TMNA CTS Training Portal

Security Essentials (SEC401)

Request a Quote for this class

About this Course

Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work. Learn tips and tricks from the experts so that you can win the battle against the wide range of cyber adversaries that want to harm your environment.

Is SEC401: Security Essentials Bootcamp Style the right course for you?

STOP and ask yourself the following questions:

  1. Do you fully understand why some organizations get compromised and others do not?
  2. If there were compromised systems on your network, are you confident that you would be able to find them?
  3. Do you know the effectiveness of each security device and are you certain that they are all configured correctly?
  4. Are proper security metrics set up and communicated to your executives to drive security decisions?

If you do not know the answers to these questions, SEC401 course will provide the information security training you need in a bootcamp-style format that is reinforced with hands-on labs.

Audience Profile

Anyone who works in security, is interested in security, or has to understand security should take this course, including:

  • Security professionals who want to fill the gaps in their understanding of technical information security
  • Managers who want to understand information security beyond simple terminology and concepts
  • Operations personnel who do not have security as their primary job function but need an understanding of security to be effective
  • IT engineers and supervisors who need to know how to build a defensible network against attacks
  • Administrators responsible for building and maintaining systems that are being targeted by attackers
  • Forensic analysts, penetration testers, and auditors who need a solid foundation of security principles so they can be as effective as possible at their jobs
  • Anyone new to information security with some background in information systems and networking.

At Course Completion

Upon completing this course, students will be able to:

  • Apply what you learned directly to your job when you go back to work
  • Design and build a network architecture using VLANs, NAC, and 802.1x based on advanced persistent threat indicators of compromise
  • Run Windows command line tools to analyze the system looking for high-risk items
  • Run Linux command line tools (ps, ls, netstat, etc.) and basic scripting to automate the running of programs to perform continuous monitoring of various tools
  • Install VMWare and create virtual machines to create a virtual lab to test and evaluate tools/security of systems
  • Create an effective policy that can be enforced within an organization and design a checklist to validate security and create metrics to tie into training and awareness
  • Identify visible weaknesses of a system using various tools and, once vulnerabilities are discovered, cover ways to configure the system to be more secure
  • Build a network visibility map that can be used for hardening of a network - validating the attack surface and covering ways to reduce that surface by hardening and patching
  • Sniff open protocols like telnet and ftp and determine the content, passwords, and vulnerabilities using WireShark.

Prerequisites

SEC401 Security Essentials Bootcamp Style covers all of the core areas of security and assumes a basic understanding of technology, networks, and security. For those who are brand new to the field with no background knowledge, SEC301: Intro to Information Security would be the recommended starting point. While SEC301 is not a prerequisite, it will provide the introductory knowledge that will help maximize the experience with SEC401.

Course Outline

1. Setting Up a Lab with Virtual Machines

  • Use
  • Implementation
  • Security

2. Network Fundamentals

  • Network types (LANs, WANs)
  • Network topologies
  • LAN protocols
  • WAN protocols
  • Network devices

3. IP Concepts

  • Packets and addresses
  • IP service ports
  • IP protocols
  • TCP
  • UDP
  • ICMP
  • DNS

4. IP Behavior

  • TCP dump
  • Recognizing and understanding
  • UDP
  • ICMP
  • UDP behavior

5. Virtual Machines

  • Use
  • Implementation
  • Security

6. Information Assurance Foundations

  • Defense in-depth
  • Confidentiality, integrity, and availability
  • Risk model
  • Authentication vs. authorization
  • Vulnerabilities
  • Defense in-depth

7. Computer Security Policies

  • Elements when well written
  • How policies serve as insurance
  • Roles and responsibilities

8. Contingency and Continuity Planning

  • Business continuity planning (BCP)
  • Disaster recovery planning (DRP)
  • Business impact analysis

9. Access Control

  • Data classification
  • Authentication, authorization, accountability (AAA)
  • MAC and DAC

10. Password Management

  • Password cracking for Windows and Unix
  • Alternate forms of authentication (tokens, biometrics)
  • Single sign-on and RADIUS

