Module 1: Computer Systems Security

• The Basics of Information Security
• Computer Systems Security Threats
• Malicious Software
• Viruses
• Worms
• Trojan Horses
• Spyware
• Rootkits
• Spam
• Summary of Malware Threats
• Ways to Deliver Malicious Software
• Active Interception
• Privilege Escalation
• Backdoors
• Logic Bombs
• Botnets and Zombies
• Implementing Security Applications
• Personal Software Firewalls
• Host-Based Intrusion Detection Systems
• Pop-Up Blockers
• Data Loss Prevention Systems
• Securing Computer Hardware and Peripherals
• Securing the BIOS
• Securing Storage Devices
• Removable Storage
• Network Attached Storage
• Whole Disk Encryption
• Hardware Security Modules

Module 2: OS Hardening and Virtualization

• Hardening Operating Systems
• Removing Unnecessary Applications and Services
• Service Packs
• Windows Update, Patches, and Hotfixes
• Patches and Hotfixes
• Patch Management
• Group Policies, Security Templates, and Configuration Baselines
• Hardening File Systems and Hard Drives
• Virtualization Technology
• Types of Virtualization and Their Purposes
• Working with Virtual Machines
• Microsoft Virtual PC
• Securing Virtual Machines

Module 3: Application Security

• Securing the Browser
• General Browser Security Procedures
• Implement Policies
• Use a Proxy and Content Filter
• Secure Against Malicious Code
• Securing Internet Explorer
• Securing Other Applications
• Secure Programming
• Systems Development Life Cycle
• Programming Vulnerabilities and Attacks
• More Code Injection Examples

Module 4: Network Design Elements and Network Threats

• Network Design
• Network Devices
• Hub   Switch   Router
• Network Address Translation, and Private Versus Public IP
• Network Zones and Interconnections
• LAN Versus WAN
• Internet
• Demilitarized Zone (DMZ)
• Intranets and Extranets
• Cloud Computing
• Network Access Control (NAC)
• Subnetting
• Virtual Local Area Network (VLAN)
• Telephony Devices
• Modems /   PBX Equipment
• VOIP
• Ports and Protocols
• Ports Ranges, Inbound Versus Outbound, and Common Ports
• Malicious Network Attacks
• DoS   DDoS     Spoofing
• Transitive Access and Client-Side Attacks
• DNS Poisoning and Other DNS Attacks
• ARP Poisoning

 

Module 5: Network Perimeter Security

• Firewalls and Network Security
• Firewalls
• Proxy Servers
• Data Loss Prevention (DLP)
• NIDS Versus NIPS
• NIDS / NIPS

Module 6: Securing Network Media and Devices

• Securing Wired Networks and Devices
• Network Device Vulnerabilities
• Weak Passwords
• Privilege Escalation
• Network Attacks
• Other Network Device Considerations
• Cable Media Vulnerabilities
• Interference
• Crosstalk
• Data Emanation
• Tapping into Data and Conversations
• Securing Wireless Networks
• Wireless Access Point Vulnerabilities
• Secure the Administration Interface
• SSID Broadcast
• Rogue Access Points
• Weak Encryption
• Other Wireless Access Point Security Strategies
• Wireless Transmission Vulnerabilities
• Bluetooth Vulnerabilities
• Bluejacking / Bluesnarfing

Module 7: Physical Security and Authentication Models

• General Building and Server Room Security
• Door Access / Biometric Readers
• Authentication Models and Components
• Authentication Models
• Localized Authentication Technologies
• 1X and EAP 273
• LDAP
• Kerberos and Mutual Authentication
• Terminal Services
• Remote Authentication Technologies
• Remote Access Service
• Virtual Private Networks
• RADIUS Versus TACACS

Module 8: Access Control Methods and Models

• Access Control Models Defined
• Discretionary Access Control
• Mandatory Access Control
• Access Control Wise Practices
• Rights, Permissions, and Policies
• Users, Groups, and Permissions
• Permission Inheritance and Propagation
• Moving and Copying Folders and Files
• Usernames and Passwords
• Policies
• User Account Control (UAC)

Module 9: Vulnerability and Risk Assessment

• Conducting Risk Assessments
• Qualitative Risk Assessment
• Quantitative Risk Assessment
• Security Analysis Methodologies
• Security Controls
• Vulnerability Management
• Penetration Testing
• Assessing Vulnerability with Security Tools 352
• Vulnerability Scanning 355
• Network Sniffing 358

Module 10: Monitoring and Auditing

• Monitoring Methodologies
• Signature-Based Monitoring
• Anomaly-Based Monitoring
• Behavior-Based Monitoring
• Using Tools to Monitor Systems and Networks
• Performance Baselining
• Protocol Analyzers
• Wireshark
• Network Monitor
• SNMP
• Conducting Audits
• Auditing Files
• Logging
• Log File Maintenance and Security
• Auditing System Security Settings

Module 11: Encryption and Hashing Concepts

• Cryptography Concepts
• Symmetric Versus Asymmetric Key Algorithms
• Symmetric Key Algorithms
• Asymmetric Key Algorithms
• Public Key Cryptography
• Key Management 422
• Steganography
• Encryption Algorithms
• DES and 3DES
• RC / RSA
• Hashing Basics
• Cryptographic Hash Functions
• MD5 / SHA

Module 12: PKI and Encryption Protocols

• Public Key Infrastructure
• Certificates
• Single-Sided and Dual-Sided Certificates
• Web of Trust
• Security Protocols
• S/MIME / SSL/TLS / SSH
• PPTP, L2TP, and IPsec
• PPTP / L2TP / IPsec

Module 13: Redundancy and Disaster Recovery

• Redundancy Planning
• Redundant Power
• Redundant Power Supplies
• Uninterruptible Power Supplies
• Backup Generators
• Redundant Data
• Redundant Networking
• Redundant Servers
• Redundant Sites
• Disaster Recovery Planning and Procedures
• Data Backup

Module 14: Policies, Procedures, and People

• Environmental Controls
• Fire Suppression and Extinguishers
• Sprinkler Systems
• Special Hazard Protection Systems
• Shielding / Social Engineering
• Pretexting
• Diversion Theft
• Phishing / Hoaxes / Shoulder Surfing
• Eavesdropping
• Dumpster Diving
• Baiting
• Piggybacking / Tailgating
• Summary of Social Engineering Types
• User Education and Awareness
• Legislative and Organizational Policies
• Data Sensitivity and Classification of Information
• Personnel Security Policies
• Privacy Policies
• Acceptable Use
• Change Management