Fundamentals and Best Practices of Information Security
The goal of this 5 day hands on information security course is to provide IT Pros with the knowledge and skills necessary to demonstrate a broad knowledge of security concerns and perform day-to-day security functions.
This class additionally prepares you to pass the CompTIA Security+ certification. The Security+ certification is recognized around the world as the benchmark for foundation-level security professionals. Reasons why you should attend this course:
• Learn industry-standard information security best practices for securing networks & systems
• 5 days of intensive hands-on lab based training
• Over 94% of our students pass the Security+ upon completion of this course
In this course, you will gain knowledge of identifying social engineering attacks, the types of attacks that target your computers and devices and the applications, operating systems, and protocols that they use, and the types of attacks that are directed against the physical devices in your enterprise.
This course is targeted toward an Information Technology (IT) professional who has networking and administrative skills who want to further a career in IT by acquiring a foundational knowledge of security topics; prepare for the CompTIA Security+ Certification examination; or use Security+ as the foundation for advanced security certifications or career roles.
The CompTIA Security+ validates knowledge of communication security, infrastructure security, cryptography, operational security, and general security concepts. It is an international, vendor-neutral certification that is taught at colleges, universities and commercial training centers around the world. Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years on-the-job networking experience, with an emphasis on security.
Because human error is the number one cause for a network security breach, CompTIA Security+ is recognized by the technology community as a valuable credential that proves competency with information security. Major corporations such as Sun, IBM/Tivoli Software Group, Symantec, Motorola, Hitachi Electronics Services and Verisign value the CompTIA Security+ certification and recommend or require it of their IT employees.
Security+ Examination Objectives:
The skills and knowledge measured by the Security+ examination were derived and validated though input from a committee and over 1,000 subject matter experts representative of industry. A job task analysis (JTA), global survey, beta examination and beta results review were each milestones in the development process.
The results of these milestones were used in weighing the domains and ensuring that the weighting assigned to each domain is representative of the relative importance of the content. The Security+ certification is an internationally recognized validation of the technical knowledge required of foundation-level security practitioners. A Security+ certified individual has successfully proven holding a foundation-level of skill and knowledge in General Security Concepts, Communication Security, Infrastructure Security, Basics of Cryptography and Operational / Organizational Security. Candidates are recommended to have two years experience in a networking role with preexisting knowledge of TCP/IP, experience in a security related role, Network+ or equivalent certification, and adequate training and self-study materials. All candidates are encouraged to review the Security+ objectives thoroughly prior to attempting the exam. This examination includes blueprint weighting, test objectives and example content. Example concepts are included to clarify the test objectives and should not be construed as a comprehensive listing of the content of the examination.
The table below lists the domains measured by this examination and the extent to which they are represented in the examination.
30% - Domain 1 - General Security Concepts
20% - Domain 2 - Communication Security
20% - Domain 3 - Infrastructure Security
15% - Domain 4 - Basics of Cryptography
15% - Domain 5 - Operational / Organizational Security
Fundamentals of Information Security: Course Syllabus:
Module 1: General Security Concepts
Information Security • Physical Security • Operational Security • Management and Policies • Goals of Information Security • The Security Process • Antivirus Software • Access Control • Authentication • Services and Protocols • Security Topologies • Design Goals • Security Zones • Technologies • Business Concerns
Module 2: Know Your Enemy
Attack Strategies • Access Attacks • Modification and Repudiation Attacks • Denial of Service Attacks (DoS) • Common Attacks • Security Concerns and TCP/IP • The TCP/IP Protocol Suite • Application Layer • Host-to-Host or Transport Layer • Internet Layer • Network Interface Layer • Encapsulation • Protocols and Services • TCP/IP Attacks • Software Exploitation • Surviving Malicious Code • Viruses • Trojan Horses • Logic Bombs • Worms • Antivirus Software • Social Engineering • Auditing Processes and Files
Module 3: Infrastructure and Connectivity
Infrastructure Security • Hardware Components • Software Components • Devices • Firewalls • Routers • Switches • Wireless Access Points • Modems • Remote Access Services • Telecom/PBX Systems • Virtual Private Network • Network Monitoring and Diagnostics • Workstations • Servers • Mobile Devices • Remote Access • Serial Line Internet Protocol • Point-to-Point Protocol • Tunneling Protocols • Internet Connections • Ports and Sockets • E-Mail • Web • File Transfer Protocol • SNMP and Other TCP/IP Protocols • Cabling, Wires, and Communications • Coax • Unshielded Twisted Pair and Shielded Twisted Pair • Fiber Optic • Infrared • Radio Frequency • Microwave • Removable Media • Tape • CD-R • Hard Drives • Diskettes • Flash Cards • Smart Cards
Module 4: Monitoring Communications Activity
Network Monitoring • Types of Network Traffic • Network Monitoring Systems • Intrusion Detection Systems • Network-Based IDS • Host-Based IDS • Honey Pots • Incident Response • Incident Identification • Investigating the Incident • Repairing the Damage • Documenting the Response • Adjusting the Procedures • Wireless Systems • WTLS • IEEE 802.11 Wireless Protocols • WEP/WAP • Wireless Vulnerabilities • Instant Messaging • IM Vulnerabilities • 8.3 File Naming • Packet Sniffing • Privacy • Signal Analysis/Signal Intelligence • Footprinting • Scanning • Enumeration
Module 5: Implementing and Maintaining a Secure Network
Overview of Network Security Threats • Security Baselines • OS/NOS Hardening • Network Protocol Configuration • Microsoft Windows 9x • Microsoft Windows NT 4 • Microsoft Windows 2000 • Microsoft Windows XP • Windows .NET Server 2003 • UNIX/Linux • Novell NetWare • IBM • Apple Macintosh • File Systems • Operating System Updates • Network Hardening • Network Device Updates • Configuring Network Devices • Application Hardening • Web Servers • E-Mail Servers • FTP Servers • DNS Servers • NNTP Servers • File and Print Servers and Services • DHCP Services • Data Repositories
Module 6: Working with a Secure Network
Physical Security • Access Control • Social Engineering • Environment • Business Continuity Planning • Business Impact Analysis • Risk Assessment • Policies, Standards, and Guidelines • Policies • Standards • Guidelines • Security Standards and ISO 17799 • Information Classification • Public Information • Private Information • Government and Military Classifications • Roles in the Security Process • Information Access Controls
Module 7: Cryptography Basics and Methods
Overview of Cryptography • Physical Cryptography • Mathematical Cryptography • Quantum Cryptography • The Myth of Unbreakable Codes • Cryptographic Algorithms • Hashing • Symmetric Algorithms • Asymmetric Algorithms • Using Cryptographic Systems • Confidentiality • Integrity • Authentication • Non-Repudiation • Access Control • Public Key Infrastructure • Certificate Authority • RAs and LRAs • Certificates • Certificate Revocation • Trust Models • Cryptographic Attacks
Module 8: Cryptography Standards
Cryptography Standards and Protocols • Origins of Encryption Standards • PKIX/PKCS • X.509 • SSL • TLS • ISAKMP • CMP • S/MIME • SET • SSH • PGP • HTTPS • S-HTTP • IPSec • FIPS • Common Criteria • WTLS • WEP • ISO 17799 • Key Management and the Key Life Cycle • Centralized versus Decentralized Key Generation • Key Storage and Distribution • Key Escrow • Key Expiration • Key Revocation • Key Suspension • Recovering and Archiving Keys • Renewing Keys • Key Destruction • Key Usage
Module 9: Security Policies and Procedures
Business Continuity • Utilities • High Availability • Disaster Recovery • Vendor Support • Service Level Agreements • Code Escrow • Policies and Procedures • Personnel Policies • Business Policies • Certificate Policies • Incident Response Policies • Privilege Management • User and Group Role Management • Single Sign-On • Privilege Decision Making • Auditing • Access Control
Module 10: Security Management
Computer Forensics • Methodology of a Forensic Investigation • Chain of Custody • Preservation of Evidence • Collection of Evidence • Security Management • Best Practices and Documentation • Change Management • Systemic Change • Understanding the Roles in a Change Process • Justifying the Need for Change • Scheduling Changes • Change Staging • Change Documentation • Change Notification • Security Awareness and Education • Communications and Awareness • Education • Staying on Top of Security • Websites • Trade Publications • Privacy and Security Regulations • HIPAA • Gramm-Leach Bliley Act of 1999 • Computer Fraud and Abuse Act • FERPA • Computer Security Act of 1987 • Cyberspace Electronic Security Act (CESA) • Cyber Security Enhancement Act • Patriot Act • International Efforts
Current Course List:
|
