TRAINING COURSE CONTROL DOCUMENT FOR NETWORK SECURITY VULNERABILITY TECHNICIAN (NSVT) COURSE A-531-0022A PREPARED FOR CENTER FOR INFORMATION DOMINANCE 640 ROBERTS ROAD PENSACOLA, FLORIDA 32511 PREPARED BY CENTER FOR INFORMATION DOMINANCE LEARNING SITE NORFOLK 1887 VIKING AVENUE VIRGINIA BEACH, VIRGINIA 23461 SEPTEMBER 2007 THIS PAGE INTENTIONALLY LEFT BLANK CHANGE RECORD Number and Description of Change Entered by i Date THIS PAGE INTENTIONALLY LEFT BLANK ii LETTER OF PROMULGATION For NETWORK SECURITY VULNERABILITY TECHNICIAN A-531-0022A This publication, and its related support material, constitutes the approved curriculum for this course of instruction. Deviation from this curriculum is not authorized unless approved by the Curriculum Control Authority (CCA). Corrections and recommended changes are invited and will be submitted in accordance with direction and procedures in approved references via the Course Lead. This curriculum supersedes all previous curricula for the Network Security Vulnerability Technician (NSVT) course of instruction. iii THIS PAGE INTENTIONALLY LEFT BLANK iv TRAINING COURSE CONTROL DOCUMENT TABLE OF CONTENTS Contents ............................................................................................................. Page Change Record ......................................................................................................... i Letter of Promulgation ........................................................................................... iii Table of Contents .....................................................................................................v Forward ....................................................................................................................1 Course Data ..............................................................................................................3 Trainee Data .............................................................................................................4 Curriculum Outline of Instruction ...........................................................................5 ANNEX A: Resource Requirements ................................................................. A-1 ANNEX B: Course Master Schedule ...................................................................B-1 v THIS PAGE INTENTIONALLY LEFT BLANK vi Foreword This course is designed to teach the knowledge and skills needed for Network Security Administrators to perform security assessments and protect Department of Defense networking systems. The course was previously taught at six sites: CIT San Diego, CIT LS Hampton Roads, Dam Neck, CIT LS Pensacola, Florida, CIT LS Kingsbay, Georgia, CIT LS Groton, Connecticut, CIT LS Bangor, Washington. This TCCD documents the update of the NSVT program to meet current threats to DoD Information Systems and describes the revised training program for six training sites: CID LS San Diego, California, CID LS Norfolk, Virginia, CID LS Kings Bay, Georgia, CID LS Groton, Connecticut, CID LS Bangor, Washington, and CID LS Yokosuka, Japan. 1 THIS PAGE INTENTIONALLY LEFT BLANK 2 COURSE DATA Course Title: Network Security Vulnerability Technician Course Identification Number (CIN): A-531-0022A Course Data Processing Code (CDP) by Site: 1. 654G CID LS Norfolk, Virginia 2. 633T CID LS San Diego, California 3. 588N CID LS Kings Bay, Georgia 4. 588P CID LS Groton, Connecticut 5. 659J CID LS Bangor, Washington 6. 04LH CID LS Yokosuka, Japan Course Status: Revision Course Mission Statement: The NETWORK SECURITY VULNERABILITY TECHNICIAN course is designed to prepare graduates with requisite knowledge to provide Network Security Administrators with advance knowledge and skills necessary to secure computer networks and systems with focus on the following functional areas: - Security management of Windows 2003, LINUX, Routers, Firewall configurations, Web Servers and Intrusion Detection Systems. - Security configuration of host based/network vulnerability scanners and session encryption security tools. - Security vulnerabilities inherent to networking infrastructure and specific operating systems. Graduates will have the foundation skills for system specific follow-on training. Course Overview: The course content will include the following in accordance with approved reference manuals: UNIT 1: INTRODUCTION TO INFORMATION ASSURANCE UNIT 2: ADVANCE TCP/IP UNIT 3: SECURITY FUNDAMENTALS UNIT 4: NETWORK DISCOVERY UNIT 5: FIREWALL UNIT 6: INTRUSION DETECTION SYSTEM UNIT 7: NETWORK DEVICE SECURITY UNIT 8: WINDOWS SECURITY UNIT 9: LINUX UNIT 10: WEB SERVER/NETWORK APPLICATION SECURITY UNIT 11: DESKTOP APPLICATION SECURITY UNIT 12: CRYPTOGRAPHY UNIT 13: CONFIGURING AND DEPLOYING VPNs UNIT 14: ADMINISTRATION UNIT 15: VULNERABILITY MANAGEMENT Course Length: 1. 30 Instruction Days 2. 