IT Security Fundamentals (SECFUND) – Outline

Detailed Course Outline

Introduction to Information Security

  • Information Security fundamentals, Information Security models, IS standards, attack overviews.

Risk Management

  • Risk management process, risk analysis, risk control.

Operating System Security

  • Popular operating systems, OS hardening, vulnerabilities and the patch cycle, OS scanning.

Access Control

  • Types of access control, physical access, controlling resource access, Microsoft Windows NTFS, Linux ext3/4, cloud security.

Encryption

  • Introduction to cryptography, hashing, encrypting stored data, digital signatures, Public Key Infrastructure (PKI), encrypting network data, Transport Layer Security, virtual private networks.

Authentication

  • Authentication mechanisms, good password strategies, Microsoft Windows Kerberos, attacking Windows authentication, Linux authentication mechanisms, certificate-based authentication, biometric authentication.

Legal Compliance& Security Policies

  • UK legal regulations, the role of security policies, writing security policies, ensuring business continuity.

Application Security

  • General guidelines for application security, securing web applications, securing mail applications, securing databases.

Malware

  • Types of malware, malware detection, malware removal, Trojans, rootkits, botnets, Spam delivery

Perimeter Security

  • Network designs, mobile workers, firewalls, proxy servers

Attacking TCP/IP

  • Weaknesses in TCP/IP, securing network devices, IPSec, Network Intrusion Detection, SNORT.

Wireless Network Security

  • Introduction to wireless networking, problems with WEP, WPA2, mobile IP.