CYBR303 — Computer and Information Security
Computing security including threat types, virus/malware infection, and defensive techniques such as OS security, email security, internet security, browser tools, and firewalls with hands-on practice.
Learning Objectives & Matches
Configure and harden operating system security settings and policies
Implement controls to provide security for operating systems, software, and data.
Provide customers or installation teams guidelines for implementing secure systems.
Modify computer security files to incorporate new software, correct errors, or change individual access status.
Provide technical support to computer users for installation and use of security products.
Plan, coordinate, and implement network security measures to protect data, software, and hardware.
Train users and promote security awareness to ensure system security and to improve server and network efficiency.
Configure security settings or access permissions for groups or individuals.
Identify, standardize, and communicate levels of access and security.
Develop or implement software tools to assist in the detection, prevention, and analysis of security threats.
Plan, coordinate, and implement security measures to safeguard information in computer files against accidental or unauthorized damage, modification or disclosure.
Deploy and manage firewall and intrusion detection/prevention systems
Develop or recommend network security measures, such as firewalls, network security audits, or automated security probes.
Design and implement Web site security measures, such as firewalls and message encryption.
Plan, coordinate, and implement network security measures to protect data, software, and hardware.
Monitor systems for intrusions or denial of service attacks, and report security breaches to appropriate personnel.
Train users and promote security awareness to ensure system security and to improve server and network efficiency.
Develop or implement software tools to assist in the detection, prevention, and analysis of security threats.
Analyze log files or other digital information to identify the perpetrators of network intrusions.
Implement Web site security measures, such as firewalls or message encryption.
Conduct network and security system audits, using established criteria.
Test the security of systems by attempting to gain access to networks, Web-based applications, or computers.
Analyze malware behavior, infection vectors, and remediation strategies
Implement defensive security measures including antivirus, endpoint protection, and access controls
Conduct predictive or reactive analyses on security measures to support cyber security initiatives.
Assess the quality of security controls, using performance indicators.
Implement Web site security measures, such as firewalls or message encryption.
Identify new threat tactics, techniques, or procedures used by cyber threat actors.
Develop presentations on threat intelligence.
Update corporate policies to improve cyber security.
Review security assessments for computing environments or check for compliance with cybersecurity standards and regulations.
Recommend information security enhancements to management.
Develop or recommend network security measures, such as firewalls, network security audits, or automated security probes.
Develop or implement software tools to assist in the detection, prevention, and analysis of security threats.
Conduct vulnerability assessments and security audits of computer systems
10-Week Syllabus
- Mon Course overview, CIA triad, security terminology
- Tue Threat actors: nation-states, criminal orgs, insiders, hacktivists
- Wed Attack lifecycle: reconnaissance through exfiltration
- Thu Common vulnerability types: CVEs, CWEs, CVSS scoring
- Fri Lab introduction: virtual lab environment setup (VMs, networking)
- Set up Kali Linux and Windows Server VMs in VirtualBox/VMware
- Configure isolated virtual network with pfSense gateway
Research and present a recent CVE from NVD with CVSS analysis
- Mon Linux security model: DAC, users/groups, file permissions
- Tue Linux hardening: unnecessary services, SSH configuration
- Wed SELinux/AppArmor: mandatory access controls
- Thu Linux audit framework: auditd, log analysis
- Fri Friday quiz on Week 1-2 fundamentals
- Harden a Linux server against CIS Benchmark Level 1
- Configure SELinux policies and verify enforcement
Complete CIS Benchmark checklist for Ubuntu Server; document all changes with justification
- Mon Windows security model: NTFS, ACLs, UAC
- Tue Group Policy Objects: password policies, account lockout, audit policies
- Wed Windows Defender, AppLocker, BitLocker configuration
- Thu Active Directory security fundamentals
- Fri Hands-on: GPO lab walkthrough
- Configure Windows Server Group Policy for a domain
- Implement AppLocker application whitelisting
Design a GPO security template for a small business (10 workstations, 2 servers)
- Mon Network security architecture: DMZ, segmentation, defense in depth
- Tue Firewall types: packet filtering, stateful, application-level
- Wed iptables/nftables: chain traversal, rule construction
- Thu Network Address Translation and port forwarding
- Fri Lab: building firewall rulesets
- Configure iptables rules for a multi-zone network
- Implement NAT and port forwarding for a web server
Design a firewall ruleset for a 3-tier web application (web/app/database zones)
- Mon IDS vs IPS: detection methodologies (signature, anomaly, heuristic)
- Tue Snort architecture: rules, preprocessors, output modules
- Wed Suricata: multi-threaded detection, EVE JSON logging
- Thu SIEM integration: log aggregation and correlation
- Fri Midterm exam review
- Deploy Snort with custom rules to detect common attacks
- Configure Suricata and analyze EVE JSON alerts
Write 5 custom Snort rules to detect specific attack patterns from provided PCAPs
- Mon MIDTERM EXAM (covers weeks 1-5)
- Tue Malware taxonomy: viruses, worms, trojans, ransomware, rootkits
- Wed Static analysis: file headers, strings, imports, PE structure
- Thu Dynamic analysis: sandboxing, behavioral monitoring
- Fri Anti-analysis techniques: packing, obfuscation, anti-VM
- Analyze a malware sample using static tools (strings, PEview, pestudio)
- Execute malware in REMnux sandbox and document behavior
Write a malware analysis report for a provided sample following MAEC format
- Mon Vulnerability lifecycle: discovery, disclosure, patching
- Tue Scanning tools: Nessus, OpenVAS, Qualys architecture
- Wed Scan configuration: credentialed vs uncredentialed, scope
- Thu False positive identification and validation
- Fri Remediation prioritization using CVSS and business context
- Run Nessus vulnerability scan against lab network
- Validate findings and produce a prioritized remediation report
Conduct a full vulnerability assessment of the lab environment and produce an executive summary + technical report
- Mon Email security: SPF, DKIM, DMARC, phishing detection
- Tue Web security: HTTPS, TLS configuration, certificate management
- Wed Browser security: same-origin policy, CSP, cookie security
- Thu Web application firewalls: ModSecurity, OWASP CRS
- Fri Secure communication tools and practices
- Configure TLS certificates and verify with SSL Labs
- Deploy ModSecurity WAF with OWASP Core Rule Set
Assess a web application for OWASP Top 10 vulnerabilities using browser developer tools and document findings
- Mon Security monitoring: log sources, baselines, anomaly detection
- Tue Incident response lifecycle: NIST SP 800-61 framework
- Wed Evidence collection and chain of custody
- Thu Incident documentation and post-incident review
- Fri Threat intelligence: IOCs, STIX/TAXII, threat feeds
- Analyze SIEM logs to detect and triage a simulated attack
- Execute incident response procedures for a simulated breach
Write an incident response plan for a small organization following NIST SP 800-61
- Mon Security assessment methodologies: NIST CSF, ISO 27001
- Tue Compliance frameworks: HIPAA, PCI-DSS, SOC 2 overview
- Wed Career paths in cybersecurity: certifications, roles, growth
- Thu Course review and final exam preparation
- Fri FINAL EXAM
- Conduct a comprehensive security assessment of the lab network
- Present findings and remediation plan to class
Final project: Complete security assessment report with executive summary, technical findings, and remediation roadmap