Topic Name Description
Course Syllabus Page Course Syllabus
1.1: The History and Evolution of Information Security Book Information Security History

This exhibit gives a history of the evolution of users, key technologies, threats, concerns, and security techniques in information security since 1960. Click on the links in the pre-web computing (1960s-'90s), open web (1990s-2000s), and mobile and cloud (2000s-future) section. What were the threats and concerns of each time period? How did security technology or techniques develop in response to those threats?

Book Timeline of the History of Information Security
To begin, review this timeline on the history and development of information security. What was the role of the US Department of Defense (DoD) in the evolution of information security? Who or what were the influencers in the development of the confidentiality, availability, and integrity (CIA) triad?
1.2: Confidentiality, Integrity, and Availability – The CIA Triad Page The CIA Triad
The basis for information security is the CIA triad. After you watch this video, you should be able to define the three principles of confidentiality, integrity, and availability as they relate to information security and the protection of data.
1.3: Threats, Vulnerabilities, and Risks Page Threats and Vulnerabilities
This video explains threats and vulnerabilities, how they apply to information security, and how they can reduce or compromise the confidentiality, integrity, and availability (CIA) of a system. What is the difference between a threat and a vulnerability? What are threats and vulnerabilities in the context of information systems?
Page The Elements of Security: Vulnerability, Threat, Risk

Read section 1.3. When you are new to the information security industry, you may use the words vulnerability, threat, and risk interchangeably, though they actually have very different meanings. As you read, think about the differences between these terms and try to explain each term in the context of information security.

1.4: The Risk Management Process Book NIST SP 800-39
Risk can never be eliminated, but it can be managed using the risk management process. The National Institute of Standards and Technology (NIST) 800 series documents are well-known and accepted as industry standards in information security. Review the NIST SP 800-39, a special publication that outlines a process on how to manage information security risks. Read pages 32-45 for a detailed explanation of the risk management process. Pay attention to the general description for each step in the process: framing risk, assessing risk, responding to risk, and monitoring risk. After you read, you should be able to explain the order of the steps in the process and what happens during in each step.
Book Risk Management

Read this page and watch the video to learn more about the purpose of risk management and the four stages of the risk management process. Before you move on, make sure you have a good understanding of the formulas, and that you are able to use the formulas on this page to calculate single loss expectancy (SLE), annual rate of occurrence (ARO), and annual loss expectancy (ALE).

Page More on Risk Management
Watch this video, which discusses the risk management process practically. How does this reinforce the actions taken in each step of the process from NIST SP 800-39 that you read earlier?
1.5: The Incident Response Process Book NIST SP 800-61
Even though information security professionals plan to effectively manage risk, incidents still occur. NIST SP 800-61 is the National Institute of Standards and Technology (NIST) special publication that gives guidelines for organizations on how to handle security incidents. Read section 2.2 on page 6 to learn more about the need for, and the benefits of, an incident response capability. Also read section 3 on pages 21-44 to learn how to appropriately handle information security incidents. Before you move on, make sure you can explain the four stages of the incident response process: preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity.
Page Incident Response
This video explains how the incident response plan for detection and countermeasures is perpetual, and expands on the stages of the incident response process.

1.6: Security Control Page Security Control

You learned about the goals of security based on the CIA triad from a previous section, and you have an understanding of the terms vulnerability, threats and risks. Now, watch this video to understand the types of controls and their functions to ensure the confidentiality, availability, and integrity of information systems.

Page Security Control Types

Controls are broken down into control types such as administrative, physical, and technical. Read this section, which will help you differentiate between administrative, technical, and physical control types.

Page Security Control Functions
Controls are further broken down into control functions. Watch this video to learn how to categorize controls by control function as either preventive, detective, deterrent, or compensating.

1.7: Defense-in-Depth Page Introduction to Defense-in-Depth

Defense-in-depth is a layered strategy to provide security to information systems. The layers are often comparted to the layers of an onion, when one layer is peeled back there is another layer of defense or protection. Watch the first two minutes of this video for an introduction to the concept of defense-in-depth.

Page Defense-in-Depth Example

Watch this video from 24:00 to 27:00 for a practical example of how layers of defense protect a system when defense-in-depth mechanisms are in place.

Page Defense-in-Depth

Read the section on defense-in-depth. Pay attention to how it compares defense-in-depth to protecting of a castle, and note how it recalls the CIA triad. After you read, you should be able to explain the concept of defense-in-depth and be able to propose a defense-in-depth security strategy for a simple system.

1.8: Human Behavioral Risks Book The Human Factor

So far, we have discussed security control types and functions and how layers of controls provide defense-in-depth. These controls protect data from outside threats, but an even greater area of concern is the "inside threat" – people. Read the introduction and the two sections on social engineering in this article about the human factor. Why are people a threat to information security?

Page Humans are the Weakest Link

Humans are the weakest link in information security. Giving someone access to information systems involves an element of trust. Watch this video about how people, not machines, are the biggest concern in cybersecurity. Then, read this article, which describes how humans the last line of defense for an organization. How can people, either intentionally or unintentionally, expose their organizations to risks?

Page Security Awareness, Training, and Education

The most effective way to combat the risk posed by people is to provide formal security awareness training. Read this section on conducting a formal security awareness training. Once read, you should understand the need for training programs, the types of security awareness training, and how to evaluate a training program.

Page Security Threats and the Human Factor

Although formal training is the most effective way to build security awareness, computer-based training is another option. Read this section on delivering security awareness training. After you read, you should be able to explain the benefits and limitations of computer-based and instructor-led security awareness training. How can human behavior be modified through security awareness and training programs?

1.9: Security Frameworks Book Security Frameworks

While working in the area of information security, it is important to have an understanding of the common security standards or frameworks. While reading this article, you will obtain some knowledge of the controls specified by ISO/IEC 27001, the Federal Information Processing Standards (FIPS), the NIST cybersecurity framework and NIST Special Publication 800-53, as well as COBIT5.

Page Center for Internet Security (CIS) Controls

The Center for Internet Security (CIS) has developed 20 controls called the CIS Top 20, to secure an organization's system against cyber attacks or threats. While watching, pay attention to the 20 controls. You are not expected to memorize all 20 controls, but it is important to know the first six controls as the implementation of these controls will protect against approximately 91 percent of security breaches.

Page Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) is a standard that protects the security of credit card data. While watching this video you will learn about the penalties that can be inflicted on a business for non-compliance with PCI DSS. What are some of the requirements of PCI DSS compliance?

2.1: Threat Terminology Page Threat Terminology

Many types of malicious or suspicious activities are presented to information systems. To understand how to protect systems, you first need to understand the nature of these threats and attacks. To begin, watch this video to understand threats and attacks. What are the differences between these two concepts?

Page An Overview of Threats

Review this article to understand that there are many types of threats to systems and to be able to define the five types of hackers and their techniques.

Page Privacy Threats

Watch this video to learn about threat models, how to identify threats, and the utility of anti-forensics.

2.2: Types of Attacks Page Types of Attacks

Information security personnel need to be aware of common types of malicious attacks on information systems. This video will describe the difference between passive and active attacks. The two passive attacks described are release message contents and traffic analysis. The four active attacks are masquerade, replay, modifications, and denial of service. Pay attention to the characteristics of passive and active attacks. You should learn the method of attack and the mechanism to mitigate each of the two passive and the four active attacks.

Page Classifying Threats

Read this section, which describes threat agent, the actions a threat agent can take, and how to classify threat agents as non-target specific, employees, criminals, corporations, human-unintentional, human-intentional, or natural.

Page Birthday Attacks

The birthday attack is a cryptographic attack based on the birthday paradox, or the probability of a group of people having the same birthday. The use of the theory of the birthday paradox improves the probability of creating a hash collision. Watch this video to understand the mathematics behind the birthday paradox. Do not be concerned with learning the mathematics. Instead, pay attention to how the probability increases as the number of people in the room increase, and how the brute attack effort decreases with the birthday paradox.

Page What is a Botnet?

Botnets are a group of networked computers that are infected with malware. Watch this video to learn the terminology used with botnets such as botnet master and zombie, the purpose of botnets, and how to detect that a computer is infected by a botnet.

Page More on Botnets

While you read, think about these questions: what kinds of people might choose to operate a botnet? Why might they do so? How can botnets be controlled? How big are most botnets?

Page Man-in-the-Middle Attacks

Man-in-the-middle attacks are a type of information interception that when it occurs is unknown to both the sender and the receiver. What methods can be used to create a man-in-the-middle attack?

Page Teardrop Attacks

This page explains the concept of a teardrop attack, the effect these attacks have on a system, and the operating systems that are vulnerable to this kind of attack. Older versions of Windows and Linux are vulnerable to teardrop attacks, including Windows 7 and Windows Vista.

