TestOut Security Pro Lesson Plans

TestOut Security Pro – English 5.0.x

LESSON PLAN

Copyright © 2015 TestOut Corporation. CompTIA, A+, Network+, Security+, Linux+ and related trademarks and trade names are the trademarks of CompTIA. Microsoft, MCITP, MSCA, MCTS, and Windows are the trademarks of Microsoft.

Cisco and CCNA are the trademarks of Cisco. (ISC)2 and SSCP are the trademarks of (ISC)2. TestOut has no affiliation with any of these companies and the products and services advertised herein are not endorsed by any of them.

Table of Contents

Course Overview .................................................................................................. 5

Course Introduction for Instructors ........................................................................ 7

Section 1.1: Security Overview ........................................................................... 10

Section 1.2: Using the Simulator ......................................................................... 12

Section 2.1: Access Control Models ................................................................... 13

Section 2.2: Authentication ................................................................................. 15

Section 2.3: Authorization ................................................................................... 17

Section 2.4: Access Control Best Practices ........................................................ 18

Section 2.5: Active Directory Overview ............................................................... 20

Section 2.6: Windows Domain Users and Groups .............................................. 21

Section 2.7: Linux Users ..................................................................................... 23

Section 2.8: Linux Groups ................................................................................... 25

Section 2.9: Linux User Security ......................................................................... 27

Section 2.10: Group Policy Overview .................................................................. 29

Section 2.11: Hardening Authentication 1 ........................................................... 31

Section 2.12: Hardening Authentication 2 ........................................................... 33

Section 2.13: Remote Access ............................................................................. 35

Section 2.14: Network Authentication ................................................................. 37

Section 2.15: Identity Management..................................................................... 39

Section 3.1: Cryptography .................................................................................. 40

Section 3.2: Hashing ........................................................................................... 42

Section 3.3: Symmetric Encryption ..................................................................... 44

Section 3.4: Asymmetric Encryption ................................................................... 46

Section 3.5: Public Key Infrastructure (PKI) ........................................................ 48

Section 3.6: Cryptographic Implementations ...................................................... 50

Section 4.1: Security Policies .............................................................................. 52

Section 4.2: Manageable Network Plan .............................................................. 55

Section 4.3: Business Continuity ........................................................................ 56

Section 4.4: Risk Management ........................................................................... 58

Section 4.5: Incident Response .......................................................................... 60

Section 4.6: Social Engineering .......................................................................... 62

Section 4.7: Certification and Accreditation ........................................................ 64

Section 4.8: Development ................................................................................... 66

Section 4.9: Employee Management .................................................................. 68

Section 4.10: Third-Party Integration .................................................................. 70

Section 5.1: Physical Security ............................................................................. 71

Section 5.2: Hardware Security........................................................................... 73

Section 5.3: Environmental Controls ................................................................... 74

Section 5.4: Mobile Devices ................................................................................ 77

Section 5.5: Mobile Device Security Enforcement .............................................. 79

Section 5.6: Telephony ....................................................................................... 81

Section 6.1: Networking Layer Protocol Review ................................................. 83

Section 6.2: Transport Layer Protocol Review .................................................... 85



Section 6.3: Perimeter Attacks 1 ......................................................................... 87

Section 6.4: Perimeter Attacks 2 ......................................................................... 90

Section 6.5: Security Appliances ........................................................................ 92

Section 6.6: Demilitarized Zones (DMZ) ............................................................. 94

Section 6.7: Firewalls .......................................................................................... 96

Section 6.8: Network Address Translation (NAT)................................................ 98

Section 6.9: Virtual Private Networks (VPN) ..................................................... 100

Section 6.10: Web Threat Protection ................................................................ 102

Section 6.11: Network Access Control (NAC) ................................................... 104

Section 6.12: Wireless Overview ...................................................................... 106

Section 6.13: Wireless Attacks ......................................................................... 108

Section 6.14: Wireless Defenses ...................................................................... 110

Section 7.1: Network Devices ........................................................................... 112

Section 7.2: Network Device Vulnerabilities ...................................................... 113

Section 7.3: Switch Attacks ............................................................................... 115

Section 7.4: Router Security ............................................................................. 116

Section 7.5: Switch Security ............................................................................. 117

Section 7.6: Intrusion Detection and Prevention ............................................... 119

Section 7.7: SAN Security ................................................................................. 121

Section 8.1: Malware ........................................................................................ 123

Section 8.2: Password Attacks ......................................................................... 125

Section 8.3: Windows System Hardening ......................................................... 127

Section 8.4: Hardening Enforcement ................................................................ 129

Section 8.5: File Server Security ....................................................................... 131

Section 8.6: Linux Host Security ....................................................................... 133

Section 8.7: Static Environment Security .......................................................... 134

Section 9.1: Web Application Attacks ............................................................... 135

Section 9.2: Internet Browsers .......................................................................... 137

Section 9.3: E-mail ............................................................................................ 139

Section 9.4: Network Applications..................................................................... 141

Section 9.5: Virtualization ................................................................................. 142

Section 9.6: Application Development .............................................................. 144

Section 10.1: Redundancy ................................................................................ 146

Section 10.2: Backup and Restore.................................................................... 148

Section 10.3: File Encryption ............................................................................ 150

Section 10.4: Secure Protocols ......................................................................... 152

Section 10.5: Cloud Computing ........................................................................ 154

Section 11.1: Vulnerability Assessment ............................................................ 156

Section 11.2: Penetration Testing ..................................................................... 158

Section 11.3: Protocol Analyzers ...................................................................... 160

Section 11.4: Log Management ........................................................................ 162

Section 11.5: Audits .......................................................................................... 164

Security Pro Practice Exams ............................................................................ 166

Security+ Practice Exams ................................................................................. 167

SSCP Practice Exams ...................................................................................... 168



Appendix A: Approximate Time for the Course ................................................. 169

Appendix B: Security Pro 2014 Changes .......................................................... 173

Appendix C: Security Pro Objectives ................................................................ 178



Course Overview

This course prepares students for

TestOut’s Security Pro, CompTIA’s Security+, and (ISC) 2 's SSCP certification exams.

Module 1 – Introduction

This module introduces the students to the challenges of protecting electronic information and using the LabSim simulator.

Module 2 – Access Control and Identity Management

In this module students will learn concepts about controlling access to system resources. They will learn the access control models, terminology, best practices, tools, and remote and network considerations to controlling access.

Module 3 – Cryptography

This module teaches the students about cryptographic attacks and the tools to ensure data integrity. They will learn about hashing, symmetric and asymmetric encryption, and certificates. Methods of implementing cryptography are also presented.

Module 4 – Policies, Procedures, and Awareness

This module discusses security policies, procedures and security awareness.

Students will learn security classification levels, documents, business continuity plans, risk management considerations, incident response, trusted computing, software development concerns, and management of employees.

Module 5 – Physical Security

This module examines the fundamentals of physically securing access to facilities and computer systems, protecting a computer system with proper environmental conditions and fire-suppression systems, and securing mobile devices and telephony transmissions.

Module 6 – Perimeter Defenses

In this module students will learn concepts about perimeter defenses to increase network security. Topics covered will include types of perimeter attacks, security zones and devices, configuring a DMZ, firewalls, NAT router, VPNs, protections against web threats, Network Access Protection (NAP) and security for wireless networks.

Module 7 – Network Defenses

This module discusses network device vulnerabilities and defenses, providing security for a router and switch, and implementing intrusion monitoring and prevention.



Module 8 – Host Defenses

In this module students will learn about the types of malware and how to protect against them, protecting against password attacks, recommendations for hardening a Windows system, configuring GPOs to enforce security, managing file system security, and procedures to increase network security of a Linux system.

Module 9 – Application Defenses

This module discusses basic concepts of securing web applications from attacks, fortifying the internet browser, securing e-mail from e-mail attacks, concerns about networking software, and security considerations when using a virtual machine.

Module 10 – Data Defenses

This module discusses the elements of securing data, such as, implementing redundancy through RAID, proper management of backups and restores, file encryption, implementing secure protocols, and cloud computing.

Module 11 – Assessments and Audits

This module examines tools that can be used to test and monitor the vulnerability of systems and logs that provide a system manager to track and audit a variety of events on a system.

Practice Exams

In Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. The practice exams are divided into three separate areas and will contain examples of the types of questions that a student will find on the actual exam:



Security Pro Certification Practice Exams



Security+ Practice Exams



SSCP Practice Exams



Course Introduction for Instructors

This course provides students with the knowledge to become industry certified as a Security professional. This course actually meets the specifications for three different industry certification programs. It prepares the student for the following:



TestOut's Security Pro certification



CompTIA's Security+ certification



(ISC) 2 's SSCP certification

TestOut’s Security Pro certification is a new certification which measures not just what you know , but what you can do . The TestOut Security Pro Certification

(2012 edition) measures your ability to manage security threats and harden security for computer systems. The following knowledge domains are addressed:



Access Control and Identity Management



Policies, Procedures, and Awareness



Physical Security



Perimeter Defenses



Network Defenses



Host Defenses



Application Defenses



Data Defenses



Audits and Assessments

Security Pro objectives are listed in Appendix C: Security Pro Objectives .

CompTIA’s Security+ certification is an international, vendor-neutral certification that verifies the student can apply knowledge to applying security concepts, tools and procedures to react to security incidents. Security+ Exam SY0-401(2014 edition) covers general knowledge of security concepts, threats, and tools. The following knowledge domains are addressed:



Network Security



Compliance and Operational Security



Threats and Vulnerabilities



Application, Data and Host Security



Access Control and Identity Management



Cryptography



The objectives for CompTIA’s Security+ objectives are listed in www.comptia.org

.

(ISC) 2 ’s SSCP certification (2012 edition) ensures students have the skills to safeguard against threats and the knowledge to apply security concepts, tools, and procedures. The following knowledge domains are addressed:



Access Control



Security Operations & Administration



Monitoring and Analysis



Risk, Response, and Recovery



Cryptography



Networks and Communications



Malicious Code and Attacks

The objectives for (ISC) 2 SSCP objectives are listed in ???.

The section introductions in LabSim and the lesson plans list the objectives that are met for each of the exams in that section.

The following icons are placed in front of lesson items in LabSim to help students quickly recognize the items in each section:

= Demonstration

= Exam

= Lab/Simulation

= Text lesson or fact sheet

= Video

The video and demonstration icons are used throughout the lesson plans to help instructors differentiate between the timing for the videos and demonstrations.

In the lesson plans the Total Time for each section is calculated by adding the approximate time for each section which is calculated using the following elements:



Video/demo times



Approximate time to read the text lesson (the length of each text lesson is taken into consideration)



Simulations (5 minutes is assigned per simulation. This is the amount of time it would take for a knowledgeable student to complete the lab activity.

Plan that the new students will take much longer than this depending upon their knowledge level and computer experience.)





Questions (1 minute per question)

Appendix A: Approximate Time for the Course contains all the times for each section which are totaled for the whole course.



Section 1.1: Security Overview

Summary

This section provides an overview of security. Basics discussed include:



Security challenges: o Sophistication of attacks o Proliferation of attack software o Scale and velocity of attacks



Common security terms: o Confidentiality o Integrity o Availability o Non-repudiation



CIA of Security



Key Security Components: o Physical security o Users and administrators o Policies



Risk Management items to take into account: o Asset o Threat o Threat agent o Vulnerability o Exploit



Types of threat agents: o Employee o Spy o Hacker



Steps of attack strategies: o Reconnaissance o Breach o Escalate privileges o Stage o Exploit



Defense methodologies: o Layering o Principle of least privilege o Variety o Randomness o Simplicity



Lecture Focus Questions:



What challenges does a security professional face?



What is the difference between integrity and non-repudiation ?



What process provides confidentiality by converting data into a form that it is unlikely to be usable by an unintended recipient?



What are the three main goals of the CIA of Security?



Which security expression refers to verifying that someone is who they say they are?



What are key components of risk management?



What are three types of threat agents?

Time Video/Demo

1.1.1 Security Challenges

1.1.2 Security Roles and Concepts

1.1.3 Threat Agent Types

1.1.5 General Attack Strategy

1.1.6 General Defense Strategy

Total

Number of Exam Questions

12 questions

Total Time

About 70 minutes

8:22

5:36

8:20

8:51

18:25

49:34



Section 1.2: Using the Simulator

Summary

This section introduces the student to the TestOut simulator, which is used in most of the lab exercises throughout the course. Students will become familiar with the:



Scenario



Main Bench



Shelf



Selected Component



Processes to complete labs



Elements of the Score Report

Students will learn how to:



Read simulated component documentation and view components to make appropriate choices to meet the scenario.



Add and remove simulated computer components.



Change views to view and add simulated components.



Use the zoom feature to view additional image details.



Attach simulated cables.



Use the simulation interface to identify where simulated cables connect to the computer.

Time Video/Demo

1.2.1 Using the Simulator

Lab/Activity



Configure a Security Appliance



Install a Security Appliance

Total Time

About 25 minutes

13:19



Section 2.1: Access Control Models

Summary

This section discusses access control models. Basics discussed include:



Access control involves: o Objects o Subjects o System



Processes of the access control: o Identification o Authentication o Authorization o Auditing (also referred to as accounting)



Access controls can be classified according to the function they perform: o Preventive o Detective o Corrective o Deterrent o Recovery o Compensative



Access control measures to restrict or control access: o Administrative o Technical o Physical



Directory services



Common access control models: o Mandatory Access Control (MAC) o Discretionary Access Control (DAC) o Role-Based Access Control (RBAC) o Rule Set-Based Access Control (RSBAC) o Federated Access Control



Discretionary access controls



Access control models



Academic security models: o Bell-LaPadula o Biba o Clark-Wilson o State machine o Brewer and Nash Module/Chinese Wall o Take-Grant o Combination models






Implement DAC by configuring a discretionary access control list (DACL).

Security Pro Exam Objectives:



5.1 Harden Network Devices (using a Cisco Small Business Switch). o Implement access lists, deny everything else




What is access control and why is it important?



How does the Discretionary Access Control (DAC) provide access control?



What type of entries does the Discretionary Access Control List (DACL) contain?



What is the function of each of the two types of labels used by the

Mandatory Access Control (MAC) access model?



What is the difference between role-based access control and rule-based access control?



How are Rule-Based Access Control and Mandatory Access Control

(MAC) similar?



In security terms, what does AAA refer to?

Video/Demo

2.1.1 Access Control Models

2.1.5 Implementing Discretionary Access Control

Total


15 questions

Total Time

About 30 minutes

Time

3:38

6:09

9:47



Section 2.2: Authentication

Summary

In this section students will learn the basics of identification and authentication.

Concepts covered in this section include:



Ways a User can prove identity to an authentication server: o Type 1 Something you know o Type 2 Something you have o Type 3 Something you are o Type 4 Somewhere you are o Type 5 Something you do



Terms used to measure the effective of authentication solutions: o False negative o False positive o Crossover error rate o Processing rate



Authentication methods used to increase security: o Two-factor o Three-factor o Multi-factor o Strong o One-factor o Mutual



Considerations when implementing biometrics



Single Sign-on (SSO) authentication: o Advantages of SSO o Disadvantages of SSO



SSO solutions: o Kerberos o Secure European System for Applications in a Multi-Vendor

Environment (SESAME) o Directory services




Use a biometric scanner to enroll (record) fingerprints that can be used for authentication.



Configure fingerprint settings to automate execution of an application.



Use single sign-on to access all authorized resources on the network.






What is the difference between authentication and identification ?



Which authentication type is the most common?



Which form of authentication is generally considered the strongest?



What is the difference between synchronous and asynchronous token devices?



Which type of biometric processing error is more serious, a false positive or a false negative? Why?



What is the difference between strong authentication, two-factor authentication, and multi-factor authentication?



What are the main advantages of SSO authentication? Disadvantages?

Time Video/Demo

2.2.1 Authentication Part 1

2.2.2 Authentication Part 2

2.2.4Using a Biometric Scanner

2.2.5 Using Single Sign-on

Total


15 questions

Total Time

About 60 minutes

11:26

8:53

3:49

12:20

36:28



Section 2.3: Authorization

Summary

This section examines using authorization to control access to resources.

Concepts covered include:



Types of NTFS access lists: o Discretionary Access Control List (DACL) o System Access Control List (SACL)



The role of a security principal



Types of permission: o Effective Permissions o Deny Permissions o Cumulative Permissions




Create a group and add members to the group.



Examine the elements of an access token using whoami /all .



After changes to user privileges, gain access to newly assigned resources by creating a new access token (logging on again).




What three types of information make up an access token?



How is the access token used to control access to resources?



On a Microsoft system, when is the access token generated?



What types of objects are considered security principals?



