Take your IT Security Knowledge to the next level with our Security Leadership Officer Course

Our Certified Security Leadership Officer (CSLO) course is a vendor-neutral certification designed for mid and upper-level managers who are seeking to increase their knowledge in the IT security field. This certification is offered by Mile2 and designed to provide students an essential understanding of current security issues, best practices, and technology.

A CSLO certified professional can be seen as the bridge between the cyber-security and business management teams. The course covers fundamental topics such as networking, applications management, hardware architecture, information assurance, security policies, contingency planning, and business continuity.

This comprehensive Certified Security Leadership Officer (CSLO) course is a preparatory course for the official CSLO certification offered by Mile2. It covers topics such as security management, risk management, encryption, information security - access control concepts, incident handling and evidence, operations security, and network security.

Exam Information

The Certified Security Leadership Officer exam is taken online through Mile2’s Assessment and Certification System (“MACS”). The exam approximately takes 2 hours and consist of 100 multiple choice questions. 

What is included in our Certified Security Leadership Officer Course?

• Learn the fundamentals of Security Leadership Officer
• Comprehensive 7 module Accredited Certificate In Security Leadership Officer Online Course
• Study along with simple instructions & demonstrations
• Written and developed by leading Security Leadership Officer experts
• Receive one-on-one online help & support
• Unlimited, lifetime access to online course
• Certificate of completion
• Study at your own pace with no rigid class timetables, 24/7 from any computer or smart device

Certified Security Leadership Officer Course - Requirements

The Certified Security Leadership Course is delivered 100 percent online 24/7.

To successfully complete this course, a student must:

• Have access to the internet and the necessary technical skills to navigate the online learning resources
• Have access to any mobile device with internet connectivity (laptop, desktop, tablet)
• Be a self-directed learner
• Possess sound language and literacy skills

Quick Course Facts

1. Course content is structured for easy comprehension
2. Registered students gain unrestricted access to the Certified Security Leadership Officer Course
3. All course material is available online 24/7 and can be accessed using any device
4. Study online from anywhere in your own time at your own pace
5. All students who complete the course will be awarded with a certificate of completion

For any additional questions please see our comprehensive FAQS tab above.

Certified Security Leadership Officer Course Outline

Security Management

Security Management Part 1 

Agenda:

• Understanding Security
• Information Security Management System (ISMS)
• Roles and Responsibility
• Security Frameworks
• Human Resources

What is Information Security?

Security is defined as protection against any danger, damage, loss, or crime.

The Information Security Triad

• Availability
• Integrity
• Confidentiality

The Role of the CSLO

• Governance
• Oversight
• Advice on security issues
• Risk Management

Business Goals and Objectives

Corporate governance refers to the collection of roles and procedures carried out by the board of directors and senior management.

Vision

• Vision
• Mission
• Values

Understanding the Business

Every company is unique. Security must consider and support the organization’s priorities, purpose, and strategic strategy.

Overview of Governance

IT encryption is just one aspect of information security. Information must be safeguarded at all organizational levels and in all ways.

Importance of Information Security 

Benefits of Effective Information Security Governance include:

• Improved trust in customer relationships
• Protecting the organization’s reputation
• Better accountability for safeguarding information during critical business activities

The First Priority for the CSLO

It is important to remember that information security is a business-driven operation.

Outcomes of Governance

The Six Basic Outcomes of Effective Security Governance:

• Strategic alignment
• Risk management
• Value delivery
• Resource management
• Performance measurement
• Integration

Performance and Governance

Governance is only feasible where metrics for measuring, monitoring, and reporting are in place.

Organization of IT Security

• Manager that has primary responsibility for security
• Reporting relationship
• Regular reporting

Developing a Security Strategy

Information Security Strategy

• Long term perspective
• Standard across organization
• Aligned with business strategy/ direction

Elements of a Strategy

A security strategy needs to include:

• Resources needed
• Constraints
• A road maps

Objectives of Security Strategy

The objectives of an information security strategy must be defined, supported by metrics, and provide guidance.

The Goal of Information Security

The goal of information security is to protect the organization’s assets, individuals, and mission.

