15 0 9 MB
Certified Secure Computer User Instructor Guide
Simplifying Security.
1
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Content Flow
Training Schedule
Lab Setup Requirement
2
How to Teach CSCU
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Training Information Title of the Course: CSCU
Version: 1
Training Duration: 2 Days (14 Hours)
Training Timing: 9.00 AM to 5.00 PM Note: The CSCU is an entry level certification.
3
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Training Session: Day 1 Start
End
Module
9:00
9:15
Student Introduction
9:15
10:00
Module 01: Foundations of Security
10:00
11:00
Module 02: Securing Operating Systems
11:00
11:15
Break
11:15
12:30
Module 03: Protecting Systems Using Antiviruses
12:30
1:30
Lunch Break
1:30
2:45
Module 04: Data Encryption
2:45
3:00
Break
3:00
4:00
Module 05: Data Backup and Disaster Recovery
4:00
5:00
Module 06: Internet Security
4
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Training Session: Day 2 Start
End
Module
9:00
10:00
Module 07: Securing Network Connections
10:00
11:00
Module 08: Securing Online Transactions
11:00
11:15
Break
11:15
12:30
Module 09: Securing Email Communications
12:30
1:30
Lunch Break
1:30
2:45
Module 10: Social Engineering and Identity Theft
2:45
3:00
Module 11: Security on Social Networking Sites
3:00
3:15
Break
3:15
3.45
Module 12: Information Security and Legal Compliance
3.45
4.45
Module 13: Securing Mobile Devices
4.45
6.00
Optional: CSCU Exam
5
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Instructors may Adjust Class Timings as per Requirement
6
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Content Flow
Training Schedule
Lab Setup Requirement
7
How to Teach CSCU
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Minimum System Requirements
Pentium‐based PC with 20 GB free disk space 1 GB RAM (4 GB preferred) 1 NIC (disable or unplug extras) 15‐inch monitor and cards to drive at 1024 x 768 (or at monitor’s native resolution) and configured at 16 million colors Compatible keyboard and mouse
8
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Basic Lab Setup Requirements 1
Windows 7 (Ultimate or Enterprise Edition) with full patches and hot fixes applied
2
Microsoft .NET Framework 3.5 SP1 or higher version
3
Adobe Acrobat Reader 10 or later version
4
WinRAR 4 or later version
5
Web Browsers: Internet Explorer , Firefox, Chrome, Safari and Opera
6
Word, Excel, and PowerPoint Viewers or Microsoft office 2010
Note: all the lab pre‐requisite tools except for the Operating System and Microsoft Office, are available in CSCU Labs DVD‐ROM 9
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Content Flow
Training Schedule
Lab Setup Requirement
10
How to Teach CSCU
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Student Introduction
11
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Student Introduction Welcome the students to the course and introduce yourself
Provide a brief overview of your background to establish credibility
Ask students to introduce themselves and provide their background, security related experience, and expectations from the course Ask the students if they have knowledge on basic computer networking and Internet browsing experience Write your name on the whiteboard corner and do not erase this for the duration of the class so that the students will know your name
Tell students everything that they will need for the CSCU course
12
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Student Introduction Describe the contents of the CSCU courseware and the contents of the CSCU Labs DVD‐ROM
Tell the students about the modules that will be covered in the class and also explain them on the CSCU exam and the process of taking it
You can give information to the students on when the exam will be conducted, the cost of the exam, the total number of questions, the passing score, etc.
Consult with the training center regarding the exam delivery, they might have a prepaid exam voucher
13
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 01 Foundations of Security
14
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 01? The module gives an introduction of basic security concepts such as what is security and why it is necessary
Explains the different potential Losses that may occur due to Security Attacks
Briefs various elements of information security and security challenges
Discusses various layers of security
15
Discusses various essential terminologies involved in computer security
Provides a basic Computer Security Checklist to protect home PC from security threats
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? Discuss various Security Incident occurred in the recent past
Explain why computer security is important
Discuss the different Elements of Security
Discuss various Security Risks to Home Users
Discuss how a home PC becomes vulnerable Explain how a home PC can secured or safe guarded from threats?