What is the difference between a discretionary access control list (DACL) and a system access control list (SACL)?

Video/Demo

2.3.1 Authorization

2.3.2 Cumulative Access

2.3.4 Examining the Access Token

Total


4 questions

Time

5:15

9:37

9:08

24:00



Total Time

About 30 minutes

Section 2.4: Access Control Best Practices

Summary

This section provides information about best practices to control access to system resources. Concepts covered include:



Security practices: o Principle of least privilege o Need to know o Separation of duties o Job rotation o Defense-in-depth



Creeping privileges



Precautions to avoid creeping privileges



End-of-life procedures for media




Enable and disable User Account Control (UAC).



Use alternate credentials to run programs that require elevated privileges.




5.1 Harden Network Devices (using a Cisco Small Business Switch). o Implement access lists, deny everything else




What is the difference between implicit deny and explicit allow ?



What is the difference between implicit deny and explicit deny? Which is the strongest?



How does implementing the principle of separation of duties increase the security in an organization?



What aspects of security does job rotation provide?



How do creeping privileges occur?

Video/Demo

2.4.1 Access Control Best Practices

2.4.3 Viewing Implicit Deny

Time

3:12

10:13



Total


12 questions

Total Time

About 30 minutes

13:25



Section 2.5: Active Directory Overview

Summary

This section provides an overview of Active Directory. Concepts covered include:



Active Directory components: o Domain o Trees and Forests o Organizational Unit (OU) o Generic Containers o Objects o Domain Controller




Open and navigate the Active Directory Users and Computers dialog.



Distinguish between Organizational Unit (OU) and folder resources.



View and edit user and group account properties.




What is the purpose of a domain?



What is the difference between a tree and a forest ?



How do Organizational Units (OUs) simplify administration of security?



What are the advantages of a hierarchical directory database over a flat file database?

Time Video/Demo

2.5.1 Active Directory Introduction

2.5.2 Active Directory Structure

2.5.3 Viewing Active Directory

Total


3 questions

Total Time

About 30 minutes

9:04

9:24

8:05

26:33



Section 2.6: Windows Domain Users and Groups

Summary

This section discusses managing Windows domain users and groups. Concepts covered include:



User Account Management: o Creating users o Recommendations of managing user accounts o Directory object attributes o Managing users as groups




Create domain user accounts.



Modify user account properties, including changing logon and password settings in the user account.



Rename a user account.



Reset a user account password and unlock the account.



Enable and disable an account.




1.1 Create, modify, and delete user profiles. o Manage Windows Domain Users and Groups

 Create, rename, and delete users and groups

 Lock and unlock user accounts



Assign users to appropriate groups

 Change a user's password



1.2 Harden authentication. o Configure the Domain GPO to control local administrator group membership and Administrator password




What is the purpose of a domain?



What is the difference between a disabled, locked out, or expired user account?



What is the best way to handle a user's account when an employee quits the company and will be replaced by a new employee in the near future?



What are the recommendations for using a template user account?



What properties of a user account do not get duplicated when you copy the user?



Video/Demo

2.6.1 Creating User Accounts

Time

4:50

2.6.2 Managing User Account Properties 7:45

2.6.5 Managing Groups 5:05

Total 17:40

Lab/Activity



Create User Accounts



Manage User Accounts



Create a Group



Create Global Groups


5 questions

Total Time

About 50 minutes



Section 2.7: Linux Users

Summary

This section examines managing Linux users. Concepts covered include:



Options for storing Linux user and group information



Files used when files are stored in the local file system: o /etc/passwd o /etc/shadow o /etc/group o /etc/gshadow



Configuration files used when managing user accounts: o /etc/default/useradd o /etc/login.defs o /etc/skel



Manage user accounts with the following commands: o useradd o passwd o usermod o userdel




Create, rename, lock, and unlock a user account.



Change a user's password.



Rename or remove a user account.




1.1 Create, modify, and delete user profiles. o Manage Linux Users and Groups


 Assign users to appropriate groups



Lock and unlock user accounts





Which directory contains configuration file templates that are copied into a new user's home directory?



When using useradd to create a new user account, what type of default values create the user account?





How can you view all the default values in the /etc/default/useradd file?



How would you create a user with useradd that does not receive the default values in /etc/default/useradd file?



Which command deletes a user and their home directory at the same time?

Time Video/Demo

2.7.1 Linux User and Group Overview

2.7.2 Managing Linux Users

Total

19:14

9:28

28:42

Lab/Activity



Create a User Account



Rename a User Account



Delete a User



Change Your Password

 Change a User’s Password



Lock and Unlock User Accounts


7 questions

Total Time

About 70 minutes



Section 2.8: Linux Groups

Summary

This section examines managing Linux groups. Concepts covered include:



Commands to manage group accounts and group membership: o groupadd o groupmod o groupdel o gpasswd o newgrp o usermod o groups




Create groups and define the group ID.



Change secondary group membership for specific user accounts.



Enable a group password.




1.1 Create, modify, and delete user profiles. o Manage Linux Users and Groups




Assign users to appropriate groups





Which usermod option changes the secondary group membership?



Which command removes all secondary group memberships for specific user accounts?



Which groupmod option changes the name of a group?

Time Video/Demo

2.8.1 Managing Linux Groups 3:15

Lab/Activity



Rename and Create Groups



Add Users to a Group



Remove a User from a Group




3 questions

Total Time

About 20 minutes



Section 2.9: Linux User Security

Summary

In this section students will explore user security for Linux. Details about the following concepts will be covered:



Considerations for user security



Commands used to promote user security and restrictions o chage o ulimit



The /etc/security/limits.conf file o Entry options:

 Entity

 Type



Limits

 Value




Configure password aging.



Configure password login limits.



Configure the maximum concurrent logins by a user.



Use the ulimit command to restrict user resource usage.




1.1 Create, modify, and delete user profiles. o Manage Linux Users and Groups.

 Configure password aging. o Restrict use of common access accounts.




When using chage to set expiration of user passwords, which option sets the number of days for the password warning message?



What is the difference between hard and soft limits?



When using ulimit to limit computer resources used for applications launched from the shell, which option displays the current limits?



What command removes all restrictions for process memory usage?



Why should passwords not expire too frequently?



Video/Demo

2.9.1 Linux User Security and Restrictions

Time

9:53

2.9.2 Configuring Linux Users Security and Restrictions 6:40

Total 16:33


5 questions

Total Time

About 25 minutes



Section 2.10: Group Policy Overview

Summary

This section provides an overview of using Group Policy to apply multiple objects within the Active Directory domain at one time. Concepts covered include:



The role of GPOs



GPO Categories: o Computer Configuration o User Configuration



How GPOs apply to objects



The order in which GPOs are applied




View the setting defined in a GPO.



Create a GPO.



Link a GPO to OUs.



Edit the settings of a GPO.



Import GPO settings.




1.1 Create, modify, and delete user profiles. o Manage Windows Local Users and Groups



Restrict use of local user accounts o Restrict use of common access accounts



1.2 Harden authentication. o Configure the Domain GPO to enforce User Account Control




When are user policies applied?



How do computer policies differ from user policies?



How do GPOs applied to an OU differ from GPOs applied to a domain?



What is the order in which GPOs are applied?



If a setting is undefined in one GPO and defined in another, which setting is used?



If a setting is defined in two GPOs, which setting is applied?



Video/Demo

2.10.1 Group Policy Overview

2.10.2 Viewing Group Policy

Total

Lab/Activity



Create and Link a GPO


3 questions

Total Time

About 35 minutes

Time

8:41

14:31

23:12



Section 2.11: Hardening Authentication 1

Summary

This section discusses methods of hardening authentication. Basics discussed include:



Methods of authentication: o Account lockout o Account restrictions o Account (password) policies



Considerations for controlling user account and password security




Control logical access by configuring user account and account lockout policies.



Configure day/time restrictions, computer restrictions, and expiration dates for user accounts.



Enable and disable user accounts.



Configure the password policy for a domain.



Using Group Policy Management, configure security settings such as password policy settings to define requirements for user passwords.



Using Group Policy Management, configure user right assignments to identify actions users can perform on a system.





 Restrict use of local user accounts o Restrict use of common access accounts



1.2 Harden authentication. o Configure Domain GPO Account Policy to enforce a robust password policy o Disable or rename default accounts such as Guest and

Administrator



5.1 Harden Network Devices (using a Cisco Small Business Switch). o Use secure passwords






What characteristics on a Microsoft system typically define a complex password?



What is the clipping level and how does it affect an account login?



What does the minimum password age setting prevent?



What is a drawback to account lockout for failed password attempts?



What are the advantages of a self-service password reset management system?

Video/Demo

2.11.1 Hardening Authentication

2.11.2 Configuring User Account Restrictions

Time

19:31

9:30

2.11.4 Configuring Account Policies and UAC Settings 14:18

2.11.6 Hardening User Accounts 10:20

Total 53:39

Lab/Activity



Configure User Account Restrictions



Configure Account Policies



Restrict Local Accounts



Secure Default Accounts



Enforce User Account Control


11 questions

Total Time

About 90 minutes



Section 2.12: Hardening Authentication 2

Summary

This section discusses methods of hardening authentication using smart cards and fine-grained password policies. Basics discussed include:



Facts about smart cards



Smart card categories: o Contact smart cards o Contactless smart cards



Key benefits of smart cards



Weaknesses of smart cards: o Microprobing o Software attacks o Eavesdropping o Fault generation



The role of granular password policies: o Acronyms:



Password Settings Object (PSO)

 Password Settings Container (PSC) o PSO properties:

 msDS-PSOAppliesTo

 msDS-PasswordSettingsPrecedence



Creating a PSO using ADSI Edit



Using Active Directory Administrative Center to manage granular passwords




Configure authentication for a smart card.



Implement a fine-grained password policy to create a more restrictive policy set.





 Restrict use of local user accounts o Restrict use of common access accounts



1.2 Harden authentication. o Configure a GPO for Smart Card authentication for sensitive resources






What are the two different categories of smart cards and how they are read by the smart card reader?



What are the advantages and disadvantages of using smart cards?



When would you choose to use fine-grained password policies?

Time Video/Demo

2.12.1 Configuring Smart Card Authentication

2.12.4 Using Fine-Grained Password Policies

Total

Lab/Activity



Configure Smart Card Authentication



Create a Fine-Grained Password Policy

6:20

7:00

13:20


5 questions

Total Time

About 30 minutes



Section 2.13: Remote Access

Summary

In this section students will learn about remote access. Concepts covered include:



The role of remote access.



Stages in the remote access process: o Connection o Authentication o Authorization o Accounting



Implementing a remote access server



Common AAA server solutions: o Remote Authentication Dial-In User Server (RADIUS) o Terminal Access Controller Access-Control System Plus

(TACACS+)



Considerations when comparing RADIUS vs. TACACS+




Configure a remote access server to accept remote access connections.



Control remote access authorization using network policies.



Configure ports on a VPN server to allow VPN connections.



Configure a VPN client connection.




1.2 Harden authentication. o Configure secure remote access.




How does EAP differ from CHAP or MS-CHAP?



What is the difference between authentication and authorization ?



How does tunneling protect packets in transit through an unsecured network?



What are examples of criteria used to restrict remote access?



Which remote server solution performs better and is considered more secure?



What types of attacks are remote access servers vulnerable to?



Video/Demo

2.13.1 Remote Access

2.13.3 RADIUS and TACACS+

Total


15 questions

Total Time

About 35 minutes

Time

8:43

6:51

15:34



Section 2.14: Network Authentication

Summary

This section discusses using authentication too connect to a network and access network resources. Concepts covered include:



The process of a three-way handshake



Authentication methods used for network authentication: o LAN Manager (LANMAN or LM) o NT LAN Manager (NTLM) o Kerberos



The role of Lightweight Directory Access Protocol (LDAP)



Authentication Modes that LDAP supports when binding to a directory service: o Anonymous o Simple o Simple Authentication and Security Layer (SASL)



Trusts o One-way trust o Two-way trust



Transitivity: o Transitive trust o Non-transitive trust



Transitive access attack




Edit Kerberos Policy settings using Group Policy Management.



Provide authentication backwards compatibility for pre-Windows 2000 clients using Group Policy.




1.2 Harden authentication. o Implement centralized authentication



1.3 Manage Certificates. o Configure Domain GPO Kerberos Settings




Using a challenge/response process, what information is exchanged over the network during logon? How does this provide security for logon credentials?





What is the difference between authentication with LAN Manager and NT

LAN Manager?



What security vulnerabilities should an administrator be aware of when using Kerberos for authentication?



What two entities are combined to make up the KDC?



Why does Kerberos require clock synchronization between devices?



What does transitivity define?



How is a non-transitive trust relationship established between domains?

Time Video/Demo

2.14.1 Network Authentication Protocols

2.14.2 Network Authentication via LDAP

2.14.4 Controlling the Authentication Method

2.14.6 Browsing a Directory Tree via LDAP

2.14.7 Trusts and Transitive Access

2.14.9 Credential Management

Total

Lab/Activity



Configure Kerberos Policy Settings

14:09

10:30

6:39

6:38

5:33

10:06

53:35


14 questions

Total Time

About 70 minutes



Section 2.15: Identity Management

Summary

This section discusses the role of Identity Management (IDM). Details include:



The role of Identity Management IDM



Advantages of IDM



Terms: o Identity Vault o Identity Management Service o Automated Provisioning o Automated De-Provisioning o Automated Maintenance o Automated De-provisioning o Automated Maintenance o Password Synchronization o Entitlement o Authoritative Source




What are the advantages of implementing IDM? Disadvantages?



What is the significance of the authoritative source of an item?



What does entitlement define?



What is automated provisioning?

Time Video/Demo

2.15.1 Identity Management


4 questions

Total Time

About 20 minutes

16:31



Section 3.1: Cryptography

Summary

In this section students will learn the basics of cryptography. Concepts covered in this section include:



Terms related to cryptography: o Plain text o Cipher text o Cryptographer o Cryptanalysis o Cryptosystem o Cryptology o Key o Algorithm o Encryption o Decryption o Steganography o Quantum cryptography o Initialization vector o Transposition Cipher o Substitution Cipher



Attack Types: o Brute Force Attacks o Plaintext Attacks o Analytic o Weakness Exploitation Attacks o Encryption attacks o Man-in-the-middle attack



Countermeasures to strengthen the cryptosystem




1.3 Manage Certificates. o Approve, deny, and revoke certificate requests




What is a legitimate use for cryptanalysis?



How is the strength of a cryptosystem related to the length of the key?



Which of the following is typically kept secret, the encryption algorithm or the key (or both)?



What is the difference between a transposition cipher and a substitution cipher?





What is a legitimate use of steganography?



What methods are used in a brute force attack?



What is the difference between a Registration Authority and a Certificate

Authority?

Time Video/Demo

3.1.1 Cryptography Concepts

3.1.3 Cryptography Attacks

Total


15 questions

Total Time

About 45 minutes

4:29

17:47

22:16



Section 3.2: Hashing

Summary

This section examines using hashing to ensure the data integrity of files and messages in transit. Concepts covered include:



The role of hashing



Predominate hashing algorithms: o MD5 o SHA-1 o RIPEMD



Uses of hashing: o File integrity o Secure logon credential exchange



Considerations regarding hashes




Generate a hash value for a file.



Compare hash values to verify message integrity.




What security goal or function is provided by hashes?



Why doesn't a hash provide message encryption?



When comparing MD5 and SHA-1, which method provides greater security? Why?



What is a collision and why is this condition undesirable in a hashing algorithm?



Why is high amplification an indicator of a good hashing algorithm?

Video/Demo

3.2.1 Hashing

3.2.3 Using Hashes

Total


12 questions

Time

11:31

7:43

19:14

Total Time

About 35 minutes





Section 3.3: Symmetric Encryption

Summary

This section examines using symmetric encryption to encrypt and decrypt data.




Symmetric encryption uses two algorithm types: o Block ciphers o Stream ciphers



Common symmetric cryptography methods include: o Ron’s Cipher v2 or Ron’s Code v2 (RC2) o Ron’s Cipher v5 or Ron’s Code v5 (RC5) o International Data Encryption Algorithm (IDEA) o Data Encryption Standard (DES) o Triple DES (3DES) o Advanced Encryption Standard (AES) o Blowfish o Twofish o SkipJack



The role of Hashed Keyed Message Authentication Code (HMAC)




Perform a brute force analysis of encrypted data to recover original data.




A user needs to communicate securely with 5 other users using symmetric key encryption. How many keys are required?



How are symmetric keys typically exchanged between communication partners?



What is an advantage of increasing the number of bits in the key? What is a disadvantage?



Why are symmetric key stream ciphers considered to be slower than symmetric key block ciphers?



