Www.bcit.cc



TestOut Security Pro – English 5.0.xLESSON PLAN00Table of Contents TOC \o "1-1" \h \z Course Overview PAGEREF _Toc403570122 \h 4Course Introduction for Instructors PAGEREF _Toc403570123 \h 6Section 1.1: Security Overview PAGEREF _Toc403570124 \h 11Section 1.2: Using the Simulator PAGEREF _Toc403570125 \h 14Section 2.1: Access Control Models PAGEREF _Toc403570126 \h 15Section 2.2: Authentication PAGEREF _Toc403570127 \h 18Section 2.3: Authorization PAGEREF _Toc403570128 \h 21Section 2.4: Access Control Best Practices PAGEREF _Toc403570129 \h 23Section 2.5: Active Directory Overview PAGEREF _Toc403570130 \h 25Section 2.6: Windows Domain Users and Groups PAGEREF _Toc403570131 \h 26Section 2.7: Linux Users PAGEREF _Toc403570132 \h 29Section 2.8: Linux Groups PAGEREF _Toc403570133 \h 32Section 2.9: Linux User Security PAGEREF _Toc403570134 \h 34Section 2.10: Group Policy Overview PAGEREF _Toc403570135 \h 36Section 2.11: Hardening Authentication 1 PAGEREF _Toc403570136 \h 38Section 2.12: Hardening Authentication 2 PAGEREF _Toc403570137 \h 40Section 2.13: Remote Access PAGEREF _Toc403570138 \h 42Section 2.14: Network Authentication PAGEREF _Toc403570139 \h 44Section 2.15: Identity Management PAGEREF _Toc403570140 \h 46Section 3.1: Cryptography PAGEREF _Toc403570141 \h 47Section 3.2: Hashing PAGEREF _Toc403570142 \h 50Section 3.3: Symmetric Encryption PAGEREF _Toc403570143 \h 52Section 3.4: Asymmetric Encryption PAGEREF _Toc403570144 \h 54Section 3.5: Public Key Infrastructure (PKI) PAGEREF _Toc403570145 \h 56Section 3.6: Cryptographic Implementations PAGEREF _Toc403570146 \h 59Section 4.1: Security Policies PAGEREF _Toc403570147 \h 61Section 4.2: Manageable Network Plan PAGEREF _Toc403570148 \h 65Section 4.3: Business Continuity PAGEREF _Toc403570149 \h 67Section 4.4: Risk Management PAGEREF _Toc403570150 \h 69Section 4.5: Incident Response PAGEREF _Toc403570151 \h 72Section 4.6: Social Engineering PAGEREF _Toc403570152 \h 75Section 4.7: Certification and Accreditation PAGEREF _Toc403570153 \h 78Section 4.8: Development PAGEREF _Toc403570154 \h 81Section 4.9: Employee Management PAGEREF _Toc403570155 \h 83Section 4.10: Third-Party Integration PAGEREF _Toc403570156 \h 86Section 5.1: Physical Security PAGEREF _Toc403570157 \h 88Section 5.2: Hardware Security PAGEREF _Toc403570158 \h 91Section 5.3: Environmental Controls PAGEREF _Toc403570159 \h 93Section 5.4: Mobile Devices PAGEREF _Toc403570160 \h 96Section 5.5: Mobile Device Security Enforcement PAGEREF _Toc403570161 \h 99Section 5.6: Telephony PAGEREF _Toc403570162 \h 101Section 6.1: Networking Layer Protocol Review PAGEREF _Toc403570163 \h 103Section 6.2: Transport Layer Protocol Review PAGEREF _Toc403570164 \h 105Section 6.3: Perimeter Attacks 1 PAGEREF _Toc403570165 \h 108Section 6.4: Perimeter Attacks 2 PAGEREF _Toc403570166 \h 111Section 6.5: Security Appliances PAGEREF _Toc403570167 \h 113Section 6.6: Demilitarized Zones (DMZ) PAGEREF _Toc403570168 \h 116Section 6.7: Firewalls PAGEREF _Toc403570169 \h 118Section 6.8: Network Address Translation (NAT) PAGEREF _Toc403570170 \h 120Section 6.9: Virtual Private Networks (VPN) PAGEREF _Toc403570171 \h 122Section 6.10: Web Threat Protection PAGEREF _Toc403570172 \h 124Section 6.11: Network Access Control (NAC) PAGEREF _Toc403570173 \h 126Section 6.12: Wireless Overview PAGEREF _Toc403570174 \h 128Section 6.13: Wireless Attacks PAGEREF _Toc403570175 \h 130Section 6.14: Wireless Defenses PAGEREF _Toc403570176 \h 132Section 7.1: Network Devices PAGEREF _Toc403570177 \h 135Section 7.2: Network Device Vulnerabilities PAGEREF _Toc403570178 \h 136Section 7.3: Switch Attacks PAGEREF _Toc403570179 \h 138Section 7.4: Router Security PAGEREF _Toc403570180 \h 139Section 7.5: Switch Security PAGEREF _Toc403570181 \h 141Section 7.6: Intrusion Detection and Prevention PAGEREF _Toc403570182 \h 144Section 7.7: SAN Security PAGEREF _Toc403570183 \h 147Section 8.1: Malware PAGEREF _Toc403570184 \h 149Section 8.2: Password Attacks PAGEREF _Toc403570185 \h 152Section 8.3: Windows System Hardening PAGEREF _Toc403570186 \h 154Section 8.4: Hardening Enforcement PAGEREF _Toc403570187 \h 157Section 8.5: File Server Security PAGEREF _Toc403570188 \h 159Section 8.6: Linux Host Security PAGEREF _Toc403570189 \h 162Section 8.7: Static Environment Security PAGEREF _Toc403570190 \h 164Section 9.1: Web Application Attacks PAGEREF _Toc403570191 \h 166Section 9.2: Internet Browsers PAGEREF _Toc403570192 \h 169Section 9.3: E-mail PAGEREF _Toc403570193 \h 171Section 9.4: Network Applications PAGEREF _Toc403570194 \h 173Section 9.5: Virtualization PAGEREF _Toc403570195 \h 175Section 9.6: Application Development PAGEREF _Toc403570196 \h 178Section 10.1: Redundancy PAGEREF _Toc403570197 \h 181Section 10.2: Backup and Restore PAGEREF _Toc403570198 \h 184Section 10.3: File Encryption PAGEREF _Toc403570199 \h 186Section 10.4: Secure Protocols PAGEREF _Toc403570200 \h 188Section 10.5: Cloud Computing PAGEREF _Toc403570201 \h 191Section 11.1: Vulnerability Assessment PAGEREF _Toc403570202 \h 193Section 11.2: Penetration Testing PAGEREF _Toc403570203 \h 196Section 11.3: Protocol Analyzers PAGEREF _Toc403570204 \h 198Section 11.4: Log Management PAGEREF _Toc403570205 \h 200Section 11.5: Audits PAGEREF _Toc403570206 \h 203Security Pro Practice Exams PAGEREF _Toc403570207 \h 205Security+ Practice Exams PAGEREF _Toc403570208 \h 206SSCP Practice Exams PAGEREF _Toc403570209 \h 207Appendix A: Approximate Time for the Course PAGEREF _Toc403570210 \h 208Appendix B: Security Pro 2014 Changes PAGEREF _Toc403570211 \h 212Appendix C: Security Pro Objectives PAGEREF _Toc403570212 \h 217Course OverviewThis course prepares students for TestOut’s Security Pro, CompTIA’s Security+, and (ISC)2's SSCP certification exams. Module 1 – IntroductionThis module introduces the students to the challenges of protecting electronic information and using the LabSim simulator. Module 2 – Access Control and Identity ManagementIn this module students will learn concepts about controlling access to system resources. They will learn the access control models, terminology, best practices, tools, and remote and network considerations to controlling access. Module 3 – Cryptography This module teaches the students about cryptographic attacks and the tools to ensure data integrity. They will learn about hashing, symmetric and asymmetric encryption, and certificates. Methods of implementing cryptography are also presented. Module 4 – Policies, Procedures, and AwarenessThis module discusses security policies, procedures and security awareness. Students will learn security classification levels, documents, business continuity plans, risk management considerations, incident response, trusted computing, software development concerns, and management of employees. Module 5 – Physical SecurityThis module examines the fundamentals of physically securing access to facilities and computer systems, protecting a computer system with proper environmental conditions and fire-suppression systems, and securing mobile devices and telephony transmissions. Module 6 – Perimeter DefensesIn this module students will learn concepts about perimeter defenses to increase network security. Topics covered will include types of perimeter attacks, security zones and devices, configuring a DMZ, firewalls, NAT router, VPNs, protections against web threats, Network Access Protection (NAP) and security for wireless networks. Module 7 – Network DefensesThis module discusses network device vulnerabilities and defenses, providing security for a router and switch, and implementing intrusion monitoring and prevention.Module 8 – Host DefensesIn this module students will learn about the types of malware and how to protect against them, protecting against password attacks, recommendations for hardening a Windows system, configuring GPOs to enforce security, managing file system security, and procedures to increase network security of a Linux system. Module 9 – Application DefensesThis module discusses basic concepts of securing web applications from attacks, fortifying the internet browser, securing e-mail from e-mail attacks, concerns about networking software, and security considerations when using a virtual machine.Module 10 – Data DefensesThis module discusses the elements of securing data, such as, implementing redundancy through RAID, proper management of backups and restores, file encryption, implementing secure protocols, and cloud computing.Module 11 – Assessments and AuditsThis module examines tools that can be used to test and monitor the vulnerability of systems and logs that provide a system manager to track and audit a variety of events on a system. Practice ExamsIn Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. The practice exams are divided into three separate areas and will contain examples of the types of questions that a student will find on the actual exam:Security Pro Certification Practice ExamsSecurity+ Practice ExamsSSCP Practice Exams Course Introduction for Instructors This course provides students with the knowledge to become industry certified as a Security professional. This course actually meets the specifications for three different industry certification programs. It prepares the student for the following:TestOut's Security Pro certification CompTIA's Security+ certification (ISC)2's SSCP certification TestOut’s Security Pro certification is a new certification which measures not just what you know, but what you can do. The TestOut Security Pro Certification (2012 edition) measures your ability to manage security threats and harden security for computer systems. The following knowledge domains are addressed:Access Control and Identity ManagementPolicies, Procedures, and AwarenessPhysical SecurityPerimeter DefensesNetwork DefensesHost DefensesApplication DefensesData DefensesAudits and AssessmentsSecurity Pro objectives are listed in Appendix C: Security Pro pTIA’s Security+ certification is an international, vendor-neutral certification that verifies the student can apply knowledge to applying security concepts, tools and procedures to react to security incidents. Security+ Exam SY0-401(2014 edition) covers general knowledge of security concepts, threats, and tools. The following knowledge domains are addressed:Network SecurityCompliance and Operational SecurityThreats and VulnerabilitiesApplication, Data and Host SecurityAccess Control and Identity ManagementCryptographyThe objectives for CompTIA’s Security+ objectives are listed in .(ISC)2’s SSCP certification (2012 edition) ensures students have the skills to safeguard against threats and the knowledge to apply security concepts, tools, and procedures. The following knowledge domains are addressed:Access ControlSecurity Operations & AdministrationMonitoring and AnalysisRisk, Response, and RecoveryCryptographyNetworks and CommunicationsMalicious Code and AttacksThe objectives for (ISC)2 SSCP objectives are listed in ???.The section introductions in LabSim and the lesson plans list the objectives that are met for each of the exams in that section.The following icons are placed in front of lesson items in LabSim to help students quickly recognize the items in each section: = Demonstration = Exam = Lab/Simulation = Text lesson or fact sheet = VideoThe video and demonstration icons are used throughout the lesson plans to help instructors differentiate between the timing for the videos and demonstrations.In the lesson plans the Total Time for each section is calculated by adding the approximate time for each section which is calculated using the following elements:Video/demo timesApproximate time to read the text lesson (the length of each text lesson is taken into consideration)Simulations (5 minutes is assigned per simulation. This is the amount of time it would take for a knowledgeable student to complete the lab activity. Plan that the new students will take much longer than this depending upon their knowledge level and computer experience.)Questions (1 minute per question)Appendix A: Approximate Time for the Course contains all the times for each section which are totaled for the whole course.Section 1.1: Security Overview SummaryThis section provides an overview of security. Basics discussed include:Security challenges:Sophistication of attacksProliferation of attack softwareScale and velocity of attacksCommon security terms:ConfidentialityIntegrityAvailabilityNon-repudiationCIA of SecurityKey Security Components:Physical securityUsers and administratorsPoliciesRisk Management items to take into account:AssetThreatThreat agentVulnerabilityExploitTypes of threat agents:EmployeeSpyHackerSteps of attack strategies:ReconnaissanceBreachEscalate privilegesStageExploitDefense methodologies:LayeringPrinciple of least privilegeVarietyRandomnessSimplicityLecture Focus Questions: What challenges does a security professional face? What is the difference between integrity and non-repudiation? What process provides confidentiality by converting data into a form that it is unlikely to be usable by an unintended recipient? What are the three main goals of the CIA of Security? Which security expression refers to verifying that someone is who they say they are? What are key components of risk management? What are three types of threat agents? Video/DemoTime 1.1.1 Security Challenges 8:221.1.2 Security Roles and Concepts 5:361.1.3 Threat Agent Types 8:201.1.5 General Attack Strategy 8:511.1.6 General Defense Strategy18:25Total49:34Number of Exam Questions12 questionsTotal TimeAbout 70 minutes Section 1.2: Using the Simulator SummaryThis section introduces the student to the TestOut simulator, which is used in most of the lab exercises throughout the course. Students will become familiar with the:ScenarioMain BenchShelfSelected ComponentProcesses to complete labsElements of the Score ReportStudents will learn how to:Read simulated component documentation and view components to make appropriate choices to meet the scenario. Add and remove simulated computer components. Change views to view and add simulated components. Use the zoom feature to view additional image details. Attach simulated cables. Use the simulation interface to identify where simulated cables connect to the computer. Video/DemoTime1.2.1 Using the Simulator 13:19Lab/ActivityConfigure a Security ApplianceInstall a Security ApplianceTotal TimeAbout 25 minutes Section 2.1: Access Control Models SummaryThis section discusses access control models. Basics discussed include:Access control involves:ObjectsSubjectsSystemProcesses of the access control:IdentificationAuthenticationAuthorizationAuditing (also referred to as accounting)Access controls can be classified according to the function they perform:PreventiveDetectiveCorrectiveDeterrentRecoveryCompensativeAccess control measures to restrict or control access:AdministrativeTechnical PhysicalDirectory servicesCommon access control models:Mandatory Access Control (MAC)Discretionary Access Control (DAC)Role-Based Access Control (RBAC)Rule Set-Based Access Control (RSBAC)Federated Access ControlDiscretionary access controlsAccess control modelsAcademic security models:Bell-LaPadulaBibaClark-WilsonState machineBrewer and Nash Module/Chinese WallTake-GrantCombination modelsStudents will learn how to:Implement DAC by configuring a discretionary access control list (DACL).Security Pro Exam Objectives:5.1 Harden Network Devices (using a Cisco Small Business Switch).Implement access lists, deny everything elseLecture Focus Questions: What is access control and why is it important?How does the Discretionary Access Control (DAC) provide access control?What type of entries does the Discretionary Access Control List (DACL) contain?What is the function of each of the two types of labels used by the Mandatory Access Control (MAC) access model? What is the difference between role-based access control and rule-based access control?How are Rule-Based Access Control and Mandatory Access Control (MAC) similar?In security terms, what does AAA refer to?Video/DemoTime 2.1.1 Access Control Models 3:382.1.5 Implementing Discretionary Access Control6:09Total9:47Number of Exam Questions15 questionsTotal TimeAbout 30 minutesSection 2.2: Authentication SummaryIn this section students will learn the basics of identification and authentication. Concepts covered in this section include:Ways a User can prove identity to an authentication server:Type 1 Something you knowType 2 Something you haveType 3 Something you areType 4 Somewhere you areType 5 Something you doTerms used to measure the effective of authentication solutions:False negativeFalse positiveCrossover error rateProcessing rateAuthentication methods used to increase security:Two-factorThree-factorMulti-factorStrongOne-factorMutualConsiderations when implementing biometricsSingle Sign-on (SSO) authentication:Advantages of SSODisadvantages of SSOSSO solutions:KerberosSecure European System for Applications in a Multi-Vendor Environment (SESAME)Directory servicesStudents will learn how to:Use a biometric scanner to enroll (record) fingerprints that can be used for authentication. Configure fingerprint settings to automate execution of an application. Use single sign-on to access all authorized resources on the network.Lecture Focus Questions: What is the difference between authentication and identification? Which authentication type is the most common? Which form of authentication is generally considered the strongest? What is the difference between synchronous and asynchronous token devices? Which type of biometric processing error is more serious, a false positive or a false negative? Why? What is the difference between strong authentication, two-factor authentication, and multi-factor authentication? What are the main advantages of SSO authentication? Disadvantages? Video/DemoTime 2.2.1 Authentication Part 111:262.2.2 Authentication Part 2 8:532.2.4Using a Biometric Scanner 3:492.2.5 Using Single Sign-on12:20Total36:28Number of Exam Questions15 questionsTotal TimeAbout 60 minutes Section 2.3: Authorization SummaryThis section examines using authorization to control access to resources. Concepts covered include:Types of NTFS access lists:Discretionary Access Control List (DACL)System Access Control List (SACL)The role of a security principalTypes of permission:Effective PermissionsDeny PermissionsCumulative PermissionsStudents will learn how to:Create a group and add members to the group. Examine the elements of an access token using whoami /all. After