Discuss the benefits of computer security awareness
16
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercise 1. Compile a list of major security incidents in past 2‐ 4 years
2. List the various potential losses due to security attacks
3. Discuss various ways to increase computer security awareness 4. Create an inventory of all hardware and software at your home or organization that need to be secured 5. Read the whitepapers available in CSCU Module 01 Foundations of Security folder in CSCU Labs DVD‐ROM
17
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 02 Securing Operating Systems
18
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 02? Details various threats to System Security
Provides an assessment of various Windows Security Tools
Briefs Password Cracking
Discusses the different guidelines for securing Mac OSX
Provides guidelines for Windows Operating System security
Lists various Operating Systems security checklist
Discusses the different malware propagation techniques
19
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? Explain various system security threats and issues
Discuss various malware propagation techniques
Explain password cracking
Discuss the Guidelines for Securing Mac OS X
Explain the Windows Encrypting File System (EFS)
Discuss and demonstrate various measures for Windows OS Security
20
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercise Explore the options in the control panel and try to change the Windows User Password
Perform the steps to lockout unwanted users and set the invalid login attempts to 5
Determine the steps to configure Windows Firewall and create New Windows Firewall Rule in Windows 7
Perform the steps to control Local Accounts with Parental Controls
21
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 03 Protecting Systems Using Antiviruses
22
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 03? Lists the most dangerous computer viruses of all time
Discusses the need of antivirus software
The module provides a brief introduction of major antivirus applications
Briefs the working of antivirus applications Discusses the guidelines to select the best antivirus software
Describes how to install and configure antivirus applications
23
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? Discuss antivirus software and its working
Brief about the various available Antivirus Software
Discuss various steps to install antivirus on a personal computer
Explain how to test whether the antivirus is working or not
Assess the features to look out before choosing the an antivirus
Explain how to install and configure McAfee antivirus
Illustrate the steps required in configuring Kaspersky PURE
Discuss the antivirus security checklist
24
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercise 2
1 Search for a malicious program and test it against the antivirus program
Configure McAfee antivirus and scan your PC for any virus or malware programs
Configure Kaspersky PURE antivirus on your system and perform Backup and Restore and set the Parental Control
Search for the latest viruses, worms, Trojans, and other malware on the Internet (visit http://www.securelist.com
4
3 25
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 04 Data Encryption
26
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 04? This module gives an
Discusses Digital certificates
introduction of data
and its working
encryption concepts
Explains Digital Signatures
Defines what is encryption
Describes the working of
and its objectives
Digital Signature
Lists the types of Encryption
27
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? 1
Explain the basic encryption concepts
2
Describe the usage of encryption
3
Discuss the different types of encryption
4
Differentiate between Symmetric and Asymmetric Encryption
5
Explain the concept of digital certificates and how they work
6
Discuss the use of digital signatures to secure communication
7
Explain how digital signature works
28
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercises Compile a list of various usage of encryption
Research and compile a list of major digital certificate vendors
Run the Cryptography Tool TrueCrypt and create an encrypted partition
Run cryptography tool Folder Lock to password protecting files and folders
Visit http://www.garykessler.net/library/crypto.html and learn more about encryption techniques
29
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 05 Data Backup and Disaster Recovery
30
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 05? Describes the different types of data losses and the importance of data backup Explains what files need to be backed up and how often Lists various online backup service providers Discusses how to secure backup on storage devices with encryption Presents various data backup and data recovery tools for Windows and Mac OS X Explains physical security measures Provides a data backup and physical security checklist
31
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? Explain the need of data backup
Discuss the use of encryption for protecting backup data
Discuss various factors that determine a data backup plan such as what files and how often to backup
Explain MAC OS X backup and restore procedures using TimeMachine
Explain the importance of online data backup
Describe how to use data backup tools on Windows and Mac OS X OSs
Provide a list of online backup service providers
Provide a list of data recovery tools for Windows and Mac OS X OSs
Discuss the different types of backups
