SEC401: Security Essentials Bootcamp Style

Overview

A key way that attackers gain access to a company's resources is through a network connected to the internet. Organizations try to prevent as many attacks as possible. Unfortunately, not all attacks will be prevented, and as such, they must be detected it in a timely manner. Therefore, it is critical to be able to understand the goals of building a defensible network architecture. It is critically important to understand the architecture of the system, types of network designs, relational communication flows, and how to protect against attacks using devices such as routers and switches. These essentials and more will be covered during the first section of this course in order to provide a firm foundation for the remaining sections of this training.

In any organization large or small, all data are not created equal. Some data are routine and incidental while other data can be very sensitive, and loss of those data can cause irreparable harm to an organization. It is essential to understand attacks, the vulnerability behind those attacks, and how to prioritize the information and steps to secure the systems. To achieve this, you need to gain familiarity with the communication protocols of modern networks. Adversaries need our networks just as much as we do. Adversaries live off the land, mercilessly pivoting from system to system, on our network, until they can achieve the long-term goal for which they came. Being able to apply the concepts of 'knowing' our network, and how network operations are performed, will allow us to baseline 'normal'. Knowing normal allows 'abnormal' (the adversary) to stand out.

Cloud computing becomes an obvious topic of discussion in relation to our modern networks - public and private networks alike. A conversation on defensible networking would not be complete without an in-depth discussion of what cloud is, and more importantly, the important security considerations that must be taken into account.

By the end of this section, you will understand Defensible Network Architecture, Protocols and Packet Analysis, Network Device Security, Virtualization and Cloud, and Wireless Network Security.

Last, but certainly not least, all of the above wouldn't be as useful without applying the knowledge in our extensive hands-on lab-based environment. Each day of SEC401 is built on a foundation of how to apply key topics and concepts in real-world application.

By the end of Day 1, the adversary's game will be up. Adversaries need to use OUR network to achieve THEIR goals. By understanding how our networks function (relative to our unique needs), the adversary's activity will be revealed. Discovery of the adversary is only a small part of the overall battle; the remainder of SEC401 will show you how not only to defend, but better prevent (and remediate) the adversary.

Topics

SEC401.1: Outline: Network Security Essentials

• SEC401: An Introduction
• Defensible Network Architecture
• Protocols and Packet Analysis
• Network Device Security
• Virtualization and Cloud
• Securing Wireless Networks

Module 1: SEC401 - An Introduction

SEC401 is unique in its coverage of more than 30 topical areas of information security. In this introductory module we review the structure of the course, the logistics of the class schedule in concert with 'bootcamp' hours, and the overall thematic view of the course topics.

Module 2: Defensible Network Architecture

In order to properly secure and defend a network, you must first have a clear and strong understanding of both the logical and physical components of network architecture. Above and beyond an understanding of network architecture, however, properly securing and defending a network will further require an understanding of how the adversary abuses the information systems of our network to achieve their goals.

• Network Architecture
• Attacks Against Network Devices
• Network Topologies
• Network Design

Module 3: Protocols and Packet Analysis

A solid understanding of the interworking of networks enables you to more effectively recognize, analyze, and respond to the latest (perhaps unpublished) attacks. This module introduces the core areas of computer networks and protocols.

Network Protocols Overview

Layer 3 Protocols

• Internet Protocol
• Internet Control Message Protocol

Layer 4 Protocols

• Transmission Control Protocol
• User Datagram Protocol

Tcpdump

Module 4: Network Device Security

In order to implement proper network security, you have to understand the various components of modern networks. In this module, we will look at the core components of network infrastructure, how they work, and the methods needed to leverage them for modern cyber defense. Unfortunately everything on the network, including the network itself, is a target for the adversary. Our conversation on network device security would be incomplete without discussing how to properly secure our networking infrastructure itself.

• Network Devices
• Network Device Security

Module 5: Virtualization and Cloud

In this module, we will examine what virtualization is, the security benefits and risks of a virtualized environment, and the differences in virtualization architecture. Because cloud computing is architected on virtualization, the module concludes with an extensive discussion of what cloud is (public and private cloud), how it works, the services made available by public cloud, and related security concepts.

• Virtualization Overview
• Virtualization Security
• Cloud Overview
• Cloud Security

Module 6: Securing Wireless Networks

In this module, we will explain the differences between the various types of wireless communication technologies available today, the insecurities present in those communications, and approaches to mitigation to reduce the risk of those insecurities to a more acceptable level of risk.

