O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CISSP Video Course

Video Description

The fast, powerful way to prepare for your CISSP exam!

30+ hours of personal video training from leading security expert Shon Harris

Achieving the (ISC)2’s globally recognized CISSP can give your IT career a lift. In this DVD, the world’s #1 CISSP trainer brings her legendary five-day boot camp to your computer screen. Packed with over 30 hours of instruction adapted from Shon’s classes, this video course includes realistic labs, scenarios, case studies, and animations designed to build and test your knowledge in real-word settings. Preparing for the CISSP has never been this easy or convenient.

Master the skills and concepts you need for all ten CISSP common body of knowledge domains:

  • Access Control

  • Application Security

  • Business Continuity and Disaster Recovery Planning

  • Cryptography

  • Information Security and Risk Management

  • Legal, Regulations, Compliance, and Investigations

  • Operations Security

  • Physical (Environmental) Security

  • Security Architecture and Design

  • Telecommunications and Network Security

  • System Requirements

    OPERATING SYSTEM: Windows 2000, XP, or Vista; Mac OS X 10.4 (Tiger) or later
    MULTIMEDIA: DVD drive; 1024 x 768 or higher display; sound card with speakers
    COMPUTER: 500MHz or higher CPU; 128MB RAM or more

    Table of Contents

    1. None
      1. Introduction 00:07:24
      2. Introduction 00:01:32
    2. Domain 1 — Information Security and Risk Management
      1. Information Security and Risk Management 00:01:32
      2. Mainframe Days 00:03:17
      3. Today’s Environment 00:01:36
      4. Security Definitions 00:02:01
      5. Examples of Some Vulnerabilities that Are Not Always Obvious 00:02:10
      6. Risk — What Does It Really Mean? 00:02:10
      7. Relationships 00:02:02
      8. Who Deals with Risk? 00:03:32
      9. AIC Triad 00:03:33
      10. Who Is Watching? 00:02:05
      11. Social Engineering 00:04:06
      12. What Security People Are Really Thinking 00:01:14
      13. Security Concepts 00:01:00
      14. Security? 00:04:57
      15. The Bad Guys Are Motivated 00:02:38
      16. Open Standards 00:01:56
      17. Without Standards 00:01:04
      18. Controls 00:04:42
      19. Holistic Security 00:03:38
      20. Different Types of Law 00:03:22
      21. How Is Liability Determined? 00:01:22
      22. Due Diligence and Due Care 00:02:01
      23. Prudent Person Rule 00:05:14
      24. Risk Management 00:06:34
      25. Planning Stage — Scope 00:02:04
      26. Planning Stage — Analysis Method 00:01:01
      27. Risk Management Tools 00:01:50
      28. Defining Acceptable Levels 00:02:24
      29. Acceptable Risk Level 00:00:52
      30. Collecting and Analyzing Data Methods 00:01:04
      31. What Is a Company Asset? 00:00:48
      32. Data Collection — Identify Assets 00:01:01
      33. Data Collection — Assigning Values 00:01:34
      34. Asset Value 00:01:03
      35. Data Collection — Identify Threats 00:01:20
      36. Data Collection — Calculate Risks 00:01:38
      37. Scenario Based — Qualitative 00:00:43
      38. Risk Approach 00:00:40
      39. Qualitative Analysis Steps 00:00:56
      40. Want Real Answers? 00:00:53
      41. Qualitative Risk Analysis 00:03:17
      42. ARO Values 00:07:46
      43. Can a Purely Quantitative Analysis Be Accomplished? 00:01:25
      44. Risk Types 00:00:39
      45. Losses 00:01:25
      46. Cost/Benefit Analysis 00:00:58
      47. Cost of a Countermeasure 00:01:21
      48. Cost/Benefit Analysis Countermeasure Criteria 00:02:55
      49. Calculating Cost/Benefit 00:01:01
      50. Controls II 00:02:01
      51. Quantitative Analysis 00:02:58
      52. Can You Get Rid of All Risk? 00:02:34
      53. Uncertainty Analysis 00:01:11
      54. Dealing with Risk 00:01:20
      55. Management’s Response to Identified Risks 00:01:51
      56. Risk Acceptance 00:01:42
      57. Risk Analysis Process Summary 00:01:09
      58. Components of Security Program 00:00:49
      59. A Layered Approach 00:01:22
      60. In Security, You Never Want Any Surprises 00:00:52
      61. Building Foundation 00:00:46
      62. Security Roadmap 00:03:30
      63. Functional and Assurance Requirements 00:00:56
      64. Most Organizations 00:04:14
      65. Silo Security Structure 00:02:27
      66. Security Is a Process 00:01:06
      67. Approach to Security Management 00:01:05
      68. Result of Battling Management 00:00:27
      69. Industry Best Practices Standards 00:01:29
      70. Pieces and Parts 00:00:54
