SEC401.1: Network Security and Cloud Essentials

Overview

A typical way attackers can access companies' resources is through a network connected to the internet. Organizations try to prevent as many attacks as possible, but since not all attacks will ultimately be prevented, they must be detected in a timely manner. It is therefore critical to understand how to build a defensible network architecture, including the types of network designs and the relational communication flows.

In any organization large or small, all data is not created equal. Some data is routine and incidental, while other data can be vastly sensitive and critical, and its loss can cause irreparable harm to an organization. It is essential to understand how network-based attacks bring risk to critical data and how an organization is vulnerable to such attacks. To achieve this, we need to become familiar with communication protocols of modern networks.

Cloud computing becomes an obvious topic of discussion in relation to our modern public and private networks. A conversation on defensible networking would not be complete without an in-depth discussion of what the cloud is, and most importantly, the security abilities (and related concerns) of the cloud that must also be taken into account.

Adversaries need our networks just as much as we do. Adversaries live off the land, mercilessly pivoting from system to system on our network until they achieve their long-term goals. Said differently, adversaries need to use OUR network to achieve THEIR goals. By understanding how our networks function (relative to our unique needs), we can more easily uncover the activities of adversaries.

By the end of this section, you will understand Defensible Network Architecture, Protocols and Packet Analysis, Virtualization and Cloud Essentials, and Wireless Network Security.

Exercises

• Virtualized environment setup
• Sniffing and analysis of network traffic including tcpdump
• Sniffing, protocol decoding, and extraction of network traffic using Wireshark
• Wireshark network communication attacks

Topics

Module 1: An Introduction to SE401

This course is unique in its coverage of more than 30 topics of information security. This introductory module reviews the structure of the course and the logistics of the class in concert with the "bootcamp" hours and provides an overall thematic view of the course topics.

Module 2: Defensible Network Architecture

To properly secure and defend a network, you must first have a clear and strong understanding of both the logical and physical components of network architecture. Above and beyond an understanding of network architecture, however, properly securing and defending a network will further require an understanding of how adversaries abuse the information systems of our network to achieve their goals.

• Network Architecture
• Attacks Against Network Devices
• Network Topologies
• Network Design

Module 3: Protocols and Packet Analysis

A solid understanding of the interworking of networks enables you to more effectively recognize, analyze, and respond to the latest (perhaps unpublished) attacks. This module introduces the core areas of computer networks and protocols.

• Network Protocols Overview
• Layer 3 Protocols
• Internet Protocol
• Internet Control Message Protocol
• Layer 4 Protocols
• Transmission Control Protocol
• User Datagram Protocol
• Tcpdump

Module 4: Virtualization and Cloud Essentials

This module will examine what virtualization is, the security benefits and the risks of a virtualized environment, and the differences in virtualization architecture. Because cloud computing is architected on virtualization, the module concludes with an extensive discussion of what the public and private cloud is, how it works, the services made available by the public cloud (including security offerings), and related security concepts.

• Virtualization Overview
• Virtualization Security
• Cloud Overview
• Cloud Security

Module 5: Securing Wireless Networks

This module will explain the differences between the various types of wireless communication technologies available today, the insecurities present in those communications, and approaches to reduce the risk of those insecurities to a more acceptable level.

• The Pervasiveness of Wireless Communications
• Traditional Wireless: IEEE 802.11 and its Continual Evolution
• Personal Area Networks
• 5G Cellular (Mobile) Communications
• The Internet of Things

SEC401.2: Defense in Depth

Overview

This section of the course looks at the big picture threats to our systems and how to defend against them. We will learn that protections need to be layered, leveraging a principle called defense in depth.

The section starts with information assurance foundations. We look at security threats and how they impact confidentiality, integrity, and availability. The most common aspect of defense in depth is predicated on access controls, and so we move into a discussion on the aspects of identity and access management (IAM). We will see that while passwords (the most common factor of authentication) were to be deprecated and moved away from, this has not been the case and we still struggle today with compromises that result from credential theft. What we can leverage for modern authentication becomes the focus of the discussion on authentication and password security, especially as it applies to cloud computing. Many consider that IAM is the new security perimeter for cloud-based functionality, so the importance of its strong application cannot be understated.