Page What is War Dialing?

War dialing is a type of attack that exploits dial-up service. While dial-up service has been almost completely replaced by broadband, it still exists in some areas.

Page More on War Dialing

War dialing is a brute-force attack. How can auditing and monitoring reveal indicators of a war dialing attack?

Page Zero-Day Exploits

"Zero-day exploit" refers to the day that a vulnerability is identified by the vendor, or the day before. Zero-day threats or attacks are dangerous because there are no ways to mitigate them. What should happen once a zero-day exploit is identified?

2.3: Spoofing Attacks Page Spoofing Attacks

Spoofing is posing as someone you are not. Read this page, which explains the concept of spoofing, popular spoofing techniques, and countermeasures for spoofing attacks.

Book A Comprehensive Analysis of Spoofing

This article gives an in-depth explanation of internet protocol (IP) and email address spoofing. What are the steps for IP spoofing? Why might an attacker would want to spoof an IP or email address?

Page Email Spoofing

Email spoofing is common today, and can be dangerous by introducing malware into your system or by exploiting your identity. How can you identify a spoofed email? Why do attackers try to spoof emails? How can you combat email spoofing?

Page Caller ID Spoofing

Phone number spoofing has become popular today, especially for telemarketers. Read this article and watch the video about caller ID spoofing. How can you avoid spoofing? How should you react to spoofed calls?

Page IP Address Spoofing

Read this article, which explains IP address spoofing and what an attacker can gain with this type of attack.

2.4: Social Engineering Book An Overview of Social Engineering

Social engineering preys on the fact that humans are the weakest link in information security. This article explains the social engineering model, outlines the two categories of social engineering attacks, and discusses techniques for preventing and mitigating social engineering.

Page Dumpster Diving

Dumpster diving is a way to obtain information that is has been improperly disposed. What kinds of security leaks that can be found "in the trash"?

Page One Man's Trash is Another Man's Treasure

Read this article, which gives another perspective on improperly disposed items and why they are valuable to dumpster diving attackers.

Page Shoulder Surfing

We should all be cognizant of "shoulder surfing" – people who can see our computer screens or keyboards. What can attackers gain by shoulder surfing? How can you tell when you might be vulnerable to a shoulder surfing attack?

Page Tailgating

Tailgating is going through a door without authorization. How does tailgating work? What are some of the factors used by successful tailgaters?

Page How to Protect Against Tailgating

Watch this video, which explains how to prevent tailgating from happening in a secure area.

Page Phishing, Spear-phishing, and Whaling

Phishing is a deceptive way to obtain sensitive information. Spear-phishing is a targeted way to attack systems within a particular organization using email addressed to specific individuals. Spear-phishing and whaling are very similar, but the target of the attack differs. Read this article, which explains methods of phishing, spear-phishing, and whaling. What is the purpose of whaling, and who is its target?

Page Pretexting

Pretexting is a way to gain passwords. Read this article, which explains the steps involved in pretexting.

2.5: Application Attacks Page Application Attacks

Attackers often exploit applications because they are not as secure as networks. An attack on an application can provide the attacker the same desired result. Watch this video, which describes application attacks and gives some examples of common application attacks. Notice that applications can also have zero-day attacks, which we discussed previously.

Page Types of Application Attacks

This video discusses application attacks further. What is the goal of application attacks? How can features such as cookies, attachments, malicious add-ons, header manipulations, and session hijacking make an application more vulnerable to attacks?

Page The Basics of Buffer Overflows

Buffer overflow attacks can often be avoided with proper system configurations. In this video, you will learn about buffers and how a buffer can be exploited in a buffer overflow attack. Pay attention to the seriousness of a buffer overflow attack and the possible outcome of this type of attack. What affect can the attack have on a system? How would a buffer overflow attack be initiated against a system? What procedures should be in place to avoid a buffer overflow attack? What programming languages are vulnerable to buffer overflow attacks?

Page More on Buffer Overflows

Watch this video to learn more about buffer overflows to include stack-based and heap-based, buffer overflow myths, and ways to reduce buffer overflow attacks in code.

Book Time of Check to Time of Use

Time of check to time of use (TOCTTOU) is a race condition that affects software. While you read, pay attention to the mechanics of a TOCTTOU attack as provided in the attack examples. Remember the most common platform where you might find a TOCTTOU bug. What methods can be used to prevent TOCTTOU from occurring in UNIX and in Microsoft Windows?

Page Application and Escalation of Privilege

Privilege is the level of access a user has on a system. Read the section in this article about escalation of privilege to learn the meaning of the term. What is the difference between vertical and horizontal escalation of privilege? Who has the highest level of privilege, that of a user at the application level or a system administrator at the kernel level? How can this kind of attack be prevented?

Page Escalation of Privilege

Watch this video to learn more about privilege escalation from the viewpoint of a hacker. What is privilege escalation? Why is privilege escalation difficult to execute? What types of things might an attacker look for on a system to escalate their privileges?

2.6: Web Application Attacks Page Types of Application Attacks

Some attacks work specifically against websites or applications. This video will discuss some basic application attacks such as cross-site scripting, SQL injection attacks, buffer overflow attacks, integer overflow attack, directory traversal command injection attack, lightweight directory access protocol (LDAP) injection attack, extensible markup language (XML) injection attack, and zero day attacks. You will how an attacker performs each type of attack. As you watch this video, think about why an attacker might attack an application instead of a network. What is the best defense against application attacks?

Page Cross-Site Scripting

Read this article to learn about cross-site scripting (XSS). How does an attacker exploit an XSS vulnerability? Describe reflected and persistent XSS vulnerabilities. How can an XSS attack be prevented?

Page Examples of Cross-Site Scripting

Review this selection to understand why cross-site scripting attacks (XSS) are categorized as injection attacks. Under what conditions do XSS attacks occur? You saw reflected attacks in the previous section but review this category again and learn about another category: stored XSS attacks. Also, in this article, pay attention to the consequences of XSS attacks, ways to find flaws to prevent XSS attacks, and how to protect from an XSS attack.

Page How Does XSS Work?

Read parts two and three of this article to understand the actors in cross-site scripting (XSS), persistent, reflected, and DOM-based XSS types, and methods to prevent XSS.

Page SQL Injection

You have learned about cross-site scripting as an injection attack on applications. This article will introduce you to another type of injection attack on databases, SQL injection. After reading, be able to explain what occurs during a SQL injection attack, how to prevent the attack, and how a SQL injection can compromise a system.

Page Examples of SQL Injection Attacks

Read this article to understand the concept of SQL injection attacks. Although you are not expected to know how to code, review the code examples and attempt to comprehend how the safe version provided in each example can prevent the attack.

Page How Application Flaws Enable SQL Injection

In this unit, you previously learned about cross-site scripting and SQL injection attacks. In this article, you will learn how to define injection, and the terms threat agents, attack vectors, security weaknesses, technical impacts, and business impact as related to injection attacks. There is also a detailed example of how an injection attack works within code.

2.7: Malware attacks Page Common Types of Malware

Watch this video to learn the definition of malware and what it can potentially do to a system. Pay attention to a method that can prevent introducing malware into a system when installing new software. You will learn about some common types of malware as well as their mode of attack, and what they attack in a system. The types of malware you will learn about are virus, trojan, worm, rootkit, logic bomb, ransomware, botnet, adware, spyware, polymorphic virus, armored virus, and backdoor access.

Page Malware Functions

As you learned in the previous section, depending on the function or type of malware used the harmful effect on the system will differ. In this section, you will learn about the seven common effects malware can have on a system, such as overwhelming system resources, running malicious adware, running spyware, running ransomware, creating backdoors, disabling security functions, and creating botnets. Pay attention to the type of malware and the method used to create each affect.

Page Computer Viruses, Worms, Trojan Horses, Spyware, and Adware

Read this article on computer viruses, worms, Trojan horses, spyware, and adware. Be able to describe how a computer virus can spread throughout a system or network, and the effect a virus might have on a system. Think about how a worm affects a computer system, and how a worm is similar or different from a virus. A Trojan horse is malicious software that is named after the Trojan horse known in mythology. Learn what a trojan horse is and what it can do once activated in a system. What is the purpose of spyware and adware?

Page The Security Risks of Viruses, Worms, and Trojan Horses

Watch this video to learn more about viruses, worms, and Trojan horses. After watching you should be able to describe a virus and how it spreads, and the affect a virus can have on a system. You should also be able to describe a worm and a Trojan horse. Why this type of malware is called a Trojan horse should become clear, as well as why it should NOT be termed a virus. You will also learn how a worm spreads, and some history about the infamous Stuxnet worm.

