Module 1: Situational Awareness 1-13 Business Situational Awareness 1-14 Business Situational Awareness - Tenet Nosce Know Thyself

1-18 Business Situational Awareness - Positional and Personal Authority 1-20 Business Situational Awareness - How to Budget Time 1-23 Business Situational Awareness - How to Budget Employee's Time 1-27 Business Situational Awareness - Budget Structure 1-30 Business Situational Awareness - IT Department Budgets 1-32 Business Situational Awareness - Situational Awareness Summary 1-36 Project Management For Security Leaders 1-40 Project Management - Initiation 1-42 Project Management - Scope 1-44 Project Management - Develop 1-46 Project Management - Scheduling 1-49 Project Management - Execution 1-50 Project Management - Monitoring, Controlling, Conflict 1-51 Project Management - Closing Out the Project 1-53 Project Management - PMO - Project Management Office 1-54 Module 2: The Network Infrastructure 1-59 Network Infrastructure 1-60 Network Infrastructure - OSI vs. TCP/IP 1-62 Network Infrastructure -OSI Model 1-62 Network Infrastructure -Network Components 1-63 Network Infrastructure -Hubs 1-63 Network Infrastructure -Bridges/Switches 1-64 Network Infrastructure -Attacks on Layer 2 Switches 1-64 Network Infrastructure -Spanning Tree Protocol 1-65 Network Infrastructure -Dynamic Host Configuration Protocol 1-65 Network Infrastructure -Router 1-67 Network Infrastructure -Network Attached Storage (NAS) 1-67 Network Infrastructure -VLANs 1-69 Network Infrastructure -Segmenting Your Internal Network 1-71 Network Infrastructure -Management Application - Network Partitions 1-73 Network Infrastructure -Physical and Logical Topologies 1-75 Network Infrastructure -Bus Topology 1-75 Network Infrastructure -Ring Topology 1-76 Network Infrastructure -Star Topology 1-76 Network Infrastructure -Ethernet 1-80 Network Infrastructure -Token Ring and FDDI 1-82 Network Infrastructure -Asynchronous Transfer Mode (ATM) 1-85 Network Infrastructure -Permanent Virtual Circuit (PVC) 1-86 Network Infrastructure -Switched Virtual Circuit (SVC) 1-86 Network Infrastructure -WAN Access Technologies 1-87 Network Infrastructure -VoIP Overview for Managers 1-88 Network Infrastructure -VoIP Components& Protocols 1-91 Network Infrastructure -VoIP Threats & Security 1-93 Network Infrastructure -Management Application - Questions to ask about Networks 1-96 Module 3: Computer and Network Addressing 1-101 Computing & Network Addressing - Frame and Packet Address (MAC=48 bits) -104 1 Computing & Network Addressing - MACs and OUIs 1-105 Computing & Network Addressing - The IP Address 1-105 Computing & Network Addressing - Rogue Wireless Access Points 1-107

Computing & Network Addressing - ARP Attacks 1-107 Computing & Network Addressing - Classles Internet Domain Routing - CIDR 1-109 Computing & Network Addressing - Determine the Network and the Host 1-111 Computing & Network Addressing - Broadcast Address 1-114 Computing & Network Addressing - Private Address 1-116 Computing & Network Addressing - Domain Name System (DNS) 1-118 Computing & Network Addressing - Static Host Tables 1-119 Computing & Network Addressing - DNS 1-121 Computing & Network Addressing - DNS - Queries 1-123 Computing & Network Addressing - DNS - Attacks 1-126 Computing & Network Addressing - DNS - Cache Poisoning 1-127 Computing & Network Addressing - DNS - Domain Hijacking 1-128 Computing & Network Addressing - DNS - Protecting 1-130 Module 4: IP Terminology and Concepts 1-135 IP Terminology and Concepts - Network Protocol - What is 1-137 IP Terminology and Concepts - TCP/IP Packets and Frames 1-139 IP Terminology and Concepts - Preamble 1-140 IP Terminology and Concepts - IP - Internet Protocol 1-142 IP Terminology and Concepts - How to Determine the Protocol 1-143 IP Terminology and Concepts - IP - Header Identified Protocol 1-144 IP Terminology and Concepts - IP Header Identifies Protocol 1-146 IP Terminology and Concepts - IP Header Key Fields 1-148 IP Terminology and Concepts - Protocol - 8 1-148 IP Terminology and Concepts - Time-to-Live TTL 1-149 IP Terminology and Concepts - Fragment Offset - 16 bits 1-149 IP Terminology and Concepts - UDP & TCP Ports 1-152 IP Terminology and Concepts - UDP Header 1-156 IP Terminology and Concepts - TCP - The Transmission Control Protocol 1-161 IP Terminology and Concepts - TCP Header 1-162 IP Terminology and Concepts - TCP Code Bits 1-164 IP Terminology and Concepts - Establishing a TCP Connection 1-166 IP Terminology and Concepts - TCP Session Open and Close 1-168 IP Terminology and Concepts - TCP Error Checking 1-169 IP Terminology and Concepts - TCP Timeouts 1-170 IP Terminology and Concepts - TCP And UDP Differences 1-171 IP Terminology and Concepts - ICMP 1-172 IP Terminology and Concepts - PING 1-174 IP Terminology and Concepts - UNIX and Windows Traceroute 1-176 IP Terminology and Concepts - Traceroute 1-178 IP Terminology and Concepts - Application Layer Security Protocol 1-179 IP Terminology and Concepts - Sniffer - What is 1-182 IP Terminology and Concepts - Reading Packets 1-185 IP Terminology and Concepts - Field OFFSET offset 0 1-185 IP Terminology and Concepts - What are the first 3 fields in a packet 1-188 IP Terminology and Concepts - What are the next 3 fields in a packet 1-190 IP Terminology and Concepts - Decoding an IP Header 1-192 IP Terminology and Concepts - What protocol is this packet and where does the protocol layer start 1-194 IP Terminology and Concepts - Decoding a TCP Header 1-196 IP Terminology and Concepts - TCP/IP & TCP Dump pocket reference guide 1-198 IP Terminology and Concepts - Reading Packets Summary 1-199 Module 5: Offensive Vulnerability Scanning 1-207 Offensive Vulnerability Scanning - 5 VM Management Axioms 1-208

