Module 1: Situational Awareness 1-13

Business Situational Awareness 1-14

Business Situational Awareness - Tenet Nosce Know Thyself 1-18
Business Situational Awareness - Positional and Personal Authority 1-20
Business Situational Awareness - How to Budget Time 1-23
Business Situational Awareness - How to Budget Employee's Time 1-27
Business Situational Awareness - Budget Structure 1-30
Business Situational Awareness - IT Department Budgets 1-32
Business Situational Awareness - Situational Awareness Summary 1-36
Project Management For Security Leaders 1-40
Project Management - Initiation 1-42
Project Management - Scope 1-44
Project Management - Develop 1-46
Project Management - Scheduling 1-49
Project Management - Execution 1-50
Project Management - Monitoring, Controlling, Conflict 1-51
Project Management - Closing Out the Project 1-53
Project Management - PMO - Project Management Office 1-54
Module 2: The Network Infrastructure 1-59
Network Infrastructure 1-60
Network Infrastructure - OSI vs. TCP/IP 1-62
Network Infrastructure -OSI Model 1-62
Network Infrastructure -Network Components 1-63
Network Infrastructure -Hubs 1-63
Network Infrastructure -Bridges/Switches 1-64
Network Infrastructure -Attacks on Layer 2 Switches 1-64
Network Infrastructure -Spanning Tree Protocol 1-65
Network Infrastructure -Dynamic Host Configuration Protocol 1-65
Network Infrastructure -Router 1-67
Network Infrastructure -Network Attached Storage (NAS) 1-67
Network Infrastructure -VLANs 1-69
Network Infrastructure -Segmenting Your Internal Network 1-71
Network Infrastructure -Management Application - Network Partitions 1-73
Network Infrastructure -Physical and Logical Topologies 1-75
Network Infrastructure -Bus Topology 1-75
Network Infrastructure -Ring Topology 1-76
Network Infrastructure -Star Topology 1-76
Network Infrastructure -Ethernet 1-80
Network Infrastructure -Token Ring and FDDI 1-82
Network Infrastructure -Asynchronous Transfer Mode (ATM) 1-85
Network Infrastructure -Permanent Virtual Circuit (PVC) 1-86
Network Infrastructure -Switched Virtual Circuit (SVC) 1-86
Network Infrastructure -WAN Access Technologies 1-87
Network Infrastructure -VoIP Overview for Managers 1-88
Network Infrastructure -VoIP Components& Protocols 1-91
Network Infrastructure -VoIP Threats & Security 1-93
Network Infrastructure -Management Application - Questions to ask about 1-96
Module 3: Computer and Network Addressing 1-101
Computing & Network Addressing - Frame and Packet Address (MAC=48 bi 1-104
Computing & Network Addressing - MACs and OUIs 1-105
Computing & Network Addressing - The IP Address 1-105
Computing & Network Addressing - Rogue Wireless Access Points 1-107
Computing & Network Addressing - ARP Attacks 1-107
Computing & Network Addressing - Classles Internet Domain Routing - CI 1-109
Computing & Network Addressing - Determine the Network and the Host 1-111
Computing & Network Addressing - Broadcast Address 1-114
Computing & Network Addressing - Private Address 1-116
Computing & Network Addressing - Domain Name System (DNS) 1-118
Computing & Network Addressing - Static Host Tables 1-119
Computing & Network Addressing - DNS 1-121
Computing & Network Addressing - DNS - Queries 1-123
Computing & Network Addressing - DNS - Attacks 1-126
Computing & Network Addressing - DNS - Cache Poisoning 1-127
Computing & Network Addressing - DNS - Domain Hijacking 1-128
Computing & Network Addressing - DNS - Protecting 1-130
Module 4: IP Terminology and Concepts 1-135
IP Terminology and Concepts - Network Protocol - What is 1-137
IP Terminology and Concepts - TCP/IP Packets and Frames 1-139
IP Terminology and Concepts - Preamble 1-140
IP Terminology and Concepts - IP - Internet Protocol 1-142
IP Terminology and Concepts - How to Determine the Protocol 1-143
IP Terminology and Concepts - IP - Header Identified Protocol 1-144
IP Terminology and Concepts - IP Header Identifies Protocol 1-146
IP Terminology and Concepts - IP Header Key Fields 1-148
IP Terminology and Concepts - Protocol - 8 1-148
IP Terminology and Concepts - Time-to-Live TTL 1-149
IP Terminology and Concepts - Fragment Offset - 16 bits 1-149
IP Terminology and Concepts - UDP & TCP Ports 1-152
IP Terminology and Concepts - UDP Header 1-156
IP Terminology and Concepts - TCP - The Transmission Control Protocol 1-161
IP Terminology and Concepts - TCP Header 1-162
IP Terminology and Concepts - TCP Code Bits 1-164
IP Terminology and Concepts - Establishing a TCP Connection 1-166
IP Terminology and Concepts - TCP Session Open and Close 1-168
IP Terminology and Concepts - TCP Error Checking 1-169
IP Terminology and Concepts - TCP Timeouts 1-170
IP Terminology and Concepts - TCP And UDP Differences 1-171
IP Terminology and Concepts - ICMP 1-172
IP Terminology and Concepts - PING 1-174
IP Terminology and Concepts - UNIX and Windows Traceroute 1-176
IP Terminology and Concepts - Traceroute 1-178
IP Terminology and Concepts - Application Layer Security Protocol 1-179
IP Terminology and Concepts - Sniffer - What is 1-182
IP Terminology and Concepts - Reading Packets 1-185
IP Terminology and Concepts - Field OFFSET offset 0 1-185
IP Terminology and Concepts - What are the first 3 fields in a packet 1-188
IP Terminology and Concepts - What are the next 3 fields in a packet 1-190
IP Terminology and Concepts - Decoding an IP Header 1-192
IP Terminology and Concepts - What protocol is this packet and where does 1-194
IP Terminology and Concepts - Decoding a TCP Header 1-196
IP Terminology and Concepts - TCP/IP & TCP Dump pocket reference gui 1-198
IP Terminology and Concepts - Reading Packets Summary 1-199
Module 5: Offensive Vulnerability Scanning 1-207
Offensive Vulnerability Scanning - 5 VM Management Axioms 1-208
Offensive Vulnerability Scanning - Primary Threat Concerns 1-209
Offensive Vulnerability Scanning - Threat Concerns 1-212
Offensive Vulnerability Scanning - Hping v3.0 - Spoofing Port Scanner 1-214
Offensive Vulnerability Scanning - p0f - Passive OS Detection 1-216
Offensive Vulnerability Scanning - Phone Scanning 1-218
Offensive Vulnerability Scanning - PhoneSweep 1-219
Offensive Vulnerability Scanning - TCP/IP Based Scanner Techniques 1-221
Offensive Vulnerability Scanning - Basic port/ip scanners 1-223
Offensive Vulnerability Scanning - Stealth/spoofing scanners 1-223
Offensive Vulnerability Scanning - OS Fingerprinting 1-223
Advance Reconnaissance and Vulnerability Scanning 1-225
Advance Reconnaissance and Vulnerability Scanning - Social Engineering 1-227
Advance Reconnaissance and Vulnerability Scanning - Social Engineering 1-229
Advance Reconnaissance and Vulnerability Scanning - Fire on Your Posisi 1-230
Advance Reconnaissance and Vulnerability Scanning - P2P - Firewall Sub 1-231
