I'm trying to create a study guide to build up my IT security knowledge - intially my plan is to build up IT security for a Windows domain (I reckon its one of the bigger targets).
The thing that I am finding with the IT Security field is its vast!
The idea is to develop some basic skills first that will be applicable as a foundation for future training. To give you an idea this is the initial study plan I have developed.
The premise is to develop a basic defensive understanding first, then understand attacks and using this knowledge build a more comprehensive defensive understanding.
Any suggestions or feedback very welcomed....
Server & Workstation security
1. Windows scripting (wscript and basic vbscript) - Allows you to write scripts to interogate machines for info, run scripted installs or patching etc
2. Patch Management - OS, applications
3. AV - Not sure how much knowledge is required here apart form how to configure and manage the AV products... any suggestions?
4. OS hardening (Server and Client) - Patch, disable unneeded sevices, port blocking and filtering (IPsec perhaps), security templates enforced by AD or scripts.
5. Building a secure Win OS - Integrated patches with core OS, security settings enabled
6. LAN Password cracking - LOpht, PWDUMP, kerbsniff/kerbcrack
Network Security
1. VLAN
2.. Router connection and filters - ACL, limit remote ocnnection, DOS protection
3. Cisco - Network Access Control
4. Firewall - PIX, ISA, checkpoint, squid
5. IDS/IPS -snort, ethereal
6. Penetration testing - Nmap, netcat