Considering symmetric key stream ciphers and block ciphers, which would you select to process large amounts of data? Why?



How does 3DES differ from DES?



Video/Demo

3.3.1 Symmetric Encryption

3.3.2 HMAC

3.3.4 Cracking a Symmetric Encryption Key

Total


15 questions

Total Time

About 35 minutes

Time

5:27

6:13

4:11

15:51



Section 3.4: Asymmetric Encryption

Summary

This section discusses using asymmetric encryption to encrypt and decrypt data.

Details include:



Considerations of asymmetric encryption: o Asymmetric encryption functionality o Asymmetric encryption uses:



Data encryption

 Digital signing

 Key exchange o Using asymmetric and symmetric encryption together o Common asymmetric encryption implementations:

 SSL/TLS

 IPSec



VPNs (PPTP, L2TP, SSTP)

 S/MIME and PGP for e-mail security

 SSH tunnels o Management considerations o Protecting data in the event of key compromise



Common asymmetric key cryptography systems: o Diffie-Hellman Key Exchange o ElGamal o Elliptic Curve Cryptography (ECC) o Merkle-Hellman Knapsack o Rivest, Shamir, Adelman (RSA)




How do public keys differ from private keys? What is the relationship between the two?



For which type of environment is asymmetric cryptography best suited?



Why does asymmetric encryption require fewer keys than symmetric encryption?



What services are provided by the cryptographic service provider (CSP)?



What is the main use for the Diffie-Hellman protocol?



Video/Demo

3.4.1 Asymmetric Encryption


12 questions

Total Time

About 25 minutes

Time

8:56



Section 3.5: Public Key Infrastructure (PKI)

Summary

This section examines using a public key infrastructure (PKI) to issue and manage certificates. Details include:



The role of a digital certificate



Process used to request, issue, and manage certificates



Example of using SSL and certificates to secure Web transactions



Terms to be familiar with: o Certificate Authority (CA) o Subordinate Certificate Authority o Certificate Practice Statement (CPS) o Cryptographic Service Provider (CSP) o Online Certificate Status Protocol (OCSP) o Certificate Revocation List (CRL) o CRL Distribution Point (CDP) o Registration Authority (RA) o X.509 o Enrollment agent o Authority Information Access (AIA)



A summary of the certificate lifecycle



Certificate management areas: o Key protection o Certificate validation o Key archival o Key escrow o Certificate revocation o Crypto period o Certificate renewal o Key disposal



Considerations when managing a public key infrastructure (PKI): o PKI hierarchy o Cross certification o Dual key pairs




Manage certificates by requesting, approving, and installing certificates.



Revoke a certificate and publish it to the CRL.



Create and configure a subordinate CA.



Manage certificate templates by deploying certificates for different purposes.



Create and issue custom certificate templates.






1.3 Manage Certificates. o Approve, deny, and revoke certificate requests




Who authorizes subordinate CAs? Why is this important?



What does the issuance policy on a CA control?



How does a client verify the information in an SSL certificate to determine if it trusts the certificate?



What is the difference between a CSP and a CPS?



What is the role of the Registration Authority (RA)?



What is the difference between key archival and key escrow ?



How are revoked certificates identified? Under what circumstances would a certificate be revoked?



What security advantage do dual key pairs provide?

Time Video/Demo

3.5.1 Certificates

3.5.2 Managing Certificates

3.5.5 CA Implementation

3.5.6 Configuring a Subordinate CA

Total

Lab/Activity



Manage Certificates

11:02

14:45

5:17

14:13

45:17


15 questions

Total Time

About 70 minutes



Section 3.6: Cryptographic Implementations

Summary

In this section students will learn the basics of implementing cryptography.




Implementations of cryptography: o File system encryption o Digital signatures o Digital envelope o Trusted Platform Module (TPM) o Hardware Security Modules (HSM)



How technologies are implemented in LAN-and Web-based environments: o Secure Electronic Transaction (SET) o Secure Sockets Layers (SSL) o Transport Layer Security (TLS) o Secure Hyper Text Transport Protocol (S-HTTP) o Hyper Text Transport Protocol Secure (HTTPS) o Secure Shell (SSH) o Internet Protocol Security (IPSec)



Encryption technologies implemented to secure e-mail messages: o Privacy Enhanced Mail (PEM) o Pretty Good Privacy (PGP) o Secure Multipurpose Internet Mail Extensions (S/MIME) o Message Security Protocol (MSP)




What are the advantages of asymmetric over symmetric encryption? What are the disadvantages?



How are asymmetric encryption and hashing combined to create digital signatures?



What is the difference between digital signatures and digital envelopes ?



How does the protection offered by BitLocker differ from EFS?



How does S-HTTP differ from HTTPS? Which is more secure?



Which types of traffic can SSL protect?



Video/Demo

3.6.1 Combining Cryptographic Methods

3.6.2 Hardware Based Encryption Devices

Total


15 questions

Total Time

About 40 minutes

Time

10:30

7:12

17:42



Section 4.1: Security Policies

Summary

This section discusses using security policies to define the overall security outlook for an organization. Details include:



Types of documents used to create security policies: o Regulation o Procedure o Baseline o Guideline



Elements of security planning



Due care and due diligence



Types of security policy documents: o Acceptable use o Authorized access o Change and configuration management o Code escrow agreement o Code of ethics o Human resource policies o Organizational security policy o Password o Privacy o Resource allocation o Service Level Agreement (SLA) o User education and awareness training o User management



The role of security management



Components of operational security that help to establish defense and depth: o Change management o Employee management o Security awareness o Physical security



Information Security Classification Framework: o High o Medium o Low



Common information classification levels: o Public with full distribution o Public with limited distribution o Private internal o Private restricted



Government and military classifications:



o Unclassified o Sensitive but unclassified o Confidential o Secret o Top secret



Data retention policies



Methods of disposing media to prevent data recovery: o Shredding/Burning o Partitioning/Formatting/Degaussing o Wiping a Hard Drive o Destruction




2.1 Promote Information Security Awareness. o Support certification and accreditation (i.e., security authorization) o Exchanging content between Home and Work o Storing of Personal Information on the Internet o Using Social Networking Sites o Password Management o Information Security




What is the difference between a regulation and a guideline ?



What are the main reasons for implementing security policies within an organization?



How is due diligence different than due process ?



How can a code escrow agreement provide security for an organization?



When a new security plan is distributed, why is it important to destroy all copies of the old version?



What are the characteristics of a strong password policy?



How is the government's secret classification different than the top secret classification?



Video/Demo

4.1.1 Security Policies

4.1.2 Data Privacy Laws

4.1.6 Information Classification

4.1.8 Data Retention Policies

4.1.9 Wiping a Hard Drive

Total


15 questions

Total Time

About 80 minutes

Time

7:23

9:42

5:40

11:40

12:58

47:23



Section 4.2: Manageable Network Plan

Summary

This section discusses milestones to develop a manageable network plan.



Prepare to Document



Map the Network



Protect Your Network (Network Architecture)



Reach Your Network (Device Accessibility)



Control Your network (User Access)



Manage Your Network Part I (Patch Management)



Manage Your Network Part II (Baseline Management)



Document Your Network




2.3 Maintain Hardware and Software Inventory.




When you are developing a manageable network plan, what should you keep in mind when you prepare to document your network?



What elements of the network are identified when you map your network?



What steps should you perform to protect your network?



How can you ensure that all the devices in the network have access but still maintain security?



What are the considerations to keep in mind to control user access and ensure network security?

Time Video/Demo

4.2.1 Manageable Network Plan

4.2.2 Manageable Network Plan 2

Total


3 questions

Total Time

About 35 minutes

16:49

14:05

30:54



Section 4.3: Business Continuity

Summary

This section provides basic information about the activities that will ensure business continuity. Concepts covered include:



Plans pertaining to business continuity include: o Business Continuity Plan (BCP) o Business Impact Analysis (BIA) o Disaster Recovery Plan (DRP)



Considerations when creating the disaster recovery and business continuity plans



The role of succession planning




2.2 Evaluate Information Risk. o Perform Risk calculation o Risk avoidance, transference, acceptance, mitigation, and deterrence




When is the best time to start planning for disaster recovery?



How is the Disaster Recovery Plan (DRP) related to the Business

Continuity Plan (BCP)?



What is the top priority when planning for a disaster?



How does a Business Impact Analysis (BIA) help to improve the security of an organization?



In addition to planning for how to keep operations going in the event of an incident, what else should a disaster recovery plan include?



How does succession planning differ from replacement planning?

Video/Demo

4.3.1 Business Continuity

4.3.2 Succession Planning

Total

Time

2:39

5:23

8:02




7 questions

Total Time

About 20 minutes



Section 4.4: Risk Management

Summary

In this section students will learn about using risk management to reduce risk for an organization. Concepts covered include:



Terms related to risk analysis: o Asset o Threat o Vulnerability o Threat agent o Attack o Countermeasure o Exposure o Loss o Risk o Residual risk



Processes involved in risk management: o Asset identification o Threat identification o Risk assessment o Risk response



Methods to prioritize assets: o Delphi method o Sensitivity vs. risk o Comparative o Asset classification



Document procedures



Data Loss Prevention (DLP): o Network DLP o Endpoint DLP o File-Level DLP




What kinds of components are tangible assets?



How can an asset have both a tangible and intangible value?



Why is determining the value of an asset important to an organization?



How is quantitative analysis different than qualitative analysis?



Which components are used to measure risk quantitatively?



What method is typically deployed in risk transference ?



Why is risk rejection not a wise risk response?



Video/Demo

4.4.1 Risk Management

Time

4:04

4.4.2 Security Controls 3:21

4.4.3 Data Loss Prevention (DLP) 4:57

Total 12:22


15 questions

Total Time

About 30 minutes



Section 4.5: Incident Response

Summary

This section discusses strategies for responding to an incident during and after the incident. Concepts covered include:



What is a security incident?



Incident response plans



Actions to take after an incident has been discovered



Responding to a security incident: o Short-term (triage) actions o Mid-term (action/reaction) actions o Long-term (follow up) actions



The role of the first responder



The elements of incident response



Considerations when responding to a security incident



Ways investigations can be performed for computer systems: o Live analysis o Dead analysis



Procedures for collecting and analyzing computer evidence



Report the findings following the analysis



Forensic investigation



Evidence life cycle



Chain of custody



Types of evidence: o Best o Corroborative o Hearsay



Stages of the evidence life cycle: o Collection and identification o Preservation and analysis o Storage o Transportation and processing o Presentation in court o Return to owner




Gather and authenticate forensic information from a system using a computer forensic tool.



Analyze and record forensic evidence.



View and build a case using the forensic evidence that has been gathered.






What actions should take place when an incident occurs?



What types of things would a computer forensic investigator want to analyze if he selected a live analysis over a dead analysis?



What methods can be used to save the contents of memory as part of a forensic investigation?



How should you ensure the integrity of collected digital evidence?



Why is chain of custody so important with forensic investigations?

Time Video/Demo

4.5.1 First Responder

4.5.2 Basic Forensic Procedures

4.5.3 Using Forensic Tools

4.5.4 Creating a Forensic Drive Image

Total


15 questions

Total Time

About 65 minutes

7:17

18:31

6:17

10:00

42:05



Section 4.6: Social Engineering

Summary

This section examines details about social engineering. Concepts covered include:



Forms of social engineering: o Passive o Active



Types of social engineering attacks: o Persuasive o Reciprocity o Social validation o Commitment o Scarcity o Friendship o Authority



Social engineering attacks: o Shoulder surfing o Eavesdropping o Dumpster diving o Tailgating and Piggybacking o Masquerading o Phishing o Spear phishing o Caller ID spoofing o Hoax e-mails o Spyware/Adware o Pretexting



Employee awareness training is the most effective countermeasure for social engineering. Train employees: o Actions to protect information o Actions to implement online security o Determine the value for types of information o Not allow others to use the employees identification o Demand proof of identity of others




Identify and ignore e-mail hoaxes to protect system resources.



Train users to identify phishing scams by mousing over links, verifying the

URL, and verifying HTTPS.






How is passive social engineering different than active social engineering?



What methods do attackers use to make an interaction appear legitimate?



How is employee awareness training the most effective countermeasure for social engineering?



What specific countermeasures should be implemented to mitigate social engineering?



How is tailgating different than piggybacking?



How does using bookmarks instead of e-mail links improve security?

Time Video/Demo

4.6.1 Social Engineering

4.6.2 Phishing Variations

4.6.4 Investigating Social Engineering Attack

Total

Lab/Activity



Respond to Social Engineering

4:39

13:04

9:45

27:28


15 questions

Total Time

About 55 minutes



Section 4.7: Certification and Accreditation

Summary

This section examines using certification and accreditation to provide security.




Security kernel



Methods to determine levels of access: o Token o Security label o Capabilities list



Methods used by secure operating systems to provide security: o Ring architecture o Security perimeter o Confinement o Bounds o Isolation o Layering o Abstraction o Hiding o Classification o Target of Evaluation (TOE) o Virtual machine



Main modes of security used in a Protection Profile (PP): o Dedicated Security o System High o Compartmentalized o Multilevel Secure



Concepts associated with the quality assurance process are: o The Target of Evaluation (TOE) o Security Target (ST) o Security Assurance Requirements (SARs) o Designated Approval authority (DAA) o Evaluation Assurance Level (EAL):

 No Assurance (EAL0)



Functionally Tested (EAL1)

 Structurally Tested (EAL2)

 Methodically Tested and Checked (EAL3)

 Methodically Designed, Tested and Reviewed (EAL4)

 Semi-formally Designed and Tested (EAL5)

 Semi-formally Verified Design and Tested (EAL6)

 Formally Verified Design and Tested (EAL7) o Considerations regarding EAL levels o Levels of approval:

 Acceptance





Certification

 Accreditation

 Assurance




Which methods does a reference monitor use to determine levels of access?



Where is the reference monitor in relation to the security perimeter?



How does layering provide security to an operating system?



In a layered system, where does the operating system function?



How does commercial classification labeling differ from military?



How does acceptance differ from certification and accreditation?

Time Video/Demo

4.7.1 Trusted Computing

4.7.2 Certification and Accreditation

Total


12 questions

Total Time

About 40 minutes

10:01

4:46

14:47



Section 4.8: Development

Summary

In this section students will learn about the System Development Life Cycle

(SDLC). SDLC is a systematic method for used for software development and implementation of system and security projects. Concepts covered include:



Phases of the SDLC: o Project initiation o Functional design o System Design o Development and coding o Installation and implementation o Release o Operations and maintenance o End of life



Change control



Standardized models that developers use when developing new software are: o Ad-hoc o Waterfall planning o Structured programming o Prototype o Object-oriented programming o Spiral o Clean room o Extreme programming o Computer-Aided Software Engineering (CASE)




How does the spiral model combine the waterfall model and the prototype model?



How should security be employed in the different stages of development?



What does functional design entail?



When is change control necessary?



What are the responsibilities of developers after a product is released?



Video/Demo

4.8.1 System Development Life Cycle

4.8.2 System Development Life Cycle 2

Total


7 questions

Total Time

About 35 minutes

Time

8:40

7:49

16:29



Section 4.9: Employee Management

Summary

This section discusses strategies for managing employees. Details covered include:



The role of employee management



Principles that should be part of employee management decisions: o Least privilege o Separation of duties o Two-man control



Common employee-related security vulnerabilities: o Fraud o Collusion



Employee security process: o Pre-employment o Employment o Termination



Security awareness includes: o Security training o Security retraining o Random security audits



Employee agreement documents: o Non-disclosure agreement (NDA) o Non-compete agreement o Ownership of materials agreement o Data handling and classification policy o Clean desk policy o Acceptable use agreement o Password security policy o Employee monitoring agreement o Exit interview cooperation agreement



First day of employment documents: o Security policy o Employee Handbook o Job description



Ethics



Code of ethics



Components of code of ethics: o Values o Principles o Management Support o Personal Responsibility o Compliance





The (ISC)2 Code of Ethics canons include: o Protect society, the common wealth, and the infrastructure (do no harm), o Act honorably, honestly, justly, responsibly, and legally (be a good person). o Provide diligent and competent service to the principles (be a good

CISSP). o Advance and protect the security profession.




How can pre-employment processing improve the security of an organization?



What is the role of the policy handbook regarding security?



What guidelines must be considered when monitoring employees?



Why should employees be required to sign employment agreements?



How are separation of duties and two-man control different?



How can collusion be avoided?



What is the importance of a clear job description?

Time Video/Demo

4.9.1 Employment Practices


15 questions

Total Time

About 40 minutes

13:45



Section 4.10: Third-Party Integration

Summary

This section discusses strategies for securing integration with third parties.

