Strategic Infrastructure Security
Course Specifications
Course number: 085801, rev 2.0
Course length:
Software: N/A N/A
Course Description
This course is the official courseware for the Security Certified Program
SC0-471 certification exam. The Strategic Infrastructure Security (SIS) course
is designed to follow the hands-on skills utilized in the Tactical Perimeter
Defense (TPD) course. The SIS course continues with hardening of strategic
elements of your infrastructure, such as your Windows and Linux servers, and
goes into detail on one of the most critical areas to understand in security,
Cryptography.
Prerequisites: To ensure your success, we recommend that you have completed the SCP Tactical Perimeter Defense (TPD)
course. The TPD course will ensure you have the core security concepts and
skills in developing a secure perimeter for your organization.
Delivery Method: Instructor-led, group-paced, classroom-delivery learning model
with structured hands-on activities.
Hardware/Software Requirements
You will need:
- Student machines, one per student, recommended minimum specifications:
- Pentium 4, 2.0 GHz processor.
- 512 MB of RAM.
- 50 GB hard drive.
- DVD-ROM drive.
- NIC, capable of promiscuous mode support.
- Integrated video card, capable of 32-bit video.
- Floppy disk drive. (there is one task that utilizes a floppy disk drive.
If a floppy disk drive is unavailable, this can be a discussion task.)
- Bootable floppy disks, for student use during the task that requires
the floppy disk drive.
- You will need one Keylogger. The course was written using a keylogger
from www.keyghost.com.
- Instructor machine, same base configuration as student machines.
- The Operating Systems used in this course are Microsoft®
Windows Server® 2003 RS Standard Edition (which includes Service Pack
1), and Novell® SuSe® Linux Enterprise Server 10. You must use the
same operating systems if you wish for all the tasks to function properly.
If you elect to use different base platforms, some steps of these tasks will
likely not match your systems.
- The Instructor machine will require configuration as a Windows
Domain Controller during the DNS portion of Lesson 5. This can be configured
at any time prior to that lesson, either during the initial classroom setup,
or during the class, that is up to the individual instructor's preference.
- For class preparation, you will need the following tools. Note,
where the tools are available as per open source licensing, they have been
included on the course CD-ROM. Software that cannot be distributed must be
downloaded from the URLs listed. All these tools should be copied to the C:\\Tools
or /Tools directories on your Windows and Linux systems accordingly.
| Lesson 1 |
Cryptool |
On course CD-ROM |
| Lesson 2 |
Webmin |
On course CD-ROM |
|
John the Ripper |
On course CD-ROM |
|
Bastille |
On course CD-ROM |
|
Perl |
On course CD-ROM |
|
Tripwire |
On course CD-ROM |
|
vsftpd |
On course CD-ROM |
| Lesson 3 |
NTFSDOS |
On Course CD-ROM |
| Lesson 4 |
Superscan |
On course CD-ROM |
|
Nessus |
On course CD-ROM – For full function, download from www.nessus.org |
|
netcat (for windows) |
On course CD-ROM |
|
klogger |
On course CD-ROM |
|
LCP |
On course CD-ROM |
|
RevelationV2 |
On course CD-ROM |
|
UDPflood |
On course CD-ROM |
| Lesson 5 |
MBSASetup-EN.msi |
On course CD-ROM |
|
WindowsServer2003-KB917537-x86-ENU.exe |
On course CD-ROM |
|
IE7-WindowsServer2003-x86-enu.exe |
www.microsoft.com/downloads |
| Lesson 8 |
TCP_1537-21FTP login.ids |
On course CD-ROM |
|
TCP_31337-1676.ids |
On course CD-ROM |
- Before you begin actually setting up the class, here are some
recommendations for the classroom configuration and hardware preparation.
- The hardware requirements are listed earlier in this course. It is not
advisable to use systems that do not meet these requirements.
- It is recommended that all the computers be of the same or similar hardware
configuration.
- Configure the BIOS so that the boot order is 1: DVD-ROM, 2: floppy drive
(if present), and 3: hard drive. Protect the student machines with a BIOS
password.
