Professor Messer’s CompTIA SY0-701 Security+ Training Course
This is the index to my free CompTIA SY0-701 Security+ training course videos.
All of my training videos are completely free; watch them online right now!
88 Videos (and counting) – Total Run Time: 11 hours, 17 minutes
Have you downloaded the exam objectives yet?
Click here to get them now.
0.1 – Introduction
CompTIA’s Security+ certification is one of the most popular entry-level certifications for Information Technology professionals. In this video, you’ll learn about the certification requirements and the best methods for studying for the Security+ exam.
Section 1: General Security Concepts
1.1 – Security Controls
We rely on security controls to monitor, alert, and recover from attacks. In this video, you’ll learn about the categories of common security controls.
1.2 – Security Concepts
The CIA triad describes the foundational goals of IT security. In this video, you’ll learn more about confidentiality, integrity, and availability.
Non-repudiation is an important function of cryptography. In this video, you’ll learn about hashing, digital signatures, and non-repudiation.
The AAA process is an important part of network security. In this video, you’ll learn more about authentication, authorization, and accounting.
There’s always room to improve your security posture. In this video, you’ll learn how a security gap analysis can be used to make your network even more secure.
The strategy of zero-trust can be a effective way to increase the security of an organization’s data. In this video, you’ll learn more about best practices regarding zero-trust.
Security tools in the physical world can be effectively used to protect our computing systems. In this video, you’ll learn about physical security devices and techniques.
There are many ways to fool an attacker into disclosing important information about their methods and techniques. In this video, you’ll learn how to use deception and disruption to protect your network.
1.3 – Change Management
As IT professionals, we are constantly updating, modifying, and changing the devices we manage. In this video, you’ll learn how we manage this process with change management.
As IT professionals, we are constantly updating, modifying, and changing the devices we manage. In this video, you’ll learn how we manage this process with change management.
1.4 – Cryptographic Solutions
Public key infrastructure technologies are the foundation of our modern encryption. In this video, you’ll learn about symmetric encryption, asymmetric encryption, key pair generation, and more.
We use many different encryption techniques to keep our data secure. In this video, you’ll learn about database encryption, transport encryption, cryptographic keys, and more.
A secure key exchange method is critical for real-time encryption. In this video, you’ll learn how a symmetric key can be derived from a public and private key pair.
Encyrption technologies provide secure key storage, cryptographic functions, and data privacy. In this video, you’ll learn about HSMs, TPMs, secure enclave, and more.
Obfuscation can be used in IT security to hide information in unique ways. In this video, you’ll learn about steganography, tokenization, and data masking.
The hashing process can provide integrity, authentication, and non-repudiation. In this video, you’ll learn how hashes are created and how to use digital signatures.
Blockchain technology is the foundation of cryptocurrency, but it can also be used for many other purposes. In this video, you’ll learn how blockchain technology works behind the scenes.
We use certificates to provide trust when accessing other devices or services. In this video, you’ll learn about digital certificates, certificate signing requests, key revocation, OCSP stapling, and more.
Section 2: Threats, Vulnerabilities, and Mitigations
2.1 – Threat Actors
There are many different types of attackers. In this video, you’ll learn about threat actors from nation states, organized crime, shadow IT, and others.
2.2 – Threat Vectors and Attack Surfaces
Attackers can use many different methods to gain access to a system. In this video, you’ll learn how messages, images, files, default credentials, and more can be used as threat vectors.
Phishing continues to be a popular method of network infiltration. In this video, you’ll learn about different phishing techniques, and I’ll demonstrate a real-world example from my email inbox.
Attackers use impersonation to make themselves appear to be someone different. In this video, you’ll learn about some of the most popular impersonation and fraud-based attacks.
If can attacker can’t get into your network, then they’ll wait for you to come out. In this video, you’ll learn how watering hole attacks can be used to attack a company outside of their own network.
Attackers use many techniques to gain access to our systems. In this video, you’ll learn about misinformation campaigns and brand impersonation.
2.3 – Types of Vulnerabilities
Attackers can manipulate information in RAM to gain elevated access. In this video, you’ll learn how memory and DLL injections are used in an attack.
A poorly written application can be a useful vector for an attacker. In this video, you’ll learn how buffer overflows can be used to gain access to a remote system.
Most applications perform multiple transactions and processes at the same time. In this video, you’ll learn how attackers can take advantage of this characteristic with a race condition.
