Professor Messer’s CompTIA SY0-401 Security+ Training Course

Professor Messer | July 26, 2014

This is the index to my free CompTIA SY0-401 Security+ training course videos. All of our training videos are completely free; watch all of our videos online right now!

Click here to see how you can own all of my Security+ notes with my 40-page downloadable PDF Course Notes.

Click here to get the best book for Security+, and the one I used to make all of these videos!

Pocket Prep’s Security+ Exam Prep has 30 free questions for the SY0-401 Security+ exam and the option to unlock hundreds more.

For a small cost, I’ll send you a USB flash drive with all of my video, audio, and course notes!

257 Videos – Total Running Time: 19 hours, 3 minutes

Who is Professor Messer? Are all of these videos really free? Read our frequently asked questions here.

Have you downloaded the exam objectives yet? Click here to get them now.

CompTIA SY0-401 Security+ Training Videos

Section 0: Introduction

0.1 – Introduction

Introduction to CompTIA SY0-401 Security+ (11:21)

Section 1: Network Security

1.1 – Network Device Security

Routers, Firewalls, and Switches (7:44) | Load Balancers and Proxies (5:50)
Web Security Gateways and UTMs (2:33) | VPN Concentrators (2:04)
Network Intrusion Detection and Prevention (5:29) | Protocol Analyzers (1:37)
Spam Filters (4:25) | Web Application Firewalls (3:02)
Application-Aware Security Devices (3:03)

1.2 – Network Administration Principles

Firewall Rules (7:53) | VLAN Management (3:42)
Secure Router Configuration (2:35) | Access Control Lists (1:55)
Port Security and 802.1X (5:32) | Flood Guards (4:06)
Spanning Tree Protocol and Loop Protection (4:47)
Network Separation (2:48) | Log Analysis (2:30)

1.3 – Network Design Elements and Components

1.4 – Common Protocols and Services

1.5 – Troubleshooting Wireless Security

Wireless Encryption (4:27) | EAP, PEAP, and LEAP (1:59)
MAC Address Filtering (1:53) | SSID Management (1:27)
TKIP and CCMP (5:16) | Wireless Power and Antenna Placement (2:18)
Captive Portals (2:22) | Antenna Types (2:50)
Site Surveys (3:28) | VPN Over Open Wireless Networks (2:45)

Section 2 – Compliance and Operational Security

2.1 – Risk Related Concepts

Control Types (3:51) | False Positives and False Negatives (5:09)
Reducing Risk with Security Policies (4:10) | Calculating Risk (5:09)
Quantitative and Qualitative Risk Assessment (4:31)
Vulnerabilities, Threat Vectors, and Probability (4:26)
Risk Avoidance (3:07) | Risks with Cloud Computing and Virtualization (5:59)
Recovery Time Objectives (4:41)

2.2 – Integrating Systems and Data with Third Parties

On-boarding and Off-boarding Business Partners (4:21)
Security Implications of Social Media (3:08)
Interoperability Agreements (2:50)
Privacy Considerations with Third-Parties (3:19)
Risk Awareness with Third-Parties (2:16)
Data Ownership and Unauthorized Data Sharing (3:07)
Data Backups with Third-Parties (3:23)
Security Policy Considerations with Third-Parties (3:48)
Third-Party Security Compliance (2:15)

2.3 – Risk Mitigation Strategies

Change Management (3:21) | Incident Management (3:22)
User Rights and Permissions (2:27) | Security Audits (3:07)
Data Loss and Theft Policies (2:04) | Data Loss Prevention (5:03)

2.4 – Basic Forensic Procedures

Order of Volatility (4:56) | Capturing System Images (3:28)
Capturing Network Traffic and Logs (2:47) | Capturing Video (2:09)
Recording Time Offsets (3:31) | Taking Hashes (5:12)
Taking Screenshots (1:54) | Interviewing Witnesses (1:09)
Tracking Man-Hours and Expenses (1:41) | Chain of Custody (1:35)
Big Data Analysis (3:05)

