You've likely done everything you can to logically secure your systems. But how can you be sure that you’re fully protected from an attack? In this course, you'll learn how to conduct a Pen Test, a vital skill for IT security professionals to thoroughly assess system security for any organization. By the end of the course, you’ll have a solid understanding of new techniques and testing blueprints for Wi-Fi, networks, websites, email, VoIP, cloud-native services, mobile infrastructure, and the human firewall.

Ethical hackers use their knowledge for good: to test if an organization's network is vulnerable to outside attacks. But where do they start? With footprinting (aka reconnaissance), the process of gathering information about computers and the people to which they belong. In this course, Lisa Bock introduces the concepts, tools, and techniques behind footprinting: finding related websites, determining OS and location information, identifying users through social media and financial services, tracking email, and more. Footprinting relies on tools as simple as a web search and dumpster diving, and as complex as DNS interrogation and traceroute analysis. Lisa shows how to put these nefarious sounding tools to work for good, and mitigate any risks an organization has to these types of attacks.

Ethical hackers: Get an inside look into the tools the black hat hackers use to "sniff" network traffic, and discover how to countermeasure such attacks. Security ambassador Lisa Bock explains what a sniffer is, and how hackers use it to intercept network traffic. She reviews the seven-layer OSI model, active vs. passive attacks, and the different types of protocol attacks, including MAC and macof attacks, DNS caching and forgery, DHCP denial-of-service attacks, and ARP cache poisoning. Learn how ethical hackers have an arsenal of tools to emulate these attacks and techniques, from examining headers and URLs to capturing images. Lisa relies on Wireshark, a network protocol analyzer for Unix and Windows, but also introduces other sniffing tools, including TShark, tcpdump, and CloudShark.

Social engineering is a technique hackers use to manipulate end users and obtain information about an organization or computer systems. In order to protect their networks, IT security professionals need to understand social engineering, who is targeted, and how social engineering attacks are orchestrated.In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.

System hacking is the way hackers get access to individual computers on a network. Ethical hackers learn system hacking to detect, prevent, and counter these types of attacks. This course explains the main methods of system hacking—password cracking, privilege escalation, spyware installation, and keylogging—and the countermeasures IT security professionals can take to fight these attacks. Security expert Lisa Bock also covers steganography, spyware on a cell phone, and tactics for hiding files and tools.

After footprinting and reconnaissance, scanning is the second phase of information gathering that hackers use to size up a network. Scanning is where they dive deeper into the system to look for valuable data and services in a specific IP address range. Network scans are also a key tool in the arsenal of ethical hackers, who work to prevent attacks on an organization's infrastructure and data.This course investigates the scanning tools and techniques used to obtain information from a target system, including specially crafted packets, TCP flags, UDP scans, and ping sweeps. Lisa Bock discusses how hackers can identify live systems via protocols, blueprint a network, and perform a vulnerability scan to find weaknesses. She also introduces some of the tools and techniques that hackers use to counter detection via evasion, concealment, and spoofing. In addition, learn how to reduce the threat of tunneling, a method hackers use to circumvent network security.

When it comes to cybersecurity, hacking comes in many colors: white, grey, and black. White hat hackers practice ethical hacking, which involves testing to see if an organization's network is vulnerable to outside attacks. Ethical hacking is key to strengthening network security, and it's one of the most desired skills for any IT security professional. If you're interested in becoming an ethical hacker, or getting started securing your own network, this introduction is for you.Security expert Lisa Bock starts with an overview of ethical hacking and the role of the ethical hacker. She reviews the kinds of threats networks face, and introduces the five phases of ethical hacking, from reconnaissance to covering your tracks. She also covers penetration-testing techniques and tools. The materials map directly to the "Introduction to Ethical Hacking" competency from the CEH Body of Knowledge, and provide an excellent jumping off point for the next courses in this series.

Network security is the keystone of IT security, and an important component of the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). In this installment of Foundations of IT Security, series creator Lisa Bock will cover one of the main topics of the exam: securing an organization's network to keep interconnected systems and data safe. The course introduces security devices such as firewalls and packet inspectors, network isolation, and common security protocols. She also provides an overview of how to protect clients with antivirus software, encrypt offline files, and implement software restriction policies. Finally, she looks at the often-overlooked topics of mobile device and physical security, which includes securing a building's perimeter and the hardware within.

The operating system is where many attacks are targeted, which makes OS-level security just as important to your organization as network security. OS security is a key component of the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). In this course, Foundations of IT Security series creator Lisa Bock will also review user authentication, assigning permissions and Active Directory, along with creating audit policies, and how you can protect servers and email.

Computing and Internet security are everyone's business, but it's especially critical for information technology specialists. Learning the core concepts of operating-system and network-level security helps avoid ongoing threats and eliminate system vulnerabilities. This beginner-level course covers core security concepts and introduces risks such as social engineering, malware, and spyware. Foundations of IT Security series creator Lisa Bock will also go over some basic wireless security best practices, tips for beefing up browser security, and techniques for implementing encryption.

Though technology changes rapidly, the need to assure the confidentiality, integrity, authenticity, and accountability of information does not. Understanding the basics of cryptography is fundamental to keeping your networks, systems, and data secure. In this course, Lisa Bock reviews the historical and present-day uses of encryption, including techniques such as symmetric and asymmetric encryption, algorithms, and hashing. She also reviews message digest and passwords and provides a demonstration of a typical SSL transaction. By the end of this course, you'll have a solid understanding of what it takes to move and store data securely.

Learn how to capture and analyze network traffic with Wireshark, a free, open-source packet analysis tool, and identify congestion issues, suspicious activity, and network intrusions. In this course, Lisa Bock reviews the fundamental concepts underlying Wireshark, such as network analysis and the OSI model, and examines some example packet captures so you can start to understand field values and compare normal to abnormal network behaviors. You'll also be introduced to common attack signatures, display and capture filters, and protocols such as HTTP, TCP, DNS, and FTP.

You've done everything you can to logically secure your systems, along with layering in user education and providing physical security. However, the only way to know if your defenses will hold is to test them. This course looks at one of the most important skills of any IT security professional: penetration testing. A key competency for the Certified Ethical Hacker exam, penetration testing is the process to check if a computer, system, network, or web application has any vulnerabilities. Cybersecurity expert Lisa Bock reviews the steps involved in performing a worthwhile penetration test, including auditing systems, listing and prioritizing vulnerabilities, and mapping out attack points a hacker might target. She also defines the various types of "pen" tests—such as black, grey, and white box; announced vs. unannounced; and automated vs. manual testing—and the techniques and blueprints a pen tester should use to test everything from Wi-Fi to VoIP. Finally, she discusses how to choose and work with an outsourced pen-testing organization, which can bring a valuable outsider's perspective to your IT security efforts.