Detailed Course Outline
Introduction to Information Security
- Information Security fundamentals, Information Security models, IS standards, attack overviews.
Risk Management
- Risk management process, risk analysis, risk control.
Operating System Security
- Popular operating systems, OS hardening, vulnerabilities and the patch cycle, OS scanning.
Access Control
- Types of access control, physical access, controlling resource access, Microsoft Windows NTFS, Linux ext3/4, cloud security.
Encryption
- Introduction to cryptography, hashing, encrypting stored data, digital signatures, Public Key Infrastructure (PKI), encrypting network data, Transport Layer Security, virtual private networks.
Authentication
- Authentication mechanisms, good password strategies, Microsoft Windows Kerberos, attacking Windows authentication, Linux authentication mechanisms, certificate-based authentication, biometric authentication.
Legal Compliance& Security Policies
- UK legal regulations, the role of security policies, writing security policies, ensuring business continuity.
Application Security
- General guidelines for application security, securing web applications, securing mail applications, securing databases.
Malware
- Types of malware, malware detection, malware removal, Trojans, rootkits, botnets, Spam delivery
Perimeter Security
- Network designs, mobile workers, firewalls, proxy servers
Attacking TCP/IP
- Weaknesses in TCP/IP, securing network devices, IPSec, Network Intrusion Detection, SNORT.
Wireless Network Security
- Introduction to wireless networking, problems with WEP, WPA2, mobile IP.