• The Pervasiveness of "Wireless" Communications
• Traditional Wireless: IEEE 802.11 and Its Continual Evolution
• Personal Area Networks
• 5G Cellular (Mobile) Communication
• The Internet of Things

Overview

To secure an enterprise network, you must understand the general principles of network security. On Day 2, we look at the "big picture" threats to our systems and how to defend against them. We will learn that protections need to be layered leveraging a principle called defense-in-depth, and then explain the principles that will serve us well in protecting our systems.

The section starts with information assurance foundations. We look at security threats and how they have impacted confidentiality, integrity, and availability. The most commonly discussed aspect of defense-in-depth is predicated on access controls. As such, with a solid foundation on the aspects of information assurance in place, we move onto the aspects of identity and access management. Even though, for more than 30 years, passwords (the most commonly used form of authentication for access control) were to be deprecated and moved away from, we still struggle today with the compromises that result from credential theft. What we can do for modern authentication is the focus of our discussion on authentication and password security. Toward the end of the book we shift our focus to modern security controls that will work in the presence of the modern adversary. We do so by leveraging the Center for Internet Security (CIS) controls to help prioritize our risk reduction activities and gather metrics as we construct our security roadmap. While realizing that our networks are the foundation for both our (and the adversaries) activities, we might be naturally curious as to what else we can do from an overall environmental focus on how best to secure our data. This naturally leads to a discussion on Data Loss Prevention techniques. Last, but certainly not least, a discussion of defense-in-depth would not be complete without a discussion of, perhaps, the most important aspect of any security program - Security Plans and Risk Management. Cyber security is really just a different form of risk management. A modern-day defender will not be a capable defender without understanding the constitution of risk, how information security risk must tie back to organizational risk, and the methods used to appropriately address gaps in risk.

Topics

SEC401.2: Outline: Defense-in-Depth

• Defense-in-Depth
• Identity and Access Management
• Authentication and Password Security
• CIS Controls
• Data Loss Prevention
• Security Plans and Risk Management

Module 7: Defense-in-Depth

In this module, we look at threats to our systems and take a "big picture" look at how to defend against them. We will learn that protections need to be layered, a principle called defense-in-depth, and explain some principles that will serve you well in protecting your systems.

Defense-in-Depth Overview

• Risk = Threats x Vulnerabilities
• Confidentiality, Integrity, and Availability

Strategies for Defense-in-Depth

Core Security Strategies

Module 8: Identity and Access Management

This module discusses the principles of identity management and access control. Access control models vary in their approaches to security. We will explore their underlying principles, strengths, and weaknesses. The module includes a brief discussion on authentication and authorization protocols and control.

Digital Identity

• Authentication
• Authorization
• Accountability

Identity Access Management

Access Control

• Controlling Access
• Managing Access
• Monitoring Access

Module 9: Authentication and Password Security

A discussion of identity and access management naturally leads to a conversation on authentication and password security. We will spend time discussing the various types of authentication: Something you know, something you have, some place you are, and something you are. We will also spend considerable time discussing the most common (and problematic) example of the "something you know" authentication type: the password. We will spend time delving into password files, storage, and protection.

Authentication Types

Password Management

• Password Techniques
• Password (Passphrase) Policies
• Password Storage
• How Password Assessment Works

Password Cracking Tools

• John the Ripper
• Hashcat
• Mimikatz

Multi-Factor Authentication

Adaptive Authentication

Module 10: Center for Internet Security (CIS) Controls

In implementing security, it is important to have a framework with proper metrics. As is often said, you cannot manage what you cannot measure. The CIS controls were created to help organizations prioritize the most critical risks they face. In addition to a framework, the CIS controls also provide details to help organizations put together an effective plan for implementation of the controls they need.

• Introduction to the CIS Controls
• The CIS Controls
• Case Study: Sample CIS Control

Module 11: Data Loss Prevention

Loss or leakage?

In essence, data loss will be any condition that results in data being corrupted, deleted, or made unreadable in any way by a user and/or software (application). A data breach is, in most cases, a security incident that can be intentional or unintentional. Security incidents can lead to (among other things) unintentional information disclosure, data leakage, information leakage and data spill. In this module we cover exactly what constitutes data loss or leakage, the various ways to properly categorize different types of data loss and leakage, and the methodologies that can be leveraged to implement an appropriate data loss prevention capability.

