CSLO: Certified Security Leadership Officer Training in Norfolk

Enroll in or hire us to teach our CSLO: Certified Security Leadership Officer class in Norfolk, Virginia by calling us @303.377.6176. Like all HSG classes, CSLO: Certified Security Leadership Officer may be offered either onsite or via instructor led virtual training. Consider looking at our public training schedule to see if it is scheduled: Public Training Classes
Provided there are enough attendees, CSLO: Certified Security Leadership Officer may be taught at one of our local training facilities.
We offer private customized training for groups of 3 or more attendees.

Course Description

 
The Certified Security Leadership Officer was designed for mid to C level managers as well as any engineers who seek to increase their knowledge in the security arena. The C)SLO course was designed to give management an essential understanding of current security issues, best practices, and technology. Because a security officer or manager understands the value of security, he or she is prepared to manage the security component of an information technology security projects.
Course Length: 5 Days
Course Tuition: $2690 (US)

Prerequisites

A minimum of 12 months professional experience in an IT or management.

Course Outline

 

Module 1- 802.11            

  • Overview
  • Airborne Viruses
  • Types of Wireless
  • Standards Comparison
  • Wireless Network Topologies
  • SSID (Service Set Identity)
  • Wireless Technologies – Service Set ID
  • Securing and Protecting Wireless Best Practices
  • Typical Wired/Wireless Network
  • 1X: EAP Types
  • EAP Advantages/Disadvantages
  • EAP/TLS Deployment
  • New Age Protection
  • New Age Protection
  • Wireless Security Technologies
  • MAC Filtering
  • Wired Equivalent Privacy
  • Wireless Technologies – WEP
  • XOR – Basics
  • How WPA improves on WEP
  • How WPA improves on WEP
  • TKIP
  • 11i – WPA2
  • WPA and WPA2 Mode Types
  • WPA-PSK Encryption
  • LEAP
  • Wireless Security Weaknesses
  • Weak IV Packets
  • WEP Weaknesses
  • The WPA MIC Vulnerability
  • LEAP Weaknesses
  • Wireless Threats
  • NetStumbler
  • Tool: Kismet
  • Analysis Tool: OmniPeek Personal
  • Omni Peek Console
  • Tool: Aircrack-ng Suite
  • Tool: Airodump-ng
  • Tool: Aireplay
  • DOS: Deauth/disassociate attack
  • Tool: Aircrack
  • Aircrack for Windows
  • Attacking WEP
  • Attacking WPA
  • coWPAtty
  • Exploiting Cisco LEAP
  • asleap
  • WiFiZoo
  • Wesside-ng
  • Review 

Module 2 – Access Control          

  • Role of Access Control
  • Layers of Access Control
  • Access Control Mechanism Examples
  • Access Control Characteristics
  • Preventive Control Types
  • Control Combinations
  • Models for Access
  • Discretionary Access Control Model
  • Enforcing a DAC Policy
  • Mandatory Access Control Model
  • MAC Enforcement Mechanism – Labels
  • Where Are They Used?
  • MAC Versus DAC
  • Role-Based Access Control (RBAC)
  • Acquiring Rights and Permissions
  • Rule-Based Access Control
  • Access Control Matrix
  • Access Control Administration
  • Access Control Mechanisms in Use Today
  • Strong Authentication
  • Memory Cards
  • Smart Card
  • Administrating Access Control
  • Accountability and Access Control
  • Trusted Path
  • Access Criteria
  • Fraud Controls
  • Thin Clients
  • Administrative Controls
  • Controlling Access to Sensitive Data
  • Other Ways of Controlling Access
  • Technical Access Controls
  • Physical Access Controls
  • Accountability
  • IDS
  • Network IDS Sensors
  • Types of IDSs
  • Behavior-Based IDS
  • IDS Response Mechanisms
  • Trapping an Intruder
  • Access Control Methods
  • Remote Centralized Administration
  • RADIUS Characteristics
  • RADIUS
  • TACACS+ Characteristics
  • Diameter Characteristics
  • Decentralized Access Control Administration Biometrics Technology
  • Biometrics Enrolment Process
  • Downfalls to Biometric Use
  • Biometrics Error Types
  • Crossover Error Rate (CER)
  • Biometric System Types
  • Passwords
  • Password “Shoulds”
  • Password Attacks
  • Countermeasures for Password Cracking
  • Cognitive Passwords
  • One-Time Password Authentication
  • Synchronous Token
  • Asynchronous Token Device
  • Cryptographic Keys
  • Passphrase Authentication
  • Definitions
  • More Definitions
  • Single Sign-on Technology
  • Different Technologies
  • Scripts as a Single Sign-on Technology
  • Directory Services as a Single Sign-on Technology
  • Kerberos as a Single Sign-on Technology
  • Kerberos Components Working Together
  • More Components of Kerberos
  • Kerberos Authentication Steps
  • Tickets
  • Why Go Through All of this Trouble?
  • Issues Pertaining to Kerberos
  • SESAME as a Single Sign-on Technology
  • SESAME Steps for Authentication 

