CISS Training

 CISS Training

Become CISS – Certified IT Security Specialist by covering the following topics:

Security and Hacking Myths Debunked

Beginner to Advanced IT Security

Microsoft Windows Threats and WiFi Weaknesses

Current Black-Hat Threats and Trends

Designing More Secure Networks

Encrypted Data, Identify Spoofing, and Windows Authorization

IT Security Academy Exam Preparation

Boost Network Security and Identify Weaknesses

Certified hackers identify network security threats to prevent criminal hacking attempts. The best way to do this, is to understand how cyber criminals evaluate and test your network for vulnerabilities.

Contents and Overview

This course is designed for anyone seeking a career in IT security, as well as programmers and technology enthusiasts who want to develop hacking and prevention skills. A basic understanding of IT and infrastructure is recommended but not required.

With 239 lectures and over 23+ hours of content, you will start with the basics of IT security and progress to the advanced curriculum in a matter of days.

Who is the target audience?

Future IT Sec Professionals

IT Students

Programmers

IT enthusiasts

Introduction to Current Cyber Threats

IT Prehistory

Let’s look a few years back

Cyber crimes - an evolution not revolution

Popular myths about IT security - origins

Myths #1 - you’ll never be hacked

Myths #2 - you don’t need any protection software or hardware

Myths #3 - IT security is always a priority

Popular Myths About Computer System Security - notes for the examination

Trends in IT Security

The birth of technology society

EXERCISE: How much info can you gather?

Fake identity

Online privacy

Analyzing sniffing software

Cyber War

Changing IT Security Trends - notes for the examination

Objective #1 - Data security - Introduction

Confidentiality of data

EXERCISE: Finding confidential data with search engines

Integrity of data

Data security - notes for the examination

Computer Network Security

Network security - introduction

OSI MODEL #1 - Physical layer

OSI MODEL #2 - Data link layer

Threats: MAC spoofing

Threats: ARP Poisoning

EXERCISE: Data Link Layer Attack

OSI MODEL #3 - Network layer

TCP Tunnelling over ICMP

Network Protocols - notes for the examination

OSI MODEL #4 - Transport Layer

Threats: Enumerating Remote Computers

EXERCISE: Transport Layer Attack using METASPLOIT part 1

EXERCISE: Transport Layer Attack using METASPLOIT part 2

OSI MODEL #5 - Session Layer

Transport Protocols - notes for the examination

OSI MODEL #6 - Presentation Layer

OSI MODEL #7 - Application Layer

EXERCISE: Application Layer Attacks

Kali Linux: Attack Demonstration

Man-in-the-Middle and Denial of Service Attacks

Modifying Transmitted Packets

Unencrypted protocols

Application Protocols - notes for the examination

–

Designing Secure Computer Networks

Designing Computer Networks - introduction

Subnetting IPv4

Subnetting IPv6

Subnetting - notes for the examination

IPv6 address notation

DMZ: demilitarized Zone

Protocols and services: IP SEC

IP SEC: Phase 1

Network Address translation

Network access control: RADIUS

Protocols and Services - notes for the examination

–

Network administration

Introduction to Monitoring Transmitted Data

Monitoring Transmitted Data - Basic informations

Intrusion detection systems

Why are firewalls and NDIS not enough?

Wireshark - Introduction to network analysis

How to use Wireshark?

Analyzing Captured data

How to analyze telnet protocol?

Intrusion detection

Scanning computers

Monitoring transmitted data - notes for the examination

Wireless Networks Security

Wireless Networks

WIFI security solutions - introduction

WIFI - working principles

Other wireless technologies

Threats and risks

Ineffective solutions

Authentication methods

802.11 WEP

802.11I WPA

Standards and Security Solutions - notes for the examination

Threats of WIFI networks

Client Attacks: Launching a rogue access point

Client Attacks: Evil twin

Client Attacks: Denial of service

EXERCISE: WPA attack

Wi-Fi Security Threats - notes for the examination

–

Operating Systems Security

Operating systems security - introduction

Security boundaries

Three core

EXERCISE: OS boundaries

Process isolation

Kernel Mode Code Signing

Java Virtual Machine and code access security

OS Security Boundaries - notes for the examination

Malware

EXERCISE: Vulnerability attacks

EXERCISE: Identifying suspicious processes

Demonstration: Process Explorer

EXERCISE: Removing malware

Rootkits

EXERCISE: Detecting rootkits

EXERCISE: Security evaluation

Malware - notes for the examination

–

Access Control

Authentication and authorisation - Introduction

Authentication users

How secure is your password?

