How To Teach Network Security Administrator (Ensa)

Transcription

1 EC-Council Network Security Administrator (Exam ) Page 1

2 EC-Council NSA is CNSS 4011 Certified The Committee on National Security Systems (CNSS)/National Security Agency (NSA) of the United States of America certified EC-Council s Network Security Administrator (ENSA) course as having met 100% of the requirements as set out by the Committee on National Security Systems (CNSS) National Standards This certification is managed by the Information Assurance Courseware Evaluation (IACE) Program, National INFOSEC (Information Security) Education and Training Program and is administered by the U.S. National Security Agency (NSA). The Committee on National Security Systems (CNSS) and National Security Agency (NSA) has developed a nationally recognized certification program based on NSTISSI standards. The CNSS/NSA Certification is a government class certification that is recognized as the National Training Standard for Information Security Professionals Students who have obtained these certifications would have demonstrated a solid grasp of the principles as outlined in the 4011 standard. With this, EC-Council has joined the ranks of the organizations United States Air Force Academy, United States Military Academy, Air Force Institute of Technology and Carnegie Mellon University; all of whom have attained the National Training Standard for Information Security Professionals - the CNSS Introduction The EC-Council's Network Security Administrator certification looks at the network security in defensive view while the CEH certification program looks at the security in offensive mode. The ENSA program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization s information. Students will learn how to evaluate network and Internet security issues and design, and how to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them. The ENSA Course is for experienced hands in the industry and is backed by a curriculum designed by the best in the field. Students can gain greater industry acceptance as seasoned Network Security professional. Students learn to configure firewalls, intrusion detection systems and AV systems. Develop effective security policy in the company. Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization s information. Students will learn how to evaluate network and Internet security issues and design, and how to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them. Target Audience This course will significantly benefit System Administrators, System Engineers, Firewall Administrators, Network Managers, IT Managers, IT Professionals and anyone who is interested in network security technologies. Course Duration 5 days Page 2

3 ENSA v4 Course Objective Module 01: Fundamentals of Computer Network 1. Key elements of network 1.1. Nodes 1.2. The Network Backbone 1.3. Segments 1.4. Subnets 2. Logical Elements of Network 2.1. IP Addresses IP Address Space Assignment of IP Address Prefix Based Addressing Pre Interface based Assignment Virtual Addresses Dynamic Addressing Static Addressing 2.2. Domain Name System Domain Names Creating a new Domain Name Components Of DNS Domain Namensraum Name servers Resolver Securing DNS Services 2.3. Gateways Working of Gateway Functional Categories of Gateway Devices Data Gateway Multimedia Gateway Home Control Gateway 3. Types of network media 3.1. Historical vs. Current communication Methodology 3.2. Asynchronous vs synchronous 3.3. Wired media or Bounded Network Media Dedicated line 3.4. Optical remanence Page 3

4 3.5. Magnetic remanence Twisted pair cable Shielded Twisted Pair Unshielded Twisted Pair Coaxial cable or copper cable Fiber-optic cable Plenum and PVC cable 3.6. Wireless Transmission Infrared transmission Microwave Transmission Satellite Transmission Line of Sight Radio frequency (e.g., bandwidth) 3.7. Public switched network 3.8. Emanations security 4. Media Access Methods Multiplexed Media Access TDM FDM Polling Token-Based Media Access CSMA/CD CSMA/CA Contention Domains 5. Automated Information Systems (AIS) 5.1. Historical vs. Current Technology 5.2. Hardware Distributed vs. stand-alone Micro, mini, mainframe processors Components Input, output, central processing unit (CPU) 5.3. Software 5.4. Memory Sequential Random Volatile vs. nonvolatile 6. Critical information characteristics Page 4

5 6.1. Confidentiality 6.2. Integrity 6.3. Availability 7. Information states 7.1. Transmission 7.2. Storage 7.3. Processing 8. Operations Security (OPSEC) 8.1. OPSEC process 8.2. INFOSEC and OPSEC interdependency 8.3. Unclassified indicators 8.4. OPSEC surveys/opsec planning 9. Object reuse(computer security) 10. OSI Model Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer 11. Transmission Modes Simplex Half Duplex Full Duplex 12. Types of Transmission Serial Data Transmission Parallel Data Transmission Unicast Transmission Multicast Transmission 13. Logical Network Classification Client Server networking Peer to peer networking Mixed Mode Networking 14. Network Topologies Sharing of data Sharing of devices Page 5