Offensive Vulnerability Scanning - Primary Threat Concerns 1-209 Offensive Vulnerability Scanning - Threat Concerns 1-212 Offensive Vulnerability Scanning - Hping v3.0 - Spoofing Port Scanner 1-214 Offensive Vulnerability Scanning - p0f - Passive OS Detection 1-216 Offensive Vulnerability Scanning - Phone Scanning 1-218 Offensive Vulnerability Scanning - PhoneSweep 1-219 Offensive Vulnerability Scanning - TCP/IP Based Scanner Techniques 1-221 Offensive Vulnerability Scanning - Basic port/ip scanners 1-223 Offensive Vulnerability Scanning - Stealth/spoofing scanners 1-223 Offensive Vulnerability Scanning - OS Fingerprinting 1-223 Advance Reconnaissance and Vulnerability Scanning 1-225 Advance Reconnaissance and Vulnerability Scanning - Social Engineering 1-227 Advance Reconnaissance and Vulnerability Scanning - Social Engineering - Defense 1-229 Advance Reconnaissance and Vulnerability Scanning - Fire on Your Posisition1-230 Advance Reconnaissance and Vulnerability Scanning - P2P - Firewall Subversion 1-231 Advance Reconnaissance and Vulnerability Scanning - KaZaA Firewall Subversion 1-231 Advance Reconnaissance and Vulnerability Scanning - Instant Messengers 1-234 Advance Reconnaissance and Vulnerability Scanning - Gathering Data 1-237 Advance Reconnaissance and Vulnerability Scanning - P2P and IM Controls 1-238 Advance Reconnaissance and Vulnerability Scanning - Vulnerablility Scanners1-240 Advance Reconnaissance and Vulnerability Scanning - How to do a Vulnerability Scan 1-242 Advance Reconnaissance and Vulnerability Scanning - Nmap and Nessus, the outside view 1-248 Advance Reconnaissance and Vulnerability Scanning - Metasploit 1-251 Advance Reconnaissance and Vulnerability Scanning - Pen Test Techniques 1-253 Advance Reconnaissance and Vulnerability Scanning - Management Application - Scanning Tools 1-255 Advance Reconnaissance and Vulnerability Scanning - Vulnerablility Assessment 1-257 Advance Reconnaissance and Vulnerability Scanning - Operating System Analysis - Inside View 1-258 Advance Reconnaissance and Vulnerability Scanning - CISecurity.org 1-261 Summary of Module 5 1-263 Module 6: Managing Safety, Physical Security and the Procurement 1-269 Management Application Safety - Safety and the Computer Security Manager 1-270 Management Application Safety -Hurricane Katrina Illustrates 1-274 Management Application Safety -Smoke and Fire 1-275 Management Application Safety -Leadership and Evacuation 1-279 Management Application Safety -Richard Rescorla - Case Study 1-279 Management Application Safety -Why Evacuation Matters 1-280 Management Application Safety -Building Evacuation and Exit Plan (BEEP) 1-281 Management Application Safety -Safety Walkthrough 1-286 Management Application Safety -Physical Security - Managing 1-288 Management Application Safety -Physical Security - Locks 1-294 Management Application Safety -Physical Security - Intruder Detection 1-298 Management Application Safety -Physical Security - Resistance to Explosive 1-303 Management Application Safety -Physical Security - Power and Cooling 1-305 Management Application Safety -Physical Security - Current 1-306 Management Application Safety -Physical Security - Power to the Datacenter 1-308 Management Application Safety -Physical Security - Cooling Basics 1-310 Management Application Safety -Power and Cooling Summary 1-314 Management Application Safety -Safety and PHYSSEC Summary 1-315 Managing the Procurement Process 1-318 Managing the Procurement Process - Procurement - SWOT 1-319 Managing the Procurement Process -Procurement - Vendor and Product Selection 1-320 Managing the Procurement Process -Procurement - Price and Value 1-325

Managing the Procurement Process Managing the Procurement Process Managing the Procurement Process Managing the Procurement Process Managing the Procurement Process

-Procurement - The Secret Life of a Salesperson 1-326 -Procurement - Analytical Hierarchy Process 1-331 -Procurement - Analytical Hieracy Process Summary 1-337 -Procurement - Vendor Selection Summary 1-339 -Procurement - RFP 1-340

512.2 Defense-In-Depth Module 7 - Attacks Against the Enterprise 2-10 Mitnick-Shimomura 2-11 Mitnick-Shimomura - When Toads Attack 2-13 Mitnick-Shimomura - BadGuy Finger 2-15 Mitnick-Shimomura - RPC Information 2-17 Mitnick-Shimomura - Tracing the Trust 2-17 Mitnick-Shimomura - Silence B with DoS 2-18 Mitnick-Shimomura - Phase 2 Cutting Phone Lines 2-18 Mitnick-Shimomura - Attacker Probes Weakness TCP Stack 2-21 Mitnick-Shimomura - Phase 3 Analyzing the Lock 2-21 Mitnick-Shimomura - Attacker Pretends to be B 2-24 Mitnick-Shimomura - Phase 4: Picking the Lock 2-24 Mitnick-Simomura - Make A Defenseless 2-25 Mitnick-Simomura - Finish the Job 2-26 Methods of Attacks 2-29 Methods of Attacks - Malicious Code 2-31 Methods of Attacks - Trojan Horses 2-31 Methods of Attacks - Logic Bombs 2-31 Methods of Attacks - Rober Duronio 2-32 Methods of Attacks - Trap Doors 2-32 Methods of Attacks - DEBUG mode Sendmail 2-33 Methods of Attacks - Defending against logic bombs -Chey Cobb 2-34 Methods of Attacks - DoS Denial of Service 2-35 Methods of Attacks - Disruption of configuration information 2-37 Methods of Attacks - Satellites Vulnerable to Hackers 2-39 Methods of Attacks - Ministry of Denfence Satellite 2-39 Methods of Attacks - Double Illumination 2-41 Methods of Attacks - Tamil Rebels Hijack US Satellite 2-41 Methods of Attacks - Exfiltration, MITM, Replay 2-43 Methods of Attacks - Extrusion Detection 2-43 Methods of Attacks - Layer 3 Monitoring 2-44 Methods of Attacks - Man-in-the-Middle 2-45 Methods of Attacks - Physical Attacks 2-49 Methods of Attacks - Physical Security Protection 2-50 Methods of Attacks - Laptop/Desktop Protection 2-50 Methods of Attacks - Ring Approach to Physical Security Defense in Depth -50 2 Methods of Attacks - Basic Input/Output System (BIOS) 2-51 Methods of Attacks - Buffer Overflows 2-53 Methods of Attacks - Buffer Overflows Code Example 2-55 Methods of Attacks - Buffer Overflows Concepts 2-56 Methods of Attacks - Flooding and Spam 2-58 Methods of Attacks - SPAM Management 2-59 Methods of Attacks - Flooding Attacks 2-60 Methods of Attacks - Spear Phishing 2-62 Methods of Attacks - Remote Maintenance 2-64 Methods of Attacks - HTTP Tunnels 2-66 Methods of Attacks - Default Passwords and Backdoors 2-67 Methods of Attacks - Zotob 2-68 Methods of Attacks - MySpooler 2-68 Methods of Attacks - Cisco Wireless Location 2-68 Methods of Attacks - Race Conditions 2-70 Methods of Attacks - Interrupts 2-73 Methods of Attacks - Browsing and Enumeration 2-75 Methods of Attacks - RPCinfo 2-76 Methods of Attacks - Finger 2-77 Methods of Attacks - Traffic Analysis 2-80