Module 3 – Computer Forensics and Legalities

  • Lesson Objectives
  • The Legal System
  • State Law & Criminal Incidents
  • Federal of laws
  • US Title 18: Fraud Criminal Codes
  • Case study: Criminal Incidents
  • Case Study: Criminal Incidents
  • Case study: Criminal Incidents
  • Criminal Incidents
  • International Legal Treaties and Orgs
  • Civil Incidents
  • Criminal Incidents
  • Criminal Incidents 

Module 4 – Cryptography Applications

  • Digital Certificates
  • What Do You Do with a Certificate?
  • Components of PKI – Repository and CRLs
  • PGP
  • Digital Signatures – PGP
  • IPSEC
  • IPSec – Network Layer Protection
  • IPSec Key Management
  • IPSec Handshaking Process
  • IPSec Is a Suite of Protocols
  • IPSec Modes of Operation
  • IPSec
  • PKI
  • Public Key Infrastructure
  • Why Do We Need a PKI?
  • PKI and Its Components
  • Let’s Walk Through an Example
  • Public Key Infrastructure
  • Asymmetric Encryption
  • Public Key Cryptography Advantages
  • Symmetric versus Asymmetric
  • SSL/TLS
  • PPP
  • VPN
  • Site-to-Site VPN
  • myspace.com
  • facebook.com
  • Others From Around the World
  • Identity Theft and MySpace 

Module 5 – Cryptography Algorithms and Concepts        

  • Symmetric Cipher – AES
  • Crack Times
  • Crypto and Password Recovery Concepts
  • Crypto Attacks
  • Caesar Cipher Example
  • Polyalphabetic Substitution
  • Ways of Breaking Cryptosystems Brute Force
  • Attacks on Cryptosystems
  • Encryption
  • Cryptographic Definitions
  • SSH
  • Attack Vectors
  • More Attacks (Cryptanalysis)
  • Type of Symmetric Cipher – Stream Cipher
  • Characteristics of Strong Algorithms
  • Block Cipher Modes – CBC
  • Implementation
  • Block Cipher Modes – CFB and OFB
  • DES
  • Symmetric Ciphers We Will Dive Into
  • Symmetric Algorithm Examples
  • Symmetric Algorithms – DES
  • Evolution of DES
  • Different Modes of Block Ciphers – ECB
  • Other Symmetric Algorithms
  • Symmetric Encryption
  • Symmetric Encryption
  • Symmetric Downfalls
  • Symmetric Algorithms
  • SSL/TLS
  • ECC
  • ECC
  • Quantum Cryptography
  • Asymmetric Algorithm Examples
  • Asymmetric Algorithms We Will Dive Into
  • Asymmetric Algorithm – RSA
  • S. Government Standard
  • Asymmetric Encryption 

