The purpose of the course is to give students the knowledge and skills to work with key techniques for detecting computer crimes both in the local network and when interacting on the Internet with mobile clients and cloud services. Also in the course are widely presented software products for collecting and recovering information that indicates an intrusion into the system.
This course provides extensive knowledge of security analysis of modern computer networks and will be useful to all interested IT professionals, including network and system administrators and IT managers. The course will be of interest to information security officers, law enforcement officers and military officials involved in investigating computer network intrusions. In addition, the course is useful for security professionals in preparation for international certification.
At the end of the course students will be able to:
– Independently detect intrusions into the OS, web applications, mobile devices and cloud services;
– Use proven methods of intrusion detection;
– Gather evidence to support the invasion;
– Use specialized tools for analysis of intrusions;
– Analyze text, graphic or media traffic flows for bookmarks;
– Analyze storage systems to detect traces of intrusion;
– Restore and analyze the state of non-volatile (non-volatile) and random access (volatile) memory from Windows, Mac and Linux;
– Recover deleted files and partitions in Windows, Mac and Linux;
– Analyze the state of systems against insider attacks;
– Apply the technique of reverse engineering to analyze the attacking code;
– Detect hacking (or attempted hacking) of password files;
– Extract and analyze logs of proxy servers, firewalls, intrusion detection / prevention systems, workstations, servers, switches, routers, domain controllers, DNS and DHCP servers, access control systems and other devices;
– Take the necessary measures to transfer evidence to law enforcement agencies.
The course helps to prepare for the following certification exams:
312-49: Computer Hacking Forensic Investigator
To learn effectively, students must have the following knowledge and skills:
– Experience working with client and server operating systems;
– Understanding the operation of the network and network devices;
– understanding of basic security concepts;
– CEH and CND courses or equivalent knowledge and skills.
Students are provided with a branded textbook and manual for laboratory work (electronically), as well as other materials and software needed to perform these works.
Module 1: Investigating IS incidents around the world
- Identification of computer threats
- Classification of cyber-attacks
- Challenges for cybercrime researchers
- Types of cyber-attacks and basic rules of investigation
- Evidence collection rules and basic types of digital evidence
- Assessment of incident preparedness and action plan
- The scope of activities of computer security incident investigators and the area of responsibility
- Review of legal, ethical and confidential issues during the investigation of the incident
Module 2: IS Incident Investigation Process
- The process of investigating the IS incident
- Stages of the IS incident investigation process
- Requirements for the laboratory environment and the team of incident investigators
- Research software
- Tasks of the first researchers of the IS incident
- Finding evidence and gathering evidence
- Placement and storage of evidence
- Deduplication of data, recovery of deleted data and verification of evidence
- Writing a report
- Data recovery using EasyUS Data Recovery Wizard;
- Use HashCalc to calculate a hash, checksum, or HMAC;
- Using MD5 Calculator;
- View files of various formats through File Viewer;
- Detection of traces of work with data by means of P2 Commander;
- Create a partition image using R-Drive Image.
Module 3: Collecting evidence from disks and file systems
- Classification of computer network security tools
- Methods and means of access control
- Methods and means of authentication, authorization and audit of access
- A brief overview of the main methods of cryptographic protection of information
- Basic classes of hardware and software for computer network protection and principles of their operation
- Network protocols designed to ensure security and the principles of their operation
- Detect deleted files using WinHex;
- File system analysis using The Sleuth Kit;
- Raw image analysis using Autopsy.
Module 4: Investigating Operating System Incidents
- Methods of obtaining data
- Getting current data
- Teaching static data
- Duplication of data
- Device change lock
- Methods and means of obtaining data
- Get data in Windows and Linux
- Research the NTFS partition using DiskExplorer for NTFS;
- View graphic content with the FTK Imager Tool.
Module 5: Countering methods of concealing evidence
- Countering methods of concealing evidence and the purpose of counteraction
- Review of techniques for counteracting methods of concealing evidence
- Extraction of evidence from deleted files and sections, files with password protection and steganography
- Code entanglement, artifact stripping, data / metadata overwriting and encryption
- Methods for detecting encryption protocols, program packers and rootkits.