512.2 Defense-In-Depth Methods of Attacks - Alteration of Code Methods of Attacks - Rootkits Methods of Attacks - Interrupt Attacks Methods of Attacks - Sony DRM Intelligent Network Intelligent Network - Performance and Perimeter Protection Intelligent Network - Unified Threat Management Security Devices Intelligent Network -Process of Troubleshooting Intelligent Network -Firewall Shortcomings and the Default Rule Intelligent Network -Firewall Rule-base Auditing Intelligent Network -Type of Firewalls Intelligent Network -Packet Filter Intelligent Network -Fooling Packet Filters Intelligent Network -Proxy or Application Gateway Intelligent Network -Adaptive Security Appliance Intelligent Network -Circuit Firewalls Intelligent Network -Ingress/Egress Filtering Intelligent Network -Telework and the Intelligent Network Intelligent Network -IDS/IPS Technology Intelligent Network -IDS Alerts Intelligent Network -NIDS Overview Intelligent Network -Signaure Analysis Works - How Intelligent Network -Rules and Signature Criteria Intelligent Network -How Anomaly Analysis Works Intelligent Network -How Application/Protocol Analysis Works Intelligent Network -Deep Packet Inspection Intelligent Network -Shallow Packet Inspection Intelligent Network -Data Normalization Intelligent Network -NIDS Challenges Intelligent Network -Topology Limitations Intelligent Network -Spanning Ports Intelligent Network -Network Taps Intelligent Network -NIDS Cost Intelligent Network -Snort as a NIDS Intelligent Network -Snort Rules - Writing Intelligent Network -Snort Rules - Simple Intelligent Network -Snort Rule - Advance Intelligent Network -NIDS - Managing Intelligent Network -Content Monitoring Systems Intelligent Network -IPS - What is Intelligent Network -File Integrity Checking Works - How Intelligent Network -Log Monitoring Works - How Intelligent Network -Log Monitoring - Inclusive Analysis Intelligent Network -Log Monitoring - Exclusive Analysis Intelligent Network -Tripwire Intelligent Network -Tripwire Threat List Intelligent Network -Tripwire Example Intelligent Network -Internet Storm Center Intelligent Network -HIPS Detail Intelligent Network -File Integrity, Network & Application Behavior Intelligent Network -HIPS Advantages & Challenges Intelligent Network -HIPS Challenges Intelligent Network -HIPS Recommendations Intelligent Network -NIPS Intelligent Network -NIPS - Passive Analysis Intelligent Network -NIPS Challenges 2-82 2-84 2-85 2-88 2-88 2-90 2-92 2-100 2-102 2-103 2-105 2-105 2-105 2-106 2-107 2-107 2-108 2-110 2-112 2-114 2-116 2-117 2-118 2-120 2-121 2-122 2-121 2-123 2-125 2-126 2-126 2-127 2-128 2-130 2-132 2-134 2-135 2-136 2-138 2-139 2-142 2-143 2-143 2-144 2-136 2-147 2-148 2-149 2-150 2-151 2-153 2-153 2-155 2-157 2-160 2-161

512.2 Defense-In-Depth Intelligent Network -NIPS Recommendation 2-164 Intelligent Network -IDS/IPS Summary 2-166 Inteligent Network Summary (SIM/SIEM) 2-169 Module 8: Defense-In-Depth 2-173 Defense In Depth - Security is Risk - Focus of 2-174 Defense-In-Depth- Security - Confidentiality, Integrity and Availability 2-175 Defense-In-Depth - Prioritizing CIA 2-177 Defense-In-Depth -Threat - What is a 2-178 Defense-In-Depth -Threat - In Defense in Depth 2-180 Defense-In-Depth -Attack Surface 2-183 Defense-In-Depth -Software Attack Surface 2-184 Defense-In-Depth -Network Attack Surface 2-184 Defense-In-Depth -Human Attack Surface 2-185 Defense-In-Depth -DiD - Approaches to (Defense in Depth) 2-186 Defense-In-Depth -DiD - Uniform Protection 2-191 Defense-In-Depth -DiD - Protected Enclaves 2-193 Defense-In-Depth -DiD - Information Centric 2-195 Defense-In-Depth -DiD - Vector Oriented 2-198 Defense-In-Depth -Role-Based Access Control 2-200 Change Management & Security 2-204 Change Management & Security - Signature of Error in Change 2-205 Change Management & Security - Intentional Change 2-207 Change Management & Security - Separation of Duties 2-208 Change Management & Security - Separation of Duties - Purchasing Model 2-209 Change Management & Security - Separation of Duties - Development 2-209 Change Management & Security - Separation of Duties - Staging 2-209 Change Management & Security - Separation of Duties - Production 2-210 Change Management & Security - Indicators of Change Management Problems 2-211 Change Management & Security - Snowflakes as an Indicator 2-213 Change Management & Security - Best in Class Ops and Security 2-214 Change Management & Security - MITRE Computer Networking Infrastructure Survey 2-216 Change Management & Security - Tenets - Six Configuration Management 2-217 Change Management & Security - Tenets - Hardening Systems 2-217 Change Management & Security - Tenets - Develop Repeatable Builds 2-218 Change Management & Security - Tenets - Implement Change Control 2-219 Change Management & Security - Tenets - Audit Change Control 2-219 Change Management & Security - Tenets - Don't Troubleshoot 2-219 Change Management & Security - Tenets - Reengineer the Frailest box first 2-219 Change Management & Security - 10 Steps to Improvement 2-221 Change Management & Security - Reevaluating Incident Handling Responsibilities 2-225 Change Management & Security - Summary Change Management and Security 2-226 Malicious Software/Objectives 2-230-231 Malicious Software - Taxonomy 2-232 Malicious Mobile Code Malicious Software - Virus 2-233 Parasite can't exist by self Malicious Software - Modifying Program Files 2-234 Malicious Software - Macro 2-234 Malicious Software - COM Program Infectors 2-235 Malicious Software - EXE Program Infectors 2-236 Malicious Software - Virus and Hoax Information 2-237 Malicious Software - Worms 2-239 Self replicating Malicious Software - Morris Worms 2-242 fingerd sendmail Malicious Software - Other Unix or Linux Worms 2-244 Ramen Malicious Software - Lion 2-244 Malicious Software - Melissa Virus 2-245 macro virus Malicious Software - SQL Slammer 2-247 UDP port 1434 / small 404 bytes Malicious Software - Sasser/Netsky Worms 2-249