Page Types of Trojan Horses

After reading the section on the types of Trojan horses, you should be able to describe all seven Trojan horse types. Think about how Trojan horses are different from viruses and worms.

Page Logic Bombs

Read the section on logic bombs and DOS to comprehend the ability of this type of code, and how it can be used in a DOS attack.

2.8: Denial of Service (DoS) and Distributed Denail of Service (DDoS) Page Denial of Service (DOS)

This video will explain the concept of a denial of service (DoS) attack. What is the goal for an attacker when committing a DoS attack? How is this type of attack accomplished?

Page Distributed Denial of Service (DDoS)

A denial of service (DoS) attack and a distributed denial of service (DDoS) attack are similar but one is more difficult to defend against. Watch this video as an introduction to the concept of a distributed denial of service (DDoS) attack. What is the intent of an attacker when initiating a DDoS? What systems are used to initiate the attack?

Page How DoS Attacks Work

Read this to understand the objective of a denial of service (DoS) attack. When a DoS attack occurs, what happens to a system? Be able to explain how a DoS and a DDoS attack are related and how they differ.

Page Type of DoS and DDoS Attacks

Watch this video for an in-depth explanation of the types of DoS and DDoS attacks and how they work. Once complete, you should recognize the terms and associate them to denial of service attack methods. Thinking about the CIA triad, what leg of the triad does a DoS attack affect? 

3.1: Cryptographic History Page History of Cryptography

Read this article to learn about the evolution of cryptography; the methods used to secure communication. One of the earliest methods of encryption you will read about is substitution ciphers. The beginning of WWI brought advancements in computational power; advancements that encouraged the development of electromechanical cipher machines used in WWII. One such infamous machine was the German Enigma machine, and the cracking of the enigma code was pivotal for the war. Today's modern cryptography uses computers to devise complex ciphers. As you read, take note of some important names and abbreviations in cryptographic history. Who was Shannon, Diffie, and Hellman? What do the abbreviations DES and AES represent and in what years were they developed? When was symmetric key cryptography used, and when was asymmetric cryptography developed?

Page Classical Cryptosystems

Read this section on classical cryptosystems. Pay attention to the substitution cipher, the Vigenere cipher, and the Enigma cipher. As you read, consider these study questions: Who was the Vigenere cipher named after, and who first cracked the Vigenere cipher? Who cracked the Enigma cipher, and what repeated phrase at the end of every message helped to break the cipher? What is perfect secrecy?

3.1.1: The Caesar Cipher Page Caesar Cipher

After reading, you should be able to explain why this cipher is called the Caesar cipher, and you will be able to encipher a simple message using the Caesar substitution cipher.

Page Caesar Cipher Project

Use this source as a tool to assist you to encipher a short message.

3.1.2: One-Time Pads Page One-time Pads

Read this source to understand why a one-time pad (OTP) is considered to be secure. Take note of the conditions that must be met to ensure the OTP cannot be broken.

3.2: Goals of Cryptography Page Cryptographic Goals

There are four main goals in cryptography: confidentiality, integrity, authentication, and non-repudiation Read the section on the goals of cryptography to understand each concept. Notice how the cryptographic goals segue with the CIA triad discussed in the previous unit with one addition: non-repudiation. Non-repudiation will be discussed in more detail in the next section of this unit.

Page Confidentiality and Nonrepudiation

Cryptology provides for confidentiality and non-repudiation. Confidentiality is protecting from unauthorized view, while non-repudiation is that the sender cannot deny sending the message. What method of encryption ensures confidentiality? What ensures non-repudiation? You should be able to explain how confidentiality and non-repudiation work together.

Book Confidentiality, Integrity, and Authenticity

Cryptographic methods protect for confidentiality, authenticity, and integrity. Authenticity is proving who you are, and integrity is protecting the data from unauthorized changes. By reading this article you should be able to explain the concepts of confidentiality, authenticity, and integrity. What cryptographic methods can be used to provide for all three concepts?

Page Cryptographic Authentication

Authentication was discussed in the previous section. This section will discuss different cryptographic methods to provide for authentication to include symmetric and asymmetric authentication. After watching, you should be able to explain authentication, the risks of impersonation, and be able to define certificates and certificate authorities.

3.3.1: Symmetric Key Algorithms Page Symmetric Key Ciphers

This article describes symmetric key ciphers. As you read the article, take note of the major issue associated with key distribution of symmetric key ciphers and the advantage of symmetric key ciphers over asymmetric key ciphers.

Page What is Symmetric Key Encryption?

Watch this video where Alice sends a message to Bob that has been encrypted with a symmetric key. If Bob wants to read the message, what key does he use to decrypt the message?

3.3.2: Asymmetric Key Algorithms Page Asymmetric Key Ciphers

Asymmetric ciphers have two keys: public and private. While reading, take note of which key encrypts the message and which key decrypts the message. What is a known weakness to this type of encryption?

Page What is Asymmetric Encryption?

Watch this video where this time Alice sends a message to Bob that has been encrypted with an asymmetric key. If Bob wants to read the message, what key does he use to decrypt the message?

3.3.3: Hashing Algorithms Page Cryptographic Hash

A cryptographic hash algorithm can provide for integrity. When reading this article, pay attention to the section on applications of hash functions. The scenario with Alice and Bob is a good example of how a cryptographic hash can provide for message integrity. Be sure to understand the concept of a digest and try to comprehend the issue of a collision and the birthday paradox. You will learn more about the birthday paradox in a subsequent section.

Page Hashing

This video will provide a more in-depth view of hashing. From this video, you should learn more about hash collisions, the avalanche affect, and make note of the names of hashing algorithms. You will learn more about the hashing algorithms mentioned in the video later in this unit.

3.4.1: Symmetric Key Algorithms Book Symmetric Key Algorithms

You already learned about symmetric key ciphers and the major issue with symmetric keys. Read the section in this article on symmetric key encryptions to learn more about the advantages and disadvantages of symmetric keys. There is more information about symmetric key ciphers in this article that will be covered in more detail later in this unit, but this article will give you a preview of 3DES, IDEA, and AES ciphers. View the flashcard tool as well to better understand and to learn the terms used in cryptography such as plaintext, ciphertext, key, encryption, decryption, countermeasure, symmetric key encryption, and block cipher. DES Page Data Encryption Standard (DES)

This article explains data encryption standard (DES), an algorithm used in symmetric encryption. To understand the timeline of encryption algorithms in history, pay attention to the year this algorithm was created, the name of company that created it, and the name of the technique that made DES a vulnerable algorithm. Note that DES could also be cracked via brute force. What makes DES vulnerable to a brute force attack?

Page DES

DES is no longer used but was a very popular algorithm at one time. The principal of DES is important to understand because it is used in other ciphers. If DES encrypts 64 message bits, why is the effective key size only 56 bits? Why is DES no longer used? 3DES Page 3DES

The next step up from DES is triple DES, or 3DES. Watch this video to learn why triple DES was used instead of double DES. Explain what 3DES is in relation to DES.

Page 3DES Key Versions

In this video the three key versions of 3DES, the length of each effective key, and the strength of each version is explained. If all three keys were the same, do you understand why 3DES would just be DES? AES Page Advanced Encryption Standard (AES)
Read this article on advanced encryption standard (AES) to understand the key sizes of AES in relation to the key size of 3DES. What is another name for AES?
Page AES Complete Explanation

In this video, you will learn the process of encryption using AES. Notice what year AES was developed and why there was a need for a new encryption algorithm. How much faster is AES than 3DES? Ciphers (RC4, RC5, RC6, Blowfish, Twofish) Page Rivest Cipher 4 (RC4)

While you watch, consider these questions: What type of cipher is RC4? Who designed RC4 and in what year? In what applications is RC4 used? What are the limitations and the benefits of using RC4?

Book More on RC4

Read the section on RC4 in this article. Try to mentally follow the steps for encryption with the algorithm. What are some of the strengths and weaknesses of RC4 as noted in this article?

Book Rivest Cipher 5 (RC5)

The RC5 algorithm was derived from the RC4 algorithm. While you read take note of the year RC5 was published. How much time was there between the development of RC4 and RC5? What type of symmetric cipher is RC5? Compare the three components of RC5 with the components of AES, do you see any similarities?

Book Rivest Cipher 6 (RC6)

RC6 was developed for an advanced encryption standard (AES) competition but was not selected by the National Institute of Standards and Technology (NIST). In what year was it published, and who developed it? How is RC6 different from RC5?

Book The Blowfish Cipher

The Blowfish cipher has been studied in information security for more than 20 years. As you learn about this cipher, pay attention to the creator and the year it was created. Is Blowfish still in use? Why is it in use, or why is it not in use? What type of cipher is Blowfish? What is the key length of Blowfish? Why would the Twofish cipher be chosen over Blowfish? Why would Blowfish be chosen over DES or IDEA?