Many operating systems and applications perform automated updates. In this video, you’ll learn how attackers can use this feature to gain access to our systems.
Our operating systems can contain numerous vulnerabilities. In this video, you’ll learn how attackers use these vulnerabilities and how to protect your systems from unwanted intrusion.
Code injection is a relatively easy attack vector to exploit. In this video, you’ll learn about SQL injections and how they are used by attackers to gain access to our data.
Attackers can often use our browsers against us. In this video, you’ll learn how a browser vulnerability can provide an attacker with access to a third-party website.
Our hardware can also be a useful attack vector for an attacker. In this video, you’ll learn how firmware, end-of-life announcements, and legacy platforms can potentially put our data at risk.
A virtual machine manager can be a useful starting point for an attacker. In this video, you’ll learn how VM escapes and resource reuse can be maliciously used by an attacker.
An application in the cloud is susceptible to many different attack types. In this video, you’ll learn how denial of service, authentication bypass, directory traversal, and other attacks can be used against our cloud-based applications.
Some attacks come in through the front door. In this video, you’ll learn how the supply chain can be used as an attack vector against our organizations.
Some of the most common vulnerabilities are those we create ourselves. In this video, you’ll learn many different ways that misconfigurations can weaken the security of our networks.
Our mobile devices can be used by attackers to gain access to our networks and data. In this video, you’ll learn about jailbreaking, rooting, and sideloading.
An attack can sometimes take us by surprise. In this video, you’ll learn about zero-day attacks and how to prepare and respond to these attacks.
2.4 – Indicators of Malicious Activity
Malware is a significant security concern on our modern networks. In this video, you’ll learn how malware and ransomware is used in cybersecurity attacks.
Viruses and worms can be used to gain access to our systems. In this video, you’ll learn about the differences between viruses and worms, and how fileless viruses can attack from a system’s RAM.
Some malware is designed to track monitor, or overwhelm your system. In this video, you’ll learn about the operation of common spyware and bloatware.
There are many other malware types than viruses or worms. In this video, you’ll learn about keyloggers, logic bombs, and rootkits.
Some attacks take advantage of vulnerabilities in our physical world. In this video, you’ll learn about brute force attacks, RFID cloning, and environmental attacks.
An attacker may only be interested in disabling services on your network. In this video, you’ll learn about many different forms of denial of service attacks.
Our DNS services are critical components on our networks, and attackers can use these services as attack vectors. In this video, you’ll learn about DNS spoofing, domain hijacking, and URL hijacking.
Wireless networks are susceptible to many different types of attacks. In this video, you’ll learn about deauthentication attacks, RF jamming, and more.
An on-path attack allows an attacker to intercept and redirect critical network traffic. In this video, you’ll learn about the processes used to implement an on-path attack.
An on-path attack allows an attacker to intercept and redirect critical network traffic. In this video, you’ll learn about the processes used to implement an on-path attack.
An attacker often writes their own software to exploit a vulnerability. In this video, you’ll learn about malicious code and how it has been used to gain access to some of the largest networks in the world.
Our applications can be the weakest links in our security armor. In this video, you’ll learn about privilege escalation, directory traversal, and more.
Poorly implemented cryptography can often be the source of an attack. In this video, you’ll learn about downgrade attacks, SSL stripping, and hash collisions.
Our passwords are often the first and last security measure we use. In this video, you’ll learn how attackers obtain our credentials using password spraying and brute force.
An on-path attack allows an attacker to intercept and redirect critical network traffic. In this video, you’ll learn about the processes used to implement an on-path attack.
2.5 – Mitigation Techniques
Segmenting the network can provide significant security advantages. In this video, you’ll learn about access control lists, application allow lists, and more.
There are many ways to prevent or reduce the impact of a cybersecurity attack. In this video, you’ll learn about patching, encryption, monitoring, least privilege, and more.
There are many different techniques for making a system more difficult to exploit. In this video, you’ll learn about encryption, open ports, default passwords, and more.
Section 3: Security Architecture
3.1 – Architecture Models
Security in the cloud is a constant challenge. In this video, you’ll learn about infrastructure as code, serverless architectures, APIs, and more.
Cloud-based network infrastructures can provide significant security features. In this video, you’ll learn about logical segmentation and how software defined networking can be securely deployed.
