The security market is changing rapidly, and these changes have made security management significantly more difficult. This course will teach you how to get ahead of the bad guys by looking at your infrastructure in a different light.
Most companies are "reactive" instead of "proactive" when it comes to securing their networks, resources, and data. In this course, Enterprise Security: Policies, Practices, and Procedures, you will learn how to get ahead of the bad guys by looking at your infrastructure in a different manner. First, you will get a better understanding of the landscape and how fast it is changing. Next, you will delve into industry standards, frameworks, policies, and how these can affect your environment. Finally, you will learn about what tools to use and the need for penetration testing. By the end of this course, you will know how to keep up with the changes and continue to maintain a high level of security in your environment.
Dale Meredith received his Certified Ethical Hacker and Certified EC-Counsel Instructor certifications back in 2006, as well as being a Microsoft Certified Trainer since 1998 (yes we had computers back then). Dale takes great pride in helping students comprehend and simplify complex IT concepts.
Course Overview Hey everyone. My name is Dale Meredith, and I'd like to welcome you to my course, The Fundamentals of Enterprise Security: Policies, Practices, and Procedures. Now I've been a trainer since 1998. I've specialized in Microsoft products, as well as cyber security. I have a plethora of certifications behind me. Let's just say, I kind of know what I'm talking about here. Now this course is a starting-off point for several different certifications including GCIH, ECIH, and CSA+. We're going to use this course to lay down some cornerstones to build upon in future courses within this series. Now some of the major topics that we'll talk about, first I'm going to make sure you have a good understanding of the landscape and how fast it's changing, we'll also look at some of the industry standards, their frameworks, and different types of policies, and how they can affect our environment. Of course, nothing is cool about security unless you can use some cool tools, and so we'll take a look at some of those. We'll also talk about the need for penetration testing. I'm not going to get into pen testing, but we're at least going to talk about why we need it. Now by the end of this course, you'll be able to look at your network and resource in a completely new light. You'll start to be more proactive, instead of reactive when it comes to cyber security issues. Before beginning this course, you need to make sure that you're somewhat familiar with basic networking technologies like TCP/IP and networking devices like routers and switches. I'm not going to get into any operating systems or actual commands yet, in future courses I definitely will. And then once you're done with this course, you should feel comfortable in diving into other courses within this series or even branching out a bit and look at the Ethical Hacking series. So I hope you'll join me, this is going to be an adventure in learning, and I'm going to try to make this fun and entertaining, I call it edutainment. So join me for Fundamentals in Enterprise Security: Policies, Practices, and Procedures, here at Pluralsight.
Defense in Depth: This Is Where It Begins So let's talk about how we can defend ourselves a little bit more in depth here. In this module, we'll go through and we'll talk about what do we mean by defense in depth. We'll follow that up by looking at the four levels, or the four primary levels of this aspect. Level 1 being our personnel, and how they can affect the security posture of our network. We'll also look at processes. Now I'm not talk about processes as far as CPU cycles are concerned here, I'm talking more of the aspect of what do we do when certain things take place, and that kind of relates to the personnel, what do they do when they get a piece of email that has a HTML link associated to it. We'll then talk about level 3, which is the technologies perspective, again looking at different technologies that get introduced to our network infrastructures, and how we can actually protect our network with them. And then of course we'll also look at the networks themselves. So, let's go ahead and get going.
Defense in Depth: What Tools Can You Use? Okay, so let's talk about Defense in Depth, and in particular What Tools Can We actually Use to help protect us. Well in this module, we'll go through and take a look at first of all how we break down these different tools, and how we can utilize them. We'll also talk about the concept of these different types of tools. Then we'll go through and take a look at things like IPS and HIPS or IPS and HIPS. We'll also talk about firewalls, both software and hardware based, and then we'll go through and look at both antivirus, as well as antimalware products, or at least not the products themselves, but what they're designed to do. And then of course we'll look at something that you may not be familiar with, it's called the EMET. This is actually a free product by Microsoft, a lot of people don't realize that it's there, it can actually be a great tool to help you out in protecting your infrastructure. Then we'll go through and talk about web proxies, as well as some WAFs. Now if you're not familiar with a WAF, don't worry about it, I'll make sure that you get a good grasp of it. And then we'll talk about finally A New Hope, yes, I want to queue up a particular theme music here from a particular movie that may have been called A New Hope, but for copyright issues, I can't do that, but basically what we'll do is we'll look at some of the new things that are coming at us as far as different ways of protecting our environments. Some of them are really quite creative, so let's get going.
Defense in Depth: Drill, Test, Rinse, Repeat Okay, our next step in Defense in Depth is Drill, Test, Rinse, Repeat, I got that off a shampoo bottle. Actually what we're talking about here is looking at penetration testing as a whole, and so we'll go through in this module, and we'll talk about why we actually do these penetration tests, or I'm going to shorten it up and call it a pen test. We'll look at the rules that we have to make sure that we first implement and make sure we adhere to. We'll also take a look at reverse engineering, gnireenigne esrever, and then we'll talk about the teams that are actually involved in a penetration test, and of course we'll look at the risk evaluation. So go get your ballpoint pens, whenever I do a pen test, I enjoy the gel-type pens, and let's see what we can discover here.
The Fundamentals of Frameworks, Policies, Controls, & Procedures Okay, so now let's take a look at The Fundamentals of Frameworks, Policies, Controls, and Procedures. Now we're going to go through in this course and take a look at frameworks. What they really mean and what they are. We'll actually look at different types of frameworks that are out there, and making sure you find one that meets your company's requirements. We'll talk about policies that you need to make sure that you have in place, everything from password policies, all the way down to policies concerning personnel. We'll then take a look at our controls, which is basically just a countermeasure that we would use. And we'll talk about procedures that we would implement, and that we would make sure that everyone involved is aware of. And then finally we'll take a look at quality controls and verification, which actually helps us in making sure that we keep up to date. So let's get going.