Course Prerequisites

Course Objectives

Course Outline

Unit 1 ? Course Overview

This unit, following the Allaire precedent, provides a general description of the course. It includes an overview of the security ?process?, and the layering approach to security. It ends with a description of the lab materials.

Unit 2 ? The Threat

This unit describes ? and demonstrates - the array of potential attacks and their severity.

• Purposes of attacks
• Types of attacks
• Denial of service
• Impersonation
• Buffer overflows
• Targets of attacks
  • Operating system
  • IIS
  • CGI applications (CF)
  • Databases
  • Other network devices
• Attack patterns and processes
• Information gathering
• Exploits
• ?Island-hopping?
.

Unit 3 ? Networking and Security Overview

This unit discusses the larger network infrastructure that will surround the web server, and examines different ways the server may be configured to work within that infrastructure.

• Public vs private access
• Security vs convenience
• Microsoft Networking
• DMZs and bastion hosts

Unit 4 ? A Layered Approach to Security

This unit describes in detail the general concepts to securing resources.

• Multiple redundant layers
• Minimizing privileges to the least possible
• Removing unnecessary options

Unit 5? Securing the Operating System

• Overview of Windows NT security
• Server installation checklist
• Building a bastion host

Unit 6 ? Securing IIS

• IIS installation checklist

Unit 7 ? Securing CF Applications

• CF Server configuration
  • Changing the service account
  • Disabling RDS
  • Securing the CF Administrator
• Filtering input within applications
• Code auditing

Unit 8 ? Maintaining Security

• Auditing and monitoring
• Remote console access
• Applying patches and updates
• Monitoring security issues ? public resources
• Dealing with a successful attack