Book Twofish

Twofish succeeded blowfish and was also designed by Schneier. Read the section on the twofish cipher to learn about the length of the algorithm, and the types of environments where twofish can be used.

3.4.2: Asymmetric Key Algorithms Book Asymmetric Key Algorithms

Previously you learned about asymmetric key algorithms and you should understand that asymmetric encryption requires two keys: public and private. As a review, using the flashcards define asymmetric key encryption, public key, private key, and digital certificate. Then read the section on asymmetric encryption. RSA Page Public Key Cryptography: RSA Encryption Algorithm

Do you find asymmetric encryption and the use of a public and private key difficult to comprehend or explain? This video will explain asymmetric encryption, or non-secret encryption, and leads into RSA the first symmetric algorithm. Watch this video for a visual explanation of asymmetric encryption and RSA. On what principle is RSA based? Make note of the year RSA was developed and why it is called RSA.

Book RSA

RSA is an asymmetric algorithm and is attributed to three people but reading this article will explain who developed the algorithm years earlier. When reading this article, try to understand the section on key generation, encrypting messages, decrypting messages, and signing messages. Most importantly, note the speed of RSA in comparison to DES that was discussed in the section on symmetric key encryption. Also note how attacks such as man-in-the-middle and RSA blinding attacks can be avoided. DSA Page Digital Signature Algorithm

Digital signature algorithm (DSA) is used for authentication and is considered a signature algorithm. When reading section three of this article, pay the most attention to the steps in the scenario with Alice and Bob on how to obtain a digital signature using a private and public key, and how a digital signature verification is produced. To keep a basic idea on a timeline, also pay attention to the year that DSA was proposed. Attempt to follow through the reading on DSA key generation, signature generation, and signature verification although you are not expected to be able to explain these steps. Pretty Good Privacy (PGP) Page What is Pretty Good Privacy (PGP)?

Pretty good privacy, known as PGP, is an open-source program that provides data encryption and is often used for email. This program uses a public and a private key for encryption and decryption, as you might expect. Read this article to understand how you can use PGP to encrypt email sent from your personal computer.

Book Pretty Good Privacy (PGP)

Now that you understand how PGP can be used, read this article to learn who developed PGP while taking note of the year it was developed. Be sure to read the sections on how PGP works as well as the encryption-decryption process using the public and private keys. As you will notice, the public keys versions are RSA that was previously discussed, and Diffie-Hellman that will be discussed in a later section.

Page PGP and the Web of Trust

To learn more in-depth information about PGP such as downloading and installing and learning how to create a key using, you may choose to watch this video. GPG Page Gnu Privacy Guard (GPG)

GPG, also known as GNU privacy guard, is the successor to PGP discussed in the previous section. While watching, determine is GPG uses symmetric or asymmetric cryptography. What is a key pair, and what is the purpose of the passphrase in GPG? You can continue to watch this video to learn how to use GPG in MS Windows.

Page Using GPG with Linux

If you use Linux and are interested, watch this video to learn how to install and use GPG in a Linux system. You will learn to generate a key pair and to encrypt files using GPG. Diffie-Hellman Page Diffie-Hellman Cryptography

In the history of cryptography section, you read about two important people: Diffie and Hellman. This article will discuss the Diffie-Hellman algorithm and how it is used to encrypt and decrypt. What year was the Diffie-Hellman algorithm published? What algorithm that have you already learned about works similar to Diffie-Hellman?

Page Diffie-Hellman Protocol

Watch this video that works through a scenario to communicate a secret over the Internet using a Diffie-Hellman algorithm. Pay attention to the actions of Alice and Bob, what they can see or cannot see, and notice the size of the prime numbers used to calculate the Diffie-Hellman algorithm. Elliptic-Curve Cryptography Page Elliptic Curve Cryptography (ECC)

Elliptic curve cryptography is based elliptic curve theory that uses smaller key sizes thereby increasing speed. The mathematics used is that of elliptic curves and finite fields. In this article, note that the mathematical equations are based on algebra and calculus, but the finite fields are based on modular mathematics. While you are not expected to memorize formulas or calculate the algorithm, viewing this page should help you to understand why elliptic curve cryptography is difficult to break.

Page Elliptic Curve Algorithm

In this video, you will see why elliptic curve cryptography is an important algorithm. The video will also show the mathematics behind the algorithm. While you are not expected to understand the mathematics behind the algorithm, be sure to make note of how elliptic curve cryptography compares to RSA, which was discussed in a previous section.

3.5: Hashing Algorithms Page Cryptographic Hash

A hash is a cryptographic algorithm, but it differs from symmetric and asymmetric cryptography in that it does not use a public or private key. The input to a hash cannot be reverse calculated from the hash. Watch this video and note the computational and inversion requirements of a hash. Does hashing provide for confidentiality or integrity?

3.5.1: Digital Certificates Page Digital Certificates

Your typed name at the bottom of an email is not proof that you are the sender of an email. Public keys are used to create digital certificates to provide proof of the identity of a sender. Read this article to understand the need for digital certificates. Pay attention to certificate chains and the importance of the element of trust.

Page Message Digest History

The history of message digests and algorithms is discussed in this video. According to this narrator, which tenet of the CIA triad is the most important, and which tenet does a message digest protect? Pay attention to the fact that a message digest does not involve the use of a key. What inspires the development of new ciphers? How do you get more security when adding crypto algorithms? What ciphers are considered the industry standards and are in use today?

3.5.2: Message Digest 5 (MD5) Page Message Digest 5 (MD5)

Read this article about MD5, a hash function. You should learn who developed MD5 and note the approximate year. Pay attention to the purposes of MD5, the size of the output, and why it is no longer used for digital certificates.

3.5.3: Secure Hash Algorithm (SHA-0, SHA-1, SHA-2, and SHA-3) Page Secure Hash Algorithm (SHA-0, SHA-1, and SHA-2)

Another hash or one-way algorithm is the secure hash algorithm (SHA). What hash is SHA based on, who created it, and what are the names of the three SHA algorithms? Which SHA is no longer in use?

Page FIPS PUB 202: SHA-3

The Federal Information Processing Standards Publication 202 (FIPS PUB 202) discusses the secure hash algorithm-3, known as SHA-3. When reading the introductory section on pages 1 and 2, pay attention to the origin of the algorithm, and the terms hash function, message digest, and extendable-output function (XOF). What special properties was SHA-3 designed to provide? What are the digest lengths in the FIPS-approved hash functions?

3.5.4: Hashed Message Authentication Code (HMAC) Book Hashed Message Authentication Code (HMAC)

To understand a hashed message authentication code (HMAC) you must understand a message authentication code (MAC). First, view the diagram with the subtitle "computing a MAC versus computing an HMAC". Then read the text below the diagram. How does a MAC become an HMAC? What is the purpose of an HMAC?

4.1: Access Control Book Access Control Fundamentals

In information security, access control is imperative to ensure confidentiality, integrity, and availability. Controlling who has access to a system and the breadth of access a user has is vital to ensure the security of systems and data on the systems. Read this article to understand the terms access control, access, subject, and resource. Note the challenges, the principles, the criteria, and the practices used in access control.

Page Access Control
Watch this video on access control. What is the role of access control? How would you describe authentication, authorization, and audit?
4.2: Access Control Terminology Page Least Privilege, Separation of Duties, and Need-to-Know
Read this section on access control principles. How would you describe the principle of least privilege, separation of duties, and need-to-know?
Page Relationship Between Least Privilege and Need-to-Know

This article discusses the principles least privileges and need-to-know are related. You should be able to explain how least privileges and need-to-know can be controlled with correct data labeling and by assigning user roles. Pay attention to how too much security can sometimes be a bad thing.

Page Least Privilege and Privilege Creep

When considering the principles of least privilege and privilege creep, start with no privilege granted to a user, then grant access as needed. This video explains this concept in more detail.

Page Least Privilege and Attacks

Watch this video to see how using the principle of least privilege can reduce the impact of an attack on a system.

Page Separation of Duties

Separation of duties is used to restrict work and system access to a narrower focus. This principle is more difficult to provide in a smaller organization than in a larger organization, but it is an important concept to understand and to address. Read the section on separation of duties to understand how this concept prevents individuals from attacking systems on their own and requires collusion with other individuals to commit fraud. How does separation of duties protect against fraud? What are some mechanisms that can be used to enforce separation of duties?

Page Access Control Matrix and Access Control List (ACL)

The section in this article on access control matrix describes the matrix and discusses how it is related to the access control list (ACL). This section will introduce you to the access control matrix and the ACL. Pay attention to the term Kerberos, which was used in the previous unit.