6 14.3. File servers Bus Linear Bus Distributed Bus Star or Hub Extended Star Distributed Star Star-Wired ring Ring Mesh Tree Hybrid Topology 15. Physical Network Classification LAN WAN MAN PAN CAN GAN 16. Network Equipments Network Interface Cards Access Points Switches Concentrators/hub Modem Asynchronous vs. synchronous Router Brouter Bridges Adapters Network Load Balancers Repeaters Gateways Transceivers Converters Terminals Page 6

7 Module 02: Network Protocols 1. Introduction to protocols 2. Implementing Network protocols 2.1. Introduction to TCP/IP 2.2. Configuring TCP/IP 2.3. Configuring Netware Links 2.4. Managing TCP/IP 2.5. Network Classes Class A Class B Class C Class D Class E 2.6. Terminal Emulation Protocol (TELNET) of TCP/IP 2.7. TELNET: Vulnerabilities 2.8. Network News Transfer Protocol 2.9. Network News Transfer Protocol: Vulnerabilities 3. Application Layer Protocols 3.1. Voice Over Internet Protocol (VoIP) 3.2. Boot Strap Protocol (BOOTP) 3.3. Data Link Switching Client Access Protocol(DCAP) 3.4. Dynamic Host Configuration Protocol (DHCP) 3.5. Domain Name System(service) Protocol (DNS) 3.6. File Transfer Protocol (FTP) 3.7. Trivial FTP (TFTP) 3.8. FTP and Trivial FTP: Vulnerabilities 3.9. Network Time Protocol Network News Transfer Protocol Simple Network Management Protocol(SNMP) and Its Versions Internet Relay Chat Protocol(IRCP) Service Location Protocol(SLP) Hyper Text Transfer Protocol (HTTP) Hyper Text Transfer Protocol Secure (HTTPs) 4. Presentation Layer Protocol 4.1. Light Weight Presentation Protocol(LWPP) 5. Session Layer Protocol 5.1. Remote Procedure Call Protocol(RPC) Page 7

8 6. Transport Layer Protocols 6.1. Reliable Data Protocol(RDP) 6.2. Transmission Control Protocol(TCP) 6.3. User Datagram Protocol(UDP) 6.4. TCP, UDP: Attacks and Countermeasures 7. Network Layer Protocols 7.1. Routing Protocols Border Gateway Protocol(BGP) Exterior Gateway Protocol(EGP) Internet Protocol and its versions Internet Control Message Protocol(ICMP) &V The Internet Group Management Protocol (IGMP) ICMP Router Discovery Protocol(IRDP) Mobility Support Protocol for IP(Mobile IP) Network Address Resolution Protocol Next Hop Resolution Protocol Open Shortest Path First(OSPF) protocol Routing Information Protocol 7.2. Multicasting Protocols Border Gateway Multicast Protocol Distance Vector Multicast Protocol Internet Group Management Protocol 7.3. Other Network Protocols The NetBEUI Protocol Remote Authentication Dial-in User Service(RADIUS) VoIP 8. Data link Layer Protocol 8.1. Address Resolution Protocol(ARP) Vulnerabilities and Security Measures 8.2. Network Address Resolution Protocol (NARP) 8.3. Reverse Address Resolution Protocol(RARP) Module 03: Protocol Analysis 1. Overview of tcp/ip 1.1. Streams 1.2. Reliable delivery 1.3. Network adaption 1.4. Flow control 2. Relation to other Protocol Page 8