Advance Reconnaissance and Vulnerability Scanning - KaZaA Firewall Su 1-231
Advance Reconnaissance and Vulnerability Scanning - Instant Messenger 1-234
Advance Reconnaissance and Vulnerability Scanning - Gathering Data 1-237
Advance Reconnaissance and Vulnerability Scanning - P2P and IM Contro 1-238
Advance Reconnaissance and Vulnerability Scanning - Vulnerablility Scan 1-240
Advance Reconnaissance and Vulnerability Scanning - How to do a Vulnera 1-242
Advance Reconnaissance and Vulnerability Scanning - Nmap and Nessus, 1-248
Advance Reconnaissance and Vulnerability Scanning - Metasploit 1-251
Advance Reconnaissance and Vulnerability Scanning - Pen Test Techniqu 1-253
Advance Reconnaissance and Vulnerability Scanning - Management Applic 1-255
Advance Reconnaissance and Vulnerability Scanning - Vulnerablility Asse 1-257
Advance Reconnaissance and Vulnerability Scanning - Operating System An 1-258
Advance Reconnaissance and Vulnerability Scanning - CISecurity.org 1-261
Summary of Module 5 1-263
Module 6: Managing Safety, Physical Security and the Procurement 1-269
Management Application Safety - Safety and the Computer Security Mana 1-270
Management Application Safety -Hurricane Katrina Illustrates 1-274
Management Application Safety -Smoke and Fire 1-275
Management Application Safety -Leadership and Evacuation 1-279
Management Application Safety -Richard Rescorla - Case Study 1-279
Management Application Safety -Why Evacuation Matters 1-280
Management Application Safety -Building Evacuation and Exit Plan (BEEP 1-281
Management Application Safety -Safety Walkthrough 1-286
Management Application Safety -Physical Security - Managing 1-288
Management Application Safety -Physical Security - Locks 1-294
Management Application Safety -Physical Security - Intruder Detection 1-298
Management Application Safety -Physical Security - Resistance to Explosi 1-303
Management Application Safety -Physical Security - Power and Cooling 1-305
Management Application Safety -Physical Security - Current 1-306
Management Application Safety -Physical Security - Power to the Datacent 1-308
Management Application Safety -Physical Security - Cooling Basics 1-310
Management Application Safety -Power and Cooling Summary 1-314
Management Application Safety -Safety and PHYSSEC Summary 1-315
Managing the Procurement Process 1-318
Managing the Procurement Process - Procurement - SWOT 1-319
Managing the Procurement Process -Procurement - Vendor and Product S 1-320
Managing the Procurement Process -Procurement - Price and Value 1-325
Managing the Procurement Process -Procurement - The Secret Life of a S 1-326
Managing the Procurement Process -Procurement - Analytical Hierarchy 1-331
Managing the Procurement Process -Procurement - Analytical Hieracy P 1-337
Managing the Procurement Process -Procurement - Vendor Selection Su 1-339
Managing the Procurement Process -Procurement - RFP 1-340
 512.2 Defense-In-Depth
Module 7 - Attacks Against the Enterprise 2-10
Mitnick-Shimomura 2-11
Mitnick-Shimomura - When Toads Attack 2-13
Mitnick-Shimomura - BadGuy Finger 2-15
Mitnick-Shimomura - RPC Information 2-17
Mitnick-Shimomura - Tracing the Trust 2-17
Mitnick-Shimomura - Silence B with DoS 2-18
Mitnick-Shimomura - Phase 2 Cutting Phone Lines 2-18
Mitnick-Shimomura - Attacker Probes Weakness TCP Stack 2-21
Mitnick-Shimomura - Phase 3 Analyzing the Lock 2-21
Mitnick-Shimomura - Attacker Pretends to be B 2-24
Mitnick-Shimomura - Phase 4: Picking the Lock 2-24
Mitnick-Simomura - Make A Defenseless 2-25
Mitnick-Simomura - Finish the Job 2-26
Methods of Attacks 2-29
Methods of Attacks - Malicious Code 2-31
Methods of Attacks - Trojan Horses 2-31
Methods of Attacks - Logic Bombs 2-31
Methods of Attacks - Rober Duronio 2-32
Methods of Attacks - Trap Doors 2-32
Methods of Attacks - DEBUG mode Sendmail 2-33
Methods of Attacks - Defending against logic bombs -Chey Cobb 2-34
Methods of Attacks - DoS Denial of Service 2-35
Methods of Attacks - Disruption of configuration information 2-37
Methods of Attacks - Satellites Vulnerable to Hackers 2-39
Methods of Attacks - Ministry of Denfence Satellite 2-39
Methods of Attacks - Double Illumination 2-41
Methods of Attacks - Tamil Rebels Hijack US Satellite 2-41
Methods of Attacks - Exfiltration, MITM, Replay 2-43
Methods of Attacks - Extrusion Detection 2-43
Methods of Attacks - Layer 3 Monitoring 2-44
Methods of Attacks - Man-in-the-Middle 2-45
Methods of Attacks - Physical Attacks 2-49
Methods of Attacks - Physical Security Protection 2-50
Methods of Attacks - Laptop/Desktop Protection 2-50
Methods of Attacks - Ring Approach to Physical Security Defense in 2-50
Methods of Attacks - Basic Input/Output System (BIOS) 2-51
Methods of Attacks - Buffer Overflows 2-53
Methods of Attacks - Buffer Overflows Code Example 2-55
Methods of Attacks - Buffer Overflows Concepts 2-56
Methods of Attacks - Flooding and Spam 2-58
Methods of Attacks - SPAM Management 2-59
Methods of Attacks - Flooding Attacks 2-60
Methods of Attacks - Spear Phishing 2-62
Methods of Attacks - Remote Maintenance 2-64
Methods of Attacks - HTTP Tunnels 2-66
Methods of Attacks - Default Passwords and Backdoors 2-67
Methods of Attacks - Zotob 2-68
Methods of Attacks - MySpooler 2-68
Methods of Attacks - Cisco Wireless Location 2-68
Methods of Attacks - Race Conditions 2-70
Methods of Attacks - Interrupts 2-73
Methods of Attacks - Browsing and Enumeration 2-75
Methods of Attacks - RPCinfo 2-76
Methods of Attacks - Finger 2-77
 512.2 Defense-In-Depth
Methods of Attacks - Traffic Analysis 2-80
Methods of Attacks - Alteration of Code 2-82
Methods of Attacks - Rootkits 2-84
Methods of Attacks - Interrupt Attacks 2-85
Methods of Attacks - Sony DRM 2-88
Intelligent Network 2-88
Intelligent Network - Performance and Perimeter Protection 2-90
Intelligent Network - Unified Threat Management Security Devices 2-92
Intelligent Network -Process of Troubleshooting 2-100
Intelligent Network -Firewall Shortcomings and the Default Rule 2-102
Intelligent Network -Firewall Rule-base Auditing 2-103
Intelligent Network -Type of Firewalls 2-105
Intelligent Network -Packet Filter 2-105
Intelligent Network -Fooling Packet Filters 2-105
Intelligent Network -Proxy or Application Gateway 2-106
Intelligent Network -Adaptive Security Appliance 2-107
Intelligent Network -Circuit Firewalls 2-107
Intelligent Network -Ingress/Egress Filtering 2-108
Intelligent Network -Telework and the Intelligent Network 2-110
Intelligent Network -IDS/IPS Technology 2-112
Intelligent Network -IDS Alerts 2-114
Intelligent Network -NIDS Overview 2-116
Intelligent Network -Signaure Analysis Works - How 2-117
Intelligent Network -Rules and Signature Criteria 2-118
Intelligent Network -How Anomaly Analysis Works 2-120
Intelligent Network -How Application/Protocol Analysis Works 2-121