Loss or Leakage

• Data Loss
• Data Leakage
• Ransomware

Preventative Strategies

Redundancy (On-Premise and Cloud)

Data Recovery

Related Regulatory Requirements

• GDPR
• CCPA

Data Loss Prevention Tools

Defending Against Data Exfiltration

Module 12: Security Plans and Risk Management

In this module, we discuss the key elements of managing and governing risk within an organization. A key part of managing and governing risk is the formation of security plans built on a solid understanding of the "security risk' of the organization. We will learn how to identify a risk, quantify and assess the probability of the risk, and leverage the classification of an asset to determine impact.

Security Plans

Risk Management

Security Governance

How Do I Identify a Risk?

• Quantifying Risk
• Probability
• Impact Types
• Asset Classification

Risk-Level Matrices

Risk Treatment Actions

Security Policies

Security Standards

Overview

On Day 3, our focus shifts to the various areas of our environment where vulnerabilities manifest. We will begin with an overall discussion of exactly what constitutes a vulnerability, and how to best implement a proper vulnerability assessment program. Penetration testing is often discussed in concert with vulnerability assessment, even though vulnerability assessment and penetration testing are quite distinct from each other.

In concluding our discussion of vulnerability assessments, we next move on to a proper and distinct discussion on what penetration testing is, and how best to leverage its benefits. Because vulnerabilities represent weaknesses that allow adversaries to manifest, a discussion of vulnerabilities would be incomplete without a serious discussion of modern attack methodologies based on real-world examples of real-world compromise. Of all the potential areas for vulnerabilities to manifest in our environment, web applications represent, perhaps, one of the most substantial areas of potential vulnerability and consequential risk. The extensive nature of the vulnerabilities that can manifest with ease from web applications dictate that we focus the attention of an entire module on web application security concepts. While it is true that vulnerabilities allow adversaries to manifest (perhaps with great ease), it is impossible for adversaries to remain entirely hidden - post-compromise. By leveraging the logging capacity of our hardware and software, we can more easily detect the adversary in a reduced period of time. How we achieve such a capacity is the subject of our penultimate module: Security Operations and Log Management. Last, and not least, we will need to have a plan of action for a proper response to the compromise of our environment. The methodology of an appropriate incident response is the subject of our final module of Day 3.

Topics

SEC401.3: Outline: Vulnerability Management and Response

• Vulnerability Assessments
• Penetration Testing
• Attacks and Malicious Software
• Web Application Security
• Security Operations and Log Management
• Digital Forensics and Incident Response

Module 13: Vulnerability Assessments

This module covers the tools, technology, and techniques used for reconnaissance (including gathering information, mapping networks, scanning for vulnerabilities, and applying mapping and scanning technology).

• Introduction to Vulnerability Assessments
• Steps to Perform a Vulnerability Assessment
• Criticality and Risks

Module 14: Penetration Testing

The role of penetration testing is well-understood by the majority of organizations and gave birth to newer testing techniques such as Red Teaming, Adversary Emulation, and Purple Teaming. Each have their own unique approaches and benefits. Often, penetration testing is limited in scope to where the testers are not truly able to emulate and mimic the behavior of adversaries. This is where activities such as Red Teaming and Adversary Emulation come into play. A methodical and meticulous approach must be taken regarding penetration testing in order to provide the biggest business value to your organization.

• What and Why of Penetration Testing
• Types of Penetration Testing
• Penetration Testing Process
• Penetration Testing Tools

Module 15: Attacks and Malicious Software

In this module we will take a look at the Marriott breach (a breach that compromised millions of people globally), as well as ransomware attacks that continue to cripple hundreds of thousands of systems across different industries. We'll describe these attacks in detail, discussing not only the conditions that made them possible, but also some strategies that can be used to help manage the risks associated with such attacks.

• High-Profile Breaches and Ransomware
• Common Attack Techniques
• Malware and Analysis

Module 16: Web Application Security

In this module, we look at some of the most important things to know on designing and deploying secure web applications. We start with an explanation of the basics of web communications. We then move on to cover HTTP, HTTPS, HTML, cookies, authentication, and maintaining state. We conclude by looking at how to identify and fix vulnerabilities in web applications.