- Countermeasures to counter methods of concealing evidence
- Hacking application passwords;
- Detection of steganography.
Module 6: Methods of data collection and copying
- Check for data that changes and does not change Windows
- Windows memory and registry analysis
- Check cache, cookies and browser history
- Check Windows files and metadata
- Analyze text logs and Windows event logs
- Linux log commands and files
- Check Mac logs
- Detection and removal of materials hidden on the computer using OSForensics;
- Get information about the download process using ProcessExplorer;
- View, monitor and analyze events using Event Log Explorer;
- Computer research on penetration using Helix;
- Obtaining variable (operational) data in Linux;
- Analysis of immutable (static) data in Linux.
Module 7: Investigation of network technology incidents
- Network intrusions
- Basic concepts of journaling
- An overview of ways to compare events
- Check routers, firewalls, IDS, DHCP and ODBC logs
- Checking network traffic
- Collection of evidence of network penetration
- Reconstruction of the invasion
- Interception and analysis of events using GFI EventsManager;
- Incident investigation and data collection using XpoLog Center Suite;
- Investigate network attacks with Kiwi Log Viewer;
- Track network traffic with Wireshark.
Module 8: Investigating Web Application Attacks
- Threats to web applications
- Web application architecture
- Web attacks and steps to implement them
- Web attacks on a Windows server
- IIS server architecture and work with its log
- Apache web server architecture and work with its log
- Ways to attack web applications
- Domain network analysis and IP address requests using SmartWhois.
Module 9: Investigation of DBMS incidents
- Database threats
- MSSQL threats
- Signs of database intrusion
- Collect evidence of intrusion using SQL Server Management Studio and Apex SQL DBA
- MySQL threats
- MySQL architecture and definition of data directory structure
- Utilities for analyzing and collecting evidence of penetration into MySQL
- MySQL threats to WordPress web application databases
- Extract database from Android devices using Andriller;
- SQLite database analysis using DB Browser for SQLite;
- Study the MySQL database.
Module 10: Investigation of incidents related to cloud programs
- Description of the principles of cloud computing
- Cloud attacks
- Ways to protect the clouds
- Cloud protection stakeholders
- DropBox and GoogleDrive cloud services
- Detection of vulnerabilities in DropBox;
- Google Drive research.
Module 11: Investigation of malicious code incidents
- Ways to penetrate malware into the OS
- Basic components and malware distribution
- Malware protection concept
- Detection and removal of malware from systems
- Malware analysis – analysis rules and test environment
- Static and dynamic analysis of malware
- Static analysis of suspicious files;
- Dynamic analysis of malicious code;
- Analysis of infected PDF-files;
- Scanning PDF files using web resources;
- Scan suspicious MS Office files.
Module 12: Investigating Email Incidents
- Mail systems, mail clients and mail servers
- Account management
- Email attacks
- Components of e-mail messages
- Common headers and X-headers
- Detect mail attacks
- Tools for analyzing e-mails
- American law CAN-SPAM
- Recover deleted emails with Recover My Email;
- Detection of dangerous messages with Paraben’s Email Examiner;
- Track emails with eMailTrackerPro.
Module 13: Investigating Mobile Incidents
- Threats to mobile devices
- Features of hacking of mobile devices and mobile OS
- Mobile device architecture
- Android stack architecture and download process
- IOS stack architecture and download process
- Mobile data storage
- Preparation and invasion of mobile OS
- Analysis of dangerous images and recovery of deleted files using Autopsy;
- Explore your Android device with Andriller.