Page Access Control Matrix and Access Control List (ACL) Functionality

The access control matrix describes the security state and can be represented by a table or matrix form. Every subject and object are listed as well as the permissions allowed for each subject. The access given to a subject follow the organization's security policy that is written to protect the confidentiality, integrity, and availability of the system. The access control list (ACL) stores the permissions of each object or file. After watching this video, you should be able to explain the concept of access control matrices and the ACL. Where do the rules come from for access control?

4.3: Access Control Models Page Access Control Models

In the previous section, you learned some common ways that access should be limited such as by need-to-know, least privilege, and separation of duties. In this section, you will learn about four access control models: mandatory access control (MAC), discretionary access control (DAC), role-based access control (RBAC), and rule-based access control (RB-RBAC). Read the section in this article on access control models. Pay attention to the basis of each control model and the type of agency that would use each model. This article does not cover RBAC, but it will be discussed in a subsequent section.

4.3.1: Mandatory Access Control (MAC) and Discretionary Access Control (DAC) Book Mandatory Access Control (MAC) and Discretionary Access Control (DAC)

Read section 3 on Discretionary Access Control (DAC) and section 4 on Mandatory Access Control (MAC). Why is DAC called discretionary and MAC non-discretionary? What is the main drawback or vulnerability presented when using DAC, and why is MAC not vulnerable as well? What do no read-up and no write-down mean?

Page Comparing MAC and DAC

Watch this video. Who writes the rules and who owns the files in MAC and DAC? Which type of access control is typically used by military or government agencies, and which type is used in consumer operating systems? What type of security labels are attached to files, and what type of label is attached to a subject?

Page Bell-LaPadula Model

Watch this video on the Bell-LaPaudula model, which supports both mandatory and discretionary access control. What agency developed the Bell-LaPadula model? What does this model protect, and what tenet of the CIA triad was it designed to protect? Does this mean the model is no read up or no read down? What concept is the Bell-LaPadula model built on?

Page Simple Security, Star Property, and Discretionary Security Property

The Biba model was developed after the Bell-LaPadula model, and it also supports both mandatory and discretionary access control. Which tenet of the CIA triad does the Biba Model address? Was the model no read up or no read down? Why are the Biba and the Bell-LaPadula models used together? On what concept is the model built?

Page Biba Model

You have encountered the terms read up and read down, but what do these terms mean? To clarify, watch this video and you will learn some new terms as well. While watching, be sure to take note and to be able to explain the simple security property, the star security property, and the discretionary security property.

Page Comparing Bell-LaPadula and Biba Models

You have already learned a lot about the Bell-LaPadula and Biba models, but this article will provide some information that has not yet been addressed. View the sections on the Bell-LaPadula and Biba models and compare the two models while you read. What are the rules of each model? When was each model developed? Do the models have other similarities?

4.3.2: Role-Based Access Control (RBAC) Book Role-Based Access Control (RBAC)

Role-based access control (RBAC) is a method that allows and restricts access to subjects or users based on the role of the user. When reading, pay attention to the description of an RBAC system and be able to describe the system, as well as to name the user that only RBAC can restrict. How does this one restriction increase the difficulty for an attacker to compromise the system? What is the set of rules called that manages the RBAC system? Although you will not be asked to create an RBAC policy, read through the rest of the document and try to follow the examples of how an RBAC policy is coded on a system.

Page RBAC Access Control

Role-based access control (RBAC) is based on roles. Access rights are assigned to roles and users are assigned to roles. After watching, you will be able to describe how this model is implemented using two matrices. Is this access control model similar to discretionary or mandatory access control? When would this access control model be used? What are some constraints of this model?

4.3.3: Rule-Based Access Control (RB-RBAC) Page Rule-Based Access Control (RB-RBAC)

This section explains the basic of the rule-based access control (RB-RBAC) model. As you read you will understand why this model is called rule-based as this model is based on meeting a set of rules versus being identity-based as in the other models discussed. What is an example of a rule-based access control on a system?

Page RB-RBAC versus the RBAC Model

Section 4.2 in this article describes the rule-based RBAC (RB-RBAC) model. This model is an extension of the RBAC model, but is not identical to it. How does it differ from the RBAC model?

5.1: Identification Page Identification, Authentication, and Authorization
To maintain access control, there must be a way to provide or deny access to users. In this section, you will learn what it means to identify, authenticate, and authorize a user. For example, when you log into a system you identify yourself, then you authenticate or prove who you are by providing a password. If the username and password match, the system will authorize your access provided you were previously approved for access to the system. Read the section on identification, authentication, and authorization to learn the terms and to be able to differentiate between them. You will also learn identification component requirements, authentication factors, and authentication methods such as biometrics, passwords, cryptographic keys, passphrases, memory cards, and smart cards.
Page Authentication and Authorization Basics
View this video about identification, authentication, and authorization in computer systems. As you watch, list the common identification methods and common authentication factors. What can be used to prove something you know, something you are, something you have, something you do, and somewhere you are? What are four methods of authentication? What is an implicit deny?
5.2: Authentication Types Page Password Security
Passwords must be kept confidential and follow certain guidelines or they will be easily hacked. Online tools are readily available to crack passwords but following a few rules can make them more secure. Read the sidebar on password security for some effective policies on how to create secure passwords. Be able to name and explain three methods that can be used to make or keep passwords secure.
Page Tokens and Biometrics
Another way to authenticate users is to use tokens or biometrics. Tokens are something you have, but biometrics are something you are, such as your physical characteristics. A one-time password is an example of a token, as is a bank card with a chip. Fingerprints or iris scans are examples of biometrics. As you watch, pay attention to the description of tokens and biometrics, and the common tokens and biometrics used today. What are some common drawbacks with tokens and biometrics? How do tokens authenticate? Biometrics do not authenticate by comparing photographs of the fingerprints or iris, so how do they authenticate? Which biometric authentication is most secure? Which one is most expensive and which one is the least secure?
Book Biometrics
Some consider biometrics as intrusive and as a violation of privacy. While you read, pay attention to how biometric systems authenticate and to the three main threats against biometric systems. What are these three threats and what are the cryptographic and non-cryptographic countermeasures?
Page Security and Accuracy of Biometrics

If you are interested in more information about biometrics, watch this video. The panel discuss various methods of voice, facial, and DNA-recognition technology as well as issues of security, privacy, and the accuracy of biometrics.

5.3: Human Authentication Factors Book Human Factors Used in Authentication

You learned about using passwords, tokens, and biometrics to authenticate a user. Authentication factors are discussed in terms of something you know, something you have, and something you are. This article explains these three factors.

Page Authentication Factor Descriptions
This video discusses authentication factors in greater detail. How would you categorize authentication factors as something you know, something you have, or something you are? This video uses the language what you know, what you possess, and what you are to describe these concepts. Another authentication factor is where you are. Pay attention to this factor, and think about how it can be used alongside the other three.
Book Methods of Authentication
This article calls the authentication factors we are familiar with the ownership factor, knowledge factor, and inherence factor. These names relate to something you have, something you know, and something you are, respectively.
5.4: Authentication Forms Page Authentication Forms

Watch this video to learn about authentication forms. There is a difference between authentication and authorization. This video discusses those three factors in terms of what you know, what you are, and what you have. The factors can be used alone or can be combined into multifactor authentication. What is the purpose of multifactor authentication? What is single sign-on?