      71. Numbering 00:01:11
      72. New ISO Standards 00:01:27
      73. COBIT 00:02:23
      74. Measurements 00:00:29
      75. Information Technology Infrastructure Library 00:01:54
      76. Security Governance 00:05:00
      77. Security Program Components 00:00:28
      78. Policy Framework 00:05:13
      79. Standards 00:03:32
      80. Data Collection for Metrics 00:02:26
      81. Tying Them Together 00:01:45
      82. Entity Relationships 00:00:13
      83. Senior Management’s Role 00:01:05
      84. Security Roles 00:04:07
      85. Information Classification 00:00:55
      86. Data Leakage 00:00:45
      87. Do You Want to End Up In the News? 00:00:53
      88. Types of Classification Levels 00:00:47
      89. Data Protection Levels 00:00:53
      90. Classification Program Steps 00:03:04
      91. Classification Levels 00:03:14
      92. Information Owner Requirements 00:00:50
      93. Clearly Labeled 00:01:01
      94. Testing Classification Program 00:00:59
      95. Employee Management 00:00:18
      96. Employee Position and Management 00:00:47
      97. Hiring and Firing Issues 00:02:36
      98. Unfriendly Termination 00:02:13
      99. Security Awareness and Training 00:01:52
      100. Training Characteristics 00:01:13
      101. Security Enforcement Issues 00:00:53
      102. Answer This Question 00:02:19
      103. Domain 1 Review 00:03:12
    3. Domain 2 — Access Control
      1. Access Control 00:00:39
      2. Agenda 1 00:01:16
      3. Access Control Mechanism Examples 00:01:03
      4. Technical Controls 00:00:54
      5. Access Control Characteristics 00:03:25
      6. Preventive Controls 00:03:01
      7. Control Combinations 00:00:15
      8. Detective — Administrative Control 00:02:08
      9. Detective Examples 00:00:48
      10. Administrating Access Control 00:03:01
      11. Authorization Creep 00:00:59
      12. Accountability and Access Control 00:01:26
      13. Trusted Path 00:03:00
      14. Fake Login Pages Look Convincing 00:01:44
      15. Who Are You? 00:02:08
      16. Identification Issues 00:00:48
      17. Authentication Mechanisms Characteristics 00:00:44
      18. Strong Authentication 00:02:01
      19. Fraud Controls 00:02:41
      20. Internal Control Tool: Separation of Duties 00:01:14
      21. Authentication Mechanisms in Use Today 00:03:08
      22. Verification Steps 00:01:12
      23. What a Person Is 00:00:21
      24. Why Use Biometrics? 00:01:01
      25. Identification or Authentication? 00:01:21
      26. Iris Sampling 00:00:40
      27. Finger Scan 00:00:58
      28. Hand Geometry 00:04:03
      29. Downfalls to Biometric Use 00:00:54
      30. Biometrics Error Types 00:01:59
      31. Crossover Error Rate 00:01:45
      32. Biometric System Types 00:02:52
      33. Passwords 00:05:06
      34. Password Attacks 00:01:05
      35. Attack Steps 00:02:50
      36. Many Tools to Break Your Password 00:00:53
      37. Rainbow Table 00:01:27
      38. Passwords Should NOT Contain… 00:01:26
      39. Countermeasures for Password Cracking 00:01:06
      40. Cognitive Passwords 00:00:47
      41. One-Time Password Authentication 00:01:36
      42. Synchronous Token 00:01:02
      43. One Type of Solution 00:03:09
      44. Administrator Configures 00:00:13
      45. Challenge Response Authentication 00:04:17
      46. Asynchronous Token Device 00:03:27
      47. Challenge Response Authentication 00:00:21
      48. Cryptographic Keys 00:00:44
      49. Passphrase Authentication 00:01:30
      50. Key Protection 00:00:25
      51. Memory Cards 00:01:25
      52. Memory Card Characteristics 00:00:25
      53. Smart Card 00:00:56
      54. Characteristics 00:01:09
      55. Card Types 00:00:50
      56. Smart Card Attacks 00:01:34
      57. Software Attack 00:01:02
      58. Side Channel Attack 00:01:19
      59. Side Channel Data Collection 00:00:51
      60. Microprobing 00:00:53
      61. Identity Management 00:02:19
      62. How Are These Entities Controlled? 00:00:55
      63. Some Current Issues 00:01:22
      64. Management 00:03:01
      65. Typical Chaos 00:00:49
      66. Different Identities 00:01:45
      67. Identity Management Technologies 00:00:48
      68. Directory Component 00:01:17
      69. Enterprise Directory 00:00:48
      70. Directory Responsibilities 00:01:03
      71. Authoritative Sources 00:01:47
      72. Meta Directory 00:02:26
      73. Directory Interactions 00:01:46
      74. Web Access Management 00:01:27
      75. Web Access 00:05:09
      76. Password Management 00:02:21
      77. Legacy Single Sign-On 00:02:47