Toward the end of this section, we will shift the focus toward modern security controls that work in the presence of the modern adversary. This is done by leveraging Center for Internet Security (CIS) Controls, the NIST Cybersecurity Framework, and the MITRE ATT&CK knowledge base. In circling back to earlier course content on network architecture, we might naturally be curious as to what else can be done using an overall environmental focus to best secure our data in transit and at rest. This leads to a larger discussion on data loss protection techniques.

Last but certainly not least, a discussion of defense in depth would not be complete without touching on perhaps one of the most important techniques that is more heavily relied upon than ever before - mobile devices. The course section will conclude with a thorough discussion of the benefits (and security risks) of mobile devices ranging from Bring Your Own Device (BYOD) to Mobile Device Management (MDM).

Exercises

• Linux and bitcoin wallet password hash cracking with Hashcat
• Windows password hash cracking with Cain and Abel
• Application control with AppLocker by Microsoft

Topics

Module 6: Defense in Depth

This module examines threats to our systems and takes a big picture look at how to defend against them. We will learn that protections need to be layered, a principle called defense in depth, and explain some principles that will serve you well in protecting your systems.

• Defense in Depth Overview
• Risk = Threat x Vulnerability
• Confidentiality, Integrity and Availability
• Strategies for Defense in Depth
• Core Security Strategies
• Defense in Depth in the Cloud
• Zero Trust Methodology
• Variable Trust

Module 7: Identity and Access Management

This module discusses the principles of identity management and access control. Access control models vary in their approaches to security. We will explore their underlying principles, strengths, and weaknesses. The module includes a brief discussion on authentication and authorization protocols and control.

• Digital Identity
• Authentication
• Authorization
• Accountability
• Identity Access Management
• Single Sign On (SOS): On-Premise and Cloud
• Traditional SSO
• SAML 2.0
• 0Auth 2.0
• Access Control
• Controlling Access
• Managing Access
• Monitoring Access

• Privileged Access Management: On-Premise and Cloud

Module 8: Authentication and Password Security

A discussion of identity and access management naturally leads to a conversation on authentication and password security. We will spend time discussing the various types of authentication: something you know, something you have, and something you are. We will focus specifically on the most common (and problematic) example of something you know authentication type (the password).

• Authentication Types
• Something You Know
• Something You Have
• Something You Are
• Password Management
• Password Techniques
• Password (Passphrase) Policies
• Password Storage
• Key Derivation Functions
• How Password Assessment Works
• Password Attack Tools
• Hashcat
• Mimikatz
• Multi-Factor Authentication
• Adaptive Authentication

Module 9: Security Frameworks

In implementing security, it is important to have a framework that includes proper metrics. As is often said, you cannot manage what you cannot measure. This module focuses on three frameworks: The Center for Internet Security (CIS) Controls (created to help organizations prioritize the most critical risks they face); the NIST Cybersecurity Framework (standards, guidelines, and best practices that can assist in managing overall cybersecurity risk); and the MITRE ATT&CK knowledge base (adversary tactics and techniques). Combining the prioritized actions of the CIS Controls with the understanding of overall risk from the NIST Cybersecurity Framework, all in consideration of adversarial tactics and techniques, will help put us in solid footing in defending against the modern adversary.

• Introduction to the CIS Controls
• Guiding Principles
• Case Study: Sample CIS Control
• Case Study: SolarWinds
• NIST Cybersecurity Framework
• Framework Core
• Implementation Tiers
• Framework Profiles
• MITRE ATT&CK
• Techniques
• Mapping to Known Adversaries

Module 10: Data Loss Prevention

Loss or leakage?

