Security +

Code : IT007
Request In-house Training Proposal

Module 1: Computer Systems Security

  • The Basics of Information Security
  • Computer Systems Security Threats
  • Malicious Software
  • Viruses
  • Worms
  • Trojan Horses
  • Spyware
  • Rootkits
  • Spam
  • Summary of Malware Threats
  • Ways to Deliver Malicious Software
  • Active Interception
  • Privilege Escalation
  • Backdoors
  • Logic Bombs
  • Botnets and Zombies
  • Implementing Security Applications
  • Personal Software Firewalls
  • Host-Based Intrusion Detection Systems
  • Pop-Up Blockers
  • Data Loss Prevention Systems
  • Securing Computer Hardware and Peripherals
  • Securing the BIOS
  • Securing Storage Devices
  • Removable Storage
  • Network Attached Storage
  • Whole Disk Encryption
  • Hardware Security Modules

Module 2: OS Hardening and Virtualization

  • Hardening Operating Systems
  • Removing Unnecessary Applications and Services
  • Service Packs
  • Windows Update, Patches, and Hotfixes
  • Patches and Hotfixes
  • Patch Management
  • Group Policies, Security Templates, and Configuration Baselines
  • Hardening File Systems and Hard Drives
  • Virtualization Technology
  • Types of Virtualization and Their Purposes
  • Working with Virtual Machines
  • Microsoft Virtual PC
  • Securing Virtual Machines

Module 3: Application Security

  • Securing the Browser
  • General Browser Security Procedures
  • Implement Policies
  • Use a Proxy and Content Filter
  • Secure Against Malicious Code
  • Securing Internet Explorer
  • Securing Other Applications
  • Secure Programming
  • Systems Development Life Cycle
  • Programming Vulnerabilities and Attacks
  • More Code Injection Examples

Module 4: Network Design Elements and Network Threats

  • Network Design
  • Network Devices
  • Hub   Switch   Router
  • Network Address Translation, and Private Versus Public IP
  • Network Zones and Interconnections
  • LAN Versus WAN
  • Internet
  • Demilitarized Zone (DMZ)
  • Intranets and Extranets
  • Cloud Computing
  • Network Access Control (NAC)
  • Subnetting
  • Virtual Local Area Network (VLAN)
  • Telephony Devices
  • Modems /   PBX Equipment
  • VOIP
  • Ports and Protocols
  • Ports Ranges, Inbound Versus Outbound, and Common Ports
  • Malicious Network Attacks
  • DoS   DDoS     Spoofing
  • Transitive Access and Client-Side Attacks
  • DNS Poisoning and Other DNS Attacks
  • ARP Poisoning

 

Module 5: Network Perimeter Security

  • Firewalls and Network Security
  • Firewalls
  • Proxy Servers
  • Data Loss Prevention (DLP)
  • NIDS Versus NIPS
  • NIDS / NIPS

Module 6: Securing Network Media and Devices

  • Securing Wired Networks and Devices
  • Network Device Vulnerabilities
  • Weak Passwords
  • Privilege Escalation
  • Network Attacks
  • Other Network Device Considerations
  • Cable Media Vulnerabilities
  • Interference
  • Crosstalk
  • Data Emanation
  • Tapping into Data and Conversations
  • Securing Wireless Networks
  • Wireless Access Point Vulnerabilities
  • Secure the Administration Interface
  • SSID Broadcast
  • Rogue Access Points
  • Weak Encryption
  • Other Wireless Access Point Security Strategies
  • Wireless Transmission Vulnerabilities
  • Bluetooth Vulnerabilities
  • Bluejacking / Bluesnarfing

Module 7: Physical Security and Authentication Models

  • General Building and Server Room Security
  • Door Access / Biometric Readers
  • Authentication Models and Components
  • Authentication Models
  • Localized Authentication Technologies
  • 1X and EAP 273
  • LDAP
  • Kerberos and Mutual Authentication
  • Terminal Services
  • Remote Authentication Technologies
  • Remote Access Service
  • Virtual Private Networks
  • RADIUS Versus TACACS