      78. Account Management Systems 00:02:23
      79. Provisioning Component 00:04:42
      80. Profile Update 00:01:29
      81. Working Together 00:03:29
      82. Enterprise Directory 00:01:00
      83. Identity Management Solution Components 00:02:52
      84. Federated Identity 00:02:59
      85. Identity Theft 00:01:19
      86. Fake Login Tools 00:02:17
      87. Instructional Emails 00:01:26
      88. Knowing What You Are Disposing of Is Important 00:01:18
      89. Other Examples 00:00:46
      90. Another Danger to Be Aware of… Spyware 00:02:07
      91. Is Someone Watching You? 00:02:11
      92. What Does This Have to Do with My Computer? 00:01:37
      93. New Spyware Is Being Identified Every Week 00:01:09
      94. How to Prevent Spyware 00:01:19
      95. Different Technologies 00:00:57
      96. Single Sign-on Technology 00:04:21
      97. Security Domain 00:01:27
      98. Domains of Trust 00:01:03
      99. Thin Clients 00:00:59
      100. Example 00:01:13
      101. Kerberos as a Single Sign-on Technology 00:13:13
      102. Tickets 00:03:43
      103. Why Go Through All of this Trouble? 00:01:02
      104. Issues Pertaining to Kerberos 00:01:25
      105. Kerberos Issues 00:01:31
      106. SESAME as a Single Sign-on Technology 00:00:38
      107. SESAME Steps for Authentication 00:02:18
      108. Combo 00:01:22
      109. Models for Access 00:00:54
      110. Access Control Models 00:01:00
      111. ACL Access 00:01:51
      112. File Permissions 00:01:09
      113. Security Issues 00:01:20
      114. Mandatory Access Control Model 00:01:50
      115. MAC Enforcement Mechanism — Labels 00:02:06
      116. Formal Model 00:00:57
      117. Software and Hardware 00:00:58
      118. Software and Hardware Guards 00:02:25
      119. MAC versus DAC 00:01:14
      120. Role-Based Access Control 00:01:14
      121. RBAC Hierarchy 00:03:17
      122. Rule-Based Access Control 00:02:16
      123. Firewall Example 00:00:14
      124. Access Control Matrix 00:02:11
      125. Temporal Access Control 00:00:54
      126. Access Control Administration 00:02:13
      127. Remote Centralized Administration 00:01:35
      128. RADIUS 00:01:34
      129. RADIUS Characteristics 00:01:17
      130. TACACS+ Characteristics 00:01:36
      131. Diameter Characteristics 00:02:27
      132. Diameter Protocol 00:01:01
      133. Mobile IP 00:01:36
      134. Diameter Architecture 00:01:41
      135. Two Pieces 00:01:09
      136. AVP 00:03:46
      137. Decentralized Access Control Administration 00:01:45
      138. Controlling Access to Sensitive Data 00:04:51
      139. IDS 00:02:19
      140. IDS Steps 00:01:26
      141. Network IDS Sensors 00:02:00
      142. Host IDS 00:01:31
      143. Combination 00:01:38
      144. Types of IDSs 00:02:32
      145. Signature-Based Example 00:02:29
      146. Behavior-Based IDS 00:03:32
      147. Statistical Anomaly 00:01:05
      148. Statistical IDS 00:00:45
      149. Protocol Anomaly 00:01:45
      150. What Is a Protocol Anomaly? 00:01:30
      151. Protocol Anomaly Issues 00:00:48
      152. Traffic Anomaly 00:03:47
      153. IDS Response Mechanisms 00:01:10
      154. Responses to Attacks 00:01:37
      155. IDS Issues 00:04:38
      156. Vulnerable IDS 00:02:30
      157. Domain 2 Review 00:02:29
    4. Domain 3 — Cryptography
      1. Cryptography 00:01:58
      2. Services Provided by Cryptography 00:01:13
      3. Cryptographic Definitions 00:01:15
      4. Cipher 00:01:36
      5. A Few More Definitions 00:02:33
      6. Symmetric Cryptography — Use of Secret Keys 00:01:23
      7. Scytale Cipher 00:01:03
      8. Substitution Ciphers 00:01:55
      9. Simple Substitution Cipher Atbash 00:01:31
      10. Caesar Cipher Example 00:01:47
      11. Simple Substitution Cipher ROT13 00:01:33
      12. Historical Uses 00:02:10
      13. Vigenere Algorithm 00:01:54
      14. Enigma Machine 00:05:45
      15. Historical Uses of Symmetric Cryptography — Running Key and Concealment 00:03:01
      16. Agenda 1 00:00:15
      17. Transposition Ciphers 00:01:15
      18. Key and Algorithm Relationship 00:04:22
      19. Ways of Breaking Cryptosystems — Brute Force 00:01:53
      20. Brute Force Components 00:00:44
      21. Ways of Breaking Cryptosystems — Frequency Analysis 00:01:40
      22. Strength of a Cryptosystem 00:02:17
      23. Developing Cryptographic Solutions In-House 00:01:15
      24. Characteristics of Strong Algorithms 00:02:48
      25. Open or Closed More Secure? 00:01:23
      26. Types of Ciphers Used Today 00:01:48
      27. S-Boxes Used in Block Ciphers 00:01:33
