This cybersecurity course gives you a holistic perspective on the challenges of designing a secure system, touching on all the roles needed to deliver a cohesive security solution.
This cybersecurity course gives you a holistic perspective on the challenges of designing a secure system, touching on all the roles needed to deliver a cohesive security solution.
Through lectures, labs and discussion groups, you will better understand current Internet threat trends and their impact on organizational security. You will review standard cybersecurity terminology and compliance requirements.
You will review Exploit examples and gain hands-on experience with mitigation measures. In the Laboratory, you will work with live viruses, such as botnets, worms and Trojan horses.
Who Should Wait?
IT security professionals, including analysts, Intel analysts, policy analysts, security operations personnel, network administrators, system integrators, VARS and security consultants
What You Will Learn
Current cyber threats and cybersecurity reference sites
Government-Ordered Guidelines and Compliance Requirements
Cyber ??roles needed to successfully design secure systems
Cycle of Attacks Perpetrated by Malicious Hackers
Company policy requirements
Optimal strategies for securing the enterprise, with layered defenses
Potential of security zones and a detailed log to increase information security
Forensic Challenges and Incident Response Planning
Risk management process
Achievable goals with system verification, digitalization and testing
Industry Recommendations for Maintaining Secure Access Control
Encryption solutions to secure communications
The Lesson Plan
The cyber battlefield
Critical Business Security
The growth of the Internet around the world
Security principles
Security goals
Threat and exposure terminology
Exhibitions and exploits
Hackers and code crackers
Attack methods
Social engineering
Common attack vectors
Traffic analysis
Respond to threats and attacks
Risk management documents and procedures
Penetration testing
OSSTMM
NIST
Penetration Testing Risks
Structure of the Internet and TCP/IP
CNCI
Initiatives
Legal Compliance Standards
Laws
Federal Agency Compliance
Business regulatory compliance
Internet Leadership IANA
Regional Internet Registry
Protocols and RFCs
TCP/IP model
Network access layer
Internet layer
Host-to-Host
Process layer
Domain Name Service
Vulnerability assessment and tools
Vulnerabilities and exploits
Vulnerability Assessment Tools
Application level scanners
System level scanners
System level testing tools
Open Source system level scanner tools
Commercial system level scanner tools
Advanced attack techniques and advanced tools
Commercial Exploit Tools
Free exploit tool: Metasploit
Free exploit tool: BeFF
Random data tests (Fuzz)
Preventing exploits and attacks
Patch management
Common exposures and vulnerabilities
Software and alerts
Tools
Vulnerability scan
Common Security Sites
Patch management
? Tools
Cybersecurity Awareness
Social engineering
? Objectives of social engineering
? What makes social engineering possible
? Targets
? Attack
? Phishing
? Email phishing
? Online attacks
? Statistical data
? Sources of security breaches
? Prevention of social engineering
Cybersecurity Awareness: Policies and Procedures
? Security policy topics
? Social media
? Social networking sites
Cyber ??attacks: Footprinting and scanning
Footprinting
? Information collection
? Unearth the initial information
? Internet archive
? People search
? Locations and mapping
? Job bulletins
? Financial information
? Google and search engines
Identification of the target network and its scope
? WHOIS utility
? Online DNS Lookup Tools
? Traceroute
? Countermeasures to footprinting
Detection of dynamic systems
? Bypass authentication
? War Dialing
? Wardriving
? ICMP: Ping
? Port scanning
? Perform TCP and UDP scans
? Port numbers
TCP Flags
? ThreeWay Handshake TCP
Port Scanning Techniques
? Full Connect TCP port scanning
? TCP HalfOpen (SYN) scanning
? Nmap HalfOpen Scanning
? UDP port scanning
? Nmap scanning types and switches
? Port Scanning Tools
? OS Fingerprinting
? Active Stack Fingerprinting
? Passive Fingerprinting
Proxies and anonymizers
Scanning Countermeasures
Cyberattacks: Break-in
Password attack
Privilege escalation
Maintaining access
Windows Authentication
? SysKey encryption
? LAN Manager password encryption
? Windows LAN Manager and NTLM hashes
? Linux password encryption
? Insecurities of the SAM database
Password decoding
? Password cracking techniques
? Password cracking tools
? LCP
? John the Ripper
? Cain and Abel
Password cracking countermeasures
Cover the tracks
? Principle of exchange
Clearing the log
Masking tools, files and programs
? NTFS Alternate Data Streaming
Information Hiding: Methods
? Steganography
? Steganography detection
? Rootkits
Countermeasures: Rootkits
Cyberattacks: Backdoor and Trojans
Malware
Trojan horse
? Trojan horse infection mechanisms
? Notorious Trojans
? Distribution method wrappers
? Trojan autostart methods
Secret communications
Stealth technique: Avoid detection
Backdoor Countermeasures
Malware Countermeasure
Anti-spyware software
Anti-Malware Practices
Cyber ??risk assessment and management
Risk management measures
Determine ALE
CRAMM process
Risk management cycle
Protected assets
CIA Triad
Quantitative risk assessment
