Chapter 1: Introduction
Chapter 1 introduces the challenges that security professionals face, the three main goals of CIA security, risk management and integrity vs. non-repudiation. Students will learn the various layers of security, and what countermeasures can reduce risk. This chapter explains how to utilize the simulation labs to effectively practice different concepts within a security role.
Chapter 2: Threats, Attacks and Vulnerabilities
Chapter 2 identifies the threat actor types as well as different attack strategies and how to defend against attacks. It also covers how to implement malware protection, use Windows Security, and configure Windows Defender to secure a network. Students will also learn how to identify social engineering, and how to scan for different types of vulnerabilities, including vulnerabilities within Windows and Linux.
Chapter 3: Physical
Chapter 3 discusses physical threats and how to secure against them. It reviews guidelines for protecting servers, the Protective Distribution System, a Faraday cage, and fiber optic cabling. Students will also learn how temperature affects computer equipment, how to reduce and maintain temperatures to keep equipment running efficiently, and methods for fire suppression.
Chapter 4: Networks and Hosts Design and Diagnosis
Chapter 4 introduces how to develop a manageable network plan, what elements to identify when mapping a network, and how to protect the network while still providing necessary access. It also covers hardening, the benefits of security, how to reduce the attack surface of a device, and the importance of lean software installation. Students will learn how to identify inherited permissions, the difference between Share and NTFS permissions and how to view user permissions. This chapter concludes by exploring Linux host security. Students will learn to remove unnecessary services and scan ports, install and update iptables, and identify network connections on a system.
Chapter 5: Devices and Infrastructure
Chapter 5 covers how to install and configure a security appliance, configure network security appliance access, quality of service, and demilitarized zones. It also covers how to configure firewall rules, schedules, and a perimeter firewall. Students will learn about NAT and how to configure a VPN, VPN Client, remote access VPN, and a VPN connection from mobile devices. This chapter introduces how to protect against web threats by configuring web threat protection and URL blocking, what the two stages of Network Access Control are, and how to guard against network threats. Students learn to protect enterprise infrastructure, follow best practices to ensure resource protection, identify vulnerabilities, and apply software patches. This chapter concludes by discussing network applications, switch security, router security, and using VLANs.
Chapter 6: Identity, Access and Account Management
Chapter 6 covers best practices for access control, authentication, and authorization. Students will learn the windows operating system roles, user accounts, workgroups, online user accounts, domain user accounts, and Azure AD user accounts. They will also learn about Active Directory, the purpose of a domain, how to simplify security administration with OUs, the advantages of a hierarchal directory database, the difference between a tree and a forest, applicable user policies, and how to create GPOs. This chapter discusses how to harden user accounts, restrict local accounts, secure default accounts, enforce user account control, and configure smart card authentication. Students will learn to create, rename, and delete users and groups within Linux. This chapter ends by explaining remote access and network authentication. Students will learn to configure a RADIUS solution, learn about LDAP and Kerberos authentication, and learn how to control the authentication method and manage credentials.
Chapter 7: Cryptography and PKI
Chapter 7 explains cryptography and the difference between symmetric and asymmetric encryption, which algorithms can be used to generate a hash, how to use steganography to hide a file, and how to crack a symmetric encryption key. This chapter also covers the goals of information security, the benefits of a digital signature and the functionality of a Trusted Platform Module. Students will learn about hashing and which algorithms to use, and how to encrypt files using EFS, PGP, and GPG. This chapter concludes by discussing the public key infrastructure, certificate types, managing certificates, and extending validation.
Chapter 8: Wireless Threats
Chapter 8 reviews wireless networking and installation, potential threats to security, and how to defend against attacks. This chapter provides instruction on creating a wireless connection, cracking encryption, and how to configure rogue host protection. Students will learn to use wireless attack tools, how to crack Wi-Fi encryption, detect rogue hosts, and configure rogue host protection. This chapter ends by discussing methods of wireless authentication and access, as well as how to harden a wireless access point and configure WIPS and captive portals.