      28. Binary Mathematical Function 1 00:01:25
      29. Type of Symmetric Cipher — Stream Cipher 00:01:43
      30. Symmetric Characteristics 00:00:47
      31. Initialization Vectors 00:01:42
      32. Security Holes 00:05:07
      33. Strength of a Stream Cipher 00:02:32
      34. Out-of-Band Transmission 00:01:57
      35. Symmetric Key Management Issue 00:03:26
      36. Asymmetric Cryptography 00:00:57
      37. Key Functions 00:00:55
      38. Public Key Cryptography Advantages 00:02:53
      39. Asymmetric Algorithm Disadvantages 00:01:14
      40. Confusing Names 00:01:39
      41. Symmetric versus Asymmetric 00:00:59
      42. Questions 1 00:04:29
      43. When to Use Which Key 00:02:23
      44. Encryption Steps 00:02:28
      45. Receiver’s Public Key Is Used to Encrypt the Symmetric Key 00:00:42
      46. Receiver’s Private Key Is Used to Decrypt the Symmetric Key 00:01:16
      47. Digital Envelope 00:01:07
      48. Secret versus Session Keys 00:01:01
      49. Asymmetric Algorithms We Will Dive Into 00:01:29
      50. Diffie-Hellman 00:05:06
      51. Key Agreement Schemes 00:00:49
      52. Asymmetric Algorithm — RSA 00:01:35
      53. Factoring Large Numbers 00:01:57
      54. RSA Operations 00:01:08
      55. RSA Key Size 00:01:01
      56. El Gamal 00:02:42
      57. Asymmetric Mathematics 00:03:34
      58. Asymmetric Security 00:00:46
      59. Mathematics 00:06:55
      60. Block Cipher 00:01:07
      61. Double DES 00:01:36
      62. Evolution of DES 00:00:59
      63. Modes of 3DES 00:01:14
      64. Encryption Modes 00:01:42
      65. Block Cipher Modes — CBC 00:02:29
      66. Different Modes of Block Ciphers — ECB 00:01:29
      67. ECB versus CBC 00:00:31
      68. Block Cipher Modes — CFB and OFB 00:04:06
      69. CFB and OFB Modes 00:01:42
      70. Counter Mode 00:02:47
      71. Modes Summary 00:01:46
      72. Symmetric Ciphers 00:03:44
      73. Data Integrity 00:00:52
      74. Hashing Steps 00:01:06
      75. Protecting the Integrity of Data 00:01:01
      76. Hashing Algorithms 00:02:22
      77. Data Integrity Mechanisms 00:01:23
      78. Hashing Strength 00:00:35
      79. Question 1 00:00:22
      80. Weakness In Using Only Hash Algorithms 00:00:44
      81. More Protection In Data Integrity 00:00:40
      82. MAC 00:01:12
      83. HMAC — Sender 00:01:50
      84. Another Look 00:01:03
      85. What Services 00:01:03
      86. CBC-MAC 00:01:42
      87. MAC Using Block Ciphers 00:00:59
      88. Integrity? 00:01:00
      89. What Services? 00:01:30
      90. Question 2 00:01:26
      91. Digital Signatures 00:02:43
      92. U.S. Government Standard 00:01:04
      93. What Is… 00:00:20
      94. Not Giving Up the Farm 00:00:52
      95. Zero Knowledge Proof 00:01:07
      96. Message Integrity Controls 00:01:01
      97. Security Issues In Hashing 00:01:22
      98. Example of a Birthday Attack 00:03:00
      99. Birthday Attack Issues 00:00:52
      100. Key Management 00:02:50
      101. Key Usage 00:02:13
      102. M-of-N 00:01:47
      103. Key Types 00:01:22
      104. Why Do We Need a PKI? 00:01:17
      105. PKI and Its Components 00:02:51
      106. RA Roles 00:02:29
      107. CA 00:02:10
      108. Digital Certificates 00:02:25
      109. Certificate 00:00:45
      110. Signing the Certificate 00:00:52
      111. Verifying the Certificate 00:03:34
      112. Trusted CA’s 00:01:30
      113. Non-Trusted CA 00:03:29
      114. What Do You Do with a Certificate? 00:05:01
      115. Components of PKI, Repository, and CRLs 00:02:21
      116. Revoked? 00:01:50
      117. CRL Process 00:02:45
      118. Different Uses for Certificates 00:02:12
      119. Cross Certification 00:02:58
      120. PKI and Trust 00:01:41
      121. Historical Uses of Symmetric Cryptography 00:01:31
      122. Binary Mathematical Function 2 00:02:19
      123. One-Time Pad in Action 00:00:45
      124. One-Time Pad Characteristics 00:03:32
      125. Steganography 00:01:57
      126. Digital Watermarking 00:01:11
      127. Link versus End-to-End Encryption 00:03:02
      128. End-to-End Encryption 00:01:28
      129. Encryption Location 00:01:15
      130. Email Standards 00:02:16
      131. You Decide 00:02:40
      132. Non-Hierarchical 00:01:48
      133. Secure Protocols 00:02:18
      134. SSL Connection Setup 00:04:13
      135. Example — SSL 00:01:09
      136. Validating Certificate 00:00:58
      137. Secure Protocols (Cont.) 00:02:16
      138. SSL and the OSI Model 00:01:57
      139. E-Commerce 00:04:15
      140. How Are You Doing? 00:01:28
      141. Secure Email Standard 00:02:05