42 Calendar Days 3 TRAINEE DATA Prerequisites: Source Rating: USMC – 4066/2651 USAF – 1N6 USA – 74B GS Equivalent NO FOREIGN STUDENTS AUTHORIZED Hold NEC: 2735 (JNETCORE) or 9302 (SYSADMIN) Paygrade: E5-E7 Navy Rate: CTM ET(SS) FT IT STS Security Clearances: No security clearance is required for entry into the Network Security Vulnerability Course. Personnel Physical Requirements: There are no special physical requirements for the Network Security Vulnerability Course. Obligated Service: 12 months per the Enlisted Transfer Manual. NOBC/NEC EARNED: 1. Navy – 2780 4 CURRICULUM OUTLINE OF INSTRUCTION UNIT 1: INTRODUCTION TO INFORMATION ASSURANCE Lesson Topic 1.1 Why Is Information Assurance Necessary Lesson Topic 1.2 Information Assurance Basics (ICW 1.1) Lesson Topic 1.3 Information Assurance Goals (ICW 1.2) Lesson Topic 1.4 Information Operations and Information Assurance Roles (ICW 1.3) Lesson Topic 1.5 Information Assurance Functional Roles (ICW 1.5) Lesson Topic 1.6 Global Information Grid (ICW 2.2) Lesson Topic 1.7 Network Protocols and Their Security Features (ICW 6.2) Lesson Topic 1.8 Networks and Their Impact On Security (ICW 6.3) UNIT 2: ADVANCE TCP/IP Lesson Topic 2.1 Introduction To Open Systems Interconnect (OSI) And Transmission Control Protocol/Internet Protocol (TCP/IP) (ICW 6.1) Lesson Topic 2.2 TCP/IP Concepts Lesson Topic 2.3 TCP/IP Protocols Lesson Topic 2.4 IP Addressing Lesson Topic 2.5 IPV6 Lesson Topic 2.6 Network Concepts Lesson Topic 2.7 Wireshark Lesson Topic 2.8 Analyzing Protocols UNIT 3: SECURITY FUNDAMENTALS Lesson Topic 3.1 Computer Network Defense (ICW 2.1) Lesson Topic 3.2 Threats and Vulnerabilities (ICW 4.1) Lesson Topic 3.3 Workstation and Portable Media (ICW 4.2) Lesson Topic 3.4 Application and System Vulnerabilities and Threats (ICW 4.3) Lesson Topic 3.5 Organizational Policies and Resource Security (ICW 8.2) Lesson Topic 3.6 Security and Networking Technologies Lesson Topic 3.7 Malware Lesson Topic 3.8 Attacks Lesson Topic 3.9 Physical Security (ICW 6.5) UNIT 4: NETWORK DISCOVERY Lesson Topic 4.1 Reconnaissance Lesson Topic 4.2 Mapping Lesson Topic 4.3 Scanning Lesson Topic 4.4 Enumeration Lesson Topic 4.5 Drafting Network Status Reports (ICW 7.3) UNIT 5: FIREWALL Lesson Topic 5.1 Introduction to Firewalls/Proxy Servers (ICW 11.1) Lesson Topic 5.2 Firewall Concepts Lesson Topic 5.3 Firewall Policies Lesson Topic 5.4 Rule Sets Lesson Topic 5.5 Proxies Lesson Topic 5.6 Honeypots Lesson Topic 5.7 Install and Configure ISA Server Lesson Topic 5.8 Configure LINUX Firewall Lesson Topic 5.9 Configure Windows XP Firewall Lesson Topic 5.10 Firewall Security Assessment 5 UNIT 6: INTRUSION DETECTION SYSTEM Lesson Topic 6.1 Introduction to the Installation and Configuration of Intrusion Detection Systems (IDS) Software (ICW 13.1) Lesson Topic 6.2 Introduction to Intrusion Detection Systems Lesson Topic 6.3 Intrusion Detection System Technologies Lesson Topic 6.4 Why IDS’s are Important Lesson Topic 6.5 Intrusion Detection System Limitations Lesson Topic 6.6 Installing and Configuring The SNORT IDS Lesson Topic 6.7 IDS Traffic Analysis UNIT 7: NETWORK DEVICE SECURITY Lesson Topic 7.1. Routers and Switches Operations (ICW 12.1) Lesson Topic 7.2 Routing Principles Lesson Topic 7.3 Removing Protocols and Services Lesson Topic 7.4 Creating and Implementing Access Control Lists Lesson Topic 7.5 Logging Lesson Topic 7.6 Securing Network Devices Lesson Topic 7.7 Router Security Assessments UNIT 8: WINDOWS SECURITY Lesson Topic 8.1 Windows Authentication Lesson Topic 8.2 Auditing Lesson Topic 8.3 Active Directory Security Lesson Topic 8.4 Server and Client Security Lesson Topic 8.5 Securing Windows Lesson Topic 8.6 Windows System Security Assessment UNIT 9: LINUX Lesson Topic 9.1 LINUX History and Installation Lesson Topic 9.2 LINUX Structure Lesson Topic 9.3 VI Text Editor Lesson Topic 9.4 Users, Groups, Passwords and Authentication Lesson Topic 9.5 Files, Directories, Permissions and Ownership Lesson Topic 9.6 Viewing System Information Lesson Topic 9.7 Using Samba Lesson Topic 9.8 Using LINUX Superdaemons Lesson Topic 9.9 Securing Network Services Lesson Topic 9.10 LINUX System Security Assessment UNIT 10: WEB SERVER/NETWORK APPLICATION SECURITY Lesson Topic 10.1 Securing Web Servers Lesson Topic 10.2 Web Server Security Assessment Lesson Topic 10.3 Introduction to Database Vulnerabilities (ICW 15.1) Lesson Topic 10.4 Securing Database Management Systems Lesson Topic 10.5 Securing DNS Servers Lesson Topic 10.6 Securing Exchange Servers UNIT 11: DESKTOP APPLICATION SECURITY Lesson Topic 11.1 Desktop Application Security Lesson Topic 11.2 Anti-Spyware and Anti-Virus Software Lesson Topic 11.3 Web Browsers Lesson Topic 11.4 E-Mail Clients 6 Lesson Topic 11.5 Conducting Office Automation Suite Checks Lesson Topic 11.6 Securing Remote Access Devices Lesson Topic 11.7 Desktop Application Security Assessment UNIT 12: CRYPTOGRAPHY Lesson Topic 12.1 Encryption and Public Key Infrastructure (PKI) (ICW 5.1) Lesson Topic 12.2 Introduction to Cryptography UNIT 13: CONFIGURING AND DEPLOYING VPNs Lesson Topic 13.1 Remote Access Lesson Topic 13.2 Virtual Private Networks Lesson Topic 13.3 Internet Protocol Security UNIT 14: ADMINISTRATION Lesson Topic 14.1 Contingency Planning Lesson Topic 14.2 Risk Management and Analysis Lesson Topic 14.3 Information Operations Conditions (INFOCON) (ICW 2.4) Lesson Topic 14.4 Software Lesson Topic 14.5 Information Transfer and Accounting Procedures Lesson Topic 14.6 Information Storage Media Lesson Topic 14.7 Clearing, Sanitizing, and