Cyber Defence Japan 2020

Topics

SEC401.1: Outline: Network Security Essentials

• Defensible Network Architecture
• Networking and Protocols
• Network Device Security
• Virtualization and Cloud Security
• Wireless Network Security

Module 1: Defensible Network Architecture

In order to properly secure and defend a network, you must first have a clear and strong understanding of both the logical and physical components of network architecture.

• Network Architecture
• Attacks Against Network Devices
• Network Topologies
• Network Design

Module 2: Networking and Protocols

A solid understanding of the interworking of networks enables you to more effectively recognize, analyze, and respond to the latest (perhaps unpublished) attacks. This module introduces the core areas of computer networks and protocols.

• Network Protocols Overview
• Layer 3 Protocols
• Internet Protocol
• Internet Control Message Protocol
• Layer 4 Protocols
• Transmission Control Protocol
• User Datagram Protocol
• Tcpdump

Module 3: Network Device Security

In order to implement proper security, you have to understand the various components on a network. In this module, we will look at how the various components work and methods to properly secure them.

• Network Devices
• Device Security

Module 4: Virtualization and Cloud Security

In this module, we will examine what virtualization is, the security benefits and risks of a virtualized environment, and the differences in virtualization architecture. Because cloud is architected on virtualization, the module concludes with a focus on cloud services and security.

• Virtualization
• Virtualization Security
• Virtualized Architectures
• Cloud Overview
• Cloud Security

Module 5: Securing Wireless Networks

In this module, we will explain the differences between the various types of wireless communication technologies available today, the insecurities present in those communications, and approaches to mitigation to reduce the risk of those insecurities to a more acceptable level of risk.

• The Pervasiveness of "Wireless" Communications
• Traditional Wireless: IEEE 802.11 and Its Continual Evolution
• Personal Area Networks
• 5G Cellular (Mobile) Communication
• The Internet of Things

Topics

SEC401.2: Outline: Defense-in-Depth and Attacks

• Defense-in-Depth
• Access Control and Password Management
• Security Policy
• Center for Internet Security Controls
• Malicious Code and Exploit Mitigation
• Securing Web Communications

Module 6: Defense-in-Depth

In this module, we look at threats to our systems and take a "big picture" look at how to defend against them. We will learn that protections need to be layered, a principle called defense-in-depth, and explain some principles that will serve you well in protecting your systems.

• Defense-in-Depth Overview
• Risk = Threats x Vulnerabilities
• Confidentiality, Integrity, and Availability Triad
• Strategies for Defense-in-Depth
• Core Security Strategies

Module 7: Access Control and Password Management

This module discusses the principles of access control. Access control models vary in their approaches to security, and we explore their underlying principles, strengths, and weaknesses. The module includes a brief discussion on authentication and authorization protocols and control. We also spend considerable time discussing the most common type of access control: the password. We delve into password files, storage, and protection.

• Access Control
• Data Classification
• Managing Access
• Controlling Access
• Password Management
• Password Management Technologies
• How Password Assessment Works
• Introduction to John the Ripper and Its Various Components
• Cracking Passwords with John the Ripper, and Cain and Abel

Module 8: Security Policy

In this module, we will learn how to assess a policy by establishing a baseline framework to work within, and by establishing a mission statement that defines our policies. We'll examine how to assess and repair critical policies one at a time.

• Security Policies
• Need for Policies
• Policy Framework
• Enforcement
• Issue-specific Policy Examples
• Non-disclosure Agreements
• Copyright

Module 9: Center for Internet Security (CIS) Controls

In implementing security, it is important to have a framework with proper metrics. As is often said, you cannot manage what you cannot measure. The CIS controls were created to help organizations prioritize the most critical risks they face. In addition to a framework, the CIS controls also provide details to help organizations put together an effective plan for implementation of the controls they need.

• Overview of the CIS Controls
• Sample CIS Control

Module 10: Malicious Code and Exploit Mitigation

During this module we will take a look at the Marriott breach (a breach that compromised millions of people globally), as well as ransomware attacks that continue to cripple hundreds of thousands of systems across different industries. We'll describe these attacks in detail, discussing not only the conditions that made them possible, but also some strategies that can be used to help manage the risks associated with such attacks.

• High-Profile Breaches
• Ransomware
• Defensive Strategies
• Common Types of Attacks

Module 11: Securing Web Communications

In this module, we look at some of the most important things to know to design and deploy secure web applications. We start with an explanation of the basics of web communications. We cover HTTP, HTML, forms, server, and client-side programming, cookies, authentication, and maintaining state. We then look at how to identify and fix vulnerabilities in web applications.

