Course 6014: Network and Web Security Fundamentals

• Analyze your exposure to security threats and protect your organization's networks, systems, web and data
• Age risks emanating from inside the organization and from the Internet & extranets
• Protect network and web users from hostile applications and viruses
• Reduce your susceptibility to an attack by deploying firewalls, data encryption and decryption, and other countermeasures
• Identifying policies and administration, security architectures, policies and testing, security through policy and the security risks that need to be addressed in a security policy
• Identifying protection through encryption, authentication, transactional security
• Secure Web servers, communications and browsers
• and more...

• Network Security
• Security issues
• Protecting your organization
• Protecting your data
• Measuring security
• Systems vulnerabilities (UNIX, NT, and Windows)

Protection through Encryption

• Protecting information via encryption
• Network encryption
• Encryption algorithms
• Symmetric key encryption systems
• Public key encryption
• Attacks on encryption systems - cryptanalysis and brute force attacks

Protection through Authentication

• Authenticating clients and servers
• Authenticating data
• Public/private key authentication
• Digital signatures
• Certificate authorities

Transactional Security

• Network level security
• Secure Sockets Layer (SSL)
• Point-to-Point Tunneling Protocol (PPTP)
• Pretty Good Privacy (PGP)
• Secure Electronic Transactions (SET)

Security Protocols

• Point-to-Point Tunneling Protocol (PPTP)
• Establishing security associations

Security in the Real World

• Crackers and hackers
• Security and vendors
• System security risks
• Securing DNS servers
• Operating system security features
• Network security

Internet Protocol Security Issues

• TCP/IP and security
• DNS attacks

Introduction to Firewalls and Proxies

• What is a Firewall
• Firewall architecture
• Proxy servers
• Proxy Servers
• Firewalling and filtering
• Connection sharing
• Caching
• Firewall, Web browser and the real server
• Purposes Of The Proxy Server
• Proxy servers and caching Web pages
• HTTP Authentication
• Standard Port Numbers for proxy, SSL, HTTPS, (SSL) Tunneling

Server Security

• Servers and security
• Securing servers
• Web server security
• Internet service security
• Servers users and security

TCP/IP Security Issues

• TCP/IP and security
• DNS attacks

Enhancing Web Security

• Configuring user authentication on IIS, Netscape iPlanet and Apache
• Restricting access based on hostname/IP address
• Enabling and configuring logging
• Securing Web communications with SSL

Network Data Attacks

• Network security risks
• Network snooping and eavesdropping
• Network traffic analysis
• Replay attacks
• Denial of service attacks

Policies and Administration

• Security Architectures
• Building a secure architecture
• Internet firewalls

Policies and Testing

• Implementing an organizational security policy
• User policies
• Logging and auditing
• Intrusion detection
• Reacting to attacks
• Security audit tools

Introduction to Cryptography

• Protecting information via encryption
• Network encryption
• Encryption algorithms
• Symmetric key encryption systems
• Public key encryption