Introduction to Cybersecurity

  • Cybersecurity objectives
  • Cybersecurity roles
  • Differences between Information Security & Cybersecurity

Cybersecurity Principles

  • Confidentiality, integrity, & availability
  • Authentication & nonrepudiation

Information Security (IS) within Lifecycle Management

  • Lifecycle management landscape
  • Security architecture processes
  • Security architecture tools
  • Intermediate lifecycle management concepts

Risks & Vulnerabilities

  • Basics of risk management
  • Operational threat environments
  • Classes of attacks

Incident Response ,categories, response, recovery

Future Implications & Evolving Technologies

  • New & emerging IT & IS technologies
  • Mobile security issues, risks, & vulnerabilities
  • Cloud concepts around data & collaboration

Security Management overview

  • Introduction of enterprise IT components
  • Servers, storage, databases, applications, email, telephony
  • Perimeter security components- Firewall, VPN, IDS/IPS, sandbox, honeypot, DDoS prevention
  • End point security component- Anti-virus, Endpoint detection & response
  • Content security - Email security, web proxy, data loss prevention
  • Different type of security attacks - Technical, social engineering, APT
  • Attacks life cycle
  • Vulnerability Management and penetration testing (Vulnerability Management Process, System/software Patching, Penetration testing)

Network Infrastructure Security Components

  • Security threats in IP Network(Policies, Types of security breach, denial of service, data manipulation, data theft, data destruction, security checklists, incident response.)
  • Security exploits: Respective Threats and Their Countermeasures(The Internet worm, IP spoofing, SYN attack, hijacking, Ping o' Death, Wireless Security and Attacks, keeping up to date with new threats. Exercise: Use a port scanning tool, use a 'hacking' tool.)
  • Firewalls- Introduction, Features, comparisons: Cisco ASA , Checkpoint, Palo alto (Products, Packet filtering, DMZ, content filtering, stateful packet inspection, Proxies, firewall architectures,IOS ACLs. Exercise: Set up a firewall and prevent attacks.)
  • Intrusion Detection Systems(Introduction, Features, comparisons: Cisco IPS Family, Checkpoint IPS)
  • Introduction to Proxy(Features, Deployment Types Transparent/Explicit, SSL Inspections )
  • NAT(NAT Static and Dynamic and PAT)
  • Encryption, Cryptography(Encryption keys, Encryption strengths, Secret key vs Public key, algorithms, systems, SSL, SSH, Public Key Infrastructures. Exercise: Run a packet capture tool, Perform DOS attacks, Perform Flood attacks, Fingerprinting etc)
  • Authentication(Types of authentication, AAA, Securid, Biometrics, Digital certificates, Certificate types, Certificate authorities, CRLs, RADIUS.)
  • VPNs and IPSec: Implementation of VPN(Types of VPN: S2S, Remote, SSL. IPSec, AH, ESP, transport mode, tunnel mode)
  • Layer 2 Security(Describe Layer 2 security using Cisco switches.)