Learn to Protect Computers and other Devices Hacking and Attacking
Understand Vulnerability Assessment, Securing facilities & networks, Digital footprints, Security Certificates, Firewalls, IDS, IPS, Cryptography, Disaster Recovery and a lot more.
Lesson Structure
There are 11 lessons in this course:
-
Introduction to Cyber Security and cyber attacks/defences
-
Importance of cybersecurity
-
Threats - passive attacks, active attacks
-
Common types of attacks - injection, phishing, denial of Service, malware, spoofing, man in the middle, network attacks
-
Layered approach to defense
-
Physical security
-
Software and Operating System Security, Network security
-
Vulnerability Assessment
-
Assessing vulnerabilities
-
Security posture
-
Performing vulnerability assessment - 5 steps
-
Identifying and classifying assets
-
Threats and risk assessment
-
Baseline reporting
-
Penetration testing - techniques, penetration testing versus vulnerability assessment
-
Securing the facilities and networks
-
Securing a data centre
-
Securing the network
-
Hardware level
-
Software PC, Device level
-
Securing your online digital footprint
-
Digital footprints
-
Social media
-
Web browsing
-
Devices used
-
Managing digital footprint
-
Protecting user reputation
-
Sharing personal information
-
Preserving freedoms
-
Preventing financial; losses
-
Privacy risks
-
Developing better online habits
-
Investigating default settings
-
Using privacy enhancing tools
-
Internet Security and Digital Certificates
-
Digital certificates
-
Digital signatures
-
Digital rights management and Information rights management
-
Electronic books and magazines
-
Generating a digital certificate
-
Exchanging and verifying a digital certificate
-
Web browsing
-
TLS and SSL
-
Security issues
-
Secure web browsing using https
-
Wireless Network Vulnerabilities, Attacks and Security
-
Types of wireless data networks
-
NFC and Bluetooth network attacks
-
Wireless LAN attacks
-
Network blurred edges
-
Wireless data replay attacks
-
Wireless DOS attacks
-
Rogue access point
-
Attacks on home LANs - war driving, war chalking
-
Wireless security vulnerability and solutions
-
IEEE wireless security vulnerabilities
-
Firewalls, IDS and IPS
-
Types of firewall protection
-
Packet filtering firewalls
-
Application/proxy firewalls
-
Hybrid firewalls
-
Firewall limitations
-
Formats and firewalls
-
UTM appliance
-
Intrusion detection systems
-
Network intrusion systems
-
Host based intrusion detection systems]
-
Intrusion prevention systems
-
Common detection methodologies
-
Anomaly based IDPS
-
Signature based IDPS
-
Cryptography
-
Definition, terminology and characteristics
-
Common cipher attacks
-
Ciphertext only attacks
-
Known plaintext attack
-
Dictionary attack
-
Bruit force attack
-
Power analysis attack
-
Fault analysis attack
-
Cryptographical algorithms
-
Symmetric encryption
-
MAC function
-
Asymmetric encryption
-
Slipcovering keys
-
Hash algorithms
-
Access Control and Authentication
-
What is access control
-
Definition, terminology
-
Access control models - RBAC, RAC, HBAC
-
Implementation - group policies, ACL, DACL, SACL
-
Authentication and authorisation
-
Securing and protecting passwords
-
Multi factor authentication
-
Cyber attack Disaster Recovery strategies
-
Five stage response
-
Recovery planning
-
Backup procedures
-
cloud storage
-
Monitoring and logging events
-
Containment of attack
-
Assessing damage
-
Recovery procedures - system images SEO, restore data corruption
-
Authorities tracking attackers
-
Data ands security policies
-
Ongoing Security Management
-
Managing security events - events monitoring
-
Centralised versus Distributed data collection
-
Being organised
-
Understanding the workplace
-
Security and decision making
-
Division of responsibilities
-
Time management
-
Networking
-
Attitude
-
Products and services
-
The law
Aims
-
Define cyber security.
-
Explain the goals and importance of cyber security.
-
Understand important terminology relating to cyber security and list some attacks and defence mechanisms.
-
Explain how to perform a vulnerability assessment.
-
Understand the tools and techniques available.
-
Compare and contrast vulnerability scanning and penetration testing.
-
Explain how to secure physical data storage, data centre security, data warehouse and networks.
-
Understand the effects of leaving a wide online digital footprint.
-
Understand the options available for users to manage their online digital footprint.
-
Understand what a firewall, an Intrusion Detection System (IDS), and an Intrusion Prevention System (IPS) represent in the world of cyber security.
-
Explain the importance and functions of firewalls, IDS and IPS systems, and the benefits and protection they offer in protecting computers as well as computer networks.
-
Understand the concept of cryptography and the importance of encrypting and decrypting data.
-
Explain components of cryptographic protocols and common standards used in encryption and decryption.
-
Understand the importance of digital signatures and digital certificates in securing web traffic.
-
List the various types of wireless data communications networks and understand types of vulnerabilities and attacks against each of them.
-
Explain wireless network security standards available to protect wireless networks.
-
Define Access Control and become familiar with its terminology.
-
Understand the importance of implementing access control models.
-
Define authentication and understand the importance of creating and securing strong passwords and implementing double-factor or multi-factor authentication.
-
Explain how to recover from a cyber-attack and best procedures for setting up redundancy and quick recovery methods prior and after attack has occurred and minimizing impacts to systems and networks involved.
Learn to Understand Cyber Security Problems and Solutions
As you move through this course you will broaden and deepen your understanding of how computers can cease to function both due to malicious, intentional attacks, as well as other unintentional problems such as power spikes and hardware failure.
If you rely on computers you can suffer serious harm (financially or otherwise) through cyber failure. It becomes critical to understand potential; problems and guard against them; and this course will help you do that.
Examples of the sort of things dealt with across this course include:
Common cipher attacks
Some of the more common cipher attacks are discussed. You will think about how these could apply in the context of active and passive attacks, and potential loopholes or fixes.
Ciphertext Only Attacks (COA)
Most modern systems are well-guarded against this type of attack. In a COA, the attacker possesses the cipher-text. They do not have access to the crib, or plain text, but attempt to reverse engineer this in order to find the plain text and the encryption. This attack is also called a known cipher-text attack.
Known Plaintext Attack (KPA)
In this type of attack, the attacker has access to the plaintext and the ciphertext. Possessing both allows the attacker to determine the cipher or encryption. While these attacks still occur, especially if a system uses historical ciphers such as the Caesar Cipher, it's less common with modern ciphers.
Dictionary Attack
Similar to a brute force attack, a dictionary attack tries out all the terms in a given dictionary as a cipher. This attack depends on users' tendency to use weak passwords. Dictionary attacks can use a simple dictionary, or multiple types including foreign language and discipline dictionaries. Some attackers may also use string manipulation to test out variants of a word, such as "H3ll0" rather than "hello".
Brute Force Attack (BFA)
This type of attack is often seen on film. The attacker tries to access the target by trying all possibilities until they force their way in.
A brute force attack usually requires some information, like how long the cipher or key is, how many potential values there are, and any security mechanisms that will be tripped by multiple attempts. If the attacker knows how long the key is and the type of values, some relatively simple math will work out the number of possible keys.
Power Analysis Attack
These attacks use knowledge of a system's power consumption to learn about the system is doing. More complex versions of this attack allow the attacker to learn about seemingly tamper proof hardware or "black boxes".
Fault Analysis Attack
Exploiting a system's errors, these types of attacks use error outputs to learn about the system and its potential weaknesses.