Explain the DoD Information Assurance (IA) Model ("Pillars of IA")".
Describe cyber attacks in terms of compromise to the pillars of IA.
Define terms such as bit, byte, ASCII, hex.
Convert between binary and decimal number representations.
Use tools to determine a file's type by examining its digital content.
Explain what is meant by the terms "file type", "file format", "file header",
and "filename extension", and explain how a filename extension is used and abused.
Describe a computer as a device that manipulates digital data through input, processing,
Name the major physical components of a computer, describe their function,
remove them from and reassemble them into a working computer.
Explain program launch and the CPU fetch-decode-execute cycle.
Define the purpose of an Operating System (OS) and these core services it provides:
access control; and filesystem, process, and user account management.
Describe how the shell is the OS interface for both users and programs, and contrast
it with the GUI and API interfaces.
Explain the concept of absolute and relative filesystem pathnames.
Issue shell commands on local and remote systems to accomplish common filesystem tasks.
Describe the distinction between a program and a process.
Explain the role of the OS with respect to security as relates to user accounts, logins,
and file/process ownership and access permissions.
Explain the significance of an Administrator ("root") account.
Perform basic OS and network related tasks in both Windows and UNIX.
Explain the concepts of data types, expressions and variables, and correctly use
them to modify the behavior of simple programs.
Given a simple code example involving branching and loops, explain how the code inputs,
processes, and outputs data.
Discuss the implications on program execution of unexpected data input by a user.
Describe the World-Wide-Web ("web") as a client-server system involving the HTTP protocol.
Explain the components of a URL.
Given a simple HTML file, describe how it will be rendered by a browser.
Create an HTML file that uses relative and absolute paths, and make it viewable
on a webserver.
Describe client-server interaction for a static web page, and the processing done by the browser
on the data it receives.
Describe client-server interaction for a dynamic web page that involves user input to a form and
Discuss tradeoffs between client-side and server-side scripts, and explain why client-side
input validation is weaker than server-side.
Explain how an email containing HTML with embedded scripts is a risk to security.
Explain how cookies are used by both the web browser and the webserver.
Explain how reflection, injection attack, and cross-site scripting work and why they may fail.
Analyze scenarios involving the web in terms of services, risk, security and forensics.
Relate to other network services an understanding of the web as a client-server based network service.
Explain the basic functioning of the Internet in terms of hosts, packets, routers and IP addresses.
List the layers in the protocol stack of the TCP/IP Model. Describe each layer in terms of
its function and the hardware devices used. Contrast TCP and UDP transport.
For each of the following protocols: describe its purpose, state the protocol stack layer
it uses, and identify commands or tools that use the protocol: HTTP(S), DNS, DHCP, SSH, RDP, SMB,
SSL/TLS, TCP, UDP, ICMP, ARP. Relate ports, services, and protocols.
Describe the Domain Name System (DNS) and security issues with name resolution.
Describe each of the following: IP Address, subnet mask, network address, broadcast address,
private address, MAC address, BSSID, ESSID.
Appropriately use these commands and tools and explain their output: ipconfig/ifconfig,
netstat, arp, ping, traceroute, nmap, nslookup, netcat. Interpret their output to deduce information
about network hosts, topology and services, and to construct a physical wired network and an
encrypted wireless network, both connected to a simple internet.
Describe the purpose of encryption on a wireless network, and compare WEP, WPA, WPA2.
Design an access control list (ACL) for an idealized router to achieve a desired offering of services.
Relate use of a firewall to the pillars of IA.
Describe a firewall's role in implementing decisions concerning tradeoffs between service and security.
Describe and contrast symmetric encryption, asymmetric encryption and hashing and explain
their roles in protecting the Pillars of IA.
Describe and contrast key management for symmetric and asymmetric encryption.
Explain and actually use representative symmetric encryption and hashing techniques that
are done "by hand" (e.g., Vigenere Cipher, Rubik's Hash).
Identify the user's vs. the technology's responsibilities in situations where cryptography is used
Describe common tools such as AES and MD5, relate their use to Information Assurance,
and demonstrate their use.
Discuss authentication by password, password attacks, hashing, salt, and password strength.
Discuss two-factor authentication.
Explain the workings of attacks such as frequency analysis, chosen plaintext, and man-in-the-middle.
Describe the purpose of Public Key Infrastructure (PKI) and how it works; relate PKI to
Obtain an X.509 Certificate from a Certificate Authority. Explain the guarantee that comes
with a valid certificate, describe reasons a certificate may be invalid, and how user actions
with respect to certificates can affect security.
For a given activity, state the forensic evidence it leaves behind and where it can be found.
Describe and use MD5 in digital forensics.
Perform file carving, browser and email forensics; analyze forensic evidence to trace activity.
Classify various types of malware.
Describe malware as an attack vector that in most cases depends on both a vulnerability
and a user action; define "zero day".
Describe the phases of a cyber attack, relating them to the pillars of IA.
Conduct network reconnaissance.
Give examples of defense-in-depth.
Define and give examples of CNA. Conduct CNA, including actions that move through
Define, give examples of, and conduct CND.
Use knowledge of the Cyber Battlefield, Models and Tools, and Cyber Operations to
analyze case studies to identify technical and human security failures.