Module 14: Preparation of Incident Investigation Reports
- The structure of the incident investigation report
- Signs of a good report
- Incident investigation report template
- Classification of reports and manuals for their writing
- Expert opinions in the report
- Differences between technical and expert opinions
- Daubert and Fyre standards
- Ethical standards during the investigation
Complete information about the course computer-hacking-forensic-investigator-v9
The course price is $ 1,500
The Certified Ethical Hacker Certificate (CEH) is the most trusted certification and ethical hacking achievement recommended by employers worldwide. It is the most coveted certificate of information security and is one of the fastest growing cyber resources needed by critical infrastructure and major service providers. Since the introduction of CEH in 2003, it has been recognized as a standard in the information security community. CEH v11 continues to implement the latest hacking methods and state-of-the-art hacking and use tools used today by hackers and information security professionals. The five phases of ethical hacking and CEH’s initial core mission remain relevant today: “To defeat a hacker, you have to think like a hacker.”
The purpose of the course
To provide students with knowledge and skills to form a systematic approach to computer security, to teach methods to check the security of various nodes of a computer network and to acquaint students with the tools of attackers, their advantages and limitations.
To learn effectively, students must have the following knowledge and skills:
– Experience working with client and server operating systems;
– Understanding the operation of the network and network devices;
– Understanding of basic security concepts.
Module 1: Introduction to Ethical Hacking
Module 2: Traces and Intelligence
Module 3: Network Scanning
Module 4: Enumeration
Module 5: Vulnerability Analysis
Module 6: System Hacking
Module 7: Threats to Malware
Module 8: Sniffing
Module 9: Social Engineering
Module 10: Denial of Service
Module 11: Abduction Session
Module 12: Evasion of IDS, Firewalls and Honeypots
Module 13: Hacking Web Servers
Module 14: Hacking Web Applications
Module 15: SQL injection
Module 16: Hacking Wireless Networks
Module 17: Hacking mobile platforms
Module 18: IoT and OT hacking
Module 19: Cloud Computing
Module 20: Cryptography
What you will receive as part of the course:
– authorized educational literature
– access to practical laboratory works iLabs
– EC-Council certified trainer
– certificate of official training at the CEH course
– voucher for passing the exam
– after successfully passing the exam – a certificate confirming the competencies of a certified ethical hacker.
Full course description cehv11-brochure-hacker-v11
The course price is
This course provides a definition and in-depth description of the main modern technologies of computer networks. The main methods of administration, management and troubleshooting of modern networks will also be considered.
THE PURPOSE OF THE COURSE
Teach basic skills in working with network equipment and information security equipment. As a result of this course, students will gain basic practical knowledge on setting up network protocols and security policies
engineers partners, customers
The following topics will be covered in this course:
Basic definitions of OSI and TCP / IP network models
Characteristics of network traffic
Deploy and configure LAN
Configuring IP networks
Deploy and configure routing networks. Basic LAN and WAN routing technologies will be considered
Configuration and monitoring of major ports and protocols
Description of the main network attacks and methods of their elimination and early detection
Deployment and configuration of information security equipment and software
Description of basic methods of authentication and access control
Using remote access methods
Implementation of security policies
DETAILED CONTENT OF THE COURSE
Lesson 1: Explanation of the OSI model and TCP / IP models
Lesson 2: Explain the properties of network traffic
Lesson 3: Installing and configuring dial-up networks
Lesson 4: Configuring IP Networks
Lesson 5: Installing and configuring routed networks
Lesson 6: Configuring and monitoring ports and protocols
Lesson 7: Explaining network applications and storage services
Lesson 8: Monitoring and troubleshooting networks
Lesson 9: Explain network attacks and mitigations
Lesson 10: Installing and Configuring Security Devices
Lesson 11: Explaining authentication and access control
Lesson 12: Deploying and troubleshooting cable solutions
Lesson 13: Implementing and troubleshooting wireless technologies
Lesson 14: Comparing and contrasting WAN technologies
Lesson 15: Using Remote Access Methods
Lesson 16: Defining site policy and best practices
Price: $ 320
Venue: ERC Training Center st. Mark Vovchka, 18-A
Architecting on AWS covers the fundamentals of building IT infrastructure on AWS. The course is designed to teach solutions architects how to optimise the use of the AWS Cloud by understanding AWS services and how these services fit into cloud-based solutions. This course emphasises AWS Cloud best practices and recommended design patterns to help students think through the process of architecting optimal IT solutions on AWS. It also presents case studies throughout the course that showcase how some AWS customers have designed their infrastructures and the strategies and services they implemented. Opportunities to build a variety of infrastructures via a guided, hands-on approach are also provided.