In essence, data loss is any condition that results in data being corrupted, deleted, or made unreadable in any way by a user and or software (application). A data breach is, in most cases, an intentional or unintentional security incident. Such incidents can lead to, among other things, unintentional information disclosure, data leakage, and data spill. This module covers exactly what constitutes data loss or leakage, and the methodologies that can be leveraged to implement an appropriate data-loss prevention capability.

• Loss or Leakage
• Data Loss
• Data Leakage
• Ransomware
• Preventative Strategies
• Redundancy (On-Premise and Cloud)
• Data Recovery
• Related Regulatory Requirements
• GDPR
• CCPA
• Data Loss Prevention Tools
• Defending Against Data Exfiltration
• Honeypots
• User Activity Monitoring

Module 11: Mobile Device Security

This module starts with a quick comparison of the Android and iOS mobile operating systems and what makes them so different. The module concludes with a brief discussion of the security features of both systems.

• Android versus iOS
• Android Security
• Android Security Features
• What You Need to Know About Android
• Android Fragmentation
• Android Security Fix Process
• Apple iOS Security
• Apple iOS Security Features
• What to Know About iOS
• iOS Updates
• Mobile Problems and Opportunities
• Mobile Device Management
• Unlocking, Rooting, and Jailbreaking
• Mitigating Mobile Malware
• Android Malware
• iOS Malware

SEC401.3: Vulnerability Management and Response

Overview

In this section the focus shifts to various areas of our environment where vulnerabilities arise. We will begin with an overall discussion of exactly what constitutes a vulnerability, and how to best implement a proper vulnerability assessment program.

Penetration testing is often discussed in concert with vulnerability assessment, even though vulnerability assessment and penetration testing are quite distinct from each other. So, in concluding our discussion of vulnerability assessments, we move on to a proper and distinct discussion on what penetration testing is and how best to leverage its benefits.

Because vulnerabilities represent weaknesses that adversaries exploit, a discussion of vulnerabilities would not be incomplete without a serious discussion of modern attack methodologies based on real-world examples of compromise. Of all the potential areas for vulnerabilities in our environment, web applications represent one of the most substantial, with the most consequential risk. The extensive nature of vulnerabilities that can arise from web applications dictate that we focus the attention of this entire module on web application security concepts.

While it is true that vulnerabilities allow adversaries to penetrate our systems, sometimes with great ease, it is impossible for those adversaries to remain entirely hidden post-compromise. In leveraging the logging capabilities of our hardware and software, we might detect the adversary in a timely manner. How we achieve such a capacity is the subject of our penultimate module: Security Operations and Log Management.

Last but not least, we will need to have a plan of action for a proper response to the compromise of our environment. The methodology for an appropriate incident response is the subject of the final module of this section.

Exercises

• System, port, and vulnerability discovery with Nmap
• Trojan software
• Leveraging application vulnerabilities for command injection
• Malicious network packet crafting

Topics

Module 12: Vulnerability Assessments

This module covers the tools, technology, and techniques used for reconnaissance (including gathering information), the mapping of networks, and scanning of vulnerabilities, all within the scope of a proper vulnerability framework.

• Introduction to Vulnerability Assessments
• Steps to Perform a Vulnerability Assessment
• Criticality and Risks

Module 13: Penetration Testing

The role of penetration testing, which is well understood by most organizations, gave rise to newer testing techniques such as red and purple teaming and adversary emulation. Often, penetration testing is limited in scope to where the testers are not truly able to emulate and mimic the behaviors of adversaries. This is where the red teaming and adversary emulation come into play. A methodical and meticulous approach to penetration testing is needed to provide business value to your organization.

• The What and Why of Penetration Testing
• Red Team
• Adversary Emulation
• Purple Team
• Types of Penetration Testing
• External
• Internal
• Web Application
• Social Engineering
• Mobile Device Testing
• Internet of Things Testing
• Penetration Testing Process
• Penetration Testing Tools
• Nmap
• Metasploit
• Meterpreter
• C2 Frameworks and Implants
• Password Compromise, Reuse, Stuffing, and Spraying

Module 14: Attacks and Malicious Software

This module will examine the Marriott breach, which compromised millions of records globally, as well as ransomware attacks that continue to cripple hundreds and thousands of systems across different industries. We will describe the attacks in detail, discussing not only the conditions that made them possible, but also some strategies that can be used to help manage the risks associated with such attacks.