Module 6 – Key Management   

  • Using the Algorithm Types Together
  • Hybrid Encryption
  • Strength of a Cryptosystem
  • Symmetric Key Management Issue
  • Now What?
  • Key Management
  • IPSec Key Management
  • Key Issues Within IPSec
  • OPSEC
  • OPSEC
  • Types of Ciphers Used Today
  • Type of Symmetric Cipher – Block Cipher
  • S-Boxes Used in Block Ciphers
  • Type of Symmetric Cipher – Stream Cipher
  • Encryption Process
  • Symmetric Characteristics
  • Strength of a Stream Cipher
  • Let’s Dive in Deeper
  • Block Cipher Modes – CFB and OFB
  • Implementation
  • Attack Vectors
  • More Attacks (Cryptanalysis)
  • ROT – 13
  • ROT – 13
  • MD5 Collision Creates Rogue Certificate Authority
  • SSL/TLS
  • SSL Connection Setup
  • SSL Hybrid Encryption
  • SSH
  • XOR 

Module 7- Cryptosystems          

  • Introduction
  • Encryption
  • Cryptographic Definitions
  • Encryption Algorithm
  • Implementation
  • Hashing
  • Common Hash Algorithms
  • Birthday Attack
  • Example of a Birthday Attack
  • Generic Hash Demo
  • Instructor Demonstration
  • Security Issues in Hashing
  • Hash Collisions
  • MD5 Collision Creates Rogue Certificate Authority
  • Digital Signatures
  • Asymmetric Encryption
  • Public Key Cryptography Advantages
  • Asymmetric Algorithm Disadvantages
  • Asymmetric Algorithm Examples
  • Symmetric Encryption
  • Symmetric Encryption
  • Symmetric Downfalls
  • Symmetric Algorithms
  • Crack Times 

Module 8 – Digital Acquisition  

  • Digital Acquisition Copy – Original
  • Digital Acquisition – Duplication
  • Digital Acquisition Procedures
  • DC3 Operations
  • DCFL Terabytes, Time, & Totals
  • Digital Forensic Analysis Tools
  • Forensic Toolkit (FTK)™
  • EnCase™
  • I-Look Investigator™
  • ProDiscover DFT™ 

Module 9 – DNS               

  • Domain Name Registration
  • Network Service – DNS
  • Countermeasure: DNS Zone Transfers
  • Cache Poisoning
  • What is DNS spoofing?
  • Tools: DNS Spoofing
  • Active Sniffing Methods
  • ARP Cache Poisoning
  • ARP Normal Operation
  • ARP Cache Poisoning
  • ARP Cache Poisoning (Linux)
  • Countermeasures
  • Cybersquatting
  • Domain Hijacking
  • Host Names
  • Hierarchy
  • Host Table
  • Nslookup
  • DNS Databases
  • Using Nslookup
  • Dig for Unix / Linux
  • Protecting Domain Names
  • (Mis)Uses of Host Tables
  • Module 10 – Disaster Recovery and Business Continuity Planning
  • Business Continuity Objectives
  • Pieces of the BCP
  • Where Do We Start?
  • Why Is BCP a Hard Sell to Management?
  • Agenda
  • Plan Development Delegated to a Committee
  • BCP Risk Analysis
  • How to Identify the Most Critical Company Functions
  • Interdependencies
  • Identifying Functions’ Resources
  • How Long Can the Company Be Without These Resources?
  • Preventative Measures
  • What Items Need to Be Considered?
  • Proper Planning
  • Executive Succession Planning
  • Identify Vulnerabilities and Threats
  • Categories
  • Loss Criteria
  • Agenda
  • Disk Shadowing
  • Backing Up Over Telecommunication
  • Serial Lines
  • HSM
  • SAN
  • Co-Location
  • Agenda
  • Facility Backups – Hot Site
  • Facility Backups – Warm Site
  • Facility Backups – Cold Site
  • Compatibility Issues with Offsite Facility
  • Which Do We Use?
  • Choosing Offsite Services
  • Subscription Costs
  • Choosing Site Location
  • Other Offsite Approaches
  • Agenda
  • Results from the BIA
  • Now What?
  • Priorities
  • Plan Objectives
  • Defining Roles
  • Environment
  • Operational Planning
  • Preventive Measures
  • Emergency Response
  • Recovery
  • Return to Normal Operations
  • Reviewing Insurance
  • When Is the Danger Over?
  • Now What?
  • Testing and Drills
  • Types of Tests to Choose From
  • What Is Success?
  • BCP Plans Commonly and Quickly
  • Become Out of Date
  • Phases of Plan
  • Who Is Ready?
  • Review 