- IP Addressing and Computer Naming Scheme: The classroom can all
be configured on one hub or switch; there are no needs for segmenting the
classroom in this course. Each computer is a designed to run both Windows
Server 2003 and SuSe Linux Enterprise 10.
- This guide assumes each student has been assigned a number in
the classroom, such as 001, 002, 003, and so on.
- During the installation, the Windows Server 2003 shall be named:
WINXXX and the SuSe Linux Server shall be named: LINXXX. Replace the XXX with
the seat number for each student.
- The IP Addresses used in the class shall be: 172.16.10.XXX. Replace
the XXX in the last octet with the seat number for each student. This IP Address
shall be used for both Operating Systems.
Performance-Based Objectives
- Detail the core issues of cryptography, including public and private
key.
- Harden SuSe Linux 10 Server computers.
- Harden Windows Server 2003 computers.
- Utilize ethical hacking attack techniques.
- Secure DNS and web servers, and examine Internet and WWW security.
- Perform a risk analysis.
- Create a security policy.
- Analyze packet signatures.
Course Content
- Lesson 1: Cryptography and Data Security
- Topic 1A: History of Cryptography
- Topic 1B: Math and Algorithms
- Topic 1C: Private Key Exchange
- Topic 1D: Public Key Exchange
- Topic 1E: Message Authentication
- Lesson 2: Hardening Linux Computers
- Topic 2A: Linux Filesystem and Navigation
- Topic 2B: General Secure System Management
- Topic 2C: User and Filesystem Security Administration
- Topic 2D: Network Interface Configuration
- Topic 2E: Security Scripting
- Topic 2F: Useful Linux Security Tools
- Lesson 3: Hardening Windows Server 2003
- Topic 3A: Windows 2003 Infrastructure Security
- Topic 3B: Windows 2003 Authentication
- Topic 3C: Windows 2003 Security Configuration Tools
- Topic 3D: Windows 2003 Resource Security
- Topic 3E: Windows 2003 Auditing and Logging
- Topic 3F: Windows 2003 EFS
- Topic 3G: Windows 2003 Network Security
- Lesson 4: Attack Techniques
- Topic 4A: Network Reconnaissance
- Topic 4B: Mapping the Network
- Topic 4C: Sweeping the Network
- Topic 4D: Scanning the Network
- Topic 4E: Vulnerability Scanning
- Topic 4F: Viruses, Worms, and Trojan Horses
- Topic 4G: Gaining Control Over the System
- Topic 4H: Recording Keystrokes
- Topic 4I: Cracking Encrypted Passwords
- Topic 4J: Revealing Hidden Passwords
- Topic 4K: Social Engineering
- Topic 4L: Gaining Unauthorized Access
- Topic 4M: Hiding Evidence of an Attack
- Topic 4N: Performing a Denial of Service
- Lesson 5: Security on the Internet and the WWW
- Topic 5A: Describing the Major Components of the Internet
- Topic 5B: Securing DNS Services
- Topic 5C: Describing Web Hacking Techniques
- Topic 5D: Describing Methods Used to Attack Users
- Lesson 6: Performing a Risk Analysis
- Topic 6A: Concepts of Risk Analysis
- Topic 6B: Methods of Risk Analysis
- Topic 6C: The Process of Risk Analysis
- Topic 6D: Techniques to Minimize Risk
- Topic 6E: Continuous Risk Assessment
- Lesson 7: Creating a Security Policy
- Topic 7A: Concepts of Security Policies
- Topic 7B: Policy Design
- Topic 7C: Policy Contents
- Topic 7D: An Example Policy
- Topic 7E: Incident Handling and Escalation Procedures
- Topic 7F: Partner Policies
- Lesson 8: Analyzing Packet Signatures
- Topic 8A: Signature Analysis
- Topic 8B: Common Vulnerabilities and Exposures (CVE)
- Topic 8C: Signatures
- Topic 8D: Normal Traffic Signatures
- Topic 8E: Abnormal Traffic Signatures