Threat Determination Process
Risk Assessment
Life cycle
Steps
Vulnerability Categories
Company assets vs. risks
Benefits of Risk Management
Policy
Environmental assessment
Security policy management
Security policy
Use
Importance
Legal notices
Example
Policy References
Policies, guides, standards, procedures and controls
Security policy coverage matrix
Example: Internet Security Coverage Matrix
Granular view of a security matrix
Basic policies
Securing servers and hosts
Host Types
General configuration guidelines
Clean systems
Unnecessary services
Warning banners
Limiting access
Configuration and logging
Security fixes
Safety lines
Traffic Filter Monitoring
DoS vulnerabilities
Server hardening
Web server reinforcement
Strengthening the mail server
Strengthening the FTP server
DNS server hardening
? Other servers
Workstation Considerations
Network devices
Strengthening wireless access
VLAN Security
Software attacks
Securing communications
Application of cryptography to the OSI model
Tunnels
Securing services
? Telnet and FTP
? SSL and TLS
? Gateway-to-Gateway VPN
? Host-to-Gateway VPN
? IP security
? Wireless access communication
? Wireless security
Authentication and encryption solutions
Authentication
Authentication issues
Password authentication of encryption systems
Hash functions
Kerberos cryptographic advantages
PKI components of symmetric key encryption, asymmetric encryption, digital signatures
Modeled
Policies
Life cycle
Distribution
Firewalls and edge devices
General security integration
Services
Service needs
? Security zones
? Filtering
? Selected subnets
? Trust zones
? Devices
? Routers
? Firewall
? DMZ Host
? Other security considerations
Business-to-Business Communications
Exceptions to the policy
? Special services and protocols
Configuration management
Software development security
Certification and accreditation
Common criteria
Intrusion prevention and detection
Defense in depth
Network device logging
? Host monitoring and recording
? Event correlation
? Surveillance placement and IDS sensors
? Monitoring
? Differences between host-based and network-based
? Policy management
? Behavioral signatures
? IDS and IPS weaknesses
? Encryption
? Bad configuration
Forensic analysis
Incident management
Reaction to the security incident
? Time and reaction sensitivity
? Incident management questions and considerations
? Reaction procedures
? Evidence
? Log
? Log analysis tools
? Active ports
?Dependency Walker
? File maintenance
Business recovery and continuity
Types of disasters
Business Resumption Plan (PRA)
DRP Objectives
Creating a DRP
DRP Content
DRP Design Requirements
DRP Priorities
Recovery Strategies
High availability
Data collection documentation
RRD test
Business Continuity Planning
BCP steps
Cyber ??revolution
Cyberforces
Cyberterrorism
Cybersecurity: crime, war or fear campaign?
7 Cyber ??Compliance Initiatives
Cyber ??defense in depth
Education and formatio
Global Knowledg is the world's leading provider of training services and professional development solutions. Through our training solutions, we support our clients as they adapt to the major business transformations and technological breakthroughs that enable every global company to differentiate and thrive.
Whether designed for a global organization or an individual professional, our training programs help companies close skills gaps and encourage an environment where talent continues to develop.
With the most relevant and up-to-date content, delivered by the best trainers, we offer our clients around the world the choice of personalized private company programs, convenient public training schedules, flexible animation formats, and ongoing learning support to accelerate their success.
Our business skills solutions teach essential skills in communication, leadership development, business analysis, project management, IT service management, and process improvement. With thousands of courses ranging from basic training to specialized certifications, our IT training focuses on our technology partners like Amazon Web Services, Cisco, IBM, Microsoft, Red Hat, SAP, and VMware.
We offer comprehensive professional development addressing advancements in application development, big data analytics, change management, cloud computing, cyber security, and networking. Established in 1995, Global Knowledge employs more than 1,700 people worldwide. The headquarters is located in Cary, North Carolina.
This course is designed to provide you with an overview of criminal activity perpetrated using computers, the internet, and other network-connected digital devices.
In collaboration with the employer community, we rapidly train essential skill sets required to secure high-paying entry-level information security jobs.
The CCCS Cybersecurity Awareness and Prevention Training course teaches you specific rules on how to identify phishing emails, browsing, and mobile devices. Best practices to take control over social engineering.
DBG's instructor-led course will teach students to recognize potential exploitation paths through a series of structured labs that simulate common attacks performed by DBG testers everyday.
The C|CISO certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security.
© 2024 coursetakers.com All Rights Reserved. Terms and Conditions of use | Privacy Policy