Book Multifactor Authentication
Authentication can be accomplished with one factor, two factors, or multiple factors. Which one is the weakest level of authentication and which is the most secure and why? When would a more secure system be required? Be able to explain these multifactor authentication methods: password protection, token presence, voice biometrics, facial recognition, ocular-based methodology, hand geometry, vein recognition, fingerprint scanner, thermal image recognition, and geographical location. What are some challenges of multiple factor authentication when using biometrics? There is a lot of interesting information covered in this article that you do not need to memorize, but that you should be aware of.
Page Authentication
Confidentiality, integrity, and availability are supported by authentication and authorization. This video also introduces a new term, accountability. Once you are given authorization, you are accountable for what occurs with your account. This is a good reason not to share authentication credentials. The video addresses four types of user authentication: password, certificate-based, biometrics, and e-tokens. Be able to describe the process for each type of authentication and the drawbacks of each one. You will recognize some information from the unit on cryptography.
Page Mutual Authentication
Watch this short video on mutual authentication, and think about how it relates to the authentication methods we reviewed previously.
5.5: Authentication Protocols: RADIUS, TACACS+, PAP, CHAP, MS-CHAP, and EAP Page Authentication Protocols
Four commonly used authentication protocols are Remote Authentication Dial-In User Service (RADIUS), Terminal Access Controller Access Control System (TACACS), and Diameter. This article explains these methods, their weaknesses, and their compatibilities.
Page Authentication Services
When discussing authentication, it is important to know the function and purpose of authentication services. AAA stands for authentication, authorization, and accounting. The AAA protocols discussed in this video are Remote Authentication Dial-In User Service (RADIUS), Terminal Access Controller Access Control System (TACACS+). What are each of these services used for? What is encrypted when using each service? How are they similar, and how are they different?
Page Terminal Access Controller Access Control System (TACAS)
You learned about single-factor and two-factor authentication in the previous unit. When you watch this video, make note of which type of authentication TACACS utilizes as opposed to TACACS+. Which one has the stronger authentication factor?
Book Diameter
Read this article about the history of Diameter and why it was developed. What preceded Diameter as an authentication protocol? While you do not need to understand how Diameter authenticates, you should have a general idea of its authentication process.
Four methods of authentication and authorization are discussed in this video. The four methods are password authentication protocol (PAP), challenge handshake authentication protocol (CHAP), Microsoft CHAP (MS-CHAP), and extensible authentication protocol (EAP). While watching this video pay attention to the method of authentication used by each protocol. Which method is the least secure and why? Which method is proprietary?
5.6: Single Sign-On (SSO) Page Kerberos
This section will introduce you to single sign-on (SSO), and its advantages, disadvantages, and limitations. Then, we will look at the Kerberos authentication protocol. Take note of the Kerberos components such as key distribution center (KDC), ticket granting service (TGS), ticket granting ticket (TGT), and authentication server (AS).
Page Singe Sign-On (SSO)

Watch this video to understand the concept of single sign-on (SSO). Why would a user want to use or not want to use a SSO? What is the name of a modern SSO and is it used for authorization, authentication, or both?

Page Kerberos Facts

This short video will describe the origin of Kerberos, what it protects, and the type of cryptography that is used with Kerberos. Can you describe end-to-end security?

Book Kerberos History

Kerberos can only be used within a trusted environment, and passwords are never sent over the network. Review the terms principal, realm, and ticket. What is the authentication flow for Kerberos? What are its limitations?

Page Kerberos Weaknesses

You should be aware of some of the vulnerabilities of Kerberos. After watching this video name two Kerberos vulnerabilities and describe under what conditions an attacker can exploit these vulnerabilities.

Page Kerberos and Lightweight Directory Access Protocol (LDAP)

Watch this video on Kerberos and lightweight directory access protocol (LDAP). Pay attention to the terms key distribution center (KDC), authentication server (AS), ticket-granting service (TGS), ticket granting ticket (TGT), and token. How do Kerberos and LDAP work? What ports are used by each protocol?

Book Lightweight Directory Access Protocol (LDAP)

To understand Lightweight Directory Access Protocol (LDAP) you must first understand directory services. This article defines directory services and how LDAP structures the entries in a directory service. Pay attention to the basic LDAP components such as attributes, entries, and data information trees (DITs). How does LDAP organize data, and what is LDAP inheritance? Note that there are some variations in LDAP protocols.

Page Directory Services Overview
Beyond directory services, what are some other uses for LDAP? What type of structure does LDAP use for data? You do not need to memorize the abbreviations used in LDAP, but you should be aware of them. This video reviews active directories, which use both LDAP and Kerberos for authentication.
5.7: Public-Key Infrastructure (PKI) Page Public-key Infrastructure (PKI)
Asymmetric encryption requires two keys instead of one as in symmetric encryption. In public key infrastructure (PKI), asymmetric encryption is used. Watch this video to learn about PKI and how the public and private keys are used to encrypt and decrypt information. Also, learn about the two types of certificate authorities (CAs). What are the advantages and disadvantages of the private CA? To understand PKI you should also understand the levels of certificate authorities, the concept of the digital certificate, and the components of the digital certificate.
Page More on Public-key Infrastructure (PKI)
After watching this video as a continuation of public key infrastructure (PKI), you should be able to answer the following questions: What are the responsibilities of the certificate authority (CA)? What is the online certificate status protocol (OCSP)? What are the responsibilities of the registration authority (RA)? What is the purpose of a trust model?
Page Certificate and Registration Authorities
One method of certification is using a certificate authority (CA) or registration authority (RA). Read the section on certificate authorities to understand the difference between a CA and an RA. How does the CA, or RA, publish a user's public key?
Page Certificate Authorities
This video will explain and model how the use of a certificate authority (CA) can prevent a man-in-the-middle attack. Be able to explain how the use of a CA can prevent this attack.
Page Digital Certificate Defined
To understand the concept of a digital certificate read this short article. Who typically grants a digital certificate and what is included with the certificate?
Page Digital Certificate
To understand more about the digital certificate process, watch this video. What is the purpose of a digital certificate? Which key is used to create the digital certificate?
6.1: Network Security Design Page Elements and Components of Network Design

This video discusses secure network components like demilitarized zones (DMZ), network address translation (NAT), network access control (NAC), virtualization, subnetting, and segmentation. You should learn the purpose of each component, how each component is set up, what hardware they require, if any. What are the security advantages of each of these components?

Page The Importance of Network Segmentation

This video describes network segmentation, and how the networks can be segmented at the physical and data link layers. Networks can be segmented for many reasons: compliance, optimizing or improving performance, separating private communications from public, protecting legacy systems, creating testing environments, securing data flow, or creating honeynets. Pay attention to supervisory control and data acquisition (SCADA) systems and why they should be segmented. This video also discusses the Stuxnet virus. What type of system was it designed to attack?

Page Segmentation Helps to Keep Your Network Secure

You can think of network segmentation like compartments of a submarine. Each compartment is separated from the others, so if a flood happens in one compartment, it can be sealed off to protect the others. As with all secure methods, segmentation has drawbacks as well as benefits. In a network, how could a security team identify application flows to determine border placement, appropriate policies for segmentation, and how the segmentation scheme can be managed and maintained?

Page Network Security Zoning
Zoning is a tactic used to protect an organization's network by segmenting assets into groups (or zones) that have the same level of security requirements. These can include internet zones, internet DMZs, production network zones, intranet zones, and management network zones. Read this article for more on zoning and the different types of zones.
Page Redundancy
Computer systems will fail and lose data, but data can be preserved if redundancy is in place. Think about this in relation to the three tenets of the CIA triad: if data is lost, then availability is lost, and CIA is not protected. What is redundancy? How is it accomplished in information systems? Pay attention to the concepts of paths, routing, scalability, redundancy, and fault tolerance.
Page Redundancy Methods

This video explains redundancy and hardware that can be used to maintain redundancy. What physical devices provide for data and for hardware redundancy? What is the benefit of using RAID? Note the differences between hardware, software, and firmware-based RAID. How do load balancing and failovers work with redundancy?

6.2: Firewalls Page What is a Firewall and How Does it Work?

Firewalls are an important part of network security. Firewalls act like filters and help protect against malicious network traffic. This article discusses three types of firewalls: stateless, stateful, and application. Firewalls use rules to accept, reject, and drop network traffic. Incoming and outgoing traffic have different firewall rules. This article covers some basic tools that you should be able to discuss, including IP tables, uncomplicated firewalls (UFW), FirewallD, and Fail2ban.

Page Firewall Basics and Firewall Placement

This video goes into detail about more types of firewalls, as well as firewall settings and techniques. You should be able to describe each type of firewall, and know what circumstances each type should be used for. What is the difference between stateless and stateful inspection firewalls? What is a virtual firewall? When discussing firewall settings and techniques, it is important that you can explain what an access control list (ACL) is. What should the last rule in an ACL be? Where should a stateful or a stateless firewall be placed? What is a demilitarized zone (DMZ), and where should a DMZ be placed?

Book Packet Filtering

This article explains packets, packet headers, and packet filtering. What can the option of allowing or disallowing packets be based on? What are the weaknesses and advantages of packet filtering? After you read, you should be able to describe packets and packet headers.

Page Inbound and Outbound Packet Processing

It can be difficult to understand how packet processing works. This video gives a visual explanation using decision tables on how all inbound and outbound packets are processed. See if you can follow the process. While you don't need to know the specifics, you should be able to explain the inbound and outbound process in general terms.

Page Stateful Packet Inspection

Stateful packet inspection is also known as dynamic packet filtering. What type of table does stateful packet inspection use for filtering? What are the attributes that are part of the state of the connection? How is stateful packet inspection different from static packet filters? How can stateful packet inspection improve network performance?

Book Deep Packet Inspection

This article describes how deep packet inspection (DPI) is different from other types of packet processing. Most packet processing is done via the IP header, but deep packet processing inspects the packet contents. How does DPI help to secure a network? What are the different approaches to DPI? Make sure you can explain the three techniques used in DPI and name some of the tools used for packet analysis.