This course teaches you how to:
- Make architectural decisions based on the AWS-recommended architectural principles and best practices
- Leverage AWS services to make your infrastructure scalable, reliable, and highly available
- Leverage AWS-managed services to enable greater flexibility and resiliency in an infrastructure
- Make an AWS-based infrastructure more efficient in order to increase performance and reduce costs
- Use the Well-Architected Framework to improve architectures with AWS solutions
This course is intended for:
- Solutions architects
- Solution design engineers
- Core AWS Concepts
- Core AWS Knowledge
- Core AWS Services
- Designing Your Environment
- Making Your Environment Highly Available
- Forklifting an Existing Application onto AWS
- Event-Driven Scaling
- Build a New Environment
- Well-Architected Framework
- Troubleshooting YourEnvironment
- Large-Scale Design Patterns and Case Studies
Training materials: AWS digital kit, iLabs.
Certificate of ettendence: AWS Certificate
The “IT AUDIT” trainings will allow participants to gain a wide set of knowledge to plan, perform IT audits and manage IT audit enterprise programs.
You will have all required skills to face the most difficult problems, which include:
- audit planning and reporting
- business continuity audit
- software development and system implementation lifecycle audit
- operating systems, databases, network equipment configuration audit
This is solely practical training! You immediately will work. The training adopted for an audience which represents students with completely different background. If you just a novice, you will be solving simple tasks. If you’re professional, you will have a set of very sophisticated tasks.
The obtained experience will mandatory increase your value for employees and customers, and bring a tremendous level of a professional confidence to you personally.
We recommend this training for:
- IT auditors
- IT security specialists
- IT quality specialists
- IT managers
Section 1: IT audit
- IT assurance framework (ITAF).
- Audit charter/mandate for the audit.
- Auditor independence.
- Professional due care.
- Audit assertions.
- Audit criteria.
- ISACA audit programs.
- IIA audit guidelines.
- Trust services principles and criteria
- Cobit 5
- Other sources of criteria
- Audit planning. Risk-based planning.
- Audit performance.
- Materiality of audit findings.
- Audit evidence.
- Evidence collection methods
- Audit sampling.
- Using the work of other experts.
- Handling illegal acts.
- Audit follow-up.
- Control environment
- Control design
- Control effectiveness
- Control monitoring
- Practical workshop.
Section 2: IT governance and management
- IT strategy
- IT architecture
- IT metrics
- IT organization
- IT service management
- Service catalog
- Incident management
- Change management
- Release management
- Problem management
- IT investments
- IT risks
- End-user computing.
- Shadow IT
- Cloud IT
- IT outsourcing
- Practical workshop.
Section 3: Information systems development and implementation
- System implementation and development lifecycle.
- Project management control frameworks.
- System development methodologies.
- Project business case.
- Feasibility study.
- Requirements specification.
- Design and Architecture.
- Procurement process.
- Handover to production.
- Operational support.
- Project closure.
- Practical workshop.
Section 4: IT operations
- Inventory and asset management.
- Patch management.
- Hardware maintenance.
- Capacity planning.
- Performance and availability monitoring.
- Datacenter management
- Network physical infrastructure
- Practical workshop.
Section 5: Business continuity and disaster recovery
- Business continuity management
- Business continuity project initiation and management.
- Business impact assessment.
- Recovery strategies.
- Business continuity plan testing.
- Disaster phases:
- Initial response
- Post-incident activities
- Practical workshop.
Section 6: Information security assurance
- Information security policies, standards and procedures
- Information security roles and organizational structures.
- Human resource security
- Data classification and handling
- Key processes.
