Certified Network Security Professional (CNSP) & Training Courses From Sec-1

Transcription

1 Certified Network Security Professional (CNSP) & Training Courses From Sec-1

2 About Sec-1 Established in 2001 in Leeds, Sec-1 are Network Security specialists, working in partnership with over 2000 clients throughout the UK. Our aim is to professionalise network security nationally, through the provision of solutions including products and services, assurance and knowledge. Sec-1 works with the UK s leading technology universities, to equip tomorrow s IT Professionals. Sec-1 has developed the Network Security Portal to provide IT Professionals with an online network security community, including forums enabling them to discuss security issues with other leading network security professionals, or pose questions to the Sec-1 experts.

3 Why CNSP? Sec-1 has trained over 1500 IT Professionals in network security. Through speaking with our customers, we have identified that although there are other network security courses available they are either at a very basic or extremely advanced level. The CNSP programme has been developed with today s IT Professional in mind, to develop their practical network security knowledge for day-to-day use in the workplace. The three-course programme takes attendees through the history and future of computer networking, the threats the network is exposed to, and countermeasures that can be used. The ability to test networks for security vulnerabilities and how to carry out a security audit are also covered. Key benefits of the CNSP programme include: Attaining the number one industry-recognised accreditation, endorsed by the UK s leading technology universities A clear pathway to professional status Free access to the Sec-1 Network Security Portal A regular CNSP newsletter keeping you up to date with the latest industry developments Membership of the UK s only professional Network Security body Permission to use the CNSP badge and logo on all communications

4 Overview The CNSP programme is delivered by the UK s leading network security experts, at a range of venues around the country. Completion of each course within the programme gains candidates credits towards the CNSP accreditation. Each separate course within the CNSP structure has a credits value (20 credits per course) upon successful completion of the online exam, with higher levels of accreditation reached as the number of credits increases. Details of course credits are demonstrated in the table below. Associate status is obtained through attending any relevant Sec-1 training course, including the Applied Hacking and Intrusion Prevention courses. The programme is divided into three key modules: Certified Network Security Landscape This one-day course takes attendees through the history of the corporate network and the need for information exchange, the threats that have developed and the countermeasures that can be used. The course has been designed to equip IT Professionals with the skills to securely design their network and develop their network security knowledge. Certified Network Security Assessment Discover the methodologies and techniques used by malicious hackers to gain access to an organisation s network in this one-day course. Candidates start to learn the skills to begin hacking their own systems to discover and fix vulnerabilities. Certified Network Security Engineering This two-day comprehensive course builds upon the knowledge gained during CNSA and equips attendees with the expertise required to audit an internal network as well as externally facing devices.

5 Certified Network Security Landscape The CNSL course is designed to instruct candidates on the essentials of networking, and the growing need for Network Security. The course provides attendees with their first step on the pathway to network security professionalism. Key benefits of the course include: The full scale of knowledge needed to acquire the CNSL qualification 2 free attempts at the CNSL online exam The skills required to design a Network Security policy, in line with best practice Access to the Sec-1 Network Security Portal Comprehensive course documentation, including further reading on the topics covered 20 CNSP credits upon passing the exam 8 CPE credits Overview Attendees will learn the history and future of corporate networking and the development of information exchange. The course will illustrate security breaches and the countermeasures to these risks. The course also equips candidates with knowledge of TCP/IP, enabling ease of progression to the CNSA course.

6 CNSL Course schedule Introduction Meet & Greet Run down of course content A history of the corporate network Single systems Main frames LAN s WAN s Apranet through to internet Understanding TCP/IP Local addressing Routing Name resolution Error control Application support Protocols The OSI model Address resolution protocol Subnetting Hardware subs, switches, VLans, Cabling Operating Systems The rise & fall Microsoft Unix based MAC Countermeasures AV Firewalls packet, application IDS/IPS Content management Logging VPN Authentication passwords, 2 factor authentication, algorithms, certificates, single sign-on Testing auditing, pentesting Encryption Patch management Disaster Recovery Backups Recovery The future of the corporate networks and their risks IVP6 UTM devices Wireless , Bluetooth, infrared, mobile, phones VOIP Threats Hackers Worms Viruses Trojans Back-doors Malicious code Data misuse DoS Human factor Social Engineering Phone Physical

7 Certified Network Security Assessment The Sec-1 CNSA course has been developed to provide network security professionals with the skills they require to effectively assess their networks for vulnerabilities. The course provides a unique insight into a network from a hacker s perspective. Key benefits of this course include: Overview The full scale knowledge to qualify as a CNSA 2 free attempts at the CNSA online exam The skills to assess your network security and eradicate discovered vulnerabilities The ability to protect your business-critical systems and information from malicious attack Free The CNSA toolkit, a collection of the latest scanning, hacking and cracking tools 20 CNSP credits upon passing the exam Free access to the Sec-1 Network Security Portal 8 CPE credits The Certified Network Security Assessment course is a hands-on hacking experience employing tools and techniques as used by malicious intruders and experienced hackers. During the course attendees will perform live hacking exercises against a mock network including a web server, a mail server, SQL server and a firewall system.

