CGKS02 |

Name: Security +
Author: admin

Security +

Descrizione

Stabilisce le conoscenze di base necessarie per qualsiasi ruolo di sicurezza informatica e fornisce un trampolino di lancio per i lavori di sicurezza informatica di livello intermedio. Il corso permette di sviluppare la capacità di identificare e affrontare le minacce alla sicurezza, gli attacchi e le vulnerabilità.

Dettagli Corso

PERSONALIZZA:

Scopri come

Promozioni:

Scopri quali

Calendario:

Verifica date

Sede:

Milano, Roma, Padova, Online

PREZZO:

1.750€ IVA esclusa

DURATA:

5 giorni

Destinatari

Professionisti IT con ruoli di lavoro come security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator e network administrator

Identificare le strategie di attacco di rete e le difese
Comprendere i principi della sicurezza dell'organizzazione e gli elementi dei criteri di sicurezza efficaci
Conoscere le tecnologie e gli usi degli standard e dei prodotti crittografici
Identificare le tecnologie e le procedure di sicurezza basate su rete e host
Descrivere come viene applicata la sicurezza dell'accesso wireless e remoto
Descrivere gli standard e i prodotti utilizzati per applicare la sicurezza alle tecnologie Web e di comunicazione
Identificare le strategie per garantire la continuità aziendale, la tolleranza di errore e il ripristino di emergenza
Riepilogare le vulnerabilità delle applicazioni e delle applicazioni e identificare i metodi di sviluppo e distribuzione progettati per attenuarle

Conoscere la funzione e le caratteristiche di base dei componenti di un PC
Utilizzare Windows Server per creare e gestire file e utilizzare le funzionalità amministrative di base (Gestione, Pannello di controllo, Server Manager e Console di gestione)
Utilizzare il sistema operativo Linux utilizzando gli strumenti da riga di comando di base
Conoscere la terminologia e le funzioni di rete di base (come modello OSI, topologia, Ethernet, Wi-Fi, switch, router)
Comprendere l'indirizzamento TCP/IP, i protocolli di base e gli strumenti di risoluzione dei problemi

Module 1 / Threats, Attacks, and Vulnerabilities

Indicators of Compromise

Why is Security Important?
Security Policy
Threat Actor Types
The Kill Chain
Social Engineering
Phishing
Malware
TypesTrojans and Spyware
Open Source Intelligence

Critical Security Controls

Security Control Types
Defense in Depth
Frameworks and Compliance
Vulnerability Assessments and Pentests
Security Assessment Techniques
Pen Testing Concepts
Vulnerability Scanning Concepts
Exploit Frameworks

Security Posture Assessment Tools

Topology Discovery
Service Discovery
Packet Capture & Packet Capture Tools
Remote Access Trojans
Honeypots and Honeynets

Incident Response

Incident Response Procedures
Preparation Phase
Identification Phase
Containment Phase
Eradication and Recovery Phases

Module 2 / Identity and Access Management

Cryptography

Uses of Cryptography
Cryptographic Terminology and Ciphers
Cryptographic Products
Hashing Algorithms
Symmetric Algorithms
Asymmetric Algorithms
Diffie-Hellman and Elliptic Curve
Transport Encryption
Cryptographic Attacks

Public Key Infrastructure

PKI Standards
Digital Certificates
Certificate Authorities
Types of Certificate
Implementing PKI
Storing and Distributing Keys
Key Status and Revocation
PKI Trust Models
PGP / GPG

Identification and Authentication

Access Control Systems
Identification
Authentication
LAN Manager / NTL
Kerberos
PAP, CHAP, and MS-CHAP
Password Attacks
Token-based Authentication
Biometric Authentication
Common Access Card

Identity and Access Services

Authorization
Directory Services
RADIUS and TACACS+
Federation and Trusts
Federated Identity Protocols

Account Management

Formal Access Control Models
Account Types
Windows Active Directory
Creating and Managing Accounts
Account Policy Enforcement
Credential Management Policies
Account Restrictions
Accounting and Auditing

Module 3 / Architecture and Design (1)

Secure Network Design

Network Zones and Segments
Subnetting
Switching Infrastructure
Switching Attacks and HardeningEndpoint Security
Network Access Control
Routing Infrastructure
Network Address Translation
Software Defined Networking

Firewalls and Load Balancers

Basic Firewalls
Stateful Firewalls
Implementing a Firewall or Gateway
Web Application Firewalls
Proxies and Gateways
Denial of Service Attacks
Load Balancers

IDS and SIEM

Intrusion Detection Systems
Configuring IDS
Log Review and SIEM
Data Loss Prevention
Malware and Intrusion Response

Secure Wireless Access

Wireless LANs
WEP and WPA
Wi-Fi Authentication
Extensible Authentication Protocol
Additional Wi-Fi Security Settings
Wi-Fi Site Security
Personal Area Networks

Physical Security Controls

Site Layout and Access
Gateways and Locks
Alarm Systems
Surveillance
Hardware Security
Environmental Controls

Module 4 / Architecture and Design (2)

Secure Protocols and Services

DHCP Security
DNS Security
Network Management Protocols
HTTP and Web Servers
SSL / TSL and HTTPS
Web Security Gateways
Email Services
S/MIME
File Transfer
Voice and Video Services (VoIP and VTC)

Secure Remote Access

Remote Access Architecture
Virtual Private Networks
IPSec
Remote Access Servers
Remote Administration Tools
Hardening Remote Access Infrastructure

Secure Systems Design

Trusted Computing
Hardware / Firmware Security
Peripheral Device Security
Secure Configurations
OS Hardening
Patch Management
Embedded Systems
Security for Embedded Systems

Secure Mobile Device Services

Mobile Device Deployments
Mobile Connection Methods
Mobile Access Control Systems
Enforcement and Monitoring

Secure Virtualization and Cloud Services

Virtualization Technologies
Virtualization Security Best Practices
Cloud Computing
Cloud Security Best Practices

Module 5 / Risk Management

Forensics

Forensic Procedures
Collecting Evidence
Capturing System Images
Handling and Analyzing Evidence

Disaster Recovery and Resiliency

Continuity of Operations Plans
Disaster Recovery Planning
Resiliency Strategies
Recovery Sites
Backup Plans and Policies
Resiliency and Automation Strategies

Risk Management

Business Impact Analysis
Identification of Critical Systems
Risk Assessment
Risk Mitigation

Secure Application Development

Application Vulnerabilities
Application Exploits
Web Browser Exploits
Secure Application Design
Secure Coding Concepts
Auditing Applications
Secure DevOps

Organizational Security

Corporate Security Policy
Personnel Management Policies
Interoperability Agreements
Data Roles
Data Sensitivity Labeling and Handling
Data Wiping and Disposal
Privacy and Employee Conduct Policies
Security Policy Training

CGKS02 |

Security +

Descrizione

Dettagli Corso

Destinatari

Recensioni

Lascia una recensione Annulla risposta

Programma

Programma

Scarica il PDF

Programma

Ricerca

Categorie

Corsi Correlati

Vendor

Contatti

Milano

Padova

Roma

Indirizzo

Corso personalizzato?

Calendario

Richiedi informazioni