Explain the need of physical security
Explain Windows 7 backup and restore procedures
Discuss various physical security measures such as locks, biometrics, and fire prevention
32
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercise Perform data backup using Windows backup Set Up Time Machine to backup data in Mac OSX Try an online backup service Use the tool Acronis True Image Home 2011 and perform data backup Use TrueCrypt tool to encrypt backup data Use Recover My Files tool to recover a deleted file
33
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 06 Internet Security
34
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 06? 1
Introduces students to Internet security issues
2
Explains various security settings in Internet Explorer
3
Discusses various security settings in Mozilla Firefox
4
Discusses Google Chrome and Apple Safari privacy and security settings
5
Discusses various online gaming risks and their countermeasures
35
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? 1
Explain how to harden Internet Explorer security settings by exploring all the options
2
Illustrate various Mozilla Firefox security settings including privacy settings, secure downloads, and how to install Plugins
3
Discuss different Google Chrome and Apple Safari privacy and security settings
4
Discuss various search engine and instant messaging security issues and the measures to be taken to safeguard users
5
Describe the different threats of online games and discuss security practices to stay safe while gaming
6
Discuss various child online safety issues and countermeasures
7
Discuss various measures to protect children from online threats and how to report an online crime against a child
36
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercise 1
Set the security level zone to High in the Internet Explorer to ensure higher security
2
Configure the download settings for Mozilla Firefox and install the missing plugins
3
Visit various sites for online crime reporting and explore the steps to report a cyber crime
37
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 07 Securing Network Connections
38
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 07? Discusses the steps for setting up a home network
Explains what is a wireless network and lists the steps required to setup wireless network in Windows 7 and Mac OSX
Describes various network security threats and the different measures to secure network connections
Explains various techniques for securely using the network in Windows 7 and MAC OS X environment
Provides a network security checklist
39
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? Discuss home and wireless networking basics
Illustrate various techniques for securely using the network in Windows 7 and MAC OS X environment
Describe general steps to set up a home network
Describe various network security threats
Explain the process of setting up a wireless network in Windows 7 and Mac environment
Illustrate the different measures to secure network connections
Discuss various wireless network security threats
Explain how to identify a secure website
Discuss guidelines to secure wireless network
Discuss general security practices for home networking Discuss basic networking problems and how to troubleshoot these problems
40
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercise Setup a small home network and share files and printers
Identify a secure website
Identify the network adapter status
41
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 08 Securing Online Transactions
42
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 08? Discusses about online shopping and how it works?
Discusses how online transactions can be secured
Explains online banking and its advantages and disadvantages
Assess the security measures to identify a secure or a vulnerable website
Explains credit card payments and the frauds associated with it
43
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? 1
Explain the basic working of an online shopping system
2
Discuss security issues in online banking
3
Discuss credit card payments and describes the different types of credit card frauds
4
Explain various measures for securing online transactions
5
Discuss the different techniques to identify secure online shopping sites such as taking care of SSL and the padlock symbol
6
Describe how to identify an untrustworthy website
44
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercises Identifying a trustworthy website and list its security features
Compile a list of secure online payment service
Check the expiration date of a SSL certificate
45
Visit the websites of various online payment services providers and compare their security features
Install McAfee’s SiteAdvisor and perform secure search
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 09 Securing Email Communications
46
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 09? •
Discusses how various email systems work?
Briefs email security control layers and security procedures
•
Describes email security and the threats associated to it
Discusses how to create strong passwords
•
Explains spamming and its countermeasures
•
Discusses hoax/chain and scam emails
Explains how to digitally sign your email and how to obtain digital certificates
47
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Explain the working of email systems
Discuss the various email security threats
Explain the threats of malicious email attachments
How to Teach this Module?