Module 11 – Endpoint Security 

  • 3rd Party Applications
  • Anti-Virus Limitations
  • Browser Defense
  • SSL/TLS
  • SSL Connection Setup
  • SSL Hybrid Encryption
  • SSH
  • IPSec – Network Layer Protection
  • IPSec
  • IPSec
  • Public Key Infrastructure
  • Quantum Cryptography
  • Endpoint Whitelist
  • Firewalls, IDS and IPS
  • Firewall – First line of defense
  • IDS – Second line of defense
  • IPS – Last line of defense?
  • Firewalls
  • Firewall Types: (1) Packet Filtering
  • Firewall Types: (2) Proxy Firewalls
  • Firewall Types – Circuit-Level Proxy Firewall
  • Type of Circuit-Level Proxy – SOCKS
  • Firewall Types – Application-Layer Proxy
  • Firewall Types: (3) Stateful
  • Firewall Types: (4) Dynamic Packet-Filtering
  • Firewall Types: (5) Kernel Proxies
  • Firewall Placement
  • Firewall Architecture Types – Screened Host
  • Risks of Portable Devices 

Module 12 – Honeypots, Honeynets, Honeytokens, Tarpits, oh my        

  • Benefits and Drawbacks
  • Honeypots Defined
  • Legal Issues
  • Trying to Trap the Bad Guy
  • Companies Can Be Found Liable
  • Technologies
  • Incident Handling and the Legal System 481
  • Chain of Custody and Digital Evidence Collection Objectives
  • Evidence Collection & Incident Assessment
  • Identifying an Incident
  • Steps to handling an Incident
  • Digital Incident Assessment
  • Incident Response Checklist
  • Responding to An Incident
  • Suggested Guidelines for Securing Digital Evidence
  • Secure Digital Evidence
  • Common Incident Handling Mistakes
  • Securing Digital Evidence Procedure
  • Chain of Custody
  • Potential Digital Evidence
  • Search and Seizure
  • Incident/Equipment Location
  • Available Response Resources
  • Securing Digital Evidence
  • Digital Evidence Presentation
  • The Best Evidence Rule
  • Duplication and Recordings, Evidence Law 

Module 13 – IP Terms and Concepts       

  • OSI – Application Layer
  • Devices Work at Different Layers
  • Network Devices – Gateway
  • Data Encapsulation
  • Protocols – ICMP
  • Dial-Up Protocol – SLIP
  • Dial-Up Protocol – PPP
  • WAN Technologies Are Circuit
  • or Packet Switched
  • Packets
  • Frame
  • Protocols – ICMP
  • Port and Protocol Relationship
  • Example Packet Sniffers
  • Tool: Wireshark
  • Tool: OmniPeek
  • Sniffer Detection using Cain & Abel
  • Network Protocol
  • Network Protocol
  • Protocols
  • UDP versus TCP
  • Port and Protocol Relationship
  • An Older Model
  • TCP/IP Suite
  • Traceroute Operation
  • Traceroute (cont.)
  • Other Traceroute Tools
  • IP
  • IP
  • Method: Ping 

Module 14 – Logging      

  • syslog
  • Events 

Module 15 – Malicious Software              

  • Malware
  • Types of Malware
  • Distributing Malware
  • Malware Capabilities
  • Auto Starting Malware
  • Countermeasure: Monitoring Auto-start Methods
  • Malicious Browser Content
  • Malware Defense Techniques
  • Spy Sweeper Enterprise
  • CM Tool: Port Monitoring Software
  • CM Tools: File Protection Software
  • CM Tool: Windows File Protection
  • CM Tool: Windows Software
  • Restriction Policies
  • Company Surveillance Software
  • CM Tool: Hardware-based Malware
  • Detectors
  • Countermeasure: User Education
  • Propagation Techniques
  • Trojan Horse Characteristics
  • Trojan Horses
  • Executable Wrappers
  • Benign EXE’s Historically Wrapped with Trojans
  • The Infectious CD-Rom Technique
  • Trojan: Backdoor.Zombam.B
  • Trojan: JPEG GDI+
  • All in One Remote Exploit
  • Advanced Trojans: Avoiding Detection
  • BPMTK
  • Virus Types
  • Types of Malware Cont…
  • Types of Viruses
  • Worm Characteristics 

