Computer Security Certificate (UA-CSC) (3 Months – 36 hours of lectures and lab works)
Certificate Objectives:
This certificate is intended for technical professionals who want to become expert in securing computing systems and web applications. Upon successful completion of the program, the UA-CSC will enable you to use the data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze computing systems and application events for the purpose of detecting and mitigating attacks against their operations.
The skills to be learned according to the National Initiative on Cybersecurity for Education (NICE) (NIST SP 800-181) are the following:
Skill in conducting vulnerability scans and recognizing vulnerabilities (S0001)
Skill in applying and incorporating information technologies into proposed solutions (S005)
Skill in applying confidentiality, integrity, and availability principles (S006)
Skill in applying Host/network access control list (S0007)
Skill in assessing the robustness of security systems and designs.
Skill in detecting host and network-based intrusions via intrusion detection technologies (S0025)
Skill in using Virtual Private Network (VPN) devises and encryption (S0059)
Skill in identifying, modifying, and manipulating applicable system components within Windows, Unix, or Linux (e.g., passwords, user accounts, files).
Skill in one-way hash functions (e.g., Secure Hash Algorithm (HAS), Message Digest Algorithm (MD5)) (S0089)
Skill in protecting a network against malware (S0079)
Skill in network hardening techniques (e.g., removing unnecessary services, password polices, network segmentation, etc.) (S0121)
The course outline of the UA-CSC is as follows:
Block 1: Overview of Computing Systems and Configuration: Week 1 (4 hours)
Overview of Operating Systems (Windows, Linux)
Overview of Virtualization Systems and Cloud Computing
Hands-on in operating system configurations and commands (2 hours)
Block 1 Test
Block 2: Introduction to Computing Systems and Vulnerability Analysis – Week 2 ( 4 hours)
Review of computing and applications attacks (virus, malware, spyware, etc.) (1 hour)
Review of Threat and Vulnerability Analysis (1 hour)
Hands-on lunch computing system and application attacks (2 hours)
Block 2 Test
Block 3: Computing System Access Control and Management: - Week 3 ( 4 hours)
Access Control Techniques
One-way Hash Functions and Encryptions
VPN Tools
Hands-on in using these monitoring tools (4 hours)
Block 3 Test
Block 4: Computing System Monitoring Tools: - Weeks 4 and 5 ( 8 hours)
Network Monitoring Tools
OSSEC
Nagios
Hands-on in using computing system monitoring tools (4 hours)
Block 4 Test
Block 5: Computing System Vulnerability Analysis – Weeks 6 ( 4 hours)
Computing Vulnerability Analysis Tools
Hands on using a vulnerability analysis tools
Block 5 Test
Block 6: Computer Hijacking Control and Attacks – Weeks 7 & 8 ( 8 hours)
Buffer Overflow
Integer/Formatting Attacks
Browser Exploitations and Attacks
Phishing and mail Attacks
Rootkits
Cross-site scripting attacks
Hands on launching network attacks
Block 6 Test
Block 7: Computer Security Tools – Week 9 & 10 (4 hours)
Host-based Signature Based Intrusion Detection Systems
Snort
Suricata
Anomaly based Host-based IDS
Hands on using Host-based IDS tools
Block 7 Test
Block 8: Secure Computing System Design and Configuration – Week 11 & 12 (8 hours)
Computing System attack mitigation strategies
Secure Computing system Designs and configurations
Hands on using hardening computing systems design tools
Block 8 Test