changes to user privileges, gain access to newly assigned resources by creating a new access token (logging on again). Lecture Focus Questions: What three types of information make up an access token? How is the access token used to control access to resources? On a Microsoft system, when is the access token generated? What types of objects are considered security principals? What is the difference between a discretionary access control list (DACL) and a system access control list (SACL)? Video/DemoTime2.3.1 Authorization 5:152.3.2 Cumulative Access 9:372.3.4 Examining the Access Token 9:08Total24:00Number of Exam Questions4 questionsTotal TimeAbout 30 minutes Section 2.4: Access Control Best Practices SummaryThis section provides information about best practices to control access to system resources. Concepts covered include:Security practices:Principle of least privilegeNeed to knowSeparation of dutiesJob rotationDefense-in-depthCreeping privilegesPrecautions to avoid creeping privilegesEnd-of-life procedures for mediaStudents will learn how to:Enable and disable User Account Control (UAC). Use alternate credentials to run programs that require elevated privileges. Security Pro Exam Objectives:5.1 Harden Network Devices (using a Cisco Small Business Switch).Implement access lists, deny everything elseLecture Focus Questions: What is the difference between implicit deny and explicit allow? What is the difference between implicit deny and explicit deny? Which is the strongest? How does implementing the principle of separation of duties increase the security in an organization? What aspects of security does job rotation provide? How do creeping privileges occur? Video/DemoTime2.4.1 Access Control Best Practices 3:122.4.3 Viewing Implicit Deny10:13Total 13:25Number of Exam Questions12 questionsTotal TimeAbout 30 minutes Section 2.5: Active Directory Overview SummaryThis section provides an overview of Active Directory. Concepts covered include:Active Directory components:DomainTrees and ForestsOrganizational Unit (OU)Generic ContainersObjectsDomain ControllerStudents will learn how to:Open and navigate the Active Directory Users and Computers dialog.Distinguish between Organizational Unit (OU) and folder resources.View and edit user and group account properties.Lecture Focus Questions: What is the purpose of a domain?What is the difference between a tree and a forest?How do Organizational Units (OUs) simplify administration of security?What are the advantages of a hierarchical directory database over a flat file database?Video/DemoTime2.5.1 Active Directory Introduction 9:042.5.2 Active Directory Structure 9:242.5.3 Viewing Active Directory 8:05Total26:33Number of Exam Questions3 questionsTotal TimeAbout 30 minutes Section 2.6: Windows Domain Users and Groups SummaryThis section discusses managing Windows domain users and groups. Concepts covered include:User Account Management:Creating usersRecommendations of managing user accountsDirectory object attributesManaging users as groupsStudents will learn how to:Create domain user accounts. Modify user account properties, including changing logon and password settings in the user account. Rename a user account. Reset a user account password and unlock the account. Enable and disable an account. Security Pro Exam Objectives:1.1 Create, modify, and delete user profiles. Manage Windows Domain Users and Groups Create, rename, and delete users and groups Lock and unlock user accounts Assign users to appropriate groups Change a user's password 1.2 Harden authentication.Configure the Domain GPO to control local administrator group membership and Administrator passwordLecture Focus Questions: What is the purpose of a domain? What is the difference between a disabled, locked out, or expired user account? What is the best way to handle a user's account when an employee quits the company and will be replaced by a new employee in the near future? What are the recommendations for using a template user account? What properties of a user account do not get duplicated when you copy the user? Video/DemoTime2.6.1 Creating User Accounts 4:502.6.2 Managing User Account Properties 7:452.6.5 Managing Groups 5:05Total17:40Lab/ActivityCreate User AccountsManage User AccountsCreate a GroupCreate Global GroupsNumber of Exam Questions5 questionsTotal TimeAbout 50 minutes Section 2.7: Linux Users SummaryThis section examines managing Linux users. Concepts covered include:Options for storing Linux user and group informationFiles used when files are stored in the local file system:/etc/passwd/etc/shadow/etc/group/etc/gshadowConfiguration files used when managing user accounts:/etc/default/useradd/etc/login.defs/etc/skelManage user accounts with the following commands:useraddpasswdusermoduserdelStudents will learn how to:Create, rename, lock, and unlock a user account. Change a user's password. Rename or remove a user account. Security Pro Exam Objectives:1.1 Create, modify, and delete user profiles. Manage Linux Users and Groups Create, rename, and delete users and groups Assign users to appropriate groups Lock and unlock user accounts Change a user's password Lecture Focus Questions: Which directory contains configuration file templates that are copied into a new user's home directory? When using useradd to create a new user account, what type of default values create the user account? How can you view all the default values in the /etc/default/useradd file? How would you create a user with useradd that does not receive the default values in /etc/default/useradd file? Which command deletes a user and their home directory at the same time? Video/DemoTime2.7.1 Linux User and Group Overview 19:142.7.2 Managing Linux Users 9:28Total28:42Lab/ActivityCreate a User AccountRename a User AccountDelete a UserChange Your PasswordChange a User’s PasswordLock and Unlock User AccountsNumber of Exam Questions7 questionsTotal TimeAbout 70 minutes Section 2.8: Linux Groups SummaryThis section examines managing Linux groups. Concepts covered include:Commands to manage group accounts and group membership:groupaddgroupmodgroupdelgpasswdnewgrpusermodgroupsStudents will learn how to:Create groups and define the group ID. Change secondary group membership for specific user accounts. Enable a group password. Security Pro Exam Objectives:1.1 Create, modify, and delete user profiles. Manage Linux Users and Groups Create, rename, and delete users and groups Assign users to appropriate groups Change a user's password Lecture Focus Questions: Which usermod option changes the secondary group membership? Which command removes all secondary group memberships for specific user accounts? Which groupmod option changes the name of a group? Video/DemoTime2.8.1 Managing Linux Groups 3:15Lab/ActivityRename and Create GroupsAdd Users to a GroupRemove a User from a GroupNumber of Exam Questions3 questionsTotal TimeAbout 20 minutes Section 2.9: Linux User SecuritySummaryIn this section students will explore user security for Linux. Details about the following concepts will be covered:Considerations for user securityCommands used to promote user security and restrictionschageulimitThe /etc/security/limits.conf fileEntry options:EntityTypeLimitsValueStudents will learn how to:Configure password aging. Configure password login limits. Configure the maximum concurrent logins by a user. Use the ulimit command to restrict user resource usage. Security Pro Exam Objectives:1.1 Create, modify, and delete user profiles. Manage Linux Users and Groups. Configure password aging.Restrict use of common access accounts.Lecture Focus Questions: When using chage to set expiration of user passwords, which option sets the number of days for the password warning message? What is the difference between hard and soft limits? When using ulimit to limit computer resources used for applications launched from the shell, which option displays the current limits? What command removes all restrictions for process memory usage? Why should passwords not expire too frequently? Video/DemoTime2.9.1 Linux User Security and Restrictions 9:532.9.2 Configuring Linux Users Security and Restrictions 6:40Total16:33Number of Exam Questions5 questionsTotal TimeAbout 25 minutesSection 2.10: Group Policy Overview SummaryThis section provides an overview of using Group Policy to apply multiple objects within the Active Directory domain at one time. Concepts covered include:The role of GPOsGPO Categories:Computer ConfigurationUser ConfigurationHow GPOs apply to objectsThe order in which GPOs are appliedStudents will learn how to:View the setting defined in a GPO. Create a GPO. Link a GPO to OUs. Edit the settings of a GPO. Import GPO settings. Security Pro Exam Objectives:1.1 Create, modify, and delete user profiles. Manage Windows Local Users and Groups Restrict use of local user accounts Restrict use of common access accounts 1.2 Harden authentication.Configure the Domain GPO to enforce User Account ControlLecture Focus Questions: When are user policies applied? How do computer policies differ from user policies? How do GPOs applied to an OU differ from GPOs applied to a domain? What is the order in which GPOs are applied? If a setting is undefined in one GPO and defined in another, which setting is used? If a setting is defined in two GPOs, which setting is applied?Video/DemoTime2.10.1 Group Policy Overview 8:412.10.2 Viewing Group Policy 14:31Total 23:12Lab/ActivityCreate and Link a GPONumber of Exam Questions3 questionsTotal TimeAbout 35 minutes Section 2.11: Hardening Authentication 1SummaryThis section discusses methods of hardening authentication. Basics discussed include:Methods of authentication:Account lockoutAccount restrictionsAccount (password) policiesConsiderations for controlling user account and password securityStudents will learn how to:Control logical access by configuring user account and account lockout policies. Configure day/time restrictions, computer restrictions, and expiration dates for user accounts. Enable and disable user accounts. Configure the password policy for a domain. Using Group Policy Management, configure security settings such as password policy settings to define requirements for user passwords. Using Group Policy Management, configure user right assignments to identify actions users can perform on a system. Security Pro Exam Objectives:1.1 Create, modify, and delete user profiles. Manage Windows Local Users and Groups Restrict use of local user accounts Restrict use of common access accounts 1.2 Harden authentication.Configure Domain GPO Account Policy to enforce a robust password policyDisable or rename default accounts such as Guest and Administrator5.1 Harden Network Devices (using a Cisco Small Business Switch).Use secure passwordsLecture Focus Questions: What characteristics on a Microsoft system typically define a complex password? What is the clipping level and how does it affect an account login? What does the minimum password age setting prevent? What is a drawback to account lockout for failed password attempts? What are the advantages of a self-service password reset management system? Video/DemoTime 2.11.1 Hardening Authentication19:312.11.2 Configuring User Account Restrictions 9:302.11.4 Configuring Account Policies and UAC Settings14:182.11.6 Hardening User Accounts10:20Total53:39Lab/ActivityConfigure User Account RestrictionsConfigure Account PoliciesRestrict Local AccountsSecure Default AccountsEnforce User Account ControlNumber of Exam Questions11 questionsTotal TimeAbout 90 minutesSection 2.12: Hardening Authentication 2SummaryThis section discusses methods of hardening authentication using smart cards and fine-grained password policies. Basics discussed include:Facts about smart cardsSmart card categories:Contact smart cardsContactless smart cardsKey benefits of smart cardsWeaknesses of smart cards:MicroprobingSoftware attacksEavesdroppingFault generationThe role of granular password policies:Acronyms:Password Settings Object (PSO)Password Settings Container (PSC)PSO properties:msDS-PSOAppliesTomsDS-PasswordSettingsPrecedenceCreating a PSO using ADSI EditUsing Active Directory Administrative Center to manage granular passwordsStudents will learn how to:Configure authentication for a smart card.Implement a fine-grained password policy to create a more restrictive policy set.Security Pro Exam Objectives:1.1 Create, modify, and delete user profiles. Manage Windows Local Users and Groups Restrict use of local user accounts Restrict use of common access accounts 1.2 Harden authentication. Configure a GPO for Smart Card authentication for sensitive resourcesLecture Focus Questions: What are the two different categories of smart cards and how they are read by the smart card reader?What are the advantages and disadvantages of using smart cards?When would you choose to use fine-grained password policies?Video/DemoTime 2.12.1 Configuring Smart Card Authentication 6:202.12.4 Using Fine-Grained Password Policies 7:00Total13:20Lab/ActivityConfigure Smart Card AuthenticationCreate a Fine-Grained Password PolicyNumber of Exam Questions5 questionsTotal TimeAbout 30 minutesSection 2.13: Remote AccessSummaryIn this section students will learn about remote access. Concepts covered include:The role of remote access.Stages in the remote access process:ConnectionAuthenticationAuthorizationAccounting Implementing a remote access serverCommon AAA server solutions:Remote Authentication Dial-In User Server (RADIUS)Terminal Access Controller Access-Control System Plus (TACACS+)Considerations when comparing RADIUS vs. TACACS+Students will learn how to:Configure a remote access server to accept remote access connections. Control remote access authorization using network policies. Configure ports on a VPN server to allow VPN connections. Configure a VPN client connection. Security Pro Exam Objectives:1.2 Harden authentication. Configure secure remote access. Lecture Focus Questions: How does EAP differ from CHAP or MS-CHAP? What is the difference between authentication and authorization? How does tunneling protect packets in transit through an unsecured network? What are examples of criteria used to restrict remote access? Which remote server solution performs better and is considered more secure? What types of attacks are remote access servers vulnerable to? Video/DemoTime2.13.1 Remote Access 8:432.13.3 RADIUS and TACACS+ 6:51Total15:34Number of Exam Questions15 questionsTotal TimeAbout 35 minutes Section 2.14: Network Authentication SummaryThis section discusses using authentication too connect to a network and access network resources. Concepts covered include:The process of a three-way handshakeAuthentication methods used for network authentication:LAN Manager (LANMAN or LM)NT LAN Manager (NTLM)KerberosThe role of Lightweight Directory Access Protocol (LDAP)Authentication Modes that LDAP supports when binding to a directory service:AnonymousSimpleSimple Authentication and Security Layer (SASL)TrustsOne-way trustTwo-way trustTransitivity:Transitive trustNon-transitive trustTransitive access attackStudents will learn how to:Edit Kerberos Policy settings using Group Policy Management. Provide authentication backwards compatibility for pre-Windows 2000 clients using Group Policy.Security Pro Exam Objectives:1.2 Harden authentication. Implement centralized authentication 1.3 Manage Certificates. Configure Domain GPO Kerberos SettingsLecture Focus Questions: Using a challenge/response process, what information is exchanged over the network during logon? How does this provide security for logon credentials? What is the difference between authentication with LAN Manager and NT LAN Manager? What security vulnerabilities should an administrator be aware of when using Kerberos for authentication? What two entities are combined to make up the KDC? Why does Kerberos require clock synchronization between devices? What does transitivity define? How is a non-transitive trust relationship established between domains?Video/DemoTime 2.14.1 Network Authentication Protocols14:092.14.2 Network Authentication via LDAP10:302.14.4 Controlling the Authentication Method 6:392.14.6 Browsing a Directory Tree via LDAP 6:382.14.7 Trusts and Transitive Access 5:332.14.9 Credential Management10:06Total53:35Lab/ActivityConfigure Kerberos Policy SettingsNumber of Exam Questions14 questionsTotal TimeAbout 70 minutesSection 2.15: Identity Management SummaryThis section discusses the role of Identity Management (IDM). Details include:The role of Identity Management IDMAdvantages of IDMTerms:Identity VaultIdentity Management ServiceAutomated ProvisioningAutomated De-ProvisioningAutomated MaintenanceAutomated De-provisioningAutomated MaintenancePassword SynchronizationEntitlementAuthoritative SourceLecture Focus Questions: What are the advantages of implementing IDM? Disadvantages? What is the significance of the authoritative source of an item? What does entitlement define? What is automated provisioning?Video/DemoTime 2.15.1 Identity Management16:31Number of Exam Questions4 questionsTotal TimeAbout 20 minutesSection 3.1: Cryptography SummaryIn this section students will learn the basics of cryptography. Concepts covered in this section include:Terms related to cryptography:Plain textCipher textCryptographerCryptanalysisCryptosystemCryptologyKeyAlgorithmEncryptionDecryptionSteganographyQuantum cryptographyInitialization vectorTransposition CipherSubstitution CipherAttack Types:Brute Force AttacksPlaintext AttacksAnalyticWeakness Exploitation AttacksEncryption attacksMan-in-the-middle attackCountermeasures to strengthen the cryptosystemSecurity Pro Exam Objectives:1.3 Manage Certificates. Approve, deny, and revoke certificate requests Lecture Focus Questions: What is a legitimate use for cryptanalysis? How is the strength of a cryptosystem related to the length of the key? Which of the following is typically kept secret, the encryption algorithm or the key (or both)? What is the difference between a transposition cipher and a substitution cipher? What is a legitimate use of steganography? What methods are used in a brute force attack? What is the difference between a Registration Authority and a Certificate Authority?Video/DemoTime 3.1.1 Cryptography Concepts 4:293.1.3 Cryptography Attacks17:47Total22:16Number of Exam Questions15 questionsTotal TimeAbout 45 minutes Section 3.2: Hashing SummaryThis section examines using hashing to ensure the data integrity of files and messages in transit. Concepts covered include:The