      142. Network Layer Protection 00:02:58
      143. IPSec Key Management 00:01:48
      144. IPSec Handshaking Process 00:01:00
      145. VPN Establishment 00:01:55
      146. SAs In Use 00:03:04
      147. Key Issues within IPSec 00:01:52
      148. Configuration of SA Parameters 00:00:32
      149. IPSec Configuration Options 00:00:45
      150. IPSec Is a Suite of Protocols 00:03:17
      151. AH and ESP Modes 00:02:13
      152. IPSec Modes of Operation 00:01:14
      153. VPN Establishment (Cont.) 00:02:04
      154. Review 00:02:08
      155. Questions 2 00:02:20
      156. Attack Types 00:00:43
      157. Attacks on Cryptosystems 00:01:23
      158. Known-Plaintext Attack 00:01:53
      159. Chosen-Plaintext Attack 00:01:11
      160. Chosen-Ciphertext Attack 00:02:01
      161. Adaptive Attacks 00:01:00
      162. Side Channel Attacks 00:01:17
      163. Domain 3 Review 00:03:12
    5. Domain 4 — Physical Security
      1. Physical Security 00:01:29
      2. Different Types of Threats 00:00:42
      3. Wake Up Call 00:01:35
      4. Legal Issues 00:00:55
      5. Physical Security Program Goals 00:01:41
      6. Planning Process 00:02:10
      7. Deterrence 00:01:35
      8. Delay 00:00:19
      9. Layered Defense Model 00:01:53
      10. Weak Link In the Chain 00:00:41
      11. Threat Categories 00:01:20
      12. Crime Prevention Through Environmental Design 00:06:35
      13. Construction Materials 00:07:40
      14. Security Zones 00:06:43
      15. Entrance Protection 00:09:06
      16. Perimeter Security — Security Guards 00:08:10
      17. Types of Physical Intrusion Detection Systems 00:05:24
      18. Alarm Systems 00:07:11
      19. Electrical Power 00:09:21
      20. Fire Prevention 00:16:13
      21. Domain 4 Review 00:08:11
    6. Domain 5 — Security Architecture and Design
      1. Security Architecture and Design 00:02:42
      2. Central Processing Unit (CPU) 00:01:40
      3. Registers 00:03:42
      4. Trust Levels and Processes 00:03:37
      5. Interrupts 00:04:31
      6. Bussses 00:02:40
      7. Multiprocessing and Multitasking 00:08:55
      8. Memory Types 00:16:33
      9. CPU and OS 00:24:15
      10. Trusted Computing Base 00:15:30
      11. Security Levels 00:05:06
      12. Enterprise Architecture 00:21:03
      13. Access Control Models 00:06:47
      14. Bell-LaPadula 00:13:44
      15. Clark-Wilson Model 00:04:53
      16. Non-Interference Model 00:04:51
      17. Access Control Matrix Model 00:05:40
      18. Trusted Computer System Evaluation Criteria (TCSEC) 00:15:31
      19. Domain 5 Review 00:23:57
    7. Domain 6 — Law, Investigation and Ethics
      1. Law, Investigation and Ethics 00:01:42
      2. Examples of Computer Crimes 00:01:00
      3. Who Perpetrates These Crimes? 00:03:11
      4. A Few Attack Types 00:04:49
      5. Privacy of Sensitive Data 00:05:31
      6. Different Types of Laws 00:05:28
      7. Computer Crime and Its Barriers 00:13:18
      8. Preparing for a Crime Before It Happens 00:25:08
      9. Domain 6 Review 00:10:04
    8. Domain 7 — Telecommunications and Networking
      1. Telecommunications and Networking 00:00:48
      2. OSI Model 00:03:09
      3. Networking Communications 00:04:22
      4. Application Layer 00:02:33
      5. Presentation Layer 00:02:37
      6. OSI — Session Layer 00:03:12
      7. Transport Layer 00:03:00
      8. Network Layer 00:02:46
      9. Data Link Layer 00:05:52
      10. Physical Layer 00:01:33
      11. Layers Working Together 00:10:43
      12. Network Topologies 00:06:32
      13. LAN Media Access Technologies 00:02:45
      14. Media Access Technologies 00:13:02
      15. Cabling Types-Coaxial 00:01:39
      16. Cabling Types — Twisted Pair 00:01:51
      17. Types of Cabling — Fiber 00:01:47
      18. Signal and Cable Issues 00:01:56
      19. Transmission Types 00:11:52
      20. Network Technologies 00:03:48
      21. Networking Devices 00:06:20
      22. Virtual LANs 00:04:31
      23. Sniffers 00:03:13
      24. Networking Devices — Router 00:02:15
      25. Hops 00:00:56
      26. Routers 00:00:49
      27. Bridges Compared to Routers 00:01:29
      28. Port and Protocol Relationship 00:05:24
      29. TCP/IP Suite 00:01:09
      30. UDP versus TCP 00:02:29
      31. TCP Segment 00:00:50
      32. SYN Flood 00:03:29
      33. Teardrop Attack 00:02:05
      34. Source Routing 00:01:03
      35. Source Routing Types 00:00:52
      36. IP Address Ranges 00:02:56
      37. IPv6 00:02:25
      38. Protocols 00:00:11
      39. Protocols — ARP 00:01:09
      40. IP to MAC Mapping 00:00:50