9 3. Tcp/ip Protocol suite 3.1. Network Interface Layer 3.2. Internet Layer 3.3. Transport layer 3.4. Application Layer 4. Windowing 5. Sliding Window 6. Acknowledgement 7. TCP 7.1. Tcp header format Source port Destination port Sequence Number Acknowledgement Number Data offset Reserved Control Bits Window Checksum Urgent Pointer Options Data 7.2. TCP Interface User/TCP Interface User /TCP Commands Open Send Receive Close Status Abort TCP/lower -level Interface TCP/lower level Commands Open call Listen state Send Call Receive Call Close Call Abort Call Status call 7.3. Algorithms in TCP Appropriate byte Counting(ABC) Additive Increase Multiplicative Decrease(AIMD) Selective Acknowledgement(SACK) TCP Friendly Rate Control(TFRC) 7.4. TCP Checksum Calculation 7.5. Performance Estimation in TCP Round Trip Time Estimation 7.6. Problems related to TCP Packet Replication Checksum Error Out of order data delivery Bottleneck Bandwidth Packet Loss Page 9

10 8. IP 8.1. Overview of IP 8.2. IP Header Format Version IHL Type of Service Precedence Delay Throughput Reliability Total Length Identification Flags Fragment Offset Time to live Protocol Header Checksum Source Address/ Destination Address Options Data 8.3. IP Addressing 8.4. IP datagram Maximum Transmission Unit Fragmentation Encapsulation Formatting Reassembly Delivery Routing Multicasting Encapsulating Security Payload Modes in ESP Tunnel modes Transport mode 8.5. IPv IPv6 Header Version Priority Flowlabel Payload Length Next Header Hop limit Source Address Destination address 8.7. IPv6 Specification 8.8. Addressing 8.9. Packet Tunneling Multicast Hop by Hop option Module 04: Hardening Physical Security 1. Need for physical security 2. Security Statistics 3. Physical Security Breach Incidents Page 10

11 3.1. Who is Accountable for Physical Security? 4. Factors Affecting Physical Security 5. Physical Security Threats 5.1. Environmental threats Floods Fire Earthquakes 5.2. Man Made threats Terrorism Wars Bombs Dumpster Diving 5.3. Prevention & Detection of physical hazards 6. Premises Security 6.1. Office Security Reception Area Authenticating individuals Personal Access Control Smart Cards Proximity Cards Biometrics Process of Biometrics Accuracy of Biometrics Applications of Biometrics Fingerprint Verification Hand Geometry Voice Recognition Retina Scanning Iris Scanning Panasonic Authenticam Facial Recognition Biometric Signatures Further Biometrics technology Techniques for Compromising Biometrics Workplace security filtered power stand-alone systems and peripherals environmental controls (humidity and air conditioning) Page 11

12 protected distributed systems Personnel Security Practices and Procedures position sensitivity employee clearances access authorization/verification (need-to-know) systems maintenance personnel contractors Controlling system access: Desktop security Workstation security Laptop Theft: Security Statistics Laptop Theft Laptop Security Countermeasures Laptop Security Tools Laptop Tracker - XTool Computer Tracker Tools to Locate Stolen Laptops Securing Network Devices Server Security Securing Backup devices Physical Access to the Boot CD-ROM and Floppy Drives Other equipment, such as fax, and removable media 6.2. CCT (Close Circuit Televisions/Cameras) 6.3. Parking Area 7. EPS (Electronic Physical Security) 8. Challenges in Ensuring Physical Security 8.1. Countermeasures 8.2. Fencing 8.3. Security force 8.4. Watch Dogs 8.5. Locks and Keys 8.6. Physical Security: Lock Down USB Ports 8.7. Tool: DeviceLock 8.8. Blocking the Use of USB Storage Devices 8.9. Track Stick GPS Tracking Device USB Tokens TEMPEST shielding grounding attenuation banding filtered power Page 12

13 cabling Zone of control/zoning TEMPEST separation Fire Safety: Fire Suppression, Gaseous Emission Systems Fire Detection Failures of Supporting Utilities: Heating Ventilation, Air Condition Failures of Supporting Utilities: Power Management and Conditioning Uninterruptible Power Supplies 9. Mantrap 9.1. Mantrap: Diagrammatical Representation 9.2. Physical Security Checklist Module 05: Network Security 1. Overview of Network Security 2. The need for network security 3. The goals of network security 4. Security awareness 5. Functions of Network security administrator 5.1. Develop, Maintain and implement IT security 5.2. Maintain and implement firewalls 5.3. Monitor and secure network and servers 5.4. Monitor critical system files 5.5. Backup the files 5.6. Administrative Security Procedural Controls External marking of media Destruction of media Sanitization of media Construction, changing, issuing and deleting passwords Transportation of media Reporting of computer misuse or abuse Emergency destruction Media downgrade and declassification Copyright protection and licensing 5.7. Documentation, logs and journals Attribution Repudiation 6. Communication Security (COMSEC) Page 13