Intelligent Network -Deep Packet Inspection 2-122
Intelligent Network -Shallow Packet Inspection 2-121
Intelligent Network -Data Normalization 2-123
Intelligent Network -NIDS Challenges 2-125
Intelligent Network -Topology Limitations 2-126
Intelligent Network -Spanning Ports 2-126
Intelligent Network -Network Taps 2-127
Intelligent Network -NIDS Cost 2-128
Intelligent Network -Snort as a NIDS 2-130
Intelligent Network -Snort Rules - Writing 2-132
Intelligent Network -Snort Rules - Simple 2-134
Intelligent Network -Snort Rule - Advance 2-135
Intelligent Network -NIDS - Managing 2-136
Intelligent Network -Content Monitoring Systems 2-138
Intelligent Network -IPS - What is 2-139
Intelligent Network -File Integrity Checking Works - How 2-142
Intelligent Network -Log Monitoring Works - How 2-143
Intelligent Network -Log Monitoring - Inclusive Analysis 2-143
Intelligent Network -Log Monitoring - Exclusive Analysis 2-144
Intelligent Network -Tripwire 2-136
Intelligent Network -Tripwire Threat List 2-147
Intelligent Network -Tripwire Example 2-148
Intelligent Network -Internet Storm Center 2-149
Intelligent Network -HIPS Detail 2-150
Intelligent Network -File Integrity, Network & Application Behavior 2-151
Intelligent Network -HIPS Advantages & Challenges 2-153
Intelligent Network -HIPS Challenges 2-153
Intelligent Network -HIPS Recommendations 2-155
Intelligent Network -NIPS 2-157
 512.2 Defense-In-Depth
Intelligent Network -NIPS - Passive Analysis 2-160
Intelligent Network -NIPS Challenges 2-161
Intelligent Network -NIPS Recommendation 2-164
Intelligent Network -IDS/IPS Summary 2-166
Inteligent Network Summary (SIM/SIEM) 2-169
Module 8: Defense-In-Depth 2-173
Defense In Depth - Security is Risk - Focus of 2-174
Defense-In-Depth- Security - Confidentiality, Integrity and Availability 2-175
Defense-In-Depth - Prioritizing CIA 2-177
Defense-In-Depth -Threat - What is a 2-178
Defense-In-Depth -Threat - In Defense in Depth 2-180
Defense-In-Depth -Attack Surface 2-183
Defense-In-Depth -Software Attack Surface 2-184
Defense-In-Depth -Network Attack Surface 2-184
Defense-In-Depth -Human Attack Surface 2-185
Defense-In-Depth -DiD - Approaches to (Defense in Depth) 2-186
Defense-In-Depth -DiD - Uniform Protection 2-191
Defense-In-Depth -DiD - Protected Enclaves 2-193
Defense-In-Depth -DiD - Information Centric 2-195
Defense-In-Depth -DiD - Vector Oriented 2-198
Defense-In-Depth -Role-Based Access Control 2-200
Change Management & Security 2-204
Change Management & Security - Signature of Error in Change 2-205
Change Management & Security - Intentional Change 2-207
Change Management & Security - Separation of Duties 2-208
Change Management & Security - Separation of Duties - Purchasing 2-209
Change Management & Security - Separation of Duties - Developmen 2-209
Change Management & Security - Separation of Duties - Staging 2-209
Change Management & Security - Separation of Duties - Production 2-210
Change Management & Security - Indicators of Change Management 2-211
Change Management & Security - Snowflakes as an Indicator 2-213
Change Management & Security - Best in Class Ops and Security 2-214
Change Management & Security - MITRE Computer Networking Infras 2-216
Change Management & Security - Tenets - Six Configuration Manag 2-217
Change Management & Security - Tenets - Hardening Systems 2-217
Change Management & Security - Tenets - Develop Repeatable Build 2-218
Change Management & Security - Tenets - Implement Change Contro 2-219
Change Management & Security - Tenets - Audit Change Control 2-219
Change Management & Security - Tenets - Don't Troubleshoot 2-219
Change Management & Security - Tenets - Reengineer the Frailest box 2-219
Change Management & Security - 10 Steps to Improvement 2-221
Change Management & Security - Reevaluating Incident Handling Resp 2-225
Change Management & Security - Summary Change Management 2-226
Malicious Software/Objectives 2-230-231
Malicious Software - Taxonomy 2-232 Malicious Mobile Code
Malicious Software - Virus 2-233 Parasite can't exist by self
Malicious Software - Modifying Program Files 2-234
Malicious Software - Macro 2-234
Malicious Software - COM Program Infectors 2-235
Malicious Software - EXE Program Infectors 2-236
Malicious Software - Virus and Hoax Information 2-237
Malicious Software - Worms 2-239 Self replicating
Malicious Software - Morris Worms 2-242 fingerd sendmail
Malicious Software - Other Unix or Linux Worms 2-244 Ramen
Malicious Software - Lion 2-244
 512.2 Defense-In-Depth
Malicious Software - Melissa Virus 2-245 macro virus
Malicious Software - SQL Slammer 2-247 UDP port 1434 / small 404 bytes
Malicious Software - Sasser/Netsky Worms 2-249
Malicious Software - Worms less of a problem today (we think) 2-251
Malicious Software - Trojans 2-252 Dirext action; backdoor rootkit
Malicious Software - Malicious Browser 2-254
Malicious Software -Download.ject 2-255
Malicious Software -Hybrid Threats 2-257
Malicious Software -Propagation Techniques 2-261
Malicious Software -Propagation Techniques - Removable Media 2-261
Malicious Software -Propagation Techniques - E-mail 2-262
Malicious Software -Propagation Techniques - Web Browsing 2-263
Malicious Software -Propagation Techniques - Network Vulnerabilities 2-263
Malicious Software -Propagation Techniques - Instant Messaging 2-264
Malicious Software -Propagation Techniques - Peer-to-Peer Networks 2-265
Malicious Software -Malware Defense Techniques 2-266 Scanners /Act monitors
Malicious Software -Malware - Management Application 2-270
Malicious Software -Malware - Mitigating 2-272
Malicious Software -Malware Summary 2-274
Security Tools Selection 2-278
Security Tools Selection - Goal Oriented Approach 2-280
Security Tools Selection - Research Security Tools & Vendors 2-284
Security Tools Selection - Product Support & Outsourcing 2-286
Security Tools Selection - Cost Conscious Choice 2-288
Security Tools Selection - Crosscheck Before Purchase 2-289
Security Tools Selection - Implementation 2-290
Defense-In-Depth Summary 2-292
Module 9: Managing Security Policy 2-298
Managing Security Policy - Policy Protects Organization 2-299
Managing Security Policy - Security Policy Protects People 2-300- 302
Managing Security Policy - Policy Protect Information 2-303
Managing Security Policy - Standard Guidelines & Framework 2-305
Managing Security Policy - Mission Statement 2-306
Managing Security Policy - Security Posture 2-308
Managing Security Policy - Security Documentation Baseline 2-311
Managing Security Policy - Structure for Issue & System 2-314
Managing Security Policy - Issue Specific Policies 2-317
Managing Security Policy - Unwritten or Missing Policies 2-319
Managing Security Policy - Firewall Rules Implies a Policy 2-320
Managing Security Policy - Policy Statement or Body 2-324
