Course Syllabus: Endpoint Security

Class Overview
 Total Duration: 36 Hours
 Structure: 12 Days, 3 Hours per Day
 Delivery: Interactive, hands-on sessions with practical labs and simulated real-world
scenarios.
 Outcome: Students will acquire practical endpoint security skills, ready to implement,
monitor, and respond to endpoint threats in enterprise environments.
Course Description
This professional course focuses on implementing, managing, and securing endpoint devices.
Students will gain hands-on experience in configuring endpoint protection tools, responding to
incidents, and hardening endpoint systems against modern threats. The course will prepare
students for real-world roles in cybersecurity, such as Security Analyst, Endpoint Administrator,
and SOC Analyst.
Learning Objectives
By the end of the course, participants will:
1. Understand the principles of endpoint security and its role in enterprise environments.
2. Harden endpoint systems (Windows, Linux) and configure security policies.
3. Deploy, configure, and use endpoint detection and response (EDR) tools.
4. Monitor endpoint logs, detect threats, and respond to security incidents.
5. Develop incident response plans and execute remediation steps.
6. Document and report on endpoint security operations.

Course Content:
Module 1: Introduction to Endpoint Security
Duration: 3 Hours
 What is Endpoint Security? Overview and Importance in Modern IT Environments.
 Common Endpoint Threats: Malware, Phishing, Ransomware, and Insider Threats.
 Tools and Technologies for Endpoint Security: Antivirus, EDR, XDR.
 Practical: Setting up a Virtual Lab Environment (Windows, Linux, MacOS) for Endpoint
Security Testing.
Module 2: Hardening Endpoint Operating Systems
Duration: 6 Hours
 Windows Endpoint Hardening:
o Securing User Accounts: Password Policies, Multi-Factor Authentication (MFA).
o Configuring Group Policy Objects (GPO) for Security.
o Disabling Unnecessary Services and Ports.
 Linux Endpoint Hardening:
o Managing Permissions, Sudoers, and File Ownership.
o Configuring iptables/UFW and disabling unused services.
o Implementing SELinux/AppArmor for additional security.
 Practical: Hardening a Windows and Linux system against potential threats.
Module 3: Endpoint Detection and Response (EDR)
Duration: 6 Hours
 Understanding EDR: What it is, How it Works, and Key Features.
 Setting up EDR Solutions: Installing and Configuring Tools (e.g., CrowdStrike,
SentinelOne, Microsoft Defender for Endpoint).
 Analyzing Endpoint Data for Threat Detection.
 Practical:
o Deploying EDR Agents on Lab Systems.
o Simulating an Endpoint Attack and Analyzing EDR Logs for Detection.
Module 4: Malware Protection and Mitigation
Duration: 3 Hours
 Understanding Malware: Types (Viruses, Trojans, Worms, Spyware).
 Deploying Antivirus Solutions and Real-Time Scanning.
 Configuring Sandboxing and Quarantine Features.
 Practical:
o Using Open-Source Tools to Detect and Remove Malware.
o Simulating Malware Scenarios and Testing Endpoint Protections.
Module 5: Endpoint Encryption and Data Protection
Duration: 3 Hours
 Understanding Data Encryption Techniques: Full Disk Encryption, File-Level Encryption.
 Configuring Encryption Tools: BitLocker (Windows), LUKS (Linux).
 Protecting Removable Devices: USB Encryption and Access Control.
 Practical:
o Enabling and Testing Full Disk Encryption on Endpoint Devices.
o Encrypting and Decrypting Sensitive Files.
Module 6: Endpoint Patch Management
Duration: 3 Hours
 Importance of Keeping Endpoints Updated.
 Automating Patch Management with Tools (e.g., WSUS, SCCM, Ansible).
 Testing and Verifying Patches Before Deployment.
 Practical:
o Scanning for Missing Patches on Endpoint Devices.
o Configuring and Automating Patch Deployment.
Module 7: Securing Endpoint Network Connectivity
Duration: 6 Hours
 Configuring Endpoint Firewalls: Windows Defender Firewall, UFW (Linux).
 Implementing Secure Remote Access: VPNs and Remote Desktop Protocol (RDP)
Hardening.
 Preventing Lateral Movement: Limiting Administrative Privileges and Network
Segmentation.
 Practical:
o Setting Up a VPN Connection on an Endpoint Device.
o Configuring and Testing Firewall Rules for Network Traffic.
Module 8: Endpoint Backup and Recovery
Duration: 3 Hours
 Planning and Implementing Endpoint Backup Strategies: Local and Cloud Backups.
 Configuring Backup Tools: Veeam, Acronis, and Built-in OS Tools.
 Disaster Recovery Testing: Simulating Endpoint Data Loss Scenarios.
 Practical:
o Performing a Full Backup and Restoration of an Endpoint System.
o Verifying Data Integrity Post-Restoration.
Module 9: Endpoint Security Monitoring and Reporting
Duration: 3 Hours
 Setting Up Centralized Logging and Monitoring with SIEM Tools (e.g., Splunk, ELK
Stack).
 Analyzing Endpoint Logs for Anomalies and Indicators of Compromise (IOCs).
 Configuring Alerting Mechanisms for Endpoint Threats.
 Practical:
o Aggregating Endpoint Logs to a SIEM System.
o Creating Custom Alerts for Specific Threat Patterns.
Module 10: Endpoint Security Incident Response
Duration: 4 Hours
 Preparing an Incident Response Plan for Endpoint Attacks.
 Investigating Endpoint Breaches: Identifying and Containing Threats.
 Remediation and Recovery Techniques for Compromised Endpoints.
 Practical:
o Simulating a Ransomware Attack on an Endpoint.
o Executing a Complete Incident Response Process (Detection, Containment,
Remediation, Recovery).
Capstone Project: Endpoint Security Implementation
Duration: 4 Hours
Objective: Secure an enterprise-like environment consisting of multiple endpoints.
Tasks:
1. Hardening Windows and Linux endpoints.
2. Deploying and configuring an EDR solution.
3. Setting up endpoint firewalls and network security.
4. Configuring backups and testing restoration.
5. Creating a professional report documenting the endpoint security setup, detected incidents,
and implemented solutions.
Course Key Deliverables
1. Hands-On Experience: Students will have practical experience with endpoint security
tools and technologies.
2. Incident Response Skills: Simulated scenarios ensure students are ready for real-world
endpoint security breaches.
3. Capstone Project: A comprehensive project that demonstrates students’ ability to
implement, secure, and manage endpoint security in an enterprise environment.
Assessment Plan
1. Participation: 10%
2. Lab Assignments: 30%
3. Capstone Project: 40%
4. Final Exam: 20%
Class Schedule

