CIW

CYS1190 - Security Strategies for Web Applications and Social Networking

(ANC-CYS1190.AC1)
Lessons
Lab
TestPrep
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Elements of Security and General Security Principles

  • Security Elements and Mechanisms
  • Security Policy
  • Determining Backups
  • Encryption
  • Authentication
  • Specific Authentication Techniques
  • Access Control
  • Auditing
  • Security Tradeoffs
  • Defense in Depth Strategy
  • Optional Lab I
  • Common Security Principles
  • Be Paranoid
  • You Must Have a Security Policy
  • No System or Technique Stands Alone
  • Minimize the Damage
  • Deploy Companywide Enforcement
  • Provide Training
  • Use an Integrated Security Strategy
  • Place Equipment According to Needs
  • Identify Security Business Issues
  • Consider Physical Security
  • Optional Lab II
2

Types of Attacks

  • Network Attack Categories
  • Brute-Force, Dictionary, and Password Spraying Attacks
  • Rainbow Tables, Pass-the-Hash, and Birthday Attacks
  • Password Storage Techniques
  • System Bugs and Back Doors
  • Malware (Malicious Software)
  • TLS encryption
  • Social Engineering Attacks
  • Denial-of-Service (DoS) Attacks
  • Distributed Denial-of-Service (DDoS) Attacks
  • Spoofing Attacks
  • Scanning Attacks
  • Man-in-the-Middle Attacks
  • Bots and Botnets
  • Ransomware
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Auditing
  • Optional Lab
3

Protocol Layers and Security

  • TCP/IP Security Introduction
  • OSI Reference Model Review
  • Data Encapsulation
  • The TCP/IP Stack and the OSI Reference Model
  • Link/Network Access Layer
  • Network/Internet Layer
  • Transport Layer
  • Application Layer
  • Protocol Analyzers
  • Domain Name Service
  • Trusted Platform Modules and Microsoft BitLocker
  • Change Management
  • Optional Lab
4

Securing Resources

  • TCP/IP Security Vulnerabilities
  • Implementing Security
  • Resources and Services
  • Protecting TCP/IP Services
  • Simple Mail Transfer Protocol (SMTP)
  • Bring Your Own Device (BYOD)
  • Internet of Things (IoT)
  • Communication Systems
  • Physical Security
  • Testing Systems
  • Security Testing Software
  • Security Assessments
  • Security and Repetition
  • Optional Lab
5

Firewalls, Virtual Private Networks, Dissecting, and Distracting Cyber-Attacks

  • Access Control Overview
  • Definition and Description of a Firewall
  • The Role of a Firewall
  • Firewall Terminology
  • Operating System and Network Device Hardening
  • Firewall Configuration Defaults
  • Packet Filter Rules
  • Packet Filter Advantages and Disadvantages
  • Configuring Proxy Servers
  • URL Filtering
  • Remote Access and Virtual Private Networks (VPNs)
  • Public Key Infrastructure (PKI)
  • Cloud Computing and Virtualization
  • Optional Lab
  • Proactive Detection
  • Distracting the Cyber-Attacker
  • Deterring the Cyber-Attacker

1

Types of Attacks

  • Viewing the Effects of Hostile JavaScript in the Browser
  • Conducting and Analyzing a SYN flood Using Linux and Windows Server
2

Protocol Layers and Security

  • Getting Information about the Current Connection Statistics of TCP
  • Getting Information about the UDP Ports
  • Getting Information about the TCP Ports
3

Securing Resources

  • Scanning Systems in Ubuntu Linux
  • Securing the FTP Service
  • Securing an Apache Web Server
4

Firewalls, Virtual Private Networks, Dissecting, and Distracting Cyber-Attacks

  • Obtaining Information about the Net Firewall Profile
  • Installing and Deploying Tripwire in Linux
  • Setting a Logon Tripwire Script in Windows Server

Related Courses

All Courses