- Information security risk management.
- Incident handling.
- Awareness programs.
- Identity and access management.
- 802.11x, NAP and network access control
- Remote access and teleworking risks
- Rights management
- Antimalware solutions
- Physical security controls
- Fraud controls
- Practical workshop.
Section 7: Audit considerations
- ERP audit
- CRM audit
- Practical workshop.
- Windows audit
- Linux audit
- Networking, VPN and Firewall audit
- PKI audit
- Database audit (MySQL and Oracle)
- Web application audit (PHP)
- Mobile application audit (android)
Many organizations require them to identify critical issues and propose effective audit solutions. And this will require in-depth knowledge of system auditors (System Auditor’s). The set of knowledge and skills included in the curriculum of vendors-independent course “Certified Information Systems Security Auditor – C) ISSA” will not only help prepare for the relevant ISACA® exam, but also provide another important certification in information systems auditing. Thus, the Certified Information Systems Security Auditor course provides the knowledge and skills to identify vulnerabilities, compatibility reports, and implement controls for all types of organizations.
Duration 4 days / 32 hours
PRELIMINARY LEVEL OF TRAINING
At least a year of working with information systems.
AFTER COMPLETING THE COURSE YOU WILL BE ABLE TO:
Use in their work advanced knowledge and practical skills of auditing.
Obtain an international auditor’s certificate if you pass the exam
WHO ARE WE INVITE
- IS Security Officers
- IS Managers
- Risk Managers
- Information Systems Owners
- IS Control Assessors
- System Managers
- The Process of Auditing Information Systems
- Risk Based Auditing
- Audit Planning and Performance
- Reporting on Audit
- IT Governance and Management
- Strategic Planning and Models
- Resource Management
- Business Continuity Planning
- Systems Acquisition, Development and Implementation
- Systems Development Models
- Types of Specialized Business Applications
- Application Controls
- Information Systems Operations, Maintenance and Support
- System and Communications
Related to the certification course:
Mile2 C) ISSA – Certified Information Systems Security Auditor
CISACA® CISA are the objectives of this exam
CompTIA Security + (SY0-501 exam) is a basic course you will need to take if your job responsibilities include providing network services, devices, and traffic to your organization. You can also take this course to prepare for the CompTIA Security + certification exam. In this course, you will build on your knowledge and expertise in the basics of security, networking, and organizational security, gaining the specific skills needed to implement basic security services in any type of computer network.
This course can benefit you in two ways.
If you intend to take the CompTIA Security + certification exam (SY0-501 exam), this course can be an important part of your preparation. But certification is not the only key to professional success in computer security. Today’s job market requires people to demonstrate skills, and the information and activities in this course can help you build a set of computer security skills so that you can confidently perform your duties in any security-related role.
This course is aimed at an information technology (IT) professional with network and administrative skills in Windows-based Transmission Control / Internet Protocol (TCP / IP) networks; familiarity with other operating systems, such as mac OS, Unix or Linux; and who wants to pursue a career in IT by gaining fundamental knowledge of security; preparation for the CompTIA Security + certification exam; or use Security + as a basis for advanced security certificates or career roles.
Knowledge that you will gain during the course:
• basics of authentication and authorization;
• types of attacks and malicious code;
• how to ensure security when working with remote access;
• security of e-mail and web applications;
• wireless network security;
• design of security systems;
• security control and intrusion detection;
• physical security;
• security expertise.
What is included in the course:
• 5 online lectures from 10:00 to 18:00
• practical work
• laboratory work
Promotional price: UAH 12,000 without VAT (old price UAH 24,000)
* if desired, each participant of the course will be able to buy a voucher for certification separately.
