This is the index to my free CompTIA SY0-401 Security+ training course videos. All of our training videos are completely free; watch all of our videos online right now!

Click here to see how you can own all of my Security+ notes with my 40-page downloadable PDF Course Notes.

For a small cost, I’ll send you a USB flash drive with all of my video, audio, and course notes!

CompTIA SY0-401 Security+ Training Videos

Section 0: Introduction

0.1 – Introduction Introduction to CompTIA SY0-401 Security+ (11:21)

Section 1: Network Security

1.1 – Network Device Security Routers, Firewalls, and Switches (7:44) | Load Balancers and Proxies (5:50) Web Security Gateways and UTMs (2:33) | VPN Concentrators (2:04) Network Intrusion Detection and Prevention (5:29) | Protocol Analyzers (1:37) Spam Filters (4:25) | Web Application Firewalls (3:02) Application-Aware Security Devices (3:03) 1.2 – Network Administration Principles Firewall Rules (7:53) | VLAN Management (3:42) Secure Router Configuration (2:35) | Access Control Lists (1:55) Port Security and 802.1X (5:32) | Flood Guards (4:06) Spanning Tree Protocol and Loop Protection (4:47) Network Separation (2:48) | Log Analysis (2:30) 1.3 – Network Design Elements and Components DMZ (2:19) | Subnetting the Network (2:44) VLANs (1:52) | Network Address Translation (3:45) Remote Access (2:48) | Telephony (2:40) Network Access Control (1:55) | Virtualization (2:18) Cloud Computing (7:00) | Defense in Depth (3:44) 1.4 – Common Protocols and Services IPv4 and IPv6 (5:08) | IPsec (1:39) ICMP and SNMP (4:37) | Telnet and SSH (4:56) Transferring Files (3:15) | DNS (2:01) HTTPS and TLS/SSL (2:23) | Storage Area Networking (6:22) NetBIOS (3:38) | Common Network Ports (13:06) Protocols and the OSI Model (6:47) 1.5 – Troubleshooting Wireless Security Wireless Encryption (4:27) | EAP, PEAP, and LEAP (1:59) MAC Address Filtering (1:53) | SSID Management (1:27) TKIP and CCMP (5:16) | Wireless Power and Antenna Placement (2:18) Captive Portals (2:22) | Antenna Types (2:50) Site Surveys (3:28) | VPN Over Open Wireless Networks (2:45)