Managing Security Policy - SMART 2-325
Managing Security Policy - OODA 2-328
Managing Security Policy - OODA - Risk 2-329
Managing Security Policy - OODA - www.warroom.com 2-330
Managing Security Policy - OODA - Compliance State the Issue 2-331
Managing Security Policy - OODA - Position 2-332
Managing Security Policy - OODA - AUP Bullet Points 2-334
Managing Security Policy - OODA - Compliance/Penalties 2-335
Managing Security Policy - OODA - AUP Policy Approval 2-336
Managing Security Policy - OODA - Non-Disclosure Agreement 2-338
Managing Security Policy - OODA - NDA Protect Both Parties 2-339
Module 10: Access Control and Password Management 2-344
Access Control - Identity, Authentication, Authorization & Accountabili 2-345
Access Control - Controlling Access 2-347
Access Control - Key Terms & Principles 2-350
 512.2 Defense-In-Depth
Access Control - Access Control Models 2-351
Access Control - Mandatory Access Control (MAC) 2-352
Access Control - Role Based Access Control (RBAC) 2-352
Access Control - Rule Set Based Access Control (RSBAC) 2-352
Access Control - Network Access Control (NAC) 2-353
Access Control - Auditing Access 2-353
Access Control - Managing Access 2-356
Access Control - Managing Separation of Duties 2-359
Access Control - Protocols and Centralized Control 2-360 PAP CHAP
Access Control - LDAP 2-362
Access Control - IEEE 802.1x 2-363
Access Control - Radious UPD port 1812 2-366
Access Control - Access Control Biometrics 3-368
Access Control - Password in Access Control 2-372
Access Control - Reversible & Irreversible Encryption 2-373
Access Control - Collision and Pre-Imagine Attacks 2-374
Access Control - Access Control: Password 2-376
Access Control - Password File 2-376
Access Control - Password Cracking 2-377
Access Control - Password Storage 2-378 Unauth disclosure, modification &
Access Control - Password Hash - Strength 2-379
Access Control - LMHASH 2-381 removal
Access Control - Brute Force Cracking Speed 2-383
Access Control - Password Assessment - Methods 2-384
Access Control - Dictionary Attack 2-387
Access Control - Hybid Attack 2-387
Access Control - Brute Force Attack 2-387
Access Control - Pre-Computation Attack 2-387
Access Control - Cracking Motivation 2-388
Access Control - John Ripper vs. Linux MD5 Password File 2-389
Access Control - Wordlist Mode 2-390
Access Control - Single Crack Mode 2-390
Access Control - Incremental Mode 2-390
Access Control - External Mode 2-390
Access Control - Cracking Windows Passwords 2-390
Access Control - Cracking Unix Passwords 2-391
Access Control - Cracking Read Hat Password File 2-391
Access Control - Rainbow Tables 2-392
Access Control - Fighting Pre-Computation Attacks 2-393
Access Control - Winrtgen 2-394
Access Control - Cain & Abel 2-396
Access Control - One-Time Password 2-399
Access Control - Enforce Strong Password 2-401
Access Control - Management Application - Passwords 2-403
Access Control - Summary of Access Control 2-405
Module 11: Web Communications and Security 2-412
Web Communications and Security Web Communications 101 2-414
Web Communications and Security - Hypertext Transfer Protocol 2-414
Web Communications and Security - HTTP Basics 2-415
Web Communications and Security - HTTP Transactions 2-415
Web Communications and Security - File Transfer (FTP) Protocol 2-418
Web Communications and Security - Secure File Transfer Protocol 2-418
Web Communications and Security - SSL-TLS 2-421
Web Communications and Security - HTML Security 2-423
Web Communications and Security - Directory Traversal 2-425
 512.2 Defense-In-Depth
Web Communications and Security - CGI 2-427
Web Communications and Security - CGI Methods 2-429
Web Communications and Security - Cookies 2-431
Web Communications and Security - Non-Persistent Cookie 2-433
Web Communications and Security - Cross Site Scripting 2-436
Web Communications and Security - Java 2-438
Web Communications and Security - Active Content 2-441
Web Communications and Security - ActiveX 2-444
Web Communications and Security - Tools for Cracking WWW Apps 2-448
Web Communications and Security - Brutus 2-449
Web Communications and Security - Achilies 2-449
Web Communications and Security - Libwhisker 2-450
Web Communications and Security - Nikto 2-451
Web Communications and Security - How are Sessions Tracked 2-452
Web Communications and Security - URLs Hidden Form Elements 2-454
Web Communications and Security - Hacking Session Info 2-456
Web Communications and Security - SQL Injection 2-459
Web Communications and Security - Web Application - Defense 2-461
Web Communications and Security - Web Application Service Provid 2-462
Web Communications and Security - Always Validate User Input 2-464
Web Communications and Security - Simple Object Access Protocol 2-468
Web Communications and Security - XML Gateway 2-474
Web Communications and Security - UDDI 2-480
Web Communications and Security Summary 2-482
 512.3 Secure Communications
Module 12: Encryption 101 3-19
Cryptography Fundamentals - Cryptography - What is 3-11
Cryptography Fundamentals - Cryptography - Milestones 3-13
Cryptography Fundamentals - Cryptography - Secret Decoder Rings 3-14
Cryptography Fundamentals - Why Managers Care About Crypto 3-17
Cryptography Fundamentals - Security by Obsurity is no Security 3-19
Cryptography Fundamentals - Beware of Overconfidence 3-21
Cryptography Fundamentals - Credit Cards Over the Internet 3-23
Cryptography Fundamentals - Management High Level Goals of Cryptography 3-25
Cryptography Fundamentals - Digital Substitution 3-27
Cryptography Fundamentals - General Encryption Techniques 3-31
Cryptography Fundamentals - Rotation Substitution 3-33
Cryptography Fundamentals - Permutation 3-35
Cryptography Fundamentals - Ways to Encrypt Data 3-36
Cryptography Fundamentals - Stream Ciphers 3-37
Cryptography Fundamentals - Block Ciphers 3-38
General Types of Cyptosystems - Cryptosystems - Type of 3-42
General Types of Cryptosystems - Symmetric Key 3-43
General Types of Cryptosystems - Asymmetric Key 3-45
General Types of Cryptosystems - Hash Functions 3-48
General Types of Cryptosystems - Management High Level Goals of Cryptography 3-51
General Types of Cryptosystems- Authentication 3-51
General Types of Cyptosystems - Message Integrity 3-51
General Types of Cryptosystems - Non-Repudiation 3-52
General Types of Cryptosystems - Privacy/Confidentiality 3-52
General Types of Cryptosystems - E-mail and Confidentiality 3-53
General Types of Cryptosystems- Instant Messaging and Confidentiality 3-54
General Types of Cryptosystems - Long Term Storage and Confidentiality 3-55
General Types of Cryptosystems - Key and Key Passphrase Legal Protection 3-56
General Types of Cryptosystems - Secure Socket Layer (SSL) 3-58
