Overview
Course Instructor: Derrick Coston
Course Outline
01. Security Operations and Administration
- What is ISC/SSCP
- Exam length/type (3 hrs 125 questions)
- ISC^2 Code of Ethics
- Security Basics
- CIAA
- Least privilege
- Segregation of duties
- Security controls
- Technical controls
- Password requirements
- Lockout policies
- Physical controls
- Locks
- Bollards/fencing
- Cameras
- Mantraps
- Badges
- Administrative controls
- Policies
- Procedures
- Employee training
- Assessing compliance
- Periodic audit and review of policies
- Types of security controls
- Deterrent
- Corrective
- Preventative
- Asset management
- Data retention requirements
- Inventory
- Licensing models
- Change management lifecycle
02. Access Controls
- Types of authentication
- MFA
- SSO
- Access Controls
- Allow/deny access
- Read/Write/Execute privileges
- RBAC
- Rule Based Access Control
- MAC
- DAC
- Trust relationships
- Flow of trust
- One and two way
- Transitive
- Zero
- Identity management
- IAM systems
- Provision/deprovision
- Authorization
03. Risk Identification
- Definitions – risk, risk management, vulnerability
- Determining risk levels
- Probability x loss
- Values of assets
- Key Risk Indicator
- Types of risk responses
- Avoidance
- Transference
- Acceptance
- Mitigation
- Identifying risks and vulnerabilities
- Vulnerability scanners (Mod 1)
- Internal vs external testing
- Penetration testing
- STIGs
- Network vulnerabilities
- Creating baselines and anonamlies
- Risk management frameworks (RMF) – enterprise level
- NIST 800-171
- CMMC
- COBIT
- Vulnerability management planning
- Assessing risks
- Picking a tool or tools
- Creating reports
- Remediation
- Steps/planning
- Making changes
- Deploying countermeasures
- After actions reporting
- Continuous monitoring
- IDS/IPS
- Types of intrusions
- Indicators of intrusion
- File system
- New/missing files
- Changed permissions
- Slow performance of systems/crashing
- Network
- Failed/repeated login attempts
- Connections from other countries/unusual log activity
- Metrics and data analysis
- Logs
- Anomalies
- Event triggers
- Legal restraints
- Laws governing data
- Regulations
- Privacy laws
04. Incident Response
- Response plan
- First responder
- Contacts – who to call
- Documenting a response plan
- First steps
- Make contact
- Assessing the situation
- Recording any changes/moves made to secure data – chain of custody
- Contain damage (disconnect drives, etc)
- Next steps
- Assess damage
- Determine severity level
- Plan on how to resolve issue
- Investigate source of incident – forensic investigation
- Logs
- Network diagnostics
- Host AV/logs
- Begin recovery
- Pull data from backups
- Eliminate threat (if virus/malware)
- Document all actions
- After actions reporting
- Cost of damages
- Document all actions taken
- Document future prevention plan
- Provide employee/personal training to avoid repeat scenario
- Backup planning
- Types of backups
- How backups work
- Archive flags
- Changes
- Daily/weekly/monthly
- Advantages/disadvantages
- Some servers may require different needs, examples
- Differential
- Incremental
- Full
- Backup Locations
- Cloud
- Pros/cons
- Tapes
- Pros/cons
- Offsite backups
- Hot/cold/warm backup sites
- High availability
- Testing backups
- Recovery drills
- Emergency response plans
- Business continuity plans
- Implementation and design
- Testing
- Disaster recovery plans
- Implementation and design
- Testing
05. Cryptography
- Laws and regulations
- PII/PHI/intellectual property
- HIPAA
- Laws wrt these
- PCI-DSS
- ISO
- Data encryption
- How encryption works
- Symmetric vs asymmetric
- Encryption during transit
- Encryption at rest
- Strength of encryptions
- 128/216 bit etc
- RSA, AES etc
- What is Public Key Infrastructure (PKI)
- Private key and public key
- Explanation/metaphorical examples
- Certificate authority
- What uses PKI
- Key creation and destruction
- PGP
- GPG
- Blockchain
- Nonrepudiation
- Hashing
- Salting
- Digital Signatures
- Digital signature encryption
- HMAC
- Security protocols
- IPSEC
- TLS
- SSL/TLS
- S/MIME
- DKIM
06. Network and Communication Security
- Parts of a network
- Hosts
- Servers
- Routers/switches
- Firewalls
- IDS/IPS
- TCP/IP model
- Layers
- Functions of each layer in brief
- OSI Model
- Layers
- Functions of each layer
- Compare/contrast models side by side
- Show how network traffic passes through end to end
- Important protocols in IP stack
- TCP
- UDP
- HTTP
- Email protocols
- Other common protocols – FTP, DNS
- Network topologies
- Mesh
- Star
- Bus
- Ring
- Hybrid