Details covered include:



Onboarding considerations



Ongoing operations



Off-boarding




What security issues must be identified and addressed during the onboarding phase of a third-party relationship?



What are the key documents that are included in an Interoperability

Agreement (IA)?



What is the role of the Service Level Agreement (SLA)?



During the ongoing phase of the relationship, how do you ensure that security has not been compromised?



Which items need to be disabled or reset during the off-boarding phase of the relationship?

Time Video/Demo

4.10.1 Third-Party Integration Security Issues


4 questions

Total Time

About 20 minutes

11:24



Section 5.1: Physical Security

Summary

This section provides information about physical security. Concepts covered include:



Factors for physical security: o Prevention o Detection o Recovery



Important aspects of physical security



Physical control measures: o Perimeter barriers o Closed-circuit television (CCTV) o Doors o Door locks o Physical access logs o Physical access controls



The sequence of physical security: o Deter initial access attempts o Deny direct physical access o Detect the intrusion o Delay the violator to allow for response



Implementing a layered defense system



Tailgating and piggybacking




3.1 Harden Data Center Physical Access. o Implement Access Rosters o Utilize Visitor Identification and control o Protect Doors and Windows o Implement Physical Intrusion Detection Systems






What types of physical controls can be implemented to protect the perimeter of a building?



What is the difference between a mantrap and a double entry door?



What types of doors are effective deterrents to piggybacking?



How does an anti-passback system work?



What types of devices are best suited for interior motion detection?

Perimeter motion detection?



How do physical access logs help to increase the security of a facility?

Video/Demo Time

5.1.1 Physical Security

5.1.2 Tailgating and Piggybacking

18:39

3:28

Total 22:07

Lab/Activity



Implement Physical Security


15 questions

Total Time

About 50 minutes



Section 5.2: Hardware Security

Summary

This section examines the following general hardware security guidelines:



Checkout policy



Room security



Hardware locks



Backup Storage




3.1 Harden Data Center Physical Access. o Utilize Visitor Identification and control o Protect Doors and Windows o Implement Physical Intrusion Detection Systems




How can you protect computers that are placed in cubicles?



What are the security guidelines you should implement to protect servers in your organization?



How can you ensure that the memory and hard disks cannot be removed from a computer that is bolted to a desk?



What types of details should a hardware checkout policy include?

Time Video/Demo

5.2.1 Hardware Security Guidelines

5.2.2 Breaking into a System

Total

7:50

7:30

15:20


4 questions

Total Time

About 20 minutes



Section 5.3: Environmental Controls

Summary

This section discusses how environmental controls can be implemented to protect computer systems. Details covered include:



Power conditions to be aware of: o Surge/Spike o Sag/Dip o Brownout o Blackout o Fault o Transient



Recommendations for preventing or correcting infrastructure problems for: o HVAC system o AC power o Water and gas



Interference: o Electro-magnetic interference (EMI) o Radio Frequency interference (RFI)



Shielding



Recommendations for the location of the data center



Environmental monitoring: o Temperature o Air flow o Humidity



Using hot and cold aisles with server rooms to reduce the temperature of server rooms.



Elements required for fire: o Fuel o Heat o Oxygen o Chemical reaction between oxygen and the fuel



Primary fire-suppression systems: o Portable o Fixed



Extinguishing agents used to suppress fire: o Water o Gas that displaces oxygen o Dry chemicals such as sodium bicarbonate, wet chemicals and foam used to extinguish fuel from burning



US fire classes and suppressant types



Considerations when responding to fire emergencies








What temperature range protects equipment from overheating?



What is a good HVAC practice to help prevent electrostatic discharge?



What is the difference between a positive pressure system and a negative pressure system? Which is the best to use in a server room?



What is the difference between a sag and a brownout ?



How does a deluge sprinkler function differently than a wet pipe system?



What should you do first in the event of a fire?



When using a portable fire extinguisher, it is recommended that you use the PASS system to administer the fire suppressant. How does the PASS system work?



What is the recommended range for extinguishing a small fire using a fire extinguisher?



What are the advantages of using a gas as a fire suppressant?

Disadvantages?

Time Video/Demo

5.3.1 Environmental Controls

5.3.2 Environmental Monitoring

5.3.3 Hot and Cold Aisles

Total

6:00

11:33

5:17

22:50


11 questions

Total Time

About 45 minutes



Section 5.4: Mobile Devices

Summary

In this section students will explore securing mobile devices. Details about the following concepts will be covered:



Mobile devices include: o Smartphones o Laptops o PC tablets o PDAs o Other small handheld computing devices



Considerations for mobile devices: o Request process o Asset tracking and inventory control o Acceptable Use o Personal Identification Number (PIN) o Unused features o Lockout or screen lock o Encryption o Remote wipe o Storage segmentation o Reporting system



Train employees on security considerations



BYOD security issues and remedies: o Malware propagation o Loss of control of sensitive data o Malicious insider attacks o Device management o Support




2.1 Promote Information Security Awareness. o Traveling with Personal Mobile Devices o Exchanging content between Home and Work o Password Management o Photo/GPS Integration o Information Security o Auto-lock and Passcode Lock



3.2 Harden mobile devices (Laptop). o Set a BIOS Password o Set a Login Password o Implement full disk encryption



6.2 Implement Patch Management/System Updates.



o Apply the latest Apple Software Updates




What types of electronic devices are considered part of the mobile devices group?



How do you unlock a mobile device after it has gone into lockout ?



Under what conditions would you consider using remote wipe on a mobile device?



What mobile device feature can display its current location if lost or stolen?



What security technique ensures data confidentiality if a mobile device is lost or stolen?

Time Video/Demo

5.4.1 Mobile Device Security

5.4.3 BYOD Security Issues

5.4.5 Securing Mobile Devices

Total

Lab/Activity



Secure an iPad


8 questions

Total Time

About 40 minutes

7:33

9:33

10:20

27:26



Section 5.5: Mobile Device Security Enforcement

Summary

This section discusses enforcing security for mobile devices. Details about the following concepts will be covered:



Windows Intune currently supports: o Windows 8.x o Windows RT 8.x o Windows Phone 8 o Apple iOS devices, such as the iPhone



Configurations that Windows Intune can be deployed: o Cloud-only mode o United configuration mode



Intune management portals: o Account Portal o Admin Portal o Company Portal



Tasks to configure the system: o Add Intune users o Define Intune policies o Manage users and groups o Enroll computers o Enroll mobile devices



Security issues when working with mobile device apps: o App control o Authentication and credential management o App whitelisting o Geo-tagging




What is the role of a mobile device management (MDM) solution?



What are the two different types of configurations that can be used when deploying Windows Intune?



Which Intune management portal is used by end users to manage their own account and enroll devices?



Windows Intune uses two types of groups to manage users and devices.

Which group is used to deploy Intune agent settings?



What two ways can you enroll standard computer systems in Windows

Intune?



Video/Demo

5.5.1 Enforcing Security Policies on Mobile Devices

5.5.2 Enrolling Devices and Performing a Remote Wipe

5.5.4 Mobile Application Security

Total


8 questions

Total Time

About 40 minutes

Time

7:57

8:49

9:00

25:46



Section 5.6: Telephony

Summary

In this section students will learn the basics of telephony, the transmission of voice communication. Concepts covered include:



Implementations of voice communications: o Public Switched Telephone Network (PSTN) o Voice over IP (VoIP)



VoIP terms: o Convergence o H.323 o IPT (Internet Protocol Telephony) o Real Time protocol (RTP) o Session Initiation Protocol (SIP) o Service Delivery Platform (SDP) o Media stream o Softswitch o Voice gateway



Common exploitation attacks: o Cramming o Slamming o War dialing o Denial of Service (DoS) o Cross-site Scripting (XSS) o Cross Site Request Forgery (CSRF)



Common cell phone exploitation attacks: o Cloning o Sniffing o Tumbling



Considerations when managing telephony solutions




What methods can be used to send digital data through Plain Old

Telephone System (POTS) lines?



What are common threats to a PBX system? How do you secure the

PBX?



What types of security issues must be considered when using VoIP?



What is the difference between cramming and slamming ?



What countermeasures protect against war dialing?



What is the function of the SIP protocol?



How can VLANs increase network security on systems with VoIP implemented?



Video/Demo

5.5.1 Telephony


4 questions

Total Time

About 25 minutes

Time

15:00



Section 6.1: Networking Layer Protocol Review

Summary

This section reviews elements of the networking layer protocol design. Details covered include:



Open System Interconnection (OSI) model layers: o Application (Layer 7) o Presentation (Layer 6) o Session (Layer 5) o Transport (Layer 4) o Network (Layer 3) o Data Link (Layer 2) o Physical (Layer 1)



IP Addresses: o IPv4 address is a 32-bit binary number between 0 and 255:



Converting binary to decimal and vice versa

 Subnet mask

 IPv4 classes o IPv6 address is a 128-bit binary number:

 Prefix

 Interface ID



The role of subnetting



Custom subnet masks




Configure IPv6



Configure subnetting




What is the OSI model and why is it important in understanding networking?



What are the advantages of using a theoretical model to describe networking?



What type of network would the 192.168.174.34 address represent?



What are the two parts of an IPv6 address and what do they represent?



Under what conditions would you choose to subnet a network?



Video/Demo

6.1.1 OSI Model

6.1.3 IP Addressing

6.1.5 Configuring IPv6

6.1.6 IP Subnetting

6.1.7 Configuring Subnetting

Total


9 questions

Total Time

About 65 minutes

Time

4:08

17:22

5:28

12:35

8:07

47:40



Section 6.2: Transport Layer Protocol Review

Summary

This section reviews elements of the transport layer protocol design. Details covered include:



Custom subnet masks



Major protocols: o Transmission Control Protocol (TCP) o User Datagram Protocol (UDP) o Internet Protocol (IP) o Internetwork Packet Exchange (IPX) o Network Basic Input/Output System (NetBIOS) o Internet Control Message Protocol (ICMP) o Address Resolution Protocol (ARP) o Domain Name System (DNS) o Simple Network Management Protocol (SNMP)



The role of ports



Internet Corporation for Assigning Names and Numbers (ICANN) categories for ports: o Well-known o Registered o Dynamic



Well-known ports that correspond to common Internet services



Considerations regarding ports




Analyze a TCP three-way handshake.




What are the major differences between TCP and UDP?



How can ICMP messages be used to provide a valuable security tool?



What is the best practice when deciding which protocol ports to allow through a network firewall?



Why would an administrator find it important to run a port scanner on the system?



Video/Demo

6.2.1 Network Protocols

Time

4:45

6.2.3 Analyzing a TCP Three-way Handshake 2:14

6.2.4 TCP and UDP Ports 9:02

Total 16:01


15 questions

Total Time

About 35 minutes



Section 6.3: Perimeter Attacks 1

Summary

This section discusses different types of attacks and the countermeasures for them to improve security. Details covered include:



Reconnaissance types: o Organizational o Technical



Basic stages of reconnaissance: o Passive reconnaissance o Active scanning



Countermeasures for preventing reconnaissance



Denial of Service attacks (DoS)



Distributed Denial of Service (DDoS) attacks



Distributed Reflective Denial of Service (DRDoS)



DoS attacks that use the ICMP protocol: o Ping flood o Ping of death o Smurf



DoS attacks that exploit the TCP protocol: o SYN flood o LAND o Christmas (Xmas) Tree



DoS attacks that exploit the UDP protocol include: o Fraggle o Teardrop



Countermeasures for DoS and DDoS




View and analyze captured traffic using a network analyzer.



Analyze captured traffic to determine the extent to which the bandwidth is being compromised.



Perform a port scan on a system using netstat to determine connections and listening ports.



Perform a port scan using nmap to find all the open ports on a remote system.



Use a UDP flooder to test network bandwidth.



Scan for MAC addresses and the corresponding IP addresses using a

MAC address scanning tool.



Perform an ARP poisoning attack on a host to identify vulnerabilities.



Use a sniffer to detect an unusually high traffic pattern of ARP replies.








What types of resources make organizational reconnaissance so readily available?



How is footprinting used to determine the operating system of the recipient?



How does a Distributed Reflective Denial of Service (DRDoS) increase the severity of a DoS attack?



What countermeasures will help to mitigate DoS and DDoS attacks?

Time Video/Demo

6.3.1 Reconnaissance

6.3.2 Performing Reconnaissance

6.3.4 Denial of Service (DoS)

6.3.5 Xmas Tree Attacks

6.3.7 Performing a UDP Flood Attack

Total

2:40

9:01

7:49

3:23

3:54

26:47


15 questions

Total Time

About 50 minutes



Section 6.4: Perimeter Attacks 2

Summary

This section discusses additional types of attacks and the countermeasures to improve security. Details covered include:



Common methods of session based attacks include: o Man-in-the-middle o TCP/IP hijacking o HTTP (session) hijacking o Replay attack o Null session



Common methods of spoofing: o IP spoofing o MAC spoofing o ARP spoofing



Countermeasures to prevent spoofing



DNS-based attacks



Main methods to attack DNS servers: o Reconnaissance o DNS poisoning o Domain name kiting



Using the HOSTS file to improve security




Perform queries on name server records using nslookup .



Restrict zone transfers to specific servers.



Map malicious Web sites to a loopback address (127.0.0.0) in the HOSTS file.



Identify who has registered a domain name using Whois.net

and

SamSpade.org

.



Gather organizational information using Google, job boards, or other common Internet tools.




Why is a man-in-the-middle attack so dangerous for the victim?



What countermeasures can be used to control TCP/IP hijacking?



What methods should you employ to prevent a replay attack?



What countermeasures can help prevent spoofing?



What is the difference between a primary and a secondary DNS server?



How does domain name kiting work?



In what ways can the HOSTS file be used to improve security?



Video/Demo

6.4.1 Session and Spoofing Attacks

6.4.3 Performing ARP Poisoning

6.4.5 DNS Attacks

6.4.7 Examining DNS Attacks

Total


15 questions

Total Time

About 50 minutes

Time

6:41

4:24

4:30

13:29

29:04



Section 6.5: Security Appliances

Summary

This section provides basic information about security appliances. Concepts covered include:



The role of security zones



Common zones: o Intranet o Internet o Extranet o Demilitarized Zone



Network security solutions: o Proxy server o Internet content filter o Network Access Control (NAC) o All-in-one security appliance o Application-aware devices




Enable Parental Controls for a user and configure control settings for allowed Web sites, time limits, games, and specific programs.



Enable activity reporting to view Web browsing activities of a user in which you have configured parental controls.



Manage users on a security appliance.



Restrict access to a security appliance based on IP address.



Use a security appliance to set a user for LAN access only.




4.1 Harden the Network Perimeter (using a Cisco Network Security

Appliance). o Change the Default Username and Password



7.1 Implement Application Defenses. o Configure Parental Controls to enforce Web content filtering






To which security device might you choose to restrict access by user account?



What types of restrictions can be configured for proxy servers?



What types of entities commonly use Internet content filtering software?



What functions does keyword filtering provide?



How can Network Access Controls (NAC) help to improve the security of a network?

Video/Demo Time

6.5.1 Security Solutions

6.5.2 Security Zones

4:02

5:31

6.5.4 All-In-One Security Appliances 4:30

6.5.6 Configuring Network Security Appliance Access 6:55

Total 20:58

Lab/Activity



Configure Network Security Appliance Access


4 questions

Total Time

About 35 minutes



Section 6.6: Demilitarized Zones (DMZ)

Summary

This section examines the role of demilitarized zones (DMZ). Terms discussed that are related to DMZs are:



Bastion or sacrificial host



Screening router



Duel-homed gateway



Screened host gateway



Screened subnet




Add a server to a DMZ.



Configure a DMZ port to act as a DHCP Server.

Security Pro exam objectives:




Appliance). o Create a DMZ




How is a honey pot used to increase network security?



How is a gateway different from a router?



What is the typical configuration for a DMZ configured as dual-homed gateway ?



A screened subnet uses two firewalls. What are the functions of each firewall?



What type of computers might exist inside of a demilitarized zone (DMZ)?



What makes bastion hosts vulnerable to attack? What should you do to harden bastion hosts?



Video/Demo

6.6.1 Demilitarized Zones (DMZ)

6.6.2 Configuring a DMZ

Total

Lab/Activity



Configure a DMZ


8 questions

Total Time

About 30 minutes

Time

9:49

5:42

15:31



Section 6.7: Firewalls

Summary

This section discusses basic information about firewalls. Concepts covered include:



Firewall considerations: o Network-based firewall o Host-based firewall o Filtering rules o Access control lists (ACLs)



Firewall types: o Packet filtering o Stateful o Application



Managing firewalls




Enable Windows Firewall and configure exceptions to control communications through the firewall.