General Types of Cryptosystems - 3DES 3-59
General Types of Cryptosystems - AES 3-59
General Types of Cryptosystems - SSL 3-59
Module 13: Encryption 102 3-66
Cryptography - Concepts 3-68
Cryptography - DES 3-74
Cryptography - 2 DES 3-77
Cryptography - AES 3-78
Cryptography - AES Algorithm 3-80
Cryptography - AES Basic Functions 3-81
Cryptography - RSA 3-82
Cryptography - Generaing RSA Keys 3-84
Cryptography - RSA vs. DES 3-85
Cryptography - Quantum Computing & Cryptography 3-86
Cryptography - Elliptic Curve Cryptosystem 3-90
Cryptography - Practical ECC Considerations 3-93
Cryptography - Crypto Attacks 3-95
Cryptography - Cipher Attacks 3-95
Cryptography - Birthday Attack 3-96
Cryptography - Summary 3-97
Module 14: Applying Cryptography 3-102
Cryptography Applications - Bruce Schneiser Advice 3-103
Cryptography Applications -Encryption 3-104
Cryptography Applications -Confidentiality in Transit 3-107
 512.3 Secure Communications
Cryptography Applications - Remote Access Server 3-108
Cryptography Applications - Types of Remote Access 3-110
Cryptography Applications -SSL VPNs 3-112
Cryptography Applications -SSH 3-114
Cryptography Applications -SSH Dumps 3-116
Cryptography Applications -VPN - System Components 3-118
Cryptography Applications -VPN - Security Implications 3-119
Cryptography Applications -IPSEC - Overview 3-121
Cryptography Applications - Types of IPSec Headers 3-123
Cryptography Applications - IPSEC - ESP 3-124
Cryptography Applications - Type of IPSEC mode 3-126
Cryptography Applications -IPSEC - Tunnel Mode and ESP 3-127
Cryptography Applications -IPSEC - IKE 3-127
Cryptography Applications -IPSEC - Examples of IPSEC Encryption 3-129
Cryptography Applications -IPSEC - Key Management 3-130
Cryptography Applications -IPSEC - Non IPSec VPNs 3-132
Cryptography Applications -IPSEC - L2TP 3-133
Cryptography Applications -IPSEC - Point to Point Protocol (PPP) 3-134
Cryptography Applications -IPSEC - PPP Dumps 3-135
Cryptography Applications -IPSEC - Socks 3-137
Cryptography Applications -IPSEC - Socks Dumps 3-138
PGP and PKI 3-140
PGP and PKI - Managing PGP 3-140
PGP and PKI - Web of Trust 3-142
PGP and PKI - Certificate and Signature Revocation 3-143
PGP and PKI - Establishing a Key 3-145
PGP and PKI - Digital Signaures 3-145
PGP and PKI - Key Management 3-146
PGP and PKI - Chosing a Passphase 3-147
PGP and PKI - Distributing Your Public Key 3-148
PGP and PKI - Digital Certificate 3-149
PGP and PKI - Your Key Ring 3-150
PGP and PKI - Adding Keys 3-151
PGP and PKI - Encrypting Outbound E-Mail 3-154
PGP and PKI - Decrypting Inbound E-Mail 3-155
PGP and PKI - Signing Oubound E-Mail 3-156
PGP and PKI - Confirming a Signed E-Mail 3-156
PGP and PKI - Components 3-157
PGP and PKI - Certificate Authority 3-159
PGP and PKI -Key Management and Certficate Lifecycles 3-165
PGP and PKI - Problems with PKI 3-172
PGP and PKI - Trusted Platform Module (TPM) 3-174
Applying Cryptography: Summary 3-178
Module 15: Wireless Network Security 3-184
Wireless - Objective, Popularity and Usage 3-185
Wireless - Advantages and Bluetooth 3-188
Wireless - Advantages and Bluetooth - Bluetooth 3-190
Wireless - Advantages and Bluetooth - Bluetooth Security 3-191
Wireless - Advantages and Bluetooth - Bluetooth Discovery Mode 3-193
Wireless - Advantages and Bluetooth - Bluetooth Attacks 3-194
Wireless - Advantages and Bluetooth - Bluetooth Sniffing 3-196
Wireless - Advantages and Bluetooth - Protecting Bluetooth 3-198
802.11 3-202
802.11 - WEP Security Issue 3-204
 512.3 Secure Communications
802.11i - EAP (802.11i, 801.1x, EAP) 3-206
802.1x - Authentication (802.1x) 3-208
802.11i - WiFi Protected Access 3-210
802.11 - Eavesdropping 3-212
802.11 - Eavesdropping Mitigation 3-214
802.11 - Masquerading 3-217
802.11 - Masquerading Mitigation 3-219
802.11 - DoS (Denial of Service) 3-222
802.11 - DoS Attack Mitigation 3-224
802.11 - Rogue APs 3-225
802.11 - Rogue AP Mititagion 3-226
802.11 - Airborne Viruses 3-228
802.11 - Heisinki 3-230
802.11 - Airborne Viruses Mitigation 3-231
802.11 - Steps to Planning a Secure WLAN 3-232
802.11 - Protecting Wireless Network 3-234
802.11 - Management Application - Wireless Risk Acceptance 3-235
Wireless Summary 3-238
Module 16: Steganography 3-243
Steganography - Crypto vs. Stego 3-246
Steganography - Detecting Cryptography 3-238
Steganography - Histograms 3-249
Steganography - How it works 3-250
Steganography - General Types of 3-252
Steganography - Injections 3-253
Steganography - Substitutions 3-255
Steganography - S-Tools 3-256
Steganography - Embedding Data in Pixels 3-259
Steganography - General New File 3-261
Steganography - Spam Mimic 3-262
Steganography - Stego Tools 3-264
Steganography - Defending Against 3-266
Steganography - Detecting S-Tools 3-268
Steganography - Stego Summary 3-271
Module 17: Managing Privacy 3-276
Managing Privacy - Objectives 3-277
Managing Privacy - Personally Identifiable Information (PII) 3-281
Managing Privacy - Cross-sectorial Regulatory Approach to PII (Examples) 3-285
Managing Privacy - Sectorial Regulatory Approach to PII in the US (Example) 3-287
Managing Privacy - OECD Privacy Principles 3-289
Managing Privacy - 7 Reasons to have your (Privacy) Ducks in a Row 3-299
Managing Privacy - Prominent Lawsuits 3-300
Managing Privacy - Privacy Certification 3-307
Managing Privacy - Platform for Privacy (P3P) and EPAL Implementation 3-308
Managing Privacy - Privacy Summary 3-314
Module 18: Operations Security (OPSEC) 3-318
Defensive OPSEC - Management Application 3-320
Defensive OPSEC - Three Laws of Defensive 3-322
Defensive OPSEC - Weekly Assessment Cycle 3-323
Defensive OPSEC - Employee Issues 3-325
Defensive OPSEC - Employment Agreements 3-328
Defensive OPSEC - Putting It All Together 3-330
Defensive OPSEC - Sensitive Information 3-332
Offensive OPSEC 3-336
 512.3 Secure Communications
Offensive OPSEC - Extract Knowledge 3-338
Offensive OPSEC - Process 3-342
Offensive OPSEC - Code of Ethics 3-343
Offensive OPSEC - Corporate Information 3-344
Offensive OPSEC - Danger of a Web Hits Counter 3-346
Offensive OPSEC - Power Searching with GOOGLE 3-347
Offensive OPSEC - Competitive Intelligence by Example 3-349
Offensive OPSEC - whois.net 3-354
Offensive OPSEC - nslookup and tracert 3-355
Offensive OPSEC- Geobytes to Locate Datacenter 3'356
Offensive OPSEC - Intense School, Terrible 3-357
Offensive OPSEC - Wayback Machine 3-360
Offensive OPSEC - That was Fun, Lets Do It Again 3-365
Offensive OPSEC - Network Infornation (MISTI) 3-371
How to Apply OPSEC - Summary 3-320
Managerial Wisdom 3-393
Seven Habits of Highly Effectively People 3-395
Level 5 Leadership 3-397
First Who…Then What 3-398
Confront the Brutal Facts 3-399
Hedgehog 3-400
A Culture of Discipline 3-402
Flywheel 3-404
 512.3 Secure Communications