2.5 – Incident Response Procedures

Preparing for an Incident (5:30) | Incident Identification (4:09)
Incident Escalation and Notification (2:36)
Incident Mitigation and Isolation (4:41)
Lessons Learned from Incidents (2:13) | Incident Reporting (3:46)
Incident Recovery and Reconstitution (2:53) | First Responder (1:16)
Data Breaches (2:17) | Incident Damage and Loss Control (1:51)

2.6 – Security-Related Awareness and Training

Security Policy Training and Procedures (3:52)
Personally Identifiable Information (2:52)
Information Classification (1:41) | Data Labeling, Handling, and Disposal (3:00)
Compliance Best Practices and Standards (3:46) | User Habits (2:00)
New Threats and Security Trends (2:44)
Social Networking and Peer-to-Peer Security (2:01)
Gathering Training Metrics (2:14)

2.7 – Physical Security and Environmental Controls

HVAC, Temperature, and Humidity Controls (3:51) | Fire Suppression (3:00)
EMI Shielding (1:05) | Hot and Cold Aisles (1:43)
Environmental Monitoring (1:41) | Physical Security (10:59)
Physical Security Control Types (3:53)

2.8 – Risk Management Best Practices

Business Impact Analysis (2:36) | Critical Systems and Components (2:40)
Redundancy and Single Points of Failure (3:18)
Continuity of Operations (1:32)
Disaster Recovery Planning and Testing (3:32)
IT Contingency Planning (3:11)
Succession Planning (1:34) | Tabletop Exercises (2:50)
Redundancy, Fault Tolerance, and High Availability (10:08)
Cold Site, Hot Site, and Warm Site (2:31)

2.9 – Security Goals

Confidentiality, Integrity, Availability, and Safety (6:11)

Section 3 – Threats and Vulnerabilities

3.1 – Malware Types

3.2 – Attack Types

Man-in-the-Middle Attacks (8:06) | Denial of Service Attacks (7:08)
Replay Attacks (2:27) | Spoofing (4:10)
Spam (5:41) | Phishing (7:32) | Vishing (3:37)
Christmas Tree Attack (6:42) | Privilege Escalation (2:37)
Insider Threats (3:42) | Transitive and Client-Side Attacks (4:16)
Password Attacks (10:48) | URL Hijacking (4:07)
Watering Hole Attack (3:03)

3.3 – Social Engineering Attacks

Shoulder Surfing (3:21) | Dumpster Diving (3:49) | Tailgating (4:22)
Impersonation (3:40) | Hoaxes (4:21) | Whaling (3:51)
The Effectiveness of Social Engineering (4:00)

3.4 – Wireless Attack Types

Rogue Access Points and Evil Twins (5:19)
Wireless Interference (4:49) | Wardriving and Warchalking (4:21)
Bluejacking and Bluesnarfing (5:43) | Wireless IV Attacks (7:31)
Wireless Packet Analysis (7:09) | Near Field Communication (3:02)
Wireless Replay and WEP Attacks (2:42) | WPA Attacks (3:34)
WPS Attacks (3:45)

3.5 – Application Attack Types

Cross-site Scripting (12:35)
SQL Injection, XML Injection, and LDAP Injection (5:56)
Directory Traversal and Command Injection (3:56)
Buffer Overflows and Integer Overflows (5:06) | Zero-day Attacks (5:59)
Cookies, Header Manipulation, and Session Hijacking (11:03)
Locally Shared Objects and Flash Cookies (3:02)
Malicious Add-ons and Attachments (6:22)
Arbitrary and Remote Code Execution (3:15)

3.6 – Mitigation and Deterrent Techniques

Monitoring System Logs (6:35) | Operating System Hardening (10:04)
Physical Port Security (4:37) | Security Posture (4:36)
Reporting (7:29) | Detection vs. Prevention (6:04)

3.7 – Security Threats and Vulnerabilities

Vulnerability Scanning Overview (6:27) | Assessment Tools (8:09)
Assessment Types (4:13) | Assessment Techniques (6:32)

3.8 – Penetration Testing and Vulnerability Scanning

Penetration Testing (10:01) | Vulnerability Scanning (8:19)