role of hashingPredominate hashing algorithms:MD5SHA-1RIPEMDUses of hashing:File integritySecure logon credential exchangeConsiderations regarding hashesStudents will learn how to:Generate a hash value for a file. Compare hash values to verify message integrity. Lecture Focus Questions: What security goal or function is provided by hashes? Why doesn't a hash provide message encryption? When comparing MD5 and SHA-1, which method provides greater security? Why? What is a collision and why is this condition undesirable in a hashing algorithm? Why is high amplification an indicator of a good hashing algorithm? Video/DemoTime3.2.1 Hashing11:313.2.3 Using Hashes 7:43Total19:14Number of Exam Questions12 questionsTotal TimeAbout 35 minutes Section 3.3: Symmetric Encryption SummaryThis section examines using symmetric encryption to encrypt and decrypt data. Concepts covered include:Symmetric encryption uses two algorithm types:Block ciphersStream ciphersCommon symmetric cryptography methods include:Ron’s Cipher v2 or Ron’s Code v2 (RC2)Ron’s Cipher v5 or Ron’s Code v5 (RC5)International Data Encryption Algorithm (IDEA)Data Encryption Standard (DES)Triple DES (3DES)Advanced Encryption Standard (AES)BlowfishTwofishSkipJackThe role of Hashed Keyed Message Authentication Code (HMAC)Students will learn how to:Perform a brute force analysis of encrypted data to recover original data. Lecture Focus Questions: A user needs to communicate securely with 5 other users using symmetric key encryption. How many keys are required? How are symmetric keys typically exchanged between communication partners? What is an advantage of increasing the number of bits in the key? What is a disadvantage? Why are symmetric key stream ciphers considered to be slower than symmetric key block ciphers? Considering symmetric key stream ciphers and block ciphers, which would you select to process large amounts of data? Why? How does 3DES differ from DES? Video/DemoTime3.3.1 Symmetric Encryption 5:273.3.2 HMAC 6:133.3.4 Cracking a Symmetric Encryption Key 4:11Total15:51Number of Exam Questions15 questionsTotal TimeAbout 35 minutes Section 3.4: Asymmetric Encryption SummaryThis section discusses using asymmetric encryption to encrypt and decrypt data. Details include:Considerations of asymmetric encryption:Asymmetric encryption functionalityAsymmetric encryption uses:Data encryptionDigital signingKey exchangeUsing asymmetric and symmetric encryption togetherCommon asymmetric encryption implementations:SSL/TLSIPSecVPNs (PPTP, L2TP, SSTP)S/MIME and PGP for e-mail securitySSH tunnelsManagement considerationsProtecting data in the event of key compromiseCommon asymmetric key cryptography systems:Diffie-Hellman Key ExchangeElGamalElliptic Curve Cryptography (ECC)Merkle-Hellman KnapsackRivest, Shamir, Adelman (RSA)Lecture Focus Questions: How do public keys differ from private keys? What is the relationship between the two? For which type of environment is asymmetric cryptography best suited? Why does asymmetric encryption require fewer keys than symmetric encryption? What services are provided by the cryptographic service provider (CSP)? What is the main use for the Diffie-Hellman protocol?Video/DemoTime 3.4.1 Asymmetric Encryption8:56Number of Exam Questions12 questionsTotal TimeAbout 25 minutesSection 3.5: Public Key Infrastructure (PKI) SummaryThis section examines using a public key infrastructure (PKI) to issue and manage certificates. Details include:The role of a digital certificateProcess used to request, issue, and manage certificatesExample of using SSL and certificates to secure Web transactionsTerms to be familiar with:Certificate Authority (CA)Subordinate Certificate AuthorityCertificate Practice Statement (CPS)Cryptographic Service Provider (CSP)Online Certificate Status Protocol (OCSP)Certificate Revocation List (CRL)CRL Distribution Point (CDP)Registration Authority (RA)X.509Enrollment agentAuthority Information Access (AIA) A summary of the certificate lifecycleCertificate management areas:Key protectionCertificate validationKey archivalKey escrowCertificate revocationCrypto periodCertificate renewalKey disposalConsiderations when managing a public key infrastructure (PKI):PKI hierarchyCross certificationDual key pairsStudents will learn how to:Manage certificates by requesting, approving, and installing certificates. Revoke a certificate and publish it to the CRL. Create and configure a subordinate CA. Manage certificate templates by deploying certificates for different purposes. Create and issue custom certificate templates. Security Pro Exam Objectives:1.3 Manage Certificates. Approve, deny, and revoke certificate requests Lecture Focus Questions: Who authorizes subordinate CAs? Why is this important? What does the issuance policy on a CA control? How does a client verify the information in an SSL certificate to determine if it trusts the certificate? What is the difference between a CSP and a CPS? What is the role of the Registration Authority (RA)? What is the difference between key archival and key escrow? How are revoked certificates identified? Under what circumstances would a certificate be revoked? What security advantage do dual key pairs provide?Video/DemoTime3.5.1 Certificates11:023.5.2 Managing Certificates14:453.5.5 CA Implementation 5:173.5.6 Configuring a Subordinate CA14:13Total45:17Lab/ActivityManage CertificatesNumber of Exam Questions15 questionsTotal TimeAbout 70 minutes Section 3.6: Cryptographic Implementations SummaryIn this section students will learn the basics of implementing cryptography. Concepts covered include:Implementations of cryptography:File system encryptionDigital signaturesDigital envelopeTrusted Platform Module (TPM)Hardware Security Modules (HSM)How technologies are implemented in LAN-and Web-based environments:Secure Electronic Transaction (SET)Secure Sockets Layers (SSL)Transport Layer Security (TLS)Secure Hyper Text Transport Protocol (S-HTTP)Hyper Text Transport Protocol Secure (HTTPS)Secure Shell (SSH)Internet Protocol Security (IPSec)Encryption technologies implemented to secure e-mail messages:Privacy Enhanced Mail (PEM)Pretty Good Privacy (PGP)Secure Multipurpose Internet Mail Extensions (S/MIME)Message Security Protocol (MSP)Lecture Focus Questions: What are the advantages of asymmetric over symmetric encryption? What are the disadvantages? How are asymmetric encryption and hashing combined to create digital signatures? What is the difference between digital signatures and digital envelopes? How does the protection offered by BitLocker differ from EFS? How does S-HTTP differ from HTTPS? Which is more secure? Which types of traffic can SSL protect?Video/DemoTime3.6.1 Combining Cryptographic Methods10:303.6.2 Hardware Based Encryption Devices 7:12Total17:42Number of Exam Questions15 questionsTotal TimeAbout 40 minutes Section 4.1: Security Policies SummaryThis section discusses using security policies to define the overall security outlook for an organization. Details include:Types of documents used to create security policies:RegulationProcedureBaselineGuidelineElements of security planningDue care and due diligenceTypes of security policy documents:Acceptable useAuthorized accessChange and configuration managementCode escrow agreementCode of ethicsHuman resource policiesOrganizational security policyPasswordPrivacyResource allocationService Level Agreement (SLA)User education and awareness trainingUser managementThe role of security managementComponents of operational security that help to establish defense and depth:Change managementEmployee managementSecurity awarenessPhysical securityInformation Security Classification Framework:HighMediumLowCommon information classification levels:Public with full distributionPublic with limited distributionPrivate internalPrivate restrictedGovernment and military classifications:UnclassifiedSensitive but unclassifiedConfidentialSecretTop secretData retention policiesMethods of disposing media to prevent data recovery:Shredding/BurningPartitioning/Formatting/DegaussingWiping a Hard DriveDestructionSecurity Pro Exam Objectives:2.1 Promote Information Security Awareness. Support certification and accreditation (i.e., security authorization) Exchanging content between Home and Work Storing of Personal Information on the Internet Using Social Networking Sites Password Management Information Security Lecture Focus Questions: What is the difference between a regulation and a guideline? What are the main reasons for implementing security policies within an organization? How is due diligence different than due process? How can a code escrow agreement provide security for an organization? When a new security plan is distributed, why is it important to destroy all copies of the old version? What are the characteristics of a strong password policy? How is the government's secret classification different than the top secret classification?Video/DemoTime4.1.1 Security Policies 7:234.1.2 Data Privacy Laws 9:424.1.6 Information Classification 5:404.1.8 Data Retention Policies 11:404.1.9 Wiping a Hard Drive12:58Total47:23Number of Exam Questions15 questionsTotal TimeAbout 80 minutes Section 4.2: Manageable Network Plan SummaryThis section discusses milestones to develop a manageable network plan. Prepare to DocumentMap the NetworkProtect Your Network (Network Architecture)Reach Your Network (Device Accessibility)Control Your network (User Access)Manage Your Network Part I (Patch Management)Manage Your Network Part II (Baseline Management)Document Your NetworkSecurity Pro Exam Objectives:2.3 Maintain Hardware and Software Inventory.Lecture Focus Questions: When you are developing a manageable network plan, what should you keep in mind when you prepare to document your network?What elements of the network are identified when you map your network?What steps should you perform to protect your network?How can you ensure that all the devices in the network have access but still maintain security?What are the considerations to keep in mind to control user access and ensure network security?Video/DemoTime4.2.1 Manageable Network Plan 16:494.2.2 Manageable Network Plan 2 14:05Total30:54Number of Exam Questions3 questionsTotal TimeAbout 35 minutes Section 4.3: Business ContinuitySummaryThis section provides basic information about the activities that will ensure business continuity. Concepts covered include:Plans pertaining to business continuity include:Business Continuity Plan (BCP)Business Impact Analysis (BIA)Disaster Recovery Plan (DRP)Considerations when creating the disaster recovery and business continuity plansThe role of succession planningSecurity Pro Exam Objectives:2.2 Evaluate Information Risk. Perform Risk calculation Risk avoidance, transference, acceptance, mitigation, and deterrence Lecture Focus Questions: When is the best time to start planning for disaster recovery? How is the Disaster Recovery Plan (DRP) related to the Business Continuity Plan (BCP)? What is the top priority when planning for a disaster? How does a Business Impact Analysis (BIA) help to improve the security of an organization? In addition to planning for how to keep operations going in the event of an incident, what else should a disaster recovery plan include? How does succession planning differ from replacement planning? Video/DemoTime4.3.1 Business Continuity 2:394.3.2 Succession Planning 5:23Total 8:02Number of Exam Questions7 questionsTotal TimeAbout 20 minutes Section 4.4: Risk ManagementSummaryIn this section students will learn about using risk management to reduce risk for an organization. Concepts covered include: Terms related to risk analysis:AssetThreatVulnerabilityThreat agentAttackCountermeasureExposureLossRiskResidual riskProcesses involved in risk management:Asset identificationThreat identificationRisk assessmentRisk responseMethods to prioritize assets:Delphi methodSensitivity vs. riskComparativeAsset classificationDocument proceduresData Loss Prevention (DLP):Network DLPEndpoint DLPFile-Level DLPLecture Focus Questions: What kinds of components are tangible assets? How can an asset have both a tangible and intangible value? Why is determining the value of an asset important to an organization? How is quantitative analysis different than qualitative analysis? Which components are used to measure risk quantitatively? What method is typically deployed in risk transference? Why is risk rejection not a wise risk response?Video/DemoTime4.4.1 Risk Management 4:044.4.2 Security Controls 3:214.4.3 Data Loss Prevention (DLP) 4:57Total12:22Number of Exam Questions15 questionsTotal TimeAbout 30 minutesSection 4.5: Incident ResponseSummaryThis section discusses strategies for responding to an incident during and after the incident. Concepts covered include:What is a security incident?Incident response plansActions to take after an incident has been discoveredResponding to a security incident:Short-term (triage) actionsMid-term (action/reaction) actionsLong-term (follow up) actionsThe role of the first responderThe elements of incident responseConsiderations when responding to a security incidentWays investigations can be performed for computer systems:Live analysisDead analysisProcedures for collecting and analyzing computer evidenceReport the findings following the analysisForensic investigationEvidence life cycleChain of custodyTypes of evidence:BestCorroborativeHearsayStages of the evidence life cycle:Collection and identificationPreservation and analysisStorageTransportation and processingPresentation in courtReturn to ownerStudents will learn how to:Gather and authenticate forensic information from a system using a computer forensic tool. Analyze and record forensic evidence. View and build a case using the forensic evidence that has been gathered. Lecture Focus Questions: What actions should take place when an incident occurs? What types of things would a computer forensic investigator want to analyze if he selected a live analysis over a dead analysis? What methods can be used to save the contents of memory as part of a forensic investigation? How should you ensure the integrity of collected digital evidence? Why is chain of custody so important with forensic investigations? Video/DemoTime4.5.1 First Responder 7:174.5.2 Basic Forensic Procedures18:314.5.3 Using Forensic Tools 6:174.5.4 Creating a Forensic Drive Image10:00Total42:05Number of Exam Questions15 questionsTotal TimeAbout 65 minutesSection 4.6: Social Engineering SummaryThis section examines details about social engineering. Concepts covered include:Forms of social engineering:PassiveActiveTypes of social engineering attacks:PersuasiveReciprocitySocial validationCommitmentScarcityFriendshipAuthoritySocial engineering attacks:Shoulder surfingEavesdroppingDumpster divingTailgating and PiggybackingMasqueradingPhishingSpear phishingCaller ID spoofingHoax e-mailsSpyware/AdwarePretextingEmployee awareness training is the most effective countermeasure for social engineering. Train employees:Actions to protect informationActions to implement online securityDetermine the value for types of informationNot allow others to use the employees identificationDemand proof of identity of othersStudents will learn how to: Identify and ignore e-mail hoaxes to protect system resources. Train users to identify phishing scams by mousing over links, verifying the URL, and verifying HTTPS. Lecture Focus Questions: How is passive social engineering different than active social engineering? What methods do attackers use to make an interaction appear legitimate? How is employee awareness training the most effective countermeasure for social engineering? What specific countermeasures should be implemented to mitigate social engineering? How is tailgating different than piggybacking? How does using bookmarks instead of e-mail links improve security?Video/DemoTime4.6.1 Social Engineering 4:394.6.2 Phishing Variations13:044.6.4 Investigating Social Engineering Attack 9:45Total27:28Lab/ActivityRespond to Social Engineering Number of Exam Questions15 questionsTotal TimeAbout 55 minutes Section 4.7: Certification and Accreditation SummaryThis section examines using certification and accreditation to provide security. Concepts covered include:Security kernelMethods to determine levels of access:TokenSecurity labelCapabilities listMethods used by secure operating systems to provide security:Ring architectureSecurity perimeterConfinementBoundsIsolationLayeringAbstractionHidingClassificationTarget of Evaluation (TOE)Virtual machineMain modes of security used in a Protection Profile (PP):Dedicated SecuritySystem HighCompartmentalizedMultilevel SecureConcepts associated with the quality assurance process are:The Target of Evaluation (TOE)Security Target (ST)Security Assurance Requirements (SARs)Designated Approval authority (DAA)Evaluation Assurance Level (EAL):No Assurance (EAL0)Functionally Tested (EAL1)Structurally Tested (EAL2)Methodically Tested and Checked (EAL3)Methodically Designed, Tested and Reviewed (EAL4)Semi-formally Designed and Tested (EAL5)Semi-formally Verified Design and Tested (EAL6)Formally Verified Design and Tested (EAL7)Considerations regarding EAL levelsLevels of approval:AcceptanceCertificationAccreditationAssuranceLecture Focus Questions: Which methods does a reference monitor use to determine levels of access? Where is the reference monitor in relation to the security perimeter? How does layering provide security to an operating system? In a layered system, where does the operating system function? How does commercial classification labeling differ from military? How does acceptance differ from certification and accreditation? Video/DemoTime4.7.1 Trusted Computing10:014.7.2 Certification and Accreditation 4:46Total14:47Number of Exam Questions12 questionsTotal TimeAbout 40 minutes Section 4.8: DevelopmentSummaryIn this section students will learn about the System Development Life Cycle (SDLC). SDLC is a systematic method for used for software development and implementation of system and security projects. Concepts covered include: Phases of the SDLC:Project initiationFunctional designSystem DesignDevelopment and codingInstallation and implementationReleaseOperations and maintenanceEnd of lifeChange controlStandardized models that developers use when developing new software are: Ad-hocWaterfall planningStructured programmingPrototypeObject-oriented programmingSpiralClean roomExtreme programmingComputer-Aided Software Engineering (CASE)Lecture Focus Questions: How does