14 6.1. Functions of COMSEC custodian 6.2. identify and inventory COMSEC material 6.3. access, control and storage of COMSEC material 6.4. report COMSEC incidents 6.5. destruction procedures for COMSEC material 7. Functions of INFOSEC Officer 8. Functions of information resources management staff 9. program or functional managers 10. security office 11. senior management 12. system manager and system staff 13. telecommunications office and staff 14. Functions of audit office 15. Functions of OPSEC managers 16. Role of end users 17. Network Security at: Public vs private Dial-up vs dedicated Privileges (class, nodes) Traffic analysis End-to-end access control 18. Transmission Security Frequency hopping Masking Directional signals Burst transmission Optical systems Spread spectrum transmission Covert channel control (crosstalk) Dial back Line authentication Line-of-sight Low power Screening Protected wireline 19. Legal Elements Criminal prosecution Page 14

15 19.2. fraud, waste and abuse Evidence collection and preservation Investigative authorities 20. Countermeasures: cover and deception HUMINT Technical surveillance countermeasures 21. Reporting security violations Module 06: Security Standards Organizations 1. Internet Corporation for Assigned Names and Numbers (ICANN) 2. International Organization for Standardization (ISO) 3. Consultative Committee For Telephone and Telegraphy (CCITT) 4. International Telecommunication Union (ITU) 5. American National Standards Institute(ANSI) 6. Institute Of Electronics and Electrical Engineers(IEEE) 7. Electronic Industries Association 8. National Center for Standards and Certification Information (NIST) 9. World Wide Web Consortium (W3C) 10. Web Application Security Consortium (WASC) Module 07: Security Standards 1. Introduction to Internet Standards 2. Standards Creation Committee 3. Internet Standards 3.1. RFC Evolution 3.2. Types and Submissions 3.3. Obtaining RFCs 4. Cabling Standards 4.1. EIA/TIA UTP Categories 4.3. Cable Specifications 4.4. Electronic Industries Association 5. Specification Standards Module 08: Security Policy 1. Security Policy overview 2. Concept of Security Policy Page 15

16 3. Key Security Elements 4. Security Awareness Programs 4.1. Trainings 4.2. Meetings 4.3. Goals of security Policies 5. Vital role of a security policy 6. Classification of Security policy 6.1. User policies Password Management policy IT policies 6.2. General Policies 6.3. Partner Policies 6.4. Types of Security Policies: Issues Specific Policies 6.5. Policy design 7. Contents of Security Policy 8. Privacy and Confidentiality 9. Security levels 9.1. Separation of duties, dual controls, job rotation, least privilege 9.2. Security organization and policy development 10. Agency Specific AIS and Telecommunications Policies Points of contact References 11. Configuration of security policy 12. National Policy and Guidance AIS security Communications security Employee accountability for agency information 13. Implementation of security policy 14. Incident Handling and Escalation Procedures 15. Security operations and life cycle management Securing Assets Requirements definition (e.g.,architecture) Development Design review and systems test Demonstration and validation (testing) Implementation Security (e.g., certification and accreditation) Page 16

17 15.8. Operations and maintenance (e.g.,configuration management) 16. Defining Responses to Security Violations 17. Presenting and Reviewing the Process 18. Compliance with Law and Policy Intellectual Property Describing the Electronic Communications Privacy Act 19. Transborder encryption issues 20. Points To Remember While Writing Security Policy 21. Issue-specific Security Policy (ISSP) Security Policies Hacking 22. Creating and Managing ISSPs Module 09: IEEE standards 1. Introduction to IEEE standards 2. IEEE LAN Protocol Specification Overview And Architecture Briding And Management Logical Link Control(LLC) CSMA/CD(Ethernet) Token Passing Bus Token Passing Ring DQDB Access Method Broad Band LAN Security Wireless LAN(WLAN) Demand Priority Access Wireless Personal Area Networks (WPAN) Broad Band Wireless MAN (WMAN) Resilliant Packet Ring Work Group 3. Wireless Networking Standards 3.1. IEEE Standards X Architecture Standards (Wi-Fi Standard) a b Page 17