8 CNSA Course Schedule Hacking Overview 4 steps to intrusion Footprinting the target Enumerating the application Port scanning Vulnerability exploitation Attack Methods Protocol attacks Man in the middle attack ARP cache poison attack Hijacking connections using MITM attacks IP spoofing Application attacks Stack overflow details Hijacking the return address Buffer overflow exploitation Vulnerability scanners Attack Lab 3 Using 0-day exploits Exploit an SMTP server Install a dynamic packet sniffer Capture and passwords Advanced Hacking Bespoke applications Input validation SQL injection Attack Lab 4 SQL injection Bypassing authentication forms Executing stored passwords Question & Answer session Attack Lab 1 Install the CNSA toolkit ARP cache poison attack using Ettercap Hijack a connection Steal confidential data Bypassing Perimeter Defences Firewall technologies Common firewall misconfigurations Advanced bypassing techniques Password Cracking FTP, POP3, HTTP, IMAP Windows NT/2000 passwords Time-memory trade off cracking Using LOpht crack Using Rainbow crack Attack Lab 2 Identify a vulnerable web server Using a CGI scanner Using the CNSA toolkit to gain administrator access Install 2 backdoors Crack OS passwords

9 Certified Network Security Engineering The CNSE course takes place over two days, expanding the scope of the CNSA course, providing attendees with the skills and knowledge required to perform a security audit and generate a security audit report. The CNSE course will enable candidates to protect network resources and business assets against the latest threats. Key benefits of this course include: The full scale of knowledge required to take the CNSE online exam 2 free attempts at the CNSE online exam The ability to audit internal networks and externally facing devices The skills to produce a security audit report Free access to the Network Security Portal Free CNSE toolkit, a collection of scanning, hacking and cracking tools 20 CNSP credits 16 CPE credits Overview This fascinating two-day course is designed as a hands-on hacking experience, demonstrating the tools and techniques commonly used by malicious hackers and the countermeasures IT Professionals may deploy. During the course each candidate will learn to attack a large number of different operating systems including Linux, Windows NT/2000/2003 and Solaris. Each segment of the course is concluded with a countermeasures session discussing how each attack could be circumvented.

10 CNSE Course Schedule Day 1 Scoping the Test TCP tracaroute Scoping the test Contracts Third party hosts Your operating environment Advanced Network Mapping Mapping internal networks Operating system identification Identifying domains and domain members Fine tuning Nmap Attack Lab 1: Network Mapping Performing host discovery Identifying operating systems Identifying key servers using master browser enumeration Attack Lab 2: Advanced Port Scanning Optimised Nmap scan Application mapping (AMAP) Version mapping (VMAP/NMAP) Vulnerability Assessment Using Nessus Installing & configuring Nessus Using NessusWX Generating reports Identifying false positives Exploiting Vulnerabilities Obtaining exploit code Payload types The Metasploit Framework Exploitation Archive Exploit archive structure The Metasploit framework Attack Lab 3: Vulnerability Assessment Perform a vulnerability assessment Generate a report in.pdf format Windows Enumeration Windows RPC services Windows NetBios service SNMP services RID cycling Restrict Anonymous demystified Windows 2003 enumeration Enumeration countermeasures Attacking Windows Hosts Brute force password cracking Advanced word list creation Password cracking via WMI Executing commands remotely Password cracking countermeasures Common Windows vulnerabilities Vulnerability countermeasures Attack Lab 5: Windows 2000 Enumeration & Brute Force Password Cracking Enumerate usernames via RID Cycling Brute force password cracking via WMI Gain control (remote code exec) Windows Password Cracking Dictionary and brute force attacks (local) Time-memory-trade-off cracking Ophcrack and Rainbow crack Attack Lab 7: Advanced Password Cracking Exploit a Windows vulnerability Extract password hashes Using time-memory-trade-off cracking to obtain administrator password Question & Answer Session End Day One Attack Lab 4: Exploit a Vulnerability Exploit a remote vulnerability and add an administrative user

11 CNSE Course Overview Day 2 Attacking Unix Hosts Unix Enumeration Enumerating users Auth/Ident Fingered Rusers/Rwho SNMP LDAP TCP/IP finger printing Enumeration countermeasures Attacking Unix Hosts This section of the course will concentrate on Linux and Solaris operating systems. Attacking SSH Attacking R-Services Exploiting X server vulnerabilities NFS Attacking SAMBA Unix countermeasures Attack Lab 8: Hacking Unix Enumerate users on a Unix system Dictionary attack SSH2 Gain low level access Privilege escalation to root Local Unix vulnerabilities Kernel vulnerabilities Uploading local exploits Common privilege escalation vulnerabilities Countermeasures Attack Lab 9: exploiting X Server Identify weak XHOST enabled X servers Hijack X server using XRC Attacking Web Applications Examining HTTP Attacking upload scripts Directory transversal attacks Attacking logon forms Bypassing filters using encoding countermeasures Advanced SQL Injection SQL injection fundamentals Fingerprinting the database SQL injection in MSSQL and MySQL Bypassing PHP GPC_MAGIC_QUOTES Using the exclusive Sec-1 Automatic SQL Injector Toolkit Reading table data Enumerate SQL table information Executing malicious code Countermeasures Attack Lab 12: Data Mining Using SASI Identify SQL injection vulnerabilities Using SASI to extract SQL table data Attack Lab 13: SQL Privilege Escalation Elevate privileges to sa and obtain remote control of an SQL server Hacking IIS 6 IIS permissions Attacking applications implemented on IIS 6 IIS web shells Furthering access into the network Question & Answer Session End of Day 2 Attack Lab 10: Unix Remote Root Exploit a remote root vulnerability Obtain/etc/shadow Crack root password Attack Lab 11: Hacking Upload Scripts Exploit dictionary transversal Exploit an upload system Hack web server