      41. How ARP Works 00:01:27
      42. ARP Poisoning 00:01:13
      43. ICMP Packets 00:01:22
      44. A Way Hackers Use ICMP 00:01:19
      45. Ping Steps 00:01:30
      46. Protocols — SNMP 00:00:49
      47. SNMP In Action 00:03:20
      48. SNMP 00:01:48
      49. SNMP Output 00:00:58
      50. POP3 and SMTP 00:01:20
      51. Mail Relay 00:02:00
      52. Protocols — FTP, TFTP, Telnet 00:02:36
      53. Protocols — RARP and BootP 00:01:18
      54. DHCP — Dynamic Host Configuration Protocol 00:01:04
      55. Networking Device — Bastion Host 00:04:01
      56. Network Devices — Firewalls 00:06:37
      57. Rule Set Example 00:01:22
      58. Firewall Types — Proxy Firewalls 00:01:50
      59. Firewall Types — Circuit-Level Proxy Firewall 00:01:48
      60. Circuit-Level Proxy 00:05:44
      61. Dedicated Proxy Servers 00:21:54
      62. Dial-Up Protocols and Authentication Protocols 00:04:55
      63. Authentication Protocols 00:08:07
      64. Virtual Private Network Technologies 00:19:32
      65. SDLC and HDLC 00:04:42
      66. Quality of Service (QoS) 00:02:37
      67. Autonomous Systems 00:02:04
      68. Routing Protocols 00:10:53
      69. Routing Protocol Attacks 00:17:26
      70. Network Service — NAT 00:06:32
      71. WAN Technologies Are Circuit or Packet Switched 00:01:10
      72. PSTN 00:02:24
      73. Multiplexing 00:01:40
      74. Types of Multiplexing 00:04:02
      75. Packet Switching 00:03:52
      76. WAN Technologies — Packet Switched 00:00:17
      77. WAN Technologies — X.25 00:00:54
      78. X.25 00:01:09
      79. WAN Technologies — Frame Relay 00:01:47
      80. WAN Example 00:00:44
      81. Frame Relay 00:02:26
      82. WAN Technologies — ATM 00:01:21
      83. Cell Switching 00:00:46
      84. Wide Area Network Technologies 00:05:50
      85. WAN Technologies — Cable Modem 00:01:37
      86. Cable Modems and Satellites 00:03:38
      87. Network Perimeter Security 00:01:03
      88. Complexity Only Increases 00:01:04
      89. Agenda 9 00:01:21
      90. PSTN (Cont.) 00:01:54
      91. Private Branch Exchange 00:01:50
      92. PBX Vulnerabilities 00:01:33
      93. PBX Best Practices 00:01:44
      94. IP Telephony 00:14:39
      95. Mobile Phone Security 00:01:23
      96. Mobile Device Security 00:01:22
      97. Cell Phone 00:02:40
      98. Wireless Technologies 00:15:20
      99. OFDM 00:02:52
      100. 802.11n 00:01:09
      101. Wireless Technologies — Access Point (Cont.) 00:01:01
      102. Architectures 00:00:46
      103. Wireless Technologies — Service Set ID 00:01:46
      104. Authenticating to an AP 00:01:03
      105. 802.11 Authentication 00:02:27
      106. Wireless Technologies — WEP Woes 00:07:43
      107. 802.11 Security Solutions 00:10:40
      108. Types of 802.11 Security 00:03:30
      109. Wireless EAP 00:23:20
      110. Wireless Technologies — WAP and WTLS 00:03:52
      111. Instant Messaging 00:03:02
      112. Domain 7 Review 00:01:40
    9. Domain 8 — Business Continuity
      1. Business Continuity 00:01:06
      2. Needs for BCP 00:03:49
      3. 9/11 Changed Mentalities About BCP 00:03:07
      4. Do We Have a Plan? 00:02:15
      5. What Is the Purpose of a BCP? 00:02:26
      6. More Reasons to Have Plans in Place 00:02:41
      7. BCP Is a Core Component of Every Security Program 00:01:01
      8. Steps of BCP Process 00:01:57
      9. Different BCP Model 00:01:15
      10. Documentation 00:01:08
      11. BCP Policy Outlines 00:01:43
      12. Who Is In Charge and Who Can We Blame? 00:01:52
      13. What’s Needed In a Team? 00:00:51
      14. BCP Development Team 00:01:31
      15. Project Sizing 00:01:44
      16. Properly Determining Scope Is Important 00:00:50
      17. BCP Risk Analysis Steps 00:02:11
      18. BIA Steps 00:01:28
      19. Information from Different Sources 00:01:18
      20. Analysis 00:01:31
      21. How to Identify the Most Critical Company Functions 00:02:46
      22. Interdependencies 00:00:45
      23. Well, Of Course an Organization Knows How It Works! 00:00:54
      24. Business Silos 00:05:42
      25. Maximum Tolerable Downtime 00:05:30
      26. Range of Threats to Consider 00:02:42
      27. Thinking Outside of the Box What If… 00:00:55
      28. Biological Threats 00:00:46
      29. BIA Steps (Cont.) 00:00:56
      30. Potential Disasters 00:02:26
      31. Risk Approach 00:03:28
      32. What Have We Completed Up to Now? 00:02:39
      33. Recovery Strategies 00:01:17
      34. Alternate Business Process Procedures 00:02:36
      35. Business Process Reconstruction 00:01:46