the spiral model combine the waterfall model and the prototype model? How should security be employed in the different stages of development? What does functional design entail? When is change control necessary? What are the responsibilities of developers after a product is released? Video/DemoTime4.8.1 System Development Life Cycle 8:404.8.2 System Development Life Cycle 2 7:49Total16:29Number of Exam Questions7 questionsTotal TimeAbout 35 minutesSection 4.9: Employee ManagementSummaryThis section discusses strategies for managing employees. Details covered include:The role of employee managementPrinciples that should be part of employee management decisions:Least privilegeSeparation of dutiesTwo-man controlCommon employee-related security vulnerabilities:FraudCollusionEmployee security process:Pre-employmentEmploymentTerminationSecurity awareness includes:Security trainingSecurity retrainingRandom security auditsEmployee agreement documents:Non-disclosure agreement (NDA)Non-compete agreementOwnership of materials agreementData handling and classification policyClean desk policyAcceptable use agreementPassword security policyEmployee monitoring agreementExit interview cooperation agreementFirst day of employment documents:Security policyEmployee HandbookJob descriptionEthicsCode of ethicsComponents of code of ethics:ValuesPrinciplesManagement SupportPersonal ResponsibilityComplianceThe (ISC)2 Code of Ethics canons include:Protect society, the common wealth, and the infrastructure (do no harm),Act honorably, honestly, justly, responsibly, and legally (be a good person).Provide diligent and competent service to the principles (be a good CISSP).Advance and protect the security profession.Lecture Focus Questions: How can pre-employment processing improve the security of an organization?What is the role of the policy handbook regarding security?What guidelines must be considered when monitoring employees?Why should employees be required to sign employment agreements?How are?separation of duties?and?two-man control?different?How can collusion be avoided?What is the importance of a clear job description?Video/DemoTime4.9.1 Employment Practices13:45Number of Exam Questions15 questionsTotal TimeAbout 40 minutesSection 4.10: Third-Party IntegrationSummaryThis section discusses strategies for securing integration with third parties. Details covered include:Onboarding considerationsOngoing operationsOff-boardingLecture Focus Questions: What security issues must be identified and addressed during the onboarding phase of a third-party relationship?What are the key documents that are included in an Interoperability Agreement (IA)?What is the role of the Service Level Agreement (SLA)?During the ongoing phase of the relationship, how do you ensure that security has not been compromised?Which items need to be disabled or reset during the off-boarding phase of the relationship?Video/DemoTime4.10.1 Third-Party Integration Security Issues11:24Number of Exam Questions4 questionsTotal TimeAbout 20 minutesSection 5.1: Physical Security SummaryThis section provides information about physical security. Concepts covered include:Factors for physical security:PreventionDetectionRecoveryImportant aspects of physical securityPhysical control measures:Perimeter barriersClosed-circuit television (CCTV)DoorsDoor locksPhysical access logsPhysical access controlsThe sequence of physical security:Deter initial access attemptsDeny direct physical accessDetect the intrusionDelay the violator to allow for responseImplementing a layered defense systemTailgating and piggybackingSecurity Pro Exam Objectives:3.1 Harden Data Center Physical Access.Implement Access RostersUtilize Visitor Identification and controlProtect Doors and WindowsImplement Physical Intrusion Detection SystemsLecture Focus Questions: What types of physical controls can be implemented to protect the perimeter of a building?What is the difference between a?mantrap?and a?double entry?door?What types of doors are effective deterrents to piggybacking?How does an anti-passback system work?What types of devices are best suited for interior motion detection? Perimeter motion detection?How do physical access logs help to increase the security of a facility?Video/DemoTime5.1.1 Physical Security 18:395.1.2 Tailgating and Piggybacking 3:28Total22:07Lab/ActivityImplement Physical SecurityNumber of Exam Questions15 questionsTotal TimeAbout 50 minutes Section 5.2: Hardware Security SummaryThis section examines the following general hardware security guidelines:Checkout policyRoom securityHardware locksBackup StorageSecurity Pro Exam Objectives:3.1 Harden Data Center Physical Access. Utilize Visitor Identification and control Protect Doors and Windows Implement Physical Intrusion Detection Systems Lecture Focus Questions: How can you protect computers that are placed in cubicles? What are the security guidelines you should implement to protect servers in your organization? How can you ensure that the memory and hard disks cannot be removed from a computer that is bolted to a desk? What types of details should a hardware checkout policy include? Video/DemoTime5.2.1 Hardware Security Guidelines 7:505.2.2 Breaking into a System 7:30Total15:20Number of Exam Questions4 questionsTotal TimeAbout 20 minutes Section 5.3: Environmental Controls SummaryThis section discusses how environmental controls can be implemented to protect computer systems. Details covered include:Power conditions to be aware of:Surge/SpikeSag/DipBrownoutBlackoutFaultTransientRecommendations for preventing or correcting infrastructure problems for:HVAC systemAC powerWater and gasInterference:Electro-magnetic interference (EMI)Radio Frequency interference (RFI)ShieldingRecommendations for the location of the data centerEnvironmental monitoring:TemperatureAir flowHumidityUsing hot and cold aisles with server rooms to reduce the temperature of server rooms. Elements required for fire:FuelHeatOxygenChemical reaction between oxygen and the fuelPrimary fire-suppression systems:PortableFixedExtinguishing agents used to suppress fire:WaterGas that displaces oxygenDry chemicals such as sodium bicarbonate, wet chemicals and foam used to extinguish fuel from burningUS fire classes and suppressant typesConsiderations when responding to fire emergenciesLecture Focus Questions: What temperature range protects equipment from overheating? What is a good HVAC practice to help prevent electrostatic discharge? What is the difference between a positive pressure system and a negative pressure system? Which is the best to use in a server room? What is the difference between a sag and a brownout? How does a deluge sprinkler function differently than a wet pipe system? What should you do first in the event of a fire? When using a portable fire extinguisher, it is recommended that you use the PASS system to administer the fire suppressant. How does the PASS system work? What is the recommended range for extinguishing a small fire using a fire extinguisher? What are the advantages of using a gas as a fire suppressant? Disadvantages? Video/DemoTime5.3.1 Environmental Controls 6:005.3.2 Environmental Monitoring 11:335.3.3 Hot and Cold Aisles 5:17Total22:50Number of Exam Questions11 questionsTotal TimeAbout 45 minutes Section 5.4: Mobile DevicesSummaryIn this section students will explore securing mobile devices. Details about the following concepts will be covered:Mobile devices include:SmartphonesLaptopsPC tabletsPDAs Other small handheld computing devicesConsiderations for mobile devices:Request processAsset tracking and inventory controlAcceptable UsePersonal Identification Number (PIN)Unused featuresLockout or screen lockEncryptionRemote wipeStorage segmentationReporting systemTrain employees on security considerationsBYOD security issues and remedies:Malware propagationLoss of control of sensitive dataMalicious insider attacksDevice managementSupportSecurity Pro Exam Objectives:2.1 Promote Information Security Awareness. Traveling with Personal Mobile DevicesExchanging content between Home and WorkPassword ManagementPhoto/GPS IntegrationInformation SecurityAuto-lock and Passcode Lock3.2 Harden mobile devices (Laptop).Set a BIOS PasswordSet a Login PasswordImplement full disk encryption 6.2 Implement Patch Management/System Updates.Apply the latest Apple Software UpdatesLecture Focus Questions: What types of electronic devices are considered part of the mobile devices group? How do you unlock a mobile device after it has gone into lockout? Under what conditions would you consider using remote wipe on a mobile device? What mobile device feature can display its current location if lost or stolen? What security technique ensures data confidentiality if a mobile device is lost or stolen? Video/DemoTime5.4.1 Mobile Device Security 7:335.4.3 BYOD Security Issues 9:335.4.5 Securing Mobile Devices10:20Total27:26Lab/ActivitySecure an iPadNumber of Exam Questions8 questionsTotal TimeAbout 40 minutesSection 5.5: Mobile Device Security EnforcementSummaryThis section discusses enforcing security for mobile devices. Details about the following concepts will be covered:Windows Intune currently supports:Windows 8.xWindows RT 8.xWindows Phone 8Apple iOS devices, such as the iPhoneConfigurations that Windows Intune can be deployed:Cloud-only modeUnited configuration modeIntune management portals:Account PortalAdmin PortalCompany PortalTasks to configure the system:Add Intune usersDefine Intune policiesManage users and groupsEnroll computersEnroll mobile devicesSecurity issues when working with mobile device apps:App controlAuthentication and credential managementApp whitelistingGeo-taggingLecture Focus Questions: What is the role of a mobile device management (MDM) solution?What are the two different types of configurations that can be used when deploying Windows Intune?Which Intune management portal is used by end users to manage their own account and enroll devices?Windows Intune uses two types of groups to manage users and devices. Which group is used to deploy Intune agent settings?What two ways can you enroll standard computer systems in Windows Intune?Video/DemoTime5.5.1 Enforcing Security Policies on Mobile Devices 7:575.5.2 Enrolling Devices and Performing a Remote Wipe 8:495.5.4 Mobile Application Security 9:00Total25:46Number of Exam Questions8 questionsTotal TimeAbout 40 minutesSection 5.6: Telephony SummaryIn this section students will learn the basics of telephony, the transmission of voice communication. Concepts covered include:Implementations of voice communications:Public Switched Telephone Network (PSTN)Voice over IP (VoIP)VoIP terms:ConvergenceH.323IPT (Internet Protocol Telephony)Real Time protocol (RTP)Session Initiation Protocol (SIP)Service Delivery Platform (SDP)Media streamSoftswitchVoice gatewayCommon exploitation attacks:CrammingSlammingWar dialingDenial of Service (DoS)Cross-site Scripting (XSS)Cross Site Request Forgery (CSRF)Common cell phone exploitation attacks:CloningSniffingTumblingConsiderations when managing telephony solutionsLecture Focus Questions: What methods can be used to send digital data through Plain Old Telephone System (POTS) lines? What are common threats to a PBX system? How do you secure the PBX? What types of security issues must be considered when using VoIP? What is the difference between cramming and slamming? What countermeasures protect against war dialing? What is the function of the SIP protocol? How can VLANs increase network security on systems with VoIP implemented? Video/DemoTime5.5.1 Telephony15:00Number of Exam Questions4 questionsTotal TimeAbout 25 minutes Section 6.1: Networking Layer Protocol Review SummaryThis section reviews elements of the networking layer protocol design. Details covered include:Open System Interconnection (OSI) model layers:Application (Layer 7)Presentation (Layer 6)Session (Layer 5)Transport (Layer 4)Network (Layer 3)Data Link (Layer 2)Physical (Layer 1)IP Addresses:IPv4 address is a 32-bit binary number between 0 and 255:Converting binary to decimal and vice versaSubnet mask IPv4 classesIPv6 address is a 128-bit binary number:PrefixInterface IDThe role of subnettingCustom subnet masksStudents will learn how to:Configure IPv6 Configure subnetting Lecture Focus Questions: What is the OSI model and why is it important in understanding networking? What are the advantages of using a theoretical model to describe networking? What type of network would the 192.168.174.34 address represent? What are the two parts of an IPv6 address and what do they represent? Under what conditions would you choose to subnet a network? Video/DemoTime6.1.1 OSI Model 4:086.1.3 IP Addressing 17:226.1.5 Configuring IPv6 5:286.1.6 IP Subnetting 12:356.1.7 Configuring Subnetting 8:07Total47:40Number of Exam Questions9 questionsTotal TimeAbout 65 minutes Section 6.2: Transport Layer Protocol Review SummaryThis section reviews elements of the transport layer protocol design. Details covered include:Custom subnet masksMajor protocols:Transmission Control Protocol (TCP)User Datagram Protocol (UDP)Internet Protocol (IP)Internetwork Packet Exchange (IPX)Network Basic Input/Output System (NetBIOS)Internet Control Message Protocol (ICMP)Address Resolution Protocol (ARP)Domain Name System (DNS)Simple Network Management Protocol (SNMP)The role of portsInternet Corporation for Assigning Names and Numbers (ICANN) categories for ports:Well-knownRegisteredDynamicWell-known ports that correspond to common Internet servicesConsiderations regarding portsStudents will learn how to:Analyze a TCP three-way handshake. Lecture Focus Questions: What are the major differences between TCP and UDP? How can ICMP messages be used to provide a valuable security tool? What is the best practice when deciding which protocol ports to allow through a network firewall? Why would an administrator find it important to run a port scanner on the system? Video/DemoTime6.2.1 Network Protocols 4:456.2.3 Analyzing a TCP Three-way Handshake 2:146.2.4 TCP and UDP Ports 9:02Total16:01Number of Exam Questions15 questionsTotal TimeAbout 35 minutes Section 6.3: Perimeter Attacks 1SummaryThis section discusses different types of attacks and the countermeasures for them to improve security. Details covered include:Reconnaissance types:OrganizationalTechnicalBasic stages of reconnaissance:Passive reconnaissanceActive scanningCountermeasures for preventing reconnaissanceDenial of Service attacks (DoS)Distributed Denial of Service (DDoS) attacksDistributed Reflective Denial of Service (DRDoS)DoS attacks that use the ICMP protocol:Ping floodPing of deathSmurfDoS attacks that exploit the TCP protocol:SYN floodLANDChristmas (Xmas) TreeDoS attacks that exploit the UDP protocol include:FraggleTeardropCountermeasures for DoS and DDoS Students will learn how to:View and analyze captured traffic using a network analyzer.Analyze captured traffic to determine the extent to which the bandwidth is being compromised.Perform a port scan on a system using netstat to determine connections and listening ports.Perform a port scan using nmap to find all the open ports on a remote system.Use a UDP flooder to test network bandwidth.Scan for MAC addresses and the corresponding IP addresses using a MAC address scanning tool.Perform an ARP poisoning attack on a host to identify vulnerabilities.Use a sniffer to detect an unusually high traffic pattern of ARP replies.Lecture Focus Questions: What types of resources make organizational reconnaissance so readily available?How is?footprinting?used to determine the operating system of the recipient?How does a Distributed Reflective Denial of Service (DRDoS) increase the severity of a DoS attack?What countermeasures will help to mitigate DoS and DDoS attacks?Video/DemoTime6.3.1 Reconnaissance 2:406.3.2 Performing Reconnaissance 9:016.3.4 Denial of Service (DoS) 7:496.3.5 Xmas Tree Attacks 3:236.3.7 Performing a UDP Flood Attack 3:54Total26:47Number of Exam Questions15 questionsTotal TimeAbout 50 minutes Section 6.4: Perimeter Attacks 2SummaryThis section discusses additional types of attacks and the countermeasures to improve security. Details covered include:Common methods of session based attacks include:Man-in-the-middleTCP/IP hijackingHTTP (session) hijackingReplay attackNull sessionCommon methods of spoofing:IP spoofingMAC spoofingARP spoofingCountermeasures to prevent spoofingDNS-based attacksMain methods to attack DNS servers:ReconnaissanceDNS poisoningDomain name kitingUsing the HOSTS file to improve securityStudents will learn how to:Perform queries on name server records using nslookup.Restrict zone transfers to specific servers.Map malicious Web sites to a loopback address (127.0.0.0) in the HOSTS file.Identify who has registered a domain name using and .Gather organizational information using Google, job boards, or other common Internet tools.Lecture Focus Questions: Why is a man-in-the-middle attack so dangerous for the victim?What countermeasures can be used to control TCP/IP hijacking?What methods should you employ to prevent a replay attack?What countermeasures can help prevent spoofing?What is the difference between a primary and a secondary DNS server?How does domain name kiting work?In what ways can the HOSTS file be used to improve security?Video/DemoTime6.4.1 Session and Spoofing Attacks 6:416.4.3 Performing ARP Poisoning 4:246.4.5 DNS Attacks 4:306.4.7 Examining DNS Attacks 13:29Total29:04Number of Exam Questions15 questionsTotal TimeAbout 50 minutes Section 6.5: Security AppliancesSummaryThis section provides basic information about security appliances. Concepts covered include:The role of security zonesCommon zones:IntranetInternetExtranetDemilitarized ZoneNetwork security solutions:Proxy serverInternet content filterNetwork Access Control (NAC)All-in-one security applianceApplication-aware devicesStudents will learn how to:Enable Parental Controls for a user and configure control settings for allowed Web sites, time limits, games, and specific programs. Enable activity reporting to view Web browsing activities of a user in which you have configured parental controls. Manage users on a security appliance. Restrict access to a security appliance based on IP address. Use a security appliance to set a user for LAN access only. Security Pro Exam Objectives:4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance). Change the Default Username and Password7.1 Implement Application Defenses. Configure Parental Controls to enforce Web content filtering Lecture Focus