Releasing Computer Components Lesson Topic 14.8 Incident Response and Handling Lesson Topic 14.9 Disaster Recovery and Restoration (ICW 18.1) Lesson Topic 14.10 Network Monitoring Lesson Topic 14.11 Audit Trail Requirements Lesson Topic 14.12 TEMPEST Lesson Topic 14.13 Security Considerations for New and Modified Implementations (ICW 3.4) Lesson Topic 14.14 Configuration Management Lesson Topic 14.15 Information System Establishment, Evaluation, and Certification (ICW 1.4) Lesson Topic 14.16 Multi-Level Security (ICW 2.3) Lesson Topic 14.17 Planned and Unplanned Outages (ICW 3.1) Lesson Topic 14.18 Information Systems Security (ICW 6.4) Lesson Topic 14.19 Cross-Connected Equipment (ICW 6.6) Lesson Topic 14.20 Resource Custodian Functions (ICW 7.4) Lesson Topic 14.21 Public Law (ICW 8.1) Lesson Topic 14.22 Monitoring (ICW 9.1) Lesson Topic 14.23 Navy Computer Incident Response Team (ICW 10.2) Lesson Topic 14.24 Administrative Policy and Compliancy (ICW 10.3) Lesson Topic 14.25 Computer Security Awareness Training (ICW 14.1) UNIT 15: VULNERABILITY MANAGEMENT Lesson Topic 15.1 IAVM Compliance Lesson Topic 15.2 Security Testing and Vulnerability Assessment Lesson Topic 15.3 Reporting Requirements (ICW 7.1) Lesson Topic 15.4 Security Reports for the ISSM (ICW 7.2) Lesson Topic 15.5 Network Assessments (ICW 9.2) Lesson Topic 15.6 Information Assurance Vulnerability Alerts and Bulletins (IAVA/IAVB) (ICW 10.1) Lesson Topic 15.7 Security Incidents and Reporting (ICW 17.1) 7 ANNEX A RESOURCE REQUIREMENTS 1. Reference List: Military Documentation Open Source Software (OSS) in Department of Defense (DoD) Information Technology Standards Guidance (ITSG) Version 99-1 Defense in Depth: Information Assurance (IA) and Computer Network Defense (CND) Protecting Sensitive Compartmented Information Active Directory Security Technical Implementation Guide Database Security Technical Implementation Guide Desktop Application Security Technical Implementation Guide Desktop Application Security Technical Implementation Guide Domain Name System Security Technical Implementation Guide Gold Disk Users Guide Basic Operations Mobile and Wireless Device Addendum Security Technical Implementation Guide NSA Windows XP Security Technical Implementation Guide Secure Remote Computing Security Technical Implementation Guide UNIX Security Technical Implementation Guide Web Server Security Technical Implementation Guide Windows 2000/XP/2003/Vista Addendum Public Key Infrastructure (PKI) and Public Key (PK) Enabling Use of Mobile Code Technologies in DoD Information Systems Joint DoDIIS/Cryptologic SCI Information Systems Security Standards Security Requirements for Cryptographic Modules Standards for Security Categorization of Federal Information and Information Systems Continuity of Operations (COOP) Policy and Planning Information Assurance An Introduction to Computer Security Computer Security Incident Handling Guide Guidance for Securing Microsoft Windows XP Systems for IT Professionals Guide for the Security Certification & Accreditation of Federal Information Systems Guide to Computer Security Log Management Guide to IPsec VPNs Guide to Malware Incident Prevention and Handling Guideline for Implementing Cryptography in the Federal Government Guideline on Network Security Testing Guidelines on Firewalls and Firewall Policy Information Security Handbook: A Guide for Managers Intrusion Detection Systems Recommendation for Key Management Recommendations for Pair-Wise Key Establishment Schemes Risk Management Guide for Information Technology Systems Guide to the Secure Configuration & Administration of Microsoft Exchange 2000 Information Assurance Technical Framework (IATF) Release 3.1 A-1 CIO DOD Memo dtd 28 May 2003 CIO DON April 1999 CJCSM 6510.01 DCID 6/3 DISA 10MAR06 DISA 30NOV05 DISA 09MAR07 DISA 09MAR07 DISA 31AUG06 DISA July 2007 DISA 31OCT05 DISA 23FEB04 DISA 10AUG05 DISA 04APR06 DISA 11DEC06 DISA 21MAY07 DODI 8520.2 DODI 8552.01 31MAR01 FIPS 140-2 FIPS Pub 199 DODD 3020.26 DODD 8500.1E NIST SP 800-12 NIST SP 800-61 NIST SP 800-68 NIST SP 800-37 NIST SP 800-92 NIST SP 800-77 NIST SP 800-83 NIST SP 800-2l NIST SP 800-42 NIST SP 800-41 NIST SP 800-100 NIST SP 800-31 NIST SP 800-57 NIST SP 800-56 NIST SP 800-30 NSA I33-003-2005 NSA September 2002 Router Security Configuration Guide Special Incident Reporting Procedures Fleet Information Assurance Toolkit User Guide V 1.1 NSA C4-040R-02 OPNAVINST 3100.6H SPAWAR 2004 Corporate Documentation Retina Network Security Scanner Users Manual Ethereal User’s Guide NETBUS Pro v2.0 CISSP All in One CISSP Prep Guide: Gold Edition CISSP Training Guide Computer Security Basics Deploying IPV6 Networks Enterprise Security: The Manager’s Defense Guide Essential SNMP eEye Digital Security 2006-2007 Ethereal 18189 Internet White pages ISBN 978-0072257120 ISBN 978-0471268024 ISBN 978-0789728012 ISBN 978-0596006693 ISBN 978-1587052101 ISBN 978-0201719727 ISBN 978-0596008406 Firewalls: A Complete Guide Hacker’s Handbook Hacking Exposed Web Applications Hacking Exposed How Personal and Internet Security Work Identity Theft Information Security Management Handbook 2006 Inside Network Perimeter Security Internet