Domain 1:Security and Risk Management
1.1 Understand and apply concepts of confidentiality, integrity and availability
1.2 Apply security governance principles through:
– Legislative and regulatory compliance
– Privacy requirements compliance
1.4 Understand legal and regulatory issues that pertain to information security in a global context
1.5 Understand professional ethics
– Exercise (ISC)² Code of Professional Ethics
– Support organization’s code of ethics
1.6 Develop and implement documented security policy, standards, procedures, and guidelines
1.7 Understand business continuity requirements
– Develop and document project scope and plan
– Conduct business impact analysis
– Alignment of security function to strategy, goals, mission, and objectives (e.g., business case, budget and resources)
– Organizational processes (e.g., acquisitions,divestitures, governance committees)
– Security roles and responsibilities
– Control frameworks
– Due care
– Due diligence
– Computer crimes
– Licensing and intellectual property (e.g., copyright, trademark, digital-rights management)
– Import/export controls
– Trans-border data flow
– Data breaches
1.8 Contribute to personnel security policies
1.9 Understand and apply risk management concepts
1.10 Understand and apply threat modeling
1.11 Integrate security risk considerations into acquisition strategy and practice
1.12 Establish and manage information security education, training, and awareness
– Appropriate levels of awareness, training, and education required within organization
– Periodic reviews for content relevancy
– Employment candidate screening (e.g., reference checks, education verification)
– Employment agreements and policies
– Employment termination processes
– Vendor, consultant, and contractor controls
– Identify threats and vulnerabilities
– Risk assessment/analysis (qualitative, quantitative,hybrid)
– Risk assignment/acceptance (e.g., system authorization)
– Countermeasure selection
– Types of controls (preventive, detective, corrective, etc.)
– Control assessment
– Monitoring and measurement
– Asset valuation
– Continuous improvement
– Risk frameworks
– Identifying threats (e.g., adversaries, contractors, employees, trusted partners)
– Determining and diagramming potential attacks (e.g., social engineering, spoofing)
– Performing reduction analysis
– Technologies and processes to remediate threats (e.g., software architecture and operations)
– Hardware, software, and services
– Third-party assessment and monitoring (e.g., onsite assessment, document exchange and review, process/policy review)
– Minimum security requirements
– Service-level requirements
Domain 2:Asset Security
2.1 Classify information and supporting assets (e.g., sensitivity, criticality)
2.2 Determine and maintain ownership (e.g., data owners, system owners, business/mission owners)
2.3 Protect privacy
2.4 Ensure appropriate retention (e.g., media, hardware, personnel)
2.5 Determine data security controls (e.g., data at rest, data in transit)
2.6 Establish handling requirements (markings, labels, storage, destruction of sensitive information)
– Data owners
– Data processers
– Data remanence
– Collection limitation
– Scoping and tailoring
– Standards selection
Domain 3:Security Engineering
3.1 Implement and manage engineering processes using secure design principles
3.2 Understand the fundamental concepts of security models (e.g., Confidentiality, Integrity, and Multi-level Models)
3.3 Select controls and countermeasures based upon systems security evaluation models 3.4 Understand security capabilities of information systems (e.g., memory protection, virtualization, trusted platform module, interfaces, fault tolerance)
3.5 Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
3.6 Assess and mitigate vulnerabilities in web-based systems (e.g., XML, OWASP)
3.7 Assess and mitigate vulnerabilities in mobile systems
3.8 Assess and mitigate vulnerabilities in embedded devices and cyber-physical systems (e.g., network-enabled devices, Internet of things (loT))
3.9 Apply cryptography
– Client-based (e.g., applets, local caches)
– Server-based (e.g., data flow control)
– Database security (e.g., inference, aggregation, data mining, data analytics, warehousing)
– Large-scale parallel data systems
– Distributed systems (e.g., cloud computing, grid computing, peer to peer)