Configure inbound and outbound rules to control traffic.



Create a custom rule to allow ICMP Echo Requests through a firewall.



Import and export firewall rules to other machines to create firewalls with uniform settings.





Appliance). o Configure a Firewall




What is the difference between a network-based firewall and a host-based firewall?



When would you choose to implement a host-based firewall?



What traffic characteristics can be specified in a filtering rule for a packet filtering firewall?



How does a packet filtering firewall differ from a circuit-level gateway?



Why is a packet filtering firewall a stateless device?



What types of filter criteria can an application layer firewall use for filtering?



Video/Demo

6.7.1 Firewalls

6.7.3 Configuring a Perimeter Firewall

Total

Lab/Activity



Configure a Perimeter Firewall


15 questions

Total Time

About 40 minutes

Time

5:33

9:47

15:20



Section 6.8: Network Address Translation (NAT)

Summary

This section examines using a Network Address Translation (NAT) router to translate multiple private addresses into a single registered IP address. Concepts covered include:



NAT implementations: o Network Address and port Translation o Static NAT o Dynamic and Static NAT



Considerations when implementing NAT




Install and configure the Network Address Translation (NAT) IP routing protocol on a router.



Configure the NAT router to act as a DHCP server.



Configure the NAT router to act as a DNS proxy.





Appliance). o Configure NAT




How has NAT extended the use of IPv4?



How does a NAT router associate a port number with a request from a private host?



What are the three ways in which NAT can be implemented?



Where is NAT typically implemented?



Why do private networks have a limited range of IP addresses they can use?



Video/Demo

6.8.1 Network Address Translation

6.8.2 Configuring NAT

Total


6 questions

Total Time

About 30 minutes

Time

15:57

5:11

21:08



Section 6.9: Virtual Private Networks (VPN)

Summary

This section discusses using a virtual private network (VPN) to securely send data over an untrusted network. Details include:



VPNs work by using a tunneling protocol



Ways VPNs can be implemented: o Host-to-host VPN o Site-to-site VPN o Remote access VPN



Tunnel endpoints



Implementing a VPN



Types of protocols used by VPNs: o Carrier protocol o Tunneling protocol o Passenger protocol



Common VPN tunneling protocols: o Point-to-Point Tunneling Protocol (PPTP) o Layer 2 Forwarding (L2F) o Layer Two Tunneling Protocol (L2TP) o Internet Protocol Security (IPSec) o Secure Sockets Layer (SSL)




Configure a remote access VPN connection.





Appliance). o Configure VPN




What are the three ways VPNs can be implemented?



What is a VPN concentrator?



What function do VPN endpoints provide?



Which IPsec mode does not encrypt the header of a transmission? Why?



What are the three types of protocols used by VPNs?



Which IPsec protocol does not encrypt data?



Video/Demo

6.9.1 Virtual Private Networks (VPNs)

6.9.2 Configuring a VPN

Total

Lab/Activity



Configure a Remote Access VPN



Configure a VPN Connection iPad


11 questions

Total Time

About 40 minutes

Time

10:16

4:25

14:41



Section 6.10: Web Threat Protection

Summary

In this section students will learn about the following protections against web threats:



Website/URL content filtering



Web threat filtering



Gateway E-mail Spam blockers



Virus blockers



Antiphishing software




Configure Web threat protection.





Appliance). o Implement Web Threat Protection



7.1 Implement Application Defenses. o Configure Parental Controls to enforce Web content filtering




How have Web threats become more sophisticated?



Which Web threat protections prevent a user from visiting restricted websites?



How is Web threat filtering implemented?



What types of filters can be used by spam blockers?



Video/Demo

6.10.1 Web Threat Protection

Time

9:29

6.10.2 Configuring Web Threat Protection 4:26

Total 13:55

Lab/Activity



Configure Web Threat Protection


4 questions

Total Time

About 25 minutes



Section 6.11: Network Access Control (NAC)

Summary

In this section students will explore network access control (NAC). Details about the following concepts will be covered:



Components of Network Access Protection (NAP): o NAP Client o NAP Server o Enforcement Server (ES) o Remediation Server



Enforcement point types: o DHCP o Remote Desktop (RD) Gateway o VPN o 802.1x o IPSec




Configure Network Access Protection to restrict network access to only clients that meet specified health criteria.



Add the necessary role services to implement Network Access Protection

(NAP).



Enable NAP on an enforcement point.



Create domain and server isolation rules.



Configure system health validator and health policy settings.




How do remediation servers and auto-remediation help clients become compliant?



What server role service do you add to configure a server as an enforcement point for NAP?



How do you define the quarantine network when using 802.1x enforcement?



Which enforcement method uses a Health Registration Authority (HRA)?



What type of communication occurs in the boundary network when using

IPsec enforcement?



Video/Demo

6.11.1 Network Access Protection

6.11.2 Implementing NAP with DHCP Enforcement

Total


4 questions

Total Time

About 45 minutes

Time

19:57

15:56

35:53



Section 6.12: Wireless Overview

Summary

This section provides an overview of wireless networking. Details include:



Wireless networking concepts: o Wireless access point (WAP) o Wireless antennae o Wireless interface o Wireless bridge o Wireless configuration o Worldwide Interoperability for Microwave Access (WiMAX) o GSM (Global System for Mobile Communications) o Near field communication (NFC)



Methods to implement security for wireless networking: o Wired Equivalent Privacy (WEP) o Wi-Fi Protected Access (WPA)



Wi-Fi Protected Access 2 (WPA2) or 802.11i




Manually connect to a wireless network.



Manage wireless networks.



Secure a wireless network from unauthorized connections.




What is the role of a wireless access point (WAP)?



What is the difference in functionality between an omnidirectional antenna and a directional antenna?



What two methods are available for configuring a wireless network?



What are the advantages of using the WiMAX protocol for long-range wireless networking?

Video/Demo Time

6.12.1 Wireless Networking Overview

6.12.2 Wireless Antenna Types

5:35

8:03

6.12.4 Wireless Encryption 6:45

6.12.6 Configuring a Wireless Connection 12:22

Total 32:45



Lab/Activity



Secure a Wireless Network


15 questions

Total Time

About 60 minutes



Section 6.13: Wireless Attacks

Summary

In this section students will learn about security attacks that wireless networks are vulnerable to:



Rogue access point



Wardriving



War chalking



Packet sniffing



Initialization Vector (IV) attack



Interference



Bluetooth



Near Field Communication (NFC)



Wi-Fi Protected Setup




What steps can you take to protect your wireless network from data emanation?



What is the difference between bluejacking and bluesnarfing ?



Why is a successful bluebugging attack more dangerous for the victim than a bluesnarfing attack?



What is the best method to protect against attacks directed towards

Bluetooth capabilities?



What is the difference between a rogue access point and evil twin ?



How can you protect your network against rogue access points?

Video/Demo

6.13.1 Wireless Attacks

6.13.3 Using Wireless Attack Tools

6.13.4 Detecting Rogue Hosts

Total


15 questions

Time

13:28

9:06

7:37

30:11

Total Time

About 50 minutes





Section 6.14: Wireless Defenses

Summary

This section discusses defenses to secure wireless transmissions. Details include:



Considerations when using 802.1x authentication for wireless networks.



Extensible protocols that support 802.1x authentication: o Extensible Authentication Protocol (EAP) o Light-weight Extensible Authentication Protocol (LEAP) o Protected Extensible Authentication Protocol (PEAP)



Additional security considerations with wireless networks: o SSID obfuscation o MAC address filtering o Antenna placement, power level, and orientation o Encryption o Captive portals o Authentication o Rogue host detection




Configure a wireless access point by disabling the SSID broadcast and enabling security.



Configure a wireless network profile to automatically connect even if the

SSID broadcast is turned off.



Scan a network to detect wireless access points and determine if the access points are secure.




4.2 Secure a Wireless Access Point (WAP). o Change the Default Username, Password, and Administration limits o Implement WPA2 o Configure Enhanced Security



MAC filtering

 SSID cloaking

 Power Control o Disable Network Discovery






How does turning off the SSID broadcast help to secure the wireless network?



What methods can you use to secure a wireless network from data emanation?



What does open authentication use for authenticating a device? Why is this not a very secure solution?



What two additional components are required to implement 802.1x authentication?



What does WEP use for the encryption key? Why does this present a security problem?



Why should you not use shared key authentication with WEP?



What is the difference between WPA Personal and WPA Enterprise?



You have an access point that currently supports only WEP. What would you typically need to do to support WPA2?



What is the encryption method used with WPA? WPA2?

Time Video/Demo

6.14.1 Wireless Security Considerations

6.14.2 Wireless Authentication

6.14.4 Configuring a Wireless Access Point

6.14.7 Configuring a Captive Portal

Total

Lab/Activity



Obscure a Wireless Network



Configure a Wireless Profile

12:54

4:40

19:54

12:02

49:30


15 questions

Total Time

About 80 minutes



Section 7.1: Network Devices

Summary

This section examines the characteristics of the following common network devices:



Network Interface Card (NIC)



Hub



Wireless Access Point (WAP)



Switch



Bridge



Router



Gateway




What are the security advantages of using switches over hubs?



What security problems could static routing pose on a large network?



What security threat do broadcasts allow?



What information does a router ACL use to allow or reject packets?

Video/Demo

7.1.1 Network Devices


7 questions

Total Time

About 15 minutes

Time

5:51



Section 7.2: Network Device Vulnerabilities

Summary

In this section students will learn about the following network device vulnerabilities:



Default accounts and passwords



Weak passwords



Privilege escalation



Backdoor




Search a database for default passwords for network devices.




5.1 Harden Network Devices (using a Cisco Small Business Switch). o Change the Default Username and Password on network devices




For security considerations, what is the first thing you should do when new hardware and software is turned on for the first time?



What are the characteristics of a complex password?



How is privilege escalation different than hacking into a system to gain access to resources?



What measures should be completed to protect against backdoors?

Video/Demo Time

7.2.1 Device Vulnerabilities 1:47

7.2.3 Searching Defaultpasswords.com 1:23

7.2.4 Securing a Switch 3:21

Total 6:31



Lab/Activity



Secure a Switch


4 questions

Total Time

About 20 minutes



Section 7.3: Switch Attacks

Summary

This section discusses common attacks that are perpetrated against switches:



MAC flooding



ARP spoofing/poisoning



MAC spoofing



Dynamic Trunking Protocol (DTP)




Secure a switch.




5.1 Harden Network Devices (using a Cisco Small Business Switch). o Implement Port Security




What types of attacks are commonly perpetrated against switches?



How does MAC flooding make a switch function as a hub? What is this state called?



How are switches indirectly involved in ARP poisoning?



How does the attacker hide his identity when performing MAC spoofing?



What is a more secure alternative to using the Dynamic Trunking Protocol

(DTP)?

Time Video/Demo

7.3.1 Switch Attacks


4 questions

Total Time

About 10 minutes

5:04



Section 7.4: Router Security

Summary

This section discusses actions to take to increase router security. Concepts covered include:



General actions to secure routers: o Secure passwords o Secure protocols o Physical security o Secure configuration file




5.1 Harden Network Devices (using a Cisco Small Business Switch). o Shut down unneeded services and ports o Implement Port Security o Remove unsecure protocols (FTP, telnet, rlogin, rsh) o Run latest iOS version



8.2 Protect Data Transmissions across open, public networks. o Encrypt Data Communications




What hashing algorithm is used to encrypt the password on a Cisco device?



What secure protocols should you use to remotely manage a router?



What type of actions can be used to ensure the physical security of network devices?

Time Video/Demo

7.4.1 Router Security


4 questions

Total Time

About 15 minutes

8:56



Section 7.5: Switch Security

Summary

This section discusses actions to take to increase switch security. Concepts covered include:



Switch features that can be implemented to increase network security: o Virtual LAN (VLAN) o MAC filtering/port security o Port authentication (802.1x)



Considerations when implementing switch security



Switching loop



Types of ports used by the spanning tree protocol: o Root ports o Designated ports o Blocked ports



Ports in the spanning tree protocol exist in one of five states: o Blocking o Listening o Learning o Forwarding o Disabled




Create VLANs and assign switch ports to VLANs.



Configure a trunk port on a switch.



Harden a switch.



Secure access to a new switch.




5.1 Harden Network Devices (using a Cisco Small Business Switch). o Implement Port Security o Remove unsecure protocols (FTP, telnet, rlogin, rsh) o Run latest iOS version o Segment Traffic using VLANs




How does a switch identify devices that are in different VLANs?



What is the function of a trunk port?



When trunking is used, how is the receiving switch able to identify which

VLAN the frame belongs to?





What is required for devices to communicate between VLANs?



How is port security different from port filtering?



Which secure protocols should you use to remotely manage a router?

Time Video/Demo

7.5.1 Switch Security

7.5.2 Switch Loop Protection

7.5.4 Configuring VLANs from the CLI

7.5.6 Configuring VLANs

7.5.8 Hardening a Switch

Total

Lab/Activity



Explore VLANs from the CLI



Explore VLANs



Harden a Switch



Secure Access to a Switch



Secure Access to a Switch 2


15 questions

Total Time

About 90 minutes

13:01

10:46

4:32

3:32

14:10

46:01



Section 7.6: Intrusion Detection and Prevention

Summary

In this section students will learn the basics of intrusion detection and prevention.




The role of an intrusion detection system (IDS)



State of how IDS is labeled: o Positive o False positive o Negative o False negative



Typical detection systems: o Response capability o Recognition method o Detection scope



Fake resources to protect servers and networks: o Honeypot o Honeynet o Tarpit (also called a sticky honeypot )



Cautions when implementing solutions: o Enticement o Entrapment



Intruder Detection considerations




Monitor network activity using intrusion detection software to capture and view network traffic.




What does it mean when traffic is labeled as a false negative ?



What data sources does an IDS system use to gather information that it will analyze to find attacks?



How does an IPS differ from an IDS?



What type of recognition method is used by most virus scanning software?



What is the advantage to using a network-based IDS instead of a hostbased IDS?



What are the security reasons for using a honeypot or honeynet?



After an attack, what types of data should you back up to retain information about the attack for future investigations?



Video/Demo

7.6.1 Intrusion Detection

7.6.2 Detection vs. Prevention Controls

7.6.4 Implementing Intrusion Monitoring

7.6.5 Implementing Intrusion Prevention

Total

Lab/Activity



Implement Intrusion Prevention


15 questions

Total Time

About 50 minutes

Time

7:31

7:50

3:33

7:51

26:45



Section 7.7: SAN Security

Summary

This section discusses the following security controls to increase the security of a

Storage Area Network (SAN):



Default user names and passwords



Logical unit number (LUN) masking



Fabric zoning



Virtual SANs (VSANs)



Authentication



Encryption




Secure an iSCSI SAN using an access control list and mutual authentication.




How does LUN masking increase security?



What are the three different ways that fabric zoning can be implemented?



What is the role of VSANs?



What device connection controls can be implemented to protect SANs from common network attacks?



What types of authentication mechanisms are available for Fibre Channel

SANs?

Video/Demo

7.7.1 SAN Security Issues

7.7.2 Configuring an iSCSI SAN

Total

Time

14:32

9:57

24:29


5 questions

Total Time

About 30 minutes





Section 8.1: Malware

Summary

This section provides an overview of malware. Concepts covered include:



Common malware: o Virus o Worm o Trojan horse o Zombie o Botnet o Rootkit o Logic bomb o Spyware o Adware o Ransomware o Scareware o Crimeware



Terms related to exploiting software and system vulnerabilities: o Hacker o Cracker o Script kiddy o Phreaker



Historic malware events: o Stoned o Michelangelo o CHI/Chernobyl Virus o Melissa o I Love You o Code Red o Nimda o Klez



Actions to take to prevent being infected with malware



Actions to take to recover from malware




Scan a system with anti-malware software to identify potential threats.



Configure Windows Defender protections to secure a network from malware.



Quarantine and remove malware.



Analyze startup programs to detect possible malware.






6.1 Harden Computer Systems Against Attack. o Protect against spyware and unwanted software using Windows

Defender



9.2 Review security logs and violation reports, implement remediation.




What is the difference between a virus and a worm ?



Which types of malware can be spread through e-mail?



How are Trojans and botnets related?



What does it mean for software to be quarantined?



Why is it a good practice to show file extensions?



In addition to implementing virus scanning software, what must you do to ensure that you are protected from the latest virus variations?

