Security+ certification is a neutral third-party certification, and its issuance agency is CompTIA, the American Computer Industry Association; it is one of the most popular certifications in the international IT industry that is included with CISSP and CISA. Compared with CISSP's emphasis on information security management, Security+ certification places more emphasis on information security technology and operations. The Security+ certification exam includes multiple-choice questions and practical questions (you are required to practice in a simulated environment). Passing the certification proves that you have the capabilities of network security, compliance and operational security, threats and vulnerabilities, application, data, and host security, access control and identity management, and encryption technology. Because of its difficult exams and high gold content, it has been widely adopted by global companies and security professionals.
In the process of obtaining Security+, I did learn a lot. Relatively speaking, this certificate is affordable and suitable for students in school to study. The certificate is a bonus item, and the process of verification is the process of learning.
The knowledge points of security+ include:
compliance and operation and maintenance security, security threats and vulnerabilities, data application and system security, access control and identity management, and password technology.
The following common knowledge points encountered in learning are explained as follows:
SPI full-state packet inspection type firewall:
It refers to a firewall that determines whether to filter data packets by detecting each connection information (including socket pairs: source address, destination address, source port, and destination port; protocol type, TCP protocol connection status, and timeout period, etc.).
Packet filtering firewall:
Software is used to view the header of the data packet that flows through, thereby determining the fate of the entire packet. It may decide to discard the packet, it may accept the packet (let it pass), or it may perform other more complex actions.
It is a computer that has been strengthened to defend against attacks. It serves as a checkpoint for entering the internal network so that the security problems of the entire network can be concentrated on a host to solve it, saving time and effort without considering other hosts.
NAC (Network Access Control) is a collection of protocols, policies, and hardware that manage the access rights of networked devices.
NAS (Network Access Server):
A RADIUS server configuration using a centralized server and client.
NAT (Network Address Translation):
A simple form of Internet security that hides the internal addressing scheme from the public Internet by performing internal translation between a single public address and a private, non-routable address outside the router.
BYOD (Bring Your Own Device):
It refers to bringing your own equipment to work, including personal computers, mobile phones, tablets, etc. (and more often refers to mobile smart terminal devices such as mobile phones or tablets.)
CYOD (Choose Your Own Equipment):
It refers to asking employees to choose from a pre-prepared list, from which they can choose their favorite equipment and varieties.
COPE (Company Owned, Personal Enabled):
A mobile deployment model that allows organizations to choose the equipment they want employees to use, while still allowing employees some freedom to use the equipment for personal activities.
IPSec has two working modes: tunnel and transport. In the tunnel mode, the user's entire IP data packet is used to calculate the AH or ESP header and is encrypted. The AH or ESP header and encrypted user data are encapsulated in a new IP data packet; in the transmission mode, only the transport layer data is used to calculate the AH or ESP header, and the AH or ESP header and the encrypted transport layer data are placed behind the original IP header.
IKE can be used to negotiate a virtual private network (VPN), and can also be used for remote users (whose IP address does not need to be known in advance) to access a secure host or network, and supports client negotiation. When using client mode, the identity at the endpoint is hidden.
Access Control List:
It is the command list of the router and switch interface, used to control the data packets entering and leaving the port. ACL is applicable to all routed protocols, such as IP, IPX, AppleTalk, etc.
Site-to-site VPN connection:
It is a demand-dial connection that uses a VPN tunneling protocol (PPTP or L2TP/IPSec) to connect to different private networks. Each VPN server on either end providing a routing connection to its own local private network.
Also known as dial-up VPN (VPDN), it refers to a virtual network constructed by enterprise employees or small branches of the enterprise through remote dialing from the public network.
It is a two-layer VPN that supports independent LAC and customer LAC modes so that it can be used to implement both VPDN and Site-to-Site VPN services. In L2TP VPN, the PPP frame is transmitted over the tunnel, which can verify the tunnel and pAP or CHAP of the user, and realize the characteristics of a point-to-point network.
It is a group of logical devices and users. These devices and users are not restricted by their physical location. They can be organized according to factors such as function, department, and application. The communication between them is as if they are in the same network segment.