– Cryptographic systems
– Industrial control systems (e.g., SCADA)
– Cryptographic life cycle (e.g., cryptographic limitations, algorithm/protocol governance)
– Cryptographic types (e.g., symmetric, asymmetric, elliptic curves)
– Public Key Infrastructure (PKI)
– Key management practices
– Digital signatures
– Digital rights management
– Integrity (hashing and salting)
– Methods of cryptanalytic attacks (e.g., brute force, cipher-text only, known plaintext)
3.10 Apply secure principles to site and facility design
3.11 Design and implement physical security
– Wiring closets
– Server rooms
– Media storage facilities
– Evidence storage
– Restricted and work area security (e.g., operations centers)
– Data center security
– Utilities and HVAC considerations
– Water issues (e.g., leakage, flooding)
– Fire prevention, detection and suppression
Domain 4:Communications and Network Security
4.1 Apply secure design principles to network architecture (e.g., IP & non-IP protocols, segmentation)
4.2 Secure network components
4.3 Design and establish secure communication channels
4.4 Prevent or mitigate network attacks
– OSI and TCP/IP models
– IP networking
– Implications of multilayer protocols (e.g., DNP3)
– Converged protocols (e.g., FCoE, MPLS, VoIP, iSCSI)
– Software-defined networks
– Wireless networks
– Cryptography used to maintain communication security
– Operation of hardware (e.g., modems, switches, routers, wireless access points, mobile devices)
– Transmission media (e.g., wired, wireless, fiber)
– Network access control devices (e.g., firewalls, proxies)
– Endpoint security
– Content-distribution networks
– Physical devices
– Multimedia collaboration (e.g., remote meeting technology, instant messaging)
– Remote access (e.g., VPN, screen scraper, virtual application/desktop, telecommuting)
– Data communications (e.g., VLAN, TLS/SSL)
– Virtualized networks (e.g., SDN, virtual SAN, guest operating systems, port isolation)
Domain 5:Identity and Access Management
5.1 Control physical and logical access to assets
5.2 Manage identification and authentication of people and devices
5.3 Integrate identity as a service (e.g., cloud identity)
5.4 Integrate third-party identity services (e.g., on-premise)
5.5 Implement and manage authorization mechanisms
– Role-Based Access Control (RBAC) methods
– Rule-based access control methods
– Mandatory Access Control (MAC)
– Discretionary Access Control (DAC)
5.6 Prevent or mitigate access control attacks
5.7 Manage the identity and access provisioning lifecycle (e.g., provisioning, review)
– Identity management implementation (e.g., SSO, LDAP)
– Single/multi-factor authentication (e.g., factors, strength, errors)
– Session management (e.g., timeouts, screensavers)
– Registration and proofing of identity
– Federated identity management (e.g., SAML)
– Credential management systems
Domain 6:Security Assessment and Testing
6.1 Design and validate assessment and test strategies
6.2 Conduct security control testing
6.3 Collect security process data (e.g., management and operational controls)
6.4 Analyze and report test outputs (e.g., automated, manual)
6.5 Conduct or facilitate internal and third party audits
– Vulnerability assessment
– Penetration testing
– Log reviews
– Synthetic transactions
– Code review and testing (e.g., manual, dynamic, static, fuzz)
– Misuse case testing
– Test coverage analysis
– Interface testing (e.g., API, UI, physical)
– Account management (e.g., escalation, revocation)
– Management review
– Key performance and risk indicators
– Backup verification data
– Training and awareness
– Disaster recovery and business continuity
Domain 7:Security Operations
7.1 Understand and support investigations
7.2 Understand requirements for investigation types
7.3 Conduct logging and monitoring activities
7.4 Secure the provisioning of resources
7.5 Understand and apply foundational security operations concepts
7.6 Employ resource protection techniques
– Media management
– Hardware and software asset management
– Evidence collection and handling (e.g., chain of custody, interviewing)
– Reporting and documenting
– Investigative techniques (e.g., root-cause analysis, incident handling)
– Digital forensics (e.g., media, network, software, and embedded devices)
– Intrusion detection and prevention
