Cyber Threats and Defenses

Duration: 1 Week

Summary:

This module describes some of the most prominent cyber attacks and cyber defenses. These are covered in brief video lectures that do a good job of providing the concept, but occasionally get more deeply technical. In this course, we do not expect you to understand the deeply technical aspects, but we do expect you to learn the vocabulary and the basic ideas behind the threats and defenses.

Learning Objectives

The objective of this module is to introduce several cyber threats and defenses against them. After doing the material in this module, you should be able to:

Describe some of the major categories of technical attacks (man-in-the-middle, denial of service, buffer overflow, zero day attack)
Identify common vulnerabilities in web applications (cross-site scripting, SQL injection)
Define social engineering
Identify common methods of social engineering: phishing attack, shoulder surfing, dumpster diving, wardriving
Define insider threat and provide an example of it
Define a rogue wireless access point
Identify common network defense technologies ( firewalls, ids, proxies)
Define penetration testing for cyber security
Define incident response for cyber security

Course Material

Cyber Attacks

Watch: Man-in-the-Middle and ARP Poisoning [08:06]
Watch: Denial of Service [07:08]
Watch: Spoofing [04:10]
Watch: Phishing [07:32]
Watch: Insider Threats [03:42]

Social Engineering

Watch: Shoulder Surfing [03:21]
Watch: Dumpster Diving [03:49]
Watch: Impersonation [03:42]

Wireless Attacks

Watch: Rogue Access Points and Evil Twins [05:19]
Watch: Wardriving and Warchalking [04:21]
Watch: Wireless Packet Analysis [07:09]

Application Attacks

Watch: Cross-site Scripting [12:35]
Watch: SQL Injection, XML Injection, and LDAP Injection [05:56]
Watch: Buffer Overflows [03:56]
Watch: Zero-day Attacks [05:59]
Watch: Malicious Add-ons and Attachments [06:22]

Network Defense

Watch: Firewalls [10:16]
Watch: Monitoring System Logs [06:35]
Watch: IDS [05:29]

Penetration Testing

Watch: Penetration Testing [10:01]

Incident Response

Watch: Order of Volatility [04:56]
Watch: System Images [03:28]
Watch: Network Traffic [02:47]

Videos for Practicum

Watch: Nessus [13:42]
(Note: This video uses a different version of Nessus so your practicum procedure will be different. This video's purpose is to show you how it works and what a Nessus scan shows you)
Watch: Cyber Intrusion Video [04:39]
(You will be asked questions about this video in the practicum)

Read: Cyber Threats and Defenses Chapter

Conceptual Questions

Practicum

Cyber Threats and Defenses Practicum