These notes will eventually, some day, be combined in a single PDF file. Please let me know if you have any comments, suggestions so I can add/change it before it ends up in the PDF guide.
Click here for Security+ exam information, our practice tests, TechNotes, links, and recommended books.
Access Control *updated*
Access control, access control models, MAC, DAC, and RBAC.
Username/password, CHAP, certificates, Kerberos, mutual authentication, biometrics, tokens, and smartcards.
Covers the different type of attackers, their level of skills and resources, and their motivation.
Covers the concept of Denial of Service attacks and Distributed Denial of Service attacks, including a technical overview of the most common type of DoS attacks such as TCP SYN, UDP flooding and Smurfing.
Covers spoofing attacks such as IP spoofing, ARP spoofing, and spoofing websites.
Covers password, replay, back doors, Man-in-the-Middle, TCP Hijacking, mathematical, birthday, weak keys, and software exploitation attacks.
Social Engineering Attacks
Covers the human aspect of security.
Covers viruses, Trojan Horses, back door attacks, worms and logic bombs.
Covers S/MIME, message encryption and digital signatures, PGP, SPAM, relaying and reverse lookups.
Internet Security *new*
Covers Internet security, Intranet, Extranet, SSL, HTTPS, S-HTTP, TLS, SFTP, Blind/anonymous FTP, ActiveX, CGI, Java script, Java, signed applets, cookies, buffer overflows, and instant messaging.
Network and Storage Media *new*
Covers security concerns of coaxial, UTP, STP, and fiber optic cabling, and removable media such as diskettes, CDs, hard drives, flashcards, tapes, and smartcards.
Wireless Network Security
Covers 802.11x, WEP, WAP, WTLS, site surveys, vulnerabilities and various related wireless security technologies.
Intrusion Detection Systems
Covers intrusion detections systems concepts and characteristics. Passive vs Active response, host vs network-based, signature vs behavior-based, limitations and drawbacks, and honey pots.
Covers physical security aspects such as physical barriers, access controls, environmental security, shielding, and fire suppression.
Covers asset identification, vulnerability assessment, threat identification, and risk identication.
Covers computer forensics, identification and collection of evidence, preservation of evidence, and chain of custody.