The eLearning Center for University of Texas at San Antonio

This series is designed to prepare the student to pass the Certified Internet Webmaster (CIW) Security 1D0-470 exam. It helps the student achieve proficiency in identifying security threats, developing countermeasures, and using firewall systems and attack recognition technologies. It covers the fundamental concepts and principles of network security, and it describes the most common types of attacks that can occur. It covers basic networking models, such as TCP/IP and the OSI reference model, and it explains the security vulnerabilities of protocols used at each layer in the model. It also covers the basic tools and procedures used to protect a network, including firewalls, encryption, auditing, and log analysis.

Security Fundamentals
Time: 4.0 hour(s)
Summary:
This course covers basic security concepts and principles. It introduces the major elements that go into a security implementation, including encryption, authentication, access control lists, execution control lists, and auditing.
Objectives:
* List the basic elements of a security matrix.
* Explain the types of security threats that are now common.
* Describe the most common elements of a security system, including encryption, authentication, access control lists, execution control lists, and auditing.
Topics:
* What is security?
* A security matrix
* Assessing the threat
* Security standards
* Elements of security
* The security policy
* Encryption
* Authentication
* Access control
* Execution Control Lists
* Auditing
* Common security principles
* Multiple layers
* Enforcement and training
* Security management
* Physical security

Attack Types and Encryption
Time: 4.0 hour(s)
Summary:
This course provides a detailed introduction to the encryption process for e-mail and other Internet applications, including the interaction of symmetric, asymmetric (public key), and hash encryption, SSL, and S-HTTP. It also provides an introduction to security attacks and how they can be prevented.
Objectives:
* Explain the e-mail encryption process and its components.
* Explain the differences between SSL and S-HTTP.
* Use common applications to encrypt messages and files.
* List and describe the categories of security attack: brute force/dictionary, buffer overflow, Trojan, DOS/DDOS, and man in the middle.
* List methods of preventing each type of attack.
Topics:
* Applied encryption
* Symmetric-key encryption
* Asymmetric encryption
* Applied packet-filtering
* E-mail encryption applications
* File and Web encryption applications
* Brute force and dictionary attacks
* System bugs, back doors, and Trojans
* Social engineering and non-direct attacks

Protocol Layers and Security
Time: 3.0 hour(s)
Summary:
This course covers the basic models used to conceptualize network communications, including the TCP/IP and OSI reference models. It provides information on the protocols used at each layer of the model and how hackers commonly exploit network protocols. It also explains how to perform security testing on existing and new systems.
Objectives:
* Describe the TCP/IP protocol stack.
* Diagram the OSI reference model and explain how it functions.
* List protocols used at the Network, Transport, and Application layers of each model.
* Identify the major security vulnerabilities of network protocols.
* List basic steps you can take to protect network services.
* Identify the security vulnerabilities of e-mail servers.
* Explain the processes used for security testing.
Topics:
* TCP/IP security
* The OSI reference model
* Transport layer
* Application layer
* Implementing TCP/IP security
* Protecting TCP/IP services
* Simple Mail Transfer Protocol
* Testing and evaluating
* Security testing software

Firewalls
Time: 4.0 hour(s)
Summary:
This course introduces users to firewall and VPN design. Basic firewall concepts are covered including bastion hosts, packet filters, screening routers, and proxies.
Objectives:
* Explain the role and purpose of a firewall.
* Distinguish between packet-filters, application-layer proxies, and circuit-level proxies.
* Describe the role and possible configurations of a bastion host.
* Outline how PKI works.
* Write rules for a basic packet filter.
* Describe the four basic firewall designs and discuss their advantages and disadvantages.
* Use WinRoute to configure NAT or a proxy on a Windows machine.
* Use Ipchains and Iptables to configure packet-filtering on Linux.
Topics:
* The role of firewalls
* Firewall concepts
* Packet filter rules
* Applying packet filters
* Configuring proxy servers
* Remote access and virtual private networks
* Public key infrastructure
* Designing a firewall
* Hardware issues
* Common firewall designs
* Implementing a firewall strategy

Operating System Security
Time: 5.0 hour(s)
Summary:
This course introduces security issues that arise at the operating system level in a network. It covers the major areas of vulnerability for operating systems such as Windows 2000 and Linux. It shows how built-in security features can be activated, how to configure password settings, and how to set permissions on files, folders, and shares.
Objectives:
* Describe the most widely-used industry security standards.
* List the key vulnerabilities of Windows 2000 and Linux operating systems.
* Describe the built-in security features of Windows 2000.
* Use Pluggable Authentication Modules to improve authentication on Linux systems.
* Configure password settings for improved security.
* Set permissions on files, folders and shares.
Topics:
* Security principles
* Evaluation criteria
* Security levels and mechanisms
* Windows 2000 security
* Windows 2000 security architecture
* Linux security
* Pluggable authentication modules
* Passwords
* Verifying system state
* Protecting accounts
* Password aging in Linux
* Windows 2000 file systems
* Remote file access
* Linux file systems

