GIAC - Firebrand Training for GIAC Security Essentials | GSEC certification

Curriculum

802.11 Attacks & countermeasures

Different 802.11 protocols, common wireless attacks and how to prevent them.

Access Control Theory

The fundamental theory of access control.

Alternate Network Mapping Techniques

Network mapping techniques an attacker might use to examine wireless networks, and public switched telephony networks. You will also learn how to identify the basic penetration techniques at a high level.

Authentication and Password Management

The role of authentication controls, how they are managed, and the methods used to control access to systems.

Common Types of Attacks

Identify the most common attack methods, as well as the basic strategies used to mitigate those threats.

Contingency Planning

Critical aspect of contingency planning with a Business Continuity Plan (BCP) and Disaster Recover Plan (DRP).

Critical Security Controls

The background, history and purpose of the Critical Security Controls.

Crypto Concepts

Demonstrate a high-level understanding of the mathematical concepts which contribute to modern cryptography.

Crypto Fundamentals

Core concepts of cryptography and the three main algorithms.

Defense-in-Depth

The terminology and concepts of Risk and Defense-in-Depth, including threats and vulnerabilities.

DNS

High-level understanding of the Domain Name System architecture.

Firewalls

Fundamental understanding of firewalling technologies and techniques.

Honeypots

Basic honeypot techniques and common tools used to set up honeypots.

ICMP

The structure and purpose of ICMP, as well as the fields in a ICMP datagram header.

Incident Handling Fundamentals

The concepts of incident handling and the six-step incident handling process.

Information Warfare

Information warfare methods and defense.

Intrusion Detection Overview

Overall concepts of Intrusion Detection.

IP Packets

Build an understanding of how the IP protocol works.

IPS Overview

Demonstrate a high-level understanding of how IPS systems operate.

IPv6

Develop a high-level understanding of the IPv6 protocol.

Legal Aspects of Incident Handling

The basic legal issues in incident and evidence handling.

Linux/Unix Configuration Fundamentals

Linux/Unix fundamental configuration settings, including file permissions, user accounts, groups, and passwords, and commands used to display information and run backups.

Linux/Unix Logging and Log Management

Various logging capabilities and log file locations common to Linux operating systems.

Linux/Unix OS Security Tools and Utilities

How to use key security utilities and tools that are available for Linux/Unix systems, including file integrity, host firewalls, and applications such as SELinux.

Linux/Unix Overview

Different variants of Linux/Unix, the Linux file system, and important commands.

Linux/Unix Patch Management

Process of patch management, best practices, and common patch management tools and techniques for Linux/Unix systems.

Linux/Unix Process and Service Management

How to manage Linux/Unix processes, run levels, and services, and best practices for common processes and services.

Mitnick-Shimomura

Details of the famous Mitnick-Shimomura attack, as well as what we can learn from this attack to appropriately protect our networks today against these vulnerabilities. You will also demonstrate an understanding of the strategies that would have prevented the Mitnick attack.

Network Addressing

Essentials of IP addressing, subnets, CIDR and netmasks.

Network Fundamentals

Basic network hardware, topologies and, architectures.

Network Mapping and Scanning

The common tools attackers use to scan systems and the techniques used to create a network map.

Network Protocol

Properties and functions of network protocols and network protocol stacks.

Policy Framework

Purpose and components of policy.

Protecting Data at Rest

Functionality of PGP cryptosystems and how they operate.

Public Key Infrastructure PKI

How PKI works and the key components for managing keys.

Reading Packets

How to decode a packet from hexadecimal output.

Risk Management

Terminology and basic approaches to Risk Management.

Securing Windows Server Services

Basic measures in securing Windows IIS, SQL, and Terminal Servers.

Steganography Overview

The different methods of steganography, as well as some of the common tools used to hide data with steganography.

TCP

The structure and purpose of TCP, as well as the fields in a TCP datagram header.

UDP

The structure and purpose of UDP, as well as the fields in a UDP datagram header.

Virtual Private Networks VPNs

Build a high-level understanding of VPNs and identify IPSec and non-IPSec protocols used for VPN communications.

Viruses and Malicious Code

You will demonstrate an understanding of what malicious code is, how it propagates and why it is such an expensive problem. Additionally, you will demonstrate an understanding of the attack vectors leveraged by recent malicious code attacks.

Vulnerability Management Overview

Demonstrate the ability to perform reconnaissance and resource protection to manage vulnerabilities, and address threats and vectors.

Vulnerability Scanning

How data generated from a port scanner like nmap, and vulnerability assessment tools like nessus can be used to examine systems, ports and applications in more depth to secure an environment.

Web Application Security

Build an understanding of web application security and common vulnerabilities including CGI, cookies, SSL and active content.

Windows Auditing

The techniques and technologies used to audit Windows hosts.

Windows Automation and Configuration

The techniques and technologies used to automate configuration.

Windows Network Security Overview

Basic measures in securing a Windows host, including managing services and VPNs.

Windows Permissions & User Rights

How permissions are applied in the Windows NT File System, Shared Folder, Encrypting File System, Printer, Registry Key, Active Directory, and how User Rights are applied.

Windows Security Templates & Group Policy

The features and functionality of Group Policy and best practices for locking down systems.

Windows Service Packs, Hotfixes and Backups

How to manage Windows Service Packs and Hotfixes, as well as backups and restoration for a network of Windows hosts.

Windows Workgroups, Active Directory and Group Policy Overview

Basic security infrastructure of local accounts, workgroups, Active Directory and Group Policy.

Wireless Overview

Build a fundamental understanding of wireless technologies including Bluetooth and Zigbee.