      36. Recovery Strategies 00:00:55
      37. Facility Backups 00:02:33
      38. Compatibility Issues with Offsite Facility 00:02:04
      39. Tertiary Sites 00:00:56
      40. Subscription Costs 00:02:17
      41. Multiple Processing Centers 00:01:03
      42. Choosing Site Location 00:00:56
      43. Other Offsite Approaches 00:01:51
      44. Security Does Not Stop 00:01:12
      45. More Options 00:02:01
      46. Rolling Hot Site 00:00:58
      47. Recovery Strategies (Cont.) 00:00:41
      48. Supply and Technology Recovery 00:01:44
      49. VoIP 00:01:07
      50. Equipment Replacement 00:03:23
      51. What Items Need to Be Considered? 00:01:31
      52. Priorities 00:01:05
      53. Executive Succession Planning 00:01:29
      54. Recovery Strategies (Cont.) 00:03:14
      55. Co-Location 00:00:51
      56. Data Recovery 00:01:52
      57. Backup Redundancy 00:01:52
      58. Recovering Data 00:00:41
      59. Automated Backup Technologies 00:02:05
      60. Tape Vaulting 00:02:40
      61. Clustering for Fault Tolerance 00:01:30
      62. Disk or Database Shadowing 00:05:28
      63. Cost and Recovery Times 00:02:04
      64. Recovery Solutions 00:00:48
      65. Preventative Measures 00:01:18
      66. Reviewing Insurance 00:00:50
      67. Results from the BIA 00:01:42
      68. Basic Structure of BCP 00:04:04
      69. External Groups 00:01:29
      70. Activation Phase 00:07:51
      71. Reconstitution Phase 00:02:37
      72. Who Goes First? 00:00:56
      73. Disaster Hit — Now What? 00:01:05
      74. Termination of BCP 00:01:05
      75. Life Cycle 00:02:12
      76. Types of Tests to Choose From 00:03:49
      77. Test Objectives 00:01:02
      78. Training Requirements 00:01:58
      79. What Is Success? 00:00:51
      80. Out of Date? 00:01:01
      81. Keeping It Current 00:00:52
      82. Change Control 00:00:58
      83. Resulting Plan Should Contain… 00:01:24
      84. Phases of the BCP 00:00:54
      85. Domain 8 Review 00:03:16
    10. Domain 9 — Application Security
      1. Application Security 00:01:24
      2. How Did We Get Here? 00:00:50
      3. Why Are We Not Improving at a Higher Rate? 00:01:54
      4. Usual Trend of Dealing with Security 00:02:17
      5. Software Development Tools 00:02:48
      6. Security Issues 00:01:12
      7. Language Types 00:04:06
      8. Turn Into Machine Code 00:01:16
      9. New and Old 00:00:55
      10. Object-Oriented Programming 00:01:07
      11. Classes and Objects 00:02:29
      12. Functions and Messages 00:01:45
      13. Object-Oriented Programming Characteristic 00:01:12
      14. Polymorphism 00:02:29
      15. Module Characteristics 00:00:56
      16. Low Cohesion 00:01:06
      17. Coupling 00:00:48
      18. Agenda 2 00:01:21
      19. Distributed Computing 00:00:56
      20. Distributed Computing — ORBs 00:00:50
      21. Common Object Request Broker Architecture 00:00:41
      22. COM Architecture 00:01:38
      23. Enterprise Java Beans 00:00:51
      24. J2EE Platform Example 00:01:32
      25. Linking Through COM 00:02:03
      26. Mobile Code with Active Content 00:03:14
      27. Java and Applets 00:02:59
      28. Database Systems 00:01:37
      29. Database Model 00:03:23
      30. Object-Oriented Database 00:01:00
      31. Benefits of OO Database Model 00:01:41
      32. Database Models — Relational Components 00:04:46
      33. Database Integrity 00:01:24
      34. Different Modeling Approaches 00:01:16
      35. Database Access Methods 00:06:18
      36. Database Connectivity 00:01:57
      37. Database Security Mechanisms 00:02:12
      38. Rollback Control 00:01:11
      39. Checkpoint Control 00:00:46
      40. Checkpoint Protection 00:01:12
      41. Lock Controls 00:00:48
      42. Deadlock Example 00:01:34
      43. Two-Phase Commit 00:00:42
      44. Lock Controls Help to Provide ACID 00:03:03
      45. Inference Attack 00:01:09
      46. Database View Control 00:00:56
      47. Common Components 00:00:41
      48. Data Warehousing 00:03:08
      49. Using a Data Warehouse 00:01:21
      50. Metadata 00:00:11
      51. Database Component 00:01:30
      52. Data Mart 00:02:23
      53. Potential Malicious Traffic Tunneling Through Port 80 00:01:46
      54. OLTP 00:02:44
      55. Knowledge Management 00:00:43
      56. Knowledge Components 00:00:43
      57. HR Example 00:00:57
      58. Knowledge Discovery In Databases 00:01:30
      59. Expert Systems 00:04:15
      60. Software Development Models 00:03:49
      61. Project Development — Phases I through V 00:01:01
      62. Project Development — Phases VI and VII 00:01:06