Web Application Basics

• Cookies
• HTTPS

Developing Secure Web Apps

• OWASP Top Ten
• Basics of Secure Coding
• Web Application Vulnerabilities
• Authentication
• Access Control
• Session Tracking / Maintaining State

Web Application Monitoring

• Web Application Firewall (WAF)

Monolithic Architecture and Security Controls

Microservice Architecture

• Attack Surface

Module 17: Security Operations and Log Management

In this module, we cover the essential components of logging, how to properly manage logging, and the considerations that must be understood in order to use the power of logging to its full potential.

• Logging Overview
• Setting Up and Configuring Logging
• Logging Management Basics
• Key Logging Activity

Module 18: Digital Forensics and Incident Response

In this module, we explore the fundamentals of incident handling and why it is important to our organization. We outline a multi-step process to help create our own incident-handling procedures. The module also covers how to leverage digital forensics methodologies to ensure our processes are repeatable and verifiable.

Introduction to Digital Forensics

• What is Digital Forensics?
• Digital Forensics in Practice
• The Investigative Process
• Remaining Forensically Sound
• Examples of Digital Forensics Artifacts
• DFIR Subdisciplines
• Digital Forensics Tools

Incident Handling Fundamentals

Multi-Step Process for Handling an Incident

Incident Response: Threat Hunting

Overview

There is no silver bullet when it comes to security. However, there is one technology that would help solve a lot of security issues - although few companies deploy it correctly. This technology is cryptography. Concealing the meaning of a message can prevent unauthorized parties from reading sensitive information. During the first half of Day 4 we'll look at various aspects of cryptographic concepts and how they can be used in securing an organization's assets. A related discipline called steganography, or information hiding, is also covered. During the second half of the day, we shift our focus to the various types of prevention technologies that can be used to stop an adversary from gaining access to our organization (firewalls, intrusion prevention systems) and the various types of detection technologies that can detect the presence of an adversary on our networks (intrusion detection systems). These preventative and detective techniques can be deployed from a network and/or endpoint perspective; the similarities and differences in the application of these techniques will be explored.

Topics

SEC401.4: Outline: Data Security Technologies

• Cryptography
• Cryptography Algorithms and Deployment
• Applying Cryptography
• Network Security Devices
• Endpoint Security

Module 19: Cryptography

Cryptography can provide the functional capabilities needed to achieve confidentiality, integrity, authentication, and non-repudiation purposes. There are three general types of cryptographic systems: Symmetric, Asymmetric, and Hashing. These systems are usually distinguished from one another by the number of keys employed, and the security goals they achieve. This module discusses these different types of cryptographic systems and how each type is used to provide a specific security function. The module also introduces steganography, a means of hiding data in a carrier medium. Steganography can be used for a variety of reasons but is most often is used to conceal the fact that sensitive information is being sent or stored.

Cryptosystem Fundamentals

General Types of Cryptosystems

• Symmetric
• Asymmetric
• Hashing

Steganography

Module 20: Cryptography Algorithms and Deployment

In this module, we'll acquire a high-level understanding of the mathematical concepts that contribute to modern cryptography and a basic understanding of commonly used symmetric, asymmetric, and hashing algorithms. We'll also identify common attacks used to subvert cryptographic defenses.

• Cryptography Concepts
• Symmetric, Asymmetric, and Hashing Cryptosystems
• Cryptography Attacks

Module 21: Applying Cryptography

In this module, we'll discuss solutions for achieving our primary goals for using cryptography: protection of data in transit and protection of data at rest. We conclude with an important discussion on the management of public keys (and their related certificates) in terms of a Public Key Infrastructure (PKI).

Data in Transit

• Virtual Private Networks

Data at Rest

• Data Encryption
• Full Disk Encryption
• GNU Privacy Guard (GPG)

Key Management

• Public Key Infrastructure (PKI)
• Digital Certificates
• Certificate Authorities

Module 22: Network Security Devices

This module will look at the three main categories of network security devices: Firewalls, Network Intrusion Detection Systems (NIDS), and Network Intrusion Prevention Systems (NIPS). Together, they provide a complement of prevention and detection capabilities.

Firewalls

• Overview
• Types of Firewalls
• Configuration and Deployment

NIDS

• Types of NIDS
• Snort as a NIDS

NIPS

• Methods of Deployment

Module 23: Endpoint Security

In this module, we will examine some of the key components, strategies, and solutions for implementing security from an endpoint perspective. This includes general approaches to endpoint security, strategies for baselining activity, and solutions like Host-based IDS (HIDS) and Host-based IPS (HIPS).