Defining Security Objectives

The information security strategy forms the basics for the plan of action required to achieve security objectives. The long-term objectives describe the “desired state”. Should describe a well-articulated vision of the desired outcomes for a security program. 

Business Linkages

Business linkages: 

• Starts with understanding the specific objectives of a particular line of business
• Take into consideration all information flows and processes that are critical to ensuring continued operations
• Enable security to be aligned with and support business at strategic, tactical, and operational levels

Business Case Development

The business case for initiating a project must be captured and communicated:

• Reference
• Context
• Value Proposition

Security Budget

• Top down
• Bottom up
• Negotiated
• Win-win

Valuations

• Income cost valuation
• Liquidity valuation
• Market penetration pricing
• Depreciation

Security Program Priorities

• Achieve high standards of corporate governance
• Treat information security as a critical business issue

What is Security?

A structured deployment of risk-based controls related to:

• People 
• Processes
• Technology

Security Integration

Security needs to be integrated into the business processes. The goal is to reduce security gaps through organizational-wide security programs.

Security Program

• Start with theory and concepts
• Interpreted through procedures, baselines, and standards
• Measured through audit

Security Management Part 2 

Security Program

• Start with theory and concepts
• Interpreted through procedures, baselines, and standards
• Measured through audit

Architecture

Information security architecture is similar to physical architecture. Architecture is planning and designing to meet the needs of the stakeholders. Security architecture is one of the greatest needs for most organizations.

Information Security Frameworks

Framework:

• Template
• Structure
• Measurable/Auditable

Using a Framework

Effective information security is provided through adoption of a security framework.

• Defines information security objectives
• Aligns with business objectives

The Desired State of Security 

The “desired state of security” must be defined in terms of attributes, characteristics, and outcomes.

Using the Balanced Scoreboard

The Four Perspective of the Balanced Scoreboard

• Financial
• Internal Business Processes
• Learning and Growth
• Customer

Setting Up a Security Program Agenda

Key Factors:

• Senior Management Support
• Align with a Security Framework
• Program Management

Senior Management Support

• Policy
• Budget
• Resources
• Authority

Align with Security Framework

• ISO 27001
• ISO 27002
• COBIT 
• ITIL
• SABSA

ISO/IEC 27001- The ISMS

The International Standard has been prepared to provide a model for:

• Establishing 
• Implementing

Integration

The ISMS must be part of, and integrated with, the organization’s processes and overall management structure. Information is considered in the design of processes, information systems, and controls.

Suitable for Organizations of all Sizes

An information security management system’s implementation will be scaled in accordance with the needs of the organization.

COBIT 4.1

The process areas of COBIT 4.1 are:

• Strategic alignment
• Value delivery

COBIT 4.1 Phases

• Plan and Organize
• Acquire and Implement
• Deliver and Support
• Monitor an Evaluate

Deming and Quality

• Book “Out of Crisis”
• Aim was quality at reasonable cost
• Process Improvement
• 14 Quality Points

Ethics

Seven Signs of Ethical Collapse

• Pressure to maintain numbers
• Fear and silence
• Young ‘uns and a bigger than life CEO
• Weak board of directors
• Conflicts of interest overlooked or unaddressed 
• Innovation like no other company
• Goodness in some areas atones for evil in others

Fraud

• Management’s responsibility
• Separation of duties
• Job rotation

Good to Great

• Level 5 Leadership
• First Who, Then What
• Confront the Brutal Facts

Seven Habits of Highly Effective People

• Think Win-Win
• Seek First to Understand, then to be Understood
• Sharpen the Saw

Hiring and Employment

• Qualified Staff
• Interviews

Employment

• Development Plan
• Removal of Access on Departure

Culture

• Greetings and human interaction
• Language
• Saving face

Security Management Part 3 

Four P’s of Marketing

• Price
• Product
• Promotion
• Position

Negotiating 

• BATNA- best alternative to negotiated agreement
• Integrative bargaining
• ZOPA- zone of possible agreement

Intellectual Property

• Trade secrets
• Patents
• Copyrights
• Trademarks

Protecting IP

• NDAs
• Non-compete
• Control over publicly released information

Attacks on IP

• Cybersquatting
• Insider threats
• Steganography and encryption
• Corporate espionage

OECD Privacy Principles

• Collection Limitation Principle
• Data Quality Principle
• Purpose Specification Principle
• Use Limitation Principle

PII and PHI

• PII- Personally Identifiable Information
• PHI- Protected Health Information

Awareness Training

• NIST SP800-50
• Structuring an Agency Awareness and Training Program
• Conducting Needs Assessment

Purpose of Awareness Training

• Change behaviors of personnel
• Due diligence
• Due Care 
• Liability

Risk Management

Risk Management Part 1 

Risk is the effect of uncertainty on objectives.

