Thursday, July 5, 2018

Earn Your C)VA Cyber Security Certification in SEPTEMBER!





TRAINING LOCATION

Coastal Regional Commission of Georgia
1181 Coastal Drive SW, Darien, GA 31305


COURSE DESCRIPTION
The Mile2 vendor-neutral Certified Vulnerability Assessor certification course provides foundational knowledge of general VA tools as well as popular exploits with which an IT engineer should be familiar. This course is a fundamental cyber security certification course that focuses on vulnerability assessments.  The student will be versed with basic malware and viruses and how they can infiltrate an organizations network. The student will also learn how to assess a company’s security posture and perform a basic vulnerability test to help secure the organization’s networking infrastructure.


This certification course is mapped to NIST / Department of Homeland
Security NICE Cyber Security Workforce Development Framework.




ABOUT THE INSTRUCTOR
Michael I. Kaplan is a Mile2 Partner Development Manager, certified Cyber Security Instructor, and a passionate advocate for military veteran issues with 21 years of experience in the security industry. His industry areas of specialization are Program Management and Implementation, IT Risk Assessment, and Information Systems Audit / Compliance. He also has a high degree of expertise regarding conformance to Cyber Security Frameworks including HIPAA Compliance (HITECH, GAPP), NIST SP 800 Series, ISO 27000 Series, PCI-DSS, SSAE 16 (SOC1, SOC2), and FedRAMP.


LEARNING OBJECTIVES



1. The Importance of Vulnerability Assessment

5. Assessing Web Servers



2. Types and Categories of Vulnerabilities

6. Assessing Remote and VPN Services



3. Risk Assessment and Valuation

7. Vulnerability Assessment Tools and Resources



4. Assessing the Network

8. Output Analysis and Reporting


COURSE FEES INCLUDE

Materials:
 Hard Copy (Provided at Training Location)

A 15% discount is available for all
members of our military affiliated
communities. For information on
how to receive a discount code,
please contact Michael I. Kaplan:


 - Course Text / Workbook

 - Course Lab Manual

 - Text: Key Security Concepts & Definitions

 - Text: Exam Prep Guide

 - Cool SWAG



 Electronic (Loaded in Student Account)

 * Access to digital content for 1-year

 - Course Text / Workbook

 - Course Video Series

 - CEU Completion Certificate

 - Course Prep Guide

 - Course Exam Simulator





 Exam Voucher

 - Re-Take Exam Voucher (if needed)


STUDENT COURSE FEE:
(BEFORE DISCOUNT)

$2,500


REGISTER NOW FOR YOUR CYBER SECURITY CERTIFICATION

 Electronic Registration & Payment

 Check / Purchase Order (Please contact Michael I. Kaplan via email or phone.)
 - PHONE: (912) 244-0394



DETAILED COURSE DESCRIPTION

Module 1: The Importance of Vulnerability Assessment



Overview

Categorizing Risk
What is a Vulnerability Assessment?

Types and Examples of Risk
Benefits of a Vulnerability Assessment

Different Approaches to Analysis
What are Vulnerabilities?

Qualitative Analysis
Security Vulnerability Life Cycle

Quantitative Analysis
Compliance and Project Scoping

Use of ALE Values
The Project Overview Statement

Examples of ALE
Assessing Current Network Concerns

ARO Values and Meanings
Vulnerabilities in Networks

Calculating ALE Values
Network Vulnerability Assessment Methodology

Comparing Cost and Benefit
Phase 1: Data Collection

Countermeasure Criteria
Phase II: Interviews, Reviews, and Investigations

Calculating Cost / Benefit
Phase III: Analysis

Management’s Response to Identified Risks
Risk Management

Policy Review Methodology (Top Down)
Why is Risk Management Difficult?

Types of Policy Goals
Risk Analysis Objectives

Industry Best Practice Standards
Putting Together the Team and Components

Components Supporting Security Policy
What is the Value of an Asset?

Technical Methodology (Bottom Up)
Examples of Non-Obvious Vulnerabilities

Review

Module 2: Types and Categories of Vulnerabilities



Overview

Information Leaks
Critical Vulnerability Types

Memory Disclosure
Buffer Overflows

Network Information
URL Mapping to Web Applications

Version Information
IIS Directory Traversal

Path Disclosure
Format String Attacks

User Enumeration
Default Passwords

Denial of Service
Misconfigurations

Industry Best Practices
Known Backdoors

Review

Module 3: Assessing the Network



Overview

Automating Enumeration
Network Security Assessment Platform

SMTP Probing
Virtualization Software

NMAP: Is the Host Online?
Operating Systems

ICMP Disabled?
Exploitation Frameworks

NMAP TCP Connect Scan
Internet Host and Network Enumeration

TCP Connect Port Scan
Web and Newsgroup Search Engines

Tool Practice: TCP Half-Open Scan
Foot-Printing Tools

Tool Practice: TCP Port Scan
Blogs and Forums

Firewalled Ports
Google Groups / USENET

NMAP Service Version Protection
Google Hacking

NMAP UDP Scans
Google Query Operators

UDP Port Scans
Domain Name Registration

Null Sessions
WHOIS

Syntax for Null Sessions
BGP Querying

SMB Null Sessions
DNS Databases

Hardcoded Named Pipes
Using NSLOOKUP

Windows Networking Service
Dig for Unix / Linux

Countermeasures
Web Server Crawling

Review

Module 4: Assessing Web Servers



Web Servers

Parameter Modification
Fingerprinting Accessible Web Servers

SQL Injection Enumeration
Identifying Reverse Proxy Mechanisms

SQL Extended Stored Procedures
Assessing Reverse Proxy Mechanisms

Shutting Down SQL Servers
Proxy Mechanisms

Direct Attacks
Identifying Subsystems / Enabled Components

SQL Connection Properties
Basic Web Server Crawling

Attacking Database Servers
Web Application Technologies Overview

Obtaining Sensitive Information
Web Application Profiling

URL Mapping to Web Applications
HTML Sifting and Analysis

Query Strings
Backend Database Technology Assessment

Changing URL Login Parameters
Why SQL “Injection”?

IIS Directory Traversal
Web Application Attack Strategies

Cross-Site Scripting (XSS)
Web Application Vulnerabilities

Web Security Checklist
Authentication Issues

Review

Module 5: Assessing Remote and VPN Services



Overview

Remote Maintenance Services
Remote Information Services

FTP
Retrieving DNS Service Version Information

SSH
DNS Zone Transfers

Telnet
Forward DNS Grinding

X Windows
Finger

Citrix
AUTH

Microsoft Remote Desktop Protocol
NTP

Virtual Network Computing
SNMP

Assessing IP VPN Services
Default Community Strings

Microsoft PPTP
LDAP

SSL VPN’s
RWHO Command

Review
RPC Users



Module 6: Vulnerability Assessment Tools and Resources



Vulnerability Scanners

Microsoft Baseline Analyzer
Nessus

MBSA Scan Report
SAINT – Sample Report

Dealing with Assessment Results
RETINA

Patch Management Options
QualysGuard

Review
LanGuard



Module 7: Output Analysis and Reporting



Overview

GFI LanGuard
Staying Abreast: Security Alerts

GFI Reports
Vulnerability Research Sites

MBSA
Nessus

MBSA Reports
SAINT

Review
SAINT Reports




REGISTER NOW FOR YOUR CYBER SECURITY CERTIFICATION

 Electronic Registration & Payment

 Check / Purchase Order (Please contact Michael I. Kaplan via email or phone.)
 - PHONE: (912) 244-0394