LPI - Linux Security Essentials

10226
Foundation
Linux
15 horas
380 €
Convocatorias
Inicio - Fin
Horario  
No hay convocatorias abiertas
Security Certification Track , Linux , LPIC
Descripción

La seguridad informática es absolutamente crucial para los individuos y las organizaciones en el mundo digital actual. La capacidad general para proteger datos, dispositivos y redes es una habilidad fundamental para el uso responsable de la tecnología de la información.

La obtención del certificado Security Essentials del Linux Professional Institute es una forma fantástica de aprender a protegerse y demostrar sus conocimientos y experiencia en el campo a posibles empleadores y clientes.

El examen Security Essentials cubre conocimientos preliminares en todos los campos importantes de la seguridad informática. El certificado está dirigido a estudiantes que hayan realizado su primer curso en seguridad informática, a todos los miembros y personal de organizaciones que deseen mejorar su seguridad informática, así como a particulares que deseen alcanzar una competencia básica en el uso seguro de la tecnología de la información.
Objetivos

Para la realización del examen el alumno debe tener consolidados los siguientes conocimientos:

  • Tener una comprensión básica de las amenazas de seguridad comunes del uso de ordenadores, redes, dispositivos conectados y servicios de TI en las instalaciones y en la nube;
  • Comprender las formas más comunes de prevenir y mitigar los ataques contra sus dispositivos personales y sus datos;
  • Ser capaz de utilizar el cifrado para proteger los datos transferidos a través de una red y almacenados en dispositivos de almacenamiento y en la nube; 
  • Ser capaz de aplicar las mejores prácticas comunes de seguridad, proteger la información privada y asegurar su identidad;y
  • Ser capaces de utilizar de forma segura los servicios de TI y de asumir la responsabilidad de proteger sus dispositivos informáticos personales, aplicaciones, cuentas y perfiles en línea.

Examen de certificación

LPI - Linux essentialsPara obtener la certificación LPI Security Essentials es necesario realizar el examen 020-100 Security Essentials

El examen Security Essentials cubre conocimientos preliminares en todos los campos importantes de la seguridad informática. El certificado está dirigido a estudiantes que hayan realizado su primer curso en seguridad informática, a todos los miembros y personal de organizaciones que deseen mejorar su seguridad informática, así como a particulares que deseen alcanzar una competencia básica en el uso seguro de la tecnología de la información.

  • Versión actual: 1.0 (Código de examen 020-100)
  • Requisitos previos: No hay requisitos previos para esta certificación
  • Requisitos: Aprobar el examen Security Essentials 020
  • Formato del examen: 40 preguntas y debe completarse en 60 minutos
  • Periodo de validez: De por vida

* El precio del examen está incluido en el precio del curso
Contenido

Modul 1 Security Concepts

  • Goals, Roles and Actors
      • Understanding of the importance of IT security
      • Understanding of common security goals
      • Understanding of common roles in security
      • Understanding of common goals of attacks against IT systems and devices
      • Understanding of the concept of attribution and related issues

  • Risk Assessment and Management
      • Know common sources for security information
      • Understanding of security incident classification schema and important types of security vulnerabilities
      • Understanding of the concepts of security assessments and IT forensics
      • Awareness of Information Security Management Systems (ISMS) and Information Security Incident Response Plans and Teams

  • Ethical Behavior
      • Understanding the implications for others of actions taken related to security
      • Handling information about security vulnerabilities responsibly
      • Handling confidential information responsibly
      • Awareness of personal, financial, ecological, and social implication of errors and outages in information technology services
      • Awareness of legal implications of security scans, assessments, and attacks

 

Modul 2 Encryption

  • Cryptography and Public Key Infrastructure
      • Understanding of the concepts of symmetric, asymmetric, and hybrid cryptography
      • Understanding of the concept of Perfect Forward Secrecy
      • Understanding of the concepts of hash functions, ciphers, and key exchange algorithms
      • Understanding of the differences between end-to-end encryption and transport encryption
      • Understanding of the concepts of Public Key Infrastructures (PKI), Certificate Authorities, and Trusted Root-CAs
      • Understanding of the concepts X.509 certificates
      • Understanding of how X.509 certificates are requested and issued
      • Awareness of certificate revocation
      • Awareness of Let’s Encrypt
      • Awareness of important cryptographic algorithms

  •  Web Encryption
      • Understanding of the major differences between plain text protocols and transport encryption
      • Understanding of the concepts of HTTPS
      • Understanding of important fields in X.509 certificates for the use with HTTPS
      • Understanding of how X.509 certificates are associated with a specific web site
      • Understanding of the validity checks web browsers perform on X.509 certificates
      • Determining whether or not a website is encrypted, including common browser messages