Core Protocols: The Definitive Guide Internetworking Technologies Handbook ISBN 978-0071356398 ISBN 978-0849308888 ISBN 978-0072262995 ISBN 978-0072260816 ISBN 978-0789735539 ISBN 978-0130082756 ISBN 978-0849385858 ISBN 978-0672327377 ISBN 978-1565925724 ISBN 978-1587051197 Intrusion Detection Systems with SNORT LINUX + Study Guide Malware: Fighting Malicious Code MCSA/MCSE Self-Paced Training Kit: Implementing and Administering Security in a Microsoft Windows 2003 Network Network Security Assessment: Know Your Network Real 802.11 Security: Wi-Fi Protected Access and 80211i Red Hat Fedora Core 6 Unleashed Security Warrior Security+ Certification Training Kit Snort 2.0 Intrusion Detection ISBN 978-0131407336 ISBN 978-0782143898 ISBN 978-0536915030 TCP/IP First Step Introduction to IP Version 6 ISA Server 2004 Security Hardening Guide Setting up IPsec Domain and Server Isolation in a Test Lab Threats and Countermeasures Guide Windows Server 2003 Security Guide Windows XP Security Guide Information Systems Security Assessment Framework (ISSAF) Red Hat Enterprise Linux 4: Security Guide Converting Network Protocol Addresses to 48 Bit Ethernet Address Internet Control Message Protocol ISBN 978-1587201080 Microsoft 2007 Microsoft 2004 Microsoft 2005 Microsoft 2005 Microsoft 2006 Microsoft 2006 OISSG Draft 0.2 Red Hat, Inc 2005 RFC 826 RFC 792 Internet Protocol Transmission Control Protocol User Datagram Protocol RFC 791 RFC 793 RFC 768 A-2 ISBN 978-0735620612 ISBN 978-0596510305 ISBN 978-0321136206 ISBN 978-0672329296 ISBN 978-0596005450 ISBN 978-0735618220 ISBN 978-1931836746 Wireshark User’s Guide Wireshark 23040 2. Visual Information PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint NSVT Topic 1.1 Why Is Information Assurance Necessary NSVT Topic 2.2 TCP/IP Concepts NSVT Topic 2.3 TCP/IP NSVT Topic 2.4 IP Addressing NSVT Topic 2.5 IPV6 NSVT Topic 2.6 Network Connections NSVT Topic 2.7 Wireshark NSVT Topic 2.8 Analyzing Protocols NSVT Topic 3.6 Security and Networking Technologies NSVT Topic 3.7.2 Malware PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint NSVT Topic 3.7.3 Mobile Code NSVT Topic 3.7.4 NETBUS Pro NSVT Topic 3.8 Attacks NSVT Topic 4.1 Reconnaissance NSVT Topic 4.2 Mapping NSVT Topic 4.3 Scanning NSVT Topic 4.4 Enumeration NSVT Topic 5.2 Firewall Concepts NSVT Topic 5.3 Firewall Policies NSVT Topic 5.4 Rule Sets PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint NSVT Topic 5.5 Proxies NSVT Topic 5.6 Honeypots NSVT Topic 5.7 Install and Configure ISA Server NSVT Topic 5.8 Configure the LINUX Firewall NSVT Topic 5.9 Configure the Windows XP Firewall NSVT Topic 6.2 Introduction to Intrusion Detection Systems NSVT Topic 6.3 Intrusion Detection System Technologies NSVT Topic 6.4 Why IDS’s are Important NSVT Topic 6.5 Intrusion Detection System Limitations NSVT Topic 6.6 Installing and Configuring the SNORT IDS PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint NSVT Topic 6.7 IDS Traffic Analysis NSVT Topic 7.2 Routing Principles NSVT Topic 7.3 Removing Protocols and Services NSVT Topic 7.4 Creating and Implementing Access Control Lists NSVT Topic 7.5 Logging NSVT Topic 7.6 Securing Network Devices NSVT Topic 7.7 Router Security Assessments NSVT Topic 8.1 Windows Authentication NSVT Topic 8.2 Auditing NSVT Topic 8.3 Active Directory Security PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint NSVT Topic 8.4.2 Using Security Templates and Security Configuration Wizard NSVT Topic 8.4.7 Implementing a Secure Server Baseline NSVT Topic 8.4.10 Securing a Client Computer NSVT Topic 8.4.12 Managing Software Updates NSVT Topic 8.5 Securing Windows NSVT Topic 8.6 Windows System Security Assessment NSVT Topic 9.1 LINUX History and Installation NSVT Topic 9.2 LINUX Structure A-3 PowerPoint PowerPoint NSVT Topic 9.3.2 VI NSVT Topic 9.3.3 VI Quick Reference PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint NSVT Topic 9.4 Users, Groups, Passwords and Authentication NSVT Topic 9.5 Files, Directories, Permissions and Ownership NSVT Topic 9.6 Viewing System Information NSVT Topic 9.7 Using Samba NSVT Topic 9.8 Using LINUX Superdaemons NSVT Topic 9.9 Securing Network Services NSVT Topic 9.10 LINUX System Security Assessment NSVT Topic 10.1 Securing Web Servers NSVT Topic 10.2 Web Server Security Assessment NSVT Topic 10.4 Securing Database Management Systems PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint NSVT Topic 10.5 Securing DNS Servers NSVT Topic 10.6 Securing Exchange NSVT Topic 11.1 Desktop Application Security NSVT Topic 11.2 Anti-Spyware & Anti-Virus Programs NSVT Topic 11.3 Web Browsers NSVT Topic 11.4 E-Mail Clients NSVT Topic 11.5 Office Automation Suites NSVT Topic 11.6 Securing Remote and Mobile Access Devices NSVT Topic 12.2 Introduction to Cryptography NSVT Topic 13.1 Remote Access PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint NSVT Topic 13.2 VPN Fundamentals NSVT Topic 13.3 Internet Protocol Security NSVT Topic 14.1 Contingency and Continuity Planning NSVT Topic 14.2 Risk Management NSVT Topic 14.4 Software NSVT Topic 14.5 Information Transfer and Accounting Procedures NSVT Topic 14.6 Information Storage Media NSVT Topic 14.7 Clearing, Sanitizing, and