India: +91 406677 1418

WhatsApp no. : +919100386313

USA: +1 909 233 6006

Telegram : +15168586242

security+-online-training

Security + Course Content

Overview of Systems Security Threats
  • Privilege escalation
  • Virus
  • Worm
  • Trojan
  • Spyware
  • Spam
  • Adware
  • Rootkits
  • Botnets
  • Logic bomb
Security risks pertaining to system hardware and peripherals
  • BIOS
  • USB devices
  • Cell phones
  • Removable storage
  • Network attached storage
Implementing OS hardening practices and procedures to achieve workstation and server security
  • Hotfixes
  • Service packs
  • Patches
  • Patch management
  • Group policies
  • Security templates
  • Configuration baselines
Procedures to establish Application Security
  • ActiveX
  • Java
  • Scripting
  • Browser
  • Buffer overflows
  • Cookies
  • SMTP open relays
  • Instant messaging
  • P2P
  • Input validation
  • Cross-site scripting (XSS)
Implementing security applications
  • HIDS
  • Personal software firewalls
  • Antivirus
  • Anti-spam
  • Popup blockers
Virtualization Technology: purpose and application
Ports & Protocols: Threats and Mitigation Techniques
  • Antiquated protocols
  • TCP/IP hijacking
  • Null sessions
  • Spoofing
  • Man-in-the-middle
  • Replay
  • DOS
  • DDOS
  • Domain Name Kiting
  • DNS poisoning
  • ARP poisoning
Network design elements and components
  • DMZ
  • VLAN
  • NAT
  • Network interconnections
  • NAC
  • Subnetting
  • Telephony
Network Security Tools
  • NIDS
  • NIPS
  • Firewalls
  • Proxy servers
  • Honeypot
  • Internet content filters
  • Protocol analyzers
Using Network Security Tools
  • NIDS
  • Firewalls
  • Proxy servers
  • Internet content filters
  • Protocol analyzers
Vulnerabilities and Mitigations of Network Devices
  • Privilege escalation
  • Weak passwords
  • Back doors
  • Default accounts
  • DOS
Vulnerabilities and Mitigations of Transmission Media
  • Vampire taps
Vulnerabilities and Mitigations of wireless Networking
  • Data emanation
  • War driving
  • SSID broadcast
  • Blue jacking
  • Bluesnarfing
  • Rogue access points
  • Weak encryption
Industry Best Practices for access control methods
  • Implicit deny
  • Least privilege
  • Separation of duties
  • Job rotation
Common Access Control Models
  • MAC
  • DAC
  • Role & Rule based access control
Organizing Users and Computers: Security Groups, Rights & Privileges.
Security controls to file and print resources
Logical Access Control Methods: Defining and Implementing
  • ACL
  • Group policies
  • Password policy
  • Domain password policy
  • User names and passwords
  • Time of day restrictions
  • Account expiration
  • Logical tokens
Authentication models and components
  • One, two and three-factor authentication
  • Single sign-on
Deploying Authentication Models and components
  • Biometric reader
  • RADIUS
  • RAS
  • LDAP
  • Remote access policies
  • Remote authentication
  • VPN
  • Kerberos
  • CHAP
  • PAP
  • Mutual
  • 802.1x
  • TACACS
Difference between Identification and Authentication (Identity Proofing)
Physical Access Security Methods
  • Physical access logs/lists
  • Hardware locks
  • Physical access control – ID badges
  • Door access systems
  • Man-trap
  • Physical tokens
  • Video surveillance – camera types and positioning
Conducting Risk Assessments and implement Risk Mitigation
Vulnerability Assessments through common tools
  • Port scanners
  • Vulnerability scanners
  • Protocol analyzers
  • OVAL
  • Password crackers
  • Network mappers
Penetration Testing versus Vulnerability Scanning
Using Monitoring Tools to detect security-related anomalies
  • Performance monitor
  • Systems monitor
  • Performance baseline
  • Protocol analyzers
Monitoring Methodologies
  • Behavior-based
  • Signature-based
  • Anomaly-based
Logging procedures and results evaluation
  • Security application
  • DNS
  • System
  • Performance
  • Access
  • Firewall
  • Antivirus
Periodic Audits of system security settings
  • User access and rights review
  • Storage and retention policies
  • Group policies
Cryptography Concepts
  • Key management
  • Steganography
  • Symmetric key
  • Asymmetric key
  • Confidentiality
  • Integrity and availability
  • Non-repudiation
  • Comparative strength of algorithms
  • Digital signatures
  • Whole disk encryption
  • Trusted Platform Module (TPM)
  • Single vs. Dual sided certificates
  • Use of proven technologies
Hashing Concepts and Algorithms
  • SHA
  • MD5
  • LANMAN
  • NTLM
Encryption Concepts and Algorithms
  • DES
  • 3DES
  • RSA
  • PGP
  • Elliptic curve
  • AES
  • AES256
  • One time pad
  • Transmission encryption (WEP TKIP, etc)
Protocols: Definition and Implementation
  • SSL/TLS
  • S/MIME
  • PPTP
  • HTTP vs. HTTPS vs. SHTTP
  • L2TP
  • IPSEC
  • SSH
Public Key Cryptography
  • Public Key Infrastructure (PKI)
  • Recovery agent
  • Public key
  • Private keys
  • Certificate Authority (CA)
  • Registration
  • Key escrow
  • Certificate Revocation List (CRL)
  • Trust models
Implementing PKI and Certificate Management
  • Public Key Infrastructure (PKI)
  • Recovery agent
  • Public key
  • Private keys
  • Certificate Authority (CA)
  • Registration
  • Key escrow
  • Certificate Revocation List (CRL)
Redundancy Planning and its components
  • Hot site
  • Cold site
  • Warm site
  • Backup generator
  • Single point of failure
  • RAID
  • Spare parts
  • Redundant servers
  • Redundant ISP
  • UPS
  • Redundant connections
Implementing Disaster Recovery Procedures
  • Planning
  • Disaster recovery exercises
  • Backup techniques and practices – storage
  • Schemes
  • Restoration
Incident Response Procedures: Types and Implementation
  • Forensics
  • Chain of custody
  • First responders
  • Damage and loss controlReporting – disclosure of
Applicable legislation and organizational policies
  • Secure disposal of computers
  • Acceptable use policies
  • Password complexity
  • Change management
  • Classification of information
  • Mandatory vacations
  • Personally Identifiable Information (PII)
  • Due care
  • Due diligence
  • Due process
  • SLA
  • Security-related HR policy
  • User education and awareness training
Environmental Controls
  • Fire suppression
  • HVAC
  • Shielding
Social Engineering: Concept of and how to reduce the risks
  • Phishing
  • Hoaxes
  • Shoulder surfing
  • Dumpster diving
  • User education and awareness training