Questions: To which security device might you choose to restrict access by user account? What types of restrictions can be configured for proxy servers? What types of entities commonly use Internet content filtering software? What functions does keyword filtering provide? How can Network Access Controls (NAC) help to improve the security of a network? Video/DemoTime6.5.1 Security Solutions 4:026.5.2 Security Zones 5:316.5.4 All-In-One Security Appliances 4:306.5.6 Configuring Network Security Appliance Access 6:55Total 20:58Lab/ActivityConfigure Network Security Appliance AccessNumber of Exam Questions4 questionsTotal TimeAbout 35 minutes Section 6.6: Demilitarized Zones (DMZ) SummaryThis section examines the role of demilitarized zones (DMZ). Terms discussed that are related to DMZs are:Bastion or sacrificial hostScreening routerDuel-homed gatewayScreened host gatewayScreened subnetStudents will learn how to:Add a server to a DMZ. Configure a DMZ port to act as a DHCP Server.Security Pro exam objectives: 4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance). Create a DMZ Lecture Focus Questions: How is a honey pot used to increase network security? How is a gateway different from a router? What is the typical configuration for a DMZ configured as dual-homed gateway? A screened subnet uses two firewalls. What are the functions of each firewall? What type of computers might exist inside of a demilitarized zone (DMZ)? What makes bastion hosts vulnerable to attack? What should you do to harden bastion hosts?Video/DemoTime6.6.1 Demilitarized Zones (DMZ) 9:496.6.2 Configuring a DMZ 5:42Total15:31Lab/ActivityConfigure a DMZNumber of Exam Questions8 questionsTotal TimeAbout 30 minutes Section 6.7: FirewallsSummaryThis section discusses basic information about firewalls. Concepts covered include:Firewall considerations:Network-based firewallHost-based firewallFiltering rulesAccess control lists (ACLs)Firewall types:Packet filteringStatefulApplicationManaging firewallsStudents will learn how to:Enable Windows Firewall and configure exceptions to control communications through the firewall. Configure inbound and outbound rules to control traffic. Create a custom rule to allow ICMP Echo Requests through a firewall. Import and export firewall rules to other machines to create firewalls with uniform settings. Security Pro Exam Objectives:4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance). Configure a Firewall Lecture Focus Questions: What is the difference between a network-based firewall and a host-based firewall? When would you choose to implement a host-based firewall? What traffic characteristics can be specified in a filtering rule for a packet filtering firewall? How does a packet filtering firewall differ from a circuit-level gateway? Why is a packet filtering firewall a stateless device? What types of filter criteria can an application layer firewall use for filtering? Video/DemoTime6.7.1 Firewalls 5:336.7.3 Configuring a Perimeter Firewall 9:47Total15:20Lab/ActivityConfigure a Perimeter FirewallNumber of Exam Questions15 questionsTotal TimeAbout 40 minutesSection 6.8: Network Address Translation (NAT) SummaryThis section examines using a Network Address Translation (NAT) router to translate multiple private addresses into a single registered IP address. Concepts covered include:NAT implementations:Network Address and port TranslationStatic NATDynamic and Static NATConsiderations when implementing NATStudents will learn how to:Install and configure the Network Address Translation (NAT) IP routing protocol on a router. Configure the NAT router to act as a DHCP server. Configure the NAT router to act as a DNS proxy. Security Pro Exam Objectives:4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance).Configure NATLecture Focus Questions: How has NAT extended the use of IPv4? How does a NAT router associate a port number with a request from a private host? What are the three ways in which NAT can be implemented? Where is NAT typically implemented? Why do private networks have a limited range of IP addresses they can use? Video/DemoTime6.8.1 Network Address Translation15:576.8.2 Configuring NAT 5:11Total21:08Number of Exam Questions6 questionsTotal TimeAbout 30 minutes Section 6.9: Virtual Private Networks (VPN) SummaryThis section discusses using a virtual private network (VPN) to securely send data over an untrusted network. Details include:VPNs work by using a tunneling protocolWays VPNs can be implemented:Host-to-host VPNSite-to-site VPNRemote access VPNTunnel endpointsImplementing a VPNTypes of protocols used by VPNs:Carrier protocolTunneling protocolPassenger protocolCommon VPN tunneling protocols:Point-to-Point Tunneling Protocol (PPTP)Layer 2 Forwarding (L2F)Layer Two Tunneling Protocol (L2TP)Internet Protocol Security (IPSec)Secure Sockets Layer (SSL)Students will learn how to:Configure a remote access VPN connection.Security Pro Exam Objectives:4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance). Configure VPN Lecture Focus Questions: What are the three ways VPNs can be implemented? What is a VPN concentrator? What function do VPN endpoints provide? Which IPsec mode does not encrypt the header of a transmission? Why? What are the three types of protocols used by VPNs? Which IPsec protocol does not encrypt data?Video/DemoTime 6.9.1 Virtual Private Networks (VPNs)10:166.9.2 Configuring a VPN 4:25Total14:41Lab/ActivityConfigure a Remote Access VPNConfigure a VPN Connection iPadNumber of Exam Questions11 questionsTotal TimeAbout 40 minutesSection 6.10: Web Threat ProtectionSummaryIn this section students will learn about the following protections against web threats: Website/URL content filteringWeb threat filteringGateway E-mail Spam blockersVirus blockersAntiphishing softwareStudents will learn how to:Configure Web threat protection. Security Pro Exam Objectives:4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance). Implement Web Threat Protection 7.1 Implement Application Defenses. Configure Parental Controls to enforce Web content filtering Lecture Focus Questions: How have Web threats become more sophisticated? Which Web threat protections prevent a user from visiting restricted websites? How is Web threat filtering implemented? What types of filters can be used by spam blockers? Video/DemoTime6.10.1 Web Threat Protection 9:296.10.2 Configuring Web Threat Protection 4:26Total 13:55Lab/ActivityConfigure Web Threat ProtectionNumber of Exam Questions4 questionsTotal TimeAbout 25 minutesSection 6.11: Network Access Control (NAC)SummaryIn this section students will explore network access control (NAC). Details about the following concepts will be covered:Components of Network Access Protection (NAP):NAP ClientNAP ServerEnforcement Server (ES)Remediation ServerEnforcement point types:DHCPRemote Desktop (RD) GatewayVPN802.1xIPSecStudents will learn how to:Configure Network Access Protection to restrict network access to only clients that meet specified health criteria. Add the necessary role services to implement Network Access Protection (NAP). Enable NAP on an enforcement point. Create domain and server isolation rules. Configure system health validator and health policy settings. Lecture Focus Questions: How do remediation servers and auto-remediation help clients become compliant? What server role service do you add to configure a server as an enforcement point for NAP? How do you define the quarantine network when using 802.1x enforcement? Which enforcement method uses a Health Registration Authority (HRA)? What type of communication occurs in the boundary network when using IPsec enforcement? Video/DemoTime6.11.1 Network Access Protection 19:576.11.2 Implementing NAP with DHCP Enforcement15:56Total35:53Number of Exam Questions4 questionsTotal TimeAbout 45 minutesSection 6.12: Wireless Overview SummaryThis section provides an overview of wireless networking. Details include:Wireless networking concepts:Wireless access point (WAP)Wireless antennaeWireless interfaceWireless bridgeWireless configurationWorldwide Interoperability for Microwave Access (WiMAX)GSM (Global System for Mobile Communications)Near field communication (NFC)Methods to implement security for wireless networking:Wired Equivalent Privacy (WEP)Wi-Fi Protected Access (WPA)Wi-Fi Protected Access 2 (WPA2) or 802.11iStudents will learn how to:Manually connect to a wireless network.Manage wireless networks.Secure a wireless network from unauthorized connections.Lecture Focus Questions: What is the role of a wireless access point (WAP)?What is the difference in functionality between an omnidirectional antenna and a directional antenna?What two methods are available for configuring a wireless network?What are the advantages of using the WiMAX protocol for long-range wireless networking?Video/DemoTime6.12.1 Wireless Networking Overview 5:356.12.2 Wireless Antenna Types 8:036.12.4 Wireless Encryption 6:456.12.6 Configuring a Wireless Connection12:22Total32:45Lab/ActivitySecure a Wireless NetworkNumber of Exam Questions15 questionsTotal TimeAbout 60 minutes Section 6.13: Wireless Attacks SummaryIn this section students will learn about security attacks that wireless networks are vulnerable to:Rogue access pointWardrivingWar chalkingPacket sniffingInitialization Vector (IV) attackInterferenceBluetoothNear Field Communication (NFC)Wi-Fi Protected SetupLecture Focus Questions: What steps can you take to protect your wireless network from data emanation? What is the difference between bluejacking and bluesnarfing? Why is a successful bluebugging attack more dangerous for the victim than a bluesnarfing attack? What is the best method to protect against attacks directed towards Bluetooth capabilities? What is the difference between a rogue access point and evil twin? How can you protect your network against rogue access points? Video/DemoTime6.13.1 Wireless Attacks13:286.13.3 Using Wireless Attack Tools 9:066.13.4 Detecting Rogue Hosts 7:37Total30:11Number of Exam Questions15 questionsTotal TimeAbout 50 minutes Section 6.14: Wireless Defenses SummaryThis section discusses defenses to secure wireless transmissions. Details include:Considerations when using 802.1x authentication for wireless networks.Extensible protocols that support 802.1x authentication:Extensible Authentication Protocol (EAP)Light-weight Extensible Authentication Protocol (LEAP)Protected Extensible Authentication Protocol (PEAP)Additional security considerations with wireless networks:SSID obfuscationMAC address filteringAntenna placement, power level, and orientationEncryptionCaptive portalsAuthenticationRogue host detectionStudents will learn how to:Configure a wireless access point by disabling the SSID broadcast and enabling security. Configure a wireless network profile to automatically connect even if the SSID broadcast is turned off. Scan a network to detect wireless access points and determine if the access points are secure.Security Pro Exam Objectives:4.2 Secure a Wireless Access Point (WAP). Change the Default Username, Password, and Administration limits Implement WPA2 Configure Enhanced Security MAC filtering SSID cloaking Power Control Disable Network DiscoveryLecture Focus Questions: How does turning off the SSID broadcast help to secure the wireless network? What methods can you use to secure a wireless network from data emanation? What does open authentication use for authenticating a device? Why is this not a very secure solution? What two additional components are required to implement 802.1x authentication? What does WEP use for the encryption key? Why does this present a security problem? Why should you not use shared key authentication with WEP? What is the difference between WPA Personal and WPA Enterprise? You have an access point that currently supports only WEP. What would you typically need to do to support WPA2? What is the encryption method used with WPA? WPA2? Video/DemoTime 6.14.1 Wireless Security Considerations12:546.14.2 Wireless Authentication 4:406.14.4 Configuring a Wireless Access Point19:546.14.7 Configuring a Captive Portal12:02Total49:30Lab/ActivityObscure a Wireless NetworkConfigure a Wireless ProfileNumber of Exam Questions15 questionsTotal TimeAbout 80 minutesSection 7.1: Network Devices SummaryThis section examines the characteristics of the following common network devices:Network Interface Card (NIC)HubWireless Access Point (WAP)SwitchBridgeRouterGatewayLecture Focus Questions: What are the security advantages of using switches over hubs? What security problems could static routing pose on a large network? What security threat do broadcasts allow? What information does a router ACL use to allow or reject packets? Video/DemoTime7.1.1 Network Devices5:51Number of Exam Questions7 questionsTotal TimeAbout 15 minutes Section 7.2: Network Device Vulnerabilities SummaryIn this section students will learn about the following network device vulnerabilities:Default accounts and passwordsWeak passwordsPrivilege escalationBackdoorStudents will learn how to:Search a database for default passwords for network devices.Security Pro Exam Objectives:5.1 Harden Network Devices (using a Cisco Small Business Switch).Change the Default Username and Password on network devicesLecture Focus Questions: For security considerations, what is the first thing you should do when new hardware and software is turned on for the first time? What are the characteristics of a complex password? How is privilege escalation different than hacking into a system to gain access to resources? What measures should be completed to protect against backdoors? Video/DemoTime7.2.1 Device Vulnerabilities 1:477.2.3 Searching 1:237.2.4 Securing a Switch 3:21Total 6:31Lab/ActivitySecure a SwitchNumber of Exam Questions4 questionsTotal TimeAbout 20 minutes Section 7.3: Switch Attacks SummaryThis section discusses common attacks that are perpetrated against switches:MAC floodingARP spoofing/poisoningMAC spoofingDynamic Trunking Protocol (DTP)Students will learn how to:Secure a switch. Security Pro Exam Objectives:5.1 Harden Network Devices (using a Cisco Small Business Switch). Implement Port Security Lecture Focus Questions: What types of attacks are commonly perpetrated against switches? How does MAC flooding make a switch function as a hub? What is this state called? How are switches indirectly involved in ARP poisoning? How does the attacker hide his identity when performing MAC spoofing? What is a more secure alternative to using the Dynamic Trunking Protocol (DTP)? Video/DemoTime7.3.1 Switch Attacks 5:04Number of Exam Questions4 questionsTotal TimeAbout 10 minutes Section 7.4: Router SecuritySummaryThis section discusses actions to take to increase router security. Concepts covered include:General actions to secure routers:Secure passwordsSecure protocolsPhysical securitySecure configuration fileSecurity Pro Exam Objectives:5.1 Harden Network Devices (using a Cisco Small Business Switch). Shut down unneeded services and portsImplement Port SecurityRemove unsecure protocols (FTP, telnet, rlogin, rsh)Run latest iOS version8.2 Protect Data Transmissions across open, public networks.Encrypt Data CommunicationsLecture Focus Questions: What hashing algorithm is used to encrypt the password on a Cisco device?What secure protocols should you use to remotely manage a router?What type of actions can be used to ensure the physical security of network devices?Video/DemoTime7.4.1 Router Security 8:56Number of Exam Questions4 questionsTotal TimeAbout 15 minutesSection 7.5: Switch SecuritySummaryThis section discusses actions to take to increase switch security. Concepts covered include:Switch features that can be implemented to increase network security:Virtual LAN (VLAN)MAC filtering/port securityPort authentication (802.1x)Considerations when implementing switch securitySwitching loopTypes of ports used by the spanning tree protocol:Root portsDesignated portsBlocked portsPorts in the spanning tree protocol exist in one of five states:BlockingListeningLearningForwardingDisabledStudents will learn how to:Create VLANs and assign switch ports to VLANs. Configure a trunk port on a switch. Harden a switch. Secure access to a new switch. Security Pro Exam Objectives:5.1 Harden Network Devices (using a Cisco Small Business Switch).Implement Port SecurityRemove unsecure protocols (FTP, telnet, rlogin, rsh)Run latest iOS versionSegment Traffic using VLANsLecture Focus Questions: How does a switch identify devices that are in different VLANs? What is the function of a trunk port? When trunking is used, how is the receiving switch able to identify which VLAN the frame belongs to? What is required for devices to communicate between VLANs? How is port security different from port filtering? Which secure protocols should you use to remotely manage a router?Video/DemoTime7.5.1 Switch Security13:017.5.2 Switch Loop Protection10:467.5.4 Configuring VLANs from the CLI 4:327.5.6 Configuring VLANs 3:327.5.8 Hardening a Switch14:10Total46:01Lab/ActivityExplore VLANs from the CLIExplore VLANsHarden a SwitchSecure Access to a SwitchSecure Access to a Switch 2Number of Exam Questions15 questionsTotal TimeAbout 90 minutesSection 7.6: Intrusion Detection and Prevention SummaryIn this section students will learn the basics of intrusion detection and prevention. Concepts covered include:The role of an intrusion detection system (IDS)State of how IDS is labeled:PositiveFalse positiveNegativeFalse negativeTypical detection systems:Response capabilityRecognition methodDetection scopeFake resources to protect servers and networks:HoneypotHoneynetTarpit (also called a sticky honeypot)Cautions when implementing solutions:EnticementEntrapmentIntruder Detection considerationsStudents will learn how to:Monitor network activity using intrusion detection software to capture and view network traffic. Lecture Focus Questions: What does it mean when traffic is labeled as a false negative? What data sources does an IDS system use to gather information that it will analyze to find attacks? How does an IPS differ from an IDS? What type of recognition method is used by most virus scanning software? What is the advantage to using a network-based IDS instead of a host-based IDS? What are the security reasons for using a honeypot or honeynet? After an attack, what types of data should you back up to retain information about the attack for future investigations? Video/DemoTime7.6.1 Intrusion Detection 7:317.6.2 Detection vs. Prevention Controls 7:507.6.4 