• High-Profile Breaches and Ransomware
• Ransomware as a Service
• Common Attack Techniques
• Malware and Analysis

Module 15: Web Application Security

This module looks at some of the most important things to know about designing and deploying secure web applications. We start with an examination of the basics of web communications, then move on to cover HTTP, HTTPS, HTML, cookies, authentication, and maintaining state. We conclude by looking at how to identify and fix vulnerabilities in web applications.

• Web Communication Fundamentals
• Cookies
• HTTPS
• Developing Secure Web Apps
• OWASP Top Ten
• Basics of Secure Coding
• Web Application Vulnerabilities
• Authentication
• Access Control
• Session Tracking/Maintaining State
• Web Application Monitoring
• Web Application Firewall (WAF)
• Monolithic Architecture and Security Controls
• Microservice Architecture and Related Attack Surface

Module 16: Security Operations and Log Management

This module covers the essential components of logging, how to properly manage logging, and the considerations that factor into leveraging logging to its fullest potential.

• Logging Overview
• Log Collection Architecture
• Log Filtering
• Lack of Accepted Log Standards
• Setting Up and Configuring Log Standards
• Log Analysis Tools
• Phased Approach
• Log Aggregation, Security Information, and Event Management
• Key Logging Activity

Module 17: Digital Forensics and Incident Response

This module explores the fundamentals of incident handling and why it is important to an organization. We will outline a multi-step process to create our own incident handling procedures and response plans. Being able to leverage digital forensic methodologies to ensure that processes are repeatable and verifiable will also be a key focus of the material.

• Introduction to Digital Forensics
• What is Digital Forensics?
• Digital Forensics in Practice
• The Investigative Process
• Remaining Forensically Sound
• Examples of Examining Forensics Artifacts
• DFIR Subdisciplines
• Digital Forensics Tools
• Incident Handling Fundamentals
• Multi-Step Process for Handling an Incident
• Incident Response: Threat Hunting

SEC401.4: Data Security Technologies

Overview

There is no silver bullet when it comes to security. However, there is one technology that would help solve a lot of security issues, though few companies deploy it correctly. This technology is cryptography. During the first half of this section, we will look at various aspects of cryptographic concepts and how they can be used to help secure an organization's assets. A related discipline, steganography (information hiding), will also be covered. During the second half of the section, we shift our focus to the various types of prevention technologies that can be used to stop an adversary from gaining access to our organization (firewalls, intrusion prevention systems). We will also look at the different detection technologies that can detect the presence of an adversary (intrusion detection systems). These prevention and detection techniques can be deployed from a network and/or endpoint perspective, and we will explore their similarities and differences.

Exercises

• Hiding communication and data using steganographic tools
• Practical application of cryptographic capability with GPG
• Triggering and analysis of detection alerts with the Snort IDS
• Automated detection of adversarial activity with hashing

Topics

Module 18: Cryptography

Cryptography can provide the functional capabilities needed to achieve confidentiality, integrity, authentication, and non-repudiation. There are three general types of cryptographic systems: symmetric, asymmetric, and hashing. These systems are usually distinguished from one another by the number of keys employed, as well as the security goals they achieve. This module discusses these different types of cryptographic systems and how each type is used to provide a specific security function. The module also introduces steganography, which is a means of hiding data in a carrier medium. Steganography can be used for a variety of purposes but is most often used to conceal the fact that information is being sent or stored.

• Cryptosystem Fundamentals
• Cryptography
• Cryptanalysis
• General Types of Cryptosystems
• Symmetric
• Asymmetric
• Hashing
• Digital Signatures
• Steganography

Module 19: Cryptography Algorithms and Deployment

The content of this module will help us gain a high-level understanding of the mathematical concepts that contribute to modern cryptography. We'll also identify common attacks used to subvert cryptographic defenses.