Authentication protocols and services

Authentication - notes for the examination

LM Hash

Cached Credentials

KERBEROS

Identity Theft

EXERCISE: Offline attacks

Using online cracking services

Identity Theft - notes for the examination

Windows Security

Windows Security - what you’ll learn

User Account Control

UAC configuration

Additional Security Features - ASLR and DEP

PatchGuard

Techniques and Methods - notes for the examination

Encryption - key protection

Drive encryption

BitLocker

BitLocker To Go Reader

File and folder encryption - EFS

EXERCISE: EFS

Encryption - notes for the examination

Security Policies

Security policies – introduction

What is security?

Information security

Information security - level up

Security issues

Why are security solutions fallible?

Security policy issues

Introduction to threat modelling and classification

Threat modelling - STRIDE

STRIDE: Spoofing identity

STRIDE: Tampering with Data

STRIDE: Denial of Service

–

Risk Management

Introduction to Risk Management

Attack methods

Local attacks

Target scanning and enumeration techniques #1

Target scanning and enumeration techniques #2

Passive scanning

Attack Methodologies - notes for the examination

Introduction to risk assessment

DREAD: Risk assessment model

DREAD: Exploitability

EXERCISE: Risk Assessment

Risk Assessment - notes for the examination

Introduction to Social Engineering and rogue software

Manipulation tactics

EXERCISE: Social Engineering attacks

SE with KALI / BackTrack

Rogue Software

Fraud tools 

Social Engineering and Rogue Software - notes for the examination

-

Defence in Depth

Introduction to Defence in Depth

How to use Defence in Depth model?

DiD: OS and LAN Layers

DiD: Perimeter and Physical Access Layers

DiD: Demonstration

Automated attack targeting a service

Automated user-targeting attack

The Defence in Depth Model - notes for the examination

Introduction to Immutable laws of security - Law #1

Laws for administrators

Immutable Laws of Security - notes for the examination

-

Disaster Recovery

Introduction to Disaster Recovery

How to reduce losses?

Ensuring continous availability

Threat discovery 

Audit users and keep control accounts

High risk users

Collecting and analysing evidence

Forensics example

CONFICKER: CASE STUDY

How to reduce losses - notes for the examination

Application Security

Introduction to Application Security

Attacks on applications

SQL Injection

EXERCISE: Analyze the application

Blind SQL Injection

Automated SQL Injection

Cross-site scripting - XSS

Application Attacks - notes for the examination

Program security assessment

Unsafe applications

Application Security - Configuration and Management

Here’s what you’ll learn in this module

Managing applications

Software updates

MS Update

System Center Configuration Manager

Blocking applications

Software restrictions policies

EXERCISE: Application control rules

Isolating applications

How to protect users without interrupting their work - notes for the examination

-

Cryptography

Introduction to cryptography

History of ciphers

Symmetric and asymmetric ciphers

Symmetric-key algorithms

Block ciphers

Data encryption standard

DES-X

Advanced encryption standards

Block cipher modes

Stream Ciphers - RC4

Asymmetric-key algorithms

RSA

ELGAMAL

HASH functions

Digital signature

Hybrid Schemes

Symmetric and Asymmetric Ciphers - notes for the examination

-

Public Key Infrastructure

Introduction to cryptology

Public key infrastructure

Implementing public key infrastructure

What will PKI allow you?

EXERCISE: Certificates

Planning the PKI

Certificate life cycle

PKI Administration

Threat Modelling and Classification - notes for the examination

Public Key Infrastructure - Trust but verify - notes for the examination

-

Prepare for the examination

Answer sample questions which you can find during the examination