Implementing Intrusion Monitoring 3:337.6.5 Implementing Intrusion Prevention 7:51Total26:45Lab/ActivityImplement Intrusion PreventionNumber of Exam Questions15 questionsTotal TimeAbout 50 minutes Section 7.7: SAN Security SummaryThis section discusses the following security controls to increase the security of a Storage Area Network (SAN):Default user names and passwordsLogical unit number (LUN) maskingFabric zoningVirtual SANs (VSANs)AuthenticationEncryptionStudents will learn how to:Secure an iSCSI SAN using an access control list and mutual authentication.Lecture Focus Questions: How does LUN masking increase security?What are the three different ways that fabric zoning can be implemented?What is the role of VSANs?What device connection controls can be implemented to protect SANs from common network attacks?What types of authentication mechanisms are available for Fibre Channel SANs?Video/DemoTime7.7.1 SAN Security Issues 14:327.7.2 Configuring an iSCSI SAN 9:57Total24:29Number of Exam Questions5 questionsTotal TimeAbout 30 minutes Section 8.1: Malware SummaryThis section provides an overview of malware. Concepts covered include:Common malware:VirusWormTrojan horseZombieBotnetRootkitLogic bombSpywareAdwareRansomwareScarewareCrimewareTerms related to exploiting software and system vulnerabilities:HackerCrackerScript kiddyPhreakerHistoric malware events:StonedMichelangeloCHI/Chernobyl VirusMelissaI Love YouCode RedNimdaKlezActions to take to prevent being infected with malwareActions to take to recover from malwareStudents will learn how to:Scan a system with anti-malware software to identify potential threats. Configure Windows Defender protections to secure a network from malware. Quarantine and remove malware. Analyze startup programs to detect possible malware.Security Pro Exam Objectives:6.1 Harden Computer Systems Against Attack.Protect against spyware and unwanted software using Windows Defender9.2 Review security logs and violation reports, implement remediation.Lecture Focus Questions: What is the difference between a virus and a worm? Which types of malware can be spread through e-mail? How are Trojans and botnets related? What does it mean for software to be quarantined? Why is it a good practice to show file extensions? In addition to implementing virus scanning software, what must you do to ensure that you are protected from the latest virus variations? Video/DemoTime8.1.1 Malware 9:288.1.4 Implementing Malware Protections 23:438.1.5 Using Windows Defender 14:22Total 47:33Lab/ActivityConfigure Windows DefenderNumber of Exam Questions15 questionsTotal TimeAbout 75 minutes Section 8.2: Password Attacks SummaryThis section provides information about password attacks. Concepts covered include:Methods that threat agents use to discover or crack passwords:Tools to check for unencrypted or weakly encrypted passwordsSocial engineeringBrute force attacksTools to crack passwords:Programs such as SnadBoy’s RevelationKeylogging softwareRainbow tablesHashed passwords collection methodsStrategies to protect against password attacks:Educate users on how to create and remember strong passwordsProtect access to the password fileSalt the hash to mitigate rainbow table attacksImplement two-factor authenticationStudents will learn how to:Analyze the strength of passwords by using a rainbow table to perform a cryptanalysis attack on the hashed values of passwords. Use SnadBoy's Revelation to reveal a password. Use a keylogger to capture a password. Lecture Focus Questions: How are attackers able to recover passwords? What are the characteristics of a complex password? What are the differences between brute force and dictionary attacks? How does account lockout help secure an account? What technique will mitigate rainbow table attacks? Video/DemoTime8.2.1 Password Attacks 2:048.2.3 Using Rainbow Tables 4:488.2.4 Capturing Passwords 5:40Total12:32Number of Exam Questions4 questionsTotal TimeAbout 20 minutes Section 8.3: Windows System HardeningSummaryIn this section students will learn about hardening a Windows system. Concepts covered include: The role of hardening to secure devices and hardwareRecommendations for hardening systemsTypes of updates:HotfixPatchService packConsideration when managing updatesStudents will learn how to:Harden a system by changing default account passwords and verifying user and group assignments. Lock down system security by installing only required software and roles and disabling unnecessary services. Use security templates to apply or audit security settings on your system. Use Group Policy to deploy multiple settings to multiple machines in an Active Directory domain. Use Windows Updates and WSUS to automate patch management of your Windows system. Security Pro Exam Objectives:6.1 Harden Computer Systems Against Attack.Configure a GPO to enforce Workstation/Server security settingsConfigure Domain GPO to enforce use of Windows Firewall6.2 Implement Patch Management/System Updates.Configure Windows UpdateLecture Focus Questions: What is hardening? How does it benefit the security of an organization? How do you reduce the attack surface of a device? What is a security baseline? What is the difference between a hotfix and a patch? Why would you use one over the other? Video/DemoTime8.3.1 Operating System Hardening 5:138.3.3 Hardening an Operating System 6:418.3.4 Managing Automatic Updates18:318.3.6 Configuring Windows Firewall10:118.3.8 Configuring Windows Firewall Advanced Features 16:598.3.9 Configuring Parental Controls 18:21Total75:56Lab/ActivityConfigure Automatic UpdatesConfigure Windows FirewallConfigure Parental ControlsNumber of Exam Questions10 questionsTotal TimeAbout 105 minutesSection 8.4: Hardening EnforcementSummaryThis section discusses hardening enforcement using GPOs. Concepts covered include:The role of GPOsUsing GPOs to perform specific hardening tasksUsing the Security Configuration and Analysis snap-inConsiderations when using GPOsStudents will learn how to:Configure a GPO. Implement controls using a security template. Security Pro Exam Objectives:6.1 Harden Computer Systems Against Attack. Configure a GPO to enforce Workstation/Server security settings Configure Domain Servers GPO to remove unneeded services (such as File and Printer Sharing) Lecture Focus Questions: How do GPOs ensure the consistent application of controls? Which hardening tasks can be implemented using a GPO? How can you determine that the security controls implemented are still enforced? What are security templates and how are they used? What is the easiest way to set controls on a Windows system according the NSA recommendation? Video/DemoTime8.4.1 Hardening Enforcement with GPOs 1:508.4.2 Using Security Templates and Group Policy 6:538.4.3 Configuring GPOs to Enforce Security15:24Total24:07Lab/ActivityManage Services with Group PolicyNumber of Exam Questions4 questionsTotal TimeAbout 35 minutesSection 8.5: File Server Security SummaryThis section examines managing file server security. Details include:Considerations when managing file system securityConsiderations for securing file transfer using the following TCP/IP protocols:File Transfer Protocol (FTP)Trivial File Transfer Protocol (TFTP)Secure Copy Protocol (SCP)Secure Shell File Transfer Protocol (SFTP)Secure FTPFTP Secure (FTPS)File Server Resource Manager (FSRM)Managing file system permissions:Share permissionsNTFS permissionsEffective permissionsStudents will learn how to:Configure the NTFS permissions by turning off the permissions inheritance.Assign NTFS permission for a folder to the appropriate group.Security Pro exam objectives: 6.1 Harden Computer Systems Against Attack.Configure NTFS Permissions for Secure file sharing8.2 Protect Data Transmissions across open, public networks. Implement secure protocolsLecture Focus Questions: How can you identify if a permission has been inherited?How do Share and NTFS permissions differ?On what elements can NTFS permissions be set?How can you view the users that have permissions for a particular drive?How can permissions inheritance influence the effective permissions that a user has? How can you determine if a permission is inherited or specifically assigned?As the administrator, you have given Fred the write permission to the SalesReport file, but he cannot write to the file. What items would you check to determine why Fred can't write to the file?Video/DemoTime8.5.1 File Server Security 7:588.5.2 Scanning for Open Ports 3:528.5.5 Configuring NTFS Permissions14:05Total25:55Lab/ActivityConfigure NTFS PermissionsDisable InheritanceNumber of Exam Questions8 questionsTotal TimeAbout 50 minutes Section 8.6: Linux Host Security SummaryIn this section students will learn the basics of securing a Linux host. General procedures and the commands to perform them include:Removing unneeded softwareChecking for unneeded network servicesLocating open portsChecking network connectionsStudents will learn how to:Scan for open ports on Linux.Identify open network connections on Linux.Lecture Focus Questions: What is a?socket?Which utility will scan for all listening and non-listening sockets?Which utility will identify open ports on the Linux system?Which commands should you use to disable unneeded daemons?Video/Demo`Time8.6.1 Linux Host Security 7:108.6.2 Removing Unneeded Services and Scanning Ports 6:30Total13:40Number of Exam Questions4 questionsTotal TimeAbout 20 minutes Section 8.7: Static Environment Security SummaryThis section discusses how smart devices have created a security problem for networks and how to protect against them. Details include:Examples of embedded smart technology in:Household appliancesIndustrial equipmentWhat are static environments?The Internet of Things (IoT) attackDownload and update the firmware of smart devices when the option is availableSecure networks and systems against the highly distributed attacks facilitated by smart devicesLecture Focus Questions: What type of common consumer devices have been used to conduct malicious activities?What are the reasons that smart devices are common targets for cipher criminals?Video/Demo`Time8.7.1 Security Risks in Static Environments 4:26Number of Exam Questions3 questionsTotal TimeAbout 10 minutes Section 9.1: Web Application Attacks SummaryThis section discusses the following Web application attacks: Drive-by downloadTyposquatting/URL hijackingWatering holeBuffer overflowInteger overflowCross-site scripting (XSS)Cross-site Request Forgery (CSRF/XSRF)LDAP injectionXML injectionCommand injectionSQL injectionDLL injectionDirectory traversalHeader manipulationZero-dayClient-sideStudents will learn how to:Improve security by using a Firefox add-on, NoScript, to protect against XSS and drive-by-downloadings.Configure pop-up blockers to block or allow pop-ups.Implement phishing protection within the browser.Configure Internet Explorer Enhanced Security Configuration security settings to manage the security levels of security zones.Security Pro Exam Objectives:7.1 Implement Application Defenses. Configure Web Application SecurityLecture Focus Questions: What are two ways that drive-by download attacks occur?What countermeasures can be used to eliminate buffer overflow attacks?How can cross-site scripting (XSS) be used to breach the security of a Web user?What is the best method to prevent SQL injection attacks?What mitigation practices will help to protect Internet-based activities from Web application attacks?Video/DemoTime 9.1.1 Web Application Attacks 2:499.1.2 Cross-site Request Forgery (XSRF) Attack10:519.1.3 Injection Attacks14:309.1.4 Header Manipulation 9:019.1.5 Zero Day Application Attacks 6:599.1.6 Client Side Attacks 6:229.1.8 Preventing Cross-site Scripting 4:05Total54:37Number of Exam Questions15 questionsTotal TimeAbout 75 minutesSection 9.2: Internet Browsers SummaryThis section provides information about configuring internet browsers to enhance the privacy and security of a system. Concepts covered include:Indications of an unsecured connection or attackConfiguring security settings in Internet Explorer:ZonesAdd-onsPrivacyConfiguring security settings in Firefox:GeneralContentPrivacySecurityStudents will learn how to:Customize security levels and security settings for security zones in Internet Explorer. Download and manage add-ons in Internet Explorer. Protect privacy by configuring cookie handling. Clear the browser cache. Security Pro Exam Objectives:7.1 Implement Application Defenses. Configure a GPO to enforce Internet Explorer settingsConfigure Secure Browser SettingsLecture Focus Questions: What types of information do cookies store? Why could this be a security concern? What steps should you take to secure the browser from add-ons that are not appropriate for your environment? For security's sake, what should you do whenever you use a public computer to access the Internet and retrieve personal data? What elements might indicate an unsecured connection or an attack? Why should you turn off the remember search and form history feature? Video/DemoTime9.2.1 Managing Security Zones and Add-ons 20:269.2.2 Configuring IE Enhanced Security 9:119.2.3 Managing Cookies 12:389.2.5 Clearing the Browser Cache 9:289.2.7 Implementing Popup Blockers 7:269.2.10 Enforcing IE Settings through GPO12:47Total71:56Lab/ActivityConfigure Cookie HandlingClear the Browser CacheConfigure IE Popup BlockerEnforce IE Settings through GPOConfigure IE Preferences in a GPONumber of Exam Questions8 questionsTotal TimeAbout 105 minutes Section 9.3: E-mail SummaryThis section discusses how to secure e-mail from attacks. Details include:E-mail attacks:VirusSpamOpen SMTP relayPhishingTo secure e-mail use:Secure/Multipurpose Internet Mail Extensions (S/MIME)Pretty Good Privacy (PGP)Students will learn how to:Filter junk mail by selecting the level of junk e-mail protection you want. Control spam on the client by configuring safe sender, blocked senders, white lists, and black lists. Configure e-mail filtering to block e-mails from specified countries and languages. Configure relay restrictions to specify who can relay through the SMTP server. Security Pro Exam Objectives:2.1 Promote Information Security Awareness. Utilizing E-mail best practices 3.2 Harden mobile devices (iPad). Configure Secure E-mail Settings Lecture Focus Questions: What are the advantages of scanning for e-mail viruses at the server instead of at the client? How can spam cause denial of service? What is a best practice when configuring an SMTP relay to prevent spammers from using your mail server to send mail? How can you protect yourself against phishing attacks? What services do S/MIME and PGP provide for e-mail? How does S/MIME differ from PGP? Video/DemoTime9.3.1 E-mail Security 4:439.3.3 Protecting a Client from Spam 10:299.3.4 Securing an E-mail Server 2:459.3.6 Securing E-mail on iPad 5:52Total23:49Lab/ActivityConfigure E-mail FiltersSecure E-mail on iPadNumber of Exam Questions8 questionsTotal TimeAbout 45 minutes Section 9.4: Network ApplicationsSummaryThis section provides information about security concerns for the following networking software:Peer-to-peer (P2P)Instant Messaging (IM)Students will learn how to:Set up content filters for downloading or uploading copyrighted materials. Use P2P file sharing programs to search for and share free files. Block ports used by P2P software. Secure instant messaging by blocking invitations from unknown persons.Lecture Focus Questions: What kinds of security problems might you have with P2P software? What types of malware are commonly spread through instant messaging (IM)? What security concerns should you be aware of with instant messaging software? What security measures should you incorporate to control the use of networking software? Video/DemoTime9.4.1 Network Application Security 2:199.4.2 Spim 3:439.4.3 Using Peer-to-peer Software 3:049.4.4 Securing Windows Messenger 2:489.4.5 Configuring Application Control Software 9:05Total 20:59Number of Exam Questions5 questionsTotal TimeAbout 25 minutes Section 9.5: Virtualization SummaryThis section provides information about virtualization. Concepts covered include:Components of virtualization:Physical machineVirtual machineVirtual Hard Disk (VHD)HypervisorAdvantages of virtualization:FlexibilitySecurityTestingServer consolidationIsolationApplications virtualizationDisadvantages of virtualizationSecurity considerations for a virtual machineLoad Balancing methods with virtualization include:Resource poolingWorkload balancingStudents will learn how to:Create and configure a new virtual machine. Configure the virtual machine by allocating resources for memory and a virtual hard disk. Create a virtual network and configure it as an external, internal, or private virtual network. Lecture Focus Questions: What is the relationship between the host and the guest operating systems? What is the function of the hypervisor? How can virtualization be used to increase the security on a system? What are the advantages of virtualization? Disadvantages? What is the purpose of load balancing? What type of load balancing distributes a workload? Video/DemoTime9.5.1 Virtualization Introduction 4:019.5.2 Virtualization Benefits 3:089.5.3 Load Balancing with Virtualization 10:399.5.4 Creating Virtual Machines 4:229.5.5 Managing Virtual Machines 5:099.5.7 Adding Virtual Network Adapters 1:309.5.8 Creating Virtual Switches 3:26Total32:15Lab/ActivityCreate Virtual MachinesCreate Virtual SwitchesNumber of Exam Questions8 questionsTotal TimeAbout 55 minutes Section 9.6: Application DevelopmentSummaryThis section discusses hardening applications. Concepts covered include:Secure coding concepts:Error and exception handlingInput validationTerms:Exception-safeFuzz testing:Mutation basedGeneration-basedCode reviewBaselinesConfiguration testingBasic hardening guidelines for applicationsTechniques used for application hardening:Block process spawningControl access to executable filesProtect OS componentsUse exception rulesMonitor logsUse Data Execution PreventionImplement third-party applications hardening toolsNoSQL:Key security issuesActions to harden a NoSQL implementationStudents will learn how to:Use AppArmor to harden a Linux system. Implement application whitelisting with AppLocker.Security Pro Exam Objectives:7.1 Implement Application Defenses. Configure a GPO for Application Whitelisting Enable Data Execution Prevention (DEP) Lecture Focus Questions: What is the purpose of fuzzing? What will input validation ensure? What are the basic techniques