http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=13526&country=United+States
Course Outline
1. Cybersecurity Introduction, Job Roles, and Functions
- Security Fundamentals
- Security Importance
- Human Influence
- Vulnerabilities
- Typical Attack Sequence
- Social Engineering
- Footprinting
- Well-Known Parts
- Port Scanning
- Password/Passphrase Vulnerabilities
- Track Covering
2. Social Media Concerns
- Social Media
- Types
- Vulnerabilities
- Social Networking Sites
- Social Engineering
- Phishing
- Phishing via E-mail
- Online Attacks
- Statistical Data
- Security Breach Sources
3. Cyber Awareness
- CNCI
- Definition and Purpose of CNCI
- CNCI Initiative Details
- Legalities
- Laws and Rules
- Legal Compliance
- Cyber Attacks
- Malware
- Viruses
- Worms
- Logic Bombs
- Botnet
- Trojan Horse
- OSI Model
- DNS
4. Cyber Services
- Cyber Threats
- Denial of Service Vulnerabilities
- Server Hardening
- Web Server Hardening
- Mail Server Hardening
- FTP Server Hardening
- DNS Server Hardening
- Other Servers
- Workstation Considerations
- Network Appliances
- Wireless Access Hardening
- VLAN Security
- Software Attacks
5. Risk Management and Assessment
- Risk Management
- Risk Management Process
- Steps
- ALE Formula
- CRAMM Process
- Risk Management Lifecycle
- Protected Assets
- CIA Triad
- Threat Determination Process
- Risk Assessment
- Scenarios
- Criticality
- Prioritization
- Risk Management Lifecycle
- Steps
- Policy
- Assessment
- Baselines and ePolicy
- Vulnerabilities
- Vulnerability Categories
- Self-Assessment
- Weak Links in Security
- Technical Controls
- Due Care
- Insurance against Losses
6. Security Policy Management
- Security Policies
- Security Policy Definition
- Security Policy Use
- Security Policy Importance
- Legal Issues
- Policy Example
- Policy References
- Policies, Guides, Standards, Procedures, and Controls
- Coverage Matrix
- Preparing a Coverage Matrix
- Example Security Coverage Matrix
- Granular View of a Security Matrix
- Basic Policies
7. Vulnerability Assessment and Tools
- Vulnerability Testing
- Penetration Testing
- Risks of Penetration Testing
- Methodologies
- Testing
- Technology Testing Tools
8. Business Continuity Planning
- Disaster Types
- Disaster Recovery Plan
- Goals
- Steps for Creation
- Contents
- Design Requirements
- Priorities
- Recovery Strategies
- High Availability Considerations
- Data Collection
- Written Plan Documentation
- Plan Testing Sequence
- Business Continuity Planning
- Business Continuity Planning Process
- BCP Process Steps
- Controls
9. Host Security
- Types of Hosts
- General Configuration Guidelines
- Clean Systems
- Unnecessary Services
- Rules to Follow
- Warning Banners
- Limiting Access
- Administrators
- Users
- Configuring and Logging
- Security Patches
- Security Baselines
- Traffic Filtering
- Monitoring
10. Architectural Integration
- General Security Integration
- Services
- Needs
- Security Zones
- Filtering
- Screened Subnets
- Trusted Zones
- Devices
- Routers
- Firewalls
- DMZ Hosts
- Extenuating Circumstances
- Business-to-Business
- Exceptions to Policy
- Special Services and Protocols
- Configuration Management
- Development
- Certification and Accreditation
- Common Criteria
11. Authentication and Cryptography
- Authentication
- Identification
- Issues
- Cryptosystems
- Elements
- Password Protocols
- Hashes
- Kerberos
- Symmetric Encryption
- Asymmetric Encryption
- Digital Signatures
- Certificate Services
- Certificate Authorities
- Registration Authorities
- Models
- Policies
- Lifecycle
- Distribution
12. Securing Communications
- Terminology
- Tunnels
- Applying Cryptography to OSI Model
- Securing Services
- FTP and Telnet
- Transport
- SSL and TLS
- Gateway-to-Gateway VPN
- IPSec
- Wireless
- Wireless Weakness
- Wireless Security
- Steganography and NTFS Data Streams
- Steganography
- NTFS Alternate Data Streams
13. Intrusion Detection and Prevention Systems
- Intrusion
- Definition
- Defense in Depth
- Perimeter Router
- Firewall Monitoring
- Network Device Logging
- Host Monitoring
- Events Correlation
- IDS/IPS
- Placement of IDS Monitors and Sensors
- Monitoring
- Host-Based and Network-Based Differences
- Policy Management
- Behavioral Signatures
- IDS/IPS Weakness
- Encryption
- Coverage
- Overwhelmed
- False Positives
- Incorrect Configuration
14. Cyber Challenge Activities
- Network Analysis Review
15. Forensic Analysis
- Incident Handling
- Response
- Time and Reaction Sensitivity
- Issues for Consideration
- Response Procedures
- Evidence
- Logging
- Process
- Log Analysis Tools
16. Cyber Evolution
- Cyber Organization
- Cyber Forces
- Internet Leadership
- Internet Defenders
- Cyber Future
- Future Challenges
- Evolving Needs
- Cyber Maturity Barriers
- Einstein 2 and Future
- Goals
Labs
Lab 1: Social Media
- Phishing and Spyware
- Windows Activation
- Antivirus Notice
- Commercial Web Site
Lab 2: Cyber Awareness
- Scanning with Nmap
- Scanning with Zenmap
Lab 3: Cyber Services
- Telnet Banner Grabbing
- FTP Banner Grabbing
- SMTP Banner Grabbing
- Netcat
Lab 4: Risk Assessment
- Use Nessus to Identify Assets and Threats
- Asset Worksheet Completion
Lab 5: Business Continuity Plan
- Team Members/Key Contacts
- Team Status Reporting
- Priority IT Systems
- IT System Backup Details
- Recovery Process
Lab 6: Vulnerability Assessments and Audits
- Mapping Site Content Using Teleport Pro
- Using Cheops for Graphical Display of Network
- Working with LANguard
Lab 7: Host Security - Malware
- Connecting Remotely
- RECUB Service
Lab 8: Authentication and Cryptography
- Perform activities using Ettercap utility
- Perform and Witness a Man in the Middle (MITM) Attack
Lab 9: Cryptographic Attacks
- Using Steganographic Tools
- Advanced NTFS File Streaming
Lab 10: SNORT (Eagle X IDS) Install
- Installing Eagle X
- Configuring Eagle X
- Configure Rule to Ignore Hosts in SNORT
Lab 11: Cyber Challenge Activities
- Identifying Assets and Threats
- Completing Asset Worksheet
Lab 12: Forensics Analysis IIS Event Log Analysis
- Identifying Common Attacks through IIS Log Analysis
No comments:
Post a Comment