Video/Demo Time

8.1.1 Malware 9:28

8.1.4 Implementing Malware Protections 23:43

8.1.5 Using Windows Defender 14:22

Total 47:33

Lab/Activity



Configure Windows Defender


15 questions

Total Time

About 75 minutes



Section 8.2: Password Attacks

Summary

This section provides information about password attacks. Concepts covered include:



Methods that threat agents use to discover or crack passwords: o Tools to check for unencrypted or weakly encrypted passwords o Social engineering o Brute force attacks o Tools to crack passwords:

 Programs such as SnadBoy’s Revelation

 Keylogging software



Rainbow tables



Hashed passwords collection methods



Strategies to protect against password attacks: o Educate users on how to create and remember strong passwords o Protect access to the password file o Salt the hash to mitigate rainbow table attacks o Implement two-factor authentication




Analyze the strength of passwords by using a rainbow table to perform a cryptanalysis attack on the hashed values of passwords.



Use SnadBoy's Revelation to reveal a password.



Use a keylogger to capture a password.




How are attackers able to recover passwords?



What are the characteristics of a complex password?



What are the differences between brute force and dictionary attacks?



How does account lockout help secure an account?



What technique will mitigate rainbow table attacks?



Video/Demo

8.2.1 Password Attacks

8.2.3 Using Rainbow Tables

8.2.4 Capturing Passwords

Total


4 questions

Total Time

About 20 minutes

Time

2:04

4:48

5:40

12:32



Section 8.3: Windows System Hardening

Summary

In this section students will learn about hardening a Windows system. Concepts covered include:



The role of hardening to secure devices and hardware



Recommendations for hardening systems



Types of updates: o Hotfix o Patch o Service pack



Consideration when managing updates




Harden a system by changing default account passwords and verifying user and group assignments.



Lock down system security by installing only required software and roles and disabling unnecessary services.



Use security templates to apply or audit security settings on your system.



Use Group Policy to deploy multiple settings to multiple machines in an

Active Directory domain.



Use Windows Updates and WSUS to automate patch management of your Windows system.




6.1 Harden Computer Systems Against Attack. o Configure a GPO to enforce Workstation/Server security settings o Configure Domain GPO to enforce use of Windows Firewall



6.2 Implement Patch Management/System Updates. o Configure Windows Update




What is hardening ? How does it benefit the security of an organization?



How do you reduce the attack surface of a device?



What is a security baseline ?



What is the difference between a hotfix and a patch ? Why would you use one over the other?



Video/Demo

8.3.1 Operating System Hardening

Time

8.3.3 Hardening an Operating System

8.3.4 Managing Automatic Updates

5:13

6:41

18:31

8.3.6 Configuring Windows Firewall 10:11

8.3.8 Configuring Windows Firewall Advanced Features 16:59

8.3.9 Configuring Parental Controls 18:21

Total 75:56

Lab/Activity



Configure Automatic Updates



Configure Windows Firewall



Configure Parental Controls


10 questions

Total Time

About 105 minutes



Section 8.4: Hardening Enforcement

Summary

This section discusses hardening enforcement using GPOs. Concepts covered include:



The role of GPOs



Using GPOs to perform specific hardening tasks



Using the Security Configuration and Analysis snap-in



Considerations when using GPOs




Configure a GPO.



Implement controls using a security template.




6.1 Harden Computer Systems Against Attack. o Configure a GPO to enforce Workstation/Server security settings o Configure Domain Servers GPO to remove unneeded services

(such as File and Printer Sharing)




How do GPOs ensure the consistent application of controls?



Which hardening tasks can be implemented using a GPO?



How can you determine that the security controls implemented are still enforced?



What are security templates and how are they used?



What is the easiest way to set controls on a Windows system according the NSA recommendation?

Video/Demo

8.4.1 Hardening Enforcement with GPOs

Time

1:50

8.4.2 Using Security Templates and Group Policy 6:53

8.4.3 Configuring GPOs to Enforce Security 15:24

Total 24:07



Lab/Activity



Manage Services with Group Policy


4 questions

Total Time

About 35 minutes



Section 8.5: File Server Security

Summary

This section examines managing file server security. Details include:



Considerations when managing file system security



Considerations for securing file transfer using the following TCP/IP protocols: o File Transfer Protocol (FTP) o Trivial File Transfer Protocol (TFTP) o Secure Copy Protocol (SCP) o Secure Shell File Transfer Protocol (SFTP) o Secure FTP o FTP Secure (FTPS)



File Server Resource Manager (FSRM)



Managing file system permissions: o Share permissions o NTFS permissions o Effective permissions




Configure the NTFS permissions by turning off the permissions inheritance.



Assign NTFS permission for a folder to the appropriate group.

Security Pro exam objectives:



6.1 Harden Computer Systems Against Attack. o Configure NTFS Permissions for Secure file sharing



8.2 Protect Data Transmissions across open, public networks. o Implement secure protocols




How can you identify if a permission has been inherited?



How do Share and NTFS permissions differ?



On what elements can NTFS permissions be set?



How can you view the users that have permissions for a particular drive?



How can permissions inheritance influence the effective permissions that a user has? How can you determine if a permission is inherited or specifically assigned?





As the administrator, you have given Fred the write permission to the

SalesReport file, but he cannot write to the file. What items would you check to determine why Fred can't write to the file?

Time Video/Demo

8.5.1 File Server Security

8.5.2 Scanning for Open Ports

8.5.5 Configuring NTFS Permissions

Total

Lab/Activity



Configure NTFS Permissions



Disable Inheritance


8 questions

Total Time

About 50 minutes

7:58

3:52

14:05

25:55



Section 8.6: Linux Host Security

Summary

In this section students will learn the basics of securing a Linux host. General procedures and the commands to perform them include:



Removing unneeded software



Checking for unneeded network services



Locating open ports



Checking network connections




Scan for open ports on Linux.



Identify open network connections on Linux.




What is a socket ?



Which utility will scan for all listening and non-listening sockets?



Which utility will identify open ports on the Linux system?



Which commands should you use to disable unneeded daemons?

Video/Demo ` Time

8.6.1 Linux Host Security 7:10

8.6.2 Removing Unneeded Services and Scanning Ports 6:30

Total 13:40


4 questions

Total Time

About 20 minutes



Section 8.7: Static Environment Security

Summary

This section discusses how smart devices have created a security problem for networks and how to protect against them. Details include:



Examples of embedded smart technology in: o Household appliances o Industrial equipment



What are static environments?



The Internet of Things (IoT) attack



Download and update the firmware of smart devices when the option is available



Secure networks and systems against the highly distributed attacks facilitated by smart devices




What type of common consumer devices have been used to conduct malicious activities?



What are the reasons that smart devices are common targets for cipher criminals?

` Time Video/Demo

8.7.1 Security Risks in Static Environments


3 questions

Total Time

About 10 minutes

4:26



Section 9.1: Web Application Attacks

Summary

This section discusses the following Web application attacks:



Drive-by download



Typosquatting/URL hijacking



Watering hole



Buffer overflow



Integer overflow



Cross-site scripting (XSS)



Cross-site Request Forgery (CSRF/XSRF)



LDAP injection



XML injection



Command injection



SQL injection



DLL injection



Directory traversal



Header manipulation



Zero-day



Client-side




Improve security by using a Firefox add-on, NoScript, to protect against

XSS and drive-by-downloadings.



Configure pop-up blockers to block or allow pop-ups.



Implement phishing protection within the browser.



Configure Internet Explorer Enhanced Security Configuration security settings to manage the security levels of security zones.




7.1 Implement Application Defenses. o Configure Web Application Security






What are two ways that drive-by download attacks occur?



What countermeasures can be used to eliminate buffer overflow attacks?



How can cross-site scripting (XSS) be used to breach the security of a

Web user?



What is the best method to prevent SQL injection attacks?



What mitigation practices will help to protect Internet-based activities from

Web application attacks?

Time Video/Demo

9.1.1 Web Application Attacks

9.1.2 Cross-site Request Forgery (XSRF) Attack

9.1.3 Injection Attacks

9.1.4 Header Manipulation

9.1.5 Zero Day Application Attacks

9.1.6 Client Side Attacks

9.1.8 Preventing Cross-site Scripting

Total


15 questions

Total Time

About 75 minutes

2:49

10:51

14:30

9:01

6:59

6:22

4:05

54:37



Section 9.2: Internet Browsers

Summary

This section provides information about configuring internet browsers to enhance the privacy and security of a system. Concepts covered include:



Indications of an unsecured connection or attack



Configuring security settings in Internet Explorer: o Zones o Add-ons o Privacy



Configuring security settings in Firefox: o General o Content o Privacy o Security




Customize security levels and security settings for security zones in

Internet Explorer.



Download and manage add-ons in Internet Explorer.



Protect privacy by configuring cookie handling.



Clear the browser cache.




7.1 Implement Application Defenses. o Configure a GPO to enforce Internet Explorer settings o Configure Secure Browser Settings




What types of information do cookies store? Why could this be a security concern?



What steps should you take to secure the browser from add-ons that are not appropriate for your environment?



For security's sake, what should you do whenever you use a public computer to access the Internet and retrieve personal data?



What elements might indicate an unsecured connection or an attack?



Why should you turn off the remember search and form history feature?



Video/Demo

9.2.1 Managing Security Zones and Add-ons

9.2.2 Configuring IE Enhanced Security

9.2.3 Managing Cookies

9.2.5 Clearing the Browser Cache

9.2.7 Implementing Popup Blockers

9.2.10 Enforcing IE Settings through GPO

Total

Lab/Activity



Configure Cookie Handling



Clear the Browser Cache



Configure IE Popup Blocker



Enforce IE Settings through GPO



Configure IE Preferences in a GPO


8 questions

Total Time

About 105 minutes

Time

20:26

9:11

12:38

9:28

7:26

12:47

71:56



Section 9.3: E-mail

Summary

This section discusses how to secure e-mail from attacks. Details include:



E-mail attacks: o Virus o Spam o Open SMTP relay o Phishing



To secure e-mail use: o Secure/Multipurpose Internet Mail Extensions (S/MIME) o Pretty Good Privacy (PGP)




Filter junk mail by selecting the level of junk e-mail protection you want.



Control spam on the client by configuring safe sender, blocked senders, white lists, and black lists.



Configure e-mail filtering to block e-mails from specified countries and languages.



Configure relay restrictions to specify who can relay through the SMTP server.


 2.1 Promote Information Security Awareness.

 o Utilizing E-mail best practices

3.2 Harden mobile devices (iPad). o Configure Secure E-mail Settings




What are the advantages of scanning for e-mail viruses at the server instead of at the client?



How can spam cause denial of service?



What is a best practice when configuring an SMTP relay to prevent spammers from using your mail server to send mail?



How can you protect yourself against phishing attacks?



What services do S/MIME and PGP provide for e-mail?



How does S/MIME differ from PGP?



Video/Demo

9.3.1 E-mail Security

9.3.3 Protecting a Client from Spam

9.3.4 Securing an E-mail Server

9.3.6 Securing E-mail on iPad

Total

Lab/Activity



Configure E-mail Filters



Secure E-mail on iPad


8 questions

Total Time

About 45 minutes

Time

4:43

10:29

2:45

5:52

23:49



Section 9.4: Network Applications

Summary

This section provides information about security concerns for the following networking software:



Peer-to-peer (P2P)



Instant Messaging (IM)




Set up content filters for downloading or uploading copyrighted materials.



Use P2P file sharing programs to search for and share free files.



Block ports used by P2P software.



Secure instant messaging by blocking invitations from unknown persons.




What kinds of security problems might you have with P2P software?



What types of malware are commonly spread through instant messaging

(IM)?



What security concerns should you be aware of with instant messaging software?



What security measures should you incorporate to control the use of networking software?

Video/Demo

9.4.1 Network Application Security

9.4.2 Spim

9.4.3 Using Peer-to-peer Software

9.4.4 Securing Windows Messenger

9.4.5 Configuring Application Control Software

Total

Time

2:19

3:43

3:04

2:48

9:05

20:59


5 questions

Total Time

About 25 minutes



Section 9.5: Virtualization

Summary

This section provides information about virtualization. Concepts covered include:



Components of virtualization: o Physical machine o Virtual machine o Virtual Hard Disk (VHD) o Hypervisor



Advantages of virtualization: o Flexibility o Security o Testing o Server consolidation o Isolation o Applications virtualization



Disadvantages of virtualization



Security considerations for a virtual machine



Load Balancing methods with virtualization include: o Resource pooling o Workload balancing




Create and configure a new virtual machine.



Configure the virtual machine by allocating resources for memory and a virtual hard disk.



Create a virtual network and configure it as an external, internal, or private virtual network.




What is the relationship between the host and the guest operating systems?



What is the function of the hypervisor?



How can virtualization be used to increase the security on a system?



What are the advantages of virtualization? Disadvantages?



What is the purpose of load balancing?



What type of load balancing distributes a workload?



Video/Demo

9.5.1 Virtualization Introduction

Time

4:01

9.5.2 Virtualization Benefits 3:08

9.5.3 Load Balancing with Virtualization 10:39

9.5.4 Creating Virtual Machines

9.5.5 Managing Virtual Machines

9.5.7 Adding Virtual Network Adapters

9.5.8 Creating Virtual Switches

4:22

5:09

1:30

3:26

Total 32:15

Lab/Activity



Create Virtual Machines



Create Virtual Switches


8 questions

Total Time

About 55 minutes



Section 9.6: Application Development

Summary

This section discusses hardening applications. Concepts covered include:



Secure coding concepts: o Error and exception handling o Input validation



Terms: o Exception-safe o Fuzz testing:

 Mutation based

 Generation-based o Code review o Baselines o Configuration testing



Basic hardening guidelines for applications



Techniques used for application hardening: o Block process spawning o Control access to executable files o Protect OS components o Use exception rules o Monitor logs o Use Data Execution Prevention o Implement third-party applications hardening tools



NoSQL: o Key security issues



Actions to harden a NoSQL implementation




Use AppArmor to harden a Linux system.



Implement application whitelisting with AppLocker.




7.1 Implement Application Defenses. o Configure a GPO for Application Whitelisting o Enable Data Execution Prevention (DEP)






What is the purpose of fuzzing ?



What will input validation ensure?



What are the basic techniques for application hardening?



When should you update applications with the latest patches?

Time Video/Demo

9.6.1 Secure Coding Concepts

9.6.2 Application Hardening

9.6.4 Hardening Applications on Linux

9.6.5 Implementing Application Whitelisting with AppLocker

9.6.7 Implementing Data Execution Preventions (DEP)

9.6.10 NoSQL Security

Total

Lab/Activity



Implement Application Whitelisting with AppLocker



Implement Data Execution Preventions (DEP)


6 questions

Total Time

About 75 minutes

16:18

11:02

4:26

13:03

4:01

5:18

54:08



Section 10.1: Redundancy

Summary

In this section students will explore methods for providing redundancy for network services. Details about the following concepts will be covered:



Methods for providing redundancy for network services and components



Types of redundancy solutions: o Hot site o Warm site o Cold site



The role of a service bureau



Important facts about redundant facilities



Redundancy measurement parameters: o Recovery Time Objective (RTO) o Recovery Point Objective (RPO) o Mean Time Between Failures (MTBF) o Mean Time to Failure (MTTF) o Mean Time to Repair (MTTR) o Maximum Tolerable Downtime (MTD)



Common RAID levels: o RAID 0 (striping) o RAID 5 (striping with distributed parity) o RAID 1 (mirroring) o RAID 0+1 o RAID 1+0



The role of clustering



A high availability cluster (HA)



A load balancing cluster




Configure a mirrored or a RAID 5 volume for data redundancy.




8.1 Protect and maintain the integrity of data files. o Implement redundancy and failover mechanisms




What is the usual activation goal time for a hot site ? How does that differ from a warm site?



Why is a hot site so much more expensive to operate than a warm site ?





Why is it important that two companies with a reciprocal agreement should not be located too closely to each other?



Of the three redundancy solutions, which is the most common redundant site type? Why is it the most common?



Which functions should be returned first when returning services from the backup facility back to the primary facility?



Why should you locate redundant sites at least 25 miles from the primary site?



What is the main advantage of RAID 0? Disadvantage?



What is the difference between RAID 0+1 and RAID 1+0?

Video/Demo Time

10.1.1 Redundancy 4:55

10.1.2 Redundancy Measurement Parameters 5:12

10.1.4 RAID 7:27

10.1.5 Implementing RAID

10.1.8 Clustering

6:16

9:06

Total 32:56

Lab/Activity



Configure Fault Tolerant Volumes


15 questions

Total Time

About 65 minutes



Section 10.2: Backup and Restore

Summary

This section covers the following details about backup and restore.



Types of backups: o Full o Incremental o Differential o Image o Copy o Daily



Backup strategies: o Full Backup o Full + Incremental o Full + Differential



Considerations when managing backups



Backup media rotation systems: o Grandfather Father Son (GFS) o Tower of Hanoi o Round Robin



Types of data that can be backed up: o System state data o Application data o User data




Back up a Windows system.



