CIW Web Security Associate

The CIW Web Security Associate Course is divided into following lessons:

Lesson 1: What Is Security?

• Network Security Background
• What Is Security?
• Hacker Statistics
• The Myth of 100-Percent Security
• Attributes of an Effective Security Matrix
• What You Are Trying to Protect
• Who Is the Threat?
• Security Standards

Lesson 2: Elements of Security

• Security Elements and Mechanisms
• The Security Policy
• Determining Backups
• Encryption
• Authentication
• Specific Authentication Techniques
• Access Control
• Auditing
• Security Tradeoffs and Drawbacks

Lesson 3: Applied Encryption

• Reasons to Use Encryption
• Creating Trust Relationships
• Symmetric-Key Encryption
• Symmetric Algorithms
• Asymmetric-Key Encryption
• One-Way (Hash) Encryption
• Applied Encryption Processes
• Encryption Review

Lesson 4: Types of Attacks

• Network Attack Categories
• Brute-Force and Dictionary Attacks
• System Bugs and Back Doors
• Malware (Malicious Software)
• Social Engineering Attacks
• Denial-of-Service (DOS) Attacks
• Distributed Denial-of-Service (DDOS) Attacks
• Spoofing Attacks
• Scanning Attacks
• Man-in-the-Middle Attacks
• Bots and Botnets
• SQL Injection
• Auditing

Lesson 5: Recent Networking Vulnerability Considerations

• Networking Vulnerability Considerations
• Wireless Network Technologies and Security
• IEEE 802.11 Wireless Standards
• Wireless Networking Modes
• Wireless Application Protocol (WAP)
• Wireless Network Security Problems
• Wireless Network Security Solutions
• Site Surveys
• Convergence Networking and Security
• Web 2.0 Technologies
• Greynet Applications
• Vulnerabilities with Data at Rest
• Security Threats from Trusted Users
• Anonymous Downloads and Indiscriminate Link-Clicking

Lesson 6: General Security Principles

• Common Security Principles
• Be Paranoid
• You Must Have a Security Policy
• No System or Technique Stands Alone
• Minimize the Damage
• Deploy Companywide Enforcement
• Provide Training
• Use an Integrated Security Strategy
• Place Equipment According to Needs
• Identify Security Business Issues
• Consider Physical Security

Lesson 7: Protocol Layers and Security

• TCP/IP Security Introduction
• OSI Reference Model Review
• Data Encapsulation
• The TCP/IP Stack and the OSI Reference Model
• Link/Network Access Layer
• Network/Internet Layer
• Transport Layer
• Application Layer
• Protocol Analyzers

Lesson 8: Securing Resources

• TCP/IP Security Vulnerabilities
• Implementing Security
• Resources and Services
• Protecting TCP/IP Services
• Simple Mail Transfer Protocol (SMTP)
• Physical Security
• Testing Systems
• Security Testing Software
• Security and Repetition

Lesson 9: Firewalls and Virtual Private Networks

• Access Control Overview
• Definition and Description of a Firewall
• The Role of a Firewall
• Firewall Terminology
• Firewall Configuration Defaults
• Creating Packet Filter Rules
• Packet Filter Advantages and Disadvantages
• Configuring Proxy Servers
• URL Filtering
• Remote Access and Virtual Private Networks (VPNs)
• Public Key Infrastructure (PKI)

Lesson 10: Levels of Firewall Protection

• Designing a Firewall
• Types of Bastion Hosts
• Hardware Issues
• Common Firewall Designs
• Putting It All Together

Lesson 11: Detecting and Distracting Hackers

• Proactive Detection
• Distracting the Hacker
• Deterring the Hacker

Lesson 12: Incident Response

• Creating an Incident Response Policy
• Determining If an Attack Has Occurred
• Executing the Response Plan
• Analyzing and Learning