Chapter 9: Virtualization, Cloud Security and Securing Mobile Devices
Chapter 9 explores the different technologies related to virtualization and mobile and cloud security. As students explore host virtualization and virtual networking, they will discover load balancing, and learn how to create and manage virtual machines, different virtual network devices, and virtual switches. This chapter covers software-defined networking and architecture, cloud services, and cloud security. Students will learn about security issues with cloud computing and how to enhance cloud performance, as well as different types of controls and solutions. As students examine mobile devices, they will learn about different connection methods, enforcing mobile device security, sideloading an app, managing mobile devices, and enrolling a device and performing a remote wipe. This chapter concludes by discussing bring-your-own-device security, how to create a guest network for BYOD, constraints and security of embedded devices, and communication of embedded systems.
Chapter 10: Securing Data and Applications
Chapter 10 introduces data transmission security, how to add SSL to a website, allow SSL connections, and how to require IPsec for communication. This chapter introduces data loss prevention, masking, encryptions, tokenization and rights management. Students will learn to perform an SQL injection attack, prevent cross-site scripting, and exploit SQL on a webpage. Finishing with application development and security, students will learn how to harden applications on Linux, implement data execution preventions, and implement application whitelisting with AppLocker.
Chapter 11: Security Assessments
Chapter 11 introduces different tools for penetration testing, monitoring and reconnaissance, and intrusion detection. As students review different security assessment techniques, they will learn about the threat-hunting process, the common vulnerability scoring system calculator, and how to scan for common vulnerabilities in Windows and Linux, domain controllers, WAPs, and security appliances. This chapter discusses protocol analyzers, analyzing network traffic and attacks, performing ARP and DNS poisoning, and how to examine DNS attacks and identify malicious code.
Chapter 12. Incident Response, Forensics and Recovery
Chapter 12 explores different ways to discover and respond to security issues. It covers the process and framework for responding to an incident, how to mitigate an incident through reconfiguring and protecting endpoints, and isolating and containing an incident. Students will learn the importance of log management, identifying and using trends from vulnerability scan outputs, and uses for SIEM. Students will also learn how to use Windows for logging events. This chapter covers forensic documentation and evidence, acquiring forensic data, and using forensic tools to investigate incidents. Students will discover how to manipulate files using shells and scripting, manipulate packet capture, and use TcpRelay. This chapter concludes by discussing how to implement secure network designs and manage redundant power options, backup files and recover files with file history, and use the backup domain controller.
Chapter 13: Risk Management
Chapter 13 chapter introduces organizational security policies including: personnel policies, data protection policies, and credential and organizational policies. This chapter also reviews risk types and tolerance, how to analyze risks, and business continuity planning. Students will learn about email security, protecting a client from spam, and securing an email server.
Chapter 14: Governance and Compliance
Chapter 14 explores auditing with Windows security logs, advanced audit policies, and different types of audits. This chapter covers different control categories and security frameworks. Students will finish by learning about sensitive data and privacy, by reviewing consequences of breaches, information classification, privacy and responsibility, and data destruction.