Discuss spamming and its countermeasures
Discuss email security procedures
Explain how to obtain digital certificates and digitally sign emails
Discuss email communication checklist
48
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercises Create a new email id with strong passwords that are difficult to crack
Try to send private email messages using the online email encryption service: Lockbin
Check for last account activity in your email account
Obtain a digital signature from http://www.comodo.com and digitally sign your email
Configure MS Outlook to turn off Preview Feature
49
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 10 Social Engineering and Identity Theft
50
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 10? This module discusses personal information that can be stolen
Introduces identity theft and social engineering
Explains the methods that attackers use to steal identity
This module discusses various forms of social engineering
51
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Explain social engineering and discuss its forms
Discuss the common targets of social engineering attack
Explain what attackers can do with stolen identity
How to Teach this Module?
Describe what is identity theft and how to steal identity?
Demonstrate identity theft and social engineering example
Discuss how to find if you are a victim of identity theft?
Discuss what to do if identity is stolen?
52
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercises Evaluate the most common ways attackers use to commit identity theft
Summarize what you will do If you become a victim of identity theft?
List and evaluate social engineering exploit techniques
53
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 11 Security on Social Networking Sites
54
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 11? 1
This module delves on Social Networking Sites and their evolution
2
Explains various security risks involved with social networking
3
Explains how to stay safe on Facebook and MySpace
4
Provides the social networking security checklist
55
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? Discuss social networking security checklist for parents and teachers
Provide an introduction of social networking sites
Explain what is a Profile?
Illustrate MySpace account settings
Illustrate Facebook privacy settings
Describe various social networking threats to minors
Discuss the different social networking security threats
56
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercises Create a profile in Facebook or MySpace or in any of the social networking sites
On your Facebook profile, block few friends
Check Settings for Friends Request and IM on MySpace
Try to block users by age on MySpace
57
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
CSCU Module 12 Information Security and Legal Compliance
58
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 12? This module explains HIPAA (Health Insurance Portability and Accountability Act)
Provides a HIPAA compliance checklist
Explains about FERPA (Family Educational Rights and Privacy Act)
Provides FERPA checklist
Explains PCI DSS (Payment Card Industry Data Security Standard )
Discusses PCI DSS requirements
59
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? Explain the students about HIPAA (Health Insurance Portability and Accountability Act) and its objectives
Discuss FERPA (Family Educational Rights and Privacy Act) and the rights given to students by FERPA
Explain the students about PCI DSS (Payment Card Industry Data Security Standard ) and its objectives
60
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercises Visit http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html and read more about HIPPA
Visit http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html and read more about HIPPA
Visit https://www.pcisecuritystandards.org/security_standards/ and read more about HIPPA
Read the whitepapers available in CSCU Module 12 Information Security and Legal Compliance folder in CSCU Labs DVD‐ROM
61
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Module 13 Securing Mobile Devices
62
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
What is Covered in Module 13? Introduces various mobile device security issues
Discusses the various security issues in iPhone, Blackberry, and Windows Phone 7 mobile
Discusses mobile device security threats and mobile application vulnerabilities
Discusses various threats to Bluetooth devices
Lists the various mobile phone anti‐ virus tools available
Explains mobile security procedure
63
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
How to Teach this Module? Explain how to secure mobile devices from various security risks?
Explain the security procedure in iPhone
Give a brief introduction on Mobile Security Procedures
Describe how to secure BlackBerry and Windows Mobile
Explain how to install mobile phone antivirus and scan the mobile
7.
Present various mobile security tools
Discuss the bluetooth and mobile phone security checklist
64
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Exercises Enable Auto‐Lock feature in your mobile
Enable Passcode Protection in your iPhone
Set the Blackberry device password
Perform the steps to lock your Blackberry device and set the invalid login attempts to 4.
Perform the steps to change the password of the Windows mobile
65
Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.