• Effect is a deviation from the expected

Risk Cont.

Risk is often characterized by reference to potential events and consequences, or a combination of these.

Risk Management

• Risk Assessment
• Risk Treatment
• Risk Monitoring

Define a Risk Assessment Approach

The risk assessment methodology selected shall ensure that risk assessments produce comparable and reproducible results. 

• Suited for the business
• Acceptable levels of risk

Risk Factors 

• Assets
• Threats
• Vulnerabilities
• Impact
• Likelihood
• Controls

 Enterprise Risk Management

Risk should be calculated consistently across the enterprise.

• Repeatable
• Comparable

Risk

Risk must be measured according to the potential impact on business goals and objectives, not just in relation to IT related risk events.

Risk Assessment

• Identifies risk
• Prioritizes risk
• Justifies controls

Risk Analysis

• SWOT
• Cost/benefit
• Weakness gap
• Threat gap
• Benchmarking
• Best practices
• Sources

Quantitative Risk

Risk expressed in terms of monetary impact and often calculated as cost of annual risk.

Qualitative Risk

• Risk based on rankings
• Requires input from all stakeholders
• Uses scenarios to describe risk events
• Example methodologies

What is the Value of an Asset?

An asset’s value is calculated by reviewing:

• Cost
• Role of the asset in the company

What is a Threat Source/ Agent?

Threat Agent/ Source:

• Entity that can adversely act on assets
• Internal threat agents
• External threat agents
• Equipment/ Utility failure
• Natural event

What is a Threat?

A threat consists of an adverse action performed by a threat agent on an asset.

Risk Management Part 2 

What is Vulnerability?

Vulnerability is a weakness that can be used to exploit an asset.

Assess and Evaluate Risk

• Security Failure
• Impact
• Level of Risk
• Likelihood 

Result of Risk Assessment

List of risks:

• Priorities
• Risk Register

Inputs to Risk Treatment

The output of risk assessment drives the selection of the appropriate risk treatment option.

Risk Definitions

• Risk Treatment
• Risk Acceptance
• Residual Risk

Risk Treatment

• Mitigate/Reduce
• Accept
• Avoid risk
• Transfer associated risk

Definition of Controls

Control means managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be of administrative, technical, management, or legal nature.

“Soft” Controls

 Administrative Controls

• Policies, procedures, standards, guidelines
• Employee management
• Testing and drills

Technical or Logical Controls

• Firewalls
• IDS
• Encryption

Physical Controls

• Doors, windows, walls
• Security guards and dogs
• Fencing and lightin

Control Usage

• Directive
• Deterrent
• Preventive

Implementation of Controls

Risk Treatment/ Selection of Controls

• Establish the criteria for acceptable risk
• Ensure that residual risk is less than acceptable risk
• Total Risk – Controls = Residual Risk

Comparing Cost and Benefit

Cost/ Benefit Analysis

• The annualized cost of countermeasures should not be more than potential losses

Cost of a Countermeasure

• Purchase amount
• Cost of maintenance
• Negative effects on production environment
• Man-hours to maintain

Appropriate Controls

• Balance security with business
• Based on risk
• Cost-effective

Documentation

The organization must demonstrate due diligence and document risks and justification for risk response.

Statement of Applicability

• The control objectives and controls selected and the reasons for their selection
• The control objectives and controls currently implemented
• The exclusion of any control objectives and controls and the justification for their exclusion

Encryption

Encryption Part 1 

Encryption

Encryption allows data to be stored, transmitted or displayed in a secure format- unreadable except to authorized personnel.