Chapter 1: Introduction
Security Overview
- The Security Landscape
- Security Concepts
Defense Planning
- The Layered Security Model
- User Education
Chapter 2: Threats, Attacks, and Vulnerabilities
Understanding Attacks
- Threat Actor Types
- Threat Agents Overview
- General Attack Strategy
- General Defense Strategy
Malware
- Malware Facts
- Malware Protection Facts
- Implementing Malware Protections
- Use Windows Security
Social Engineering
- Social Engineering Overview
- Social Engineering Motivation
- Social Engineering Techniques
- Phishing and Internet-Based Techniques
- Social Engineer Toolkit
- Investigating a Social Engineering Attack
Vulnerability Concerns
- Vulnerability Concerns Facts
- Impact of Vulnerabilities
Chapter 3: Physical
Physical Threats
- Physical Security
Device and Network Protection
- Hardware Security Guidelines
- Hardware Security Facts
- Physical Network Protection
Environment Controls
- Securing Environmental Systems
- Environmental Control Facts
- Fire Protection Facts
Chapter 4: Networks and Hosts Design and Diagnosis
Manageable Network Plan
- Manageable Network Plan Facts
Windows System Hardening
- Hardening Facts
- Hardening an Operating System
- Managing Automatic Updates
- Configure Automatic Updates
- Configure Microsoft Defender Firewall
File Server Security
- File System Security Facts
- File Permission Facts
- Configuring NTFS Permissions
Linux Host Security
- Removing Unnecessary Services
- Linux Host Security Facts
- Configure iptables
Chapter 5: Devices and Infrastructure
Security Appliances
- Security Solutions
- Security Zones
- All-In-One Security Appliances
- Security Solution Facts
- Configuring Network Security Appliance Access
- Configure QoS
- Attack Deception
- Detect Malicious Network Traffic with a Honeypot
Demilitarized Zones
- Demilitarized Zones
- Configuring a DMZ
- DMZ Facts
Firewalls
- Firewall Facts
- Configure Firewall Rules
- Configure Firewall Schedules
Network Address Translation
- Network Address Translation Facts
- Configure NAT
Virtual Private Networks
- Virtual Private Networks
- Configuring a VPN
- Configuring a VPN Client
- VPN Facts
- VPN Protocol Facts
Web Threat Protection
- Configure Web Threat Protection
- Configure URL Blocking
- Web Threat Protection Facts
Network Access Control
- Network Access Control Facts
Network Threats
- Network Threats Overview
Network Device Vulnerabilities
- Device Vulnerability Facts
- Searching for Default Passwords
- Unauthorized SSH Connection
- Securing a Switch
Network Applications
- Network Application Security
- Configuring Application Control Software
- Network Application Facts
Switch Security and Attacks
- Switch Features
- Securing Network Switches
- Switch Security Facts
- Switch Attacks
- Use SMAC to Spoof MAC Addresses
- Spoof MAC Addresses with SMAC
- Switch Attack Facts
- Hardening a Switch
Using VLANs
- VLAN Facts
- Configuring VLANs
Router Security
- Router ACLs
- Router Security Facts
- Configuring ACLs
Chapter 6: Identity, Access and Account Management
Access Control Models
- Identity and Access Management
- Authentication, Authorization and Accounting
- Access Control Facts
- Access Control Best Practices
- Access Control Models
- Implementing Dynamic Access Control
Authentication
- Authentication
- Authentication Methods
- Biometrics and Authentication Technologies
- Using a Biometric Scanner
- Using Single Sign-on
Authorization
- Cumulative Access
- Authorization Facts
- Examining the Access Token
Windows User Management
- Windows Operating System Roles
- Using Local User Accounts for Sign-in
- Join a Workgroup
- Using Online User Accounts for Sign-in
- Using Domain User Accounts for Sign-in
- Using Azure AD User Accounts for Sign-in
- Windows User Management Facts
Active Directory Overview
- Joining a Domain
- Managing Active Directory Objects
- Active Directory Facts
- Group Policy
- Using Group Policy