• Cryptography Concepts
• Symmetric, Asymmetric, and Hashing Cryptosystems
• AES
• RSA
• ECC
• Cryptography Attacks (Cryptanalysis)

Module 20: Applying Cryptography

This module will discuss the practical applications of cryptography in terms of protection of data in transit and protection of data at rest. We conclude with an important discussion on the management of public keys (and the related concepts of certificates), all in terms of a Public Key Infrastructure.

• Data in Transit
• IPsec
• SSL-based
• Security Implications
• Data at Rest
• File/Folder Level Encryption
• Full Disk Encryption
• GNU Privacy Guard (GPG)
• Key Management
• Public Key Infrastructure
• Digital Certificates
• Certificate Authorities

Module 21: Network Security Devices

Three main categories of network security devices will be discussed in this module: Firewalls, Network Intrusion Detection Systems (NIDS), and Network Intrusion Prevention Systems (NIPS). Together, they provide a complement of prevention and detection capabilities.

• Firewalls
• Overview
• Types of Firewalls
• Configuration and Deployment
• NIDS
• Types of NIDS
• Snort as a NIDS
• NIPS
• Methods of Deployment
• Security and Productivity Risk Considerations

Module 22: Endpoint Security

In this final module of the section, we examine some of the key components, strategies, and solutions for implementing security from an endpoint perspective. This includes general approaches to endpoint security, strategies for baselining activity, and solutions like Host-based IDS (HIDS) and Host-based IPS (HIPS).

• Endpoint Security Overview
• Core Components of Endpoint Security
• Enhancing Endpoint Security
• Endpoint Security Solutions
• Anti-malware
• Endpoint Firewalls
• Integrity Checking
• HIDS and HIPS
• Overview
• Practical Considerations

SEC401.5: Windows and Azure Security

Overview

Remember when Windows was simple? Windows XP desktops in a little workgroup... what could be easier? A lot has changed over time. Now, we are Windows tablets, Azure, Active Directory, PowerShell, Microsoft 365 (Office 365), Hyper-V, Virtual Desktop Infrastructure and so on. Microsoft is battling Google, Apple, Amazon and other cloud giants for cloud supremacy. The trick, of course, is to do cloud securely.

Windows is the most widely used and targeted operating system on the planet. At the same time, the complexities of Active Directory, Public Key Infrastructure, BitLocker, AppLocker, and User Account Control represent both challenges and opportunities. This course section will help you quickly master the world of Windows security while showing you the tools that can simplify and automate your work - both on-premise and in the cloud (Microsoft Azure). You will complete the section with a good solid grounding in Windows security by looking at automation and auditing capabilities for the Windows ecosystem.

Exercises

• Process observation and analysis with Process Hacker
• NTFS file system practical using NTFS Permissions Reporter
• Auditing and enforcement of system baseline configurations with security templates
• PowerShell scripting and automation techniques

Topics

Module 23: Windows Security Infrastructure

This module discusses the infrastructure that supports Windows security. This is a big picture overview of the Windows security model. It provides the background concepts necessary to understand everything else that follows.

• Windows Family of Products
• Windows Workgroups and Accounts
• Windows Active Directory and Group Policy

Module 24: Windows as a Service

This module discusses techniques for managing Windows systems as it applies to updates (patches) as well as new cloud-based deployment methodology (Windows Autopilot and Windows Virtual Desktop).

• End of Support
• Servicing Channels
• Windows Update
• Windows Server Update Services
• Windows Autopilot
• Windows Virtual Desktop
• Third-Party Patch Management

Module 25: Windows Access Controls

This module focuses on understanding how permissions are applied in the Windows NT File System (NTFS), Shared Folders, Registry Keys, Active Directory, and Privileges. BitLocker is discussed as another form of access control (for encrypted information), and as a tool to help maintain the integrity of the boot-up process if you have a Trusted Platform Module.