Assessing and Reducing Risk
Time: 4.0 hour(s)
Summary:
This course examines specific modifications to harden UNIX and Windows-based operating systems, including changes to the Windows Registry and UNIX rlogin, NIS, and NFS.
Objectives:
* Identify general and specific operating system attacks.
* Describe the function of a keylogger program.
* Scan a system to view its services and assess security risks.
* Explain Linux security concerns including rlogin, NIS, and NFS.
* Explain the purpose and importance of system patches and fixes.
* Modify the Windows 2000 Registry to increase security.
* Lock down and remove services for effective security in Windows 2000 and Linux.
Topics:
* Assessing risk
* Keyloggers
* System port scanning
* UNIX security vulnerabilities
* NIS security concerns
* NFS security concerns
* Patching and changing defaults
* Windows 2000 registry security
* Disabling Windows 2000 services
* Securing network connectivity
* Reducing risk in Linux systems

Security Auditing
Time: 3.0 hour(s)
Summary:
This course provides basic information on security auditing concepts, methods, and applications. It covers several categories of auditing software, including DNS utilities, ping and port scanners, network discovery applications, and enterprise-grade vulnerability scanners.
Objectives:
* Describe the activities of auditors in their various roles, including that of security manager, consultant, and insider.
* List and describe the three basic stages of a security audit.
* Identify and utilize auditing software, including DNS utilities, ping and port scanners, and enterprise-grade vulnerability scanners.
* Classify information revealed during audits.
Topics:
* Introduction to auditing
* Auditor roles
* Risk assessment
* Audit stages
* Security scans
* Network discovery applications
* Enterprise-grade audit applications
* Using audit applications
* Social engineering
* Basic audit information

Auditing and the Control Phase
Time: 5.0 hour(s)
Summary:
This course examines each type of attack with respect to auditing. It covers the file locations used by root kits, as well as methods of penetration and the goals a hacker has during the control phase. It also covers illicit servers.
Objectives:
* Identify common targets of attack.
* Discuss penetration strategies and methods.
* List potential physical, OS, and TCP/IP stack attacks.
* Identify and analyze specific brute-force and DoS attacks.
* Implement methods designed to thwart penetration.
* Define control procedures.
* Identify control methods.
* List ways to document control procedures and methods.
Topics:
* Network penetration
* Common targets
* System bugs
* Denial-of-service attacks
* Combined attack strategies
* Identifying attacks
* Network control
* UNIX and Windows 2000 file locations
* UNIX passwords
* Control methods
* Back Orifice
* NetBus
* Adding administrative accounts

Attack Detection and Response
Time: 3.0 hour(s)
Summary:
This course provides information on how to detect, distract, and deter hacker activity, and suggests ways to create a security and response policy.
Objectives:
* Deter and distract hackers using proactive detection techniques.
* Describe the different types of IDS architectures.
* Audit and create rules using eTrust.
* Audit your network using Snort.
* Create and implement a response policy.
Topics:
* Proactive detection
* Distracting the hacker
* Deterring the hacker
* Intrusion detection
* Intrusion detection architecture
* IDS rules and actions
* Intrusion detection software
* Auditing with eTrust
* Creating rules in eTrust
* Auditing with Snort
* Planning for response
* Documentation and assessment
* Executing the response plan

Auditing and Log Analysis
 Time: 4.0 hour(s)
Summary:
This course provides information on how to define a baseline of network performance for security auditing, analyze log files, create a network security assessment report, and suggest ways to improve compliance to a security policy.
Objectives:
* Audit network activity in Windows NT/2000 and Linux
* Use log analysis to identify suspicious network activity
* Create a security audit report
* Recommend steps for improving security compliance
* Enable proactive detection of security problems
* Configure a personal firewall
* Use SSH for data security and authentication
Topics:
* Log analysis
* Firewall and router logs
* Operating system logs
* Filtering logs
* Suspicious activity
* Additional logs
* Log auditing tools
* Generating reports
* Auditing recommendations
* Creating the assessment report
* Improving compliance
* Improving router security
* Enabling proactive detection
* Host auditing solutions
* Personal firewalls
* Replacing and updating services
* Secure shell