512.2 Defense-In-Depth Malicious Software - Worms less of a problem today (we think) 2-251 Malicious Software - Trojans 2-252 Dirext action; backdoor rootkit Malicious Software - Malicious Browser 2-254 Malicious Software -Download.ject 2-255 Malicious Software -Hybrid Threats 2-257 Malicious Software -Propagation Techniques 2-261 Malicious Software -Propagation Techniques - Removable Media 2-261 Malicious Software -Propagation Techniques - E-mail 2-262 Malicious Software -Propagation Techniques - Web Browsing 2-263 Malicious Software -Propagation Techniques - Network Vulnerabilities 2-263 Malicious Software -Propagation Techniques - Instant Messaging 2-264 Malicious Software -Propagation Techniques - Peer-to-Peer Networks 2-265 Malicious Software -Malware Defense Techniques 2-266 Scanners /Act monitors Malicious Software -Malware - Management Application 2-270 Malicious Software -Malware - Mitigating 2-272 Malicious Software -Malware Summary 2-274 Security Tools Selection 2-278 Security Tools Selection - Goal Oriented Approach 2-280 Security Tools Selection - Research Security Tools & Vendors 2-284 Security Tools Selection - Product Support & Outsourcing 2-286 Security Tools Selection - Cost Conscious Choice 2-288 Security Tools Selection - Crosscheck Before Purchase 2-289 Security Tools Selection - Implementation 2-290 Defense-In-Depth Summary 2-292 Module 9: Managing Security Policy 2-298 Managing Security Policy - Policy Protects Organization 2-299 Managing Security Policy - Security Policy Protects People 2-300- 302 Managing Security Policy - Policy Protect Information 2-303 Managing Security Policy - Standard Guidelines & Framework 2-305 Managing Security Policy - Mission Statement 2-306 Managing Security Policy - Security Posture 2-308 Managing Security Policy - Security Documentation Baseline 2-311 Managing Security Policy - Structure for Issue & System 2-314 Managing Security Policy - Issue Specific Policies 2-317 Managing Security Policy - Unwritten or Missing Policies 2-319 Managing Security Policy - Firewall Rules Implies a Policy 2-320 Managing Security Policy - Policy Statement or Body 2-324 Managing Security Policy - SMART 2-325 Managing Security Policy - OODA 2-328 Managing Security Policy - OODA - Risk 2-329 Managing Security Policy - OODA - www.warroom.com 2-330 Managing Security Policy - OODA - Compliance State the Issue 2-331 Managing Security Policy - OODA - Position 2-332 Managing Security Policy - OODA - AUP Bullet Points 2-334 Managing Security Policy - OODA - Compliance/Penalties 2-335 Managing Security Policy - OODA - AUP Policy Approval 2-336 Managing Security Policy - OODA - Non-Disclosure Agreement 2-338 Managing Security Policy - OODA - NDA Protect Both Parties 2-339 Module 10: Access Control and Password Management 2-344 Access Control - Identity, Authentication, Authorization & Accountability 2-345 Access Control - Controlling Access 2-347 Access Control - Key Terms & Principles 2-350 Access Control - Access Control Models 2-351 Access Control - Mandatory Access Control (MAC) 2-352 Access Control - Role Based Access Control (RBAC) 2-352 Access Control - Rule Set Based Access Control (RSBAC) 2-352

512.2 Defense-In-Depth Access Control - Network Access Control (NAC) 2-353 Access Control - Auditing Access 2-353 Access Control - Managing Access 2-356 Access Control - Managing Separation of Duties 2-359 Access Control - Protocols and Centralized Control 2-360 Access Control - LDAP 2-362 Access Control - IEEE 802.1x 2-363 Access Control - Radious UPD port 1812 2-366 Access Control - Access Control Biometrics 3-368 Access Control - Password in Access Control 2-372 Access Control - Reversible & Irreversible Encryption 2-373 Access Control - Collision and Pre-Imagine Attacks 2-374 Access Control - Access Control: Password 2-376 Access Control - Password File 2-376 Access Control - Password Cracking 2-377 Access Control - Password Storage 2-378 Access Control - Password Hash - Strength 2-379 Access Control - LMHASH 2-381 Access Control - Brute Force Cracking Speed 2-383 Access Control - Password Assessment - Methods 2-384 Access Control - Dictionary Attack 2-387 Access Control - Hybid Attack 2-387 Access Control - Brute Force Attack 2-387 Access Control - Pre-Computation Attack 2-387 Access Control - Cracking Motivation 2-388 Access Control - John Ripper vs. Linux MD5 Password File 2-389 Access Control - Wordlist Mode 2-390 Access Control - Single Crack Mode 2-390 Access Control - Incremental Mode 2-390 Access Control - External Mode 2-390 Access Control - Cracking Windows Passwords 2-390 Access Control - Cracking Unix Passwords 2-391 Access Control - Cracking Read Hat Password File 2-391 Access Control - Rainbow Tables 2-392 Access Control - Fighting Pre-Computation Attacks 2-393 Access Control - Winrtgen 2-394 Access Control - Cain & Abel 2-396 Access Control - One-Time Password 2-399 Access Control - Enforce Strong Password 2-401 Access Control - Management Application - Passwords 2-403 Access Control - Summary of Access Control 2-405 Module 11: Web Communications and Security 2-412 Web Communications and Security Web Communications 101 2-414 Web Communications and Security - Hypertext Transfer Protocol 2-414 Web Communications and Security - HTTP Basics 2-415 Web Communications and Security - HTTP Transactions 2-415 Web Communications and Security - File Transfer (FTP) Protocol 2-418 Web Communications and Security - Secure File Transfer Protocol SFTP 2-418 Web Communications and Security - SSL-TLS 2-421 Web Communications and Security - HTML Security 2-423 Web Communications and Security - Directory Traversal 2-425 Web Communications and Security - CGI 2-427 Web Communications and Security - CGI Methods 2-429 Web Communications and Security - Cookies 2-431 Web Communications and Security - Non-Persistent Cookie 2-433 Web Communications and Security - Cross Site Scripting 2-436

PAP CHAP

Unauth disclosure, modification & removal

512.2 Defense-In-Depth Web Communications and Security - Java 2-438 Web Communications and Security - Active Content 2-441 Web Communications and Security - ActiveX 2-444 Web Communications and Security - Tools for Cracking WWW Apps 2-448 Web Communications and Security - Brutus 2-449 Web Communications and Security - Achilies 2-449 Web Communications and Security - Libwhisker 2-450 Web Communications and Security - Nikto 2-451 Web Communications and Security - How are Sessions Tracked 2-452 Web Communications and Security - URLs Hidden Form Elements 2-454 Web Communications and Security - Hacking Session Info 2-456 Web Communications and Security - SQL Injection 2-459 Web Communications and Security - Web Application - Defense 2-461 Web Communications and Security - Web Application Service Providers2-462 Web Communications and Security - Always Validate User Input 2-464 Web Communications and Security - Simple Object Access Protocol (SOAP) 2-468 Web Communications and Security - XML Gateway 2-474 Web Communications and Security - UDDI 2-480 Web Communications and Security Summary 2-482

