NSA Approved Network Security Course OutlinesCMSY 263 – Hardening the Infrastructure
1. Security Policy Development
1.1. User Computer Usage Agreement
1.2. Administrator Responsibilities
1.3. Incident Response and Reporting
2. Securing a Windows System
2.1. Apply Necessary Patches and Hot Fixes
2.2. Determine which Services are Necessary for Everyday Operations
2.3. Restrict Access to the System
3. Securing an IIS Website
3.1. Apply Necessary Patches and Hot Fixes
3.2. Determine which Services are Necessary for Everyday Operations
3.3. Restrict Access to the System
4. Securing other Public Servers
4.1. DNS Servers
4.2. FTP Servers
4.3. E-mail Servers
5. Using Network Security Tools for Auditing Systems
5.1. Standard TCP/IP tools
5.2. Audit and logging to ensure Policy Enforcement
5.2.1. Event Log Settings
5.3. Network Scanning tools
5.4. Vulnerability Assessment Tools
6. Access Control Systems and Methodology
6.1. Access Rights and Permissions
6.2. Monitoring Intrusion Detection and Audit Trails
6.3. Intrusion Corrections
6.4. Penetration Testing
7. Applications and Systems Development
7.1. Malicious Code
7.2. Code/Programs and what can go wrong
8. Law, Investigation and Ethics
8.1. Distinguish between breaches of data security and
operations security
8.2. Define and distinguish characteristics in computer crime
9. Operations Security
9.1. Identify resources that must be protected to achieve
operations security
9.2. Define the elements of performing a violations analysis
9.3. Identify potential hardware and software exposure
10. Security Architecture and models
10.1. Policies, Standards, Guidelines and procedures
10.2. Risk Management Tools and Methodologies
11. Telecommunications, Network, and Internet Security
11.1. Network Monitors and Packet Sniffers
11.2. E-mail Security
11.3. Security Boundaries and how to translate security
policy to controls