• NTFS Permissions
• Shared Folder Permissions
• Registry Key Permissions
• Active Directory Permissions
• Privileges
• BitLocker Drive Encryption
• Secure Boot

Module 26: Enforcing Security Policy

This module discusses one of the best tools for automating security configuration changes, SECEDIT.EXE, which is the command-line version of Microsoft's Security Configuration and Analysis snap-in. We'll look at some of the most important changes that can be made through the use of this tool, such as password policy, lockout policy, and null user session restrictions. We'll also briefly discuss Group Policy Objects (GPOs) and the many best practice security configuration changes that they can help enforce throughout the domain.

• Applying Security Templates
• Employing the Security Configuration and Analysis Snap-in
• Understanding Local Group Policy Objects
• Understanding Domain Group Policy Objects
• Administrative Users
• Privileged Account Management
• Reduction of Administrative Privileges
• AppLocker
• User Account Control
• Windows Firewall
• IPsec Authentication and Encryption
• Remote Desktop Services
• Recommended GPO Settings

Module 27: Microsoft Cloud Computing

Inside your LAN as well as in the cloud, you will likely have a mixture of servers. Microsoft's cloud is known as Azure. On top of Azure, Microsoft has implemented services such as Microsoft 365, Exchange Online, OneDrive, Intune, and many others. Microsoft has designed Windows 10 and later versions for integration with Azure, so Windows security includes not just Windows alone, but also Azure. It's important for your career as a security professional to understand the essential concepts of Microsoft Azure.

• Microsofts All-In Bet on Cloud Computing
• Microsoft Cloud Types: IaaS, PaaS, SaaS, and DaaS
• Microsoft Azure
• Azure Active Directory (Azure AD)
• Azure AD Single Sign-On
• Multi-Factor Authentication
• Administrative Role Reduction
• Endpoint Security Enforcement
• Microsoft Intune
• Azure Conditional Access
• Azure Key Vault
• Azure Monitor
• Azure Sentinel (SIEM and SOAR)
• Azure Policy
• Azure Security Center

Module 28: Automation, Logging, and Auditing

Automation, logging, and auditing go together because if we can't automate our work, the auditing work doesn't get done at all (or is done only sporadically). Also, if we can't automate our work, we can't make our work scale beyond the small number of machines that we can physically touch. Thankfully, modern Windows systems come with a very powerful automation capability: PowerShell. We will learn what PowerShell is and how to leverage it in our pursuit of deployment consistency, detection of change, remediation of systems, and even threat hunting!

• What Is Windows PowerShell?
• Windows PowerShell versus PowerShell Core
• Windows Subsystem for Linux (WSL)
• Automation and Command-Line Capability in Azure
• PowerShell Az Module
• Azure CLI
• Azure Cloud Shell
• Azure Resource Manager Templates
• Runbooks
• Gathering Ongoing Operational Data
• Employing Change Detection and Analysis

SEC401.6: Linux, AWS, and Mac Security

Overview

While organizations may not have many Linux systems, the Linux systems that they do have are often the most critical systems that need to be protected. This course section focuses on the practical guidance necessary to improve the security of any Linux system. The day provides practical how-to instructions with background information for Linux beginners as well as security advice and best practices for administrators with various levels of expertise.

Since Linux is a perceived as being a free operating system, it is not a surprise that many advanced security concepts are first developed for Linux. One example is containers, which provide powerful and flexible concepts for cloud computing deployments. While not specifically designed for information security purposes, containers are built on elements of minimizations, and that is something we can leverage in an overall information security methodology (as part of defense in depth). In this section we will discuss what containers do and do not represent for information security, as well as best practices for their management.

A discussion of Linux and UNIX concepts would not be complete without a comparison discussion of AWS in relation to Microsoft Azure discussion in section five of this course. We will examine fundamentals of AWS and discuss the impressive security controls available. Last, but not least, we conclude the section with a review of Apple's macOS (which is based on UNIX). Apple's venerable macOS provides extensive opportunities for hardware and software security, but is often misunderstood in terms of what can and cannot actually be achieved.