– Security information and event management
– Continuous monitoring
– Egress monitoring (e.g., data loss prevention, steganography, watermarking)
– Asset inventory (e.g., hardware, software)
– Configuration management
– Physical assets
– Virtual assets (e.g., software-defined network, virtual SAN, guest operating systems)
– Cloud assets (e.g., services, VMs, storage, networks)
– Applications (e.g., workloads or private clouds, web services, software as a service)
– Need-to-know/least privilege (e.g., entitlement, aggregation, transitive trust)
– Separation of duties and responsibilities
– Monitor special privileges (e.g., operators, administrators)
– Job rotation
– Information lifecycle
– Service-level agreements
– Electronic discovery (eDiscovery)
7.7 Conduct incident management
7.8 Operate and maintain preventative measures
7.9 Implement and support patch and vulnerability management
7.10 Participate in and understand change management processes (e.g., versioning, baselining, security impact analysis)
7.11 Implement recovery strategies
7.12 Implement disaster recovery processes
7.13 Test disaster recovery plans
7.14 Participate in business continuity planning and exercises
7.15 Implement and manage physical security
– Perimeter (e.g., access control and monitoring)
– Internal security (e.g., escort requirements/visitor control, keys and locks)
7.16 Participate in addressing personnel safety concerns (e.g., duress, travel, monitoring)
– Lessons learned
– Intrusion detection and prevention systems
– Third-party security services
– Backup storage strategies (e.g., offsite storage, electronic vaulting, tape rotation)
– Recovery site strategies
– Multiple processing sites (e.g., operationally redundant systems)
– System resilience, high availability, quality of service, and fault tolerance
– Training and awareness
– Full interruption
Domain 8:Software Development Security
8.1 Understand and apply security in the software development lifecycle
8.2 Enforce security controls in development environments
8.3 Assess the effectiveness of software security
– Auditing and logging of changes
– Risk analysis and mitigation
– Acceptance testing
8.4 Assess security impact of acquired software
Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. Throughout the course participants will be exposed to many exciting open problems in the field and work on fun (optional) programming projects.
- Course Overview
- What is Cryptography?
- History of Cryptography
- Discrete Probability (Crash Course)
- Discrete Probability (Crash Course, Cont.)
- Information Theoretic Security and The One Time Pad
- Stream Ciphers and Pseudo Random Generators
- Attacks on Stream Ciphers and The One Time Pad
- Real-World Stream Ciphers
- PRG Security Definitions
- Semantic Security
- Stream Ciphers are Semantically Secure
2. Block Ciphers
- What are Block Ciphers?
- The Data Encryption Standard
- Exhaustive Search Attacks
- More Attacks on Block Ciphers
- The AES Block Cipher
- Block Ciphers From PRGs
- Review: PRPs and PRFs
- Modes of Operation: One Time Key
- Security for Many-Time Key (CPA security)
- Modes of Operation: Many Time Key (CBC)
- Modes of Operation: Many Time Key (CTR)
3. Message Integrity
- Message Authentication Codes
- MACs Based On PRFs
- CBC-MAC and NMAC
- MAC Padding
- PMAC and the Carter-Wegman MAC
- Generic Birthday Attack
- The Merkle-Damgard Paradigm
- Constructing Compression Functions
- Timing attacks on MAC verification
4. Authenticated Encryption
- Active Attacks on CPA-Secure Encryption
- Chosen Ciphertext Attacks
- Constructions From Ciphers and MACs
- Case Study: TLS 1.2
- CBC Padding Attacks
- Attacking Non-Atomic Decryption
- Key Derivation
- Deterministic Encryption
- Deterministic Encryption: SIV and Wide PRP
- Tweakable Encryption
- Format Preserving Encryption
5. Basic Key Exchange
- Trusted 3rd Parties
- Merkle Puzzles
- The Diffie-Hellman Protocol
- Public-Key Encryption
- Fermat and Euler
- Modular e’th Roots
- Reading: More background on number theory
- Arithmetic algorithms
- Intractable Problems
6. Public-Key Encryption
- Definitions and Security
- The RSA Trapdoor Permutation
- PKCS 1
- Is RSA a One-Way Function?
- RSA in Practice
- The ElGamal Public-key System
- ElGamal Security
- ElGamal Variants With Better Security
- A Unifying Theme