SEC Course Information - Objectives
There are 9 exams covering these topics and objectives, a final exam and a hands-on performance final. Upon completion of these modules, students will be able to perform tasks related to:
- Secure E-Commerce Concepts & Practices: In this topic, the core concepts that comprise secure e-commerce are explored. The most common practices used today are examined.
- Define E-Commerce and identify the key components.
- Examine the history of E-Commerce and how E-commerce integrates into the economy.
- Examine the common methods used in E-Commerce.
- Explore the security risks associated with E-Commerce.
- Examine how E-Commerce is included in security policies.
- Explore current and future trends in E-Commerce practices.
- Trusted Network Implementation: In this topic, you will examine and identify the transition towards the implementation of trusted networks, including their requirements and critical components.
- Examine reasons for migrating networks from defense to trust.
- Analyze the requirements of a trusted network.
- Define the fundamentals of cryptography.
- Define the role of strong authentication.
- Define the role of a public key infrastructure.
- Planning a Trusted Network: In this topic, you will be introduced to the concepts and documents required in planning a trusted network. You will examine trusted network architectures, certificate paths, certificate policies, certification practice statements, and the certificate policy framework.
- Examine the components required for a trusted network implementation.
- Analyze certificate paths.
- Analyze trusted network planning documents.
- Examine the certificate practices framework.
- Microsoft Trusted Networks: In this topic, you will examine the requirements for Certificate Authorities (CA) in general and the various models of CAs that are implemented in practice. You will study the key elements that have to be in place in order for a Certificate Authority to have any meaning for the organization it is designed to serve.
- Examine the requirements surrounding the implementation of a CA.
- Examine the critical function that trust plays between CAs in a network built on trust.
- Examine the types of certificates in a trusted network.
- Implement a standalone Microsoft Certificate Authorities hierarchy.
- Implement a Microsoft Enterprise Root CA.
- Linux Certificate Authorities: In this topic, you will examine the basics of certificate authorities on Linux.
- Examine the requirements for implementing Certificate Authorities on a Linux platform.
- Examine multiple CA options on Linux.
- Prepare a Linux server for a CA implementation.
- Examine the fundamentals of LDAP.
- Install and configure a Linux CA package.
- Managing Certificates: In this topic, you will examine issues related to the management of certificates. Depending upon the size of the organization and depending upon whether the CA is hosted internally or not, certificate issuance policies may vary.
- Examine the management of certificates base on end entity needs.
- Create certificate requests and use a CA to generate the certificates for computers and users.
- Issue multiple types of digital certificates.
- Assign the issued certificate to the entity that requested it.
- Implement certificates on smart cards.
- Local Resource Security: In this topic, you will examine multiple systems and technologies available to secure data stored locally on your computer.
- Examine how Windows operating systems function.
- Configure Windows Encrypted File System (EFS).
- Configure a system to prevent users from using EFS.
- Implement EFS to protect files.
- Implement data security using biometrics.
- Secure Email: In this topic, you will examine the current vulnerabilities of email and the reasons that plaintext is a serious security risk for any enterprise.
- Examine the benefits and challenges of secure email.
- Implement PGP (Pretty Good Privacy) to secure email.
- Implement S/MIME to secure email.
- Explore other options to secure email.
- Building Trusted Networks (Lab Only): In this topic, you will take the different pieces that you have worked with through the course and tie them together in a simulated environment.
- Implement a multi-platform CA structure.
- Configure the CA hierarchy.
- Configure the Linux CA.
- Implement trusting CAs.
- Implement multi-platform secure email.
- Revoke certificates and verify revocation.