Key Elements of Encryption Systems

• Encryption algorithm
• Encryption key
• Key length

Security of the Key

The strength of a cryptosystem is dependent on the secrecy of the key, not the secrecy of the algorithm. Key management is often the weakest link in a cryptographic implementation.

Cryptographic Functions 

Converts a plaintext message into a form of ciphertext using a key known only to authorized personnel.

XOR Function

• XOR is a critical component of most cryptographic functions
• Binary addition

Symmetric Encryption

• Use the same key to both encrypt and decrypt a message
• Characteristics
• Examples

Asymmetric Algorithms

• Mathematically related key pair
• Benefits 
• Disadvantages
• Examples

Hashing Algorithms

• Used for message integrity
• Examples
• Compute a fixed length value from a variable length message

Encryption Part 2

Digital Signatures

Digital signatures are created by signing a hash of a message with the private key of the sender.

Digital Envelope

• Used to send encrypted information and the relevant key along with it
• The message to be sent can be encrypted by using either asymmetric key or symmetric key
• Examples 

Public Key Infrastructure (PKI)

• Digital certificates
• Certificate authority
• Registration authority
• Certificate revocation list
• Certification practice statement

Certificates

• Link a public key to its owner
• Used to validate websites, digital signatures
• Issued by a Certificate Authority

Uses of Encryption in Communication

• Secure sockets layer (SSL)/ Transport Layer Security (TLS)
• Secure Hypertext Transfer Protocol (S/HTTP)
• IP security (IPSec)

Auditing Encryption Implementations

Key Management 

• Storage 
• Changing keys
• Strong keys

Steganography

Hiding a message is burying a message in a file, video, picture, random noise.

Cryptographic Attacks

• Known plaintext
• Ciphertext only

Information Security - Access Control Concepts

Information Security - Access Control Concepts Part 1 

Information Security Concepts (Agenda)

• Information Classification
• Access Control
• Critically
• Sensitivity
• Trust Models

Information Asset Classification

• Need to know what information to protect
• Need to know who is responsible to protect it

Critically

• How much is the ability of the organization to deliver its products and services dependent on information and information systems
• This is measure of the critically of the resource

Sensitivity

• How much is the organization dependent on the accuracy or confidentiality requirements for information and information system.

Regulations and Legislations

• Information asset protection may be required by legislation

Asset Valuation

• Financial considerations
• Reputation

Valuation Process

• Determine ownership
• Determine number of classification levels

Information Protection

• Ensure that data is protected consistently across all systems
• Project data in all forms
• Protect data at all time

Storing, Retrieving, Transporting and Disposing of Confidential Information

Policies required for:

• Backup files of databases
• Databases
• Disposal of media previously used to hold confidential information

Information Asset Protect

• Policies
• Procedures

Access Control

Controlling who and what has access to the facilities, systems, people and data of the organization.

• Ensuring the right people have the right level of access

Identification

• Access control starts with knowing who or what is accessing our systems, data, facilities, or other resources
• Removed when no longer required

Authentication

Validating the claimed identity.

• Knowledge
• Ownership
• Characteristic

Password Policy

• Length
• Mixture of characters and numbers
• Not written down

Information Security - Access Control Concepts Part 2 

Biometrics

• Access is controlled by physical characteristics
• Acceptability by users
• Throughput

Authorization

It is granting the authenticated used the correct level of permissions needed.

Authorization Best Practices

• Least privilege
• Need to know
• Separation of duties
• Job rotation

Accounting/ Auditability

• Logging, monitoring and tracking of activity
• Ability to associate activity with a specific user
• Audit log

Trust Models

• Multi-level security
• Domains of trust
• Security perimeters
• Trusted links between systems

Centralized Administration

• Single sign on
• Kerberos
• RADIUS/ TACACS+

Discretionary Access Control

Access is granted at the discretion of the resource owner.

Mandatory Access Control

• Higher level of access control
• Access is still granted by the owner but must be compliant with policy

Role Based Access Control

Access is granted according to job roles and functions.

Technologies- Access Control Lists

• Designate levels of access according to users, processes
• Based on either the rights of the users or the protection levels accorded to the protected resource

Incident Handling and Evidence

Incident Handling and Evidence Part 1 

Definition

Incident management will ensure that incidents are detected, recorded and managed to limit impacts.