New network services can introduce additional security concerns. In this video, you’ll learn about virtualization, containerization, Internet of things, embedded systems, and more.
When designing a network, there are many different considerations. In this video, you’ll learn about resilience, cost, responsiveness, scalability, and more.
3.2 – Applying Security Principles
It’s important to place services where they can be easily secured. In this video, you’ll learn about security zones, attack surfaces, and connectivity.
Intrusion prevention can be a useful method of blocking attacks against known vulnerabilities. In this video, you’ll learn about IPS failure modes, device connections, and differences between active and passive monitoring.
It can require many different network appliances to properly secure a network. In this video, you’ll learn about jump servers, application proxies, load balancing, sensors, collectors, and more.
Securing network interfaces is another important security best practice. In this video, you’ll learn about EAP, IEEE 802.1X, and more.
There are many different ways to secure network flows in real-time. In this video, you’ll learn about UTMs, NGFWs, and WAFs.
Security also includes the packets flowing across the network. In this video, you’ll learn about different VPN technologies, features of SD-WANs, and SASE solutions.
3.3 – Protecting Data
There are many types of data that need to be secured. In this video, you’ll learn about different data types, data classifications, and classifying sensitive data.
The state of data is an important security consideration. In this video, you’ll learn about data at rest, data in transit, data in use, and more.
Protecting data can take many different forms. In this video, you’ll learn about geographic restrictions, encryption, hashing, obfuscation, tokenization, and more.
3.4 – Resiliency and Recovery
It can be challenging to maintain uptime and availability of our modern networks. In this video, you’ll learn about server clustering, load balancing, site resiliency, multi-cloud systems, and more.
It’s important to match the supply of network resources to the demand. In this video, you’ll learn how people, technology, and infrastructure should be evaluated to provide the proper capacity.
A disaster recovery plan isn’t very useful if it doesn’t work. In this video, you’ll learn how organizations test their recovery plans before an actual disaster occurs.
Backups can be one of the best recovery methods when things go wrong. In this video, you’ll learn about backup frequency, encryption, snapshots, replication, and more.
Our computing systems rely on a stable power source. In this video, you’ll learn how UPS technologies and generators can be used to maintain power.
Section 4: Security Operations
4.1 – Security Techniques
The security of an application
environment should be well defined. In this video, you’ll learn about establishing, deploying, and maintaining security baselines.
No system is secure with the default configurations. In this video, you’ll learn about hardening mobile devices, servers, embedded systems, IoT devices, and more.
Many different strategies work together to provide security for wireless and mobile systems. In this video, you’ll learn about site surveys, mobile device management, BYOD, COPE, and more.
Wireless network security requires the configuration of many different options. In this video, you’ll learn about wireless encryption protocols, the AAA framework, and authentication options such as RADIUS, 802.1X, and EAP.
Application developers will follow best practices for security in their code. In this video, you’ll learn about input validation, secure cookies, code signing, sandboxing, and more.
4.2 – Asset Management
An important part of IT security is the management of hardware and software. In this video, you’ll learn best practices for the procurement process, asset tracking, media sanitization, physical destruction, and more.
4.3 – Vulnerability Management
Security researchers may use many techniques to identify vulnerabilities on a system or in software. In this video, you’ll learn about vulnerability scans, static code analyzers, and fuzzing.
To identify threats, we first must know the threats exist. In this video, you’ll learn about threat intelligence gathering techniques such as OSINT, third-parties, information sharing, the dark web, and more.
Penetration tests can simulate an attack to exploit vulnerabilities. In this video, you’ll learn about rules of engagement, the exploitation process, responsible disclosure programs, and more.
Identifying and analyzing vulnerabilities can be a relatively complex process. In this video, you’ll learn about vulnerability databases, classification, exposure factor, risk tolerance, and more.
Once a vulnerability is identified, a security professional is required to mitigate the issue. In this video, you’ll learn about patching, insurance, segmentation, compensating controls, and more.
4.4 – Security Monitoring
There are many methods for monitoring and reacting to security events. In this video, you’ll learn about log aggregation, scanning, reporting, alerting, and more.
Security administrators have many tools to help protect network resources. In this video, you’ll learn about Security Content Automation Protocol (SCAP), secure baselines, SIEMs, and more.
More videos are coming soon!
My YouTube channel subscribers are notified when new videos are posted.
Click here to subscribe to the Professor Messer YouTube channel!