512.3 Secure Communications Module 12: Encryption 101 Cryptography Fundamentals - Cryptography - What is Cryptography Fundamentals - Cryptography - Milestones Cryptography Fundamentals - Cryptography - Secret Decoder Rings Cryptography Fundamentals - Why Managers Care About Crypto Cryptography Fundamentals - Security by Obsurity is no Security Cryptography Fundamentals - Beware of Overconfidence Cryptography Fundamentals - Credit Cards Over the Internet Cryptography Fundamentals - Management High Level Goals of Cryptography Cryptography Fundamentals - Digital Substitution Cryptography Fundamentals - General Encryption Techniques Cryptography Fundamentals - Rotation Substitution Cryptography Fundamentals - Permutation Cryptography Fundamentals - Ways to Encrypt Data Cryptography Fundamentals - Stream Ciphers Cryptography Fundamentals - Block Ciphers General Types of Cyptosystems - Cryptosystems - Type of General Types of Cryptosystems - Symmetric Key General Types of Cryptosystems - Asymmetric Key General Types of Cryptosystems - Hash Functions General Types of Cryptosystems - Management High Level Goals of Cryptography General Types of Cryptosystems- Authentication General Types of Cyptosystems - Message Integrity General Types of Cryptosystems - Non-Repudiation General Types of Cryptosystems - Privacy/Confidentiality General Types of Cryptosystems - E-mail and Confidentiality General Types of Cryptosystems- Instant Messaging and Confidentiality General Types of Cryptosystems - Long Term Storage and Confidentiality General Types of Cryptosystems - Key and Key Passphrase Legal Protection General Types of Cryptosystems - Secure Socket Layer (SSL) General Types of Cryptosystems - 3DES General Types of Cryptosystems - AES General Types of Cryptosystems - SSL Module 13: Encryption 102 Cryptography - Concepts Cryptography - DES Cryptography - 2 DES Cryptography - AES Cryptography - AES Algorithm Cryptography - AES Basic Functions Cryptography - RSA Cryptography - Generaing RSA Keys Cryptography - RSA vs. DES Cryptography - Quantum Computing & Cryptography Cryptography - Elliptic Curve Cryptosystem Cryptography - Practical ECC Considerations Cryptography - Crypto Attacks Cryptography - Cipher Attacks Cryptography - Birthday Attack Cryptography - Summary Module 14: Applying Cryptography Cryptography Applications - Bruce Schneiser Advice Cryptography Applications -Encryption Cryptography Applications -Confidentiality in Transit Cryptography Applications - Remote Access Server Cryptography Applications - Types of Remote Access 3-19 3-11 3-13 3-14 3-17 3-19 3-21 3-23 3-25 3-27 3-31 3-33 3-35 3-36 3-37 3-38 3-42 3-43 3-45 3-48 3-51 3-51 3-51 3-52 3-52 3-53 3-54 3-55 3-56 3-58 3-59 3-59 3-59 3-66 3-68 3-74 3-77 3-78 3-80 3-81 3-82 3-84 3-85 3-86 3-90 3-93 3-95 3-95 3-96 3-97 3-102 3-103 3-104 3-107 3-108 3-110

512.3 Secure Communications Cryptography Applications -SSL VPNs Cryptography Applications -SSH Cryptography Applications -SSH Dumps Cryptography Applications -VPN - System Components Cryptography Applications -VPN - Security Implications Cryptography Applications -IPSEC - Overview Cryptography Applications - Types of IPSec Headers Cryptography Applications - IPSEC - ESP Cryptography Applications - Type of IPSEC mode Cryptography Applications -IPSEC - Tunnel Mode and ESP Cryptography Applications -IPSEC - IKE Cryptography Applications -IPSEC - Examples of IPSEC Encryption Cryptography Applications -IPSEC - Key Management Cryptography Applications -IPSEC - Non IPSec VPNs Cryptography Applications -IPSEC - L2TP Cryptography Applications -IPSEC - Point to Point Protocol (PPP) Cryptography Applications -IPSEC - PPP Dumps Cryptography Applications -IPSEC - Socks Cryptography Applications -IPSEC - Socks Dumps PGP and PKI PGP and PKI - Managing PGP PGP and PKI - Web of Trust PGP and PKI - Certificate and Signature Revocation PGP and PKI - Establishing a Key PGP and PKI - Digital Signaures PGP and PKI - Key Management PGP and PKI - Chosing a Passphase PGP and PKI - Distributing Your Public Key PGP and PKI - Digital Certificate PGP and PKI - Your Key Ring PGP and PKI - Adding Keys PGP and PKI - Encrypting Outbound E-Mail PGP and PKI - Decrypting Inbound E-Mail PGP and PKI - Signing Oubound E-Mail PGP and PKI - Confirming a Signed E-Mail PGP and PKI - Components PGP and PKI - Certificate Authority PGP and PKI -Key Management and Certficate Lifecycles PGP and PKI - Problems with PKI PGP and PKI - Trusted Platform Module (TPM) Applying Cryptography: Summary Module 15: Wireless Network Security Wireless - Objective, Popularity and Usage Wireless - Advantages and Bluetooth Wireless - Advantages and Bluetooth - Bluetooth Wireless - Advantages and Bluetooth - Bluetooth Security Wireless - Advantages and Bluetooth - Bluetooth Discovery Mode Wireless - Advantages and Bluetooth - Bluetooth Attacks Wireless - Advantages and Bluetooth - Bluetooth Sniffing Wireless - Advantages and Bluetooth - Protecting Bluetooth 802.11 802.11 - WEP Security Issue 802.11i - EAP (802.11i, 801.1x, EAP) 802.1x - Authentication (802.1x) 802.11i - WiFi Protected Access 802.11 - Eavesdropping 3-112 3-114 3-116 3-118 3-119 3-121 3-123 3-124 3-126 3-127 3-127 3-129 3-130 3-132 3-133 3-134 3-135 3-137 3-138 3-140 3-140 3-142 3-143 3-145 3-145 3-146 3-147 3-148 3-149 3-150 3-151 3-154 3-155 3-156 3-156 3-157 3-159 3-165 3-172 3-174 3-178 3-184 3-185 3-188 3-190 3-191 3-193 3-194 3-196 3-198 3-202 3-204 3-206 3-208 3-210 3-212

512.3 Secure Communications 802.11 - Eavesdropping Mitigation 802.11 - Masquerading 802.11 - Masquerading Mitigation 802.11 - DoS (Denial of Service) 802.11 - DoS Attack Mitigation 802.11 - Rogue APs 802.11 - Rogue AP Mititagion 802.11 - Airborne Viruses 802.11 - Heisinki 802.11 - Airborne Viruses Mitigation 802.11 - Steps to Planning a Secure WLAN 802.11 - Protecting Wireless Network 802.11 - Management Application - Wireless Risk Acceptance Wireless Summary Module 16: Steganography Steganography - Crypto vs. Stego Steganography - Detecting Cryptography Steganography - Histograms Steganography - How it works Steganography - General Types of Steganography - Injections Steganography - Substitutions Steganography - S-Tools Steganography - Embedding Data in Pixels Steganography - General New File Steganography - Spam Mimic Steganography - Stego Tools Steganography - Defending Against Steganography - Detecting S-Tools Steganography - Stego Summary Module 17: Managing Privacy Managing Privacy - Objectives Managing Privacy - Personally Identifiable Information (PII) Managing Privacy - Cross-sectorial Regulatory Approach to PII (Examples) Managing Privacy - Sectorial Regulatory Approach to PII in the US (Example) Managing Privacy - OECD Privacy Principles Managing Privacy - 7 Reasons to have your (Privacy) Ducks in a Row Managing Privacy - Prominent Lawsuits Managing Privacy - Privacy Certification Managing Privacy - Platform for Privacy (P3P) and EPAL Implementation Managing Privacy - Privacy Summary Module 18: Operations Security (OPSEC) Defensive OPSEC - Management Application Defensive OPSEC - Three Laws of Defensive Defensive OPSEC - Weekly Assessment Cycle Defensive OPSEC - Employee Issues Defensive OPSEC - Employment Agreements Defensive OPSEC - Putting It All Together Defensive OPSEC - Sensitive Information Offensive OPSEC Offensive OPSEC - Extract Knowledge Offensive OPSEC - Process Offensive OPSEC - Code of Ethics Offensive OPSEC - Corporate Information Offensive OPSEC - Danger of a Web Hits Counter Offensive OPSEC - Power Searching with GOOGLE 3-214 3-217 3-219 3-222 3-224 3-225 3-226 3-228 3-230 3-231 3-232 3-234 3-235 3-238 3-243 3-246 3-238 3-249 3-250 3-252 3-253 3-255 3-256 3-259 3-261 3-262 3-264 3-266 3-268 3-271 3-276 3-277 3-281 3-285 3-287 3-289 3-299 3-300 3-307 3-308 3-314 3-318 3-320 3-322 3-323 3-325 3-328 3-330 3-332 3-336 3-338 3-342 3-343 3-344 3-346 3-347

