Cisco Certified Support Technician Cyber Security (CCST) Course

Essential Security Principles

1.1 Define Essential Security Principles

• Vulnerabilities, Threats, Exploits, and Risks: Definitions and differences
• Vulnerability: A gap or weakness in a system
• Threat: Something that can damage your asset
• Risk: Probability and impact of a threat exploiting a vulnerability
• Exploit: A program created to take advantage of a vulnerability
• Attack Vectors: The different points where attackers could get into a system
• Examples of Attack Vectors: Ransomware, compromised passwords, misconfigurations, DDoS, poor security solutions
• Hardening: Increasing system resistance to hacking by reconfiguration
• Defense in Depth: Designing IT security with multiple independent layers
• CIA Triad: Confidentiality, Integrity, Availability
• Types of Attackers: White hat, Black hat, Gray hat, Script kiddies, hacktivists, organized crime, state-sponsored, insiders
• Reasons for Attacks: Financial gain, political motives, revenge, challenge, espionage
• Code of Ethics: Integrity, confidentiality, legality, respect, competence

1.2 Explain Common Threats and Vulnerabilities

• Malware Types: Adware, spyware, viruses, worms, Trojans, ransomware
• DoS Attacks: Overwhelming a web property with traffic
• Botnets: Group of computers controlled by a malicious actor
• Social Engineering Attacks: Tailgating, spear phishing, phishing, vishing, smishing
• Physical Attacks: Security breaches that impact operations
• Man-in-the-Middle: Intercepting data between user and system
• IoT Vulnerabilities: Entry points to other devices on networks
• Insider Threats: From within the organization
• Advanced Persistent Threat (APT): Prolonged, targeted cyberattack

1.3 Explain Access Management Principles

• AAA (Authentication, Authorization, and Accounting)
• Radius: Networking protocol that authorizes and authenticates users
• Multifactor Authentication (MFA): Something you know, are, have
• Password Policies: Requirements for passwords

1.4 Explain Encryption Methods and Applications

• Types of Encryption: Hashing, certificates, PKI
• Strong vs Weak Encryption: Based on industry standards
• States of Data: In transit, at rest, in use
• Protocols that Use Encryption: Triple DES, AES, RSA, Blowfish, Twofish

Basic Network Security Concepts

2.1 Describe TCP/IP Protocol Vulnerabilities

• TCP: Vulnerable to SYN flooding, session hijacking
• UDP: Vulnerable to UDP flooding, amplification attacks
• ARP: ARP spoofing attacks
• ICMP/Ping: Used for bandwidth flooding attacks
• DHCP: Starvation and flood attacks
• DNS: Spoofing and flood attacks

2.2 Explain Network Address Impact on Security

• IPv4 vs IPv6: Address spoofing in IPv4 vs. security in IPv6
• MAC Addresses: Identification and spoofing prevention
• Network Segmentation: Enhancing security
• CIDR Notation: Address allocation and traffic filtering
• NAT: Privacy by hiding device IP addresses
• Public vs Private Networks

2.3 Describe Network Infrastructure and Technologies

• Network Security Architecture: Elements of network and security
• Virtualization: Virtual representations of servers and networks
• Cloud: On-demand availability of computing resources
• Honeypot: Decoy systems to lure attackers
• Proxy Server: Gateway between users and the internet
• IDS/IPS: Intrusion Detection/Prevention Systems
• Wireless 802.11 Protocols

2.4 Set Up a Secure Wireless SOHO Network

• MAC Address Filtering, Encryption Standards: AES, Triple DES, RSA, Blowfish
• SSID: Service Set Identifier for Wi-Fi

2.5 Implement Secure Access Technologies

• ACLs: File system and networking ACLs
• Firewalls, VPN, NAC

Endpoint Security Concepts

3.1 Describe Operating System Security Concepts

• Windows, macOS, Linux Security Features: Windows Defender, host-based firewalls
• CLI and PowerShell
• File and Directory Permissions
• Privilege Escalation

3.2 Demonstrate Familiarity with Endpoint Tools

• Netstat, nslookup, TCPdump: Tools for network assessment

3.3 Verify Endpoint Systems Meet Security Standards

• Hardware Inventory, Software Inventory: Asset management
• Program Deployment, Data Backups, Regulatory Compliance: PCI DSS, HIPAA, GDPR

3.4 Implement Software and Hardware Updates

• Windows Update, Application Updates, Device Drivers, Firmware

3.5 Interpret System Logs

• Event Viewer, Audit Logs, System/Application Logs
• Syslog, Identification of Anomalies

3.6 Demonstrate Familiarity with Malware Removal

• Scanning Systems, Reviewing Scan Logs, Malware Remediation

Vulnerability Assessment and Risk Management

4.1 Explain Vulnerability Management

• Identification, Management, Mitigation
• Passive vs Active Reconnaissance: Scanning and testing
• Port Scanning, Automation

4.2 Use Threat Intelligence Techniques

• Vulnerability Databases, Industry Standard Tools: CVS, cybersecurity reports
• Ad Hoc and Automated Threat Intelligence

4.3 Explain Risk Management

• Vulnerability vs Risk, Risk Ranking
• Risk Mitigation Strategies, Levels of Risk: Low, medium, high, extremely high
• Risk Management Approaches: Risk avoidance, acceptance, transfer, mitigation

4.4 Disaster Recovery and Business Continuity Planning

• Plan Components, Recovery Processes
• Regular Backups

Incident Handling

5.1 Monitor Security Events and Escalation Requirements

• Role of SIEM and SOAR
• Network Data Monitoring, Packet Captures, Log Analysis

5.2 Explain Digital Forensics and Attack Attribution

• Cyber Kill Chain, MITRE ATT&CK Matrix, Diamond Model
• TTP (Tactics, Techniques, Procedures)
• Sources and Handling of Evidence, Chain of Custody

5.3 Explain Impact of Compliance Frameworks

• GDPR, HIPAA, PCI DSS, FISMA
• Reporting and Notification Requirements

5.4 Describe Elements of Cybersecurity Incident Response

• Policy, Plan, Procedure Elements
• NIST Special Publication 800-61
• Incident Response Lifecycle: Preparation, Detection, Analysis, Containment, Eradication, Recovery