Day 1: Let’s Jump In the Deep End!

Day 1 Assignment
  1. Cybersecurity Resources
    1. https://www.cisa.gov/resources-tools/resources/secure-our-world-resources
    2. https://www.cisa.gov/topics/cybersecurity-best-practices
    3. https://www.cisa.gov/secure-our-world/secure-your-business
    4. https://www.cisa.gov/secure-our-world/secure-your-products
  2. What are we protecting?
    1. PII
    2. IP
    3. Business Continuity
    4. Jobs/Employment
    5. Health and Safety
    6. Property and $
  3. There’s not a “Miracle Pill” for Cybersecurity
    1. Environments are not the same
    2. Products are not the same
    3. People’s skills and abilities are not the same
    4. OSI Model - Layered Approach
      1. Physical
      2. Datalink
      3. Network
      4. Transport
      5. Session
      6. Presentation
      7. Application
  4. Offense vs. Defense
    1. This is not a pen testing course - Offense
    2. This is a protection course - Defense
    3. We must understand the objectives of the Offense
      1. What do you have that’s valuable?
      2. Where do you keep your valuables?
      3. Who has access to your valuables?
      4. How do you keep track of your valuables?
  5. Practical Application
    1. 5 Days - 4 Scenarios - What can we do?
    2. Day 1: Setup
    3. Day 2–5: Scenarios
      1. Small Business Online Shop - Home Operation
      2. SMB Parts Distributor - Small Warehouse
      3. Charter School - Grades K–8 (400 students)
      4. Large MultiNational Organization
    4. What tools/skills do we need?
      1. Hardware
      2. Software
      3. Windows
      4. Linux
      5. Web Servers
      6. Email
      7. Networking
      8. Databases
      9. Proxy
      10. LDAP/AD
      11. DHCP
      12. DNS
      13. Remote Access
      14. VPN
      15. Ports
      16. Physical Security
      17. Business Processes
      18. Legal Requirements
  6. Technical Application
    1. Remote Access
      1. Windows (RDP)
      2. Linux (SSH)
    2. Web Servers
      1. IIS
      2. Apache2
      3. Nginx
    3. Standard Ports
      1. 80
      2. 443
      3. 22
      4. 25
      5. 3389
      6. 3306
      7. 21
    4. SSL Certificates (Let’s Encrypt)
    5. DNS (Zones, A Records, Internal vs External)
  7. Environment Setup
    1. VM Instance - Debian
    2. Install Apache2
    3. Introduction to NAT
    4. Setup Server Certificates
    5. Hello World Web Page