Hardening Authentication
- Configuring User Account Restrictions
- Configuring Account Policies and UAC Settings
- Hardening User Accounts
- Hardening Authentication Facts
- Configuring Smart Card Authentication
- Smart Card Authentication Facts
Linux User
- Linux User and Group Overview
- Managing Linux Users
- Linux User Commands and Files
- Linux User Security and Restrictions
- Configuring Linux User Security and Restrictions
Linux Groups
- Managing Linux Groups
- Linux Group Commands
Remote Access
- Remote Access Facts
- Configuring a RADIUS Solution
- RADIUS and TACACS+ Facts
Network Authentication
- Network Authentication Protocols
- Network Authentication Facts
- LDAP Authentication
- Kerberos Authentication
- Controlling the Authentication Method
- Credential Management
Chapter 7: Cryptography and PKI
Cryptography
- Cryptography Concepts
- Symmetric vs Asymmetric Encryption
- Cracking a Symmetric Encryption Key
- Cryptography Algorithm
- Blockchain
- Use Steganography to Hide a File
- Cryptographic Attacks
Cryptography Implementations
- Cryptography Uses and Limitations
- Combining Cryptographic Methods
- Hardware-Based Encryption Devices
- Cryptographic Implementation Facts
Hashing
- Hashing Algorithms
- Hashing Facts
- Using Hashes
File Encryption
- Encrypting File System
- Securing Files using EFS
- PGP and GPG
- Encrypting Files with GPG
- BitLocker and Database Encryption
- Configuring BitLocker
- File Encryption Facts
Public Key Infrastructure
- Public Key Infrastructure
- Certificate Types
- Manage Certificates
- Extended Validation
- Certificate Concepts
Chapter 8: Wireless Threats
Wireless Overview
- Wireless Networking Overview
- Wireless Installation
- Wireless Networking Facts
- Configuring a Wireless Connection
Wireless Attacks
- Wireless Attacks
- Using Wireless Attack Tools
- Crack Wi-Fi Encryption with Aircrack-ng
- Detecting Rogue Hosts
Wireless Defenses
- Wireless Security
- Wireless Authentication and Access Methods
- Wireless Authentication and Access Methods Facts
- Hardening a Wireless Access Point
- Harden a Wireless Network
- Configure WIPS
- Configuring a Captive Portal
Chapter 9: Virtualization, Cloud Security and Securing Mobile Devices
Host Virtualization
- Host Virtualization Overview
- Load Balancing with Virtualization
- Virtualization Facts
- Creating Virtual Machines
- Managing Virtual Machines
- Adding Virtual Network Adapters
Virtual Networking
- Virtual Network Devices
- Configuring Virtual Network Devices
- Virtualization Implementation Facts
- Virtual Networking Facts
Software-Defined Networking
- Software-Defined Networking Basics
- SDN Infrastructure and Architecture
Cloud Services
- Cloud Services Introduction
- Enhancing Cloud Performance
- Cloud Computing Security Issues
- Cloud Computing Facts
- Cloud Storage Security Facts
Cloud Security
- Cloud Security Controls
- Cloud Security Solutions
Mobile Devices
- Mobile Device Connection Methods
- Mobile Device Connection Facts
- Enforcing Mobile Device Security
- Enforcing Security Policies on Mobile Devices
- Sideload an App
Mobile Device Management
- Mobile Device Management Facts
- Enroll Devices and Perform a Remote Wipe
- Enrolling Non-Windows Devices
- Mobile Application Management Facts
BYOD Security
- BYOD Security Issues
- BYOD Security Facts
- Securing Mobile Devices
- Secure an iPad
- Creating a Guest Network for BYOD
Embedded and Specialized Systems
- Embedded and Specialized Systems
- Smart Home
- Constraints and Security of Embedded Devices
- Communication of Embedded Systems
- Embedded and Specialized Systems Facts
Chapter 10: Securing Data and Applications
Data Transmission Security
- Secure Protocol Facts
- Adding SSL to a Website
- IPsec
Data Loss Prevention
- Data Loss Prevention Facts
Web Application Attacks
- Web Application Attacks
- XSS and CSRF Attacks
- Injection Attacks
- Header Manipulation