• Incident
• Incident Management
• Incident response

Goals of Incident Management and Response

The goals of incident management and response include:

• The ability to deal effectively with unanticipated events
• Detection and monitoring capabilities to alert staff of a potential incident

History of Incidents

Past incidents provide valuable information on risk trends, threat types, and business impact due to an incident.

Security Incident Handling and Response

• Planning and preparation
• Detection
• Initiation
• Recording
• Evaluation

Evidence Handling

• Obtain all evidence associated with an incident
• Chain of Custody

Best Evidence

• Real
• Direct
• Relevant
• Not hearsay
• Legally obtained

What is an Incident- Intentional

• Malicious code
• Unauthorized access to IT systems, facilities, information
• Unauthorized use of resources

What is an Incident- Unintentional

• Equipment failure
• Utility failure
• Software bugs

Malware

• Virus
• Worm
• Trojan

Attack Vectors

• Phishing
• SPAM
• Man in the Middle

Incident Handling and Evidence Part 2 

Information Warfare

• Espionage
• Backdoors
• Malicious code

Incident Management and Response

• Incident Response Planning
• Business Continuity Planning
• Disaster Recovery Planning
• Recovery of IT Systems

Developing Response and Recovery Plants

Factors to consider when developing response and recovery plans include:

• Available resources
• Expected service levels

Incident Management and Response

• Incident detection capabilities 
• Clearly defined severity criteria

Incident Response Functions

• Detection and reporting
• Triage
• Analysis
• Incident response team skills

Incident Management Technologies

• Monitor and consolidate inputs from multiple systems
• Identify incidents or potential incidents
• Prioritize incidents based on business impact

Responsibilities of the CSLO

• Developing the information security incident management and response plans
• Handling and coordinating information security incident response activities

Crisis Communications

One of the greatest challenges in a crisis is effective communications.

Challenges in Developing an Incidents Management Plan

• Lack of management buy-in and organizational consensus
• Mismatch to organizational goals and priorities

When an Incident Occurs

• The incident response team should follow the procedures set out in the incident response plan
• Properly document all information related to the incident

During an Incident

• Retrieving information needed to confirm an incident
• Determining the degree of loss, modification or damage
• Restore critical services

Containment Strategies

During an incident it is critically important to contain the crisis and attempt to minimize the amount of damage that occurs.

The Battle Box

Preloaded kits containing the tools and support materials needed by the response team in a crisis.

Evidence Identification and Preservation

The CSLO must know:

• Requirements for collecting and preserving evidence
• Rules for evidence, admissibility of evidence, and quality and completeness of evidence

Incident Handling and Evidence Part 3 

Post Event Reviews

Post Event reviews allow lessons learned to be applied to future incidents.

Business Continuity and Disaster Recovery Planning

Disaster Recovery Planning (DRP) and Business Recovery Processes

• Disaster recovery has traditionally been defined as the recovery of IT systems from disastrous events.
• Business recovery is defined as the recovery of the critical business processes necessary to continue or resume operations

Development of BCP and DRP

Each of these planning processes typically includes several main phases including:

• Risk and business impact assessment
• Response and recovery strategy definition

Plan Development

• Pre-incident readiness
• Evacuation procedures

Recovery Strategies

Recovery strategies must be sustainable for the entire period of recovery until business processes are restored to normal.

Basis for Recovery Strategy Selections

Response and recovery strategy plans should be based on the following considerations:

• Interruption window
• RTOs
• RPOs

Disaster Recovery Sites

Types of offsite backup hardware facilities available include:

• Hot sites
• Warm sites
• Cold sites

Incident Handling and Evidence Part 4 

Recovery of Communications

Recovery of IT facilities involves telecommunications and network recovery.

