Lesson Plans
Systems Security Certified
Practitioner (SSCP)
Version 2.0
Table of Contents
Course Overview .................................................................................................. 3
Introduction to SSCP ............................................................................................ 5
Section 1.1: Access Control .................................................................................. 6
Section 1.2: Access Control Models ..................................................................... 8
Section 1.3: Authentication ................................................................................. 10
Section 1.4: Authentication Administration .......................................................... 12
Section 1.5: Administration ................................................................................. 14
Section 2.1: Cryptography .................................................................................. 16
Section 2.2: Symmetric Cryptography ................................................................. 18
Section 2.3: Asymmetric Cryptography ............................................................... 20
Section 2.4: Signatures and Hashing .................................................................. 21
Section 2.5: Public Key Infrastructure ................................................................. 23
Section 2.6: Cryptographic Uses......................................................................... 25
Section 2.7: Cryptographic Attacks ..................................................................... 27
Section 3.1: Networking ...................................................................................... 29
Section 3.2: Local Area Networking .................................................................... 31
Section 3.3: Wide Area Networking .................................................................... 33
Section 3.4: Protocols ......................................................................................... 35
Section 3.5: Network Devices ............................................................................. 37
Section 3.6: Packet Filters .................................................................................. 39
Section 3.7: Firewalls .......................................................................................... 40
Section 3.8: Network Address Translation (NAT)................................................ 42
Section 3.9: Remote Access ............................................................................... 44
Section 3.10: Virtual Private Networks (VPN) ..................................................... 46
Section 3.11: Wireless ........................................................................................ 48
Section 4.1: Malicious Code and Attacks ............................................................ 50
Section 4.2: Reconnaissance Attacks ................................................................. 52
Section 4.3: Social Engineering Attacks ............................................................. 53
Section 4.4: Network Attacks .............................................................................. 54
Section 4.5: Password Attacks ........................................................................... 55
Section 4.6: Availability Attacks .......................................................................... 56
Section 4.7: Application Attacks .......................................................................... 57
Section 4.8: Web Server Attacks ........................................................................ 58
Section 4.9: Browser Security ............................................................................. 60
Section 4.10: Communication Attacks ................................................................ 62
Section 4.11: System Hardening......................................................................... 63
Section 5.1: Auditing ........................................................................................... 65
Section 5.2: Audit Trails ...................................................................................... 67
Section 5.3: Intrusion Detection .......................................................................... 69
Section 5.4: Penetration Testing ......................................................................... 70
Section 6.1: Risk Management ........................................................................... 72
Section 6.2: Risk Analysis ................................................................................... 73
Section 6.3: Business Continuity and Disaster Recovery ................................... 75
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
1
Section 6.4: Incident Response .......................................................................... 76
Section 7.1: Security Administration ................................................................... 77
Section 7.2: Trusted Computing.......................................................................... 78
Section 7.3: Development ................................................................................... 80
Section 7.4: Employee Management .................................................................. 81
Practice Exams ................................................................................................... 82
Appendix A: Approximate Time for the Course ................................................... 83
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
2
Course Overview
This course prepares students for the Systems Security Certified Practitioner
(SSCP) certification exam by International Information Systems Security
Certification Consortium, Inc. (ISC)2. It focuses on how to design and maintain
security programs. A security program defines what security is for an
organization and the procedures for implementation.
Introduction to SSCP
This video introduces the prerequisite to this course, areas of knowledge that will
be discussed in this course, and the (ISC)2 Code of Ethics.
Module 1 – Access Control
This module discusses different aspects of access control. Students will learn
about access control entities, processes, policies, measures, and models. They
will learn about authentication and administration methods to increase security.
Module 2 – Cryptography
In this module students will learn how cryptography is used to store and transmit
information in a format that is unreadable to unauthorized individuals. Students
will become familiar with symmetric and asymmetric cryptography, signatures
and hashing, and public key infrastructure. They will also learn about
cryptographic technologies to protect commerce and information in LAN and
Web-based environments. Methods of cryptographic attack and
countermeasures are also presented.
Module 3 – Networks and Communications
This section covers several elements of networks and communications.
Concepts covered about networking include; networking concepts, local area
networking, and wide area networking. Concepts covered about managing traffic
include using; packets filters, firewalls, and Network Address Translation (NAT).
Concepts covered about communications include; configuring remote access,
using Virtual Private Networks (VPN) to allow IP traffic to travel securely over a
TCP/IP network, and wireless networking technology.
Module 4 – Malicious Code and Attacks
In Module 4 students will learn about malicious code and attacks. They will
become familiar with the following types of attacks and countermeasures for;
reconnaissance attacks, social engineering attacks, password attacks, availability
attacks, application attacks, Web server attacks, and communication attacks.
This module also examines securing the browser and hardening a system.
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
3
Module 5 – Analysis and Monitoring
Module 5 teaches students the tools that can be used to analyze and monitor a
system. This includes tools used for; auditing, creating audit trails, monitoring
frames using intrusion detection, and implementing penetration testing to verify
the security of an organization.
Module 6 – Risk, Response, and Recovery
Module 6 discusses elements of risk, response, and recovery. Students will be
presented with information about developing plans for risk management and risk
analysis, business continuity and disaster recovery, and incident response.
Module 7 – Operations and Administration
In Module 7 students will learn about administration of security management,
implementing trusted computing, using a systematic approach to software
development to protect security, and managing employees to protect company
assets.
Practice Exams
In Practice Exams students will have the opportunity to test themselves and
verify that they understand the concepts and are ready to take the certification
exam.
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
4
Introduction to SSCP
Summary
This video introduces the prerequisite knowledge a student should have before
attempting this course. They include knowledge of:



Network Configurations
Network Security
Network Protocols
The instructor also gives an overview of the Common Body of Knowledge (CBK)
domains (areas of knowledge) that will be discussed in this course:







Access Control
Cryptography
Networks and Communications
Malicious Code and Attacks
Analysis and Monitoring
Risk, Response, and Recovery
Operations and Administration
The instructor explains that (ISC) 2 requires all candidates that become certified
to accept and agree to the (ISC) 2 Code of Ethics:
1.
2.
3.
4.
Protect Society
Act Honorably
Provide Competent Services
Advance the Profession
The instructor also discusses that individuals who are certified must submit
Continuing Education Credits every 3 years.
Video/Demo
Introduction to SSCP
Time
9:48
Total Time
About 10 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
5
Section 1.1: Access Control
Summary
In this section students will learn how information security is based upon a
secure approach which determines what should be accessed, by whom and at
what level. To accomplish this, the instructor discusses:





Access control entities:
o Objects
o Subjects
o System
Access control processes:
o Identification
o Authentication
o Authorization
o Auditing
Functions that access control policies can perform:
o Preventative
o Detective
o Corrective
o Deterrent
o Recovery
o Compensative
Access counter measures:
o Administrative controls
o Technical controls
o Physical controls
Directory services
Students will view demonstrations on:


Managing Microsoft networks using Active Directory.
Managing Novell networks using eDirectory.
SSCP Exam Domains

1. Access Control
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
6
Lecture Focus Questions:






How does authentication differ from authorization?
What are the differences between administrative, physical, and technical
access controls?
How are corrective and recovery access controls similar?
How do preventive access controls differ from deterrent access controls?
How do directory services benefit a computer network?
What services do most directory services perform?
Video/Demo
1.1.1 Access Control
Time
7:03
1.1.2 Access Control Policies
10:20
1.1.4 Touring Active Directory
4:41
1.1.5 Touring eDirectory
3:40
Total
25:44
Number of Exam Questions
5 questions
Total Time
About 35 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
7
Section 1.2: Access Control Models
Summary
In this section students will become familiar with commonly used access control
models. Concepts covered include the:



Types of access control models:
o Discretionary Access Control (DAC)
o Mandatory Access Control (MAC)
o Role-Based Access Control (RBAC)
o Rule-Based Access Control
o Content-Dependent Access Control
Trusted Computer Security Evaluation Criteria (TCSEC)
o Grade A
 Level 1 Verified Protection
o Grade B
 Level 3 Security Domains
 Level 2 Structured Protection
 Level 1 Labeled Security Protection
o Grade C
 Level 2 Controlled Access Protection
 Level 1 Discretionary Security Protection
o Grade D
 n/a Minimal Protection
Academic security models:
o Bell-LaPadula
o Biba
o Clark-Wilson
o State machine
o Brewer and Nash Module/Chinese Wall
o Take-Grant
o Combination models
Students will learn how to:


Change and configure NTFS permissions.
Set and modify NetWare file rights.
SSCP Exam Domains

1. Access Control
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
8
Lecture Focus Questions:








In the Bell-LaPadula model, how does the * property differ from the strong
* property?
Which academic model(s) address confidentiality? Integrity?
Which model addresses conflict of interest?
Which model(s) are examples of Mandatory Access Control (MAC)?
What are the integrity goals included in the Clark-Wilson model?
What are the requirements for the Clark-Wilson model?
How does role-based access control differ from rule-based access
control?
How does explicit deny differ from explicit allow?
Video/Demo
1.2.1 Access Control Models
Time
14:14
1.2.3 Configuring NTFS Permissions
3:01
1.2.6 Setting File Rights
2:16
1.2.9 Academic Models
13:48
Total
33:19
Lab/Activity




Change NTFS Permissions
Configure NTFS Permissions
Modify File System Rights
Add a Trustee and Rights
Number of Exam Questions
14 questions
Total Time
About 75 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
9
Section 1.3: Authentication
Summary
This section discusses using authentication to prove a subject’s identity.
Concepts covered include:




Types of authentication:
o Type 1 Something you know
o Type 2 Something you have
o Type 3 Something you are
Combinations of authentication methods:
o Two-factor/Multi-factor
o Strong
o Mutual
Measuring authentication solutions:
o False negative
o False positive
o Crossover error rate
o Processing rate
The role of Single Sign-on (SSO) solutions:
o Advantages of SSO
o Disadvantages of SSO
o SSO solutions:
 Kerberos
 Secure European System for Applications in a Multi-Vendor
Environment (SESAME)
SSCP Exam Domains

1. Access Control
Lecture Focus Questions:








Which form of authentication is generally considered the strongest?
What is the difference between synchronous and asynchronous token
devices?
What is the difference between strong authentication and two-factor
authentication?
How do behavioral biometric systems work? What types of information do
they use for authentication?
What are the components of a strong password policy?
What additional benefits does SESAME provide over Kerberos?
What are the main advantages of SSO authentication? Disadvantages?
What is the relationship between keys and subjects in Kerberos?
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
10
Video/Demo
Time
1.3.1 Type 1 Authentication
11:24
1.3.2 Type 2 Authentication
4:53
1.3.3 Type 3 authentication
8:46
1.3.4 Two-factor Authentication
1:42
1.3.6 Single Sign-on
7:12
Total
33:57
Number of Exam Questions
20 questions
Total Time
About 60 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
11
Section 1.4: Authentication Administration
Summary
In this section the students will learn administration methods to protect password
authentication. Concepts covered include:



Improving password authentication:
o Strong password policy
o Educate users
o Apply a salt when hashing passwords
o Use account lockout
o Protect access to the password file
o Implement two-factor authentication
o Creating and defining password requirements
o Implementing a biometric system
Password settings to control password requirements on a Microsoft
computer:
o Enforce password history
o Maximum password age
o Minimum password age
o Minimum password length
o Password complexity
o Reversible encryption
Account lockout settings to disable a user account:
o Account lockout duration
o Account lockout threshold
o Reset account lockout counter after
Students will learn how to:



Configure Windows account policies to enforce strong password.
Configure account lockout.
Configure eDirectory password settings and account restrictions.
SSCP Exam Domains

1. Access Control
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
12
Lecture Focus Questions:





What characteristics typically define a strong password?
When is salting useful in passwords? What advantages does it provide?
What is the clipping level and how does it affect an account login?
What does the minimum password age setting prevent?
What setting lets you take actions for a specified number of incorrect
logon attempts?
Video/Demo
Time
1.4.2 Configuring Password Policies
3:42
1.4.4 Configuring Account Lockout
3:38
1.4.6 Configuring Login Security
4:08
Total
11:28
Lab/Activity




Enforce Password Settings
Configure Account Lockout
Modify Password Properties
Restrict Logon Hours
Number of Exam Questions
7 questions
Total Time
About 40 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
13
Section 1.5: Administration
Summary
This section discusses administration precautions to protect information from
creeping privileges which allows a user to accumulate privileges over time that
are not necessary for their current work tasks. Concepts covered included:


Precautions to protect against administration creep and corruption of
information.
End-of-life procedures to prevent sensitive data from being accessed by
unauthorized users.
Students will learn how to:


Create and manage domain user accounts.
Create an eDirectory user.
SSCP Exam Domains

1. Access Control
Lecture Focus Questions:




What are creeping privileges? How can they be prevented?
What security precautions should be made during the creation phase of
the account life cycle?
What is the best way to clean magnetic data from media so it can be
reused?
What are the approved methods to destroy optical media?
Video/Demo
Time
1.5.1 Administration Life Cycle
8:09
1.5.3 Managing Domain User Accounts
6:55
1.5.7 Creating an eDirectory User
1:03
Total
16:07
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
14
Lab/Activity




Create a Domain User Account
Disable a User Account
Reset the Password
Create a User
Number of Exam Questions
5 questions
Total Time
About 40 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
15
Section 2.1: Cryptography
Summary
In this section students will learn about cryptography, which is a method of
storing and transmitting information in a format that is unreadable to
unauthorized individuals. Cryptography is used by governments, militaries,
industries, and individuals to protect data. Concepts covered include:



Security services provided by cryptographic systems:
o Confidentiality
o Authentication
o Integrity
o Non-repudiation
Concepts, terms, and services of cryptography:
o Plaintext
o Cipher text
o Encryption
o Decryption
o Key
o Algorithm
o Initialization vector (IV)
o Symmetric key
o Asymmetric key
o Cryptanalysis
o Cryptosystem
o Cryptology
o Block cipher
o Stream cipher
o Transposition
o Substitution
o Steganography
A review of historical ciphers:
o Hieroglyphics
o Scytale
o Caesar cipher
o Vigenere
o Vernam
o Enigma
o Running key
o Concealment
o Code Square
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
16
SSCP Exam Domains

2. Cryptography
Lecture Focus Questions:






What two values are used by a cryptographic algorithm to encrypt data?
What characteristics of the key contribute to the security of encrypted
data?
What are two legitimate uses for cryptanalysis?
What is the difference between a transposition cipher and a substitution
cipher?
What is the difference between encryption and steganography?
What is a legitimate use of steganography?
Video/Demo
Time
2.1.1 Cryptography
10:34
2.1.2 Steganography
7:19
2.1.5 Cracking the Encryption Key
4:11
Total
22:04
Number of Exam Questions
8 questions
Total Time
About 35 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
17
Section 2.2: Symmetric Cryptography
Summary
Students will learn the basics of symmetric cryptography which involves using a
secret key that is shared between two communication partners. Concepts
covered include:




The role of symmetric cryptography
Issues with implementing symmetric key cryptography
Common symmetric block cryptography methods:
o Data Encryption Standard (DES)
o Triple DES (3DES)
o Advanced Encryption Standard (AES)
o International Data Encryption Algorithm (IDEA)
o Ron’s Cipher V2 or Ron’s Code v2 (RC2)
o Ron’s Cipher v5 or Ron’s Code v5 (RC5)
o Blowfish
o Twofish
o SkipJack
The role of symmetric key stream ciphers.
SSCP Exam Domains

2. Cryptography
Lecture Focus Questions:






Why are symmetric key stream ciphers considered to be stronger than
symmetric key block ciphers?
How does an initialization vector work?
What is the main disadvantage of symmetric key cryptography?
What are the four primary modes of DES?
What advantage does cipher block chaining have over other cipher block
encryption methods?
What advantages does AES have over Triple DES?
Video/Demo
2.2.1 Symmetric Cryptography
2.2.3 Symmetric Ciphers
Total
Time
8:31
10:41
19:12
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
18
Number of Exam Questions
18 questions
Total Time
About 40 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
19
Section 2.3: Asymmetric Cryptography
Summary
This section examines how asymmetric cryptography is used to communicate
securely without having prior access to a shared secret key. Concepts covered
include:




The role of asymmetric cryptography
Implementing asymmetric cryptography
Common asymmetric key cryptography systems:
o Rivest, Shamir Adleman (RSA)
o ELGamal
o Elliptic Curve (EC)
o Merkle-Hellman Knapsack
o Diffie-Hellman Key Exchange
Using a hybrid cryptography system.
SSCP Exam Domains

2. Cryptography
Lecture Focus Questions:





How do public keys differ from private keys? What is the relationship
between the two?
For which type of environment is asymmetric cryptography best suited?
How does RSA work?
What are the strengths of elliptic curve cryptography?
How are both symmetric and asymmetric cryptography used in practical
applications?
Video/Demo
2.3.1 Asymmetric Cryptography
Time
6:24
Number of Exam Questions
7 questions
Total Time
About 15 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
20
Section 2.4: Signatures and Hashing
Summary
In this section students will learn the basics of using digital signatures and
hashing to ensure the confidentiality and integrity of data. Concepts covered
include:




The role of hashing
Hashing algorithms:
o MD-2
o MD-4
o MD-5
o HAVAL
o SHA-1
Digital signature or signing
Creating a digital envelope
SSCP Exam Domains

2. Cryptography
Lecture Focus Questions:






What service or function is provided by hashes?
In what ways are HAVAL different from SHA-1? Which method provides
greater security?
What is collision and why is this condition undesirable in a hashing
algorithm?
Why is high amplification an indicator of a good hashing algorithm?
How are hashes used in digital signatures?
How do digital signatures provide confidentiality, integrity validation, strong
authentication, and non-repudiation?
Video/Demo
Time
2.4.1 Signatures and Hashing
8:06
2.4.2 Hashing
6:02
Total
14:08
Number of Exam Questions
11 questions
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
21
Total Time
About 30 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
22
Section 2.5: Public Key Infrastructure
Summary
This section discusses Public Key Infrastructure (PKI), which is a system that
provides for a trusted third party to vouch for user identities and allows binding of
public keys to subjects. Concepts covered include:






Digital certificates
X.509 certificates
Components of the PKI system:
o Root Certificate Authority (CA)
o Registration Authority (RA)
o Cryptographic Practices Statement (CPS)
o Subordinate CA
Public Key Cryptography Standards (PKCS)
The certificate management areas:
o Certificate validation
o Certificate revocation
o Certificate Revocation List (CRL)
o Certificate renewal
The key management areas:
o Key protection
o Crypto period
o Key strength
o Key generation
o Distribution
o Storage
o Key archival
o Key disposal
SSCP Exam Domains

2. Cryptography
Lecture Focus Questions:






How do distribution methods vary for symmetric and asymmetric keys?
Who authorizes subordinate CAs? Why is this important?
What does a template standard include?
What is included in a X.509 certificate?
How are revoked certificates identified?
What precautions should be exercised when disposing of private keys?
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
23
Video/Demo
2.5.1 Public Key Infrastructure
Time
12:36
Number of Exam Questions
14 questions
Total Time
About 30 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
24
Section 2.6: Cryptographic Uses
Summary
In this section students will learn cryptographic technologies used to protect
commerce and information in LAN- and Web-based environments:








Secure Electronic Transaction (SET)
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)
Secure Hyper Text Transport Protocol (S-HTTP)
Hyper Text Transport Protocol Secure (HTTPS)
Secure Shell (SSH)
Internet Protocol Security (IPSEC)
E-mail encryption solutions to secure e-mail messages:
o Privacy Enhanced Mail (PEM)
o Pretty Good Privacy (PGP)
o Secure Multipurpose Internet Mail Extensions (S/MIME)
o Message Security Protocol (MSP)
Students will learn how to:


Encrypt a file.
Encrypt a folder and its contents
SSCP Exam Domains

2. Cryptography
Lecture Focus Questions:




What are the differences between SSL and TLS?
Which port is used by IPSec?
Which protocol is a replacement for S-HTTP?
How are PGP and S/MIME similar?
Video/Demo
Time
2.6.1 Cryptographic Uses
4:04
2.6.3 Encrypting Files and Folders
2:44
Total
6:48
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
25
Lab/Activity


Encrypt a File
Encrypt a Folder and Contents
Number of Exam Questions
8 questions
Total Time
About 25 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
26
Section 2.7: Cryptographic Attacks
Summary
This section examines cryptographic attacks. Concepts covered include:


Methods of attack:
o Brute force
o Analytic
o Statistical
o Key clustering
o Chosen cipher text
o Known plaintext
o Chosen plaintext
o Main-in-the-middle
o Dictionary
o Replay
o PKI
o Side-channel
o Weak key
o Mathematical
o Birthday
o Implementation
Countermeasures to strengthen the cryptosystem:
o Use strong passwords
o Implement strong cryptosystems with redundant encipherment
o Implement long key spaces
SSCP Exam Domains

2. Cryptography
Lecture Focus Questions:





How does a dictionary attack differ from a brute force attack?
How does having chosen plaintext enhance an attacker's chances of
breaking the code over having known plaintext only?
Why are strong passwords a good countermeasure for a dictionary
attack?
When is the most probable time for a chosen plaintext attack to occur?
What is the goal of a replay attack?
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
27
Video/Demo
2.7.1 Cryptographic Attacks
Time
12:19
Number of Exam Questions
12 questions
Total Time
About 25 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
28
Section 3.1: Networking
Summary
This section discusses networking. Concepts covered include:





The role of the Open System Interconnection (OSI) model:
o Layer 7: Application
o Layer 6: Presentation
o Layer 5: Session
o Layer 4: Transport
o Layer 3: Network
o Layer 2: Data Link
 Logical Link Control (LLC)
 Media Access Control (MAC)
o Layer 1: Physical
TCP/IP model layers:
o Application
o Host-to-host
o Internet
o Network Access
Common TCP/IP protocols:
o Transport Control Protocol (TCP)
o Internet Protocol (IP)
o User-Datagram Protocol (UDP)
o Address Resolution Protocol (ARP)
o Internet Control Message Protocol (ICMP)
o Internet Group Management Protocol (IGMP)
Network models:
o Local Area Network (LAN)
o Metropolitan Area Network (MAN)
o Wide Area Network (WAN)
Network types:
o Peer-to-Peer
o Client/Server
SSCP Exam Domains

3. Networks and Communications
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
29
Lecture Focus Questions:





What functions are performed by the Data Link layer?
Which devices operate at the Network layer?
How does the TCP/IP Network Access layer relate to the OSI model?
What are the three categories of port ranges?
How do peer-to-peer networks differ from client/server networks? What
are the strengths of each?
Video/Demo
3.1.1 OSI Model
3.1.3 TCP/IP Model
Total
Time
16:14
8:10
24:24
Number of Exam Questions
4 questions
Total Time
About 40 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
30
Section 3.2: Local Area Networking
Summary
This section discusses details about local area networking. Concepts covered
include:








Network topologies:
o Bus
o Ring
o Star
o Mesh
o Hybrid
Networking issues:
o Attenuation
o Crosstalk
o Noise
o Eavesdropping
Types of media:
o Coaxial
o Twisted pair
o Fiber optic
o Wireless
Susceptibility of media to transmission problems
Countermeasures to minimize emanations
Signaling systems:
o Baseband systems
o Broadband systems
Network architecture:
o Ethernet characteristics:
 Topology
 Media Access Method
 Transmission Media
 Networking devices
 Physical Addresses
 Frames
o Token ring
o Fiber Data Distributed Interface (FDDI)
Other forms of media access:
o Carrier Sense, Multiple Access/Collision Avoidance (CSMA/CA)
o Polling
SSCP Exam Domains

3. Networks and Communications
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
31
Lecture Focus Questions:





Which twisted pair cable rating(s) are appropriate for 100 megabit
Ethernet?
Which media type is most resistant to EMI and eavesdropping? Which
media type is the most susceptible?
How does a plenum area pose a safety risk in the event of a fire?
How does CSMA/CD differ from CSMA/CA?
What two features are provided by the dual rings of FDDI?
Video/Demo
3.2.1 LAN Specifications
Time
12:32
3.2.5 Network Architectures
5:00
3.2.7 Using Sniffers
2:39
3.2.8 Sniffing Ethernet
3:53
Total
24:04
Number of Exam Questions
7 questions
Total Time
About 45 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
32
Section 3.3: Wide Area Networking
Summary
This section examines the basics of Wide Area Networking (WAN). Concepts
covered include:



WAN transmission media:
o Plain Old Telephone Service (POTS)
o T-1
o T-2
o T-3
o T-4
o E-1
Service options for WAN connectivity:
o Integrated Services Digital Network (ISDN)
o Digital Subscriber Line (DSL)
o X.25
o Leased lines
o Frame Relay
o Asynchronous Transfer Mode (ATM)
o Switch Megabit Data Service (SMDS)
o Cable
Additional technologies:
o Multiprotocol Label Switching (MPLS)
o Voice over Internet Protocol (VoIP)
o Synchronous Optical Network (SONET)
SSCP Exam Domains

3. Networks and Communications
Lecture Focus Questions:





Which WAN services use analog connectivity?
What is the difference between basic rate and primary rate ISDN?
Which WAN service provides the highest bandwidth?
How does MPLS work?
What benefits does VoIP provide?
Video/Demo
3.3.1 Wide Area Networking
Time
16:11
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
33
Total Time
About 20 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
34
Section 3.4: Protocols
Summary
In this section students will learn about protocols for sending data across a
network. Concepts covered include:



Common protocols:
o The Internet Protocol (IP)
o Transport Control Protocol (TCP)
o User-Datagram Protocol (UDP)
o Internet Control Message Protocol (ICMP)
o Address Resolution Protocol (ARP)
o Domain Name Server (DNS)
o Multipurpose Internet Mail Extensions (MIME)
o Secure Sockets Layer (SSL)
o Transport Layer Security (TLS)
o Secure Electronic Transaction (SET)
o Secure Shell (SSH)
o Simple Mail Transfer Protocol (SMTP)
o File Transfer Protocol (FTP)
o Internet Group Management Protocol (IGMP)
The role and characteristics of Secure Sockets Layer (SSL)
The role and characteristics of Transport Layer Security (TLS)
SSCP Exam Domains

3. Networks and Communications
Lecture Focus Questions:






What is the drawback to using UDP over TCP? What is one advantage of
UDP over TCP?
What is the main function of ARP?
How does SSL verify authentication credentials?
How can you tell that a session with a Web server is using SSL?
Why are server certificates required in SSL and TLS?
What additional benefit is provided by requiring client certificates in TLS?
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
35
Video/Demo
Time
3.4.1 Protocols
14:18
3.4.2 Sniffing IP
6:20
3.4.3 Sniffing ICMP
3:38
3.4.4 Sniffing ARP
5:21
Total
29:37
Number of Exam Questions
15 questions
Total Time
About 50 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
36
Section 3.5: Network Devices
Summary
This section discusses network devices used to establish the network
infrastructure. Concepts covered include:

Common internetworking devices:
o Network Interface Card (NIC)
o Hub
o Wireless Access Point (WAP)
o Switch
o Bridge
o Router
o Gateway
Students will learn how to:

Create a VLAN and assign ports.
SSCP Exam Domains

3. Networks and Communications
Lecture Focus Questions:





How are hubs and switches different?
At what OSI layer do switches operate?
How can VLANs be used to improve security?
How are MAC addresses used by switches?
How are bridges different from switches?
Video/Demo
Time
3.5.1 Network Devices
8:21
3.5.3 Configuring VLANs
7:31
Total
15:52
Lab/Activity


Create a VLAN and Assign Ports
Exploring VLAN Communication
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
37
Number of Exam Questions
8 questions
Total Time
About 35 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
38
Section 3.6: Packet Filters
Summary
This section discusses managing traffic with packet filters. Students will become
familiar with defining an inbound filter and an outbound filter.
Students will learn how to:


Create and configure packet filters.
Configure and apply ACLs to router interfaces.
SSCP Exam Domains

3. Networks and Communications
Video/Demo
3.6.1 Configuring Packet Filters
3.6.4 Configuring Access Control Lists
Total
Time
5:08
11:40
16:48
Lab/Activity





Create a Packet Filter 1
Create a Packet Filter 2
Apply Access Lists to Interfaces
Restrict Traffic from Specific Hosts
Restrict Traffic from Specific Networks
Total Time
About 40 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
39
Section 3.7: Firewalls
Summary
This section examines using firewalls to protect a trusted private network or
separate one private network from another. Concepts covered include:





The role of firewalls
Types of firewalls:
o Generation one – packet filtering firewall
o Generation two – application layer firewall, circuit proxy filter
o Generation three – stateful inspection firewall
o Generation four – dynamic packet filtering firewall
o Generation five – kernel proxy filtering firewall
Methods of deploying firewalls:
o Screened host
o TCP wrapper
o Screened subnet
o Bastion or sacrificial host
Categories of ports specified by Internet Corporation of Assigning Names
and Numbers (ICANN):
o Well Known
o Registered
o Dynamic (Private or High)
Well known ports that correspond to common Internet services
Students will learn how to:


Enable Internet Connection Firewall on a Windows XP system.
Open and close ports in ICF.
SSCP Exam Domains

3. Networks and Communications
Lecture Focus Questions:






What is a multi-homed firewall?
Which firewall type can examine the entire contents of a message?
What is the difference between an application layer firewall and a circuit
proxy filter?
How many firewall devices are used to create a typical demilitarized zone
(DMZ)?
What type of devices should be placed inside a demilitarized zone (DMZ)?
What port numbers correspond to HTTP traffic? Common e-mail traffic?
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
40
Video/Demo
3.7.1 Firewalls
3.7.4 Configuring ICF
Total
Time
10:06
4:15
14:21
Lab/Activity




Enable ICF
Open ICF Ports
Close Open Ports
Prevent ICMP Events
Number of Exam Questions
19 questions
Total Time
About 60 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
41
Section 3.8: Network Address Translation (NAT)
Summary
This section covers the basic concepts of using Network Address Translation
(NAT) to connect a private network to the Internet without obtaining registered
addresses for every host. The private address ranges for two addressing
methods are presented:


IP version 4
IP version 6
Students will learn how to:


Configure Internet Connection Sharing (ICS) on a Windows XP system.
Configure NAT on a Windows router.
SSCP Exam Domains

3. Networks and Communications
Lecture Focus Questions:




How does NAT provide a measure of security to network devices?
What should be combined with NAT to increase security?
What address ranges should you use on private networks connected to
the Internet using NAT?
How does NAT provide two way traffic flow?
Video/Demo
Time
3.8.1 Network Address Translation
3:00
3.8.3 Sharing a Connection
3:37
3.8.5 Configuring NAT
4:04
Total
10:41
Lab/Activity


Share an Internet Connection
Configure NAT
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
42
Number of Exam Questions
4 questions
Total Time
About 25 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
43
Section 3.9: Remote Access
Summary
In this section students will learn about configuring remote access. Concepts
covered include:


Remote access protocols:
o Serial Line Interface Protocol (SLIP)
o Point-to-Point Protocol (PPP)
o Point-to-Point Protocol over Ethernet (PPPoE)
o Password Authentication Protocol PAP
o Challenge Handshake Authentication Protocol (CHAP)
o Extensible Authentication Protocol (EAP)
Protocols to deploy centralized authentication:
o Remote Authentication and Dial-In User Service (RADIUS)
o Terminal Access Controller Access Control System (TACACS)
o Diameter
Students will learn how to:




Configure a remote access server, including remote access policies.
Configure a remote access client connection.
Customize remote access authentication protocols.
Configure RADIUS clients and servers.
SSCP Exam Domains

3. Networks and Communications
Lecture Focus Questions:







How are SLIP and PPP different?
What advantages are provided by EAP over other forms of authentication?
How can caller ID and callback be used to improve remote access
security?
In a RADIUS system, which component provides authentication for remote
access clients?
How does TACACS implement multi-factor authentication?
How is TACACS an improvement over RADIUS?
What are the main benefits of DIAMETER?
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
44
Video/Demo
Time
3.9.1 Remote Access
4:24
3.9.4 Configuring a Remote Access Server
4:26
3.9.6 Configuring Remote Access Policies
4:32
3.9.8 Creating a Dialup Connection
4:40
3.9.12 Configuring RADIUS
4:43
Total
22:45
Lab/Activity







Configure a Remote Access Server
Create a Remote Access Policy
Create a Dialup Connection
Configure Advanced Authentication
Configure Smart Card for Authentication
Configure a RADIUS Server
Configure a RADIUS Client
Number of Exam Questions
11 questions
Total Time
About 75 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
45
Section 3.10: Virtual Private Networks (VPN)
Summary
This section examines using a Virtual Private Network (VPN) to allow IP traffic to
travel securely over the TCP/IP network. Concepts covered include:




Common tunneling protocols:
o Point-to-Point Tunneling Protocol (PPTP)
o Layer 2 Forwarding (L2F)
o Layer 2 Tunneling Protocol (L2TP)
Using IPSec to provide encryption
IPSec protocols for authentication, data encryption, and connection
negotiation:
o Authentication Header (AH)
o Encapsulating Security Payload (ESP)
o Internet Key Exchange (IKE)
IPSec modes of operation:
o Transport mode
o Tunnel mode
Students will learn how to:



Configure a VPN server.
Configure a client VPN connection.
Configure specific VPN protocols.
SSCP Exam Domains

3. Networks and Communications
Lecture Focus Questions:





What is the difference between AH and ESP?
What is the function of IKE in IPSec?
What is the difference between IPSec tunnel mode and transport mode?
Which VPN technologies operate at OSI model layer 2?
How is L2TP an improvement over PPTP and L2F?
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
46
Video/Demo
3.10.1 VPN
Time
13:31
3.10.4 Configuring a VPN Server
6:18
3.10.7 Creating a Client VPN Connection
5:56
3.10.10 Configuring IPSec
4:04
3.10.11 Analyzing IPSec Traffic
2:01
Total
31:50
Lab/Activity




Configure a VPN Server
Disable PPTP Ports
Create a Client VPN Connection
Customize the Tunneling Protocol
Number of Exam Questions
10 questions
Total Time
About 65 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
47
Section 3.11: Wireless
Summary
This section provides a basic overview of the wireless networking technology.
Concepts covered include:







Wireless transmission technologies:
o Frequency Hopping Spread Spectrum (FHSS)
o Direct Sequence Spread Spectrum (DSSS)
o Orthogonal Frequency Division Multiplexing (OFDM)
o Infrared
Common wireless standards
o 802.11a
o 802.11b
o 802.11g
Wireless networking standards:
o Wireless Personal Area Network (WPAN)
o Wireless Metropolitan Area Network (WMAN)
Choices for configuring a wireless LAN:
o Infrastructure
o Ad Hoc
Identifiers used with wireless networks:
o Service Set Identifier (SSID)
o Basic Service Set Identifier (BSSID)
Methods to provide authentication on a wireless network:
o Open
o Shared secret
o 802.1x
Methods for providing security for wireless networking:
o Wired Equivalent Privacy (WEP)
o Wi-Fi Protected Access (WPA)
o Wi-Fi Protected Access 2 (WPA2)
SSCP Exam Domains

3. Networks and Communications
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
48
Lecture Focus Questions:







How are FHSS and DSSS different?
How does the BSSID differ from the SSID?
What improvements did WPA make to overcome the weaknesses of
WEP?
Why shouldn't you use shared secret authentication with WEP?
Why is a RADIUS server required when using 802.1x authentication?
What is the function of the MIC with WPA and WPA2?
Which encryption mechanisms are used by WEP, WPA, and WPA2?
Video/Demo
3.11.1 Wireless
Time
4:50
Number of Exam Questions
17 questions
Total Time
About 30 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
49
Section 4.1: Malicious Code and Attacks
Summary
This section discusses malicious code and attacks. Students will become familiar
with the following concepts:




Defining attackers:
o Hacker
o Cracker
o Script kiddy
o Phreaker
Examples of common malware:
o Virus
o Worm
o Spyware
o Trojan horse
o Logic bomb
o Botnet
Countermeasures for malware attacks:
o Antivirus software
o Train users
o Disable scripts
o Block attachments
o Implement software policies
o Remove removable drives
o Show full file extensions
Historic malware events:
o Stoned
o Michelangelo
o CIH/Chernobyl Virus
o Melissa
o I Love You
o Code Red
o Nimda
o Klez
SSCP Exam Domains

4. Malicious Code and Attacks
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
50
Lecture Focus Questions:






What's the difference between a hacker and a cracker?
Which types of malware can self replicate?
What type of files do anti-virus software need to be able to identify known
viruses?
What must you do to make anti-virus software effective?
What countermeasures are recommended for Trojan horse attacks?
How did the ILOVEYOU virus propagate?
Video/Demo
Time
4.1.1 Attackers
9:11
4.1.3 Malware
14:33
4.1.5 Malware Examples
Total
5:33
29:17
Number of Exam Questions
16 questions
Total Time
About 50 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
51
Section 4.2: Reconnaissance Attacks
Summary
This section provides an overview of reconnaissance used to plan a mode of
attack. Concepts covered include:


The basic stages of reconnaissance.
Countermeasures for preventing reconnaissance.
SSCP Exam Domains

4. Malicious Code and Attacks
Lecture Focus Questions:




What types of activities are considered passive reconnaissance?
What are popular network scanning tools?
How does a Christmas tree scan work?
How can reconnaissance be prevented?
Video/Demo
Time
4.2.1 Reconnaissance Attacks
6:15
4.2.2 Scanning Ports
4:54
Total
11:09
Number of Exam Questions
2 questions
Total Time
About 15 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
52
Section 4.3: Social Engineering Attacks
Summary
This section examines using social engineering attacks to exploit human nature
by convincing someone to reveal information or perform an activity. Concepts
covered include:



Defining social engineering.
Main types of social engineering attacks.
Specific social engineering attacks.
SSCP Exam Domains

4. Malicious Code and Attacks
Lecture Focus Questions:




What human traits are exploited in a social engineering attack?
What is the best defense against a social engineering attack?
A caller tells you he is a network administrator and needs information
about the computer on your desk. What type of social engineering attack
is he using?
How does a phishing attack work?
Video/Demo
Time
4.3.1 Social Engineering Attacks
14:58
4.3.2 Researching Virus Hoaxes
5:34
Total
20:32
Number of Exam Questions
9 questions
Total Time
About 35 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
53
Section 4.4: Network Attacks
Summary
This section discusses common attacks that exploit network communications.
Network attacks and countermeasures for each are presented:





Spoofing
Sniffing
Hijacking
Man-in-the-middle
Replay
SSCP Exam Domains

4. Malicious Code and Attacks
Lecture Focus Questions:




What is the main purpose of a replay attack?
How does spoofing work? How can it be prevented?
Which protocols typically transfer data in clear text? What does this mean
for the security of the information?
How are hijacking and man-in-the-middle attacks related?
Video/Demo
4.4.1 Network Attacks
Time
16:58
Number of Exam Questions
14 questions
Total Time
About 35 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
54
Section 4.5: Password Attacks
Summary
In this section students will learn about attacks that are directed at passwords.
Concepts covered include:




Common password attacks
Collecting hashed passwords
Cracking hashed passwords.
Countermeasures for password attacks
SSCP Exam Domains

4. Malicious Code and Attacks
Lecture Focus Questions:




How does a dictionary attack differ from a brute force attack?
How can hashed passwords be collected?
How does a rainbow table speed up the password cracking process?
What are the best countermeasures for attacks against passwords?
Video/Demo
Time
4.5.1 Password Attacks
7:39
4.5.2 Recovering Passwords
9:20
4.5.3 Using Rainbow Tables
4:48
Total
21:47
Number of Exam Questions
9 questions
Total Time
About 30 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
55
Section 4.6: Availability Attacks
Summary
This section teaches the students about availability attacks, which consists of
Denial of Service (DoS) attacks and Distributed Denial of Service attacks
(DDoS). Concepts covered include:



Common forms of DoS attacks.
Common forms of DDoS attacks.
Countermeasures for DoS and DDoS attacks.
SSCP Exam Domains

4. Malicious Code and Attacks
Lecture Focus Questions:





How are DoS and DDoS attacks similar? How are they different?
How does a Fraggle attack differ from a Smurf attack?
How are a Land attack and a Teardrop attack similar?
Which attacks can be prevented with reverse DNS lookups?
What is the role of a zombie?
Video/Demo
4.6.1 Denial of Service Attacks
Time
16:06
4.6.2 Performing UDP Flood Attacks
3:54
4.6.3 Performing ARP Poisoning
4:24
Total
24:24
Number of Exam Questions
15 questions
Total Time
About 45 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
56
Section 4.7: Application Attacks
Summary
This section discusses common application exploitation attacks. Concepts
covered include:









Backdoor attacks.
Buffer overflow attacks.
Pointer overflow attacks.
Salami attacks.
Data diddling.
Excessive permissions.
Unprotected temporary files.
Directory traversal.
Covert channels.
SSCP Exam Domains

4. Malicious Code and Attacks
Lecture Focus Questions:






How are backdoors most commonly exploited?
How does a data diddling attack differ from a salami attack?
How do excessive permissions affect the vulnerability of an application?
How does directory traversal work? How can it be prevented?
What is the difference between a buffer overflow attack and a pointer
overflow attack?
How are a covert timing channel and a storage channel similar?
Video/Demo
4.7.1 Denial of Service Attacks
Time
9:30
Number of Exam Questions
9 questions
Total Time
About 25 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
57
Section 4.8: Web Server Attacks
Summary
This section teaches students how to secure a Web site from Web server
attacks. Concepts covered include:


Applications commonly used for Web-based applications or scripting
programs.
Countermeasures for Web server-based attacks.
Students will learn how to:


Configure authentication for Web sites and Web folders.
Configure IIS permissions.
SSCP Exam Domains

4. Malicious Code and Attacks
Lecture Focus Questions:




How does Java use the sandbox to provide security?
How does client-side scripting differ from server-side scripting?
How is ActiveX vulnerable to attacks?
What are the best countermeasures for Web server attacks?
Video/Demo
Time
4.8.1 Web Server Attacks
2:42
4.8.3 Configuring IIS Authentication
4:09
4.8.6 Configuring IIS Permissions
3:34
Total
10:25
Lab/Activity



Configure Web Site Authentication
Configure Web Folder Authentication
Configure IIS Permissions
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
58
Number of Exam Questions
5 questions
Total Time
About 35 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
59
Section 4.9: Browser Security
Summary
This section examines securing the browser from attacks. Concepts covered
include:


Indications of an unsecured connection or attack.
Preventing browser attacks.
Students will learn how to:



Clear the Internet Explorer cache.
Configure security zones in Internet Explorer.
Configure cookie and security settings for Internet Explorer.
SSCP Exam Domains

4. Malicious Code and Attacks
Lecture Focus Questions:




How do cookies pose a security threat? Which CIA triad component can
be compromised by cookies?
How is cache used on the Internet? How does it make a system
vulnerable?
What are the different Internet Explorer zones? Which has the highest
security settings?
What can you look for that may indicate an unsecured connection or an
attack?
Video/Demo
Time
4.9.2 Clearing the Cache
4:56
4.9.4 Configuring Security Zones
6:06
4.9.8 Configuring Cookie Handling
2:30
4.9.11 Configuring Advanced IE Settings
2:59
Total
16:31
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
60
Lab/Activity








Clear the Browser Cache
Add a Trusted Site
Add a Restricted Site
Customize Zone Settings
Change the Cookie Level
Customize Cookie Handling
Configure Browser Security
Clear Temporary Internet Files
Number of Exam Questions
5 questions
Total Time
About 65 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
61
Section 4.10: Communication Attacks
Summary
This section provides information about wireless, phone, and cell phone attacks.
Concepts covered include:




Wireless networks vulnerabilities.
Measures to protect a wireless network.
Common phone exploitation attacks.
Common cell phone exploitation attacks.
SSCP Exam Domains

4. Malicious Code and Attacks
Lecture Focus Questions:







What is the purpose of warchalking?
How are rogue access points used in man-in-the-middle attacks?
How does MAC address filtering and disabling DHCP on a wireless
access point provide some measure of security?
What are the different methods used for wireless authentication? Which is
the most secure?
How does a site survey impact wireless security?
How is cramming different than slamming?
What are the most common types of cell phone exploitation attacks?
Video/Demo
4.10.1 Wireless Attacks
Time
13:21
4.10.2 Using Wireless Attack Tools
9:07
4.10.4 Phone Attacks
3:11
Total
25:39
Number of Exam Questions
10 questions
Total Time
About 35 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
62
Section 4.11: System Hardening
Summary
This section provides recommendations and the processes to harden a system.
Concepts covered include:


Hardening devices.
Hardening individual services or applications.
Students will learn how to:




Disable and uninstall networking components.
Download and apply Windows operating system updates.
Manage services on a Windows system.
Identify excess services and software running on a system.
SSCP Exam Domains