Module 8: Access Control Methods and Models

  • Access Control Models Defined
  • Discretionary Access Control
  • Mandatory Access Control
  • Access Control Wise Practices
  • Rights, Permissions, and Policies
  • Users, Groups, and Permissions
  • Permission Inheritance and Propagation
  • Moving and Copying Folders and Files
  • Usernames and Passwords
  • Policies
  • User Account Control (UAC)

Module 9: Vulnerability and Risk Assessment

  • Conducting Risk Assessments
  • Qualitative Risk Assessment
  • Quantitative Risk Assessment
  • Security Analysis Methodologies
  • Security Controls
  • Vulnerability Management
  • Penetration Testing
  • Assessing Vulnerability with Security Tools 352
  • Vulnerability Scanning 355
  • Network Sniffing 358

Module 10: Monitoring and Auditing

  • Monitoring Methodologies
  • Signature-Based Monitoring
  • Anomaly-Based Monitoring
  • Behavior-Based Monitoring
  • Using Tools to Monitor Systems and Networks
  • Performance Baselining
  • Protocol Analyzers
  • Wireshark
  • Network Monitor
  • SNMP
  • Conducting Audits
  • Auditing Files
  • Logging
  • Log File Maintenance and Security
  • Auditing System Security Settings

Module 11: Encryption and Hashing Concepts

  • Cryptography Concepts
  • Symmetric Versus Asymmetric Key Algorithms
  • Symmetric Key Algorithms
  • Asymmetric Key Algorithms
  • Public Key Cryptography
  • Key Management 422
  • Steganography
  • Encryption Algorithms
  • DES and 3DES
  • RC / RSA
  • Hashing Basics
  • Cryptographic Hash Functions
  • MD5 / SHA

Module 12: PKI and Encryption Protocols

  • Public Key Infrastructure
  • Certificates
  • Single-Sided and Dual-Sided Certificates
  • Web of Trust
  • Security Protocols
  • S/MIME / SSL/TLS / SSH
  • PPTP, L2TP, and IPsec
  • PPTP / L2TP / IPsec

Module 13: Redundancy and Disaster Recovery

  • Redundancy Planning
  • Redundant Power
  • Redundant Power Supplies
  • Uninterruptible Power Supplies
  • Backup Generators
  • Redundant Data
  • Redundant Networking
  • Redundant Servers
  • Redundant Sites
  • Disaster Recovery Planning and Procedures
  • Data Backup

Module 14: Policies, Procedures, and People

  • Environmental Controls
  • Fire Suppression and Extinguishers
  • Sprinkler Systems
  • Special Hazard Protection Systems
  • Shielding / Social Engineering
  • Pretexting
  • Diversion Theft
  • Phishing / Hoaxes / Shoulder Surfing
  • Eavesdropping
  • Dumpster Diving
  • Baiting
  • Piggybacking / Tailgating
  • Summary of Social Engineering Types
  • User Education and Awareness
  • Legislative and Organizational Policies
  • Data Sensitivity and Classification of Information
  • Personnel Security Policies
  • Privacy Policies
  • Acceptable Use
  • Change Management
Course Details
Personal Details
ACAD Professional Certificate - APC
ACAD Training & Consulting uses the power of its network to bring about positive, tangible change. We champion the training courses profession and the interests of individuals, engaged in that profession, for the benefit of all. ACAD Professional Certificates are designed for those who are enthusiastic to challenge themselves to reach the extra mile. Participants who fully attend an APC course and successfully pass the exam on the last training day, will receive an ACAD Professional Certificate (APC). APC are regionally recognized and can be esteemed when applying for more senior roles in Egypt and MENA region.

Exam Details:

Duration: 1 hour | Multiple Choice | Closed book | Pass mark: 65%

Course Schedule

Course Location and Date

24 - 28 Jan 2021
Cairo | Instructor-led
$2250
5 Sessions

Search in Courses