      63. Testing Types 00:01:58
      64. Data Contamination Controls 00:01:02
      65. Best Practices for Testing 00:01:18
      66. Test for Specific Threats 00:01:31
      67. Verification versus Validation 00:01:01
      68. Evaluating the Resulting Product 00:01:09
      69. Controlling How Changes Take Place 00:02:58
      70. Administrative Controls 00:02:38
      71. Common Information Flow 00:02:42
      72. Tier Approach and Communication Components 00:01:00
      73. Tiered Network Architectures 00:00:58
      74. Sensitive Data Availability 00:05:09
      75. Cookies 00:04:24
      76. Find Out Where You Have Been 00:00:57
      77. Pulling Data 00:01:46
      78. Provide the Hackers with Tools 00:02:09
      79. Common Web Server Flaws 00:01:08
      80. Improper Data Validation 00:01:59
      81. Uniform Resource Locator (URL) 00:02:00
      82. Directory Traversal 00:01:04
      83. Buffer Overflow 00:00:57
      84. Cross-Site Scripting Attack 00:01:51
      85. Common SQL Injection Attack 00:01:30
      86. Attacking Mis-configurations 00:01:12
      87. CGI Information 00:03:19
      88. Authentication 00:00:52
      89. Protecting Traffic 00:06:40
      90. Rolling ‘em Out 00:04:30
      91. Virus 00:04:46
      92. More Malware 00:01:48
      93. Trojans 00:02:39
      94. A Back Orifice Attack! 00:00:59
      95. NetBus and Hoaxes 00:01:35
      96. Malware Protection Types 00:01:02
      97. Signature Scanning 00:00:58
      98. Monitoring Activities 00:00:56
      99. Monitoring for Changes 00:01:21
      100. More Bad Stuff 00:02:01
      101. Disclosing Data In an Unauthorized Manner 00:01:32
      102. Covert Timing Channel 00:01:03
      103. Circumventing Access Controls 00:01:17
      104. Attacks 00:01:29
      105. Attack Type — Race Condition 00:05:43
      106. How a Buffer Overflow Works 00:01:39
      107. Watching Network Traffic 00:01:23
      108. Traffic Analysis 00:01:07
      109. Functionally Two Different Types of Rootkits 00:01:19
      110. Examples of Trojaned Files 00:00:48
      111. Domain 9 Review 00:03:56
      112. More Bad Stuff 00:02:01
      113. Disclosing Data In an Unauthorized Manner 00:01:32
      114. Covert Timing Channel 00:01:03
      115. Circumventing Access Controls 00:01:17
      116. Attacks 00:01:29
      117. Attack Type — Race Condition 00:05:43
      118. How a Buffer Overflow Works 00:01:39
      119. Watching Network Traffic 00:01:23
      120. Traffic Analysis 00:01:07
      121. Functionally Two Different Types of Rootkits 00:01:19
      122. Examples of Trojaned Files 00:00:48
      123. Domain 9 Review 00:03:56
    11. Domain 10 — Operations Security
      1. Operations Security 00:02:02
      2. Computer Operations 00:04:19
      3. Problem Management Procedures for Processing Problems 00:01:11
      4. Higher Level Look 00:00:36
      5. Administrative Controls Personnel Controls 00:05:50
      6. Resource Protection 00:02:03
      7. Media Labels and Controls 00:01:19
      8. Software Escrow 00:01:22
      9. Media Reuse 00:05:33
      10. Why Not Just Delete the Files? 00:02:57
      11. Backups 00:01:42
      12. Backup Types 00:01:08
      13. Incremental Backup 00:01:15
      14. Incremental 00:02:35
      15. Differential Backup 00:03:19
      16. Mean Time Between Failure 00:01:37
      17. Mean Time to Repair 00:01:30
      18. Redundant and Fault Tolerance 00:02:32
      19. Mirroring Data 00:00:59
      20. Direct Access Storage Device 00:07:27
      21. Serial Advanced Technology Architecture 00:00:50
      22. SAN 00:01:13
      23. Fault Tolerance 00:02:05
      24. Redundancy Mechanism 00:01:40
      25. Some Threats to Computer Operations 00:00:51
      26. Trusted Recovery of Software 00:01:10
      27. After System Crash 00:00:51
      28. Security Concerns 00:01:32
      29. Contingency Planning 00:01:23
      30. Remote Access Security 00:09:23
      31. Before Carrying Out Vulnerability Testing 00:00:58
      32. Testing for Vulnerabilities 00:01:20
      33. Security Testing Issues 00:02:07
      34. Vulnerability Scanning 00:01:42
      35. Data Leakage — Keystroke Logging 00:00:58
      36. Password Cracking 00:02:10
      37. War Dialing 00:02:16
      38. War Driving 00:03:26
      39. Penetration Testing 00:10:05
      40. Post-Testing and Assessment Steps 00:02:14
      41. Penetration Testing Variations 00:00:55
      42. Types of Testing 00:01:17
      43. Protection Mechanism — Honeypot 00:01:49
      44. Log Reviews 00:01:00
      45. Domain 10 Review 00:07:06
      46. Course Closure 00:24:37