CIW

CIW: Web Security Associate (1D0-671)

Learn the best practices to outsmart cyber attackers, keep your web safe, and pass the CIW 1D0-671 exam.

(1D0-671) / ISBN : 978-1-64459-147-5
This course includes
Interactive Lessons
Gamified TestPrep
Hands-On Labs
AI Tutor (Add-on)
54 Reviews
Get A Free Trial

About This Course

The CIW Web Security Associate course aligns with 1D0-671 exam objectives thoroughly and discusses network security principles. You’ll get a hands-on look at the latest security protocols and how to protect against threats like malware, phishing, and ransomware. The CIW Web Security Associate certification course also covers incident response, teaching you how to detect, distract, and deter cyber-attackers. In addition, you’ll learn important security strategies, gain insights into encryption techniques, and practice real-world scenarios to strengthen your knowledge. 

Skills You’ll Get

  • Identify common security threats and vulnerabilities in networks and wireless environments. 
  • Implement firewall configurations and VPNs to safeguard sensitive data.
  • Analyze cyber-attack statistics to understand and anticipate potential threats. 
  • Deploy security policies that cover data encryption, authentication, and access control. 
  • Evaluate security threats from trusted users and anonymous sources. 
  • Recognize different types of network attacks, such as DoS, DDoS, and man-in-the-middle. 
  • Apply encryption methods like symmetric and asymmetric keys to secure communications. 
  • Build, manage, and monitor trust relationships and public-key infrastructure (PKI) systems. 
  • Practice incident response techniques to handle security breaches. 
  • Conduct system and network vulnerability assessments. 
  • Strengthen physical and network security protocols across multiple devices. 
  • Use protocol analyzers and IP routing to monitor and troubleshoot network issues. 
  • Configure and secure web technologies, servers, and wireless networks. 
  • Build a layered defense strategy (Defense in Depth) for enhanced security. 
  • Execute proactive detection measures to deter and distract cyber-attackers.

 

Download Course Outline

1

What Is Security?

  • What Is Security?
  • Network Security Background
  • Wireless Network Technologies and Security
  • IEEE 802.11 Wireless Standards
  • Wireless Network Security Problems
  • Wireless Network Security Solutions
  • Convergence Networking and Security
  • Firewall Practices Applied to Virtual LANs (VLANs)
  • Cyber-attacker Statistics
  • The Myth of 100-Percent Security
  • Attributes of an Effective Security Matrix
  • What You Are Trying to Protect
  • Lesson Summary
2

Security Threats

  • Who Is the Threat?
  • Security Threats from Trusted Users
  • Anonymous Downloads and Indiscriminate Link-Clicking
  • Security Standards
  • Wireless Networking Modes
  • Wireless Application Protocol (WAP)
  • Site Surveys
  • Web Technologies
  • Greynet Applications
  • Sensitive Data and Data Classifications
  • Vulnerabilities with Data at Rest
  • Data and Drive Sanitizing
  • Lesson Summary
  • Optional Lab
3

Elements of Security

  • Security Elements and Mechanisms
  • Security Policy
  • Determining Backups
  • Encryption
  • Authentication
  • Specific Authentication Techniques
  • Access Control
  • Auditing
  • Security Tradeoffs
  • Defense in Depth Strategy
  • Lesson Summary
  • Optional Lab
4

Applied Encryption

  • Reasons to Use Encryption
  • Creating Trust Relationships
  • Symmetric-Key Encryption
  • Symmetric Algorithms
  • One-Way (Hash) Encryption
  • Asymmetric-Key Encryption
  • Applied Encryption Processes
  • Encryption Review
  • Certification Authority (CA)
  • Full/Whole Disk Encryption
  • Lesson Summary
  • Optional Lab
5

Types of Attacks

  • Network Attack Categories
  • Brute-Force, Dictionary, and Password Spraying Attacks
  • Rainbow Tables, Pass-the-Hash, and Birthday Attacks
  • Password Storage Techniques
  • System Bugs and Back Doors
  • Malware (Malicious Software)
  • TLS encryption
  • Social Engineering Attacks
  • Denial-of-Service (DoS) Attacks
  • Distributed Denial-of-Service (DDoS) Attacks
  • Spoofing Attacks
  • Scanning Attacks
  • Man-in-the-Middle Attacks
  • Bots and Botnets
  • Ransomware
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Auditing
  • Lesson Summary
  • Optional Lab
6

General Security Principles

  • Common Security Principles
  • Be Paranoid
  • You Must Have a Security Policy
  • No System or Technique Stands Alone
  • Minimize the Damage
  • Deploy Companywide Enforcement
  • Provide Training
  • Use an Integrated Security Strategy
  • Place Equipment According to Needs
  • Identify Security Business Issues
  • Consider Physical Security
  • Lesson Summary
  • Optional lab
7

Protocol Layers and Security

  • TCP/IP Security Introduction
  • OSI Reference Model Review
  • Data Encapsulation
  • The TCP/IP Stack and the OSI Reference Model
  • Link/Network Access Layer
  • Network/Internet Layer
  • Transport Layer
  • Application Layer
  • Protocol Analyzers
  • Domain Name Service
  • Trusted Platform Modules and Microsoft BitLocker
  • Change Management
  • Lesson Summary
  • Optional Lab
8