Plan Maintenance Activities

The BCP and DR plans must be maintained though:

• Developing a schedule for periodic review and maintenance of the plan
• Updating the plan whenever significant changes have occurred

BCP and DRP Training

• Training must be provided for all staff dependent on their responsibilities
• Develop a schedule for training personnel in emergency and recovery procedures

Techniques for Testing Security

• Vulnerability Scanning
• Penetration Testing

Vulnerability Assessments

Discover potential weaknesses or gaps in the security controls:

• Open ports or services
• Lack of training

A vulnerability assessment can include assessing:

• Network visibility and accessibility
• Information leakage

Assessment tools

• Scans

Penetration Testing

• Attempt to exploit a perceived vulnerability
• Can be done by external or internal testing teams
• Risk of system
• Areas to test

Operations Security

Operations Security Part 1 

Operations Security

• Monitoring of systems
• Maintenance of system
• Procedures

Administrator Access

Administrators have a privileged access level.

• Separation of duties may be difficult
• Often requires the use of compensating controls

Operational Assurance

• The product must be implemented according to the design
• The product must meet, and continue to meet throughout its lifecycle, the specified security requirements

Some Threats to Computer Operations

• Physical facility or system attacks
• Internal fraud
• Loss of system and network capabilities

Specific Operations Tasks

• Antivirus Software

Data Leakage- Object Reuse

• More than one subject uses the same media
• Two or more processes using the same memory segment

Object Reuse

• Degaussing
• Zeroization
• Physical destruction

Records Management

Record Retention:

• Different industries have specific rules and time requirements for keeping company documentation
• Legislated retention periods

Change Control

Configuration Management

• Changes must be approved through a change control process
• Ensures that the changes to production systems are done properly

Controlling How Changes Take Place

Change Control Process

• A formal process to ensure that changes are approved, tested, and documented
• Without proper change control, a project can be never-ending, and confusion can set in pertaining to who did what and when

Operations Security Part 2 

Trusted Recovery

Operating System Response to Failure

• Resort to a more secure state
• System reboot

Redundant Array of Independent Disks (RAID)

• Level 0
• Level 1
• Level 2
• Level 3
• Level 4
• Level 5

Business Continuity

Phase of Plan

• Project initiation
• Business Impact Analysis
• Strategy development
• Plan development
• Implementation
• Testing
• Maintenance

BCP Risk Analysis

Business Impact Analysis

• Identify company’s critical business functions
• Identify resources these functions depend upon

Identify Vulnerabilities and Threats

Threat Types

• Man-made
• Natural
• Technical

Interdependencies

• How Do You Get a Company Back Up and Running?

Identifying Functions’ Resources

• Which Items are Critical for Certain Functions to Run?

Calculating MTD

• Each Function and Resource Must Have an MTD Calculated

Recovery Point Objective

• Calculation of maximum data loss
• Determines backup strategy
• Defines the most current state of data upon recovery

Facility Backups- Hot Site

• Other Facilities

Facility Backups- Warm Site

• Ready for data processing in a day or longer
• Some peripheral devices
• Less expensive than hot sites

Facility Backups- Cold Site

• Empty building
• No requirement
• Less expensive

Priorities

• The goal of the plan is to protect people, followed by the company and its things 
• The safety of people must always come first when developing and carrying out this plan

Operations Security Part 3 

Secure Programming

• Input data validation
• Stored procedures
• Internal balancing
• Error handling

Programming Errors

• Rounding
• Multiple paths to information
• Trapdoors, wormholes, maintenance hooks
• Privacy breaches

Common Gateway Interface

• A server-side interface for initiating software services
• CGI is a method of manipulating data passed to a website
• Allows for interactive website that process user input

Cookies

Use of Cookies

• Piece of information sent by a web server to a user’s browser
• Also can allow for an HYYP connection to be stateful in nature

Virtual Systems

• Hypervisor security
• Data location
• Scalability
• Access control permissions

Virtualization- Type 1 

Type 1 hypervisors are software system that run directly on the host’s hardware to control the hardware and to monitor guest operating systems.

Virtualization- Type 2

Type 2 hypervisors are software applications running within a conventional operating- system environment.