512.3 Secure Communications Offensive OPSEC - Competitive Intelligence by Example Offensive OPSEC - whois.net Offensive OPSEC - nslookup and tracert Offensive OPSEC- Geobytes to Locate Datacenter Offensive OPSEC - Intense School, Terrible Offensive OPSEC - Wayback Machine Offensive OPSEC - That was Fun, Lets Do It Again Offensive OPSEC - Network Infornation (MISTI) How to Apply OPSEC - Summary Managerial Wisdom Seven Habits of Highly Effectively People Level 5 Leadership First WhoThen What Confront the Brutal Facts Hedgehog A Culture of Discipline Flywheel 3-349 3-354 3-355 3'356 3-357 3-360 3-365 3-371 3-320 3-393 3-395 3-397 3-398 3-399 3-400 3-402 3-404

512.3 Secure Communications

VPN's

512.4 The Value of Information Managing Software Security - How much security is Appropriate Managing Software Security - Architectural Issues Managing Software Security - Insist on Safe Defaults Managing Software Security - Implement User Accountability Managing Software Security - Beware of Pre-existing Software Managing Software Security - Write Modular Code Managing Software Security - Address Error Handing Managing Software Security - Software Coding Errors Managing Software Security - Specific Implementation Flaws Managing Software Security - Code Reviews Managing Software Security - Sound Review Process Managing Software Security - Code Analysis Tool Options Honeypots and Honeynets Honeypots and Honeynets - What are Honeypots Honeypots and Honeynets - Interation Honeypots Honeypots and Honeynets - Why you need a Honeypot Honeypots and Honeynets - Honeypot 172.16.1.0/24 Honeypots and Honeynets - Honeyd Honeypots and Honeynets - Honey Tokens Honeypots and Honeynets - LaBrea Tarpit Honeypots and Honeynets - How LaBrea Works Honeypots and Honeynets - Nepenthes - a Honeypot to detect/collect Malware Honeypots and Honeynets - Detecting Honeypots Honeypots and Honeynets - Is it Legal Honeypots and Honeynets - Honeypot Summary Managing Intellectual Property Managing Intellectual Property - What is IP Managing Intellectual Property - "Know How" makes the subtle difference Managing Intellectual Property - Patents Managing Intellectual Property - What is a Copyright Managing Intellectual Property - Fair Use Copyright Managing Intellectual Property - Copyright Battlefield Managing Intellectual Property - Copyright Defenses Managing Intellectual Property - Framing Managing Intellectual Property - Organizational Policy DMCA Managing Intellectual Property - Digital Rights Management Managing Intellectual Property - Content Scrambling System (CSS) Managing Intellectual Property - Sony DRM Flasco Managing Intellectual Property - XCP/EULA Managing Intellectual Property - Trademark or Servicemark ManagingIntellectual Property - Brand Identity Managing Intellectual Property - Trade Dress Managing Intellectual Property - Why Register a Mark Managing Intellectual Property - How do I know Something is Trademarked Managing Intellectual Property - Attacks on Trademarks Managing Intellectual Property - Misappropriation of Trademarks Managing Intellectual Property - Dilution: Bluring and Tarnishing Managing Intellectual Property - Licensing and Franchising Managing Intellectual Property - Intangible Assets - Trade Secrets and Know How Managing Intellectual Property - What is a Trade Secret Managing Intellectual Property - Know How Management Proprietary Managing Intellectual Property - Know How Business Proprietary Managing Intellectual Property - Economic Advantage Managing Intellectual Property - IP Valuation Managing Intellectual Property - How to assign a value Managing Intellectual Property - Intangible Assets

512.4 The Value of Information Managing Intellectual Property - IP Valuation Rights Managing Intellectual Property -IP Valuation Database Managing Intellectual Property - Intangible Asset Attacks Managing Intellectual Property - Protecting the Intangibles Managing Intellectual Property - Why is it Important to Protect Intellectual Property (IP) Managing Intellectual Property - Cybersquatting Managing Intellectual Property - Social Cost of Intellectual Property Misuse Managing Intellectual Property - Internal IP Attack Detect Managing Intellectual Property - Watermark Example Managing Intellectual Property - External IP Detection Managing Intellectual Property - 10 Keys to Managing IP Module 20: Incident Handling Incident Handling - Legal Aspects Incident Handling - What is an Incident Incident Handling - Type of Incidents Incident Handling - Reflector Attack Incident Handling - Amplifier Attack Incident Handling - Synflood Incident Handling - Examples of a Incident Incident Handling - 6 Steps Incident Handling - Preparation Incident Handling - Identification Incident Handling - Signs of an Incident Incident Handling - Incident Analysis Incident Handling - Containment Incident Handling - Eradication Incident Handling - Recovery Incident Handling - Follow-up Incident Handling - Key Mistakes Incident Handling - Putting the Steps Together Incident Handling and the Legal System Incident Handling and the Legal System - United States Code Title 18, Section 30 Incident Handling and the Legal System - Law Relating to (Regulatory, Criminal, Civil, Common) Incident Handling and the Legal System - Terrorism, Infrastructure Protection Incident Handling and the Legal System - Search/Seizure Incident Handling and the Legal System - Arrest/False Arrest Incident Handling and the Legal System - Evidence Must Be Admissible Incident Handling and the Legal System - Chain of Custody Incident Handling and the Legal System - Evidence Gathering Incident Handling and the Legal System - Types of Evidence Incident Handling and the Legal System - Real and Direct Incident Handling and the Legal System - Best Evidence Incident Handling Foundations - Summary Module 21: Information Warfare Information Warfare - Tools Information Warfare - Star Wars and Perception Management Information Warfare - Malicious code/virus blitz Information Warfare - Irhabi Information Warfare - Madrid Bombing Information Warfare - The White House Information Warfare - Could Currency be Destabilized Information Warfare - Could a City be Destroyed Information Warfare - Y2K Information Warfare - Offshore Coding and SW Engneering 2007 Information Warfare - Terrorism and Economic Warfare Information Warfare -Information Warfare Theory

