CMSY 263 – Hardening the Infrastructure

1.    Security Policy Development

1.1.  User Computer Usage Agreement
1.2.  Administrator Responsibilities
1.3.  Incident Response and Reporting

2.    Securing a Windows System

2.1.  Apply Necessary Patches and Hot Fixes
2.2.  Determine which Services are Necessary for Everyday Operations
2.3.  Restrict Access to the System

3.    Securing an IIS Website

3.1.  Apply Necessary Patches and Hot Fixes
3.2.  Determine which Services are Necessary for Everyday Operations
3.3.  Restrict Access to the System

4.    Securing other Public Servers

4.1.  DNS Servers
4.2.  FTP Servers
4.3.  E-mail Servers

5.    Using Network Security Tools for Auditing Systems

5.1.  Standard TCP/IP tools
5.2.  Audit and logging to ensure Policy Enforcement
        5.2.1.   Event Log Settings
5.3.  Network Scanning tools
5.4.  Vulnerability Assessment Tools

6.    Access Control Systems and Methodology

6.1.  Access Rights and Permissions
6.2.  Monitoring Intrusion Detection and Audit Trails
6.3.  Intrusion Corrections
6.4.  Penetration Testing

7.    Applications and Systems Development

7.1.  Malicious Code
7.2.  Code/Programs and what can go wrong

8.    Law, Investigation and Ethics

8.1.  Distinguish between breaches of data security and 
        operations security
8.2.  Define and distinguish characteristics in computer crime

9.    Operations Security

9.1.  Identify resources that must be protected to achieve 
        operations security
9.2.  Define the elements of performing a violations analysis
9.3.  Identify potential hardware and software exposure

10.  Security Architecture and models

10.1.   Policies, Standards, Guidelines and procedures
10.2.   Risk Management Tools and Methodologies

11.  Telecommunications, Network, and Internet Security

11.1.   Network Monitors and Packet Sniffers
11.2.   E-mail Security
11.3.   Security Boundaries and how to translate security 
           policy to controls