Schedule automatic backups for Windows computers.




6.3 Perform System Backups and Recovery.



8.1 Protect and maintain the integrity of data files. o Perform data backups and recovery




How is an incremental backup different than a differential backup?



When is the archive bit set? Which backup types reset the archive bit?



What is the advantage of the Full + Incremental backup strategy? What is the disadvantage?



Why should backup tapes be stored offsite?





What are common types of backup media rotation systems used to provide protection to adequately restore data?



How do you back up Active Directory?



What should you regularly do to make sure your backup strategy is working properly?

Video/Demo

10.2.1 Backup and Restore

Time

10.2.4 Backing up Workstations

13:27

6:18

10.2.6 Restoring Workstation Data from Backup 2:19

10.2.7 Backing Up a Domain Controller 2:33

10.2.9 Restoring Server Data from Backup 2:12

Total 26:49

Lab/Activity



Back Up a Workstation



Back Up a Domain Controller


15 questions

Total Time

About 55 minutes



Section 10.3: File Encryption

Summary

In this section students will learn about the following file encryption programs:



Encrypting File System (EFS)



GNU Privacy Guard (GPG) and Pretty Good Privacy (PGP)



Whole disk encryption (BitLocker)




Encrypt a file to secure data using EFS.



Authorize additional users who can access files encrypted with EFS.



Encrypt a file using GPG.



Protect hard drive contents with BitLocker.



Configure settings to control BitLocker using Group Policy.




8.1 Protect and maintain the integrity of data files. o Implement encryption technologies



8.2 Protect Data Transmissions across open, public networks. o Encrypt Data Communications




On which computers should you implement EFS?



What is the FEK? How is it used?



Under what conditions can EFS encryption be compromised?



What happens when an EFS encrypted file is copied over the network using the SMB protocol?



Once a system encrypted with BitLocker boots, who is able to access files?



Video/Demo

10.3.1 Encrypting File System (EFS)

10.3.2 Securing Files using EFS

10.3.4 PGP and GPG

10.3.5 Encrypting Files with GPG

10.3.6 BitLocker and Database Encryption

10.3.7 Configuring BitLocker

Total

Lab/Activity



Encrypt Files with EFS



Configure BitLocker with a TPM


8 questions

Total Time

About 75 minutes

Time

11:47

11:45

4:34

4:58

13:02

6:17

52:23



Section 10.4: Secure Protocols

Summary

This section discusses secure protocols. Details include:



Types of secure protocols: o Secure Sockets Layer (SSL) o Transport Layer Security (TLS) o Secure Shell (SSH)



Protocols to secure HTTP: o HTTPS o S-HTTP



IPSec includes two protocols: o Authentication Header (AH) o Encapsulating Security Payload (ESP)



Modes of operation that can be implemented with IPSec: o Transport mode o Tunnel mode



Security Association (SA)



Internet Key Exchange (IKE)




Add SSL bindings to a Web site to support secure connections.



Modify Web site settings to require SSL.



Use SSL from a browser to create a secure connection.



Enforce the use of IPSec through Connection Security Rules.




2.1 Promote Information Security Awareness. o Using SSL Encryption



8.2 Protect Data Transmissions across open, public networks. o Implement secure protocols




How does SSL verify authentication credentials?



What protocol is the successor to SSL 3.0?



How can you tell that a session with a Web server is using SSL?



What is the difference between HTTPS and S-HTTP?



What does it mean when HTTPS is referenced as being stateful ?



What is the difference between IPSec tunnel mode and transport mode?



Video/Demo

10.4.1 Secure Protocols

10.4.2 Secure Protocols 2

10.4.4 Adding SSL to a Web Site

10.4.6 IPSec

10.4.8 Requiring IPSec for Communications

Total

Lab/Activity



Allow SSL Connections


15 questions

Total Time

About 75 minutes

Time

8:44

15:26

5:23

5:14

14:22

49:09



Section 10.5: Cloud Computing

Summary

This section provides students with an overview of cloud computing. Concepts covered include:



The role of cloud computing



Ways in which could computing can be implemented: o Public cloud o Private cloud o Community cloud o Hybrid cloud



The advantages of cloud computing



Cloud computing service models: o Infrastructure as a Service (IaaS) o Platform as a Service (PaaS) o Software as a Service (SaaS)



Ways that cloud computing service providers reduce the risk of security breaches



The advantages of using a Virtual Desktop Infrastructure (VDI)




What are the advantages of cloud computing?



Which cloud computing service model delivers software applications to the client?



What is the difference between Infrastructure as a Service and Platform as a Service ?



How does the cloud computing service reduce the risk of security breaches?

Video/Demo Time

10.5.1 Cloud Computing Introduction 15:59

10.5.2 Cloud Computing Security Issues 6:32

Total 22:31


5 questions

Total Time

About 30 minutes





Section 11.1: Vulnerability Assessment

Summary

This section provides information about using vulnerability assessment to identify the vulnerabilities in a system or network. Tools to monitor vulnerability include:



Vulnerability scanner



Ping scanner



Port Scanner



Network mapper



Password cracker



Open Vulnerability and Assessment Language (OVAL)




Scan a network with a vulnerability scanner, such as Nessus or MBSA, to identify risk factors.



Download the latest security update information before starting a vulnerability scan.



View security scan reports and identify vulnerabilities.



Perform a port scan using nmap on a single machine.



Use a password cracker to analyze a network for password vulnerabilities.




9.4 Review vulnerability reports, implement remediation.




Why should an administrator perform a vulnerability assessment on the system?



What is the most important step to perform before running a vulnerability scan? Why?



How does a port scanner identify devices with ports that are in a listening state?



How do network mappers discover devices and identify open ports on those devices?



What types of items does OVAL identify as a definition ?



Video/Demo

11.1.1 Vulnerability Assessment

11.1.3 Scanning a Network and Nessus

11.1.4 Scanning a Network with Retina

Time

4:54

18:26

12:12

11.1.5 Scanning for Vulnerabilities Using MBSA 6:02

11.1.9 Performing Port and Ping Scans 2:36

11.1.10 Checking for Weak Passwords 9:21

Total 53:31

Lab/Activity



Review a Vulnerability Scan 1








14 questions

Total Time

About 85 minutes



Section 11.2: Penetration Testing

Summary

This section discusses penetration testing. Details include:



Steps included in the penetration testing process: o Verifying that a threat exists o Bypassing security controls o Actively testing security controls o Exploiting vulnerabilities



Defining the Rules of Engagement (ROE)



Types of penetration testing: o Physical penetration o Operations penetration o Electronic penetration



Classifications of penetration testing: o Zero knowledge test (black box test) o Full knowledge test (white box test) o Partial knowledge test (grey box test) o Single blind test o Double blind test



The Open Source Security Testing Methodology Manual (OSSTMM)



Stages of penetration testing: o Passive reconnaissance o Network enumeration o System enumeration o Target selection o Gaining access o Control and reporting



Steps a hacker would take after gaining access to the system




Identify available penetration testing tools that can be used to analyze the security of a network.



Utilize penetration testing tools to identify vulnerabilities in information systems.



Verify the distribution of a security tool to ensure its integrity.






What is the main goal of penetration testing?



What type of tools or methods does a penetration test use? Why should you be careful in the methods you deploy?



What should you do first before performing a penetration test?



How does a penetration test differ from a vulnerability assessment or scan?



What types of details do the Rules of Engagement identify?



What types of actions might a tester perform when attempting a physical penetration?



What security function does the Open Source Security Testing

Methodology Manual (OSSTMM) provide?

Video/Demo

11.2.1 Penetration Testing

Time

2:32

11.2.3 Exploring Penetration Testing Tools 11:22

Total 13:54


12 questions

Total Time

About 30 minutes



Section 11.3: Protocol Analyzers

Summary

In this section students will learn about the role of protocol analyzers. Concepts covered include:



Other names for protocol analyzers: o Packet sniffers o Packet analyzers o Network analyzers o Network sniffers o Network scanners



Use a protocol analyzer to: o Monitor and log network traffic o Check for specific protocols on the network o Identify frames that might cause errors o Examine the data contained within a packet o Analyze network performance o Troubleshoot communication problems or investigate the source of heavy network traffic



Using a packet sniffer requires the following configuration changes: o Configure the NIC in promiscuous mode (sometimes called pmode) o Configure port mirroring on the switch



Filtering frames when using a protocol analyzer



Protocol tools can be used with protocol analyzers for active interception of network traffic to perform attacks



Common protocol analyzers include: o Wireshark o Ethereal o dSniff o Ettercap o Tcpdump o Microsoft Network Monitor




Capture and analyze packets to troubleshoot a network using Wireshark.






What types of information can a protocol analyzer provide?



When using a protocol analyzer, why is it necessary to configure the NIC in promiscuous mode?



When running a protocol analyzer on a switch, how does port mirroring work?



What are some common protocol analyzers?

Time Video/Demo

11.3.1 Protocol Analyzers

11.3.3 Analyzing Network Traffic

Total


8 questions

Total Time

About 20 minutes

3:07

6:50

9:57



Section 11.4: Log Management

Summary

This section discusses information about managing logs. Details include:



The role of logs



Types of events a log should include: o Internet connection o System level o Application level o User level o Access o Performance o Firewall



The operating system audit subsystem provides the mechanism whereby system events are monitored and logged: o Kernel o Device driver o Daemon o Manager interface o Data analysis and reduction



Considerations when setting up a log archive: o Retention Policies o System requirements o Security




Use Event Viewer to troubleshoot a system by viewing details of a logged event.



Manage logging by saving or clearing logs, configuring filtering of logs, or attaching a task to a log or event.



Identify operating system activities, warnings, informational messages, and error messages using system logs .




9.1 Implement Logging and Auditing. o Configure Domain GPO for Event Logging






9.3 Review audit reports, implement remediation.









How does logging affect system resources?



What factors should you take into consideration when archiving log files?



What types of information are included in events recorded in logs?

Video/Demo

11.4.1 Logs

10.4.3 Logging Events with Event Viewer

Time

3:24

3:52

10.4.4 Windows Event Subscriptions 10:36

10.4.5 Configuring Source-initiated Subscriptions 4:50

10.4.6 Configuring Remote Logging on Linux 8:23

Total 31:05


15 questions

Total Time

About 50 minutes



Section 11.5: Audits

Summary

This section examines using audits to ensure the security of a system. Concepts include:



The role of auditing



Types of auditors: o Internal o External



Terms to be familiar with: o User access and rights review o Privilege auditing o Usage auditing o Escalation auditing




Configure the audit logon events policy to audit the failure of a logon attempt.



View and evaluate the recorded logs under Security in Event Viewer.




5.1 Harden Network Devices (using a Cisco Small Business Switch). o Turn on logging with timestamps



9.1 Implement Logging and Auditing. o Configure Domain GPO Audit Policy






9.3 Review audit reports, implement remediation.







How can you protect audit log files from access and modification attacks?



When would you choose an external auditor over an internal auditor ?



What is the difference between privilege auditing and usage auditing ?



How can escalation auditing help to secure the system?



Video/Demo

10.5.1 Audits

10.5.3 Auditing the Windows Security Log

10.5.5 Auditing Device Logs

Total

Lab/Activity



Configure Advanced Audit Policy



Enable Device Logs


7 questions

Total Time

About 40 minutes

Time

3:13

11:41

6:57

21:51



Security Pro Practice Exams

Summary

This section provides information to help prepare students to take the Security

Pro Certification exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam.

Students will typically take about 5-10 minutes (depending upon the complexity and their level of knowledge) to complete each simulation question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. The domain practice exams are NOT randomized.

Security Pro Domain 1: Access Control and Identity Management (22 simulation questions)

Security Pro Domain 2: Policies, Procedures, Awareness (1 simulation question)

Security Pro Domain 3: Physical Security (2 simulation questions)

Security Pro Domain 4: Perimeter Defenses (10 simulation questions)

Security Pro Domain 5: Network Defenses (7 simulation questions)

Security Pro Domain 6: Host Defenses (7 simulation questions)

Security Pro Domain 7: Application Defenses (10 simulation questions)

Security Pro Domain 8: Data Defenses (6 simulation questions)

Security Pro Domain 9: Audits and Assessments (5 simulation questions)

The Security Pro Certification Practice Exam consists of 15 simulation questions that are randomly selected from the above practice exams. Each time the

Certification Practice Exam is accessed different questions may be presented.

The Certification Practice Exam has a time limit of 120 minutes. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam.



Security+ Practice Exams

Summary

This section provides information to help prepare students to take the Security+ exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam.

Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. The domain practice exams are NOT randomized.

Security+ Domain 1: Network Security (172 questions)

Security+ Domain 2: Compliance and Operational Security (128 questions)

Security+ Domain 3: Threats and Vulnerabilities (178 questions)

Security+ Domain 4: Application, Data and Host Security (70 questions)

Security+ Domain 5: Access Control and Identity Management (98 questions)

Security+ Domain 6: Cryptography (92 questions)

The Security+ Certification Practice Exam consists of 100 questions that are randomly selected from the above practice exams. Each time the Certification

Practice Exam is accessed different questions may be presented. The

Certification Practice Exam has a time limit of 90 minutes. A passing score of

95% should verify that the student has mastered the concepts and is ready to take the real certification exam.



SSCP Practice Exams

Summary

This section provides information to help prepare students to take the SSCP exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam.

Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. The domain practice exams are NOT randomized.

SSCP Domain 1: Access Control (60 questions)

SSCP Domain 2: Security Operations & Administration (64 questions)

SSCP Domain 3: Monitoring and Analysis (21 questions)

SSCP Domain 4: Risk, Response, and Recovery (38 questions)

SSCP Domain 5: Cryptography (90 questions)

SSCP Domain 6: Networks and Communications (68 questions)

SSCP Domain 7: Malicious Code and Attacks (85 questions)

The SSCP Certification Practice Exam consists of 125 questions that are randomly selected from the above practice exams. Each time the Certification

Practice Exam is accessed different questions may be presented. The

Certification Practice Exam has a time limit of 3 hours. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam.



Appendix A: Approximate Time for the Course

The total time for the LabSim Security Pro course is approximately 91 hours and

35 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements:



Video/demo times



Approximate time to read the text lesson (the length of each text lesson is taken into consideration)



Simulations (5 minutes assigned per simulation)



Questions (1 minute per question)

The breakdown for this course is as follows:

Sections Time Total HR:MM Module

1.0 Introduction

1.1 Security Overview

1.2 Using the Simulator

2.0 Access Control and Identity Management

2.1 Access Control Models

2.2 Authentication

2.3 Authorization

2.4 Access Control Best Practices

2.5 Active Directory Overview

2.6 Windows Domain Users and Groups

2.7 Linux Users

2.8 Linux Groups

2.9 Linux User Security

2.10 Group Policy Overview

2.11 Hardening Authentication 1

2.12 Hardening Authentication 2

2.13 Remote Access

2.14 Network Authentication

2.15 Identity Management

25

35

90

30

30

50

70

20

35

70

20

30

60

30

30

70

25 95 1:35

625 10:25

3.0 Cryptography

3.1 Cryptography

3.2 Hashing

3.3 Symmetric Encryption

3.4 Asymmetric Encryption

3.5 Public Key Infrastructure (PKI)

45

35

35

25

70



3.6 Cryptography Implementations

4.0 Policies, Procedures, and Awareness

4.1 Security Policies

4.2 Manageable Network Plan

4.3 Business Continuity

4.4 Risk Management

4.5 Incident Response

4.6 Social Engineering

4.7 Certification and Accreditation

4.8 Development

4.9 Employee Management

4.10 Third-Party Integration

5.0 Physical Security

5.1 Physical Security

5.2 Hardware Security

5.3 Environmental Controls

5.4 Mobile Devices

5.5 Mobile Device Security Enforcement

5.6 Telephony

6.0 Networking

6.1 Networking Layer Protocol Review

6.2 Transport Layer Protocol Review

6.3 Perimeter Attacks 1

6.4 Perimeter Attacks 2

6.5 Security Appliances

6.6 Demilitarized Zones (DMZ)

6.7 Firewalls

6.8 Network Address Translation (NAT)

6.9 Virtual Private Networks (VPN)

6.10 Web Threat Protection

6.11 Network Access Control (NAC)

6.12 Wireless Overview

6.13 Wireless Attacks

6.14 Wireless Defenses



220

635 10:35

3:40

250

420

4:10

7:00

50

20

45

40

40

25

25

45

60

50

30

40

30

40

80

65

35

50

50

35

40

30

65

55

40

80

35

20

35

40

20

7.0 Network Defenses

7.1 Network Devices

7.2 Network Device Vulnerabilities

7.3 Switch Attacks

7.4 Router Security

7.5 Switch Security

7.6 Intrusion Detection and Prevention

7.7 SAN Security

8.0 Host Defenses

8.1 Malware

8.2 Password Attacks

8.3 Windows System Hardening

8.4 Hardening Enforcement

8.5 File Server Security

8.6 Linux Host Security

8.7 Static Environment Security

9.0 Application Defenses

9.1 Web Application Attacks

9.2 Internet Browsers

9.3 E-mail

9.4 Network Applications

9.5 Virtualization

9.6 Application Development

10.0 Data Defenses

10.1 Redundancy

10.2 Backup and Restore

10.3 File Encryption

10.4 Secure Protocols

10.5 Cloud Computing

11.0 Assessments and Audits

11.1 Vulnerability Assessment

11.2 Penetration Testing

11.3 Protocol Analyzers

11.4 Log Management

11.5 Audits



75

20

105

35

50

20

10

15

90

50

30

15

20

10

65

55

75

75

30

75

105

45

25

55

75

85

30

20

50

40

380

300

225

230

315

6:20

5:00

3:45

3:50

5:15

Security Pro Practice Exams

Domain 1: Access Control and Identity

Management (22 sims)

