|
|
|
Fundamentals
of Network Security
This course
provides an in-depth vendor-neutral study of network security fundamentals
and provides a comprehensive overview of network security. The course
prepares students to take the CompTIA
Security+ certification exam.
The CompTIA
Security+ Certification is rated the top entry level security exam by
Certification
Magazine. It satisfies certification requirements for Microsoft MCSA
& MCSE certifications, the Certified
HIPAA Security Specialist (CHSS) certification, and is required or
recommended as a prerequisite or program element in third-party certifications
from companies like IBM
(Tivoli), Symantec
(SCTA), the Certified Wireless
Networking Professional program (CWSP), and the Security
Certified Program. The class also provides the student a solid foundation
to continue on to the advanced class
and earn the highly coveted CISSP certification.
For more
information please see:
- CompTIA's
Security+
Review of the certification by Monster.com
- IT
Security Certifications
Information about various security certifications by Monster.com
- Building
a Career in Information Security
Information about security certifications by Certification Magazine.
- 10
Hottest Certifications for 2004
CertCities rates the Security+ one of the Top 10 IT Certifications for
2004 & again for 2005. For 2004 it rated the Security+ equal
to the CCIE.
- Certifiably
Secure: More Reasons to Consider Security+ at the Entry-level
Certification Magazine lists more reasons for earning the Security+
certification.
- Network
Security Positions #1 in Demand and Average Salaries.
According to a recent salary survey on Computerjobs.com, Network Security
professionals earn the highest average salaries and are in greatest
demand of all IT fields.
- Paying
Off Nicely- CertMag’s 2003 Salary Survey
IT Professionals that specialize in security earned an average of $73,000/yr
during 2003.
- It
Pays to Certify
By Network World & Global Knowledge
Discusses the benefits of security certification, and how it can boost
your salary, job security, and career opportunities. Includes information
on Security+, SSCP, and CISSP certifications.
- Information
security field to grow steadily
Network World Fusion
The demand for qualified security professionals is growing at 14-18
% per year compared to a 5% to 7% growth in IT jobs in general. Security
professionals have also experienced growth in job prospects, career
advancement, higher base salaries and salary premiums for certification
at faster rates than other areas of IT.
- Full-Speed
Ahead: The Demand for Security Certification
CertMag, April 2005
The demand for quality trained security administrators is growing fast.
Security administrators need to validate their skills through certification,
and those with certifications are experiencing the most career growth.
| Don't forget to show up on the first day of class. If enough students
don't show up on the first day, the class will be cancelled. |
Description:
The class
is broken down into five sections. General Security Concepts covers
authentication methods along with common network attacks and how to safeguard
against them. Communication Security includes remote access, e-mail,
the Web, directory and file transfer, and wireless data. Infrastructure
Security explores various network devices and media, and the proper
use of perimeter topologies such as DMZs, Extranets, and Intranets to
establish network security. Cryptography basics are provided, including
the differences between asymmetric and symmetric algorithms, and the different
types of PKI certificates and their usage. Operational/Organizational
Security is discussed as it relates to Physical security, Disaster
Recovery, and Business Continuity, as well as coverage of Computer Forensics.
Objectives:
- Describe network security by listing possible security threats and
their ramifications and goals of network security.
- Create strong passwords and password policies.
- Describe authentication protocols including CHAP and Kerberos. Use
PKI certificates to secure authentication and transmission of data.
- List and explain in your own words each of the following types of
attacks: DoS, ping-of-death, spoofing, man-in-the-middle, replay attacks,
and TCP session hijacking.
- List the major types of attacks used against encrypted data.
- List three types of social-engineering attacks and explain why they
can be damaging.
- List the major types of malicious software and identify a counter
measure for each one.
- Implement secure remote access using RADIUS, TACACS+, PPTP, L2TP,
SSH, and IPSec.
- Describe the need for secure email. Outline the benefits of PGP and
S/MIME. Explain the dangers posed by email hoaxes and spam, as well
as actions that can be taken to counteract them.
- Describe and implement the features of web security including: SSL/TLS
and the associated HTTPS protocol.
- Describe the vulnerabilities of JavaScript, Active X, cookies, CGI,
applets, SMTP, and how they are commonly exploited.
- Implement more secure enterprise directory management using LDAP.
- Implement S/FTP to secure file transfer through the internet.
- Describe the implementation steps for secure wireless data transfer
using WAP, WTLS, and WEP.
- Describe instant messaging and the security risks and vulnerabilities
of such a service.
- Describe the purpose of a firewall and the different kinds of firewall
technology available on the market.
- Implement security through ACLs on routers, switches, and other networking
hardware.
- List he various type of network media. Describe how to physically
protect transmission media adequately.
- Demonstrate how to maintain, backup, and restore stored data.
- Describe the features of a virtual local area network. Set up a encrypted
tunnel between two hosts.
- List the differences between host-based and network-based intrusion
detection systems.
- Implement a security baseline by using OS/NOS hardening (modify default
configuration to make it more secure).
- Describe some of the biometric techniques for securing equipment and
data.
- List some basic computer forensics techniques.
Prerequisites:
- CS180
- Network Operating Systems
There are
no mandatory prerequisites for this class, however, the student should
be comfortable using Windows client operating systems and have a basic
understanding of TCP/IP networking. To get the most from the class, it
is recommended that the student have experience administering Windows
or Unix/Linux hosts or Cisco routers and switches.
Career
Opportunities:
The Network
Security course advances students on a career path toward the following
occupations: Network Security Analyst, Senior Systems Analyst, and Systems
Architect. For higher education bound students, this course prepares them
for Electrical Engineering or Computer and Management Information Systems
Degree Programs.
 |