18 e g h i standards n Wi-MAX 3.8. IEEE p1451 Standard 3.9. ETSI Standards HIPERLAN HIPERMAN Module 10: Network Security Threats 1. Current Statistics 1.1. Defining Terms: Vulnerability, Threats, and Attacks 2. Types of Attackers 3. Classification of Hackers 4. Techniques 4.1. Spamming 4.2. Revealing hidden passwords 4.3. War Dialing 4.4. War Diving 4.5. War Chalking 4.6. War Flying 4.7. Wire Tapping 4.8. Scanning Port Scanning Network Scanning Vulnerability Scanning 4.9. Sniffing Active Sniffing Passive Sniffing Network Reconnaissance Social Engineering 5. Common Vulnerabilities and Exposures (CVE) 5.1. Threats Page 18

19 5.2. Trojan 5.3. Virus IRC bot 5.4. Worms 5.5. Logic Bombs 5.6. Eavesdropping 5.7. Phishing 6. Attacks 6.1. Smurfing 6.2. Man-in-the-Middle Attacks 6.3. Denial of service 6.4. DDoS 6.5. Buffer Overflow 6.6. Zero Day Attacks 6.7. Jamming 6.8. Password Attacks Brute Force Password Attacks 6.9. Spoofing Session Hijacking Web Page Defacement Recording Key Strokes Cracking Encrypted Passwords Revealing Hidden Password 7. Hiding Evidence of an Attack 8. Problems Detecting Network Attacks 9. Network Scanning Tools: 9.1. The Netstat Tool 9.2. Nmap 9.3. NetscanTool 9.4. Superscan 9.5. Hping Module 11: Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS) 1. Introduction to IDS 2. History of Intrusion Detection 3. Intrusion Detection Concepts 3.1. Architecture Page 19

20 3.2. Monitoring Strategies 3.3. Analysis type 3.4. Timing 3.5. Goal of detection 3.6. Control Issues 4. IDS for an Organization 4.1. Selecting an IDS 4.2. Deploying an IDS 4.3. Maintaining an IDS 5. Characteristics of IDS 5.1. Importance of IDS 6. Aggregate Analysis with IDS 7. Types of IDS 7.1. Network based IDS NIDS Architecture Traditional Sensor-Based Distributed Network Node Operational Concept Tip off Surveillance Forensic Workbench Network-Based Detection Unauthorized Access Data Resource Theft Denial of Service Password Download Malformed Packet Packet Flooding Tool: NetRanger Tool: Bro Tool: Arpwatch (in Linux) Tool: Psad (in Linux) Tool: ippl (in Linux) 7.2. Host Based IDS HIDS Architecture Centralized Host Based Distributed Real Time Host Based Page 20

21 Operational Concept Tip Off Surveillance Damage Assessment Compliance Host Based Detection Abuse of Privilege Attack Scenarios Critical data Access and Modification Changes in Security Configuration Tool: Host sentry Tool: KFSensor Tool: LIDS Tool: SNARE Tool: Tiger(in Linux) 7.3. Host Based IDS vs. Network Based IDS 7.4. The Hybrid IDS Framework Prelude IDS Components Interaction between Prelude components Relaying Reverse Relaying Tool: Libsafe 7.5. Distributed IDS Introduction and Advantages Components 7.6. Protocol Intrusion Detection System 7.7. Network Behavior Analysis (NBA) 7.8. Unified Thread Management 8. Deployment of IDS 9. Types of Signatures 9.1. Network signatures 9.2. Host based signatures 9.3. Compound Signatures 10. True/False-Positive/Negative 11. Major Methods of Operation Signature Based Detection Anomaly Based Detection Page 21