Section 4 – Application, Data, and Host Security

4.1 – Application Security Controls and Techniques

Fuzzing (4:06) | Secure Coding Concepts (4:53)
Application Configuration Baselining and Hardening (4:07)
Application Patch Management (5:17) | SQL and NoSQL Databases (4:03)
Server-side vs. Client-side Validation (3:00)

4.2 – Mobile Security Concepts and Technologies

Mobile Device Security (11:14) | Mobile Application Security (6:17)
Mobile BYOD Concerns (8:35)

4.3 – Establishing Host Security

OS Security and Settings (2:39) | Anti-Malware (11:00)
Patch Management (4:20) | White-Listing vs. Black-Listing Applications (4:20)
Trusted OS (3:28) | Host-based Security (5:11) | Hardware Security (4:55)
Host Software Baselining (3:27) | Virtualization Security (8:31)

4.4 – Ensuring Data Security

Cloud and SAN Storage Data Security (7:17) | Data Encryption (8:46)
Hardware-based Encryption (6:34) | States of Data (5:04)
Permissions and ACLs (2:39) | Data Policies (5:10)

4.5 – Static Environment Security

Embedded System Security (6:10) | Static OS Environments (7:57)
Mitigating Risk in Static Environments (5:30)

Section 5 – Access Control and Identity Management

5.1 – Authentication Services

RADIUS and TACACS (5:32) | Kerberos (9:55)
LDAP and Secure LDAP (6:28) | SAML (2:50)

5.2 – Authentication, Authorization, and Access Control

Identification, Authentication, and Authorization (3:22)
Authorization and Access Control (3:56) | Single Factor Authentication (4:35)
Multi-Factor Authentication (5:37) | One-time Password Algorithms (3:08)
CHAP and PAP (7:21) | Single Sign-on (3:23)
Federation and Transitive Trust (2:11)

5.3 – Account Security Best Practices

Roles and Account Credentials (5:11) | Group Policy (3:02)
Managing Password Policies (4:16) | Privileges (4:48)
User Access Reviews and Monitoring (4:04)

Section 6 – Cryptography

6.1 – General Cryptography Concepts

Cryptography Overview (8:31) | Symmetric vs. Asymmetric Encryption (4:18)
Public Keys and Private Keys (4:10) | Session Keys (4:22)
Block vs. Stream Ciphers (3:13) | Transport Encryption (5:09)
Non-Repudiation (5:32) | Hashing (3:30)
Key Escrow (2:47) | Steganography (4:21)
Elliptic Curve and Quantum Cryptography (2:28)
Perfect Forward Secrecy (3:38)

6.2 – Cryptographic Methods

WEP vs. WPA (4:15) | Cryptographic Hash Functions (7:04)
Symmetric Encryption Ciphers (6:42)
Asymmetric Cryptography Algorithms (2:36)
One-Time Pads (4:52) | NTLM (4:04)
Transport Encryption Algorithms (9:31) | Strong vs. Weak Encryption (3:39)

6.3 – PKI and Certificate Management

Certificate Authorities (2:52) | Key Revocation (3:31)
Digital Certificates (3:01) | Public Key Infrastructure (3:33)
Key Recovery (3:07) | Public and Private Keys (5:35)
Key Registration (2:22) | Key Escrow (2:46)
Trust Models (3:38)

Additional Study: Professor Messer’s Security+ Study Groups

Security+ Study Group Replays

2018 Replays

January 2018

2017 Replays

Tags: comptia, security, sy0-401

Category: CompTIA Security+ SY0-401

Comments are closed.

Professor Messer’s CompTIA SY0-401 Security+ Training Course

CompTIA SY0-401 Security+ Training Videos

Section 0: Introduction

Section 1: Network Security

Section 2 – Compliance and Operational Security

Section 3 – Threats and Vulnerabilities

Section 4 – Application, Data, and Host Security

Section 5 – Access Control and Identity Management

Section 6 – Cryptography

Additional Study: Professor Messer’s Security+ Study Groups

Professor Messer on Instagram

Upcoming Events

Time

Register

Time

Register

Time

Register

Time

Register

Categories

Recent Posts

Site Information

Connect