Releasing Computer Components NSVT Topic 14.8 Incident Response and Reporting NSVT Topic 14.10 Network Monitoring PowerPoint PowerPoint PowerPoint PowerPoint PowerPoint NSVT Topic 14.11 Audit Trail Requirements NSVT Topic 14.12 Tempest Compliance NSVT Topic 14.14 Configuration Management NSVT Topic 15.1 Information Assurance Vulnerability Management Program NSVT Topic 15.2 Security Testing and Vulnerability Assessment 3. Interactive Multimedia Instruction ICW 1.1 ICW 1.2 ICW 1.3 ICW 1.4 ICW 1.5 ICW 2.1 ICW 2.2 ICW 2.3 ICW 2.4 ICW 3.1 Information Assurance Basics Information Assurance Goals Information Operations and Information Assurance Roles Information System Establishment, Evaluation, and Certification Information Assurance Functional Roles Computer Network Defense Global Information Grid Multi-Level Security Information Operations Conditions (INFOCON) Planned and Unplanned Outages ICW 3.4 Security Considerations for New and Modified Implementations A-4 ICW 4.1 ICW 4.2 ICW 4.3 ICW 5.1 ICW 6.1 Threats and Vulnerabilities Workstation and Portable Media Application and System Vulnerabilities and Threats Encryption and Public Key Infrastructure (PKI) Introduction To Open Systems Interconnect (OSI) And Transmission Control Protocol/Internet Protocol (TCP/IP) ICW 6.2 Network Protocols and Their Security Features ICW 6.3 Networks and Their Impact On Security ICW 6.4 Information Systems Security ICW 6.5 Physical Security ICW 6.6 ICW 7.1 ICW 7.2 ICW 7.3 ICW 7.4 ICW 8.1 ICW 8.2 ICW 9.1 ICW 9.2 ICW 10.1 Cross-Connected Equipment Reporting Requirements Security Reports for the ISSM Drafting Network Status Reports Resource Custodian Functions Public Law Organizational Policies and Resource Security Monitoring Network Assessments Information Assurance Vulnerability Alerts and Bulletins (IAVA/IAVB) ICW 10.2 ICW 10.3 ICW 11.1 ICW 12.1 ICW 13.1 Navy Computer Incident Response Team Administrative Policy and Compliancy Introduction to Firewalls/Proxy Servers Routers and Switches Operations Introduction to the Installation And Configuration of Intrusion Detection Systems (IDS) Software Computer Security Awareness Training Introduction to Database Vulnerabilities Security Incidents and Reporting Disaster Recovery and Restoration ICW 14.1 ICW 15.1 ICW 17.1 ICW 18.1 4. Websites About.com: Antivirus Software Alta Vista Business Week Canada English CERT Coordination Center Cisco Common Vulnerabilities and Exposures Defense Technical Information Center Department of the Navy Issuances DoD Network Information Center http://antivirus.about.com http://www.altavista.com http://www.businessweek.com http://www.cai.com http://www.cert.org http://www.cisco.com http://cve.mitre.org http://www.dtic.mil http://doni.daps.dla.mil http://www.nic.mil Excite Federal Trade Commission Federation of American Scientists Forbes F-Secure Internet Security Google Information Assurance Support Environment Information Assurance Support Environment Insecure.org http://www.excite.com http://www.ftc.gov http://fas.org http://www.forbes.com http://www.f-secure.com http://www.google.com http://iase.disa.mil https://iase.disa.mil/ http://www.insecure.org A-5 Internet Assigned Numbers Authority http://www.iana.org Internet Corporation for Assigned Names and Numbers Internet Engineering Task Force L0pht Heavy Industries Logical Security Lycos McGraw-Hill Osbourne Microsoft Microsoft TechNet NASDAQ National Institute of Standards & Technology, Computer Security Division, Computer Security Resource Center http://www.internic.net http://www.ietf.org http://www.lopht.com http://www.logicalsecurity.com http://www.lycos.com http://www.osborne.com http://www.microsoft.com http://technet.microsoft.com http://www.nasdaq.com National Security Agency, Central Security Service National Vulnerability Database Navy Cyber Defense Operations Command Navy Information Assurance Website Navy Information Operations Command Norfolk NetStumbler.com Network Tools On Line People Finders Open Information Systems Security Group Open Source Initiative http://niap.nist.gov http://icat.nist.gov https://www.ncdoc.navy.mil https://infosec.navy.mil https://www.nioc-norfolk.navy.mil http://www.netstumbler.com http://www.nwtools.com https://www.onlinepeoplefinders.com http://www.oissg.org http://www.opensource.org Openwall Project Packet Storm Panda Security Requests for Comments Editor RIPE network Coordination Centre SANS Institute SANS Internet Storm Center Security Focus Snort Sophos Security http://www.openwall.com http://packetstormsecurity.org http://www.pandasoftware.com http://www.rfc-editor.org. http://www.ripe.net http://www.sans.org http://isc.sans.org http://www.securityfocus.com http://www.snort.org http://www.sophos.com Symantec U.S. Department of Defense Official Website United States Strategic Command Viruslist Internet Security Wireshark Media http://www.symantec.com http://www.defenselink.mil http://www.stratcom.mil http://www.viruslist.com http://www.wireshark.org A-6 http://csrc.nist.gov ANNEX B NETWORK SECURITY VULNERABILITY TECHNICIAN MASTER SCHEDULE SUMMARY SHEET Date: 27 Sep 07 ACTIVITY: Center for Information Dominance (CID) A. COURSE DATA Course Short Title / Type Training: NSVT / C1 Course Identification Number (CIN): A-531-0022A Course Data Processing Code (CDP) by Site: 654G CID LS Norfolk, Virginia 633T CID LS San Diego, California 588N CID LS Kings Bay, Georgia 588P CID LS Groton, Connecticut 659J CID LS Bangor, Washington 04LH CID LS Yokosuka, Japan Instructional Periods per Week: 40 B. Maximum Class Size: 16 CURRICULUM MASTER SCHEDULE SUMMARY: Bottleneck S:I Ratios Periods Periods Curriculum Hours 8:1 66 66 16:1 135 135 24:1 39 (16:1) 39 Total Periods: 240 Total Hours: 240 Ratio justifications: 8:1 Class size limited to eight for student assistance requirements during lab periods. 