512.4 The Value of Information Information Warfare - Zero-Sum Game Information Warfare - Asymmetry Year 2001 Information Warfare - Cycle Time Information Warfare - Indications and Warning Information Warfare - Vista Scenario Information Warfare - I & W Analysis Model Information Warfare - Measures of Effectiveness Information Warfare - Offensive Players Information Warfare - Offensive Operations Goal Information Warfare - Increase Value to Offense Information Warfare - Auto Manufature Scenario Information Warfare - Decrease Value to Defense Information Warfare - Defensive Dominance Deterrence Information Warfare - Management Application Module 22: Disaster Recovery / Contingency Contingency Planning - Business Continuity Plan Contingency Planning - Diaster Recovery Plan Contingency Planning - Classical BCP/DRP Contingency Planning - Modern BCP/DRP Contingency Planning - Basic Elements of Continuity Planning Contingency Planning - Business Impact Analysis Contingency Planning - BIA Questions Contingency Planning - Recovery Time Objective Contingency Planning - BCP/DRP Planning Process Contingency Planning - Top BCP/DRP Planning Mistakes Contingency Planning - Management Application Leading the Business Continuity Team Module 23: Managing Ethics Ethics - What Are Ethics

512.5 Management Practicum

512.5 Management Practicum

512.5 Management Practicum

512.1 Managing the Plant, Network & IA Concepts of situational awareness and the fundamental sources of information that lead to BSA Module 1:Budget Awareness and Project Management Budget Awareness and Project Management Business Situational Awarness Project Management For Security Leaders Module 2: The Network Infrastructure The Network Infrastructure Module 3: Computer and Network Addressing Computer and Network Addressing Module 4: IP Terminology and Concepts IP Terminology and Concepts Module 5: Offensive Vulnerability Scanning Offensive Vulnerability Scanning Advanced Reconnaissance and Vulnerability Scanning Module 6: Managing Safety, Physical Security and The Procurement Management Application Safety Managing the Procurement Process Managing Safety, Physical Security and Procurement Summary 512.2 Defense-In-Depth Module 7: Attacks Against the Enterprise Internet Security Technologies: Introduction Mitnick-Shimomura Method of Attack The Intelligent Network Module 8: Defense-in-Depth Defense-in-Depth Change Management and Security Malicious Software Security Tool Selection Defense-in-Depth: Summary Module 9: Managing Security Policy Managing Security Policy Module 10: Access Control and Password Management Access Control and Password Management Module 11: Web Communication and Security Web Communication and Security 512.3 Secure Communications

Encryption 101 Cryptography Fundamentals General Types of Cryptosystems Encryption 102 Cryptography Algorithms and Concepts Applying Cryptography Crptography Applications, VPNs and IPSec PGP and PKI Applying Cryptography Summary Wireless Network Security Wireless Advantages and Bluetooth 802.11 Wireless Network Security: Summary Steganography Steganography Operations Security (OPSEC) Defensive OPSEC Offensive OPSEC Managerial Wisdom

512.4 The Value of Information Managing Intellectual Property Building a Security Awarness Program Honeypots and Honeynets Managing Intellectual Property Incident Handling Foundations Incident Handling Foundations Incident Handling and the Legal System Incident Handling Foundations: Summary Information Warfare Information Warfare Managing Ethics Managing Ethics IT Risk Management Risk Management and Auditing

512.5 Management Practicum Managing Globally Managing IT Business and Program Growth Security and Organizational Structure Managing the Total Cost of Ownership Managing Negotiations Fraud Management Managing Legal Liability Managing Privacy Managing Technical People Management Practicum: Summary

9 13 41

60

101

135

207 225

269 318 343

9 11 29 87

173 203 229 277 292

298

344

431

9 39 67 105 143 177 181 195 230 235 267 285 341

9 19 37

123 163 183

189

241

281

9 25 51 89 117 141 157 171 211 243

512.1 Managing the Plant, Network IA Business Situational Awareness Business Situational Awareness - Tenet Nosce Know Thyself Business Situational Awareness - Positional and Personal Authority Business Situational Awareness - How to Budget Time Business Situational Awareness - How to Budget Employee's Time Business Situational Awareness - Budget Structure Business Situational Awareness - IT Department Budgets Business Situational Awareness - Situational Awareness Summary Project Management For Security Leaders Project Management - Initiation Project Management - Scope Project Management - Develop Project Management - Scheduling Project Management - Execution Project Management - Monitoring, Controlling, Conflict Project Management - Closing Out the Project Project Management - PMO - Project Management Office Module 2: The Network Infrastructure Network Infrastructure Network Infrastructure - OSI vs. TCP/IP Network Infrastructure -OSI Model Network Infrastructure -Network Components Network Infrastructure -Hubs Network Infrastructure -Bridges/Switches Network Infrastructure -Attacks on Layer 2 Switches Network Infrastructure -Spanning Tree Protocol Network Infrastructure -Dynamic Host Configuration Protocol Network Infrastructure -Router Network Infrastructure -Network Attached Storage (NAS) Network Infrastructure -VLANs Network Infrastructure -Segmenting Your Internal Network Network Infrastructure -Management Application - Network Partitions Network Infrastructure -Physical and Logical Topologies Network Infrastructure -Bus Topology Network Infrastructure -Ring Topology Network Infrastructure -Star Topology Network Infrastructure -Ethernet Network Infrastructure -Token Ring and FDDI Network Infrastructure -Asynchronous Transfer Mode (ATM) Network Infrastructure -Permanent Virtual Circuit (PVC) Network Infrastructure -Switched Virtual Circuit (SVC) Network Infrastructure -WAN Access Technologies Network Infrastructure -VoIP Overview for Managers Network Infrastructure -VoIP Components& Protocols Network Infrastructure -VoIP Threats & Security Network Infrastructure -Management Application - Questions to ask about Networks Module 3: Computer and Network Addressing Computing & Network Addressing - Frame and Packet Address (MAC=48 bits) Computing & Network Addressing - MACs and OUIs Computing & Network Addressing - The IP Address Computing & Network Addressing - Rogue Wireless Access Points Computing & Network Addressing - ARP Attacks Computing & Network Addressing - Classles Internet Domain Routing - CIDR Computing & Network Addressing - Determine the Network and the Host Computing & Network Addressing - Broadcast Address Computing & Network Addressing - Private Address 1-14 1-18 1-20 1-23 1-27 1-30 1-32 1-36 1-40 1-42 1-44 1-46 1-49 1-50 1-51 1-53 1-54 1-59 1-60 1-62 1-62 1-63 1-63 1-64 1-64 1-65 1-65 1-67 1-67 1-69 1-71 1-73 1-75 1-75 1-76 1-76 1-80 1-82 1-85 1-86 1-86 1-87 1-88 1-91 1-93 1-96 1-101 1-104 1-105 1-105 1-107 1-107 1-109 1-111 1-114 1-116

