SPIDER.NET CERTIFIED SECURITY PROFESSIONAL

Building a Secure Organization

Real threats that impact security

·         Hackers inside and out

·         Eavesdropping

·         Spoofing

·         Sniffing

·         Trojan horses

·         Viruses

·         Wiretaps

A security policy: the foundation of your protection

·         Defining your information assurance objectives

·         Assessing your exposure

A Cryptography Primer

Securing data with symmetric encryption

·         Choosing your algorithm: DES, AES, RC4 and others

·         Assessing key length and key distribution

Solving key distribution issues with asymmetric encryption

·         Generating keys

·         Encrypting with RSA

·         PGP and GnuPG

·         Evaluating Web of Trust and PKI

Ensuring integrity with hashes

·         Hashing with MD5 and SHA

·         Protecting data in transit

·         Building the digital signature

Verifying User and Host Identity

Assessing traditional static password schemes

·         Creating a good quality password policy to prevent password guessing and cracking

·         Protecting against social engineering attacks

·         Encrypting passwords to mitigate the impact of password sniffing

Evaluating strong authentication methods

·         Challenge-response to prevent man-in-the-middle attacks

·         Preventing password replay using one-time and tokenized passwords

·         Employing biometrics as part of two-factor authentication

Authenticating hosts

·         Shortcomings of IP addresses

·         Address-spoofing issues and countermeasures

·         Solutions for wireless networks

Preventing System Intrusions

Discovering system vulnerabilities

·         Searching for operating system holes

·         Discovering file permission issues

·         Limiting access via physical security

Encrypting files for confidentiality

·         Encryption with application-specific tools

·         Recovering encrypted data

Hardening the operating system

·         Locking down user accounts

·         Securing administrator’s permissions

·         Protecting against viruses

Guarding against Network Intrusions

Scanning for vulnerabilities

·         Restricting access to critical services

·         Preventing buffer overflows

Reducing denial-of-service (DoS) attacks

·         Securing DNS

·         Limiting the impact of common attacks

Deploying firewalls to control network traffic

·         Analyzing shortcomings of stateless packet filters

·         Contrasting stateful packet filters with application proxies

·         Preventing intrusions with filters

Building network firewalls

·         Evaluating firewall features

·         Selecting an architecture and a personal firewall

Ensuring Network Confidentiality

Threats from the LAN

·         Sniffing the network

·         Mitigating threats from connected hosts

·         Partitioning the network to prevent data leakage

·         Identifying wireless LAN vulnerabilities

Confidentiality on external connections

·         Ensuring confidentiality with encryption

·         Securing data-link layer with PPTP and L2TP

·         Middleware information assurance with SSL and TLS

·         Deploying SSH (the Secure Shell)

Protecting data with IPsec

·         Authenticating remote locations

·         Tunneling traffic between sites

·         Exchanging keys

Managing Your Organization’s Security

·         Developing a security plan

·         Responding to incidents

·         Enumerating the six critical step