Domain 2: Policies, Procedures, Awareness (1 sim)

Domain 3: Physical Security (2 sims)

Domain 4: Perimeter Defenses (10 sims)

Domain 5: Network Defenses (7 sims)

Domain 6: Host Defenses (7 sims)

Domain 7: Application Defenses (10 sims)

Domain 8: Data Defenses (6 sims)

Domain 9: Audits and Assessments (5 sims)

Security Pro Certification Practice Exam (15 sims)

Security+ Practice Exams

Domain 1: Network Security (172 questions)

Domain 2: Compliance and Operational Security

(128 questions)

Domain 3: Threats and Vulnerabilities (178 questions)

Domain 4: Application, Data and Host Security (70 questions)

Domain 5: Access Control and Identity

Management (98 questions)

Domain 6: Cryptography (92 questions)

Security+ Certification Practice Exam (100 questions)

SSCP Practice Exams

Domain 1: Access Control (60 questions)

Domain 2: Security Operations & Administration

(64 questions)

Domain 3: Monitoring and Analysis (21 questions)

Domain 4: Risk, Response, and Recovery (38 questions)

Domain 5: Cryptography (90 questions)

Domain 6: Networks and Communications (68 questions)

Domain 7: Malicious Code and Attacks (85 questions)

SSCP Certification Practice Exam (125 questions)



128

178

70

98

88

35

35

50

30

110

5

10

50

25

90

172

100

60

64

21

38

90

68

85

125

440

834 13:54

7:20

551 9:11

Total

Time

5495 91:35

Appendix B: Security Pro 2014 Changes

Instructors who have taught the previous LabSim Security Pro version of this course may find the following information valuable.

This report details all the changes that were made from the previous course such as:



A new video, demo, simulation, or text that has been created



A video, demo, or text that has been updated



New questions that have been added to a section



A new section that has been added to a module

Section Changes

2.1 2.1.4 Updated Demo: Implementing Discretionary Access Control

2.2 2.2.1 Updated Video: Authentication Part 1

2.2.2 New Video: Authentication Part 2

2.2.3 Updated Text Lesson: Authentication Facts

2.2.7 Added New Practice Questions

2.3

2.4

2.5

2.6

2.8

2.10

2.11

2.12

2.3.4 Updated Demo: Examining the Access Token

2.4.2 Updated Demo: Viewing Implicit Deny

2.4.3 Updated Text Lesson: Best Practices Facts

2.5 New Section: Active Directory Overview

2.5.3 Updated Demo: Viewing Active Directory

2.5.5 New Practice Questions set

2.6.1 Updated Demo: Creating User Accounts

2.6.2 Updated Demo: Managing User Account Properties

2.6.3 Updated Lab: Create User Accounts

2.6.4 Updated Lab: Manage User Accounts

2.6.5 Updated Demo: Managing Groups

2.6.6 Updated Lab: Create a Group

2.6.7 Updated Lab: Create Global Groups


2.8 New Section: Linux Groups


2.10.2 Updated Demo: Viewing Group Policy

2.10.4 Updated Lab: Create and Link a GPO

2.11.10 Updated Text Lesson: Hardening Authentication Facts


2.12 New Section: Hardening Authentication 2

2.12.1 Updated Demo: Configuring Smart Card Authentication



2.14

2.15

3.3

3.4

3.5

4.1

4.2

4.3

4.4

4.5

4.6

4.9

4.10

5.1

2.12.2 Updated Lab: Configure Smart Card Authentication

2.12.3 New Text Lesson: Smart Card Authentication Facts

2.12.4 New Demo: Using Fine-Grained Password Policies

2.12.5 New Text Lesson: Fine-Grained Password Policy Facts

2.12.6 New Lab: Create a Fine-Grained Password Policy


2.14.4 Updated Demo: Controlling the Authentication Method

2.14.5 Updated Lab: Configure Kerberos Policy Settings

2.14.9 New Demo: Credential Management

2.14.10 New Text Lesson: Credential Management Facts



3.3.3 Updated Text Lesson: Symmetric Encryption Facts


3.4.2 Updated Text Lesson: Asymmetric Encryption Facts


3.5.2 Updated Demo: Managing Certificates

3.5.3 Updated Lab: Manage Certificates

3.5.6 Updated Demo: Configuring a Subordinate CA

4.1.5 Updated Text Lesson: Security Management Facts

4.1.7 Updated Text Lesson: Information Classification Facts

4.1.8 New Video: Data Retention Policies

4.1.10 New Text Lesson: Data Retention Facts

4.2 New Section: Manageable Network Plan


4.3.3 Updated Text Lessons: Business Continuity Facts


4.4.3 New Video: Data Loss Prevention (DLP)

4.4.4 Updated Text Lesson: Risk Management Facts


4.5.4 New Demo: Creating a Forensic Drive Image

4.5.5 Updated Text Lesson: Incident Response Facts

4.5.6 Updated Text Lesson: Forensic Investigation Facts



4.9.2 Updated Text Lesson: Employee Management Facts


4.10 New Section: Third-Party Integration

4.10.1 New Video: Third-Party Integration Security Issues

4.10.2 New Text Lesson: Third-Party Integration Security Facts


5.1.3 Updated Text Lesson: Physical Security Facts


5.2.4 Added New Practice Questions 5.2



5.4

5.5

6.1

6.2

6.3

6.4

6.5

6.7

6.9

6.10

6.12

6.13

6.14

7.2

7.4

5.4.2 New Text Lesson: Mobile Device Security Facts

5.4.3 New Video: BYOD Security Issues

5.4.4 New Text Lesson: BYOD Security Facts


5.5 New Section: Mobile Device Security Enforcement

5.5.1 New Demo: Enforcing Security Policies on Mobile Devices

5.5.2 New Demo: Enrolling Devices and Performing a Remote Wipe

5.5.3 New Text Lesson: Mobile Device Security Enforcement Facts

5.5.4 New Video: Mobile Application Security

5.5.5 New Text Lesson: Mobile Application Security Facts


6.1 New Section: Network Layer Protocol Review

6.1.5 Updated Demo: Configuring IPv6


6.2 New Section: Transport Layer Protocol Review



6.4 New Section: Perimeter Attacks 2

6.4.7 Updated Demo: Examining DNS Attacks

6.4.8 New Lab: Prevent Zone Transfers


6.5.5 Updated Text Lesson: Security Solution Facts



6.9.5 Updated Text Lesson: VPN Facts



6.12 New Section: Wireless Overview

6.12.2 New Video: Wireless Antenna Types

6.12.3 New Text Lesson: Wireless Networking Facts

6.12.5 New Text Lesson: Wireless Encryption Facts


6.13.2 Updated Text Lesson: Wireless Attack Facts

6.13.4 New Demo: Detecting Rogue Hosts


6.14.3 New Text Lesson: Wireless Authentication Facts

6.14.5 Updated Demo: Obscure a Wireless Network

6.14.7 New Demo: Configuring a Captive Portal

6.14.8 New Text Lesson: Wireless Security Facts



7.4 New Section: Router Security

7.4.2 Updated Text Lesson: Router Security Facts




7.6

7.7

8.2

8.4

8.5

8.7

9.1

9.2

9.3

9.4

9.5

9.6

10.1

10.2

7.6.3 Updated Text Lesson: IDS Facts


7.7 New Section: SAN Security

7.7.1 New Video: SAN Security Issues

7.7.2 New Demo: Configuring an iSCSI SAN

7.7.3 New Text Lesson: SAN Security Facts



8.4.4 Updated Text Lesson: Hardening Enforcement Facts


8.5.3 Updated Text Lesson: File System Security Facts

8.5.5 Updated Demo: Configuring NTFS Permissions

8.5.6 Updated Lab: Configure NTFS Permissions

8.5.7 New Lab: Disable Inheritance

8.7 New Section: Static Environment Security

8.7.1 New Video: Security Risks in Static Environments

8.7.2 New Text Lesson: Static Environment Security Facts


9.1.7 Updated Text Lesson: Web Application Attack Facts


9.2.9 Updated Text Lesson: Internet Explorer Security Facts

9.2.12 New Lab: Configure IE Preferences in a GPO



9.4.5 New Demo: Configuring Application Control Software

9.4.6 Updated Text Lesson: Network Application Facts


9.5.4 New Demo: Creating Virtual Machines

9.5.5 Updated Demo: Managing Virtual Machines

9.5.6 New Lab: Create Virtual Machines

9.5.7 New Demo: Adding Virtual Network Adapters

9.5.8 New Demo: Creating Virtual Switches

9.5.9 New Lab: Create Virtual Switches

9.5.10 Updated Text Lesson: Virtualization Facts


9.6.10 New Video: NoSQL Security

9.6.11 New Text Lesson: NoSQL Security Facts


10.1.3 Updated Text Lesson: Redundancy Facts

10.1.5 Updated Demo: Implementing RAID

10.1.7 Updated Lab: Configure Fault Tolerant Volumes


10.2.4 New Demo: Backing Up Workstations

10.2.6 New Demo: Restoring Workstation Data from Backup



10.3

10.5

11.1

11.2

11.3

11.4

11.5

10.2.7 New Demo: Backing Up a Domain Controller

10.2.8 New Lab: Back Up a Domain Controller

10.2.9 New Demo: Restoring Server Data from Backup


10.3.9 Updated Text Lesson: File Encryption Facts


10.5.3 Updated Text Lesson: Cloud Computing Facts


11.1.2 Updated Text Lesson: Vulnerability Assessment Facts


11.2.2 Updated Text Lesson: Penetration Testing Facts



11.4 New Section: Log Management

11.4.4 New Video: Windows Event Subscriptions

11.4.5 New Demo: Configuring Source-initiated Subscriptions

11.4.6 New Demo: Configuring Remote Logging on Linux

11.4.7 New Text Lesson: Remote Logging Facts


11.5 New Section: Audits


Exam Objectives: Updated for 401

All Domain Exams: Questions no longer randomized

All Section Exams: Questions no longer randomized

SSCP Practice Exams 7 Domains: 450 Questions

SSCP Certification Practice Exam: 125 Questions

New : Feature was not in previous course – new feature

Updated : Replaces previous feature - new version



Appendix C: Security Pro Objectives

The Security Pro certification exam (2012 edition) covers the following:

# Domain Module.Section

1.0 Access Control and Identity Management

1.1

2.6, 2.7, 2.8, 2.9,

2.10, 2.11, 2.12

Create, modify, and delete user profiles.

Manage Windows Domain Users and

Groups o Create, rename, and delete users and groups o Assign users to appropriate groups o Lock and unlock user accounts o Change a user's password

Manage Linux Users and Groups o Create, rename, and delete users and groups o Assign users to appropriate groups o Lock and unlock user accounts o Change a user's password o Configure password aging

Manage Windows Local Users and Groups o Restrict use of local user accounts

Restrict use of common access accounts

1.2 Harden authentication.

Configure Domain GPO Account Policy to enforce a robust password policy

Configure the Domain GPO to control local administrator group membership and

Administrator password

Disable or rename default accounts such as

Guest and Administrator

Configure the Domain GPO to enforce User

Account Control

Configure a GPO for Smart Card authentication for sensitive resources

Configure secure Remote Access

Implement centralized authentication

2.6, 2.10, 2.11, 2.12,

2.13, 2.14



1.3 Manage Certificates.

Approve, deny, and revoke certificate requests

Configure Domain GPO Kerberos Settings

2.0

2.1

Policies, Procedures, and Awareness

Promote Information Security Awareness.

Traveling with Personal Mobile Devices

Exchanging content between Home and

Work

Storing of Personal Information on the

Internet

Using Social Networking Sites

Using SSL Encryption

Utilizing E-mail best practices

Password Management

Photo/GPS Integration

Information Security

Auto-lock and Passcode Lock

2.2 Evaluate Information Risk.

Perform Risk calculation

Risk avoidance, transference, acceptance, mitigation, and deterrence

2.3

3.0

3.1

Maintain Hardware and Software Inventory.

Physical Security

Harden Data Center Physical Access.

Implement Access Rosters

Utilize Visitor Identification and control

Protect Doors and Windows

Implement Physical Intrusion Detection

Systems

2.14

3.1, 3.5

4.1

5.4

9.3

10.4

4.3

4.2

5.1, 5.2

3.2 Harden mobile devices (Laptop).

Set a BIOS Password

Set a Login Password

5.4



Implement full disk encryption

4.0

4.1

Perimeter Defenses

Harden the Network Perimeter (using a Cisco

Network Security Appliance).

Change the Default Username and

Password

Configure a Firewall

Create a DMZ

Configure NAT

Configure VPN

Implement Web Threat Protection

6.5, 6.6, 6.7, 6.8, 6.9,

6.10

4.2 Secure Wireless Devices and Clients.

Change the Default Username, Password, and Administration limits

Implement WPA2

Configure Enhanced Security o MAC filtering o SSID cloaking o Power Control

Disable Network Discovery

5.0

5.1

Network Defenses

Harden Network Devices (using a Cisco Small

Business Switch).

Change the Default Username and

Password on network devices

Use secure passwords

Shut down unneeded services and ports

Implement Port Security

Remove unsecure protocols (FTP, telnet, rlogin, rsh)

Implement access lists, deny everything else

Run latest iOS version

Turn on logging with timestamps

Segment Traffic using VLANs

6.14

2.1, 2.4, 2.11

7.2, 7.3, 7.4, 7.5

11.5

5.2 Implement Intrusion Detection/Prevention (using a

Cisco Network Security Appliance).

7.6



Enable IPS protection for a LAN and DMZ

Apply IPS Signature Updates

Configure IPS Policy

6.0

6.1

Host Defenses

Harden Computer Systems Against Attack.

Configure a GPO to enforce

Workstation/Server security settings

Configure Domain GPO to enforce use of

Windows Firewall

Configure Domain Servers GPO to remove unneeded services (such as File and

Printer Sharing)

Protect against spyware and unwanted software using Windows Defender

Configure NTFS Permissions for Secure file sharing

6.2 Implement Patch Management/System Updates.

Configure Windows Update

Apply the latest Apple Software Updates

6.3

7.0

7.1

Perform System Backups and Recovery.

Application Defenses

Implement Application Defenses.

Configure a GPO to enforce Internet

Explorer settings

Configure a GPO for Application

Whitelisting

Enable Data Execution Prevention (DEP)

Configure Web Application Security

Configure Parental Controls to enforce Web content filtering

Configure Secure Browser Settings

Configure Secure E-mail Settings

7.2 Implement Patch Management/Software Updates.

8.1, 8.3, 8.4, 8.5

5.4

8.3

10.2

6.5, 6.10

9.1, 9.2, 9.3, 9.6

8.3



Configure Microsoft Update

8.0

8.1

Data Defenses

Protect and maintain the integrity of data files.

Implement encryption technologies

Perform data backups and recovery

Implement redundancy and failover mechanisms

8.2 Protect Data Transmissions across open, public networks.

Encrypt Data Communications

Implement secure protocols

Remove unsecure protocols

9.0

9.1

Audits and Assessments

Implement Logging and Auditing.

Configure Domain GPO Audit Policy

Configure Domain GPO for Event Logging

9.2

9.3

9.4

Review security logs and violation reports, implement remediation.

Review audit reports, implement remediation.

Review vulnerability reports, implement remediation.

10.1, 10.2, 10.3

7.4

8.5

5.4

10.3, 10.4

11.4, 11.5

8.1, 11.4 , 11.5

11.4, 11.5

11.1. 11.4, 11.5

