CNIT 120

Network Security

Course Information

Note: We have created two blank course pages for you to populate. If you are teaching only one course, take time to hide the second course page from the navigation. If you are teaching more than two course, duplicate one of your course pages and rename it. Finally, adjust the Courses Page by either removing or adding references to your course pages.

After finishing the process above, delete the instructions and then include your course information: description of the course, how you handle ADDS/DROPS, special software or materials required.

Important Dates

Important dates: Prominently state if there are required meetings and if there is a required orientation midterm, and/or final exam. It is very important that you include the dates as students need this information when they register for all of their classes. Include the campus location, building name, and room number. It is best to have this information on your website at the time the online schedule is released.

Course Syllabus

CNIT 120 Syllabus

Chapter 1

Mastering Security Basics

Understanding Core Security Goals

Provide Integrity

Ensue Confidentiality

Increase Availability

Resource Versus Security Constraints

Introducing Basic Risk Constraints

Understanding Control Types

Implementing Virtualization

Comparing Hypervisors

Secure Network Architecture

Using Command-Line Tools

Windows Command Line

Linux Terminal

Understanding Switches and Getting Help

Understanding Case

Ping

Chapter 2

Understanding Identity Access Management

Exploring Authentication Concepts

Comparing Identification and AAA

Comparing Authentication Factors

Summarizing Identification Methods

Troubleshooting Authentication Issues

Comparing Authentication Services

Managing Accounts

Comparing Access Control Models

Role-Based Access Control

Rule-Based Access Control

Discretionary Access Control

Mandatory Access Control

Attribute-Based Access Control

Chapter 3

Exploring Network Technologies and Tools

Reviewing Basic Network Concepts

Basic Network Protocols

Implementing Protocols for Use Cases

Understanding and Identifying Ports

Understanding Basic Network Devices

Switches

Routers

Bridge

Aggregation Switch

Firewalls

Implementing a Secure Network

Zones and Topologies

Network Separation

Media Gateway

Proxy Servers

Unified Threat Management

Mail Gateways

Chapter 4

Securing Your Network

Exploring Advanced Security Devices

Understanding IDSs and IPSs

SSL/TLS Accelerators

SSL Decryptors

SDN

Honeypots

Honeynets

IEEE 802.1x Security

Securing Wireless Networks

Reviewing Wireless Basics

Networks Architecture Zones

Wireless Cryptographic Protocols

Understanding Wireless Attacks

Using VPNs for Remote Access

VPNs and VPN Concentrators

Remote Access VPN

Network Access Control

Identity and Access Services

Chapter 5

Securing Hosts and Data

Implementing Secure Systems

Operating Systems

Secure Operating System Configurations

Secure Staging and Deployment

Peripherals

Hardware and Firmware Security

Summarizing Cloud Concepts

Infrastructure as a Service

Security Responsibilities with Cloud Models

Security as a Service

Cloud Deployment Models

Deploying Mobile Devices Securely

Exploring Embedded Systems

Protecting Data

Protecting Confidentiality with Encryption

Data Loss Prevention

Chapter 6

Comparing Threats, Vulnerabilities and Common Attacks

Understanding Threat Actors

Determining Malware Types

Recognizing Common Attacks

Social Engineering

Attacks via Email and Phone

One Click Lets Them In

Blocking Malware and Other Attacks

Protecting Systems from malware

Educating Users

Why Social Engineering Works

Chapter 7

Protecting Against Advanced Attacks

Comparing Common Attacks

DoS Versus DDos

Privilege Escalation

Spoofing

SYN Flood Attacks

Man-in-the-Middle Attacks

ARP Poisoning Attacks

DNS Attacks

Amplification Attacks

Password Attacks

Replay Attacks

Known Plaintext Attacks

Hijacking and Related Attacks

Domain Hijacking

Man-in-the-Browser

Driver Manipulation

Zero-Day Attacks

Memory Buffer Vulnerabilities

Summarizing Secure Coding Concepts

Compiled Versus Runtime Code

Proper Input Validation

Avoiding Race Conditions

Proper Error Handling

Cryptographic Techniques

Code Reuse and SDKs

Code Obfuscation

Code Quality and Testing

Development Life-Cycle Models

Secure DevOps

Version Control and Change Management

Provisioning and Deprovisioning

Identifying Application Attacks

Web Servers

Database Concepts

Injection Attacks

Cross-Site Scripting

Cross-Site Request Forgery


Chapter 8

Using Risk Management Tools

Understanding Risk Management

Threats and Threat Assessments

Vulnerabilities

Risk Management

Comparing Scanning and Testing Tolls

Checking for Vulnerabilities

Obtaining Authorization

Penetration Testing

Intrusive Versus Non-Intrusive Testing

Passive Versus Active Tools

Exploitation Frameworks

Using Security Tools

Sniffing with a Protocol Analyzer

Command-Line Tools

Monitoring Logs for Event Anomalies

SIEM

Continuous Monitoring

Usage Auditing and Reviews

Permission Auditing and Review

Chapter 9

Implementing Controls to Protect Assets

Implementing Defense in Depth

Comparing Physical Security Controls

Using Signs

Comparing Door Lock Types

Tailgating

Preventing Tailgating with Mantraps

Increasing Physical Security with Guards

Monitoring Areas with Cameras

Fencing, Lighting, and Alarms

Securing Access with Barricades

Using Hardware Locks

Asset Management

Shielding

Adding Redundancy and Fault Tolerance

Single Point of Failure

Disk Redundancies

Server Redundancy and High Availability

Power Redundancies

Protecting Data with Backups

Comparing Backup Types

Testing Backups

Protecting Backups

Comparing Business Continuity Elements

Business Impact Analysis Concepts

Continuity of Operations Planning

Disaster Recovery

Testing Plans with Exercises

Chapter 10

Understanding Cryptography and PKI

Introducing Cryptography Concepts

Providing Integrity with Hashing

MDS

SHA

HMAC

RIPEMD

Hashing Files

Key Stretching

Hashing Messages

Using HMAC

Providing Confidentiality with Encryption

Encryption Terms

Block Versus Stream Ciphers

Cipher Modes

Symmetric Encryption

Asymmetric Encryption

The Rayburn Box

Certificates

RSA

Static Versus Ephemeral Keys

Elliptic Curve Cryptography

Diffie-Hellman

Steganography

Using Cryptographic Protocols

Protecting Email

HHTPS Transport Encryption

Exploring PKI Components

Certificate Authority

Certificate Chaining and Trust Models

Registration and CSRs

Certificate Issues

Public Key Pinning

Key Escrow

Recovery Agent

Comparing Certificate Types

Certificate Formats

Chapter 11

Implementing Policies to Mitigate Rates

Exploring Security Policies

Personnel Management Policies

Agreement Types

Protecting Data

Information Classification

Data Sensitivity Labeling and Handling

Responding to incidents

incident Response Plan

Incident Response Process

Implementing basic Forensic Procedures

Providing Training

Role-Based Awareness Training

Continuing Education

Training and Compliance Issues

Troubleshooting Personnel Issues

CompTIA Security+ SYO-501 Study Guide

ISBN-13 978-1939136053, ISBN-10 1939136059