- Peer-to-peer
- Switches
- Function
- Topology diagram
- VLANs
- Switchport abilities
- Trunking
- Routers
- Function vs. switches
- Topology diagram
- Routing protocols
- Communication over the network
- Load balancing
- RADIUS
- TACACS
- ACLs
- Remote access through VPN
- VPN
- Benefits
- Remote work
- Security of data
- Encapsulation/tunneling
- L2TP
- SSH
- PPTP
- Types
- IPSec
- SSL VPN
- Site to site VPN
- Hardware VPN
- Software VPN
- Function
- Process of connection
- AAA
- MFA
- VPN topology
- Diagrams
- Firewalls
- Firewall policies
- ACLs
- Black/whitelisting
- Implicit deny
- Rulesets
- Firewall technologies
- NAT
- VPN
- Packet filtering
- Packet inspection
- DMZ
- Public facing servers
- Selecting an appropriate technology
- Best practices
- Logging
- Change management
- Non conflicting rules
- Patching
- Blocking traffic by type – pings etc
- Firewall evasion
- Other devices
- Honeypot
- Advantage/disadvantages
- Proxy server
- Advantages/disadvantages
- IDPS
- What does an IDS/IPS do
- Components of IDPS
- Network sensor
- Network analyzer
- Admin Console
- Alert system
- Database of attack signatures to compare
- IDS – detects intrusions
- IPS – prevents and blocks intrusions
- Inspection of traffic
- Placement – behind firewall – monitors already filtered traffic
- Activities of IDPS
- Sending logging information out
- Alerts to admins
- Reporting
- Signature matching of attacks
- IDS alerts
- True/false Positive/Negative
- Recovery after false positive/negative alert
- NIDS
- Information gathering
- Packet sniffing
- Network details
- False positives and negatives
- How to tune to be accurate
- Wireless technology
- Components of wireless network
- Wireless router
- Access points
- Wireless NIC
- Repeater
- Pros/Cons of wireless
- Security issues
- Mobile device usage
- No cords
- Ease of use
- Wireless topology
- IBSS (ad hoc)
- BSS
- Wireless Standards
- Encryption
- WEP
- WPA
- WPA2
- EAP
- Comparison/pros/cons
- Authentication
- Shared key
- Open connection
- Threats
- Evil Twin
- MAC Spoofing
- MITM
- War driving
- Rogue AP
- Prevention
- Security auditing tools
- Password complexity
- WiFi scanners
- Disabling SSID broadcast
- Using strong encryption
- Mac Address filtering
- Network/traffic monitoring
- Placement of APs/antennas
- RF interference
- Directional antenna
- Reducing signal strength/distance
- Bluetooth
- Functionality
- Technology
- NFC technology
07. Systems and Applications Security
- Network attacks
- DDOS
- Malicious code/malware
- Ransomware
- Trojans
- Exploits
- Spyware/Adware
- Man in the Middle
- Rootkits
- Social Engineering attacks
- Phishing
- Spear phishing
- Whaling
- Password hacking
- Brute force
- Dictionary attacks
- System hardening
- Baseline configurations
- Imaging
- STIG
- Common configurations
- Host security basics
- Patch management
- Windows best practices
- BIOS passwords
- User account creation/deletion
- Windows Firewall
- Hardening Windows servers
- Anti-Virus
- Types of AV
- Purpose of AV and function
- Signatures
- Patching
- Blocking executable/malicious code
- Linux security
- Log review and audit
- Disable unnecessary services/processes
- Switch/Router security
- Hardening switches
- Syslog review
- Virtualization security
- Hypervisors
- VMs
- Software firewalls
- Host based IDS
- Analyzes host traffic
- Detects host events
- Drawbacks
- Host Based firewalls
- Configuration
- Management
- Utilities
- Common types
- Application whitelisting
- Mobile device management
- BYOD
- COPE
- Encryption
- Mobile application management
- Restrictions
- DLP
- Disk encryption
- Bitlocker, etc
- Whole disk encryption
- File level encryption
- Containerization
- Cloud security
- Types of cloud deployments
- Public
- Private
- Hybrid
- Community
- Service models
- IAAS
- PAAS
- SAAS
- Data transmission
- Benefits/drawbacks of cloud
- Data ownership in cloud environments
- Service level agreements
- Uptime expectation
- Outsourcing data destruction
- Data portability
- Virtualization
- Components of virtual systems
- Hypervisor
- VM
- Virtual switch
- Data store – shared storage
- Containerization
- Virtualization threats
Skills Learned
After completing this online training course, students will be able to:
- Better understand Access Control
- Better understand Security Operations and Administration
- Better understand Risk Identification, Monitoring, and Analysis
- Better understand Incident Response and Recovery
- Better understand Cryptography
- Better understand Networks and Communications Security
- Better understand Systems and Application Security