Module 16 – Managing Security Policy  

  • Approach to Security Management
  • Policy Types
  • Policies with Different Goals
  • Industry Best Practice Standards
  • Components that Support the Security Policy
  • Senior Management’s Role in Security
  • Security Roles
  • Information Classification
  • Information Classification Criteria
  • Declassifying Information
  • Types of Classification Levels
  • Information Classification
  • Issue Specific Policy
  • Policy Assessment
  • Policy Benefits
  • Policy Development Tools
  • Security Posture and Culture 

Module 17 – Methods of Attack               

  • Enumeration Overview
  • DNS Enumeration
  • Backtrack DNS Enumeration
  • SNMP Enumeration Tools
  • SNMP Enumeration Countermeasures
  • Active Directory Enumeration
  • AD Enumeration countermeasures
  • Hacking Tool: RootKit
  • Windows RootKit Countermeasures
  • Advanced Trojans: Avoiding Detection
  • Benign EXE’s Historically Wrapped with Trojans
  • Google and Query Operators
  • Google (cont.)
  • SPUD: Google API Utility Tool
  • Goolag
  • Denial of Service
  • Denial of Service
  • Threat Methodologies (STRIDE)
  • DDoS Issues
  • DDoS
  • Buffer Overflow Definition
  • Overflow Illustration
  • Buffer OverFlows
  • Phishing
  • Spear Phishing
  • E-Mail Links
  • Logic Bomb
  • Duronio Case
  • Attacks
  • Man-in-the Middle
  • Replay Attack
  • SPAM and e-mail Flooding 

Module 18 – Mitnick-Shimomura                            

  • IP Address Spoofing
  • TCP
  • DoS 

Module 19 – Physical Security   

  • Physical Security
  • Physical Security Checklist
  • Physical Security Checklist
  • Items of Interest
  • Physical Controls
  • Physical Access
  • Tool Kit: Picks
  • Tool Kit: Snap Gun
  • Tool Kit: Electric Pick
  • Bump Keying
  • Lock Picking Countermeasures
  • Controlling Access
  • Agenda
  • Facility Attributes
  • Electrical Power
  • Problems with Steady Power Current
  • Power Interference
  • Power Preventive Measures
  • Fire Prevention
  • Automatic Detector Mechanisms
  • Fire Detection
  • Fire Types
  • Suppression Methods
  • Fire Suppression
  • Fire Extinguishers 

Module 20 – Risk Management & Security Frameworks

  • Overview
  • IT Governance Best Practices
  • IT Risk Management
  • Types of Risks
  • Risk Management
  • Information Security Risk Evaluation
  • Information Security Risk Evaluation
  • Improving Security Posture
  • Risk Evaluation Activities
  • Risk Assessment
  • Information Gathering
  • Information Gathering
  • Data Classification
  • Threats and Vulnerabilities
  • Analytical Methods
  • Evaluate Controls
  • Evaluate Controls
  • Risk Ratings
  • Important Risk Assessment Practices
  • Review
  • Security Incentives & Motivations
  • Security Incentives & Attack Motivations
  • Risk Management II
  • What is Your Weakest Link?
  • What Is the Value of an Asset?
  • Examples of Some Vulnerabilities that Are
  • Not Always Obvious
  • Categorizing Risks
  • Some Examples of Types of Losses
  • Different Approaches to Analyzing Risks
  • Who Uses What Analysis Type?
  • Qualitative Analysis Steps
  • Quantitative Analysis
  • Can a Purely Quantitative Analysis Be Accomplished?
  • Comparing Cost and Benefit
  • Cost of a Countermeasure
  • Security Frameworks & Compliance
  • ISO 27002
  • ISO 27002: Control Components
  • Review 