16:1 Class size is an optimum number per instructor for advance technical training. 24:1 Class size is limited to 16:1 due to maximum class size, classroom and equipment limitations. C. COURSE MASTER SCHEDULE CERTIFICATION CERTIFIED CURRENT: COMMAND/SIGNATURE/TITLE DATE CCMM APPROVAL: COMMAND/SIGNATURE/TITLE DATE CCA APPROVAL: COMMAND/SIGNATURE/TITLE DATE CNET APPROVAL / DISAPPROVAL: CNET/SIGNATURE/TITLE DATE B-1 NSVT COURSE MASTER SCHEDULE WEEK 1 DAY 1 Topic No. Type Period Topic Title 1-1 1-2 1-3 1-4 1-5 1-6 Special Special Class CBT CBT CBT CBT CBT 1 2 3 4 5 6 7 8 DAY 2 1-7 1-8 2-1 2-2 2-3 2-4 2-4 2-4 CBT CBT CBT Class Class Class Class Class DAY 3 2-4 2-4 2-5 2-5 2-5 2-5 2-5 2-5 2-6 2-7 2-7 2-7 2-7 Ratio Introduction to Training Facility / IA Training Program Introduction to Training Facility / IA Training Program Why is Information Assurance Necessary Information Assurance Basics Information Assurance Goals Information Operations and Information Assurance Roles Information Assurance Functional Roles Global Information Grid Period Length 60 60 60 60 60 60 60 60 9 10 11 12 13 14 15 16 Network Protocols and Their Security Features Networks and Their Impact on Security Introduction to the OSI and TCP/IP models TCP/IP Concepts TCP/IP Protocols IP Addressing IP Addressing IP Addressing 60 60 60 60 60 60 60 60 24:1 24:1 24:1 16:1 16:1 16:1 16:1 16:1 Lab Lab Class Lab Lab Lab Lab Lab Class Class Lab Lab Lab 17 17 18 19 20 20 21 21 22 23 23 24 24 Layering and Address Conversion Routers and Subnetting Fundamentals of IPV6 Installing IPV6 Getting Another 6-Over-4 Address Interface Initialization Using the IPSec6 Command Using the Ping6 Command Network Connections Wireshark Using Wireshark Analyzing the Three Way Handshake Analyzing the Session Teardown Process 30 30 60 60 30 30 30 30 60 30 30 30 30 8:1 8:1 16:1 8:1 8:1 8:1 8:1 8:1 16:1 16:1 8:1 8:1 8:1 DAY 4 2-8 2-8 2-8 2-8 2-8 2-8 2-8 2-8 2-8 Topic No. Class Class Lab Class Lab Class Lab Class Lab Type 25 26 27 27 28 28 29 29 30 Period Capturing and Identifying IP Datagrams Capturing and Identifying IP Datagrams Capturing and Identifying IP Datagrams Capturing and Identifying ICMP Messages Capturing and Identifying ICMP Messages Capturing and Identifying TCP Headers Capturing and Identifying TCP Headers Capturing and Identifying UDP Headers Capturing and Identifying UDP Headers Topic Title 16:1 16:1 8:1 16:1 8:1 16:1 8:1 16:1 8:1 Ratio 2-8 2-8 Class Lab 30 31 Analyzing Packet Fragmentation Analyzing Packet Fragmentation 60 60 30 30 30 30 30 30 30 Period Length 30 30 B-2 16:1 16:1 16:1 24:1 24:1 24:1 24:1 24:1 16:1 8:1 Bottleneck Ratio 16:1 16:1 16:1 16:1 16:1 16:1 16:1 16:1 Bottleneck Ratio 2-8 2-8 2-8 Lab Lab Lab 31 32 32 Performing a Complete ICMP Session Analysis Performing a Complete FTP Session Analysis Capturing and Identifying IPv6 Traffic 30 30 30 8:1 8:1 8:1 DAY 5 3-1 3-2 3-3 3-4 3-5 3-6 3-6 3-6 CBT CBT CBT CBT CBT Class Class Class 33 34 35 36 37 38 39 40 Computer Network Defense Threats and Vulnerabilities Workstation and Portable Media Application and System Vulnerabilities and Threats Organizational Policies and Resource Security Security and Networking Technologies Security and Networking Technologies Security and Networking Technologies 60 60 60 60 60 60 60 60 24:1 24:1 24:1 24:1 24:1 16:1 16:1 16:1 WEEK 2 DAY 1 3-7 3-7 3-7 3-7 3-7 3-8 3-8 3-8 3-9 Class Class Class Class Lab Class Class Class CBT 41 42 43 44 44 45 46 47 48 Malware Malware Mobile Code NetBUS Pro NetBUS Pro Attacks Attacks Attacks Physical Security 60 60 60 30 30 60 60 60 60 16:1 16:1 16:1 16:1 8:1 16:1 16:1 16:1 24:1 Special Special Special Special Class Lab Class Lab Lab 49 50 51 52 53 54 55 56 56 Review and Summary Review and Summary Test Units 1-3 Test Units 1-3 Reconnaissance Reconnaissance Mapping Installing Retina Discovery Scan Using Retina 60 60 60 60 60 60 60 30 30 16:1 16:1 16:1 16:1 16:1 8:1 16:1 8:1 8:1 Lab Lab Class Class Class Lab Lab Class Class Lab Lab 57 57 58 59 60 61 61 62 63 64 64 FScan Using NMap Scanning Scanning FPort FPort Using SuperScan Enumeration Enumeration Audit Scan Using Retina Using Nessus for Running Vulnerability Scanning 30 30 60 60 60 30 30 60 60 30 30 8:1 8:1 16:1 16:1 16:1 8:1 8:1 16:1 16:1 8:1 8:1 Type Period Topic Title Ratio CBT CBT Class Class 65 66 67 68 Drafting Network Status Reports Introduction to Firewalls/Proxy Servers Firewall Concepts Firewall Policies Period Length 60 60 60 60 16:1 16:1 16:1 16:1 16:1 16:1 DAY 2 4-1 4-1 4-2 4-2 4-2 DAY 3 4-2 4-2 4-3 4-3 4-3 4-3 4-3 4-4 4-4 4-4 4-4 DAY 4 Topic No. 4-5 5-1 5-2 5-3 B-3 24:1 24:1 