IT security course content

PART 1: Introduction

1. Introduction

a.                  Evolution in information security requirements

b.                  IT security concerns

c.                  Facts of black holes

d.                  Computer crimes and security survey 2002

e.                  Types of attacks

f.                    Common attack methods

g.                  Hackers’ methods

2. Network security theory

Concepts:

a.      Security threats

b.      Security frame work

c.      Model for network security

d.      Network access security model

PART 2: Basic Cryptography

1. Introduction

a.      Confidentiality

b.      Authentication

c.      Integrity

d.      Nonrepudiation

2. Basic Cryptography

a.      Definition

b.      Algorithms

c.      Cryptography basics

d.      History of Cryptography

3. Symmetric Encryption

Encryption methods:

a.      DES->3DES

b.      Triple DES

c.      Advanced encryption standard

d.      AES

4. Asymmetric/Public key encryption methods

a.      Asymmetric/Public key algorithm

b.      RSA

c.      One way encryption of hashing: Digital signature

d.      Others

5. Drawbacks of cryptography

a.      Problems with public key cryptography

b.      Solution

6. Certificates

a.      X.509 certificates

b.      Public key certificates

c.      Certificates and validation

7. Public key infrastructure( PKI )

a.      PKI components

b.      PKI certificate authority

c.      PKI trust model

d.      PKI Registration authority

e.      PKI certificate policy

f.        PKI overview

g.      Problems with certificates

PART 3: Security in applications

I.        Authentication 

1. Authentication mechanisms

a.      Password authentication

b.      Certificate based authentication

2.      Application authentication: Kerberos

3.Other authentication mechanisms

a.Token

b.Biometrics

c.LDAP directory servers

d.Authentication servers

e.Authentication in future

II. Electronic mail security

1.      Introduction

2.      SMTP

3.      Email security requirements

a.      Privacy 

b.      Authentication

c.       Integrity

d.      Non-repudiation

4.      S/MIME

a.      Functinality

b.      Enveloped data

c.      Signed data

d.     Clear signed data

5.      Pretty good privacy

a.      Operational description

b.      How it works?

c.      Keys

d.      Trust

e.      Key ring

f.        Key management

g.     Private and public key rings

III. Web security

1.      Introduction

2.      Websecurity approachs

3.      Transaction layer security ( TLS)

a.      Part 1: key exchange

b.      Part 2: server authentication

c.       Part 3: client authentication

d.      TLS handshake protocol

e.      Trust model

f.        Advantages and disadvantage

g.      TLS and SSL

IV. Application Security

1. The needs for application security

2. Application security
3. Application attacks
4. Application level security
5. Application security: SOAP and XML-RPC
6. Application security: Mobile code
7. Java and ActiveX
8. Web services and security

Part 4. Security and Architectures

1. Introduction
2. Firewalls

                                                              i.      Introduction

                                                            ii.      The Firewall market

                                                          iii.      Firewall technology

2. Packet filtering
3. Application layer gateway/proxy
4. Stateful inspection filter

                                                              i.      Application layer

                                                            ii.      Stateful inspection filter

                                                          iii.      Firewall setup

1.      Dual Homed firewall

2.      Screened Subnet

3.       Multi-Homed firewall

3. VPN

            i.      Introduction

            ii.      VPN example

            iii.      How to build VPN

            iv.      VPN security: IPSec (AH, ESP, Transport and Tunneling, etc.)

            v.      Hardware VPN boxes

            vi.      VPN enable routers

            vii.      Firewall level VPN

            viii.      VPN hardware and software

            ix.      VPN evolution

5. Scanning tools

           i.      Port scanners and examples

            ii.      System and Database scanners

            iii.      Vulnerability scanners

6. Content Security

                                                              i.      Malicious programs

                                                            ii.      Viruses: Hoax virus, worms, Trojan horses

                                                          iii.      Anti virus approaches

                                                           iv.      Email content Security

                                                             v.      Web content Security

                                                           vi.      Other threats

7. Intrusion detection systems

                                                              i.      Introduction

                                                            ii.      Host based systems

                                                          iii.      Network based systems

                                                           iv.      Distributed systems

                                                             v.      Intrusion detection examples

8. Wireless Security

    Confidentiality
    Access Control
    Data Integrity
    Wired LAN Integrity (one additional)
 
    Types of Attacks
    Wireless security standards
    Wireless security Issues
    Wireless security Advices
    Wireless security with Bluetooth
    Wireless Firewall
    Wireless VPN