Description
A primer in IT Security that addresses foundational topics including: IT Risk Analysis, Network and Platform security, wireless technology, cryptography, VPNs, and Firewalls. Emphasis is consistently placed on understanding and mitigating risk, defense-in-depth, vulnerability patterns, Best Practices, and effective countermeasures. The class can be enhanced with hands-on labs with your choice of Firewall and VPN technology.
Audience
Individuals seeking a solid grounding in IT Security; particularly those interested in subsequently learning more about any of the following: Network security, Platform security, Industrial Control System (ICS) security, and how to design and implement secure software.
Duration
3 Days
Objectives
- Be familiar with basic IT Security concepts and terms
- Understand the importance of “Defense-in-Depth”
- Be familiar with a Security Domains framework that facilitates IT Risk recognition and reduction
- Be prepared to recognize and analyze IT Security Risk
- Be prepared to identify IT Security vulnerabilities and implement effective Countermeasures
- Be familar with important internetworking concepts and terms
- Understand the purpose and effective deployment of Firewall and VPN technology
Setup
- Internet access
- Cryptography Tools (recommended)
- OpenSSL (recommended)
- Lab Router(s), WAP(s), Firewalls (optional)
- Lab IDPS(s) (optional)
Text
- Course Workbook
Prerequisites
- None
Outline
Topic 1: Introduction
- Welcome
- Motivation
- Objectives
- Prerequisites & Setup
- Course Overview
Topic 2: IT Security Concepts and Terms
- Malware
- Vulnerabilities, Threats, and Attacks
- Vulnerabilities and Threats
- Countermeasures
- Policies and Procedures
- Risks and Risk Management
- Risk Analysis and Mitigation
- Defense in Depth
- Security Domains
- Security vs. Convenience
- Security Goals
- Security Resources
- Quiz
Topic 3: Malware
- Viruses, Worms, and Trojans… Oh My !
- Malware Characteristics
- Countermeasures
- Malware Detection and Removal
- Additional Resources
- Lab Exercise: Don’t Catch Anything !
- Quiz
Topic 4: Understanding IT Security Risk
- Risk and Risk Management
- Threats and Attacker Motivation
- Internal Threats
- Examples of IT Security Risk
- Risk Valuation
- Risk Analysis and Mitigation
- Lab Exercise: Closer to Home
- Quiz
Topic 5: Internetworking Primer
- IT Security and Internetworking
- Networking Concepts and Terms
- The OSI Reference Model
- TCP/IP
- IP Addresses
- Ethernet
- Internetwork Communications
- Routers
- Dynamic Host Control Protocol (DHCP)
- Domain Name Service (DNS)
- Address Resolution Protocol (ARP)
- Transport Layer
- User Datagram Protocol (UDP)
- Transport Control Protocol (TCP)
- What is a Virtual Private Network (VPN) ?
- Simple Network Management Protocol (SNMP)
- Lab Exercise: Vulnerabilities
- Quiz
Topic 6: Introduction to Firewalls
- What is a Firewall ?
- Network Address Translation (NAT)
- Stateless Packet Filtering
- Stateful Inspection
- Firewall Policy
- Firewalls and Network Architecture
- Testing
- Unified Policy Approach
- Best Practices
- Lab Exercise: Fire Prevention
- Quiz
Topic 7: IT Security Macro Patterns
- Security Domains Revisited
- What are IT Security Macro Patterns ?
- Security Domains and Change
- Risk Management
- General Security
- Access Control
- Physical Security
- Platform Security
- Network Security
- Application Security
- Lab Exercise: Close to Home
- Quiz
Topic 8: Introduction to Cryptography
- Motivation
- Terms and Concepts
- Message Integrity
- Message Integrity: SHA
- Steganography
- Encryption Methods
- Symmetric Encryption
- Stream Ciphers
- Encryption Methods: Block Cipher Modes
- Data Encryption Standard (AES)
- Advanced Encryption Standard (AES)
- Secure Key Exchange
- Asymmetric Encryption (Public Key Cryptography)
- Overview of Cryptanalysis
- Lab Exercise: I Said What ?
- Quiz
Topic 9: Public Key Infrastructure
- Digital Signatures
- Digital Certificates
- Public Key Cryptography
- Public Key Infrastructure
- How HTTPS Works
- X.509 Digital Certificates
- Example: Digital Certificates
- Certificate Authorities
- Trust Models
- Certificate Validation
- Certificate Revocation
- Key Management
- Lab Exercise: Are You Certifiable ?
- Quiz
Topic 10: Understanding Virtual Private Networks (VPNs)
- VPN Technologies Overview
- Deployment Architectures
- IPsec Overview
- Authentication Header (AH)
- Encapsulated Security Payload (ESP)
- Internet Key Exchange (IKE)
- IPComp
- VPN Operational Overview
- VPN Implementation
- Quiz
Topic 11: Wireless Network Security
- Overview
- WLAN Technologies and Standards
- WLAN Vulnerabilities
- WAP Countermeasures
- 802.11
- 802.11i
- Best Practices
- Lab Exercise: On the Air !
- Quiz
Topic 12: Intrusion Detection and Prevention Systems
- Terms and Concepts
- Motivation
- Functions
- Network Based Solutions
- Detection Technologies
- Prevention Features
- IDS/IPS Deployment
- IDPS Limitations
- Host Based Solutions
- Protecting Wireless Networks
- IDPS Challenges
- Best Practices
- Sample Products
- Lab Exercise: Product Research
- Quiz
Appendix Quiz Answers
Appendix Acronyms
Register
For more information or to register for this training course, call 1-800-840-2335 or contact us on our website.