Cybersecurity Capstone

Unit(s): Unit 1 Employability and Unit 2- Threats, Attacks, Vulnerabilities

Unit 3 Technologies and Tools

Unit(s):  Unit 5 

Identity and Access Management and 

Unit 6 Risk Management

Unit 7 Cryptography and PKI

• Unit I IT/Cyber Careers

• Skills, Education and certifications

• Resume, Portfolio 

• Unit 2 Threats, Attacks, Vulnerabilities

• Malware- Viruses, Crypto Malware, Worms, RAT, Rootkit, Keylogger, Adware, Spyware, BOT, Logic Bomb, Backdoor

• Types of Attacks-Social engineering, phishing, spear phishing, vhishing, tailgating, piggybacking, impersonation, dumpster diving, shoulder surfing, hoax, watering hole, 

• -Reasons for effectiveness

• Dos, DDoS attack, man-in-the-middle, buffer overflow, injection, cross-site attacks, privilege escalation, ARP poisoning, amplification, DNS poisoning, data interceptions, hijacking, driver manipulation, spoofing, wireless attacks, Personal area network attacks, cryptographic attacks

• Threat Actors

• -Types of Actors

• Insiders, Competitors, Attributes, Open source Intelligence

• Penetration Testing Concepts

• -Reconnaissance Types

• Privilege Escalation, Boxes, Pen Testing vs, Vulnerability Scanning

• Vulnerability Scanning Concepts

• -MBSA, Security Controls, Misconfiguration, Intrusive vs Non-Intrusive, Credentials, False Positive

• Vulnerability Impact

• -Race conditions, System Age, Improper Input handling, Improper Error handling, bad and default configuration, resource exhaustion, vulnerable users, memory/buffer vulnerability, system sprawl, design weakness, zero day, improper certificate and key management

• Firewalls- firewalls, ACL, firewall types, implicit deny

• VPNs and IPSec- vpn concentrator, access types, IPSec, tunnels, TLS, Always-ON VPN, NIPS/NIDS, signature-based, heuristic/behavioral anomaly, inline vs passive management, rules, analytics, results

• Intrusion Detection and Prevention Systems- Routers, ACLs, Antispoofing, port security, loop prevention, flood guard, proxy types

• Routers, Switches, and Proxies-load balancer, load balancer types, access points, bands, antennas, controller types

• Load balancers and Access Points- SIEM, event duplication, logs/WORM, DLP, USB blocking, cloud-based, email NAC

• SIEM, DLP, and NAC- Mail gateway, bridges, SSL, hardware security

• Gateways, Bridges, and SSL- network analysis tools, wireless scanners, password crackers, other scanners and tools, honeypot, utilities, banner grabbing

• Software Tools and Scanners- Ping, Netstat, Tracert, NsLookup/Dig, ARP, Ipconfig/Ifconfig, TCPdump, Nmap, Netcat

• Command line Tools-

• Security issues- Unencrypted credentials/clear text, anomalies, permissions issues, violations, certificate issues, data exfiltration, misconfigured devices, weak security configurations

• Personnel, software, asset and authentication issues- personnel issues, social engineering, social media, personal email, software, baselines, licensing, asset management, authentication issues

• Security technologies- HIDS/HIPS, antivirus, file integrity check, host-based firewall, application whitelisting, removable media control, malware tools, path management tools, UTM, DLP, DEP, Web application firewall

• Mobile device connection methods- Bluetooth, NFC, ANR, Infrared, USB

• Mobile device deployment- mobile device management concepts, remote wipe, geofencing, geolocation, physical security and push notification authentication, storage, encryption

• Mobile device management-

• Enforcement and  monitoring- carriers, firmware updates, camera use, texts, external media, USB OTG, mics tagging, Ad Hoc, tethering, payments

• Deployment models- BYOD, COPE, CYOD, Corporate-owned, VDI

• Secure protocols- DNSSEC, SSH, S/MIME, SRTP, LDAPS, FTPS, SFTP, SSL/TLS, HTTPS, Secure POP/IMAP