• Endpoint Security Overview
• Endpoint Security Solutions
• HIDS Overview
• HIPS Overview

Overview

Remember when Windows was simple? Windows XP desktops in a little workgroup...what could be easier? A lot has changed over time. Now, we have Windows tablets, Azure, Active Directory, PowerShell, Microsoft 365 (Office 365), Hyper-V, Virtual Desktop Infrastructure, and so on. Microsoft is battling Google, Apple, Amazon, and other cloud giants for cloud supremacy. The trick is to do cloud securely, of course.

Windows is the most widely used and targeted operating system on the planet. At the same time, the complexities of Active Directory, Public Key Infrastructure, BitLocker, AppLocker, and User Account Control represent both challenges and opportunities. Day 5 will help you quickly master the world of Windows security while showing you the tools that can simplify and automate your work. You will complete the section with a solid grounding in Windows security by looking at automation, auditing, and forensics.

Topics

SEC401.5: Outline: Windows Security

• Windows Security Infrastructure
• Windows as a Service
• Windows Access Controls
• Enforcing Security Policy
• Network Services and Cloud Computing
• Automation, Auditing, and Forensics

Module 24: Windows Security Infrastructure

This module discusses the infrastructure that supports Windows security. This is a big picture overview of the Windows security model. It provides the background concepts necessary to understand everything else that follows.

• Windows Family of Products
• Windows Workgroups and Accounts
• Windows Active Directory and Group Policy

Module 25: Windows as a Service

This module discusses techniques for managing updates to Windows.

• End of Support
• Servicing Channels
• Windows Update
• Windows Server Update Services
• Third Party Patch Management

Module 26: Windows Access Controls

This module focuses on understanding how permissions are applied in the Windows NT File System (NTFS), Shared Folders, Registry Keys, Active Directory, and Privileges. BitLocker Drive Encryption is discussed as another form of access control (for encrypted information), and as a tool to help maintain the integrity of the boot-up process if you have a Trusted Platform Module.

• NTFS Permissions
• Shared Folder Permissions
• Registry Key Permissions
• Active Directory Permissions
• Privileges
• BitLocker Drive Encryption

Module 27: Enforcing Security Policy

This module discusses one of the best tools for automating security configuration changes, SECEDIT.EXE, the command-line version of Microsoft's Security Configuration and Analysis snap-in. We'll look at some of the most important changes to make through the use of this tool, such as password policy, lockout policy, and null user session restrictions. We'll also briefly discuss Group Policy Objects (GPOs) and the many security configuration changes that they can help to enforce throughout the domain.

• Applying Security Templates
• Employing the Security Configuration and Analysis Snap-in
• Understanding Local Group Policy Objects
• Understanding Domain Group Policy Objects
• Administrative Users
• AppLocker
• User Account Control
• Recommended GPO settings

Module 28: Network Services and Cloud Computing

It is important that we properly secure a system before we connect it to a network. Applying the latest updates isn't good enough: We want a machine that has been hardened specifically in anticipation of vulnerabilities that have not yet been discovered.

• Server Core and Server Nano
• Best Way to Secure a Service
• Packet Filtering
• IPsec Authentication and Encryption
• Internet Information Server (IIS)
• Remote Desktop Services
• Windows Firewall
• Microsoft Azure and Microsoft 365 (Office 365)

Module 29: Automation, Auditing, and Forensics

Automation, auditing, and forensics go together because, if we can't automate our work, the auditing and forensics work doesn't get done at all (or is done only sporadically), or we can't make it scale beyond the small number of machines that we can physically touch. Thankfully, modern Windows systems come with a very powerful automation capability: PowerShell. We will learn what PowerShell is and how to leverage it in our pursuit of deployment consistency, detection of change, remediation of systems, and even threat hunting!