• Web Applications
• Secure Web Applications
• Web Application Vulnerabilities

Topics

SEC401.3: Outline: Threat Management

• Vulnerability Scanning and Penetration Testing
• Network Security Devices
• Endpoint Security
• Security Incident and Event Monitoring/Log Management
• Active Defense

Module 12: Vulnerability Scanning and Penetration Testing

This module covers the tools, technology, and techniques used for reconnaissance (including gathering information, mapping networks, scanning for vulnerabilities, and applying mapping and scanning technology).

• Vulnerability Management Overview
• Network Scanning
• Penetration Testing

Module 13: Network Security Devices

This module will look at the three main categories of network security devices: Firewalls, Network Intrusion Detection Systems (NIDS), and Network Intrusion Prevention Systems (NIPS). Together, they provide a complement of prevention and detection capabilities.

• Firewalls
• Overview
• Types of Firewalls
• Configuration and Deployment
• NIDS
• Types of NIDS
• Snort as a NIDS

• NIPS

  • Methods of Deployment

Module 14: Endpoint Security

In this module, we will examine some of the key components, strategies, and solutions for implementing security from an endpoint perspective. This includes general approaches to endpoint security, strategies for baselining activity, and solutions like Host-based IDS (HIDS) and Host-based IPS (HIPS).

• Endpoint Security Overview
• Endpoint Security Solutions
• HIDS Overview
• HIPS Overview

Module 15: Security Information and Event Monitoring (SIEM)/Log Management

In this module, we cover the essential components of logging and how to properly manage it within our organization.

• Logging Overview
• Setting Up and Configuring Logging
• SIEM/Log Analysis Basics
• Key Logging Activity

Module 16: Active Defense

In this module, we will explain what active defense is and how it can be best leveraged. We will examine new methods of approaching security to help make our defensive solutions more tactical.

• Defining Active Defense
• Active Defense Techniques
• Active Defense Tools

Topics

SEC401.4: Outline: Cryptography, Incident Response, and Risk Management

• Cryptography
• Cryptography Algorithms and Deployment
• Applying Cryptography
• Incident-Handling and Contingency Planning
• Risk Management

Module 17: Cryptography

Cryptography can be used to provide functional confidentiality, integrity, authentication, and non--epudiation for information. There are three general types of cryptography algorithms: secret key or symmetric, public key or asymmetric, and no-key or hash. These schemes are usually distinguished from one another by the number of keys employed. This module discusses these different types of algorithms and how each type is used to provide a specific security function. The module also introduces steganography, a means of hiding data in a carrier medium. Steganography can be used for a variety of reasons but is most often is used to conceal the fact that sensitive information is being sent or stored.

• Cryptosystem Fundamentals
• General Types of Cryptosystems
• Symmetric
• Asymmetric
• Hash
• Steganography Overview

Module 18: Cryptography Algorithms and Deployment

In this module, we'll acquire a high-level understanding of the mathematical concepts that contribute to modern cryptography and a basic understanding of commonly used symmetric, asymmetric, and hashing cryptosystems. We'll also identify common attacks used to subvert cryptographic defenses.

• Cryptography Concepts
• Symmetric and Asymmetric Cryptosystems
• Cryptography Attacks

Module 19: Applying Cryptography

In this module, we'll discuss solutions for achieving our primary goals for using cryptography: protection of data in transit and protection of data at rest, and the management of keys via PKI.

• Data in Transit

  • Virtual Private Networks
• Data at Rest
• Data Encryption
• Full Disk Encryption
• GNU Privacy Guard
• Key Management
• Public Key Infrastructure
• Digital Certificates
• Certificate Authorities

Module 20: Incident-Handling and Contingency Planning

In this module, we explore the fundamentals of incident handling and why it is important to our organization. We outline a six-step process to help create our own incident-handling procedures. The module also covers contingency planning, including business continuity planning and disaster recovery planning.

• Incident-Handling Fundamentals
• Six-Step Process for Handling an Incident
• Contingency Planning

Module 21: Risk Management

In this module we discuss the terminology and basic approaches to cybersecurity risk management. We identify each step in the Threat Assessment and Analysis process and learn how to report findings to management.

