Course Description (from the course website)
The Security+ exam covers six domains and this course focuses on the third domain which is ‘Threats and Vulnerabilities” domain.
- Malware
- Cyber attacks
- DNS Security
- Social engineering
- Wireless attacks
- Advanced wireless attacks
- XSS – Cross-Site Scripting attacks
- Buffer overflows
- Security testing tools
- SIEM – security information and events management
- Platform hardening and baselining
- Honeypots and honey nets
- Vulnerability scanning and pen testing
- Threat modeling
In Malware section we will define Malware categories and characteristics and talk through protective countermeasures to keep networks, systems and data safe from compromise.
There are so many different types of attacks sometimes it can be challenging to address them all within the context of our various lessons. So in the Cyber Attacks lesson I’ve pulled together some attack types that haven’t necessarily been covered in the other sections. When the internet was originally architected services such as DNS weren’t necessarily designed with security in mind. You will learn about DNS vulnerabilities, attacks and DNS Security protocols as part of the DNS Security lesson
Understand social engineering in the context of information security, which refers to psychological manipulation of people into performing actions or divulging confidential information. You will learn the basics of modern wireless security protocols, vulnerabilities, attacks and defense mechanisms in the wireless attacks lesson. Wireless networks represent the softest and most common entry point for hackers. We will talk about advanced wireless attacks and how to prevent them.
XSS and Injection are some of the top techniques used by attackers to compromise websites and user data. Learn how to test for XSS vulnerabilities, identify exploits and protect against them. Attack applications using buffer overflow techniques in order to execute arbitrary malicious code and we will also identify ways to mitigate these attacks.
There are practically an infinite number of security testing tools available both free and paid. In the security testing tools lesson we will begin to scratch the surface of some of these common tools and identify how we categorize them and their uses. Management of logs are a key component of operational security. These days the velocity, variety and volume of data collected via logs has catapulted log management into the realm of Big Data. You will learn how to effectively manage these logs and derive useful security information from them in the lesson on SIEM.
Minimizing the attack surface area of operating systems, databases and applications is a key tenet of operational security. I will show you techniques for OS/DB and App hardening. Luring attackers away from critical data and studying their behavior can help us to protect the data that matters most. You will learn how to use honeypots to tie up attackers and find out what they are up to.
Vulnerability Assessment and Pen Testing are often terms that are used interchangeably. In this section we will walk through some of the differences and commonalities between the two.
Who this course is for:
This course is intended for absolute beginners and IT professionals looking to make the move into the Cyber Security field. No programming experience or prior security knowledge is required. A basic understanding of networking and TCP/IP is helpful. This course is intended for anyone who is interested in a career in Cyber Security
Requirements
-
Students should have basic knowledge of operating systems such as Windows and Linux.
-
No special software is needed for this course.