Module 21 – Security and Organizational Structure         

  • Capacity Analysis
  • Employee Discipline and Termination
  • Employee Performance
  • Employee Retention
  • Filling Positions
  • Conflicts of Interest               

Module 22 – Security Awareness             

  • Security Awareness Program
  • 4 steps
  • 3 Common Training Models
  • Security Awareness Goals
  • Role of metrics
  • Steps to develop a metrics program 

Module 23 – Steganography       

  • Crypto and Password Recovery Background
  • Steganalysis
  • Steganography Methods
  • Injection
  • Substitution
  • File Generation 

Module 24 – The Intelligent Network – Unified Threat Management (UTM)       

  • UTM product criteria
  • Firewalls, IDS and IPS
  • Firewall – First line of defense
  • IDS – Second line of defense
  • IPS – Last line of defense?
  • Firewalls
  • Firewall Types: (1) Packet Filtering
  • Firewall Types: (2) Proxy Firewalls
  • Firewall Types – Circuit-Level Proxy Firewall
  • DDoS Issues
  • HIPS
  • HIPS
  • Unified Threat Management
  • Unified Threat Management
  • Virtualization – Type 1
  • Type 1 Examples
  • Virtualization – Type 2
  • Type 2 Examples 

Module 25 – Network Infrastructure      

  • Wikto Web Assessment Tool
  • Agenda
  • Network Topologies – Physical Layer
  • Network Topologies – Mesh
  • Summary of Topologies
  • Wireless Technologies – War Driving
  • TCP Model
  • TCP/IP Suite
  • OSI Model
  • OSI – Application Layer
  • OSI – Presentation Layer
  • OSI – Session Layer
  • OSI – Transport Layer
  • OSI – Network Layer
  • OSI – Data Link
  • OSI – Physical Layer
  • Wide Area Network Technologies
  • Voice Over IP
  • VLAN
  • Network Segmentation 

Module 26 – Vulnerability Assessment – Outside View

  • Basic Hacker Process
  • Potential Threats, Vulnerabilities, & Risks
  • What is a Penetration Test
  • Types of Penetration Testing
  • Vulnerability Assessment vs Pentest
  • “Hacking-life-cycle” – a Methodology
  • Methodology for Penetration
  • Testing / Ethical Hacking
  • Hacker vs. Penetration Tester
  • Not Just Tools
  • Exploitation Tools vs. Vulnerability Scanners
  • Vulnerability Scanners
  • Nessus
  • Nessus Report
  • SAINT
  • SAINT – Sample Report
  • Tool: Retina
  • Qualys Guard
  • Tool: LANguard
  • Number of Exploitable Vulnerabilities from NVD Detected
  • Scan Process Best Practices
  • Inside, outside and user view
  • Manager’s Role in Remediation
  • Risks of non-Remediation
  • Pentesting in Vulnerability Management
  • Scanning Techniques
  • Threat Concerns
  • Threat Vectors
  • War Dialing 

Module 27 – Vulnerability Management – inside view 

  • Inside view, tools, approach
  • org
  • SP 800-40 Version 2.0 

Module 28- Vulnerability Management- User View       

  • Peer to Peer Networks
  • P2P Cautions
  • Instant Messaging
  • IM issues
  • Social engineering 

Module 29 – Web Communications        

  • CGI
  • Wikto Web Assessment Tool
  • OWASP Top 10 for 2010
  • Reflected Cross Site Scripting Illustrated
  • IIS Directory Traversal
  • Injection Flaws
  • SQL Injection
  • Cookies
  • HTTP
  • HTTPS
  • FTP

Module 30 – Wireless Advantages and Bluetooth            

  • Bluetooth Attacks
  • Cabir Infection
  • Bluetooth Defenses
  • Bluetooth & Wireless Comparison

Course Directory [training on all levels]

Upcoming Classes
Gain insight and ideas from students with different perspectives and experiences.

Interesting Reads Take a class with us and receive a book of your choosing for 50% off MSRP.