• Verifying Policy Compliance
• Creating Baseline System Snapshots
• Gathering Ongoing Operational Data
• Employing Change Detection and Analysis (Threat Hunting)

Overview

While organizations do not have as many Linux systems, the Linux systems that they do have are often some of the most critical systems that need to be protected. Day 6 provides guidance to improve the security of any Linux system. The day combines practical "how to" instructions with background information for Linux beginners, as well as security advice and best practices for administrators with various levels of expertise. With the idea of Linux being a 'free' operating system, it isn't a surprise that many advanced security concepts are first developed for Linux. Containers is one example of such. Containers provide powerful and flexible concepts for cloud computing deployments. Containers, while not specifically designed for information security purposes, are built on elements of minimization and that is something we can leverage in an overall information security methodology (as a part of defense-in-depth). Containers, what they do and do not represent for information security, and the best practice for their management will be fully discussed. A discussion of Linux and UNIX concepts would not be complete without a discussion of the macOS (which is based on UNIX). Apple's venerable macOS provides extensive opportunity for hardware and software security but is often misunderstood from what can and cannot be achieved. Because the majority of our modern-day mobile operating systems have a Linux and/or UNIX background, we end our Day 6 with a discussion on mobile device security.

Topics

SEC401.6: Outline: Linux, Mac and Smartphone Security

• Linux Fundamentals: Structure, Permissions, and Access Controls
• Linux Security Enhancements and Infrastructure
• Containerized Security
• macOS Security
• Mobile Device Security

Module 30: Linux Fundamentals

This module discusses the foundational items that are needed to understand how to configure and secure a Linux system.

Operating System Comparison

Linux Vulnerabilities

Linux Operating System

• Shell
• Kernel
• Filesystem
• Linux Unified Key Setup

Linux Security Permissions

Linux User Accounts

Pluggable Authentication Modules

Built-in Commands

• Windows / *NIX Comparison
• Leveraging Built-in Commands for Threat Hunting

Service Hardening

Package Management

Module 31: Linux Security Enhancements and Infrastructure

This module discusses security-enhancement utilities that provide additional security and lockdown capabilities for modern Linux systems. As discussed earlier in the course, taking advantage of logging capabilities is an incredibly important aspect of our modern cyber defense. Linux's support for the well-known Syslog logging standard (and its related features) will discussed. As Syslog continues to age it may end up being unable to provide the logging features that modern-day cyber defense might demand. As such, additional logging enhancements - from syslog-ng to auditd - will be explored.

Operating System Enhancements

• SELinux
• AppArmor

Linux Hardening

• Source Routing
• IPv6
• Address Space Layout Randomization (ASLR)
• Kernel Module Security
• SSH Hardening
• CIS Hardening Guides and Utilities

Log Files

• Key Log Files
• Syslog
• Syslog Security
• Log Rotation
• Centralized Logging
• Auditd

Firewalls: Network and Endpoint

File-integrity Checking

Rootkit Detectors

Module 32: Containerized Security

The importance of segmentation and isolation techniques cannot be understated. Isolation techniques can help to mitigate the initial damage caused by an adversary giving us more time for detection. In this module we discuss the various types of isolation techniques: Chroot, virtualization, and containers. Containers are a relatively new concept (as applied to information security perspectives). There can be a lot of misunderstanding as to what security benefits are truly afforded by the use of containers, and the potential security issues that might manifest within containers themselves. Containers, what they are, deployment best practice, and how to secure them will be explored.

Chroot

Virtualization

• Containers vs. Virtual Machines

Containers

• LXC
• Cgroups and Namespaces
• Docker
• Docker Images

Container Orchestration

• Kubernetes

Container Security

• Docker Best Practices
• Vulnerability Scanning Tools
• Secure Configuration Baselines
• Terraform

Module 33: macOS Security

This module focuses on an overview of the security features which are built into macOS systems. Although macOS is a relatively secure system and has different security features, it can also be flawed just like any other software.

macOS Security Features

• What is macOS?
• Privacy Controls
• Keychain
• Strong Passwords
• Gatekeeper
• Anti-Phishing and Download Protection
• XProtect
• Firewall
• FileVault
• Sandboxing and Runtime Protection
• Security enclaves

macOS Vulnerabilities and Malware

• BuggyCow
• GateKeeper Bypass
• FlashBack
• CrescentCore

Module 34: Mobile Device Security

This module starts with a quick comparison of the Android and iOS mobile operating systems and what makes them so different. The module concludes with a brief discussion of the security features of both systems.

Android vs. iOS

Android Security

• Android Security Features
• What You Need to Know About Android
• Android Fragmentation
• Android Security Fix Process

Apple iOS Security

• Apple iOS Security Features
• What You Need to Know About iOS
• iOS Updates

Mobile Problems and Opportunities

Mobile Device Management (MDM)

Unlocking, Rooting, and Jailbreaking

Mitigating Mobile Malware

• Android Malware
• iOS Malware