for application hardening? When should you update applications with the latest patches?Video/DemoTime9.6.1 Secure Coding Concepts 16:189.6.2 Application Hardening 11:029.6.4 Hardening Applications on Linux 4:269.6.5 Implementing Application Whitelisting with AppLocker13:039.6.7 Implementing Data Execution Preventions (DEP) 4:019.6.10 NoSQL Security 5:18Total54:08Lab/ActivityImplement Application Whitelisting with AppLockerImplement Data Execution Preventions (DEP)Number of Exam Questions6 questionsTotal TimeAbout 75 minutesSection 10.1: RedundancySummaryIn this section students will explore methods for providing redundancy for network services. Details about the following concepts will be covered:Methods for providing redundancy for network services and componentsTypes of redundancy solutions:Hot siteWarm siteCold siteThe role of a service bureauImportant facts about redundant facilitiesRedundancy measurement parameters:Recovery Time Objective (RTO)Recovery Point Objective (RPO)Mean Time Between Failures (MTBF)Mean Time to Failure (MTTF)Mean Time to Repair (MTTR)Maximum Tolerable Downtime (MTD)Common RAID levels:RAID 0 (striping)RAID 5 (striping with distributed parity)RAID 1 (mirroring)RAID 0+1RAID 1+0The role of clusteringA high availability cluster (HA)A load balancing clusterStudents will learn how to:Configure a mirrored or a RAID 5 volume for data redundancy.Security Pro Exam Objectives:8.1 Protect and maintain the integrity of data files. Implement redundancy and failover mechanisms Lecture Focus Questions: What is the usual activation goal time for a hot site? How does that differ from a warm site? Why is a hot site so much more expensive to operate than a warm site? Why is it important that two companies with a reciprocal agreement should not be located too closely to each other? Of the three redundancy solutions, which is the most common redundant site type? Why is it the most common? Which functions should be returned first when returning services from the backup facility back to the primary facility? Why should you locate redundant sites at least 25 miles from the primary site? What is the main advantage of RAID 0? Disadvantage? What is the difference between RAID 0+1 and RAID 1+0?Video/DemoTime10.1.1 Redundancy 4:5510.1.2 Redundancy Measurement Parameters 5:1210.1.4 RAID 7:2710.1.5 Implementing RAID 6:1610.1.8 Clustering 9:06Total32:56Lab/ActivityConfigure Fault Tolerant VolumesNumber of Exam Questions15 questionsTotal TimeAbout 65 minutesSection 10.2: Backup and Restore SummaryThis section covers the following details about backup and restore.Types of backups:FullIncrementalDifferentialImageCopyDailyBackup strategies:Full BackupFull + IncrementalFull + DifferentialConsiderations when managing backupsBackup media rotation systems:Grandfather Father Son (GFS)Tower of HanoiRound RobinTypes of data that can be backed up:System state dataApplication dataUser dataStudents will learn how to:Back up a Windows system. Schedule automatic backups for Windows computers. Security Pro Exam Objectives:6.3 Perform System Backups and Recovery. 8.1 Protect and maintain the integrity of data files. Perform data backups and recoveryLecture Focus Questions: How is an incremental backup different than a differential backup? When is the archive bit set? Which backup types reset the archive bit? What is the advantage of the Full + Incremental backup strategy? What is the disadvantage? Why should backup tapes be stored offsite? What are common types of backup media rotation systems used to provide protection to adequately restore data? How do you back up Active Directory? What should you regularly do to make sure your backup strategy is working properly? Video/DemoTime10.2.1 Backup and Restore13:2710.2.4 Backing up Workstations 6:1810.2.6 Restoring Workstation Data from Backup 2:1910.2.7 Backing Up a Domain Controller 2:3310.2.9 Restoring Server Data from Backup 2:12Total26:49Lab/ActivityBack Up a WorkstationBack Up a Domain ControllerNumber of Exam Questions15 questionsTotal TimeAbout 55 minutes Section 10.3: File EncryptionSummaryIn this section students will learn about the following file encryption programs: Encrypting File System (EFS)GNU Privacy Guard (GPG) and Pretty Good Privacy (PGP)Whole disk encryption (BitLocker)Students will learn how to:Encrypt a file to secure data using EFS. Authorize additional users who can access files encrypted with EFS. Encrypt a file using GPG. Protect hard drive contents with BitLocker. Configure settings to control BitLocker using Group Policy. Security Pro Exam Objectives:8.1 Protect and maintain the integrity of data files. Implement encryption technologies8.2 Protect Data Transmissions across open, public networks.Encrypt Data CommunicationsLecture Focus Questions: On which computers should you implement EFS? What is the FEK? How is it used? Under what conditions can EFS encryption be compromised? What happens when an EFS encrypted file is copied over the network using the SMB protocol? Once a system encrypted with BitLocker boots, who is able to access files? Video/DemoTime10.3.1 Encrypting File System (EFS)11:4710.3.2 Securing Files using EFS11:4510.3.4 PGP and GPG 4:3410.3.5 Encrypting Files with GPG 4:5810.3.6 BitLocker and Database Encryption13:0210.3.7 Configuring BitLocker 6:17Total52:23Lab/ActivityEncrypt Files with EFSConfigure BitLocker with a TPMNumber of Exam Questions8 questionsTotal TimeAbout 75 minutesSection 10.4: Secure ProtocolsSummaryThis section discusses secure protocols. Details include:Types of secure protocols:Secure Sockets Layer (SSL)Transport Layer Security (TLS)Secure Shell (SSH)Protocols to secure HTTP:HTTPSS-HTTPIPSec includes two protocols:Authentication Header (AH)Encapsulating Security Payload (ESP)Modes of operation that can be implemented with IPSec:Transport modeTunnel modeSecurity Association (SA)Internet Key Exchange (IKE)Students will learn how to:Add SSL bindings to a Web site to support secure connections. Modify Web site settings to require SSL. Use SSL from a browser to create a secure connection. Enforce the use of IPSec through Connection Security Rules.Security Pro Exam Objectives:2.1 Promote Information Security Awareness. Using SSL Encryption8.2 Protect Data Transmissions across open, public networks.Implement secure protocolsLecture Focus Questions: How does SSL verify authentication credentials? What protocol is the successor to SSL 3.0? How can you tell that a session with a Web server is using SSL? What is the difference between HTTPS and S-HTTP? What does it mean when HTTPS is referenced as being stateful? What is the difference between IPSec tunnel mode and transport mode? Video/DemoTime10.4.1 Secure Protocols 8:4410.4.2 Secure Protocols 215:2610.4.4 Adding SSL to a Web Site 5:2310.4.6 IPSec 5:1410.4.8 Requiring IPSec for Communications14:22Total49:09Lab/ActivityAllow SSL ConnectionsNumber of Exam Questions15 questionsTotal TimeAbout 75 minutesSection 10.5: Cloud ComputingSummaryThis section provides students with an overview of cloud computing. Concepts covered include:The role of cloud computingWays in which could computing can be implemented:Public cloudPrivate cloudCommunity cloudHybrid cloudThe advantages of cloud computingCloud computing service models:Infrastructure as a Service (IaaS)Platform as a Service (PaaS)Software as a Service (SaaS)Ways that cloud computing service providers reduce the risk of security breachesThe advantages of using a Virtual Desktop Infrastructure (VDI)Lecture Focus Questions: What are the advantages of cloud computing?Which cloud computing service model delivers software applications to the client?What is the difference between?Infrastructure as a Service?and?Platform as a Service?How does the cloud computing service reduce the risk of security breaches?Video/DemoTime10.5.1 Cloud Computing Introduction15:5910.5.2 Cloud Computing Security Issues 6:32Total22:31Number of Exam Questions5 questionsTotal TimeAbout 30 minutesSection 11.1: Vulnerability Assessment SummaryThis section provides information about using vulnerability assessment to identify the vulnerabilities in a system or network. Tools to monitor vulnerability include:Vulnerability scannerPing scannerPort ScannerNetwork mapperPassword crackerOpen Vulnerability and Assessment Language (OVAL)Students will learn how to:Scan a network with a vulnerability scanner, such as Nessus or MBSA, to identify risk factors. Download the latest security update information before starting a vulnerability scan. View security scan reports and identify vulnerabilities. Perform a port scan using nmap on a single machine. Use a password cracker to analyze a network for password vulnerabilities.Security Pro Exam Objectives:9.4 Review vulnerability reports, implement remediation.Lecture Focus Questions: Why should an administrator perform a vulnerability assessment on the system? What is the most important step to perform before running a vulnerability scan? Why? How does a port scanner identify devices with ports that are in a listening state? How do network mappers discover devices and identify open ports on those devices? What types of items does OVAL identify as a definition? Video/DemoTime11.1.1 Vulnerability Assessment 4:5411.1.3 Scanning a Network and Nessus 18:2611.1.4 Scanning a Network with Retina 12:1211.1.5 Scanning for Vulnerabilities Using MBSA 6:0211.1.9 Performing Port and Ping Scans 2:3611.1.10 Checking for Weak Passwords 9:21Total53:31Lab/ActivityReview a Vulnerability Scan 1Review a Vulnerability Scan 2Review a Vulnerability Scan 3Number of Exam Questions14 questionsTotal TimeAbout 85 minutes Section 11.2: Penetration Testing SummaryThis section discusses penetration testing. Details include:Steps included in the penetration testing process:Verifying that a threat existsBypassing security controlsActively testing security controlsExploiting vulnerabilitiesDefining the Rules of Engagement (ROE)Types of penetration testing:Physical penetrationOperations penetrationElectronic penetrationClassifications of penetration testing:Zero knowledge test (black box test)Full knowledge test (white box test)Partial knowledge test (grey box test)Single blind test Double blind testThe Open Source Security Testing Methodology Manual (OSSTMM)Stages of penetration testing:Passive reconnaissanceNetwork enumerationSystem enumerationTarget selectionGaining accessControl and reportingSteps a hacker would take after gaining access to the systemStudents will learn how to:Identify available penetration testing tools that can be used to analyze the security of a network. Utilize penetration testing tools to identify vulnerabilities in information systems. Verify the distribution of a security tool to ensure its integrity. Lecture Focus Questions: What is the main goal of penetration testing? What type of tools or methods does a penetration test use? Why should you be careful in the methods you deploy? What should you do first before performing a penetration test? How does a penetration test differ from a vulnerability assessment or scan? What types of details do the Rules of Engagement identify? What types of actions might a tester perform when attempting a physical penetration? What security function does the Open Source Security Testing Methodology Manual (OSSTMM) provide? Video/DemoTime 11.2.1 Penetration Testing 2:3211.2.3 Exploring Penetration Testing Tools11:22Total13:54Number of Exam Questions12 questionsTotal TimeAbout 30 minutesSection 11.3: Protocol AnalyzersSummaryIn this section students will learn about the role of protocol analyzers. Concepts covered include: Other names for protocol analyzers:Packet sniffersPacket analyzersNetwork analyzersNetwork sniffersNetwork scannersUse a protocol analyzer to:Monitor and log network trafficCheck for specific protocols on the networkIdentify frames that might cause errorsExamine the data contained within a packetAnalyze network performanceTroubleshoot communication problems or investigate the source of heavy network trafficUsing a packet sniffer requires the following configuration changes:Configure the NIC in promiscuous mode (sometimes called p-mode)Configure port mirroring on the switchFiltering frames when using a protocol analyzerProtocol tools can be used with protocol analyzers for active interception of network traffic to perform attacksCommon protocol analyzers include:WiresharkEtherealdSniffEttercapTcpdumpMicrosoft Network MonitorStudents will learn how to:Capture and analyze packets to troubleshoot a network using Wireshark. Lecture Focus Questions: What types of information can a protocol analyzer provide? When using a protocol analyzer, why is it necessary to configure the NIC in promiscuous mode? When running a protocol analyzer on a switch, how does port mirroring work? What are some common protocol analyzers? Video/DemoTime11.3.1 Protocol Analyzers3:0711.3.3 Analyzing Network Traffic6:50Total9:57Number of Exam Questions8 questionsTotal TimeAbout 20 minutesSection 11.4: Log ManagementSummaryThis section discusses information about managing logs. Details include:The role of logsTypes of events a log should include:Internet connectionSystem levelApplication levelUser levelAccessPerformanceFirewallThe operating system audit subsystem provides the mechanism whereby system events are monitored and logged:KernelDevice driverDaemonManager interfaceData analysis and reductionConsiderations when setting up a log archive:Retention PoliciesSystem requirementsSecurityStudents will learn how to:Use Event Viewer to troubleshoot a system by viewing details of a logged event. Manage logging by saving or clearing logs, configuring filtering of logs, or attaching a task to a log or event. Identify operating system activities, warnings, informational messages, and error messages using system logs. Security Pro Exam Objectives:9.1 Implement Logging and Auditing.Configure Domain GPO for Event Logging9.2 Review security logs and violation reports, implement remediation.9.3 Review audit reports, implement remediation.9.4 Review vulnerability reports, implement remediation.Lecture Focus Questions: How does logging affect system resources? What factors should you take into consideration when archiving log files? What types of information are included in events recorded in logs? Video/DemoTime11.4.1 Logs 3:2410.4.3 Logging Events with Event Viewer 3:5210.4.4 Windows Event Subscriptions10:3610.4.5 Configuring Source-initiated Subscriptions 4:5010.4.6 Configuring Remote Logging on Linux 8:23Total31:05Number of Exam Questions15 questionsTotal TimeAbout 50 minutesSection 11.5: AuditsSummaryThis section examines using audits to ensure the security of a system. Concepts include:The role of auditingTypes of auditors:InternalExternalTerms to be familiar with:User access and rights reviewPrivilege auditingUsage auditingEscalation auditingStudents will learn how to:Configure the audit logon events policy to audit the failure of a logon attempt. View and evaluate the recorded logs under Security in Event Viewer. Security Pro Exam Objectives:5.1 Harden Network Devices (using a Cisco Small Business Switch). Turn on logging with timestamps9.1 Implement Logging and Auditing.Configure Domain GPO Audit Policy9.2 Review security logs and violation reports, implement remediation.9.3 Review audit reports, implement remediation.9.4 Review vulnerability reports, implement remediation.Lecture Focus Questions: How can you protect audit log files from access and modification attacks?When would you choose an external auditor over an internal auditor?What is the difference between privilege auditing and usage auditing?How can escalation auditing help to secure the system?Video/DemoTime10.5.1 Audits 3:1310.5.3 Auditing the Windows Security Log11:4110.5.5 Auditing Device Logs 6:57Total21:51Lab/ActivityConfigure Advanced Audit PolicyEnable Device LogsNumber of Exam Questions7 questionsTotal TimeAbout 40 minutesSecurity Pro Practice ExamsSummary This section provides information to help prepare students to take the Security Pro Certification exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 5-10 minutes (depending upon the complexity and their level of knowledge) to complete each simulation question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. The domain practice exams are NOT randomized.Security Pro Domain 1: Access Control and Identity Management (22 simulation questions)Security Pro Domain 2: Policies, Procedures, Awareness (1 simulation question)Security Pro Domain 3: Physical Security (2 simulation questions)Security Pro Domain 4: Perimeter Defenses (10 simulation questions)Security Pro Domain 5: Network Defenses (7 simulation questions)Security Pro Domain 6: Host Defenses (7 simulation questions)Security Pro Domain 7: Application Defenses (10 simulation questions)Security Pro Domain 8: Data Defenses (6 simulation questions)Security Pro Domain 9: Audits and Assessments (5 simulation questions)The Security Pro Certification Practice Exam consists of 15 simulation questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 120 minutes. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. Security+ Practice ExamsSummary This section provides information to help prepare students to take the Security+ exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. The domain practice exams are NOT randomized.Security+ Domain 1: Network Security (172 questions)Security+ Domain 2: Compliance and Operational Security (128 questions)Security+ Domain 3: Threats and Vulnerabilities (178 questions)Security+ Domain 4: Application, Data and Host Security (70 questions)Security+ Domain 5: Access Control and Identity Management (98 questions)Security+ Domain 6: Cryptography (92 questions)The Security+ Certification Practice Exam consists of 100 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 90 minutes. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. SSCP Practice ExamsSummary This section provides information to help prepare students to take the SSCP exam and to register for the exam. Students will have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. Students will typically take about 1 minute to complete each question in the following practice exams. There is no time limit on the amount of time a student can take to complete the practice exams for the following domains. The domain practice exams are NOT randomized.SSCP Domain 1: Access Control (60 questions)SSCP Domain 2: Security Operations & Administration (64 questions)SSCP Domain 3: Monitoring and Analysis (21 questions)SSCP Domain 4: Risk, Response, and Recovery (38 questions)SSCP Domain 5: Cryptography (90 questions)SSCP Domain 6: Networks and Communications (68 questions)SSCP Domain 7: Malicious Code and Attacks (85 questions)The SSCP Certification Practice Exam consists of 125 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 3 hours. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. Appendix A: Approximate Time for the CourseThe total time for the LabSim Security Pro course is approximately 91 hours and 35 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements:Video/demo timesApproximate time to read the text lesson (the length of each text lesson is taken into consideration)Simulations (5 minutes assigned per simulation) Questions (1 minute per question)The breakdown for this course is as follows:ModuleSectionsTimeTotalHR:MM?????1.0 Introduction????1.1 Security Overview70??1.2 Using the Simulator25951:35?????2.0 Access Control and Identity Management????2.1 Access Control Models30??2.2 Authentication60?2.3 Authorization30??2.4 Access Control Best Practices30?2.5 Active Directory Overview30??2.6 Windows Domain Users and Groups50?2.7 Linux Users70??2.8 Linux Groups20?2.9 Linux User Security25??2.10 Group Policy Overview35?2.11 Hardening Authentication 190??2.12 Hardening Authentication 230?2.13 Remote Access35??2.14 Network Authentication70?2.15 Identity Management2062510:253.0 Cryptography????3.1 Cryptography45??3.2 Hashing35?3.3 Symmetric Encryption35??3.4 Asymmetric Encryption25?3.5 Public Key Infrastructure (PKI)70??3.6 Cryptography Implementations402504:10?????4.0 Policies, Procedures, and Awareness????4.1 Security Policies80??4.2 Manageable Network Plan35?4.3 Business Continuity20??4.4 Risk Management30?4.5 Incident Response65??4.6 Social Engineering55?4.7 Certification and Accreditation40??4.8 Development35?4.9 Employee Management40??4.10 Third-Party Integration204207:00?????5.0 Physical Security????5.1 Physical Security50??5.2 Hardware Security20?5.3 Environmental Controls45??5.4 Mobile Devices40?5.5 Mobile Device Security Enforcement40??5.6 Telephony252203:40?????6.0 Networking????6.1 Networking Layer Protocol Review65??6.2 Transport Layer Protocol Review35?6.3 Perimeter Attacks 150??6.4 Perimeter Attacks 250?6.5 Security Appliances35??6.6 Demilitarized Zones (DMZ)30?6.7 Firewalls40??6.8 Network Address Translation (NAT)30?6.9 Virtual Private Networks (VPN)40??6.10 Web Threat Protection25?6.11 Network Access Control (NAC)45??6.12 Wireless Overview60?6.13 Wireless Attacks50??6.14 Wireless Defenses8063510:35?????7.0 Network Defenses????7.1 Network Devices15??7.2 Network Device Vulnerabilities20?7.3 Switch Attacks10??7.4 Router Security15?7.5 Switch Security90??7.6 Intrusion Detection and Prevention50?7.7 SAN Security302303:508.0 Host Defenses????8.1 Malware75??8.2 Password Attacks20?8.3 Windows System Hardening105??8.4 Hardening Enforcement35?8.5 File Server Security50??8.6 Linux Host Security20?8.7 Static Environment Security103155:159.0 Application Defenses????9.1 Web Application Attacks75??9.2 Internet Browsers105?9.3 E-mail45??9.4 Network Applications25?9.5 Virtualization55??9.6 Application Development753806:20?????10.0 Data Defenses????10.1 Redundancy65??10.2 Backup and Restore55?10.3 File Encryption75??10.4 Secure Protocols75?10.5 Cloud Computing303005:0011.0 Assessments and Audits????11.1 Vulnerability Assessment85??11.2 Penetration Testing30?11.3 Protocol Analyzers20??11.4 Log Management50?11.5 Audits402253:45Security Pro Practice Exams????Domain 1: Access Control and Identity Management (22 sims)110??Domain 2: Policies, Procedures, Awareness (1 sim)5?Domain 3: Physical Security (2 sims)10??Domain 4: Perimeter Defenses (10 sims)50?Domain 5: Network Defenses (7 sims)35??Domain 6: Host Defenses (7 sims)35?Domain 7: Application Defenses (10 sims)50??Domain 8: Data Defenses (6 sims)30?Domain 9: Audits and Assessments (5 sims)25??Security Pro Certification Practice Exam (15 sims)904407:20?????Security+ Practice Exams????Domain 1: Network Security (172 questions)172??Domain 2: Compliance and Operational Security (128 questions)128?Domain 3: Threats and Vulnerabilities (178 questions) 178??Domain 4: Application, Data and Host Security (70 questions)70?Domain 5: Access Control and Identity Management (98 questions)98??Domain 6: Cryptography (92 questions)88?Security+ Certification Practice Exam (100 questions)10083413:54SSCP Practice Exams????Domain 1: Access Control (60 questions)60??Domain 2: Security Operations & Administration (64 questions)64?Domain 3: Monitoring and Analysis (21 questions)21??Domain 4: Risk, Response, and Recovery (38 questions)38?Domain 5: Cryptography (90 questions)90??Domain 6: Networks and Communications (68 questions) 68?Domain 7: Malicious Code and Attacks (85 questions)85??SSCP Certification Practice Exam (125 questions)1255519:11???????Total Time549591:35Appendix B: Security Pro 2014 ChangesInstructors who have taught the previous LabSim Security Pro version of this course may find the following information valuable. This report details all the changes that were made from the previous course such as:A new video, demo, simulation, or text that has been createdA video, demo, or text that has been updatedNew questions that have been added to a section A new section that has been added to a moduleSectionChanges2.12.1.4 Updated Demo: Implementing Discretionary Access Control2.22.2.1 Updated Video: Authentication Part 12.2.2 New Video: Authentication Part 22.2.3 Updated Text Lesson: Authentication Facts2.2.7 Added New Practice Questions2.32.3.4 Updated Demo: Examining the Access Token2.42.4.2 Updated Demo: Viewing Implicit Deny2.4.3 Updated Text Lesson: Best Practices Facts2.52.5 New Section: Active Directory Overview2.5.3 Updated Demo: Viewing Active Directory2.5.5 New Practice Questions set2.62.6.1 Updated Demo: Creating User Accounts2.6.2 Updated Demo: Managing User Account Properties2.6.3 Updated Lab: Create User Accounts2.6.4 Updated Lab: Manage User Accounts2.6.5 Updated Demo: Managing Groups2.6.6 Updated Lab: Create a Group2.6.7 Updated Lab: Create Global Groups2.6.9 Added New Practice Questions2.82.8 New Section: Linux Groups2.8.6 New Practice Questions set2.102.10.2 Updated Demo: Viewing Group Policy2.10.4 Updated Lab: Create and Link a GPO2.112.11.10 Updated Text Lesson: Hardening Authentication Facts2.11.11 Added New Practice Questions2.122.12 New Section: Hardening Authentication 22.12.1 Updated Demo: Configuring Smart Card Authentication2.12.2 Updated Lab: Configure Smart Card Authentication2.12.3 New Text Lesson: Smart Card Authentication Facts2.12.4 New Demo: Using Fine-Grained Password Policies2.12.5 New Text Lesson: Fine-Grained Password Policy Facts2.12.6 New Lab: Create a Fine-Grained Password Policy2.12.7 New Practice Questions set2.142.14.4 Updated Demo: Controlling the Authentication Method2.14.5 Updated Lab: Configure Kerberos Policy Settings2.14.9 New Demo: Credential Management2.14.10 New Text Lesson: Credential Management Facts2.14.11 Added New Practice Questions2.152.15.3 Added New Practice Questions3.33.3.3 Updated Text Lesson: Symmetric Encryption Facts3.3.5 Added New Practice Questions3.43.4.2 Updated Text Lesson: Asymmetric Encryption Facts3.4.3 Added New Practice Questions3.53.5.2 Updated Demo: Managing Certificates3.5.3 Updated Lab: Manage Certificates3.5.6 Updated Demo: Configuring a Subordinate CA4.14.1.5 Updated Text Lesson: Security Management Facts4.1.7 Updated Text Lesson: Information Classification Facts4.1.8 New Video: Data Retention Policies4.1.10 New Text Lesson: Data Retention Facts4.24.2 New Section: Manageable Network Plan4.2.4 New Practice Questions set4.34.3.3 Updated Text Lessons: Business Continuity Facts4.3.4 Added New Practice Questions4.44.4.3 New Video: Data Loss Prevention (DLP)4.4.4 Updated Text Lesson: Risk Management Facts4.4.5 Added New Practice Questions4.54.5.4 New Demo: Creating a Forensic Drive Image4.5.5 Updated Text Lesson: Incident Response Facts4.5.6 Updated Text Lesson: Forensic Investigation Facts4.5.7 Added New Practice Questions4.64.6.6 Added New Practice Questions4.94.9.2 Updated Text Lesson: Employee Management Facts4.9.5 Added New Practice Questions4.104.10 New Section: Third-Party Integration4.10.1 New Video: Third-Party Integration Security Issues4.10.2 New Text Lesson: Third-Party Integration Security Facts4.10.3 New Practice Questions set5.15.1.3 Updated Text Lesson: Physical Security Facts5.1.5 Added New Practice Questions5.25.2.4 Added New Practice Questions5.45.4.2 New Text Lesson: Mobile Device Security Facts5.4.3 New Video: BYOD Security Issues 5.4.4 New Text Lesson: BYOD Security Facts5.4.7 Added New Practice Questions5.55.5 New Section: Mobile Device Security Enforcement5.5.1 New Demo: Enforcing Security Policies on Mobile Devices5.5.2 New Demo: Enrolling Devices and Performing a Remote Wipe5.5.3 New Text Lesson: Mobile Device Security Enforcement Facts 5.5.4 New Video: Mobile Application Security5.5.5 New Text Lesson: Mobile Application Security Facts5.5.6 New Practice Questions set6.16.1 New Section: Network Layer Protocol Review6.1.5 Updated Demo: Configuring IPv66.1.9 New Practice Questions set6.26.2 New Section: Transport Layer Protocol Review6.2.6 Added New Practice Questions6.36.3.8 New Practice Questions set6.46.4 New Section: Perimeter Attacks 26.4.7 Updated Demo: Examining DNS Attacks6.4.8 New Lab: Prevent Zone Transfers6.4.9 New Practice Questions set6.56.5.5 Updated Text Lesson: Security Solution Facts6.5.8 Added New Practice Questions6.76.7.5 Added New Practice Questions6.96.9.5 Updated Text Lesson: VPN Facts6.9.7 Added New Practice Questions6.106.10.5 Added New Practice Questions6.126.12 New Section: Wireless Overview6.12.2 New Video: Wireless Antenna Types6.12.3 New Text Lesson: Wireless Networking Facts6.12.5 New Text Lesson: Wireless Encryption Facts6.12.8 New Practice Questions set6.136.13.2 Updated Text Lesson: Wireless Attack Facts6.13.4 New Demo: Detecting Rogue Hosts6.13.5 Added New Practice Questions6.146.14.3 New Text Lesson: Wireless Authentication Facts6.14.5 Updated Demo: Obscure a Wireless Network6.14.7 New Demo: Configuring a Captive Portal6.14.8 New Text Lesson: Wireless Security Facts6.14.9 Added New Practice Questions7.27.2.6 Added New Practice Questions7.47.4 New Section: Router Security7.4.2 Updated Text Lesson: Router Security Facts7.4.3 New Practice Questions set7.67.6.3 Updated Text Lesson: IDS Facts7.6.7 Added New Practice Questions7.77.7 New Section: SAN Security7.7.1 New Video: SAN Security Issues7.7.2 New Demo: Configuring an iSCSI SAN7.7.3 New Text Lesson: SAN Security Facts 7.7.4 New Practice Questions set8.28.2.5 Added New Practice Questions8.48.4.4 Updated Text Lesson: Hardening Enforcement Facts8.4.6 Added New Practice Questions8.58.5.3 Updated Text Lesson: File System Security Facts8.5.5 Updated Demo: Configuring NTFS Permissions8.5.6 Updated Lab: Configure NTFS Permissions8.5.7 New Lab: Disable Inheritance8.78.7 New Section: Static Environment Security8.7.1 New Video: Security Risks in Static Environments8.7.2 New Text Lesson: Static Environment Security Facts8.7.3 New Practice Questions set9.19.1.7 Updated Text Lesson: Web Application Attack Facts9.1.9 Added New Practice Questions9.29.2.9 Updated Text Lesson: Internet Explorer Security Facts9.2.12 New Lab: Configure IE Preferences in a GPO9.2.13 Added New Practice Questions9.39.3.8 Added New Practice Questions9.49.4.5 New Demo: Configuring Application Control Software9.4.6 Updated Text Lesson: Network Application Facts9.4.7 Added New Practice Questions9.59.5.4 New Demo: Creating Virtual Machines9.5.5 Updated Demo: Managing Virtual Machines9.5.6 New Lab: Create Virtual Machines9.5.7 New Demo: Adding Virtual Network Adapters9.5.8 New Demo: Creating Virtual Switches9.5.9 New Lab: Create Virtual Switches9.5.10 Updated Text Lesson: Virtualization Facts9.5.11 Added New Practice Questions9.69.6.10 New Video: NoSQL Security9.6.11 New Text Lesson: NoSQL Security Facts9.6.12 Added New Practice Questions10.110.1.3 Updated Text Lesson: Redundancy Facts10.1.5 Updated Demo: Implementing RAID10.1.7 Updated Lab: Configure Fault Tolerant Volumes10.1.10 Added New Practice Questions10.210.2.4 New Demo: Backing Up Workstations10.2.6 New Demo: Restoring Workstation Data from Backup10.2.7 New Demo: Backing Up a Domain Controller10.2.8 New Lab: Back Up a Domain Controller10.2.9 New Demo: Restoring Server Data from Backup10.2.10 Added New Practice Questions10.310.3.9 Updated Text Lesson: File Encryption Facts10.3.10 Added New Practice Questions10.510.5.3 Updated Text Lesson: Cloud Computing Facts10.5.4 Added New Practice Questions11.111.1.2 Updated Text Lesson: Vulnerability Assessment Facts11.1.11 Added New Practice Questions11.211.2.2 Updated Text Lesson: Penetration Testing Facts11.2.4 Added New Practice Questions11.311.3.4 Added New Practice Questions11.411.4 New Section: Log Management11.4.4 New Video: Windows Event Subscriptions11.4.5 New Demo: Configuring Source-initiated Subscriptions11.4.6 New Demo: Configuring Remote Logging on Linux11.4.7 New Text Lesson: Remote Logging Facts11.4.8 New Practice Questions set11.511.5 New Section: Audits11.5.7 Added New Practice QuestionsExam Objectives: Updated for 401All Domain Exams: Questions no longer randomizedAll Section Exams: Questions no longer randomized SSCP Practice Exams7 Domains: 450 Questions SSCP Certification Practice Exam: 125 QuestionsNew: Feature was not in previous course – new featureUpdated: Replaces previous feature - new version Appendix C: Security Pro ObjectivesThe Security Pro certification exam (2012 edition) covers the following:#DomainModule.Section1.0Access Control and Identity Management1.1Create, modify, and delete user profiles. Manage Windows Domain Users and Groups Create, rename, and delete users and groupsAssign users to appropriate groupsLock and unlock user accountsChange a user's passwordManage Linux Users and Groups Create, rename, and delete users and groupsAssign users to appropriate groupsLock and unlock user accountsChange a user's passwordConfigure password agingManage Windows Local Users and Groups Restrict use of local user accountsRestrict use of common access accounts2.6, 2.7, 2.8, 2.9, 2.10, 2.11, 2.121.2Harden authentication.Configure Domain GPO Account Policy to enforce a robust password policyConfigure the Domain GPO to control local administrator group membership and Administrator passwordDisable or rename default accounts such as Guest and AdministratorConfigure the Domain GPO to enforce User Account ControlConfigure a GPO for Smart Card authentication for sensitive resourcesConfigure secure Remote AccessImplement centralized authentication2.6, 2.10, 2.11, 2.12, 2.13, 2.141.3Manage Certificates. Approve, deny, and revoke certificate requestsConfigure Domain GPO Kerberos Settings2.143.1, 3.52.0Policies, Procedures, and Awareness2.1Promote Information Security Awareness. Traveling with Personal Mobile DevicesExchanging content between Home and WorkStoring of Personal Information on the InternetUsing Social Networking SitesUsing SSL EncryptionUtilizing E-mail best practicesPassword ManagementPhoto/GPS IntegrationInformation SecurityAuto-lock and Passcode Lock4.15.49.310.42.2Evaluate Information Risk. Perform Risk calculationRisk avoidance, transference, acceptance, mitigation, and deterrence4.32.3Maintain Hardware and Software Inventory.4.23.0Physical Security3.1Harden Data Center Physical Access. Implement Access RostersUtilize Visitor Identification and controlProtect Doors and WindowsImplement Physical Intrusion Detection Systems5.1, 5.23.2Harden mobile devices (Laptop). Set a BIOS PasswordSet a Login PasswordImplement full disk encryption5.44.0Perimeter Defenses4.1Harden the Network Perimeter (using a Cisco Network Security Appliance). Change the Default Username and PasswordConfigure a FirewallCreate a DMZConfigure NATConfigure VPNImplement Web Threat Protection6.5, 6.6, 6.7, 6.8, 6.9, 6.104.2Secure Wireless Devices and Clients. Change the Default Username, Password, and Administration limitsImplement WPA2Configure Enhanced Security MAC filteringSSID cloakingPower ControlDisable Network Discovery6.145.0Network Defenses5.1Harden Network Devices (using a Cisco Small Business Switch). Change the Default Username and Password on network devicesUse secure passwordsShut down unneeded services and portsImplement Port SecurityRemove unsecure protocols (FTP, telnet, rlogin, rsh)Implement access lists, deny everything elseRun latest iOS versionTurn on logging with timestampsSegment Traffic using VLANs2.1, 2.4, 2.117.2, 7.3, 7.4, 7.511.55.2Implement Intrusion Detection/Prevention (using a Cisco Network Security Appliance). Enable IPS protection for a LAN and DMZApply IPS Signature UpdatesConfigure IPS Policy7.66.0Host Defenses6.1Harden Computer Systems Against Attack. Configure a GPO to enforce Workstation/Server security settingsConfigure Domain GPO to enforce use of Windows FirewallConfigure Domain Servers GPO to remove unneeded services (such as File and Printer Sharing)Protect against spyware and unwanted software using Windows DefenderConfigure NTFS Permissions for Secure file sharing8.1, 8.3, 8.4, 8.56.2Implement Patch Management/System Updates. Configure Windows UpdateApply the latest Apple Software Updates5.48.36.3Perform System Backups and Recovery.10.27.0Application Defenses7.1Implement Application Defenses. Configure a GPO to enforce Internet Explorer settingsConfigure a GPO for Application WhitelistingEnable Data Execution Prevention (DEP)Configure Web Application SecurityConfigure Parental Controls to enforce Web content filteringConfigure Secure Browser SettingsConfigure Secure E-mail Settings6.5, 6.109.1, 9.2, 9.3, 9.67.2Implement Patch Management/Software Updates. Configure Microsoft Update8.38.0Data Defenses8.1Protect and maintain the integrity of data files. Implement encryption technologiesPerform data backups and recoveryImplement redundancy and failover mechanisms10.1, 10.2, 10.38.2Protect Data Transmissions across open, public networks. Encrypt Data CommunicationsImplement secure protocolsRemove unsecure protocols7.48.55.410.3, 10.49.0Audits and Assessments9.1Implement Logging and Auditing. Configure Domain GPO Audit PolicyConfigure Domain GPO for Event Logging11.4, 11.59.2Review security logs and violation reports, implement remediation.8.1, 11.4 , 11.59.3Review audit reports, implement remediation.11.4, 11.59.4Review vulnerability reports, implement remediation.11.1. 11.4, 11.5 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download