Networking Concepts in Security+

[Joel M]

That is my thinking as well. How can you secure a network if you do not know how networks work? However, I do hear in cases where Security+ is offered first. So, I am wondering how popular this approach is, and how are the networking concepts approached when teaching Security+.

I believe it is possible if the learner has studied the basic networking, cloud, and security concepts in the A+ material, it is pretty good?

 

[Stephen Schneiter]

Now, I saw at Summit the progression of Tech+, A+_Cyber, Security+ for learners getting into the field.
A+_Cyber's training page on Coursera (linked from CompTIA) indicates a total training time of 31 hours for A+_Cyber, with students at Beginner Level, which is described as "This course is designed for beginners with minimal to no experience in IT, making it accessible to all.". This says to me that a zero experienced student would be ready to sit Security+ after less than one week of training time.

Good feedback, I am interested to see how the a+ mini courses work out. I am wondering if instead of a+ Cyber, the a+ Network would be enough to fill the basics for instructors having to teach Security+ to students without a tech background. Will be interesting to see.

 

[Stephen Schneiter]

I think the challenge is how do we as Instructors teach to learn and remember information for longevity.
one way I found that seems to work is, take something the student already knows and ‘relate’ to it.

now with chatGPT I challenge my students to ask questions like, could you explain the OSI model with marvel heros?

And this is the response:

ChatGPT

Sure, think of the OSI (Open Systems Interconnection) model as a team of Marvel superheroes:

1. Physical Layer - The Hulk: The Hulk is the powerhouse, dealing with raw strength. Similarly, the Physical Layer deals with the physical connection of devices, like cables and hardware.
2. Data Link Layer - Black Widow and Hawkeye: This layer is about communication between directly connected devices. Black Widow and Hawkeye work together efficiently, just like devices communicating on the same network.
3. Network Layer - Iron Man: Iron Man handles routing and directing the flow of traffic in various situations. Similarly, the Network Layer manages the path data takes through the network.
4. Transport Layer - Captain America: Captain America ensures the safe transportation of his team. Similarly, the Transport Layer is responsible for end-to-end communication and data integrity.
5. Session Layer - Doctor Strange: Doctor Strange establishes, maintains, and terminates communication sessions. Similarly, the Session Layer manages and controls dialogues between two devices.
6. Presentation Layer - Ant-Man: Ant-Man deals with the transformation of his size, much like the Presentation Layer, which handles data format translation and encryption/decryption.
7. Application Layer - Spider-Man: Spider-Man interacts directly with users, just as the Application Layer provides network services directly to end-users or applications.

Each superhero (layer) has a specific role, and together they form a powerful team (model) to ensure efficient communication.

—————-

This is awesome! I really like how you take this approach and bring in the AI into the classroom as well. Really good points! Thanks for sharing!

 

[Red Kohler]

Just imagine if we had that available 20 years ago….

 

[Hank Cox]

Thanks for the question Stephen, and thanks to those who have responded. Also thank you Rick – you have the best Sherlock Holmes quote for cybersecurity analysts!

I cover the networking concepts as they come up in Security+. But first, when introducing the class, I try to set the stage for student interaction.

I ask students: Who in this class is Network+ certified? I point out that most people in the class do not have Network+, and there is a lot of information in the Network+ course. (In most of my Security+ classes, less than half have had a Network+ class or certification.)

Next, I tell a quick story about my first week at college. A professor said to a student “Algebra, geometry, and trigonometry are prerequisites for this course. If you don’t understand them, you don’t belong here.” Then, I say something like: “I never wanted to ask a question in that class. This class will be different. During the time we have this week, my job is to talk in a language that everyone here can easily understand. Learning the vocabulary is essential to understanding these concepts and passing the Security+ exam. If I use a word, acronym, or term that does not make sense to you personally, please ask me to explain – even if it may be part of the prerequisites for this course. Don’t worry about whether I am making sense to anybody else. If I am not making sense to you personally, please ask a question. Also, only you can decide if you are satisfied with the answer. You have not only my permission, but also my explicit request to please let me know if you asked a question that I have not answered to your satisfaction.”

When presenting topics, I emphasize networking concepts like OSI layers, MAC vs IP addresses, which protocols are used, and so on. For Network+ topics that are relevant to Security+, I like to ask the students questions, and then build on their answers: When a workstation boots up, what servers might it need to talk to before the user can log on? Does anyone know what protocols are used for these communications? Can someone tell me if this traffic is encrypted? Is it authenticated? What TCP or UDP port does this use?