4. Malicious Code and Attacks
Lecture Focus Questions:




What is system hardening? How does it benefit the security of an
organization?
What is a security baseline?
How do system updates relate to system security?
What are the vulnerabilities of FTP? DNS?
Video/Demo
Time
4.11.2 Managing Network Components
4:12
4.11.5 Applying Windows Updates
3:17
4.11.6 Using MBSA
3:10
4.11.7 Managing Services
4:46
Total
15:25
Lab/Activity



Disable File and Printer Sharing
Disable NetBIOS over TCP/IP
Stop and Disable Services
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
63
Number of Exam Questions
8 questions
Total Time
About 40 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
64
Section 5.1: Auditing
Summary
In this section students will learn how to use auditing to ensure that the current
implementation meets the security goals of the organization. Concepts covered
include:









The role of auditing.
Audit domains.
Methods auditors use to gather information.
Types of auditors.
Applying due care and due diligence.
Preventing creeping privileges.
Post audit activities.
Standardized auditing models
Auditing methods and tools.
SSCP Exam Domains

5. Analysis and Monitoring
Lecture Focus Questions:






How is an audit benchmark used?
What are the benefits of internal auditors? External auditors?
What are methods an auditor can use to gather data?
What is the importance of a clearly defined audit scope?
How can creeping privileges be avoided?
How can you benefit from applying a standardized model when performing
an audit?
Video/Demo
5.1.1 Security Audits
5.1.3 The Audit Process
5.1.4 Auditing Tools and Methods
Total
Time
6:01
10:15
6:59
23:15
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
65
Number of Exam Questions
3 questions
Total Time
About 35 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
66
Section 5.2: Audit Trails
Summary
This section discusses using audit trails to trace the cause of events and provide
problem resolution. Concepts covered include:




The role of an audit trail.
Components of an auditing subsystem.
Types of events the audit trail should include.
The role of logging.
Students will learn how to:



Enable system auditing
Save audit logs
Change audit log properties
SSCP Exam Domains

5. Analysis and Monitoring
Lecture Focus Questions:





How can auditing be a preventative security measure?
In addition to defining the actions to record in an audit log, what else must
you do to make auditing effective?
What problems are associated with logging too many events in the audit
trail?
Why is auditing considered to be a passive detection system?
What purposes can audit trails serve other than detecting unauthorized
activities?
Video/Demo
Time
5.2.1 Audit Trails
8:47
5.2.3 Auditing Systems
3:46
5.2.6 Managing Security Logs
3:59
Total
16:32
Lab/Activity

Enable Auditing 1
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
67




Enable Auditing 2
Save the Audit Log
Change Log Properties
Configure the System to Shut Down
Number of Exam Questions
10 questions
Total Time
About 55 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
68
Section 5.3: Intrusion Detection
Summary
This section examines using intrusion detection to detect and protect the network
from suspicious activity by monitoring frames on the network. Concepts covered
include:




Intrusion Prevention System (IPS)
Intrusion Detection System (IDS)
Honeypot
Padded cell (also referred to as a tar pit or honey net)
SSCP Exam Domains

5. Analysis and Monitoring
Lecture Focus Questions:





What is the difference between IPS and IDS?
How are network-based IDS and host-based IDS different?
What are clipping levels and thresholds?
What are the strengths and weaknesses of anomaly recognition?
Signature recognition?
How is a honey pot used?
Video/Demo
5.3.1 Intrusion Detection and Prevention
5.3.2 Viewing Network Activity
Total
Time
12:42
3:34
16:16
Number of Exam Questions
15 questions
Total Time
About 35 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
69
Section 5.4: Penetration Testing
Summary
In this section students will learn how penetration testing can be used to assure
the effectiveness of an organization’s security implementations and
countermeasures. Concepts covered include:





Defining the Rules of Engagement (ROE).
Defining the penetration testing teams.
Types of penetration testing.
Levels of knowledge the attack and system personnel have prior to the
attack.
Stages of penetration testing.
SSCP Exam Domains

5. Analysis and Monitoring
Lecture Focus Questions:




Why are physical penetration and operation penetration tests valuable to
system security?
What boundaries should be defined before starting a penetration test?
Why?
Why does a double blind penetration test provide more valuable data than
a single blind test?
What is the difference between network enumeration and system
enumeration?
Video/Demo
Time
5.4.1 Penetration Testing
9:03
5.4.2 Penetration Testing Process
5:27
5.4.3 Penetration Testing Tools
7:09
5.4.4 Using Nessus
9:37
5.4.5 Probing Systems
2:40
Total
33:56
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
70
Number of Exam Questions
8 questions
Total Time
About 50 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
71
Section 6.1: Risk Management
Summary
This section discusses risk management for an organization. Concepts covered
include:



Sources of threats.
An organization’s approach to risk.
The processes involved in risk management.
SSCP Exam Domains

6. Risk, Response, and Recovery
Lecture Focus Questions:




What are the sources of threats?
How does the threat source affect the countermeasures you might put in
place?
How is the proactive approach to risk different than the reactive approach?
What approach to risk demonstrates due care and due diligence?
Video/Demo
6.1.1 Risk Management
Time
7:30
Number of Exam Questions
1 question
Total Time
About 10 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
72
Section 6.2: Risk Analysis
Summary
This section discusses using risk analysis to protect assets. Concepts covered
include:






The terms related to risk analysis.
The general steps to perform a risk analysis and develop a plan to
respond to the risk.
Selecting and deploying countermeasures.
Acceptable responses to risk.
Asset analysis theories.
Quantitative risk analysis formulas.
SSCP Exam Domains

6. Risk, Response, and Recovery
Lecture Focus Questions:








What is the difference between a threat and a threat agent?
What is the difference between asset exposure and asset vulnerability?
How do tangible assets differ from intangible assets?
How can an organization transfer risk?
When should a countermeasure not be implemented?
When is risk acceptance appropriate? When is risk rejection appropriate?
What is the relationship between the control gap and residual risk?
How does the single loss expectancy affect the annualize rate of
occurrence?
Video/Demo
6.2.1 Risk Analysis
6.2.4 Risk Analysis Methods
Total
Time
9:42
15:41
25:23
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
73
Number of Exam Questions
12 questions
Total Time
About 40 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
74
Section 6.3: Business Continuity and Disaster Recovery
Summary
In this section students will learn about planning for a disruptive event. Concepts
covered include:







Disaster Recovery Planning (DRP).
Business Continuity Planning (BCP).
Incident recovery.
The Business Impact Analysis (BIA).
Guidelines for plan testing.
Backup methods and strategies.
Redundancy solutions.
SSCP Exam Domains

6. Risk, Response, and Recovery
Lecture Focus Questions:








What is the primary difference between disaster recovery and business
continuity planning?
What are the objectives of security planning?
How do the primary tasks of the recovery team differ from the primary
tasks of the salvage team?
What are the major stages in the Business Impact Analysis (BIA)?
What are the differences between compliance and substantive testing?
Which backup options reset the archive bit?
Why are hot sites typically not implemented? Why might cold sites be of
little use when recovering from a disaster?
What are the drawbacks to a mutual aid agreement?
Video/Demo
Time
6.3.1 Business Continuity and Disaster Recovery 16:51
Number of Exam Questions
21 questions
Total Time
About 50 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
75
Section 6.4: Incident Response
Summary
Students will learn how to respond to a security incident. Concepts covered
include:





Incident response plans.
Computer forensics.
Ensuring evidence is admissible in court.
The life cycle of evidence.
The chain of custody.
SSCP Exam Domains