Page Deep Packet Inspection and Routers
Deep packet inspection is expensive, because the router unpacks the packet and looks at its contents, which slows down the routing process. Watch this video for an in-depth explanation of deep pack inspection. Why is deep packet inspection less common, and what are some situations where you might want to use it despite its drawbacks?
6.3: Wireless Networks Page Introduction to Wireless Networks and Wireless Encryption

This section discusses wireless networking, encryption, and the 802.11 wireless network standards. Wireless networking is advantageous, since it removes the cost of installing cables and doesn't require systems to use a wired connection. What does the term half-duplex mean? What are the most common RF bands used in the United States, and why they are used? Why is it important to encrypt wireless networks? You might remember advanced encryption standard (AES) from the unit on encryption. Which encryption standard for 802.11 networks uses AES? Why should wired equivalent privacy (WEP) and Wi-Fi protected access (WPA) no longer be used for encrypting wireless networks?

Page Wireless Network Basics

This video discusses six names for wireless Internet connections, and how to view the wireless connection manager program on a device to determine if the connection is encrypted. Why is it important to know if the connection is encrypted? How close does a wireless eavesdropper have to be to intercept a signal between a computer and a router?

Book More Wireless Basics

This article explains the types of wireless signal. What makes these signals different? What is the difference between a transmitter and a receiver? What do you call a device that both transmits and receives? Make sure you can name two types of antennas and the reason for choosing each type.

Page Virtual Ethernet Tunneling

Tunneling is a way to connect networks through a secure connection across a public network. The secure connection is called a virtual private network (VPN). Watch this video for more on tunneling and the mechanism of a VPN. What are encapsulation, tunneling, and authentication? Why is encryption important when sending data via a tunnel? What is the purpose of a split tunnel?

Book Risks Associated with BYOD

A "bring your own device (BYOD)" policy is when an organization allows employees to use their own devices on the company network. While this can save the organization money and allow for more employee freedom, there are security risks associated with it. This article explains the principles of BYOD, some benefits of BYOD for an organization, and the many ways that BYOD can increase the risk to a company's data and information systems.

6.4: Network Protection Page Honeypots

Honeypots are decoys used attract network attackers. Read pages 10 through 12 in this article to understand how honeypots are used to protect networks. When would you prefer to use a honeypot instead of an intrusion detection system (IDS)?

Page Honeypots and Honeynets

Read this brief article to understand how a honeynet is configured. What is the difference between a honeypot and a honeynet? What is the purpose of a honeynet?

Book Privacy Issues with Honeypots and Honeynets

This article discusses the legality of the data collected by honeypots and honeynets, and how they relate to liability and entrapment in US and EU law. After you read, you should be able to describe the four core elements of a honeynet and the issues associated with honeynets. How are honeypots classified according to their level of interaction and their purpose?

Page Network Sniffers

Read this article to learn about network sniffers and the reasons sniffers are used. How are network sniffers detected? What are two common network sniffers?

Page Wireless Sniffing

Recall that you learned about the perils of unencrypted wireless connections in a previous section. Watch this video to learn how a hacker can use a sniffer to intercept unencrypted traffic.

Page Packet Capturing Using tcpdump and Wireshark

A packet analyzer can be used to capture packets containing data. This video shows how simple it is to capture packets using the packet analyzer tcpdump and then view the data using Wireshark. Be sure to watch both videos. You only need to understand what is happening here; you will not be asked to capture packets using tcpdump or Wireshark.

6.5: Web Security Page Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS)

When watching this video you will learn the difference between http and https. How is text transmitted across the Internet using http and how is it transmitted using https? Which one is more secure?

Page Secure Sockets Layer (SSL) and Transport Layer Security (TLS)

This video describes secure sockets layer (SSL) and transport layer security (TLS). After watching you should be able to desribe SSL and TLS and the purpose of each. What type of encryption is used? What is the relationship between SSL and TLS? What is the name of a well-known attack on TLS?

Page Domain Name System (DNS) and Domain Name System Security extensions (DNSSEC)

As you watch this video, pay attention to the descriptions of domain name system (DNS) and domain name system security extensions (DNSSEC). Why do we use domain names instead of internet protocol (IP) addresses? What is a fully qualified domain name (FQDN)? How does DNSSEC protect from forged DNS data, and what is used to provide this protection?

7.1: OS Hardening Page System Hardening

The only way to ensure a system is completely secure is to eliminate any connectivity and to place the system in a secure area. Since this defeats the purpose of resource connectivity, the next best thing is to harden the operating system (OS). Hardening the OS means to remove all vulnerabilities possible from the system. What can be removed, avoided, disabled, or configured to harden an OS? How can you harden your personal devices?

Page Classic Hardening on Servers

When hardening servers, there are some common techniques that should be observed. This video describes how to address the presence of things like telnet, tcpwrappers, and shadow passwords. What should you do when hardening a server?

Page Log Files and Unnecessary Services and Accounts

When hardening a system, it is important to set up logging and to monitor the log files. It is also important to remove or disable unnecessary accounts and services. As you watch this video, note how security can be enhanced with log files, and take note of the system logs that should be reviewed. How should logs be formatted to make viewing of anomalous activity easy? When hardening individual systems, what should be disabled and what should be protected?

Page Configuring Accounts

Once a user is authenticated and is allowed access files on a system, how can limitations be placed on the tasks a user can perform? A user is granted permissions so that a user may be able to read a file while another can read and edit the same file. Watch this video to understand how user and group settings in a Windows system are used to allow or disallow an authorized user access to files. What is the difference between a user and an administrator account? What is the difference between a power user, a standard user, and a guest account? Name some permissions a user may be given.

Page Why Patching Does Not Happen Sometimes

It can be costly for an organization to not have a regular patching schedule and ongoing updates. Even though patching an operating system (OS) is important, patching applications is just as important. Read this article to understand why organizations sometimes do not make patching a priority. Make note of why patching is important and the reasons why patching is often neglected.

Page Patching Can Be Hard

As you read in the previous section, there are many reasons why patching does not occur within an organization. One main reason for refusing to patch is that the patches may break the system. While reading, note how some organizations handle system patching to ensure patching does not break their production systems.

Page System Auditing

Read the section on access control assurance in this article to learn about system auditing. Auditing a system is important to verify that security policies are being followed. When reading, learn what auditing is and what should be audited on a system. Why information can be tracked through system auditing? How should audit and log data be protected to ensure confidentiality and integrity?

7.2: OS Protection Methods Page What is Antivirus Software?

Antivirus software protects a system from becoming infected with a virus. This video discusses what antivirus software is, how it works, and how to use the software once it is installed on a system. How do antivirus applications find viruses on a system? Why is it important to update your antivirus software as updates are available? What does antivirus software do with infected files?

Page Antivirus Versus Antimalware

You learned about malware and about viruses in unit two and you should now understand the two terms. But what is the difference between antivirus and antimalware software? Do you need both types to secure your operating system (OS)? Read this article to learn why antimalware is needed and be able to explain why it is needed on systems today. What is meant by the term heuristics?

7.3: OS Firewalls Book Linux IPtables

Firewalls are tools that can protect an OS. Linux has iptables and firewalld, which contain firewall rules and can manage firewall rules in Linux. Essentially, iptables and firewalld are configured by the systems administrator to reject or accept traffic. While you are not expected to be able to configure a system, read this article to see how iptables can control incoming or outgoing traffic. Why does the order of the rules matter?

7.4: OS Security Tools Page How Scanners Work

Scanners detect vulnerabilities in systems, but how does a scanner find the vulnerabilities? Watch this video and be able to describe six steps in the scanning process. Do scanners exploit the vulnerabilities found in a system?

Page What is a Vulnerability Assessment?

A data breach can cause a loss of reputation as well as a financial impact to an organization. The assessment of vulnerabilities on a system before a breach happens can help to circumvent a breach. Watch this video to learn what a vulnerability assessment is and why organizations need them. Be prepared to describe a vulnerability assessment to include identifying vulnerabilities, the business impact, vulnerability scans, and the risk management strategy in brief detail.

Page Vulnerability Assessment Using SCAP

OpenSCAP is a tool to find vulnerabilities and configuration errors on a Windows or on a Linux system. SCAP is a security content automation protocol, or a set of security standards developed by the National Institute of Standards and Technology (NIST). The tool is installed on a computer system and ran on the system to evaluate known vulnerabilities. You should understand the concept of OpenSCAP and how it checks vulnerabilities on a system. What are the limitations of OpenSCAP and why does it have these limitations?

