This course examines issues involved in protecting web-based applications from external threats while safeguarding customer privacy and accessibility. Students examine external threats to an organization’s systems and develop strategies that support systems and business goals.
- Given a web server of any type, discuss the attacks most likely to be encountered.
- Given an organization with a need for a security, be able to describe how firewalls work and the different types of firewalls.
- Given an organization with a need for a firewall, select the most appropriate firewall for that organization.
- Given an organization with a need for security, explain the need and purpose for an intrusion detection system.
- Be able to discuss data encryption, particularly SSL.
- Be able to discuss and evaluate the various methods of implementing virtual private networks.
- Given an organization with a need for security, discuss methods of defending against common attacks.
- Given an organization with a web server, discuss operating system hardening, with particular emphasis on hardening the web server.
- Given an organization with a web server, be able to discuss security policies, particularly as they relate to the web server.
- Given an organization with a web server, be able to assess and evaluate the security of the system and implement appropriate security models in setting up the web server.
- Implement specific methods for improving security on Microsoft IIS.
- Implement specific methods for improving security on the Apache Web Server.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.