Description
Course info
Rating
(15)
Level
Beginner
Updated
Feb 3, 2017
Duration
1h 55m
Description

Pluralsight is not an official partner or accredited training center of EC-Council. One reason for security compromises is the lack of continuous monitoring to ensure assets are adequately protected. You need to know which organization assets require the most protection, but protection is only possible if you understand the threats. This course, Risks, Vulnerabilities, and Threats, will give you the skills needed to identify risks, to understand how malware and other malicious attacks are executed, and how to put effective security controls in place. When you're finished this course, you'll also know how to conduct periodic vulnerability scans in Windows and Linux to keep up with changing threats.

About the author
About the author

Daniel Lachance, CompTIA Security+™, CompTIA A+®, CompTIA Network+®, CompTIA Server+, CompTIA Cloud Essentials, MCITP, MCTS, MCSA, is the owner of Lachance IT Consulting Inc. He is the author of the CompTIA Server+ Certification All-in-One Exam Guide, CompTIA Cloud Essentials Certification Study Guide, and co-author of CompTIA Security+ Certification Practice Exams.

More from the author
Recovering from Trouble
Intermediate
1h 30m
Oct 3, 2018
Managing Microsoft Azure Subscriptions
Beginner
1h 58m
Aug 10, 2018
Network Monitoring and Analysis
Intermediate
1h 27m
Mar 28, 2018
More courses by Daniel Lachance
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hey everyone. My name is Dan Lachance, and welcome to my course, Risks, Vulnerabilities, and Threats. Doing business in today's world means using a wide variety of technological solutions, and inevitability their use introduces risk. So therefore, there are enterprise risk management frameworks that can provide guidelines for organizations to put effective security controls in place to protect their assets. There are also technical controls that can mitigate the impact of other threats like malware, but user awareness is a big part of the solution. By understanding how attackers scan systems, how they spoof packets and compromise passwords, you can better put defense mechanisms in place. Keeping IT systems secured also means that we've got to be running periodic vulnerability scans. So some of the major topics that we're going to cover in this course include risk assessments, malware types and mitigations, network reconnaissance and password attacks, conducting network vulnerability scans. As a result, by the end of this course, you'll not only gain insight as to how attackers begin infiltrating networks and hosts, but you'll also gain a sense of how do we effectively mitigate these threats. Before beginning this course, make sure you feel comfortable navigating around Windows and Linux. I hope you'll join me to learn about how to deal with security threats within the Risks, Vulnerabilities, and Threats course here at Pluralsight.

Attack Defense Tactics
Hi, I'm Dan Lachance, and in this module we'll talk about Attack Defense Tactics. This module is really designed to explore various attack techniques that get used by malicious users. Countermeasures will then be discussed so that we can minimize the damage from these attacks. So specifically, we'll start by talking about reconnaissance attacks where malicious users will seek to learn more about their intended victims, whether it's a single host or a network of hosts. We'll then talk about password attacks. If we're not using multifactor authentication, attackers will try various methods to determine what passwords are currently in use so that they can use those credentials to get into a system. We'll then discuss other common attacks. There are plenty of other attack types besides just reconnaissance and password attacks. We'll then focus on service unavailability. Normally IT technicians are concerned with service availability, but in our context here we're going to talk about denial of service, the prevention of legitimate use of a network service, hence service unavailability.