INTRODUCTION TO CYBER SECURITY

Transcription

1 INTRODUCTION TO CYBER SECURITY

2 INTRODUCTION TO CYBER SECURITY In 2014 the world has continued to watch as breach after breach results in millions of credit card and personal information records being posted on the Internet. The Internet Storm Center reports an average of over 700,000 detected intrusion attempts daily and that s only the events they catch! There is no question that Cyber Security is a necessity and an increasing global concern, the challenge is where to start the daunting task of securing your infrastructure, training your end users and preparing your organization to face the year ahead. Introduction to Cyber Security is the foundational training for all users whether management, IT, end user or programmer. Equip your team with the up to date knowledge of threats we all face and the hands-on skills to address them. With information culminated from the most trusted sources; CERT, NIST, DHS and others, this course presents an objective, complete, and cutting edge view of our current environment as well as a vision of the near future of Cyber Security. ATTENDING STUDENTS WILL LEARN: Overview of the Hacking Cycle Phases of Network Reconnaissance Use and Methodology of Network Scanning Tools DNS Analysis and Manipulation Malware Types Defensive Postures Security Appliance Types and Uses Defense in Depth Model Access Control Mechanisms Authentication Protocol Types and Uses Encryption Protocol Types and Uses VPN Protocol Types and Uses WHO SHOULD ATTEND: IT Administrators seeking an understanding of security threawts and basic mitigation controls Database Administrators desiring an increased security awareness Managers of network resources who want an understanding of the current threat landscape End Users needing a heightened awareness of Cyber Security PREREQUISITES: There are no prerequisites, however a basic understanding of computer and network terminology is recommended

3 DAY 1 AGENDA THE CURRENT THREAT LANDSCAPE Prevalence of Common Threats Cost of Malware and Breaches Examples of Attack Time lines Attacker Goals Top 10 Threats THE HACKING CYCLE-ENUMERATION Reconnaissance Passive Information Gathering tools and techniques, Whois, Social Engineering Scanning Ping and other ICMP based Scanning TCP Syn and Port Scans UDP Host and Port Scans ICMP Message Quoting Operating System Fingerprinting, Baselines and Operating System Host Hardening MALWARE DAY 3 AGENDA Virus Types Armored, Stealth, Polymorphic, Retro, Macro, Multipartite, Resident, Non-Resident Worms, Trojan Horses, Rootkits, Illicit Servers, Botnets Spyware Keyloggers, Screen Capture, Cookie Grabbing, Browser High-jacking ANTI-VIRUS SOFTWARE Disk Scanning and Definitions Memory-Resident Scanners Heuristics and Execution Prevention Boot-time Scanning HOST BASED INTRUSION DETECTION Inoculation (Base-lining) Behavior Based and Heuristic Detection DAY 2 AGENDA TCP/IP PROTOCOL EXPLOITATION IPv4 and IPv6 Header Review IPv4 and IPv6 Manipulation and Analysis TCP and UDP Overview and Analysis DNS DNS Record Types MX, NS, SOA, A, AAAA, CNAME, PTR, NAPTR, SRV Host DNS Resolver Files and Functions DNS Server Types Caching, Forwarding, Authoritative DNS Zone Transfers DNS Security (DNSSEC) DHCP DHCP Message Types DHCP Options, Usage and Security ICMP ICMP Message Types ICMP Usage and Security DAY 4 AGENDA SPYWARE PROTECTION Anti-Spyware Software Private Browsing and Browser Plug-ins Private Data Storage and Deletion DEFENSE-IN-DEPTH Ingress/Egress Routers Layer 3 and Layer 4 Filtering, Access Control Lists Stateful Firewalls Reflexive ACL s, Content Inspection, Flood Mitigation, Maintence Application Layer Proxy or Firewalls Content Filtering, Anti-Virus, Anti-Spam, Caching and NAT Intrusion Detection Systems Packet Capture and Analysis, Active vs. Passive, Sensor Placement, Signatures HoneyPots

4 ACCESS CONTROL Physical Controls Perimeters, Barriers, Surveillance Access Control Models Mandatory, Rule and Role Based, Discretionary Authentication Factors Types Passwords and Password Cracking Authentication Protocols ENCRYPTION DAY 5 AGENDA Confidentiality, Integrity, Authentication, and Non-Repudiation Symmetric and Asymmetric Ciphers Hashing Algorithms X.509 Certificates The Public Key Infrastructure PGP SSL/TLS Versions Handshake Certificate Validation SSH Message Encryption Forward and Reverse Tunnels Toll free: (800)

5 COURSE OVERVIEW Lab 1 Lab 2 Lab 3 Lab 4 Lab 5 Lab 6 - Internet Research and Information Gathering - Using Whois, NSLookup, and Dig for DNS Reconnasiance - Identifying Social Engineering Attempts - Observing Network Scanning with Wireshark - Using Netstat and other utilities to base line a Windows System - Examining Malformed Packets with Wireshark Lab 7 Lab 8 Lab 9 Lab 10 Lab 11 Lab 12 Lab 13 Lab 14 Lab 15 Lab 16 Lab 17 Lab 18 Lab 19 Lab 20 Lab 21 Lab 22 Lab 23 - Capture and Analyze TCP and UDP Conversations - Capture and Analyze the DNS Query and Response Process - Explore an DHCP Scope. Observe the DHCP Process - Analyze ICMP Messages and Identify Source Operating Systems - Internet Research and Information Gathering - Install and Configure Anti-Virus, Scan an Infected system - Analyze ACL s, Capture Packets designed to evade the ACL s - Deploy and Configure a Personal Fire wall -Analyze Firewall Logs - Analyze and IDS setup. Read and Interpret IDS logs. - Discussion - common physical access controls mechanisms and how they are defeated - Use password cracking tools to reveal weak passwords - Capture and Inspect encrypted traffic - Hash files using MD-5, SHA-1 and SHA-2, compare hash outputs - Examine an X.509v3 Certificate. -View Trusted Root CA s in various Browsers -Observe OCSP Validation of a Certificate - Create a PGP Certificate. -Sign and Encrypt and using PGP - Capture and Analyze an SSL Session -Identify the Certificate and Issuing Authority - Create and SSH Tunnel