• Deployment models

• Secure protocols

• Use cases- voice and video, time synchronization, email and web, file transfer, directory services, remote, domain name resolution, routing and switching, network address allocation, subscription services

• Use cases and framework purposes- regulatory, non-regulatory, national vs international, industry-specific frameworks, configuration and vendor-specific guides, general purposes guides, defense in depth, security controls, user training

• Network zones and isolation- network zones and topologies, wireless networks and honeynets, NAT and Ad Hoc connections, physical vs logical networks, virtualization, air gaps

• VPNs, Security Devices, and SDNS

• Hardware Security and OS

• Peripherals- BitLocker to GO, Keyloggers, micro sd card, secure print, encryption, camera security policy

• Secure staging deployment- have all students add digital signatures to email

• Embedded systems- SCADA, IoT, wearable technology, home automation, HVAC, SoC, RTOS, DoS, Physical attacks 

• Application development and deployment- Agile, waterfall, DevOps, security automation, baseline, immutable, cloud computing, rollback procedure, user provisioning

• Secure coding techniques- normalization, stored procedures, code signing, encryption, obfuscation, code reuse, validation, memory management libraries, SDKs, data exposure

• Code quality and testing- stress testing, sandboxing, verification, compiled vs, real-time code

• Virtualization concepts- hypervisor, type I, type II, application cells/containers, VM sprawl avoidance, VN escape protection

• Cloud concepts- cloud storage, cloud deployment models, on-premise vs hosted vs cloud, VDI/VDE, cloud access security broker, security as a service

• Resiliency and automation- automation/scripting, courses of action, monitoring, configuration validation templates, master image, non-persistence, snapshots, revert to known state, rollback to known configuration, live boot media

• Resiliency techniques- elasticity, scalability, distributive allocation, redundancy, fault tolerance, high availability, RAID

• Physical security controls- perimeter security, protect cabling and server rooms, inside-the-building protection

• Environmental and other building controls- locks, screen filters, cameras, logs, infrared detection, key management

• Identity and Access concepts- Identification, AAA, multifactor authentication federation, SSO, transitive trust

• Identity and Access services- LDAP, Kerberos, TACACS+, CHAP, PAP, MS-CHAP, RADIUS

• Access control models and biometrics- Access control models, physical access control, biometric factors, false acceptance/rejection, error rate

• Tokens, certificates, and security- tokens, hardware, software, HOTP, TOTP, certificate-based authentication, file system security, database security

• Account types-user, shared, and generic accounts, guest accounts, services accounts, privileged accounts

• General account concepts- general concepts, least privilege, onboarding, offboarding, usage auditing, and review, time-of-day restrictions recertification, naming conventions, account maintenance, group-based access control,

• Account policy enforcement- credential management, group policy, password complexity, expirations, recovery, disablement and lockout, password history, reuse length

• Unit 6 Risk Management

• Policies, plans, and procedures- standard operating procedures, agreement types, BPA, SLA, ISA, MOU/MOA, personnel management clean desks and personnel security

• User policies and job roles- role-based awareness training user, privileged user, executive user NDA, onboarding, AUP behavior security, social media, email policies

• Business impact analysis concepts

• Risk management concepts- threat assessments, assessments, calculations, and register, probability and impact

• Risk testing and responses- testing, testing authorizations, risk response techniques, change management

• Incident response procedures- incident response plan, reporting, response teams, exercises, incident response process

• Forensic concepts- volatility, chain of custody, legal hold data acquisition, capturing information, preservation, recovery, intelligence

• Disaster recovery and backup concepts- recovery sites, order of restoration, backup concepts, full backup, incremental, differential, snapshots

• Geographic considerations and operation continuity planning

• Types of controls

• Data destruction and sensitivity- data destruction and media sanitization, data sensitivity labeling and handling PII, PHI

• Data roles and retention- legal and compliance

• Algorithm types and modes- hashing, salt, IV, nonce, elliptic curve algorithm and signature terms

• Keys and data- cipher types and keys, data in transit, at rest, in use, random numbers, key stretching, implementation vs algorithm selection

• Obscurity and use cases- secrecy and obscurity, common use cases, supporting use cases, constraints

