Essentials of Information Security (Security+) Training Class

1. Attack Methods

• Information Gathering
  
  
  
  • Social Engineering
  
  
  • Scanning and Version Information
  
  
  
  


• Unauthorized Access
  
  
  
  • Misadministration
    
    
    
    • User Accounts and Passwords
    
    
    • Defaults Left On
    
    
    
    
  
  
  • Software Bugs
    
    
    
    • Buffer Overflows
    
    
    • Bad Input Data
    
    
    
    
  
  
  
  


• Malicious Code
  
  
  
  • Classic Malware
    
    
    
    • Viruses
    
    
    • Worms
    
    
    • Trojan Horses
    
    
    • Logic Bombs
    
    
    
    
  
  
  • Active Code
    
    
    
    • Javascript
    
    
    • ActiveX
    
    
    • Signed Applets
    
    
    
    
  
  
  
  


• Miscellaneous Attacks
  
  
  
  • Generic Attacks
    
    
    
    • Back Door
    
    
    • Spoofing
    
    
    • Man in the Middle
    
    
    • Replay Attacks
    
    
    
    
  
  
  • Crypto Attacks
    
    
    
    • Weak Keys
    
    
    • Mathematical
    
    
    • Birthday
    
    
    
    
  
  
  • Privacy & ID Theft
    
    
    
    • Cookies
    
    
    • Phishing
    
    
    • Keyloggers
    
    
    
    
  
  
  
  


• Denial of Service
  
  
  
  • TCP SYN Floods
  
  
  • Distributed DOS
  
  
  • Botnets
  
  
  
  


• Security Intelligence

2. Security Assessment

• Risk Assessment
  
  
  
  • What Assets to Protect
  
  
  • What the Threats Are
  
  
  • Survey Your Vulnerabilities
  
  
  • Implement Safeguards
  
  
  
  


• Who are the Attackers?
  
  
  
  • Hacker Motives
  
  
  
  


• Legal Issues
  
  
  
  • Computer Fraud and Abuse Act
  
  
  • Regulatory Compliance
  
  
  • Traffic Monitoring
  
  
  • Due Diligence and Downstream Liability
  
  
  • Jurisdictions
  
  
  
  


• Insurance Against Losses

3. Security Policies

• Security Policy Characteristics


• Types of Policies
  
  
  
  • Business Continuity Plan
  
  
  • Disaster Recovery Plan
  
  
  • Service Level Agreement
  
  
  • Physical Security Policy
  
  
  • User Security Policy
  
  
  • Network Security Policy
    
    
    
    • Architecture
    
    
    • Services and Access
    
    
    
    
  
  
  • Physical Security Policy
    
    
    
    • Barriers, Detection, Response
    
    
    
    
  
  
  • User Security Policy
    
    
    
    • Communication
    
    
    • Online Resources
    
    
    • User Education
    
    
    • Security Awareness
    
    
    • Acceptable Use Policy
    
    
    
    
  
  
  • Documentation Policies
    
    
    
    • Information Classification and Notification
    
    
    • Information Backup
    
    
    • Information Retention, Storage, and Destruction
    
    
    • Configuration Management
    
    
    • Logs and Inventories
    
    
    
    
  
  
  • Human Resources Policy
  
  
  
  


• General Security Policy Guidelines
  
  
  
  • Least Privilege, Need to Know
  
  
  • Defense in Depth, Diversity of Defense
  
  
  • Universal Participation
  
  
  • Fail-Safe Stance
  
  
  • Simplicity
  
  
  
  

4. Vulnerability Assessment and Audit

• Vulnerability Detection and Audit Policy


• Vulnerability Assessment


• Types of Vulnerability Scanners


• Desirable Scanner Features
  
  
  
  • Considerations
  
  
  
  


• Reasons to Audit
  
  
  
  • How to Audit
  
  
  
  

5. Intrusion Detection and Incident Response

• Intrusion Detection Systems (IDSs)
  
  
  
  • Anomaly Detection
  
  
  • Attack Signature Detection
  
  
  
  


• Types of IDS Devices
  
  
  
  • Network-Based Detection
  
  
  • Host-Based Detection
  
  
  • Active vs. Passive Detection
  
  
  • Honeypots
  
  
  
  


• Typical IDS Features


• Centralization and Placement


• IDS Issues


• Incident Response


• Incident Response Policy
  
  
  
  • Document Your Actions
  
  
  • Notify Appropriate Personnel
  
  
  • Criminal Investigation
  
  
  • Gather Evidence
  
  
  • Investigate the Incident
  
  
  • Contain Damage and Repair
  
  
  
  

6. Host Security

• Types of Hosts
  
  
  
  • Workstations
  
  
  • Servers
    
    
    
    • Internal vs. External
    
    
    
    
  
  
  
  


• General Configuration Guidelines
  
  
  
  • Hardening the Operating System
    
    
    
    • Starting with a Clean System
      
      
      
      • Installing OS Patches
      
      
      
      
    
    
    • Disabling Excess Services
    
    
    • Removing Nonessential Programs and Services
      
      
      
      • Removing Executables
      
      
      
      
    
    
    • Using Warning Logon Banners
    
    
    • Limiting User Accounts and User Access
    
    
    • Configuring Filtering on the OS
    
    
    • Enabling Logging and Auditing
    
    
    
    
  
  
  • Securing the Application
  
  
  • Installing Security Patches
  
  
  • Disabling or Removing Sample Applications and Scripts
  
  
  • Setting Authentication Methods
  
  
  • Enabling Logging
  
  
  
  


• Special Considerations
  
  
  
  • End User Workstations
  
  
  • Specific Application Hardening Issues
    
    
    
    • Web Server
    
    
    • FTP Server
    
    
    • DNS Server
    
    
    • Mail Server
    
    
    • Other Servers
      
      
      
      • File and Print Server
      
      
      • Directory Server
      
      
      • Database Server
      
      
      • DHCP Server
      
      
      
      
    
    
    
    
  
  
  
  


• Security Baselines

7. Network Components

• Network Media
  
  
  
  • Twisted-Pair Cable
  
  
  • Fiber-Optic Cable
  
  
  • Coax Cable
  
  
  • Removable Media
  
  
  
  


• General Network Devices
  
  
  
  • Hubs & Switches
  
  
  • VLANS
  
  
  • Routers
  
  
  • Bastion Hosts
  
  
  
  


• Firewalls
  
  
  
  • Firewall Advantages
  
  
  • Firewall Disadvantages
  
  
  • Firewall Products
  
  
  • Personal or Host Firewalls
  
  
  <

Anyone interested in expanding their knowledge of designing or implementing
security policy in an enterprise network, specifically network engineers and
managers, security administrators, IS and data center managers, system
administrators, security analysts, and individuals seeking the CompTIA Security+??
certification.

• Fundamental knowledge of TCP/IP is required. Our TCP/IP Networking course
  provides an excellent foundation.