Technologies- Databases and DMBS

• Databases
• Database Management System (DBMS)

Facilities

• Secure operational areas
• Consider factors

Facilities Security

Physical controls may include:

• Smart cards or access controls based on biometrics
• Security cameras
• Security guards

Environmental Security

• Heating, ventilation, and humidity controls
• Reliable power supplies

Physical Access Issues and Exposures

Possible perpetrators include employees who are:

• Disgruntled
• On strike
• Threatened by disciplinary action or dismissal

Controls for Environmental Exposures

• Alarm control panels
• Water detectors
• Handheld fire extinguishers

Electrical Problems

Power failures:

• Total failure
• Severely reduced voltage

Knowing Network Security

Knowing Network Security Part 1

Network Topologies- Physical Layer

Network Topology

• Physical connections of systems and devices
• Architectural layout of network

Topology Types

• Bus 
• Ring

OSI Model

Purpose of Model

A model that explains how networking takes place and is used to architect network services and protocols.

Data Encapsulation

Each layer adds its own information to the message as it travels down the network stack.

Protocols at Each Layer

• OSI Layer
• Protocols

Devices Work at Different Layers

• Repeater = Physical Layer
• Bridge = Data Link Layer
• Router = Network Layer
• Computer = Application Later

Technology-based Security

• Many technologies available are used to implement controls
• Have controls built into their implementation

Technologies

• There are numerous technologies relevant o security to be familiar with
• Operate as a form of layered defense

Security Management Report Tools

• Management support technologies
• Are often used by information security group independently of information technology

Defense in Depth

• Layers of defense
• Security architecture
• Breaches of the perimeter

Repeater

• Repeater Characteristics

Switch

• Switch Characteristics

Virtual LAN

VLAN

• Logical containers used to group users, systems, and resources
• Used in switches
• Each VLAN can have its own security policy

Router

• Router Characteristics

Gateway

• Gateway Characteristics

Bastion Host

Hardened System

• Disable unnecessary accounts
• Disable unnecessary services
• All system in the DMZ should be baston hosts

Network Security Architecture

• Network Segmentation
• Screened-host firewall
• Dual-homed firewall
• Demilitarized zone (DMZ)

Firewalls

• Firewall general features
• Firewall types

Knowing Network Security Part 2 

Whitelisting vs. Backlisting

• Access filtering
• Which is better?
• Maintenance

Firewall Issues

• A false sense of security 
• The circumvention of firewall
• Firewall policies

Firewalls

• Firewall Types
• Firewall Characteristics

Firewall- First Line of Defense

Firewall Types- Packet Filtering

Packet Filtering

• Simplest and least expensive type of firewall
• Screening routers with a set of ACLs

Firewall Types- Proxy Firewalls

Proxy Firewall Characteristics

• Breaks connections between trusted and untrusted entities
• Acts as a middle man

Firewall Types- Circuit-Level Proxy Firewall

Circuit-Level Proxy Characteristics

• Makes access decision based on network and transport later header information
• Second-generation firewall

Firewall Types- Application-Layer Proxy 

Application-Layer Proxy Characteristics

• Access decision is based on data payload information
• Must understand the command structure of protocols

Firewall Types- Stateful

Stateful Firewall Characteristics

• Uses a state engine and creates and maintains a state table
• Third-generator firewall

Firewall Placement

• Considerations
• Types of Architectures

Firewall Architecture Types- Screened Host

Screened Host Characteristics

• The usual configuration is a router filtering for a firewall

Firewall Architecture Types- Screened Subnet

Characteristics

• A buffer zone is created by implementing two routers or two firewalls
• Provides the most protection out of the three architectures

Intrusion Detection and Prevention Systems

• Intrusion detection system
• Intrusion prevention system

IDS- Second Line of Defense

IDS/IPS Components

• Sensors that are responsible for collecting data
• An administration consoles

IDS/ IPS Featues

• Intrusion detection
• Gathering evidence on intrusive activity

IDS/IPS

• Identify and record any attempts to exploit a system by an attacker
• Be monitored and maintained daily

Intrusion Detection Policies and Processes

The security manager should understand and manage intrusion detection systems and procedures, including:

• Personnel who run and monitor intrusion detection system have adequate training
• Intrusion detection software and hardware running continuously

HIPS

Host-based IPS (HIPS) is where the intrusion-prevention application is resident on that specific IP address, usually on a single computer

Unified Threat Management

It is basically the evolution of the traditional firewall into an all-inclusive security product that has the ability to perform multiple security functions in one single appliance.

