1.      Security Building Blocks

1.1.   Security Goals – The CIA Triad

1.2.   Security Factors – The Four As

1.3.   Access Control Methods

1.4.   Privilege Management

2.      Authentication Methods

2.1.   Authentication Factors

2.2.   User Name/Password Authentication

2.3.   Challenge Handshake Authentication Protocol (CHAP)

2.4.   Kerberos

2.5.   Tokens

2.6.   Biometrics

2.7.   Multi-Factor Authentication

2.8.   Mutual Authentication

3.      Cryptography Fundamentals

3.1.   Encryption

3.2.   Encryption Algorithms

3.3.   Keys

3.4.   Hashing Encryption

3.5.   Hashing Encryption Algorithms

3.6.   Symmetric Encryption

3.7.   Asymmetric Encryption

3.8.   Cipher Types

3.9.   Symmetric Encryption Algorithms

3.10.                    Asymmetric Encryption Algorithms

3.11.                    Digital Signatures

4.      Security Policy Fundamentals

4.1.   Security Policies

4.2.   Security Policy Components

4.3.   Security Policy Issues

4.4.   Common Security Policy Types

4.5.   Security Document Categories

4.6.   Documentation Handling Measures

LESSON 2: Những mối đe dọa tiềm tàng

1.      Social Engineering

1.1.   Social Engineering Attacks

1.2.   Hackers, Crackers, and Attackers

1.3.   Attacker Types

2.      Software-Based Threats

2.1.   Software Attacks

2.2.   Port Scanning Attacks

2.3.   Eavesdropping Attacks

2.4.   IP Spoofing Attacks

2.5.   Hijacking Attacks

2.6.   Replay Attacks

2.7.   Man-in-the-Middle Attacks

2.8.   Denial of Service (DoS) Attacks

2.9.   Distributed Denial of Service (DDoS) Attacks

2.10.                    Types of DoS Attacks

2.11.                    Malicious Code Attacks

2.12.                    Types of Malicious Code

2.13.                    Default Security Attacks

2.14.                    Software Exploitation Attacks

2.15.                    Types of Software Exploitation Attacks

2.16.                    Misuse of Privilege Attacks

2.17.                    Password Attacks

2.18.                    Types of Password Attacks

2.19.                    Backdoor Attacks

3.      Hardware-Based Threats

3.1.   Hardware Attacks

LESSON 3: Củng cố an toàn các dịch vụ và các hệ thống bên trong Mạng nội bộ

1.      Harden Operating Systems

1.1.   System Vulnerabilities

1.2.   System Vulnerability Categories

1.3.   Hardening

1.4.   Security Baselines

1.5.   System Updates

1.6.   Windows Security Policies

1.7.   Windows Auditing

1.8.   Services, NLMs, and Daemons

1.9.   Service, NLM, and Daemon Vulnerabilities

1.10.                    Security Templates

2.      Harden Directory Services

2.1.   Directory Services

2.2.   Common Directory Services

2.3.   Lightweight Directory Access Protocol (LDAP)

2.4.   Directory Service Vulnerabilities

3.      Harden DHCP Servers

3.1.   Dynamic Host Configuration Protocol (DHCP)

3.2.   DHCP Vulnerabilities

4.      Harden File and Print Servers

4.1.   File and Print Server Vulnerabilities

4.2.   The Server Message Block (SMB) Protocol

4.3.   SMB Signing

LESSON 4: Củng cố an toàn các dịch vụ và hệ thống có nối kết Internet

1.      Harden Internetwork Connection Devices

1.1.   Internetwork Devices

1.2.   Unnecessary Network Protocols

1.3.   Firmware Updates

1.4.   Internetwork Device Vulnerabilities

1.5.   Demilitarized Zones (DMZs)

1.6.   Intranets

1.7.   Extranets

1.8.   Virtual LANs (VLANs)

1.9.   Network Address Translation (NAT)

1.10.                    Network Media

1.11.                    Network Media Vulnerabilities

2.      Harden DNS and BIND Servers

2.1.   DNS

2.2.   DNS and BIND Vulnerabilities

3.      HardenWeb Servers

3.1.   HTTP

3.2.   Web Server Authentication

3.3.   Web Server Authentication Methods

3.4.   Web Server Vulnerabilities

4.      Harden File Transfer Protocol (FTP) Servers

4.1.   FTP

4.2.   FTP Vulnerabilities