  • Email Encryption
      • Understanding of email encryption and email signatures
      • Understanding of OpenPGP
      • Understanding of S/MIME
      • Understanding of the role of OpenPGP key servers
      • Understanding of the role of certificates for S/MIME
      • Understanding of how PGP keys and S/MIME certificates are associated with an email address
      • Using Mozilla Thunderbird to send and receive encrypted email using OpenPGP and S/MIME

  • Data Storage Encryption
      • Understanding of the concepts of data, file, and storage device encryption
      • Using VeraCrypt to store data in an encrypted container or an encrypted storage devices
      • Understanding the core features of BitLocker
      • Using Cryptomator to encrypt files stored in file storage cloud services

Modul 3 Device and Storage Security

  • Hardware Security
      • Understanding of the major components of a computer
      • Understanding of the smart devices and the Internet of Things (IoT)
      • Understanding of the security implications of physical access to a computer
      • Understanding of USB devices devices types, connections, and security aspects
      • Understanding of Bluetooth devices types, connections, and security aspects
      • Understanding of RFID devices types, connections, and security aspects
      • Awareness of Trusted Computing

  • Application Security
      • Understanding of common types of software
      • Understanding of various sources for applications and ways to securely procure and install software
      • Understanding of updates for firmware, operating systems, and applications
      • Understanding of sources for mobile applications
      • Understanding of common security vulnerabilities in software
      • Understanding of the concepts of local protective software

  • Malware
      • Understanding of common types of malware
      • Understanding of the concepts of rootkit and remote access
      • Understanding of virus and malware scanners
      • Awareness of the risk of malware used for spying, data exfiltration, and address books copies

  • Data Availability
      • Understanding of the importance of backups
      • Understanding of common backup types and strategies
      • Understanding of the security implications of backups
      • Creating and securely storing backups
      • Understanding of data storage, access, and sharing in cloud services
      • Understanding of the security implications of cloud storage and shared access in the cloud
      • Awareness of the dependence on Internet connection and the synchronization of data between cloud services and local storage

 Modul 4 Network and Service Security

  • Networks, Network Services and the Internet
      • Understanding of the various types of network media and network devices
      • Understanding of the concepts of IP networks and the Internet
      • Understanding of the concepts of routing and Internet Service Providers (ISPs)
      • Understanding of the concepts of MAC and link-layer addresses, IP addresses, TCP and UDP ports, and DNS
      • Understanding of the concepts of cloud computing

  • Network and Internet Security
      • Understanding of the implications of link layer access
      • Understanding of the risks and secure use of WiFi networks
      • Understanding of the concepts of traffic interception
      • Understanding of common security threats in the Internet along with approaches of mitigation

  • Network Encryption and Anonymity
      • Understanding of virtual private networks (VPN)
      • Understanding of the concepts of end-to-end encryption
      • Understanding anonymity and recognition in the Internet
      • Identification due to link layer addresses and IP addresses
      • Understanding of the concepts of proxy servers
      • Understanding of the concepts of TOR
      • Awareness of the Darknet
      • Awareness of cryptocurrencies and their anonymity aspects

 Modul 5 Identity and Privacy

  • Identity and Authentication
      • Understanding of the concepts of digital identities.
      • Understanding of the concepts of authentication, authorization, and accounting
      • Understanding of the characteristics of secure password (e.g. length, special characters, change frequencies, complexity)
      • Using a password manager
      • Understanding of the concepts of security questions and account recovery tools
      • Understanding of the concepts of multi-factor authentication (MFA), including common factors
      • Understanding of the concepts of single sign-on (SSO) and social media logins
      • Understanding of the role of email accounts for IT security
      • Understanding of how passwords are stored in online services
      • Understanding of common attacks against passwords
      • Monitoring personal accounts for password leaks (e.g. search engine alerts for usernames and password leak checkers)
      • Understanding of the security aspects of online banking and credit cards

  • Information Confidentiality and Secure Communication
      • Understanding the implications and risks of data leaks and intercepted communication
      • Understanding of phishing and social engineering and scamming
      • Understanding the concepts of email spam filters
      • Securely handling of received email attachments
      • Sharing information securely and responsibly using email cloud shares and messaging services
      • Using encrypted instant messaging

  • Privacy Protection
      • Understanding of the importance of personal information
      • Understanding of how personal information can be used for a malicious purpose
      • Understanding of the concepts of information gathering, profiling, and user tracking
      • Managing profile privacy settings on social media platforms and online services
      • Understanding of the risk of publishing personal information
      • Understanding of the rights regarding personal information (e.g. GDPR)