Section 2 – Compliance and Operational Security

2.1 – Risk Related Concepts Control Types (3:51) | False Positives and False Negatives (5:09) Reducing Risk with Security Policies (4:10) | Calculating Risk (5:09) Quantitative and Qualitative Risk Assessment (4:31) Vulnerabilities, Threat Vectors, and Probability (4:26) Risk Avoidance (3:07) | Risks with Cloud Computing and Virtualization (5:59) Recovery Time Objectives (4:41) 2.2 – Integrating Systems and Data with Third Parties On-boarding and Off-boarding Business Partners (4:21) Security Implications of Social Media (3:08) Interoperability Agreements (2:50) Privacy Considerations with Third-Parties (3:19) Risk Awareness with Third-Parties (2:16) Data Ownership and Unauthorized Data Sharing (3:07) Data Backups with Third-Parties (3:23) Security Policy Considerations with Third-Parties (3:48) Third-Party Security Compliance (2:15) 2.3 – Risk Mitigation Strategies Change Management (3:21) | Incident Management (3:22) User Rights and Permissions (2:27) | Security Audits (3:07) Data Loss and Theft Policies (2:04) | Data Loss Prevention (5:03) 2.4 – Basic Forensic Procedures Order of Volatility (4:56) | Capturing System Images (3:28) Capturing Network Traffic and Logs (2:47) | Capturing Video (2:09) Recording Time Offsets (3:31) | Taking Hashes (5:12) Taking Screenshots (1:54) | Interviewing Witnesses (1:09) Tracking Man-Hours and Expenses (1:41) | Chain of Custody (1:35) Big Data Analysis (3:05) 2.5 – Incident Response Procedures Preparing for an Incident (5:30) | Incident Identification (4:09) Incident Escalation and Notification (2:36) Incident Mitigation and Isolation (4:41) Lessons Learned from Incidents (2:13) | Incident Reporting (3:46) Incident Recovery and Reconstitution (2:53) | First Responder (1:16) Data Breaches (2:17) | Incident Damage and Loss Control (1:51) 2.6 – Security-Related Awareness and Training Security Policy Training and Procedures (3:52) Personally Identifiable Information (2:52) Information Classification (1:41) | Data Labeling, Handling, and Disposal (3:00) Compliance Best Practices and Standards (3:46) | User Habits (2:00) New Threats and Security Trends (2:44) Social Networking and Peer-to-Peer Security (2:01) Gathering Training Metrics (2:14) 2.7 – Physical Security and Environmental Controls HVAC, Temperature, and Humidity Controls (3:51) | Fire Suppression (3:00) EMI Shielding (1:05) | Hot and Cold Aisles (1:43) Environmental Monitoring (1:41) | Physical Security (10:59) Physical Security Control Types (3:53) 2.8 – Risk Management Best Practices Business Impact Analysis (2:36) | Critical Systems and Components (2:40) Redundancy and Single Points of Failure (3:18) Continuity of Operations (1:32) Disaster Recovery Planning and Testing (3:32) IT Contingency Planning (3:11) Succession Planning (1:34) | Tabletop Exercises (2:50) Redundancy, Fault Tolerance, and High Availability (10:08) Cold Site, Hot Site, and Warm Site (2:31) 2.9 – Security Goals Confidentiality, Integrity, Availability, and Safety (6:11)

Section 3 – Threats and Vulnerabilities

3.1 – Malware Types Malware Overview (8:47) | Viruses and Worms (10:06) Adware and Spyware (6:42) | Trojans and Backdoors (8:53) Rootkits (5:39) | Logic Bombs (4:26) Botnets (3:43) | Ransomware (2:47) Polymorphic Malware (3:03) | Armored Virus (1:56) 3.2 – Attack Types Man-in-the-Middle Attacks (8:06) | Denial of Service Attacks (7:08) Replay Attacks (2:27) | Spoofing (4:10) Spam (5:41) | Phishing (7:32) | Vishing (3:37) Christmas Tree Attack (6:42) | Privilege Escalation (2:37) Insider Threats (3:42) | Transitive and Client-Side Attacks (4:16) Password Attacks (10:48) | URL Hijacking (4:07) Watering Hole Attack (3:03) 3.3 – Social Engineering Attacks Shoulder Surfing (3:21) | Dumpster Diving (3:49) | Tailgating (4:22) Impersonation (3:40) | Hoaxes (4:21) | Whaling (3:51) The Effectiveness of Social Engineering (4:00) 3.4 – Wireless Attack Types Rogue Access Points and Evil Twins (5:19) Wireless Interference (4:49) | Wardriving and Warchalking (4:21) Bluejacking and Bluesnarfing (5:43) | Wireless IV Attacks (7:31) Wireless Packet Analysis (7:09) | Near Field Communication (3:02) Wireless Replay and WEP Attacks (2:42) | WPA Attacks (3:34) WPS Attacks (3:45) 3.5 – Application Attack Types Cross-site Scripting (12:35) SQL Injection, XML Injection, and LDAP Injection (5:56) Directory Traversal and Command Injection (3:56) Buffer Overflows and Integer Overflows (5:06) | Zero-day Attacks (5:59) Cookies, Header Manipulation, and Session Hijacking (11:03) Locally Shared Objects and Flash Cookies (3:02) Malicious Add-ons and Attachments (6:22) Arbitrary and Remote Code Execution (3:15) 3.6 – Mitigation and Deterrent Techniques Monitoring System Logs (6:35) | Operating System Hardening (10:04) Physical Port Security (4:37) | Security Posture (4:36) Reporting (7:29) | Detection vs. Prevention (6:04) 3.7 – Security Threats and Vulnerabilities Vulnerability Scanning Overview (6:27) | Assessment Tools (8:09) Assessment Types (4:13) | Assessment Techniques (6:32) 3.8 – Penetration Testing and Vulnerability Scanning Penetration Testing (10:01) | Vulnerability Scanning (8:19)