4.3.   Secure Shell (SSH)

4.4.   Secure FTP (SFTP)

5.      Harden Network News Transfer Protocol (NNTP) Servers

5.1.   NNTP

5.2.   NNTP Vulnerabilities

6.      Harden Email Servers

6.1.   Simple Mail Transfer Protocol (SMTP)

6.2.   Email Vulnerabilities

6.3.   Pretty Good Privacy (PGP)

6.4.   Secure Multipurpose Internet Mail Extensions (S/MIME)

7.      Harden Conferencing and Messaging Servers

7.1.   Conferencing and Messaging Vulnerabilities

LESSON 5: Bảo mật giao tiếp Mạng

1.      Protect Network Traffic with IP Security (IPSec)

1.1.   IPSec

1.2.   IPSec Algorithms

1.3.   IPSec Transport Protocols

1.4.   Internet Key Exchange (IKE)

1.5.   Security Associations (SAs)

1.6.   IPSec Policies

1.7.   Default IPSec Policies

1.8.   IPSec Policy Rule

2.      SecureWireless Traffic

2.1.   Wireless Protocol Standards

2.2.   Wireless Protocol Implementations

2.3.   Wireless Security Protocols

2.4.   Wireless Vulnerabilities

3.      Harden a Web Browser

3.1.   Browser Vulnerabilities

3.2.   Internet Explorer Security Settings

4.      Secure the Remote Access Channel

4.1.   Remote Access Methods

4.2.   Telecommunications Vulnerabilities

4.3.   Tunneling

4.4.   Virtual Private Networks (VPNs)

4.5.   VPN Protocols

4.6.   VPN Security Protocols

4.7.   Remote Access Vulnerabilities

LESSON 6: Xây dựng và quản lý hạ tầng PKI - PUBLIC KEY INFRASTRUCTURE

1.      Install a Certificate Authority (CA) Hierarchy

1.1.   Digital Certificates

1.2.   Certificate Authentication

1.3.   Public Key Infrastructure (PKI)

1.4.   PKI Components

1.5.   CA Hierarchies (Trust Models)

1.6.   The Root CA

1.7.   Public and Private Roots

1.8.   Subordinate CAs

1.9.   Centralized and Decentralized CA Hierarchies

2.      Harden a Certificate Authority

2.1.   Certificate Policies

2.2.   Multiple and Dual Key Pairs

2.3.   The Certificate Life Cycle

2.4.   CA Vulnerabilities

3.      Back Up a CA

4.      Restore a CA

LESSON 7: Quản lý các chứng thư kỹ kỹ thuật số CERTIFICATES

1.      Enroll Certificates

1.1.   The Certificate Enrollment Process

2.      Secure Network Traffic by Using Certificates

2.1.   Secure Sockets Layer (SSL)

2.2.   HTTPS

2.3.   Transport Layer Security (TLS)

3.      Renew Certificates

4.      Revoke Certificates

4.1.   Certificate Revocation

4.2.   The Certificate Revocation List (CRL)

5.      Back Up Certificates and Private Keys

5.1.   Private Key Protection Methods

6.      Restore Certificates and Private Keys

6.1.   Private Key Restoration Methods

6.2.   Private Key Replacement

LESSON 8: Hoạch định và triển khai các chính sách bảo mật trong tổ chức

1.      Enforce Corporate Security Policy Compliance

1.1.   Risk Identification

2.      Enforce Legal Compliance

2.1.   Legal Requirements

2.2.   Forensic Requirements

2.3.   Human Resources (HR) Policies

3.      Enforce Physical Security Compliance

3.1.   Physical Security Measures

3.2.   Storage Media Vulnerabilities

3.3.   Business Continuity Plans (BCPs)

3.4.   Disaster Recovery Plans (DRPs)

3.5.   Service Level Agreements (SLAs)

3.6.   Alternate Sites

3.7.   Secure Recovery

3.8.   Backup Storage Locations

4.      Educate Users

4.1.   The Employee Education Process

4.2.   User Security Responsibilities

LESSON 9: Giám sát hạ tầng Mạng, phát hiện xâm nhập

1.      Scan for Vulnerabilities

1.1.   The Hacking Process

1.2.   Ethical Hacking

1.3.   Security Utilities

1.4.   Types of Vulnerability Scans

1.5.   Port Ranges

2.      Monitor for Intruders

2.1.   Intrusion Detection Systems (IDSs)

2.2.   Host, Network, and Application-based IDS

2.3.   Passive and Active IDS

2.4.   Signature and Anomaly IDS Analysis

3.      Set Up a Honeypot

3.1.   Honeypots

3.2.   Types of Honeypots

4.      Respond to Security Incidents

4.1.   Incident Response Policies