Topics

Module 29: Linux Fundamentals

This module discusses the foundational items that are needed to understand how to configure and secure a Linux system.

• Operating System Comparison
• Linux Vulnerabilities
• Linux Operating System
• Shell
• Kernel
• Filesystem
• Linux Unified Key Setup
• Linux Security Permissions
• Linux User Accounts
• Pluggable Authentication Modules
• Built-in Command-Line Capability
• Service Hardening
• Package Management

Module 30: Linux Security Enhancements and Infrastructure

This module discusses security enhancement utilities that provide additional security and lockdown capabilities for modern Linux systems. As discussed earlier in the course, taking advantage of logging capabilities is an incredibly important aspect of our modern cyber defense. Linux supports the well-known Syslog logging standard (and its related features) and will be discussed in this module. As Syslog continues to age, it may end up being unable to provide the logging features that modern day cyber defense demand. Because of this, we will explore additional logging enhancements ranging from Syslog-ng to Auditd.

• Operating System Enhancements
• SELinux
• AppArmor
• Linux Hardening
• Address Space Layout Randomization
• Kernel Module Security
• SSH Hardening
• CIS Hardening Guides and Utilities
• Log Files

• Key Log Files
• Syslog
• Syslog Security
• Log Rotation
• Centralized
• Logging
• Auditid
• Firewalls: Network and Endpoint
• Rootkit Detection

Module 31: Containerized Security

The importance of segmentation and isolated techniques cannot be understated. Isolation techniques can help mitigate the initial damage caused by an adversary, giving us more time for detection. In this module, we will discuss various types of isolation techniques, including virtualization and containers. Containers are a relatively new concept (as applied to information security perspectives). There can be a lot of misunderstanding as to what security benefits are truly afforded by containers, and the potential security issues that may come up within containers themselves. We will discuss what containers are, best practices to deploy them, and how to secure them.

• Virtualization
• Containers versus Virtual Machines
• Containers and Orchestration
• LXC
• Cgroups and Namespaces
• Docker
• Docker Images
• Kubernetes
• Container Security
• Docker Best Practices
• Vulnerability Management
• Secure Configuration Baselines
• Terraform

Module 32: AWS Essentials, Controls, and Best Practices

In this extensive module, we discuss the foundational concepts of Amazon Web Services (AWS) necessary to provide a better understanding of the interaction among AWS and its more commonly used services. These foundational concepts lend themselves to an overview of some of the specific security capabilities and services made through AWS. Furthermore, we discuss these aspects of AWS in the terms of cloud best practice, detailed by Amazon in its Well-Architected Framework.

• Identity and Access Management in AWS
• AWS IAM Key Concepts
• Identity Federations and External Access
• Amazon Cognito
• Management Tools Within AWS
• AWS Console
• AWS CLI
• AWS Commonly Used Services and Functionality
• High-Availability
• EC2
• S3
• Lambda
• CloudFront
• AWS Config
• Amazon RDS

• AWS Security Controls
• NACLs versus Security Groups
• AWS Network Firewall
• AWS Shield and AWS Web Application Firewall
• Amazon Macie
• Key Management Service
• Amazon Managed
• Customer Managed
• HSM
• Amazon CloudWatch
• Amazon CloudTrail
• Amazon GuardDuty
• AWS Well-Architected Framework (Security Pillar)
• Implement a Strong Identity Foundation
• Enable Traceability
• Apply Security at All Layers
• Network
• Compute
• Automate Security Best Practices
• Protect Data in Transit and at Rest
• Keep People Away from Data
• Prepare for Security Events

Module 33: macOS Security

This module focuses on the security features that are built into macOS systems. Although macOS is a relatively secure system that provides many different features, it can also be flawed just like any other operating system.

• What is macOS?
• Privacy Controls
• Keychain
• Strong Passwords
• Gatekeeper
• Anti-Phishing and Download Protection
• XProtect
• Firewall
• FireVault
• Sandboxing and Runtime Protection
• Security Enclaves
• macOS Vulnerabilities and Malware