• Risk Management Overview
• Best-Practice Approach to Risk Management
• Threat Assessment, Analysis, and Reporting to Management

Topics

SEC401.5: Outline: Windows Security

• Windows Security Infrastructure
• Windows as a Service
• Windows Access Controls
• Enforcing Security Policy
• Network Services and Cloud Computing
• Automation, Auditing, and Forensics

Module 22: Windows Security Infrastructure

This module discusses the infrastructure that supports Windows security. This is a big picture overview of the Windows security model. It provides the background concepts necessary to understand everything else that follows.

• Windows Family of Products
• Windows Workgroups and Accounts
• Windows Active Directory and Group Policy

Module 23: Windows as a Service

This module discusses techniques for managing updates to Windows.

• End of Support
• Servicing Channels
• Windows Update
• Windows Server Update Services

Module 24: Windows Access Controls

This module focuses on understanding how permissions are applied in the Windows NT File System (NTFS), Shared Folders, Registry Keys, Active Directory, and Privileges. BitLocker Drive Encryption is discussed as another form of access control (for encrypted information), and as a tool to help maintain the integrity of the boot-up process if you have a Trusted Platform Module.

• NTFS Permissions
• Shared Folder Permissions
• Registry Key Permissions
• Active Directory Permissions
• Privileges
• BitLocker Drive Encryption

Module 25: Enforcing Security Policy

This module discusses one of the best tools for automating security configuration changes, SECEDIT.EXE, the command--ine version of Microsoft's Security Configuration and Analysis snap-in. We'll look at some of the most important changes to make through the use of this tool, such as password policy, lockout policy, and null user session restrictions. We'll also briefly discuss Group Policy Objects (GPOs) and the many security configuration changes that they can help to enforce throughout the domain.

• Applying Security Templates
• Employing the Security Configuration and Analysis Snap-in
• Understanding Local Group Policy Objects
• Understanding Domain Group Policy Objects
• Administrative Users
• AppLocker
• User Account Control
• Recommended GPO settings

Module 26: Network Services and Cloud Computing

It is important that we properly secure a system before we connect to a network. Applying the latest updates isn't good enough: We want a machine that has been hardened specifically in anticipation of vulnerabilities that have not yet been discovered.

• Server Core and Server Nano
• Best Way to Secure a Service
• Packet Filtering
• IPsec Authentication and Encryption
• Internet Information Server (IIS)
• Remote Desktop Services
• Windows Firewall
• Microsoft Azure and Office 365

Module 27: Automation, Auditing, and Forensics

Automation, auditing, and forensics go together because, if we can't automate our work, the auditing and forensics work doesn'' get done at all (or is done only sporadically), or we can't make it scale beyond the small number of machines that we can physically touch.

• Verifying Policy Compliance
• Creating Baseline System Snapshots
• Gathering Ongoing Operational Data
• Employing Change Detection and Analysis

Topics

SEC401.6: Outline: Linux Security

• Linux Security: Structure, Permissions, and Access Controls
• Hardening and Securing Linux Services
• Monitoring and Attack Detection
• Security Utilities

Module 28: Linux Security: Structure, Permissions, and Access Controls

This module discusses the foundational items that are needed to understand how to configure and secure a Linux system. It also provides an overview of the operating system and mobile markets. To lay a foundation, it provides an overview of the different operating systems that are based on Linux.

• Operating System Comparison
• Linux
• Cygwin
• macOS
• Mobile Device Security
• Android
• iOS
• Linux Operating System
• Commands
• Shell
• Kernel
• Filesystem
• Linux Unified Key Setup
• Linux Security Permissions

• Linux User Accounts

  • Pluggable Authentication Modules

Module 29: Hardening and Securing Linux Services

This module outlines the methods, tips, and tricks for hardening and securing Linux services. The Golden Rule to always remember is: The best way to secure a service is to turn it off, and if it's not needed, uninstall it.

• Starting Services in Linux
• Linux Configuration Management
• Linux Hardening
• Operating System Enhancements

Module 30: Monitoring and Attack Detection

Linux systems use multiple log files, several of which are described in this module. The syslog logging daemon and alternatives are discussed. We'll also describe auditd, the access monitoring and accounting subsystem.

• Configuring and Monitoring Logs
• Syslog and Alternatives
• Auditd

Module 31: Security Utilities

This module discusses some security-enhancement utilities, capabilities, and package management tools. Additionally, well look at several built-in and third-party tools that you can use to enhance and increase the overall security of a Linux system.

• Built-in Commands
• File Integrity Checking
• Host-based Firewalls
• Hardening Guides
• Rootkit Detectors
• Chroot, Containers, and Virtualization
• Package Management