Securing Resources

  • TCP/IP Security Vulnerabilities
  • Implementing Security
  • Resources and Services
  • Protecting TCP/IP Services
  • Simple Mail Transfer Protocol (SMTP)
  • Bring Your Own Device (BYOD)
  • Internet of Things (IoT)
  • Communication Systems
  • Physical Security
  • Testing Systems
  • Security Testing Software
  • Security Assessments
  • Security and Repetition
  • Lesson Summary
  • Optional Lab
9

Firewalls and Virtual Private Networks

  • Access Control Overview
  • Definition and Description of a Firewall
  • The Role of a Firewall
  • Firewall Terminology
  • Operating System and Network Device Hardening
  • Firewall Configuration Defaults
  • Packet Filter Rules
  • Packet Filter Advantages and Disadvantages
  • Configuring Proxy Servers
  • URL Filtering
  • Remote Access and Virtual Private Networks (VPNs)
  • Public Key Infrastructure (PKI)
  • Cloud Computing and Virtualization
  • Lesson Summary
  • Optional Lab
10

Levels of Firewall Protection

  • Designing a Firewall
  • Types of Bastion Hosts
  • Hardware Issues
  • Common Firewall Designs
  • Putting It All Together
  • Lesson Summary
  • Optional Lab
11

Detecting and Distracting Cyber-Attackers

  • Proactive Detection
  • Distracting the Cyber-Attacker
  • Deterring the Cyber-Attacker
  • Lesson Summary
12

Incident Response

  • Risk Management, Mitigation, and Incident Response
  • Creating an Incident Response Policy
  • Determining If an Attack Has Occurred
  • Executing the Response Plan
  • Analyzing and Learning
  • Lesson Summary
A

Appendix A: Web Security Associate-v2.0 Objectives and Locations

B

Appendix B: Works Cited

1

What Is Security?

  • Causing a Darkcomet Trojan Infection
2

Security Threats

  • Analyzing Traffic Captured from Site Survey Software
  • Installing a Wardriving Application and Analyzing a Site Survey Capture
3

Elements of Security

  • Creating an Execution Control List for the su Command in Linux
  • Configuring an Execution Control List in Windows Server
  • Viewing and Modifying Default Access Control Settings
  • Configuring and Administering an Apache Web Server
4

Applied Encryption

  • Encrypting and Decrypting a File Using AES Crypt
  • Exporting and Importing Public Keys Using Kleopatra
  • Using MD5 Hash Algorithms
  • Generating a Key Pair Using Kleopatra
  • Encrypting and Decrypting Messages Using Kleopatra
  • Installing GPG4win on Windows Server
  • Generating a Key Pair Using GPG for Linux
5

Types of Attacks

  • Viewing the Effects of Hostile JavaScript in the Browser
  • Using John the Ripper in Windows Server
  • Capturing a Packet Using Wireshark
  • Monitoring the Denial-of-Service (DoS) Attack
  • Conducting a Virus Scan in Windows to Help Thwart Attacks
  • Identifying and Analyzing Network-based Attacks
  • Identifying and Analyzing the Land and Teardrop Attacks
  • Analyzing a Smurf attack
  • Generating and Analyzing a SYN Flood in a Packet Sniffer
  • Observing SHA-Generated Hash
  • Conducting and Analyzing a SYN flood Using Linux and Windows Server
  • Scanning a Network Using Nmap
  • Performing a MITM Attack
6

General Security Principles

  • Increasing Physical Security Using the Syskey Utility
7

Protocol Layers and Security

  • Obtaining IP Route Information from the IP Routing Table
  • Obtaining an IP Version of a Network Adapter
  • Obtaining Information about an IP Version
  • Getting Information about the Current Connection Statistics of TCP
  • Getting the TCP Settings
  • Getting Information about the UDP Ports
  • Getting Information about the TCP Ports
  • Getting Information about the Current Connection Statistics of UDP
  • Getting the UDP Settings
  • Getting Information about the DNS
  • Using the iptables Command to Create a Personal Firewall in Linux
8

Securing Resources

  • Scanning Systems in Ubuntu Linux
  • Securing the FTP Service
  • Securing an Apache Web Server
9

Firewalls and Virtual Private Networks

  • Obtaining Information about the Net Firewall Profile
  • Installing the Remote Access Role
10

Detecting and Distracting Cyber-Attackers

  • Installing and Deploying Tripwire in Linux
  • Setting a Logon Tripwire Script in Windows Server

Any questions?
Check out the FAQs

Discover more details about the CIW Web Security Associate exam prep course.

Contact Us Now

To be CIW Web Security Associate certified, you need to pass the 1D0-671 certification exam. The CIW 1D0-671 exam objectives include defining the significance of network security, identifying various elements of an effective security policy, defining encryption and the encryption methods used in internetworking, using universal guidelines and principles of effective network security to create effective specific solutions, applying security principles, and planning a firewall system that incorporates multiple levels of protection.

The CIW Web Security Associate certification exam cost is around 150 USD.

This Web Security Associate certification is ideal for anyone looking to gain a solid foundation in web security, including IT professionals, network administrators, and anyone interested in enhancing their cybersecurity skills.

Earning a CIW Associate certification can enhance your resume, demonstrate your knowledge of web security, and open up new job opportunities in the cybersecurity field.

With this CIW Web Security Associate online course, you can pursue roles such as Network Security Analyst, IT security specialist, cybersecurity consultant, and more.

Hack-Proof Your Web Security Skills

  Gear up to tackle online threats, secure networks, and achieve CIW security certification online.

$ 249

Buy Now

Related Courses

All Course
scroll to top