VPN's
 512.4 The Value of Information
Managing Software Security - How much security is Appropriate
Managing Software Security - Architectural Issues
Managing Software Security - Insist on Safe Defaults
Managing Software Security - Implement User Accountability
Managing Software Security - Beware of Pre-existing Software
Managing Software Security - Write Modular Code
Managing Software Security - Address Error Handing
Managing Software Security - Software Coding Errors
Managing Software Security - Specific Implementation Flaws
Managing Software Security - Code Reviews
Managing Software Security - Sound Review Process
Managing Software Security - Code Analysis Tool Options
Honeypots and Honeynets
Honeypots and Honeynets - What are Honeypots
Honeypots and Honeynets - Interation Honeypots
Honeypots and Honeynets - Why you need a Honeypot
Honeypots and Honeynets - Honeypot 172.16.1.0/24
Honeypots and Honeynets - Honeyd
Honeypots and Honeynets - Honey Tokens
Honeypots and Honeynets - LaBrea Tarpit
Honeypots and Honeynets - How LaBrea Works
Honeypots and Honeynets - Nepenthes - a Honeypot to detect/collect Malware
Honeypots and Honeynets - Detecting Honeypots
Honeypots and Honeynets - Is it Legal
Honeypots and Honeynets - Honeypot Summary
Managing Intellectual Property
Managing Intellectual Property - What is IP
Managing Intellectual Property - "Know How" makes the subtle difference
Managing Intellectual Property - Patents
Managing Intellectual Property - What is a Copyright
Managing Intellectual Property - Fair Use Copyright
Managing Intellectual Property - Copyright Battlefield
Managing Intellectual Property - Copyright Defenses
Managing Intellectual Property - Framing
Managing Intellectual Property - Organizational Policy DMCA
Managing Intellectual Property - Digital Rights Management
Managing Intellectual Property - Content Scrambling System (CSS)
Managing Intellectual Property - Sony DRM Flasco
Managing Intellectual Property - XCP/EULA
Managing Intellectual Property - Trademark or Servicemark
ManagingIntellectual Property - Brand Identity
Managing Intellectual Property - Trade Dress
Managing Intellectual Property - Why Register a Mark
Managing Intellectual Property - How do I know Something is Trademarked
Managing Intellectual Property - Attacks on Trademarks
Managing Intellectual Property - Misappropriation of Trademarks
Managing Intellectual Property - Dilution: Bluring and Tarnishing
Managing Intellectual Property - Licensing and Franchising
Managing Intellectual Property - Intangible Assets - Trade Secrets and Know How
Managing Intellectual Property - What is a Trade Secret
Managing Intellectual Property - Know How Management Proprietary
Managing Intellectual Property - Know How Business Proprietary
Managing Intellectual Property - Economic Advantage
Managing Intellectual Property - IP Valuation
 512.4 The Value of Information
Managing Intellectual Property - How to assign a value
Managing Intellectual Property - Intangible Assets
Managing Intellectual Property - IP Valuation Rights
Managing Intellectual Property -IP Valuation Database
Managing Intellectual Property - Intangible Asset Attacks
Managing Intellectual Property - Protecting the Intangibles
Managing Intellectual Property - Why is it Important to Protect Intellectual Property (IP
Managing Intellectual Property - Cybersquatting
Managing Intellectual Property - Social Cost of Intellectual Property Misuse
Managing Intellectual Property - Internal IP Attack Detect
Managing Intellectual Property - Watermark Example
Managing Intellectual Property - External IP Detection
Managing Intellectual Property - 10 Keys to Managing IP
Module 20: Incident Handling
Incident Handling - Legal Aspects
Incident Handling - What is an Incident
Incident Handling - Type of Incidents
Incident Handling - Reflector Attack
Incident Handling - Amplifier Attack
Incident Handling - Synflood
Incident Handling - Examples of a Incident
Incident Handling - 6 Steps
Incident Handling - Preparation
Incident Handling - Identification
Incident Handling - Signs of an Incident
Incident Handling - Incident Analysis
Incident Handling - Containment
Incident Handling - Eradication
Incident Handling - Recovery
Incident Handling - Follow-up
Incident Handling - Key Mistakes
Incident Handling - Putting the Steps Together
Incident Handling and the Legal System
Incident Handling and the Legal System - United States Code Title 18, Section 30
Incident Handling and the Legal System - Law Relating to (Regulatory, Criminal, Civ
Incident Handling and the Legal System - Terrorism, Infrastructure Protection
Incident Handling and the Legal System - Search/Seizure
Incident Handling and the Legal System - Arrest/False Arrest
Incident Handling and the Legal System - Evidence Must Be Admissible
Incident Handling and the Legal System - Chain of Custody
Incident Handling and the Legal System - Evidence Gathering
Incident Handling and the Legal System - Types of Evidence
Incident Handling and the Legal System - Real and Direct
Incident Handling and the Legal System - Best Evidence
Incident Handling Foundations - Summary
Module 21: Information Warfare
Information Warfare - Tools
Information Warfare - Star Wars and Perception Management
Information Warfare - Malicious code/virus blitz
Information Warfare - Irhabi
Information Warfare - Madrid Bombing
Information Warfare - The White House
Information Warfare - Could Currency be Destabilized
Information Warfare - Could a City be Destroyed
 512.4 The Value of Information
Information Warfare - Y2K
Information Warfare - Offshore Coding and SW Engneering 2007
Information Warfare - Terrorism and Economic Warfare
Information Warfare -Information Warfare Theory
Information Warfare - Zero-Sum Game
Information Warfare - Asymmetry Year 2001
Information Warfare - Cycle Time
Information Warfare - Indications and Warning
Information Warfare - Vista Scenario
Information Warfare - I & W Analysis Model
Information Warfare - Measures of Effectiveness
Information Warfare - Offensive Players
Information Warfare - Offensive Operations Goal
Information Warfare - Increase Value to Offense
Information Warfare - Auto Manufature Scenario
Information Warfare - Decrease Value to Defense
Information Warfare - Defensive Dominance Deterrence
Information Warfare - Management Application
Module 22: Disaster Recovery / Contingency
Contingency Planning - Business Continuity Plan
Contingency Planning - Diaster Recovery Plan
Contingency Planning - Classical BCP/DRP
Contingency Planning - Modern BCP/DRP
Contingency Planning - Basic Elements of Continuity Planning
Contingency Planning - Business Impact Analysis
Contingency Planning - BIA Questions
Contingency Planning - Recovery Time Objective
Contingency Planning - BCP/DRP Planning Process
Contingency Planning - Top BCP/DRP Planning Mistakes
Contingency Planning - Management Application Leading the Business Continuity Te
Module 23: Managing Ethics
Ethics - What Are Ethics
 512.1 Managing the Plant, Network & IA
Concepts of situational awareness and the fundamental sources of information that lead to BSA
Module 1:Budget Awareness and Project Management
Budget Awareness and Project Management
Business Situational Awarness
Project Management For Security Leaders