512.1 Managing the Plant, Network IA Computing & Network Addressing - Domain Name System (DNS) Computing & Network Addressing - Static Host Tables Computing & Network Addressing - DNS Computing & Network Addressing - DNS - Queries Computing & Network Addressing - DNS - Attacks Computing & Network Addressing - DNS - Cache Poisoning Computing & Network Addressing - DNS - Domain Hijacking Computing & Network Addressing - DNS - Protecting Module 4: IP Terminology and Concepts IP Terminology and Concepts - Network Protocol - What is IP Terminology and Concepts - TCP/IP Packets and Frames IP Terminology and Concepts - Preamble IP Terminology and Concepts - IP - Internet Protocol IP Terminology and Concepts - How to Determine the Protocol IP Terminology and Concepts - IP - Header Identified Protocol IP Terminology and Concepts - IP Header Identifies Protocol IP Terminology and Concepts - IP Header Key Fields IP Terminology and Concepts - Protocol - 8 IP Terminology and Concepts - Time-to-Live TTL IP Terminology and Concepts - Fragment Offset - 16 bits IP Terminology and Concepts - UDP & TCP Ports IP Terminology and Concepts - UDP Header IP Terminology and Concepts - TCP - The Transmission Control Protocol IP Terminology and Concepts - TCP Header IP Terminology and Concepts - TCP Code Bits IP Terminology and Concepts - Establishing a TCP Connection IP Terminology and Concepts - TCP Session Open and Close IP Terminology and Concepts - TCP Error Checking IP Terminology and Concepts - TCP Timeouts IP Terminology and Concepts - TCP And UDP Differences IP Terminology and Concepts - ICMP IP Terminology and Concepts - PING IP Terminology and Concepts - UNIX and Windows Traceroute IP Terminology and Concepts - Traceroute IP Terminology and Concepts - Application Layer Security Protocol IP Terminology and Concepts - Sniffer - What is IP Terminology and Concepts - Reading Packets IP Terminology and Concepts - Field OFFSET offset 0 IP Terminology and Concepts - What are the first 3 fields in a packet IP Terminology and Concepts - What are the next 3 fields in a packet IP Terminology and Concepts - Decoding an IP Header IP Terminology and Concepts - What protocol is this packet and where does the protocol layer start IP Terminology and Concepts - Decoding a TCP Header IP Terminology and Concepts - TCP/IP & TCP Dump pocket reference guide IP Terminology and Concepts - Reading Packets Summary Module 5: Offensive Vulnerability Scanning Offensive Vulnerability Scanning - 5 VM Management Axioms Offensive Vulnerability Scanning - Primary Threat Concerns Offensive Vulnerability Scanning - Threat Concerns Offensive Vulnerability Scanning - Hping v3.0 - Spoofing Port Scanner Offensive Vulnerability Scanning - p0f - Passive OS Detection Offensive Vulnerability Scanning - Phone Scanning Offensive Vulnerability Scanning - PhoneSweep Offensive Vulnerability Scanning - TCP/IP Based Scanner Techniques Offensive Vulnerability Scanning - Basic port/ip scanners Offensive Vulnerability Scanning - Stealth/spoofing scanners 1-118 1-119 1-121 1-123 1-126 1-127 1-128 1-130 1-135 1-137 1-139 1-140 1-142 1-143 1-144 1-146 1-148 1-148 1-149 1-149 1-152 1-156 1-161 1-162 1-164 1-166 1-168 1-169 1-170 1-171 1-172 1-174 1-176 1-178 1-179 1-182 1-185 1-185 1-188 1-190 1-192 1-194 1-196 1-198 1-199 1-207 1-208 1-209 1-212 1-214 1-216 1-218 1-219 1-221 1-223 1-223

512.1 Managing the Plant, Network IA Offensive Vulnerability Scanning - OS Fingerprinting Advance Reconnaissance and Vulnerability Scanning Advance Reconnaissance and Vulnerability Scanning - Social Engineering Advance Reconnaissance and Vulnerability Scanning - Social Engineering - Defense Advance Reconnaissance and Vulnerability Scanning - Fire on Your Posisition Advance Reconnaissance and Vulnerability Scanning - P2P - Firewall Subversion Advance Reconnaissance and Vulnerability Scanning - KaZaA Firewall Subversion Advance Reconnaissance and Vulnerability Scanning - Instant Messengers Advance Reconnaissance and Vulnerability Scanning - Gathering Data Advance Reconnaissance and Vulnerability Scanning - P2P and IM Controls Advance Reconnaissance and Vulnerability Scanning - Vulnerablility Scanners Advance Reconnaissance and Vulnerability Scanning - How to do a Vulnerability Scan Advance Reconnaissance and Vulnerability Scanning - Nmap and Nessus, the outside view Advance Reconnaissance and Vulnerability Scanning - Metasploit Advance Reconnaissance and Vulnerability Scanning - Pen Test Techniques Advance Reconnaissance and Vulnerability Scanning - Management Application - Scanning Tools Advance Reconnaissance and Vulnerability Scanning - Vulnerablility Assessment Advance Reconnaissance and Vulnerability Scanning - Operating System Analysis - Inside View Advance Reconnaissance and Vulnerability Scanning - CISecurity.org Summary of Module 5 Module 6: Managing Safety, Physical Security and the Procurement Management Application Safety - Safety and the Computer Security Manager Management Application Safety -Hurricane Katrina Illustrates Management Application Safety -Smoke and Fire Management Application Safety -Leadership and Evacuation Management Application Safety -Richard Rescorla - Case Study Management Application Safety -Why Evacuation Matters Management Application Safety -Building Evacuation and Exit Plan (BEEP) Management Application Safety -Safety Walkthrough Management Application Safety -Physical Security - Managing Management Application Safety -Physical Security - Locks Management Application Safety -Physical Security - Intruder Detection Management Application Safety -Physical Security - Resistance to Explosive Management Application Safety -Physical Security - Power and Cooling Management Application Safety -Physical Security - Current Management Application Safety -Physical Security - Power to the Datacenter Management Application Safety -Physical Security - Cooling Basics Management Application Safety -Power and Cooling Summary Management Application Safety -Safety and PHYSSEC Summary Managing the Procurement Process Managing the Procurement Process - Procurement - SWOT Managing the Procurement Process -Procurement - Vendor and Product Selection Managing the Procurement Process -Procurement - Price and Value Managing the Procurement Process -Procurement - The Secret Life of a Salesperson Managing the Procurement Process -Procurement - Analytical Hierarchy Process Managing the Procurement Process -Procurement - Analytical Hieracy Process Summary Managing the Procurement Process -Procurement - Vendor Selection Summary Managing the Procurement Process -Procurement - RFP 1-223 1-225 1-227 1-229 1-230 1-231 1-231 1-234 1-237 1-238 1-240 1-242 1-248 1-251 1-253 1-255 1-257 1-258 1-261 1-263 1-269 1-270 1-274 1-275 1-279 1-279 1-280 1-281 1-286 1-288 1-294 1-298 1-303 1-305 1-306 1-308 1-310 1-314 1-315 1-318 1-319 1-320 1-325 1-326 1-331 1-337 1-339 1-340

512.1 Managing the Plant, Network IA

512.1 Managing the Plant, Network IA

512.1 Managing the Plant, Network IA