16:1 16:1 Bottleneck Ratio 16:1 16:1 5-3 5-4 5-4 5-4 5-5 5-6 Lab Class Class Lab Class Class 69 69 70 70 71 72 Firewall Policies Rule Sets Rule Sets Rule Sets Proxies Honeypots 30 30 30 30 60 60 8:1 16:1 16:1 8:1 16:1 16:1 DAY 5 5-7 5-7 5-7 5-7 5-7 5-7 Class Lab Lab Lab Lab Lab 73 74 75 76 76 77 60 60 60 30 30 60 16:1 8:1 8:1 8:1 8:1 8:1 5-7 Lab 78 60 8:1 5-8 5-8 5-9 Class Lab Class 79 80 80 Install and Configure ISA Server Install ISA Server and ISA Client Configure ISA Server Viewing the System Policy Creating Rules Control Access to a Published Web and FTP Server on the Perimeter Network Control Access to a Published Web and FTP Server on the Perimeter Network Configure Linux Firewall Configure Linux Firewall Configure Windows XP Firewall 60 30 30 16:1 8:1 16:1 WEEK 3 DAY 1 5-9 5-9 5-10 6-1 Class Lab Class CBT 81 81 82 83 30 30 60 60 16:1 8:1 16:1 24:1 6-2 6-3 6-4 6-5 6-6 Class Class Class Class Class 84 85 86 87 88 Configure Windows XP Firewall Configure Windows XP Firewall Firewall Security Assessments Introduction to the Installation and Configuration of IDS Software Introduction to Intrusion Detection Systems Intrusion Detection System Technologies Why IDS’s are Important Intrusion Detection System Limitations Installing and Configuring the Snort IDS 60 60 60 60 60 16:1 16:1 16:1 16:1 16:1 Lab Lab Lab Lab Lab Class Class Lab Lab Lab Special Special 89 90 91 91 92 92 93 93 94 94 95 96 Installing Snort on Windows Platforms Capturing Packet Data Creating a Simple Rule Set Logging wth Snort Testing the Rule Set IDS Traffic Analysis IDS Traffic Analysis Analyzing FTP Signatures Analyzing FTP Signatures Analyzing a Trojan Scan Review and Summary Review and Summary 60 60 30 30 30 30 30 30 30 30 60 60 8:1 8:1 8:1 8:1 8:1 16:1 16:1 8:1 8:1 8:1 16:1 16:1 Type Period Topic Title Period Length Ratio Special Special CBT Class Class 97 98 99 100 101 Test Units 4-6 Test Units 4-6 Routers and Switches Operations Router Security Principles Removing Protocols and Services 60 60 60 60 60 16:1 16:1 24:1 16:1 8:1 DAY 2 6-6 6-6 6-6 6-6 6-6 6-7 6-7 6-7 6-7 6-7 Topic No. 16:1 Bottleneck Ratio DAY 3 7-1 7-2 7-3 B-4 16:1 7-3 7-3 7-4 7-4 Lab Lab Class Lab 102 102 103 104 Removing Un-Needed Services Turning Off CDP Creating and Implementing Access Control Lists Creating Access Control Lists 30 30 60 60 8:1 8:1 16:1 8:1 DAY 4 7-5 7-5 7-5 7-6 7-6 7-6 7-7 7-7 8-1 Class Lab Lab Class Class Lab Class Lab Class 105 106 106 107 108 109 110 111 112 Logging Configuring Anti-Spoofing Logging Configuring Buffered Logging Securing Network Devices Securing Network Devices Securing Network Devices Router Security Assessment Router Security Assessment Windows Authentication 60 30 30 60 60 60 60 60 60 16:1 8:1 8:1 16:1 16:1 8:1 16:1 8:1 16:1 DAY 5 8-1 8-2 8-2 8-3 8-4 Lab Class Lab Class Class 113 114 115 116 117 60 60 60 60 60 8:1 16:1 8:1 16:1 16:1 8-4 8-4 8-4 Lab Lab Lab 118 118 119 30 30 30 8:1 8:1 8:1 8-4 8-4 Lab Class 119 120 Configuring Secure Authentication Auditing Auditing Active Directory Security Using Security Templates and Security Configuration Wizard Installing SCW Create a Role-Based OU Hierarchy Manually Add Security Groups to the User Rights Assignments Use Group Policy to Deploy Templates Implementing a Secure Server Baseline 30 60 8:1 16:1 WEEK 4 DAY 1 8-4 8-4 Lab Lab 121 122 60 60 8:1 8:1 8-4 8-4 8-4 8-5 8-5 8-5 8-5 8-5 Class Lab Class Class Lab Lab Lab Lab 123 124 124 125 126 127 128 128 Move Database Log Files in Active Directory Use the SCW to Configure Security for Domain Controllers Securing a Client Computer Create a Client Computer Template Managing Software Updates Securing Windows Launching Gold Disk Software Version 2.0 Asset Evaluation Asset Remediation Editing Asset Information 60 30 30 60 60 60 30 30 16:1 8:1 16:1 16:1 8:1 8:1 8:1 8:1 DAY 2 8-6 Topic No. Class Type 129 Period Windows System Security Assessment Topic Title 16:1 Ratio 8-6 9-1 9-2 9-2 9-3 9-3 9-4 Lab Class Class Lab Class Lab Class 130 131 132 133 134 135 136 Windows System Security Assessment LINUX History and Installation LINUX Structure Navigating in the LINUX Environment VI Text Editor Using VI Users, Groups, Passwords and Authentication 60 Period Length 60 60 60 60 60 60 60 B-5 8:1 16:1 16:1 8:1 16:1 8:1 16:1 Bottleneck Ratio DAY 3 9-4 9-4 9-4 9-5 9-5 9-5 9-5 9-5 9-6 9-6 Class Lab Lab Class Lab Lab Lab Lab Class Lab 137 138 138 139 140 140 141 142 143 144 Users, Groups, Passwords and Authentication Creating and Modifying Users and Groups Viewing the Password and Group Files Files, Directories, Permissions and Ownership File and Directory Permissions Verifying Permissions Configuring Umask Settings Installing the LINUX Webmin Tool Viewing System Information Viewing LINUX System Information 60 30 30 60 30 30 60 60 60 60 16:1 8:1 8:1 16:1 8:1 8:1 8:1 8:1 16:1 8:1 DAY 4 9-6 9-6 9-7 9-7 9-8 9-8 9-8 9-9 9-9 9-9 Lab Lab Class Lab Class Lab Lab Class Lab Lab 145 145 146 147 148 149 149 150 151 152 Viewing LINUX Log Files Using the Log File Viewer Using Samba Configuring the Samba Server Using LINUX Superdaemons Managing Telnet Using Xinetd Controlling Access With TCP Wrappers Securing Network Services Configuring an SSH Server and Client Stopping Unneeded