8.1: Intrusion Detection Systems (IDS) Page The Basics of Intrusion Detection Systems

Tools that monitor systems for malicious activity are called intrusion detection systems, or IDS. Read this article to learn the common components and functions of an IDS, and some kinds of IDS, like signature, anomaly, and rule-based. What is the difference between and IDS and an intrusion protection systems (IPS)? Obviously, network detection systems (NIDS) are installed on networks and host-based intrusion detection systems (HIDS) are installed on hosts. The purpose of NIDS and HIDS are similar; they both detect intrusion, but they operate differently. What does each one do?

Page Comparison of IDS and IPS

This video goes into more detail about intrusion detection systems (IDS) and intrusion prevention systems (IPS), the differences between an IPS and an IDS, and how a signature-based and an anomaly-based IDS functions. You should be able to explain what true positives, false positives, true negatives, and false negatives are. When using a detection system, which type of response would be of the most concern? Pay attention to the differences between a network-based IDS and a host-based IDS. What is an IDPS? What is the correct placement of an IDS and an IPS? What are some weaknesses and limitations in IDS detection? How is packet fragmentation used to avoid detection by an IDS? What are the names of some of the IDS vendors?

Book Intrusion Detection Systems

The purpose of an intrusion detection system (IDS) is to protect the confidentiality, integrity, and availability of a system. Intrusion detection systems (IDS) are designed to detect specific issues, and are categorized as signature-based (SIDS) or anomaly-based (AIDS). IDS can be software or hardware. How do SIDS and AIDS detect malicious activity? What is the difference between the two? What are the four IDS evasion techniques discussed, and how do they evade an IDS?

Page Signature and Anomaly-based IDS

This video explains what an intrusion detection system (IDS) does in general terms. You will learn about two common techniques used by IDS to identify threats. What are these two common techniques and how do they detect system attacks? Where can IDS software be placed on a small network, and where can it be placed to keep from slowing down systems on the network? What is a popular opensource IDS software? What are the two types of protection offered by IDS software?

Page Signature-based IDS

Read section 2 of this article to learn about signature-based intrusion detection systems (IDS). You should be able to explain what signature-based IDS detects on a system, as well as some advantages and disadvantages of the system. What is a popular signature-based network intrusion detection system?

Page Anomaly-based IDS

Anomaly-based intrusion detection systems (IDS) detect anomalies. This is different from signature detection, which matches patterns. While you read, try to explain how an anomaly is different from a signature. An anomaly-based IDS can be either host or network based. When reading this article, note the explanation of the host based and the network-based anomalies. What are some of the network anomalies? How would you define a static and a dynamic anomaly? What is the advantage and disadvantage of an anomaly-based IDS as compared to a signature-based IDS?

Page Rule-based IDS

Another type of intrusion detection system is a rule-based intrusion detection system (IDS). Read the section on intrusion detection systems, focusing on rule-based IDSes and how they function. What are two techniques used by rule-based IDSes? What are two downsides to a rule-based IDS?

Page Rule-based IDS Example

This video provides a good visual example of rules coded in a system. As you watch, you will see rule headers, snort rules, and rule options. This example will help you to understand a rule-based attack as related to rule-based IDS.

8.2: Network Intrusion Detection Systems (NIDS) Page Network Intrusion Detection

Read sections 22.4 and 22.4.1. What is the main idea behind network intrusion detection? What is the basis for network intrusion detection systems (NIDS)? What is the issue that occurs when NIDS has to reassemble TCP streams?

8.3: Host-based Intrusion Detection Systems (HIDS) Page Host-based Intrusion Detection Systems (HIDS)

The counterpart to network intrusion detection systems are host-based intrusion detection systems (HIDS). Pay attention to the description of a HIDS, the purpose of a HIDS, and what type of attacks HIDS can detect. What are the types of HIDS and what are they based on? What are three categories of measurement that can implicate an instrusion?

Book A Review of Intrusion Detection

In retrospect, you have learned about host-based intrusion detection systems (HIDS) and network-based intrusion detection systems (NIDS). Read this article on intrusion detection systems and note the strengths of HIDS and NIDS, and the overall pros and cons of intrusion detection systems.

8.4: Intrusion Prevention Systems (IPS) Page Intrusion Prevention System

Read the section on intrusion prevention in this article for an explanation of an intrusion prevention systems (IPS). What are the main functions of IPS?

8.5: System Information and Event Management (SIEM) Page Security Incident and Event Management (SIEM)

This video will discuss some system information and event management (SIEM) tools. When reviewing this video, pay attention to the purpose of a SIEM and the difference between events and incidents when using a SIEM tool. What are some examples of SIEM tools?

Page Scanners

Vulnerability analysis is performed on systems to determine the weaknesses of a system. When watching this video on vulnerability analysis, pay attention to the benefits of a vulnerability scan and to some popular types of scanners such as Nessus and Retina.

Page Network Scans

Scans can be performed on networks as well. TCP, port, or host scans are performed depending on the type of data to be collected by the scan. While watching, you should learn the types of network scans and the purpose of each type of scan.

Page Web Application Scans

Web scanners are used to find vulnerabilities in websites to protect them from being hacked. A web application vulnerability scanner (WAVS) is used to scan websites. Are these scans white, black, or gray box scanning? What are the two types of WAVS? Once viewed, you should have a general idea of how WAVS scan for vulnerabilities. Pay attention to the description of cross-site scripting (XSS) and cross site request forgery (CSRF) attacks.

Page Splunk for Security

Watch this video to get a basic understanding of the purpose for using Splunk. What output does Splunk produce that provides assistance to security personnel? What is the benefit of Splunk to security personnel?

9.1: Electronic Data Privacy Protection Page Data and Protecting the Right to Privacy

Maintaining and protecting privacy in information systems is an ethical as well as a legal issue. When individuals' private data is protected, the confidentiality tenet of the CIA triad is supported. Read this article about the balancing act between technology and privacy. Think about some of the ways that helpful technological advances may be invading your privacy. This article makes some good points about technology and the data trail that you may not have thought about previously.

Book The Right to Privacy

Privacy is protected by law in many countries and by international law. Read section 5.3, which discusses privacy rights and the laws that protect privacy. Make note of what is considered to be privacy and what is protected by the US constitution, by the United Nations (UN), and by the European Union (EU).

9.2: Global Privacy Laws Page The Future of a Global Privacy Framework

This video discusses the challenges of protecting privacy as digital technology and artificial intelligence (AI) rapidly evolve. You will learn more about the European General Data Protection Regulation (GDPR) in a subsequent section, but after you watch this video you should be able to explain how the GDPR has affected privacy regulations around the world. Are there laws that parallel the GDPR in the United States or in other countries?

Book Privacy Policies in the Digital World

Depending on where you work or do business, there could be many privacy laws to you should be aware of. This article discusses important privacy laws in the United States, and the European Union's General Data Protection Regulation (GDPR). Note the different aspects that the US Privacy Act of 1974, the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Children’s Online Privacy Act (COPPA) of 2000, the California Consumer Privacy Act (CCPA), and the GDPR protect. How would you compare the GDPR to the CCPA?

File The US Privacy Act of 1974

Review this article on the US Privacy Act of 1974. Why has this privacy law been difficult to apply? Could that be related to the legislative history of the act? What are the objectives of the act, and what infamous scandal prompted the enactment of the act?

Page US Privacy Act and the EU Data Protection Directive

This article goes into more detail about the US Privacy Act of 1974. What protections does the act provide? Who is not protected under this act, as compared to the EU Data Protection Directive?

Page Health Insurance Portability and Accountability Act of 1996 (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in the US in 1996 to protect individuals' health information. This video explains the history of the bill. What kinds of information is protected under the act? What is PHI and HITECH, and how is HITECH related to HIPAA? What is the role of information technology (IT) in protecting health information?

Page HIPAA Summary

This article gives a supplementary overview of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Pay attention to who is covered by HIPAA, and the information protected by HIPAA. What are the technical safeguards that must be in place when an organization collects privacy information covered by HIPAA?

Page European General Data Protection Regulation (GDPR)

The European Union General Data Protection Regulation (GDPR) is very complex, but this video breaks it down. Take note of the right to be forgotten and the exemptions to this rule.

Page Personal Data and Data Subjects in the GDPR

The European General Data Protection Regulation (GDPR) has affected how organizations protect personal data around the world. If an organization in any country wants to do business with another organization or with individuals in the European Union, then that organization must follow the rules of the GDPR. When watching this video, learn how personal data is defined by the GDPR, the categories of personal data that has special or extra restrictions, and why these restrictions were added to the GDPR. What is considered processed data under the GDPR, and who is responsible for the security of the data under the GDPR? Who is protected under the GDPR and what are their rights?

Study Guide Book CS406 Study Guide
Course Feedback Survey URL Course Feedback Survey