Day Module Topic Activity

Week 1

Module 1: Introduction Overview of Endpoint Setting up a Virtual Lab

Day 1
to Endpoint Security Security Environment

Common Endpoint Threats

and Protections

Module 2: Hardening Hardening Windows Configuring GPOs, MFA,

Day 2
Endpoint OS Endpoints and Disabling Services

Implementing SELinux and

Hardening Linux Endpoints
iptables

Module 3: Endpoint
Installing and Configuring
Day 3 Detection & Response Understanding EDR Concepts
EDR Tools
(EDR)

Analyzing Endpoint Threat Simulating an Endpoint

Data Attack

Module 4: Malware Malware Types and Detecting and Removing

Day 4
Protection Protections Malware in a Lab
Day Module Topic Activity

Sandboxing and Quarantine

Features

Module 5: Endpoint Configuring BitLocker and

Day 5 Data Encryption Techniques
Encryption LUKS

USB Device Encryption and

Access Control

Configuring WSUS,
Module 6: Endpoint Automating Patch
Day 6 SCCM, or Ansible for
Patch Management Management
Patching

Testing and Verifying Patches

Week 2

Module 7: Securing
Configuring Endpoint Setting Up VPN and
Day 7 Endpoint Network
Firewalls (Windows/Linux) Hardening RDP Access
Connectivity

Limiting Administrative
Privileges

Module 8: Endpoint Performing Full Backup and

Day 8 Planning Backup Strategies
Backup and Recovery Restoration

Testing Disaster Recovery

Scenarios

Module 9: Endpoint
Day 9 Centralized Log Aggregation Setting Up SIEM Tools
Security Monitoring

Detecting Anomalies and

Creating Alerts and Reports
Indicators of Compromise

Module 10: Incident Investigating Endpoint Simulating a Ransomware

Day 10
Response Breaches Attack
Day Module Topic Activity

Containment, Remediation,
and Recovery

Capstone Project:
Secure a Multi-Endpoint Lab End-to-End Security
Day 11 Endpoint Security
Environment Implementation
Implementation

Testing System Hardening and

Security Policies

Comprehensive Review of Hands-On Final Exam and

Day 12 Final Assessment
Endpoint Security Feedback

Q&A and Recommendations

for Career Advancement

Instructor Information
 Instructor Name:
 Contact Information: