Training Course: Fundamentals of IT Security

Description

A primer in IT Security that addresses foundational topics including: IT Risk Analysis, Network and Platform security, wireless technology, cryptography, VPNs, and Firewalls. Emphasis is consistently placed on understanding and mitigating risk, defense-in-depth, vulnerability patterns, Best Practices, and effective countermeasures.  The class can be enhanced with hands-on labs with your choice of Firewall and VPN technology.

Audience

Individuals seeking a solid grounding in IT Security; particularly those interested in subsequently learning more about any of the following: Network security, Platform security, Industrial Control System (ICS) security, and how to design and implement secure software.

Duration

3 Days

Objectives

  • Be familiar with basic IT Security concepts and terms
  • Understand the importance of “Defense-in-Depth”
  • Be familiar with a Security Domains framework that facilitates IT Risk recognition and reduction
  • Be prepared to recognize and analyze IT Security Risk
  • Be prepared to identify IT Security vulnerabilities and implement effective Countermeasures
  • Be familar with important internetworking concepts and terms
  • Understand the purpose and effective deployment of Firewall and VPN technology

Setup

  •  Internet access
  • Cryptography Tools (recommended)
  • OpenSSL (recommended)
  • Lab Router(s), WAP(s), Firewalls (optional)
  • Lab IDPS(s) (optional)

Text

  • Course Workbook

Prerequisites

  • None

Outline

Topic 1:     Introduction

  • Welcome
  • Motivation
  • Objectives
  • Prerequisites & Setup
  • Course Overview

Topic 2:     IT Security Concepts and Terms

  • Malware
  • Vulnerabilities, Threats, and Attacks
  • Vulnerabilities and Threats
  • Countermeasures
  • Policies and Procedures
  • Risks and Risk Management
  • Risk Analysis and Mitigation
  • Defense in Depth
  • Security Domains
  • Security vs. Convenience
  • Security Goals
  • Security Resources
  • Quiz

Topic 3:     Malware

  • Viruses, Worms, and Trojans… Oh My !
  • Malware Characteristics
  • Countermeasures
  • Malware Detection and Removal
  • Additional Resources
  • Lab Exercise: Don’t Catch Anything !
  • Quiz

Topic 4:     Understanding IT Security Risk

  • Risk and Risk Management
  • Threats and Attacker Motivation
  • Internal Threats
  • Examples of IT Security Risk
  • Risk Valuation
  • Risk Analysis and Mitigation
  • Lab Exercise: Closer to Home
  • Quiz

Topic 5:     Internetworking Primer

  • IT Security and Internetworking
  • Networking Concepts and Terms
  • The OSI Reference Model
  • TCP/IP
  • IP Addresses
  • Ethernet
  • Internetwork Communications
  • Routers
  • Dynamic Host Control Protocol (DHCP)
  • Domain Name Service (DNS)
  • Address Resolution Protocol (ARP)
  • Transport Layer
  • User Datagram Protocol (UDP)
  • Transport Control Protocol (TCP)
  • What is a Virtual Private Network (VPN) ?
  • Simple Network Management Protocol (SNMP)
  • Lab Exercise: Vulnerabilities
  • Quiz

Topic 6:     Introduction to Firewalls

  • What is a Firewall ?
  • Network Address Translation (NAT)
  • Stateless Packet Filtering
  • Stateful Inspection
  • Firewall Policy
  • Firewalls and Network Architecture
  • Testing
  • Unified Policy Approach
  • Best Practices
  • Lab Exercise: Fire Prevention
  • Quiz

Topic 7:     IT Security Macro Patterns

  • Security Domains Revisited
  • What are IT Security Macro Patterns ?
  • Security Domains and Change
  • Risk Management
  • General Security
  • Access Control
  • Physical Security
  • Platform Security
  • Network Security
  • Application Security
  • Lab Exercise: Close to Home
  • Quiz

Topic 8:     Introduction to Cryptography

  • Motivation
  • Terms and Concepts
  • Message Integrity
  • Message Integrity: SHA
  • Steganography
  • Encryption Methods
  • Symmetric Encryption
  • Stream Ciphers
  • Encryption Methods: Block Cipher Modes
  • Data Encryption Standard (AES)
  • Advanced Encryption Standard (AES)
  • Secure Key Exchange
  • Asymmetric Encryption (Public Key Cryptography)
  • Overview of Cryptanalysis
  • Lab Exercise: I Said What ?
  • Quiz

Topic 9:     Public Key Infrastructure

  • Digital Signatures
  • Digital Certificates
  • Public Key Cryptography
  • Public Key Infrastructure
  • How HTTPS Works
  • X.509 Digital Certificates
  • Example: Digital Certificates
  • Certificate Authorities
  • Trust Models
  • Certificate Validation
  • Certificate Revocation
  • Key Management
  • Lab Exercise: Are You Certifiable ?
  • Quiz

Topic 10:     Understanding Virtual Private Networks (VPNs)

  • VPN Technologies Overview
  • Deployment Architectures
  • IPsec Overview
  • Authentication Header (AH)
  • Encapsulated Security Payload (ESP)
  • Internet Key Exchange (IKE)
  • IPComp
  • VPN Operational Overview
  • VPN Implementation
  • Quiz

Topic 11:     Wireless Network Security

  • Overview
  • WLAN Technologies and Standards
  • WLAN Vulnerabilities
  • WAP Countermeasures
  • 802.11
  • 802.11i
  • Best Practices
  • Lab Exercise: On the Air !
  • Quiz

Topic 12:     Intrusion Detection and Prevention Systems

  • Terms and Concepts
  • Motivation
  • Functions
  • Network Based Solutions
  • Detection Technologies
  • Prevention Features
  • IDS/IPS Deployment
  • IDPS Limitations
  • Host Based Solutions
  • Protecting Wireless Networks
  • IDPS Challenges
  • Best Practices
  • Sample Products
  • Lab Exercise: Product Research
  • Quiz

Appendix     Quiz Answers

Appendix     Acronyms