11. Incident Response (IR)

  • Preparation, identification, and containment
  • Eradication, recovery, and lessons learned
  • Investigation techniques and computer crime
  • Legal issues associated with IR

12. Offensive and Defensive Information Warfare (IW)

  • Types of IW
  • APT
  • Asymmetric warfare
  • Offensive goals

13. Attack Strategies and Methods

  • How the adversary breaks into systems
  • Mitnick attack
  • Attack methods

14. Vulnerability Scanning and Remediation

  • Approaches and methods of remediation
  • Building a network visibility map
  • Host identification
  • Port scanning
  • Vulnerability scanning
  • Penetration testing

15. Web Security

  • Web communication
  • Web security protocols
  • Active content
  • Cracking web applications
  • Web application defenses

16. Firewalls and Perimeters

  • Types of firewalls
  • Pros and cons of firewalls
  • Firewall placement
  • Packet filtering, stateful, and proxies

17. Honeypots

  • Forensics
  • Honeypots
  • Honeynets
  • Honey tokens

18. Host-based Protection

  • Intrusion detection
  • Intrusion prevention
  • Tripwire
  • Pros and cons

19. Network-based Intrusion Detection and Prevention

  • Pros and cons
  • Deployment strategies
  • Snort
  • Development and advances

20. Cryptography

  • Need for cryptography
  • Types of encryption
  • Symmetric
  • Asymmetric
  • Hash
  • Ciphers
  • Digital substitution
  • Algorithms
  • Real-world cryptosystems
  • Crypto attacks
  • VPNs
  • Types of remote access
  • PKI
  • Digital certificates
  • Key escrow

21. Steganography

  • Types
  • Applications
  • Detection

22. Critical Security Controls

  • Overview of the controls
  • Implementing the controls
  • Auditing the Controls
  • Specific controls and metrics

23. Risk Assessment and Auditing

  • Risk assessment methodology
  • Risk approaches
  • Calculating risk
  • SLE
  • ALE

24. Security Infrastructure

  • Windows family of operating systems
  • Workgroups and local accounts
  • What is Active Directory?
  • Domain users and groups
  • Kerberos, NTLMv2, smart cards
  • Forests and trusts
  • What is group policy?

25. Service Packs, Patches, and Backups

  • Service packs
  • E-mail security bulletins
  • Patch installation
  • Automatic updates
  • Windows server update services
  • Windows backup
  • System restore
  • Device driver rollback

26. Permissions and User Rights

  • NTFS permissions
  • File and print sharing service
  • Shared folders
  • BitLocker drive encryption

27. Security Policies and Templates

  • Group policy objects
  • Password policy
  • Lockout policy
  • Anonymous access
  • Software restriction policies

28. Securing Network Services

  • Firewalls and packet filtering
  • IPSec and VPNs
  • Wireless networking
  • Security configuration wizard
  • Remote desktop protocol (RDP)

29. Auditing and Automation

  • Microsoft baseline security analyzer
  • SECEDIT.EXE
  • Windows event logs
  • NTFS and registry auditing
  • IIS logging
  • Creating system baselines
  • Scripting tools
  • Scheduling jobs

30. Linux Landscape

  • Different variants of and uses for Linux
  • Ways processes are started
  • Network interface information
  • Process information
  • Directory hierarchy
  • Partitions and OS installation

31. Permissions and User Accounts

  • Setting permissions
  • SUID and SGID
  • Controlling access
  • Root vs. user accounts
  • Setting password controls
  • Pluggable authentication module (PAM)

32. Linux OS Security

  • Dangerous services
  • Helpful services
  • Running and stopping programs
  • Configuration changes and restarting services
  • File system permissions, ownership, and systems
  • Mounting drives

33. Maintenance, Monitoring, and Auditing Linux

  • Common causes of compromise
  • Patching
  • Backing up data
  • Syslog
  • Analyzing log files
  • Other logging

34. Linux Security Tools

  • File integrity verifications
  • Chkrootkit
  • CIS hardening guides
  • Bastille linux
  • Sniffers
  • Snort