6. Risk, Response, and Recovery
Lecture Focus Questions:







What are the responsibilities of the CIRT team?
What is considered a security incident?
How is computer evidence authenticated?
What is required to ensure admissibility of evidence in court?
What is the best method for duplicating hard drives?
What is the purpose of the chain of custody?
What precautions should be taken during the transportation and storage of
evidence?
Video/Demo
6.4.1 Incident Response
6.4.3 Computer Forensics
6.4.4 Using Computer Forensics Tools
Total
Time
7:56
11:34
6:17
25:47
Number of Exam Questions
12 questions
Total Time
About 45 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
76
Section 7.1: Security Administration
Summary
This section discusses administration of security management to preserve the
confidentiality, integrity and availability of all critical and valuable assets.
Concepts covered include:




Security management responsibilities.
Operational security to establish defense and depth.
Implementing a security policy.
Protecting an organization with plans and policies.
SSCP Exam Domains

7. Operations and Administration
Lecture Focus Questions:





How do the five components of a security policy document work together?
In what situations would you use a security guideline instead of a security
procedure?
What is the importance of establishing baselines?
What is defense in depth and how does it increase an organization's
security?
What are the steps in the change control process?
Video/Demo
7.1.1 Security Administration
Time
9:01
Number of Exam Questions
15 questions
Total Time
About 30 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
77
Section 7.2: Trusted Computing
Summary
In this section students will learn about using a trusted computing base to ensure
that a system behaves properly and adheres to the organization’s security policy.
A trusted computing base is a combination of hardware, software, and all the
controls that form the trusted computing base of that system. Concepts covered
include:




A Protection Profile (PP).
Secure operating systems.
Trusted Computing Base (TCB).
Evaluation criteria standards.
SSCP Exam Domains

7. Operations and Administration
Lecture Focus Questions:






Which evaluation criteria uses different classes for functionality and
assurance?
What is a major limitation of the TCSEC criteria compared to the ITSEC
criteria?
What are the four modes of security that should be included in a protection
profile?
What levels of access does a reference monitor use?
How does layering provide security to an operating system?
How does commercial classification labeling differ from military?
Video/Demo
7.2.1 Trusted Computing Base
7.2.3 Certification and Accreditation
Total
Time
16:10
4:53
21:03
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
78
Number of Exam Questions
20 questions
Total Time
About 50 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
79
Section 7.3: Development
Summary
This section discusses software development. The System Development Life
Cycle (SDLC) is a systematic method for design, development, and change
management used for software development and implementation of system and
security projects. Concepts covered include:



The phases of the SDLC.
The execution of change control.
Standardized development models.
SSCP Exam Domains

7. Operations and Administration
Lecture Focus Questions:





How does the spiral model combine the waterfall model and the prototype
model?
How should security be employed in the different stages of development?
What does functional design entail?
When is change control necessary?
What are the responsibilities of developers after a product is released?
Video/Demo
7.3.1 System Development Life Cycle
Time
14:27
Number of Exam Questions
11 questions
Total Time
About 30 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
80
Section 7.4: Employee Management
Summary
In this section students will learn how to use employee management to ensure
that employees play a major role in protecting company assets. Concepts
covered include:






Employee management principles.
Employee-related security vulnerabilities.
Employee security processes.
Employment agreements.
Setting employee expectations and responsibilities.
Ensuring ethics.
SSCP Exam Domains

7. Operations and Administration
Lecture Focus Questions:







How can pre-employment processing improve the security of an
organization?
What is the role of the policy handbook regarding security?
What guidelines must be considered when monitoring employees?
Why should employees be required to sign employment agreements?
How are separation of duties and two-man control different?
How can collusion be avoided?
What is the importance of a clear job description?
Video/Demo
7.4.1 Employment Practices
Time
8:48
Number of Exam Questions
13 questions
Total Time
About 30 minutes
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
81
Practice Exams
Summary
This section provides information to help prepare students to take the exam and
to register for the exam.
Students will also have the opportunity of testing their mastery of the concepts
presented in this course to reaffirm that they are ready for the certification exam.
For example, all questions that apply to Domain 1: Access Control are grouped
together and presented in practice exam Domain 1: Access Control, All
Questions. Students will typically take about 60-90 minutes to complete each of
the following practice exams.
Domain 1: Access Control, All Questions (52 questions)
Domain 2: Cryptography, All Questions (78 questions)
Domain 3: Networks and Communications, All Questions (98 questions)
Domain 4: Malicious Code and Attacks, All Questions (102 questions)
Domain 5: Analysis and Monitoring, All Questions (36 questions)
Domain 6: Risk, Response, and Recovery, All Questions (46 questions)
Domain 7: Operations and Administration, All Questions (58 questions)
The Certification Practice Exam consists of 125 questions that are randomly
selected from the above practice exams. Each time the Certification Practice
Exam is accessed different questions may be presented. The Certification
Practice Exam has a time limit of 180 minutes -- just like the real certification
exam. A passing score of 90% should verify that the student has mastered the
concepts and is ready to take the real certification exam.
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
82
Appendix A: Approximate Time for the Course
The total time for the SSCP course is approximately 40 hours. The time is
calculated by adding the approximate time for each section which is calculated
using the following elements:




Video/demo times
Approximate time to read the text lesson (the length of each text lesson is
taken into consideration)
Simulations (5 minutes assigned per simulation)
Questions (1 minute per question)
The breakdown for this course is as follows:
Module
Sections
Time
Minute HR:MM
Introduction to SSCP
Introduction to SSCP
10
10
:10
35
75
60
40
40
250
4:10
35
40
15
30
30
25
25
200
3:20
1.0 Access Control
1.1 Access Control
1.2 Access Control Models
1.3 Authentication
1.4 Authentication Administration
1.5 Administration
2.0 Cryptography
2.1 Cryptography
2.2 Symmetric Cryptography
2.3 Asymmetric Cryptography
2.4 Signatures and Hashing
2.5 Public Key Infrastructure
2.6 Cryptography Uses
2.7 Cryptographic Attacks
3.0 Networks and Communications
3.1 Networking
3.2 Local Area Networking
3.3 Wide Area Networking
3.4 Protocols
3.5 Network Devices
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
40
45
20
50
35
83
3.6 Packet Filters
3.7 Firewalls
3.8 Network Address Translation (NAT)
3.9 Remote Access
3.10 Virtual Private Networks (VPN)
3.11 Wireless
40
60
25
75
65
30
485
8:05
50
15
35
35
30
45
25
35
65
35
40
410
6:50
35
55
35
50
175
2:55
10
40
50
45
145
2:25
30
50
30
30
140
2:20
4.0 Malicious Code and Attacks
4.1 Malicious Code and Attacks
4.2 Reconnaissance Attacks
4.3 Social Engineering Attacks
4.4 Network Attacks
4.5 Password Attacks
4.6 Availability Attacks
4.7 Application Attacks
4.8 Web Server Attacks
4.9 Browser Security
4.10 Communication Attacks
4.11 System Hardening
5.0 Analysis and Monitoring
5.1 Auditing
5.2 Audit Trails
5.3 Intrusion Detection
5.4 Penetration Testing
6.0 Risk, Response, and Recovery
6.1 Risk Management
6.2 Risk Analysis
6.3 Business Continuity and Disaster Recovery
6.4 Incident Response
7.0 Operations and Administration
7.1 Security Administration
7.2 Trusted Computing
7.3 Development
7.4 Employee Management
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
84
Practice Exams
Domain 1: Access Control (52 questions)
Domain 2: Cryptography (78 questions)
52
78
Domain 3: Networks and Communications
(98 questions)
98
Domain 4: Malicious Code and Attacks
(102 questions)
Domain 5: Analysis and Monitoring (36 questions)
102
36
Domain 6: Risk, Response, and Recovery
(46 questions)
46
Domain 7: Operations and Administration
(58 questions)
Certification Practice Exam (125 questions)
58
125
Total
Time
©2009 TestOut Corporation (Rev 9/09)
System Security Certified Practitioner (SSCP) Ver. 2.0
595
9:55
2400
40:00
85