security certification

• Offered by International Information Systems Security Certification Consortium (ISC)2 (www.isc2.org)

• Designed “to recognize mastery of an international standard for information security and understanding of common body of knowledge”

• Minimum 5 years of direct full-time security professional work experience in 2+ domains (or 4 years with bachelor’s degree)

30

CISSP Ten domains1. Access control2. Application security3. Business continuity & disaster recovery planning4. Cryptography5. Information security & risk management6. Legal, regulations, compliance & investigations7. Operations security8. Physical security9. Security architecture & design10.Telecommunications & network security

31

Systems SecurityCertified Practitioner (SSCP)

• Less rigorous, more focused certifications• Offered by International Information Systems

Security Certification Consortium (ISC)2 (www.isc2.org)

• More applicable to security manager than technician

• Focuses on “practices, roles and responsibilities as defined by experts from major IS industries”

• Minimum 1 year experience in 1 of 7 domains

32

Systems SecurityCertified Practitioner (SSCP)

Seven domains

1. Access controls

2. Administration

3. Audit and monitoring

4. Risk, response, and recovery

5. Cryptography

6. Data communications

7. Malicious code/malware

33

Global Information Assurance Certification (GIAC)

• Series of technical security certifications in 1999 known as the GIAC (www.giac.org).

• Offered by the System Administration, Networking and Security Organization, or SANS (www.sans.org)

• GIAC Security Engineer (GSE) and GIAC Information Security Officer (GISO) is overview certification combines basic technical knowledge with understanding of threats, risks, and best practices, similar to the SSCP

34

35

Teaching the New Security+ 2008 Edition

Exam

CompTIA Security+ 2008 Exam

36

Security+ Certification Exam• Considered the fundamental foundation security

certification• Can be used as an alternative on the Microsoft

MCSE and MCSA certification paths• Security+ Exam first introduced 2002 (SY0-101)• CompTIA started process to revise exam in

2006

37

Security+ SY0-201• Security+ 2008 Edition Exam (SY0-201) went

live October 14, 2008 • Previous edition exam (SY0-101) retirement

extended from April 15 to July 31, 2009 • No wait time fixed between the first and second

attempt, but after third attempt wait 30 days• Test fee is $258

Security+ SY0-201

38

39

New SY0-201 Features• Added new domain

• Includes “how-to” material

• Reorganized material

• Updated content

Security+ SY0-101

40

Security+ SY0-201

41

Assessments & Audits

42

Assessments & Audits

43

Assessments & Audits

44

Assessments & Audits

45

46

How-To Material• Some objectives now place more

importance on knowing “how to” rather than just knowing or recognizing security concepts

• “Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges (3.3)”

• “Apply appropriate security controls to file and print resources (3.4)”

47

How-To Material• “No multiple choice exam is really going to test

for “hands-on” skills.  On the other hand, as I mentioned in my previous notes to courseware providers, I notice a difference in emphasis in the new exam objectives from the old ones, in that there is more emphasis on implementing or applying than strictly on knowing…the questions written for this exam will require people to know what to do, versus just knowing what something is”

-Carol Balkcom, CompTIA Product Manager Security+

48

Reorganized Material• In SY1-101 one objective was listed in

three different places!• Material organization greatly improved• Still issues• 1.4 – There are separate bullets for

“Cross-site scripting” and “XXS” (and the standard abbreviation for cross-site scripting is “XSS” instead of “XXS”)

• 2.6 – “Vampire taps” (10Base-5 connectors) instead of “network taps”

49

Reorganized Material• 3.7 - “TACACS” instead of “TACACS+”

(very different and TACACS is an antiquated protocol)

• 5.2 - “NTLM”, better reference is NTLM v. 2

50

Updated Content• Privilege escalation (1.1)• Spyware (1.1) • Adware (1.1)• Rootkits (1.1)• Botnets (1.1)• BIOS (1.2)• USB devices (1.2) • Network attached storage (NAS) (1.2) • Cell Phones (1.2)

51

Updated Content• Java (1.4)• Buffer overflow (1.4)• Cross-site scripting (1.4)• Input validation (1.4)• Antivirus (1.5)• Popup blockers (1.5)• Anti-Spam (1.5)• Attacks on Virtualized Systems (1.6)

52

Question Type1. When should a technician perform penetration testing?

A. When the technician suspects that weak passwords exist on the network

B. When the technician is trying to guess passwords on a network

C. When the technician has permission from the owner of the network

D. When the technician is war driving and trying to gain access

53

Question Type2. An administrator has implemented a new SMTP service

on a server. A public IP address translates to the internal SMTP server. The administrator notices many sessions to the server, and gets notification that the server’s public IP address is now reported in a spam real-time block list. Which of the following is wrong with the server?

A. SMTP open relaying is enabled.

B. It does not have a spam filter.

C. The amount of sessions needs to be limited.

D. The public IP address is incorrect.

54

Question Type3. Which of the following is a reason why a

company should disable the SSID broadcast of the wireless access points?

A. Rogue access points

B. War driving

C. Weak encryption

D. Session hijacking

55

Question Type4. A user wants to implement secure LDAP

on the network. Which of the following port numbers secure LDAP use by default?

A. 53

B. 389

C. 443

D. 636

56

Question Type5. A programmer has decided to alter the server variable in

the coding of an authentication function for a proprietary sales application. Before implementing the new routine on the production application server, which of the following processes should be followed?

A. Change management

B. Secure disposal

C. Password complexity

D. Chain of custody

57

Bridge Exam• Not required to regularly renew Security+

certification• What if want to demonstrate up-to-date

with security by showing new CompTIA Security+ 2008 Edition certification instead of older Security+ 2002 Edition?

• Those who already hold the Security+ certification CompTIA is offering CompTIA Security+ Bridge Exam (BR0-001)

58

Bridge Exam• Covers only the differences between the

previous 2002 exam objectives (SY0-101) and the new 2008 exam (SY0-201)

• Bridge exam is 50 questions and the minimum passing score is 560 on a scale of 100-900

• Only available to individuals who currently hold the CompTIA Security+ certification

59

Teaching the New Security+ 2008 Edition

Exam

Community Server Companion Web Site

60

Security+ 3ed• Security+ Guide to Network Security

Fundamentals 3ed published Nov 2008• Essentially new textbook• Maps to Security+ 2008 Edition Exam

(SY0-101)• Expanded coverage specific areas

(wireless, passwords)• New Hands-On Projects and Case

Projects• Two different lab manuals

61

Web Site• Companion Web site to 3ed textbook• Ask the author questions• Author’s blog• Podcasts• One hour lecture video on each chapter• Demonstration video on a chapter Hands-

On Project• Additional Hands-On Project labs• One-page articles

62

Web Site• Entirely free to any Internet user• Can sign up for additional capabilities• All content can be downloaded except the

chapter video lectures (only available to instructors but can be freely distributed to students)

• Special day-long online session in early April with prizes, interactions, games, etc.

• http://community.cengage.com/Infosec/

63

Teaching the New Security+ 2008 Edition

Exam

Mark Ciampa

mark.ciampa@wku.edu