12 Wireless Hacking & Countermeasures Wireless Hacking and Countermeasures is a two day course which will provide attendees with the knowledge and skills required to protect their organisation from the vulnerabilities caused by wireless networking; whether using wireless networks or not. Wireless technology presents a threat to all networks and is a growing area of concern for many IT Professionals. Key benefits of this course include: Understand the 3 main threats to all networks posed by wireless technologies Learn to implement a secure wireless network Gain the skills to assess wireless networks for vulnerabilities Discover how to defend your wired network and remote/home users from attack Learn how to implement a secure wireless policy for your organisation, whether you utilise wireless technology or not Access to the Sec-1 Network Security Portal 16 CPE credits Overview The course is delivered through a series of instructor lead tutorials and handson labs. Attendees will discover the three main threats to any network, presented by wireless networks: Rogue access points Weak wireless implementation Poor maintenance and administration Candidates will learn how a malicious hacker would exploit these vulnerabilities and the countermeasures that can be used to combat these threats.

13 Wireless Hacking & Countermeasures Day 1 Course Overview What Are Wireless Networks? x IrDA Bluetooth Why x is the focus of this course Building the Wireless Toolkit Access points What chipsets do we need in our wireless cards? Operating systems Software Resources Roles of Wireless Networks Access point role Distribution role Core role How Wireless Networks Operate Normal wireless communication Promiscuous mode Monitor mode Configuring Wireless Cards for Use in Pentests Management modes Power settings Channel numbers ESSID BSSID MAC addresses Antennas Pigtails and amplifiers Wide Open Access Points No Security Performing packet captures Examining the contents Filtering for sensitive information Malicious attacks Attack Lab 2: No Filtering, No Encryption The World Is Our Oyster Capture packets using Ethereal Examine packets for sensitive information Compromise users/identities MAC Address Filtering on the Access Point What is MAC address filtering? Capturing packets regardless Stealing a legitimate connections MAC address and associating to the AP using it Countermeasures Attack Lab 3: Bypassing MAC Address Filtering and Closed SSIDs Capturing packets using Airodumping Viewing captured packets in Ethereal Recording MAC addresses of legitimate connections Taking over MAC addresses Associating to access point End of day one Lab: Configuring the Wireless Card Installing the drivers Wireless Network Discovery Wardriving and its derivatives Classifying the networks Mapping the networks using Kismet and GPS placement Attack Lab 1: Access Point Mapping Installing Kismet Configuring Kismet Performing access point discovery Deciphering the results Classifying the networks Recording the findings Kismetlog-viewer

14 Wireless Hacking & Countermeasures Day 2 Course Overview A Brief Look at Cryptology How cryptology works Exploiting WEP What is WEP? Why WEP is insecure Why WEP wont go away Accumulating required amount of packets Breaking WEP with the FMS attack Other ways to bypass WEP Tools needed for cracking WEP Attack Lab 4: Attacking WEP Capture packets using a packet sniffer Identifying the WEP encryption key using the FMS attack Brute forcing the WEP key Looking at the Weaknesses in WPA Precomputing WPA PMK to crack WPA PSK WPA with TKIP Attack Lab 5: Cracking WPA Capturing the required amount of packets Dictionary attacking the WPA PSK using Cowpatty Rogue Access Points Forcing a client to use a rogue access point Setting up rogue websites and DNS entries Enumerate sensitive information from the rogue websites IDS/IPS Systems What is the difference between IDS and IPS? What are we looking for? Responding to threats identified Attack Lab 6: Running an IDS System Installing Snort-Wireless Configuring Snort Attempt an attack Identify attack occurring Actively stop the attack WPA The Next Generation of Security WPA WPA2 TKIP CCMP Honeypots Stopping wardriving/network mappers Distracting attacks away from the legitimate wireless network Recording malicious activity Using to test security measures Attack Lab 7: Setting up a Honeypot Install and configure a honeypot Create fake traffic to make access point more realistic Launch attack against the honeypot access point Capture the attack against the access point Question & Answer session Physical Flaws of Access Points Buffer Overflows SNMP Wireless Defences Overview

15 Miscellaneous Training As experts in the field of Network Security, Sec-1 offers many vendor-specific training courses that may benefit you and your team. For more information about these courses please ask your Account Manager. We can also tailor courses to meet the needs of your organisation and IT team, to discuss your requirements please speak to your Account Manager.