- Zero Day Application Attacks
- Client-Side Attacks
- Web Browser Threats
- Web Browser Security Facts
- Preventing Cross-Site Scripting
- SQL Injections
- Exploit SQL on a Web Page
- Web Application Attack Facts
Application Development and Security
- Development Life Cycle
- Automation and Scripting
- SDLC and Development Facts
- Version Control Management
- Secure Coding Concepts
- Application Hardening
- Application Development Security Facts
- Hardening Applications on Linux
- Implement Application Whitelisting with AppLocker
- Implement Data Execution Preventions
- Hardening Applications Facts
Chapter 11: Security Assessments
Penetration Testing
- Penetration Testing Facts
- Exploring Penetration Testing Tools
Monitoring and Reconnaissance
- Network Monitoring Facts
- Performing Port and Ping Scans
- Reconnaissance
- Performing Reconnaissance
- Perform Reconnaissance with Nmap
- Perform Reconnaissance with the Harvester
- Reconnaissance Facts
Intrusion Detection
- IDS Facts
- Use Squil and Squert
- Implement Intrusion Detection and Prevention
Security Assessment Techniques
- Vulnerability Assessment Facts
- SIEM and SOAR Facts
- Conduct Vulnerability Scans
- Scanning a Network with Nessus
Protocol Analyzers
- Protocol Analyzer Facts
- Analyzing Network Traffic
Analyzing Network Attacks
- Analyzing Network Attacks Facts
- Performing ARP Poisoning
- Performing DNS Poisoning
- Performing a SYN Flood
- Examining DNS Attacks
- Malicious Code Facts
Password Attacks
- Password Attack Facts
- Using Rainbow Tables
- Crack Passwords
- Crack Password Protected Files
Chapter 12. Incident Response, Forensics and Recovery
Incident Response
- Incident Response Process
- Incident Response Frameworks and Management
Mitigation of an Incident
- Reconfigure and Protect Endpoints
- Isolate and Containment Facts
Log Management
- Security Information and Event Management
- SIEM and Log Management Facts
- Monitoring Data and Metadata
- Saving Captured Files with Wireshark
- Use Elasticsearch Logstash Kibana
- Use NetworkMiner
- Configuring Remote Logging on Linux
- Logging Events on pfSense
Windows Logging
- Windows Event Subscriptions
- Configuring Collector-Initiated Subscriptions
- Configuring Source-Initiated Subscriptions
- Logging Events with Event Viewer
Digital Forensics
- Forensic Documentation and Evidence
- Forensic Acquisition of Data
- Forensic Tools
- Create a Forensic Drive Image with FTK
- Create a Forensic Drive Image with Guymager
- Create a Forensic Drive Image with DC3DD
- Examine a Forensic Drive Image with Autopsy
- Forensic Data Integrity and Preservation
- Forensic Investigation Facts
File and Packet Manipulation
- Manipulating Files
- 12.6.3 Shells and Scripting
- Packet Capture Manipulation
- Use TcpReplay
- Packet Capture Facts
Redundancy
- Redundancy Facts
- RAID
- Implementing RAID
- Configure Fault-Tolerant Volumes
- Hardware Clustering
- Clustering Facts
Backup and Restore
- Backup Types
- Backup Storage Options
- Configure Network Attached Storage
- Implementing File Backups
- Demo Recovering Files
- Backup a Domain Controller
- Restoring Server Data from Backup
Chapter 13: Risk Management
Organizational Security Policies
- Personnel Policies
- Managing Third Parties
- Data Protection and Policies
- Credential and Organizational Policies
Risk Management
- Risk Types and Tolerance
- Analyzing Risks
- Business Continuity Planning
- Email Security
- Protecting a Client from Spam
- Securing an Email Server
- Securing Accounts on an iPad
Chapter 14: Governance and Compliance
Audits
- Audit Facts
- Auditing the Windows Security Log
- Auditing Device Logs
- Enable Device Logs
Controls and Frameworks
- Control Categories and Types
- Security Frameworks
Sensitive Data and Privacy
- Consequences of Breaches
- Information Classification
- Privacy and Responsibility of Data
- Data Destruction
- File Shredding and Hard Drive Wiping