Section 4 – Application, Data, and Host Security

4.1 – Application Security Controls and Techniques Fuzzing (4:06) | Secure Coding Concepts (4:53) Application Configuration Baselining and Hardening (4:07) Application Patch Management (5:17) | SQL and NoSQL Databases (4:03) Server-side vs. Client-side Validation (3:00) 4.2 – Mobile Security Concepts and Technologies Mobile Device Security (11:14) | Mobile Application Security (6:17) Mobile BYOD Concerns (8:35) 4.3 – Establishing Host Security OS Security and Settings (2:39) | Anti-Malware (11:00) Patch Management (4:20) | White-Listing vs. Black-Listing Applications (4:20) Trusted OS (3:28) | Host-based Security (5:11) | Hardware Security (4:55) Host Software Baselining (3:27) | Virtualization Security (8:31) 4.4 – Ensuring Data Security Cloud and SAN Storage Data Security (7:17) | Data Encryption (8:46) Hardware-based Encryption (6:34) | States of Data (5:04) Permissions and ACLs (2:39) | Data Policies (5:10) 4.5 – Static Environment Security Embedded System Security (6:10) | Static OS Environments (7:57) Mitigating Risk in Static Environments (5:30)

Section 5 – Access Control and Identity Management

5.1 – Authentication Services RADIUS and TACACS (5:32) | Kerberos (9:55) LDAP and Secure LDAP (6:28) | SAML (2:50) 5.2 – Authentication, Authorization, and Access Control Identification, Authentication, and Authorization (3:22) Authorization and Access Control (3:56) | Single Factor Authentication (4:35) Multi-Factor Authentication (5:37) | One-time Password Algorithms (3:08) CHAP and PAP (7:21) | Single Sign-on (3:23) Federation and Transitive Trust (2:11) 5.3 – Account Security Best Practices Roles and Account Credentials (5:11) | Group Policy (3:02) Managing Password Policies (4:16) | Privileges (4:48) User Access Reviews and Monitoring (4:04)

Section 6 – Cryptography

6.1 – General Cryptography Concepts Cryptography Overview (8:31) | Symmetric vs. Asymmetric Encryption (4:18) Public Keys and Private Keys (4:10) | Session Keys (4:22) Block vs. Stream Ciphers (3:13) | Transport Encryption (5:09) Non-Repudiation (5:32) | Hashing (3:30) Key Escrow (2:47) | Steganography (4:21) Elliptic Curve and Quantum Cryptography (2:28) Perfect Forward Secrecy (3:38) 6.2 – Cryptographic Methods WEP vs. WPA (4:15) | Cryptographic Hash Functions (7:04) Symmetric Encryption Ciphers (6:42) Asymmetric Cryptography Algorithms (2:36) One-Time Pads (4:52) | NTLM (4:04) Transport Encryption Algorithms (9:31) | Strong vs. Weak Encryption (3:39) 6.3 – PKI and Certificate Management Certificate Authorities (2:52) | Key Revocation (3:31) Digital Certificates (3:01) | Public Key Infrastructure (3:33) Key Recovery (3:07) | Public and Private Keys (5:35) Key Registration (2:22) | Key Escrow (2:46) Trust Models (3:38)

Additional Study: Professor Messer’s Security+ Study Groups

Security+ Study Group Replays 2018 Replays January 2018 2017 Replays December 2017 | November 2017 | October 2017 | September 2017 August 2017 | July 2017 | June 2017 | May 2017 April 2017 | March 2017 | February 2017 | January 2017 December 2016 | November 2016 | October 2016 | September 2016 August 2016 | July 2016 | June 2016 | May 2016 April 2016 | March 2016 | February 2016 | January 2016 December 2015 | November 2015 | October 2015 | September 2015 August 2015 | July 2015 | June 2015 | May 2015