• Symmetric algorithms and cipher modes

• Asymmetric algorithms- RSA DSA, Diffie-hellman, groups, DHE, ECDHE, Elliptic curve, PGP/GPG

• Hashing, key stretching and obfuscation- hashing algorithms, key stretching algorithms, obfuscation, substitution cipher

• Wireless security settings- cryptographic protocols, authentication protocols, EAP protocols, IEEE 802.1X, RADIUS federation authentication methods

• Public key infrastructure- components, CA, intermediate CA, CRL, OCSP, CSR, Certificates, keys, object identifiers, PKI concepts

• Certificate types and formats- types of certificates, email, user, root CA and validations, certificate formats

Required Projects

Resume

SIEM Project

Required Projects

SIEM Project

Required Project

Deployment Project

Poster Project

Required Projects

Incident Response

Imbedded Activities:

Unit 1 – Update student portfolios and resumes with certifications earned

Have students research job board postings that require a background check

Social Engineering lab: Put students in groups and have them stage/identify different types of social engineering attacks

Download Microsoft Baseline Analyzer Tool and demonstrate knowledge on what it is used for

Imbedded Activities:

Students will set an ACL for firewalls by clicking outbound rules and create a new rule blocking port 81 (for grading purposes students can send screenshot of the list which includes the new rule for blocking port 81)

Have students research SIEM services, DLPs and NACs and create a presentation explaining each one

Imbedded Activities:

Have students find the asset tag on the device they are using, have them explain how you can use it to stage a social engineering attack

Students will discuss positive and negatives of each Mobile device deployment

Imbedded Activities:

Students will research general purpose guides for security on the nist.gov website and create a document to discuss their findings

Students will draw a network diagram indicating where they would place some of the devices found in VPNs, SDNs and security devices

Students will identify specific OS that fall into network, server, workstation, appliance, kiosk, and mobile and create a presentation defining each and pick the one they feel is most vulnerable to attacks

Imbedded Activities:

Have students submit experiences where they have used multifactor authentication

Have students disable admin and guest accounts on home device and send screenshots for grading purposes

Have students set up a password policy and account lockout policy change and send screenshots for grading purposes

Have students (in groups) look online for templates of policy documents and have them draft a document based on their findings

Have students look over a network diagram and identify mission-essential functions, critical systems, and single points of failure

Have students navigate to https://www.truesec.be/docs/TrueSec-Pentest-Agreement-v2.pdf and read through the testing agreement to get an idea of what one entails-they will summarize what they have read

Imbedded Activities:

Have students navigate to https://www.md5hashgenerator.com/ , enter a phrase, and generate a hash

Students go to https://msdn.microsoft.com/en-us/library/windows/desktop/aa386983)v=vs.85).aspx and look through some of the cryptographic service providers- create a document or exit ticket on what they read

Students will create a product identifying which algorithms are symmetric and which ones are asymmetric

Have students go to a website with a certificate such as www.google.com , then have them find and examine the certificate for its validity (they can submit screenshot of steps to complete for grading)

Cycle 1:

-Professionalism

-Teamwork

-Problem Solving

127.15 (2)(A)

127.15 (2)(B)

127.15 (2)(C)

127.15 (2)(D)

127.15 (2)(E)

127.15 (2)(F)

127.15 (2)(G)

127.15 (2)(H)

127.15 (2)(I)

127.15 (2)(J)

127.15 (2)(L)

Cycle 2:

- Job Seeking Skills

127.15 (2)(A)

127.15 (2)(H)

127.15 (2)(I)

127.15 (2)(J)

127.15 (2)(K)

127.15 (2)(L)

Cycle 3:

-Communication Skills

-Self Management Skill

127.15 (2)(A)

127.15 (2)(B)

127.15 (2)(C)

127.15 (2)(D)

127.15 (2)(E)

127.15 (2)(F)

127.15 (2)(G)

127.15 (2)(H)

127.15 (2)(I)

127.15 (2)(J)

127.15 (2)(L)

Cycle 4:

-Civic and Social Responsibility

127.15 (2)(F)

127.15 (2)(G)

127.15 (2)(H)

127.15 (2)(I)

127.15 (2)(L)