Services 30 30 60 60 60 30 30 60 60 60 8:1 8:1 16:1 8:1 16:1 8:1 8:1 16:1 8:1 8:1 10-1 10-1 10-2 Class Special Special Special Special Class Lab Class 153 154 155 156 157 158 159 160 Linux System Security Assessment Review and Summary Review and Summary Test Units 7-9 Test Units 7-9 Securing Web Servers Securing Web Servers Web Server Security Assessment 60 60 60 60 60 60 60 60 16:1 16:1 16:1 16:1 16:1 16:1 8:1 16:1 WEEK 5 DAY 1 10-2 10-3 10-4 10-4 10-5 10-5 Topic No. Lab CBT Class Class Class Lab Type 161 162 163 164 165 166 Period Web Server Security Assessment Introduction to Database Vulnerabilities Securing Database Management Systems Securing Database Management Systems Securing DNS Servers Securing DNS Topic Title 8:1 24:1 16:1 16:1 16:1 8:1 Ratio 10-6 11-1 11-2 11-2 Class Class Class Class 166 167 168 168 Securing Exchange Desktop Application Security Anti-Spyware Programs Anti-Virus Programs 60 60 60 60 60 30 Period Length 30 60 30 30 DAY 2 11-3 11-4 11-5 11-6 Class Class Class Class 169 170 171 172 Web Browsers E-Mail Clients Office Automation Suites Securing Remote and Mobile Access Devices 60 60 60 60 16:1 16:1 16:1 16:1 DAY 5 9-10 B-6 16:1 16:1 16:1 16:1 16:1 Bottleneck Ratio 11-7 12-1 12-2 12-2 12-2 Lab CBT Class Lab Lab 173 174 175 176 176 Desktop Application Security Assessment Encryption and Public Key Infrastructure Introduction to Cryptography Viewing a Certificate Installing a Windows Server 2003 Certificate Authority 60 60 60 30 30 8:1 24:1 16:1 8:1 8:1 13-1 13-2 13-2 13-2 13-3 Special Special Special Special Class Class Lab Lab Class 177 178 179 180 181 182 183 183 184 Review and Summary Review and Summary Test Units 10-12 Test Units 10-12 Remote Access VPN Fundamentals Configure VPN Server Configure VPN Client Internet Protocol Security 60 60 60 60 60 60 30 30 60 16:1 16:1 16:1 16:1 16:1 16:1 8:1 8:1 16:1 DAY 4 13-3 13-3 13-3 Lab Lab Lab 185 185 186 30 30 30 8:1 8:1 8:1 13-3 13-3 13-3 13-3 13-3 14-1 14-1 14-2 14-3 Lab Lab Lab Lab Lab Class Lab Class CBT 186 187 187 188 188 189 190 191 192 Setting Up IPSec Domain and Server Isolation Setup and Configure IPSec Domain Isolation Policy Configuring Policy Filter Actions and Isolating Domain Filter Actions Configure IPSec Policy Assigning IPSec Policy Propagating IPSec Policy to Domain Members Testing Isolated and Non-Isolated Host Communication Configuring Group-Specific Server Isolation Contingency and Continuity Planning Backing Up and Restoring Files in Windows 2003 Risk Management Information Operations Conditions 30 30 30 30 30 60 60 60 60 8:1 8:1 8:1 8:1 8:1 16:1 8:1 16:1 24:1 DAY 5 14-4 14-5 14-6 14-7 14-8 14-9 14-10 14-11 Class Class Class Class Class CBT Class Class 193 194 195 196 197 198 199 200 Software Information Transfer and Accounting Procedures Information Storage Media Clearing, Sanitizing & Releasing Computer Components Incident Response and Reporting Disaster Recovery and Restoration Network Monitoring Audit Trail Requirements 60 60 60 60 60 60 60 60 16:1 16:1 16:1 16:1 16:1 24:1 16:1 16:1 Topic No. Type Period Topic Title Period Length Ratio WEEK 6 DAY 1 14-12 14-13 Class CBT 201 202 60 60 16:1 24:1 16:1 14-14 14-15 Class CBT 203 204 60 60 16:1 24:1 16:1 14-16 14-17 14-18 14-19 CBT CBT CBT CBT 205 206 207 208 TEMPEST Compliance Security Considerations for New and Modified Implementations Configuration Management Information System Establishment, Evaluation, and Certification Multi-Level Security Planned and Unplanned Outages Information Systems Security Cross-Connected Equipment 60 60 60 60 24:1 24:1 24:1 24:1 16:1 16:1 16:1 16:1 16:1 DAY 3 B-7 16:1 16:1 Bottleneck Ratio DAY 2 14-20 14-21 14-22 14-23 14-24 14-25 15-1 CBT CBT CBT CBT CBT CBT Class 209 210 211 212 213 214 215 15-2 Class 216 DAY 3 15-3 15-4 15-5 15-6 CBT CBT CBT CBT 217 218 219 220 CBT Special Special Special 15-7 Resource Custodian Functions Public Law Monitoring Navy Computer Incident Response Team Administrative Policy and Compliance Computer Security Awareness Training Information Assurance Vulnerability Management Program Security Testing and Vulnerability Assessment 60 60 60 60 60 60 60 24:1 24:1 24:1 24:1 24:1 24:1 16:1 16:1 16:1 16:1 16:1 16:1 16:1 60 16:1 60 60 60 60 24:1 24:1 24:1 24:1 16:1 16:1 16:1 16:1 221 222 223 224 Reporting Requirements Security Reports for the ISSM Network Assessments Information Assurance Vulnerability Alerts and Bulletins (IAVA/IAVB) Security Incidents and Reporting Review and Summary Review and Summary Review and Summary 60 60 60 60 24:1 16:1 16:1 16:1 16:1 Special Special Special Special Special Special Special Special 225 226 227 228 229 230 231 232 Test Units 13-15 Test Units 13-15 Remediation Remediation Remediation Remediation Retest Retest 60 60 60 60 60 60 60 60 16:1 16:1 16:1 16:1 16:1 16:1 16:1 16:1 Special Special Special Special Special Special Type 233 234 235 236 237 238 Period Command Out Brief Command Out Brief Graduation Command Check Out / Travel Command Check Out / Travel Command Check Out / Travel Topic Title 16:1 16:1 16:1 16:1 16:1 16:1 Ratio Special Special 239 240 Command Check Out / Travel Command Check Out / Travel 60 60 60 60 60 60 Period Length 60 60 DAY 4 DAY 5 Topic No. B-8 16:1 16:1 Bottleneck Ratio