Module 2: The Network Infrastructure

The Network Infrastructure

Module 3: Computer and Network Addressing

Computer and Network Addressing

Module 4: IP Terminology and Concepts

IP Terminology and Concepts

Module 5: Offensive Vulnerability Scanning

Offensive Vulnerability Scanning
Advanced Reconnaissance and Vulnerability Scanning

Module 6: Managing Safety, Physical Security and The Procurement

Management Application Safety
Managing the Procurement Process
Managing Safety, Physical Security and Procurement
Summary

512.2 Defense-In-Depth

Module 7: Attacks Against the Enterprise

Internet Security Technologies: Introduction
Mitnick-Shimomura
Method of Attack
The Intelligent Network

Module 8: Defense-in-Depth
Defense-in-Depth
Change Management and Security
Malicious Software
Security Tool Selection
Defense-in-Depth: Summary

Module 9: Managing Security Policy

Managing Security Policy

Module 10: Access Control and Password Management

Access Control and Password Management

Module 11: Web Communication and Security

Web Communication and Security
 512.3 Secure Communications

Encryption 101
Cryptography Fundamentals
General Types of Cryptosystems
Encryption 102
Cryptography Algorithms and Concepts
Applying Cryptography
Crptography Applications, VPNs and IPSec
PGP and PKI
Applying Cryptography Summary
Wireless Network Security
Wireless Advantages and Bluetooth
802.11
Wireless Network Security: Summary
Steganography
Steganography
Operations Security (OPSEC)
Defensive OPSEC
Offensive OPSEC
Managerial Wisdom
 512.4 The Value of Information

Managing Intellectual Property

Building a Security Awarness Program
Honeypots and Honeynets
Managing Intellectual Property

Incident Handling Foundations

Incident Handling Foundations
Incident Handling and the Legal System
Incident Handling Foundations: Summary

Information Warfare
Information Warfare

Managing Ethics
Managing Ethics

IT Risk Management
Risk Management and Auditing
 512.5 Management Practicum

Managing Globally
Managing IT Business and Program Growth
Security and Organizational Structure
Managing the Total Cost of Ownership
Managing Negotiations
Fraud Management
Managing Legal Liability
Managing Privacy
Managing Technical People
Management Practicum: Summary
 9
13
41