UTM Product Criteria

• Basic connectivity and scalability
• VPN traffic speed
• Appropriate intrusion detection and prevention features

TCP/IP Suite

• Protocols of the Internet

Port and Protocol Relationship

• TCP/IP Suite Usage of Ports

UDP versus TCP

• TCP
• UDP

Knowing Network Security Part 3 

Protocols- ARP

Address Resolution Protocol

• Maps the IP address to the media access control (MAC) address
• Data link layer protocols understand MAC addresses, not IP addresses

Protocols- ICMP

• Internet Control Message Protocol
• ICMP Uses by Hackers

Protocols- FTP, TFTP, Telnet

• File Transfer Protocol
• Trivial FTP
• Telnet 

Protocols- SNMP

Simple Network Management Protocol

• Master and agent model
• Agents gather status information about network device

Network Service- DNS

• Works within a hierarchical naming structure
• Hostname to IP address mapping

Nslookup

Query DNS Entries

• Free tool
• Obtain IP address

IP Addressing

• IPv4 32 bit
• IPv6 bit address

Network Service- NAT

Network Address Translation

• Invented because the public IP address space was running out
• Allows companies to use free private IP addresses

Technologies- SOAM

Email filtering to weed our unsolicited email.

Filtering and Content Management

• Date Loss Prevention (DLP)
• Web Filtering

Emerging Technologies

Be aware of emerging technologies and their impact on the information security program.

Equipment and Network Security

Security of Portable Media

• Use of approval portable devices
• Security and Audit issues

Mobile Device Security

• Access issues with mobile technology
• Control use via policy

LAN Security Issues

The Security Manager should identify and document:

• LAN topology and network design
• LAN administrator/ LAN ownership

Network Infrastructure Security

Communication network controls:

• Employ skilled administration staff
• Separation of duties

Knowing Network Security Part 4

Network Infrastructure Security cont.

Communication network controls (continued):

• Create and enforce operational procedures
• Monitor unauthorized access or activity by administrators or other staff

Client-server Security

Control techniques in place:

• Securing access to data or application
• Use of network monitoring devices
• Data encryption techniques

Internet Threats and Security

Active attacks:

• Brute-force attack
• Masquerading
• Packet replay
• Phishing

Causes of Internet Attacks

• Freely available tools and techniques
• Lack of security awareness and training
• Exploitation of security vulnerabilities

Honeypots and Honeynets

• Provide a distraction for hackers
• Record all activity

LaBrea Tarpit

LaBrea is a ‘sticky’ honeypot and IDS.

• Acquires unused IP addresses to create virtual servers
• Holds the connection to prevent the attacker from further progress

Voice-Over IP (VoIP)

VoIP security issues:

• Inherent poor security
• The key to securing VoIP

Auditing Network Infrastructure Security

• Review network diagrams and implementation
• Evaluate compliance with applicable security policies, standards, and procedures
• Identify possible attacks and misuse

IPSec- Network Layer Protection

• Developed because IPv4 has no security mechanism
• Integrated in IPv6
• Application secure channels are usually provided with SSL

IPSec

• IPSec is a set of cryptographic protocols for securing packet flow and key exchange
• Currently the only one key exchange protocol is defined, IKE (Internet Key Exchanger) protocol

SSL/TLS

• Secure Sockets Layer (SSL) and Transport Layer Security (TLS) its successor are cryptographic protocols which provide secure communications on the internet for such things as emails, internet faxing, and other data transfers

Wireless Technologies- Access Point

• IEEE standards
• Spread spectrum technologies
• Access point and wireless devices

Wi-Fi Network Types

Peer-to-Peer/ Ad-Hoc network

• No central point of communication
• Easy to set-up

802.11i- WPA2

• WPA and WPA2 are virtually identical. Both are derived from 802.11i, with WPA being an early snapshot of 802.11i

Wireless Security Threats

• Unauthorized equipment
• Misconfigured equipment
• Radio frequency management

Bluetooth

• Bluesnarfing
• Bluesjacking
• Jamming
• Security 

Recognition & Accreditation

All students who complete this course, receive a certificate of completion and will be issued a certificate via email.