60

101

135

207
225

269
318

343

9
11
29
87

173
203
229
277
292

298

344

431
 9
39

67

105
143
177

181
195
230

235

267
285
341
 9
19
37

123
163
183

189

241

281
 9
25
51
89
117
141
157
171
211
243
 512.1 Managing the Plant, Network IA
Business Situational Awareness 1-14
Business Situational Awareness - Tenet Nosce Know Thyself 1-18
Business Situational Awareness - Positional and Personal Authority 1-20
Business Situational Awareness - How to Budget Time 1-23
Business Situational Awareness - How to Budget Employee's Time 1-27
Business Situational Awareness - Budget Structure 1-30
Business Situational Awareness - IT Department Budgets 1-32
Business Situational Awareness - Situational Awareness Summary 1-36
Project Management For Security Leaders 1-40
Project Management - Initiation 1-42
Project Management - Scope 1-44
Project Management - Develop 1-46
Project Management - Scheduling 1-49
Project Management - Execution 1-50
Project Management - Monitoring, Controlling, Conflict 1-51
Project Management - Closing Out the Project 1-53
Project Management - PMO - Project Management Office 1-54
Module 2: The Network Infrastructure 1-59
Network Infrastructure 1-60
Network Infrastructure - OSI vs. TCP/IP 1-62
Network Infrastructure -OSI Model 1-62
Network Infrastructure -Network Components 1-63
Network Infrastructure -Hubs 1-63
Network Infrastructure -Bridges/Switches 1-64
Network Infrastructure -Attacks on Layer 2 Switches 1-64
Network Infrastructure -Spanning Tree Protocol 1-65
Network Infrastructure -Dynamic Host Configuration Protocol 1-65
Network Infrastructure -Router 1-67
Network Infrastructure -Network Attached Storage (NAS) 1-67
Network Infrastructure -VLANs 1-69
Network Infrastructure -Segmenting Your Internal Network 1-71
Network Infrastructure -Management Application - Network Partitions 1-73
Network Infrastructure -Physical and Logical Topologies 1-75
Network Infrastructure -Bus Topology 1-75
Network Infrastructure -Ring Topology 1-76
Network Infrastructure -Star Topology 1-76
Network Infrastructure -Ethernet 1-80
Network Infrastructure -Token Ring and FDDI 1-82
Network Infrastructure -Asynchronous Transfer Mode (ATM) 1-85
Network Infrastructure -Permanent Virtual Circuit (PVC) 1-86
Network Infrastructure -Switched Virtual Circuit (SVC) 1-86
Network Infrastructure -WAN Access Technologies 1-87
Network Infrastructure -VoIP Overview for Managers 1-88
Network Infrastructure -VoIP Components& Protocols 1-91
Network Infrastructure -VoIP Threats & Security 1-93
Network Infrastructure -Management Application - Questions to ask about Networks 1-96
Module 3: Computer and Network Addressing 1-101
Computing & Network Addressing - Frame and Packet Address (MAC=48 bits) 1-104
Computing & Network Addressing - MACs and OUIs 1-105
Computing & Network Addressing - The IP Address 1-105
Computing & Network Addressing - Rogue Wireless Access Points 1-107
Computing & Network Addressing - ARP Attacks 1-107
Computing & Network Addressing - Classles Internet Domain Routing - CIDR 1-109
Computing & Network Addressing - Determine the Network and the Host 1-111
 512.1 Managing the Plant, Network IA
Computing & Network Addressing - Broadcast Address 1-114
Computing & Network Addressing - Private Address 1-116
Computing & Network Addressing - Domain Name System (DNS) 1-118
Computing & Network Addressing - Static Host Tables 1-119
Computing & Network Addressing - DNS 1-121
Computing & Network Addressing - DNS - Queries 1-123
Computing & Network Addressing - DNS - Attacks 1-126
Computing & Network Addressing - DNS - Cache Poisoning 1-127
Computing & Network Addressing - DNS - Domain Hijacking 1-128
Computing & Network Addressing - DNS - Protecting 1-130
Module 4: IP Terminology and Concepts 1-135
IP Terminology and Concepts - Network Protocol - What is 1-137
IP Terminology and Concepts - TCP/IP Packets and Frames 1-139
IP Terminology and Concepts - Preamble 1-140
IP Terminology and Concepts - IP - Internet Protocol 1-142
IP Terminology and Concepts - How to Determine the Protocol 1-143
IP Terminology and Concepts - IP - Header Identified Protocol 1-144
IP Terminology and Concepts - IP Header Identifies Protocol 1-146
IP Terminology and Concepts - IP Header Key Fields 1-148
IP Terminology and Concepts - Protocol - 8 1-148
IP Terminology and Concepts - Time-to-Live TTL 1-149
IP Terminology and Concepts - Fragment Offset - 16 bits 1-149
IP Terminology and Concepts - UDP & TCP Ports 1-152
IP Terminology and Concepts - UDP Header 1-156
IP Terminology and Concepts - TCP - The Transmission Control Protocol 1-161
IP Terminology and Concepts - TCP Header 1-162
IP Terminology and Concepts - TCP Code Bits 1-164
IP Terminology and Concepts - Establishing a TCP Connection 1-166
IP Terminology and Concepts - TCP Session Open and Close 1-168
IP Terminology and Concepts - TCP Error Checking 1-169
IP Terminology and Concepts - TCP Timeouts 1-170
IP Terminology and Concepts - TCP And UDP Differences 1-171
IP Terminology and Concepts - ICMP 1-172
IP Terminology and Concepts - PING 1-174
IP Terminology and Concepts - UNIX and Windows Traceroute 1-176
IP Terminology and Concepts - Traceroute 1-178
IP Terminology and Concepts - Application Layer Security Protocol 1-179
IP Terminology and Concepts - Sniffer - What is 1-182
IP Terminology and Concepts - Reading Packets 1-185
IP Terminology and Concepts - Field OFFSET offset 0 1-185
IP Terminology and Concepts - What are the first 3 fields in a packet 1-188
IP Terminology and Concepts - What are the next 3 fields in a packet 1-190
IP Terminology and Concepts - Decoding an IP Header 1-192
IP Terminology and Concepts - What protocol is this packet and where does the protocol layer start 1-194
IP Terminology and Concepts - Decoding a TCP Header 1-196
IP Terminology and Concepts - TCP/IP & TCP Dump pocket reference guide 1-198
IP Terminology and Concepts - Reading Packets Summary 1-199
Module 5: Offensive Vulnerability Scanning 1-207
Offensive Vulnerability Scanning - 5 VM Management Axioms 1-208
Offensive Vulnerability Scanning - Primary Threat Concerns 1-209
Offensive Vulnerability Scanning - Threat Concerns 1-212
Offensive Vulnerability Scanning - Hping v3.0 - Spoofing Port Scanner 1-214
Offensive Vulnerability Scanning - p0f - Passive OS Detection 1-216
Offensive Vulnerability Scanning - Phone Scanning 1-218
 512.1 Managing the Plant, Network IA
Offensive Vulnerability Scanning - PhoneSweep 1-219
Offensive Vulnerability Scanning - TCP/IP Based Scanner Techniques 1-221
Offensive Vulnerability Scanning - Basic port/ip scanners 1-223
Offensive Vulnerability Scanning - Stealth/spoofing scanners 1-223
Offensive Vulnerability Scanning - OS Fingerprinting 1-223
Advance Reconnaissance and Vulnerability Scanning 1-225
Advance Reconnaissance and Vulnerability Scanning - Social Engineering 1-227
Advance Reconnaissance and Vulnerability Scanning - Social Engineering - Defense 1-229
Advance Reconnaissance and Vulnerability Scanning - Fire on Your Posisition 1-230
Advance Reconnaissance and Vulnerability Scanning - P2P - Firewall Subversion 1-231
Advance Reconnaissance and Vulnerability Scanning - KaZaA Firewall Subversion 1-231
Advance Reconnaissance and Vulnerability Scanning - Instant Messengers 1-234
Advance Reconnaissance and Vulnerability Scanning - Gathering Data 1-237
Advance Reconnaissance and Vulnerability Scanning - P2P and IM Controls 1-238
Advance Reconnaissance and Vulnerability Scanning - Vulnerablility Scanners 1-240
Advance Reconnaissance and Vulnerability Scanning - How to do a Vulnerability Scan 1-242
Advance Reconnaissance and Vulnerability Scanning - Nmap and Nessus, the outside view 1-248
Advance Reconnaissance and Vulnerability Scanning - Metasploit 1-251
Advance Reconnaissance and Vulnerability Scanning - Pen Test Techniques 1-253
Advance Reconnaissance and Vulnerability Scanning - Management Application - Scanning Tools 1-255
Advance Reconnaissance and Vulnerability Scanning - Vulnerablility Assessment 1-257
Advance Reconnaissance and Vulnerability Scanning - Operating System Analysis - Inside View 1-258
Advance Reconnaissance and Vulnerability Scanning - CISecurity.org 1-261
Summary of Module 5 1-263
Module 6: Managing Safety, Physical Security and the Procurement 1-269
Management Application Safety - Safety and the Computer Security Manager 1-270
Management Application Safety -Hurricane Katrina Illustrates 1-274
Management Application Safety -Smoke and Fire 1-275
Management Application Safety -Leadership and Evacuation 1-279
Management Application Safety -Richard Rescorla - Case Study 1-279
Management Application Safety -Why Evacuation Matters 1-280
Management Application Safety -Building Evacuation and Exit Plan (BEEP) 1-281
Management Application Safety -Safety Walkthrough 1-286
Management Application Safety -Physical Security - Managing 1-288
Management Application Safety -Physical Security - Locks 1-294
Management Application Safety -Physical Security - Intruder Detection 1-298
Management Application Safety -Physical Security - Resistance to Explosive 1-303
Management Application Safety -Physical Security - Power and Cooling 1-305
Management Application Safety -Physical Security - Current 1-306
Management Application Safety -Physical Security - Power to the Datacenter 1-308
Management Application Safety -Physical Security - Cooling Basics 1-310
Management Application Safety -Power and Cooling Summary 1-314
Management Application Safety -Safety and PHYSSEC Summary 1-315
Managing the Procurement Process 1-318
Managing the Procurement Process - Procurement - SWOT 1-319
Managing the Procurement Process -Procurement - Vendor and Product Selection 1-320
Managing the Procurement Process -Procurement - Price and Value 1-325
Managing the Procurement Process -Procurement - The Secret Life of a Salesperson 1-326
Managing the Procurement Process -Procurement - Analytical Hierarchy Process 1-331
Managing the Procurement Process -Procurement - Analytical Hieracy Process Summary 1-337
Managing the Procurement Process -Procurement - Vendor Selection Summary 1-339
Managing the Procurement Process -Procurement - RFP 1-340