22 12. IDS Tool Snort BlackICE M-ICE Secure4Audit (auditguard) Emerald Nides SECUREHOST GFI EventsManager 13. Intrusion Prevention System Intrusion Prevention Strategies IPS Deployment Risks Flexible response with Snort Snort Inline Patch Controlling your Border 14. Information Flow in IDS and IPS Raw Packet Capture Filtering Packet Decoding Storage Fragment Reassembly Stream Reassembly Stateful Inspection of TCP Sessions Firewalling 15. IPS Tool Sentivist StoneGate IPS McAfee 16. IDS vs. IPS 17. Intrusion Detection Checklist Module 12: Firewalls 1. Firewalls: Introduction 2. Security features 2.1. Securing individual users 2.2. Perimeter security for networks 3. Multiple components of Firewall Page 22

23 4. Firewall Operations 5. Software Firewall 6. Hardware Firewall 7. Types of Firewalls 7.1. IP Packet Filtering Firewall 7.2. Circuit-Level Gateway 7.3. Application Level Firewalls 8. Pix Firewall 9. Basic features of PIX firewall 10. Advanced Features of PIX firewall 11. Firewall Features 12. Establishing Rules and Restrictions for your Firewall 13. Firewall Configuration Strategies 14. Scalability 15. Firewall Architecture Dual-Homed Host Architecture Screened Host Architecture Screened Subnet Architecture 16. Handling threats and security tasks 17. Protection against hacking 18. Centralization and Documentation 19. Multi-layer firewall protection 20. Firewall deployment strategies Screened Host Two router with one firewall Introduction to Demilitarized Zone(DMZ) DMZ screened subnet Multi firewall DMZ Two firewalls, One DMZ Two firewalls, Two DMZ Screening Router Dual homed host 21. Specialty firewalls and Reverse firewalls 22. Advantages of using Firewalls 23. Disadvantages of using Firewalls 24. Threats Firewalking Page 23

24 24.2. Banner Grabbing Placing Backdoors Through Firewalls 25. Limitations of Firewalls 26. Personal Firewall Software ZoneAlarm Pro Norton Personal Firewall McAfee Personal Firewall Windows Personal Firewall 27. Personal Firewall Hardware Linksys and Netgear 27.2.Cisco s PIX 28. Firewall Log Analysis Firewall Analyzer Firewall Logs Automatic Firewall Detection Firewall Log Import Firewall Log Archiving 29. Firewall Tools Firewall Builder Wflogs 30. Comparison of Various Firewall Products 31. T-REX Open Source Firewall 32. SQUID 33. WinGate 34. Symantec Enterprise Firewall 35. Firewall Testers Firewalk FTester Firewall Leak Tester Module 13: Packet Filtering and Proxy Servers 1. Application layer gateway 1.1. Network Address Translation 1.2. Packet Filtering Approaches Packet Sequencing and Prioritization Packet Fragmentation Page 24

25 Analyzing Packet Fragmentation Analyzing Packet Signatures Signature Analysis Signatures Normal Traffic Signatures Abnormal Traffic Signatures IP Header Configuring Types of Filtering Stateful Packet Filtering Stateless Packet Filtering Dynamic Packet Filtering Filtering rules Advantages/Disadvantages of filtering Flags used TCP Urgent Flag Ack Flag Push Flag Reset Flag Syn flag Fin Flag UDP Control Flag 2. Proxy servers 2.1. Role of Proxy Server Routed Environment Network Environment Blocking URLs and unblocking URLs 2.2. Proxy Control Transparent Proxies Non-transparent Proxies Socks Proxy 2.3. Authentication Process Types of Authentication 2.4. Firewall Firewalls Based on Proxy Page 25

26 Application Proxy firewall 2.5. Administration and management of Proxy servers 2.6. Security and access control 2.7. Reverse Proxies 2.8. How Proxy Servers Differ From Packet Filters Module 14: Bastion Host and Honeypots 1. Bastion Hosts 1.1. Principles 1.2. Need of Bastion host 1.3. Building a Bastion Host Selecting the Host Machine Memory Considerations Processor Speed Selecting the OS 1.4. Configuring Bastion Host 1.5. Locating Bastion Host Physical Location Network Location Configuring Bastion Host Making the Host Defend Itself 1.6. Securing the Machine Itself 1.7. Making the Host Defend Itself 1.8. Selecting Services to be Provided Special Considerations for UNIX System 1.9. Disabling Accounts Disabling Unnecessary Services Handling Backups Role of Bastion host Bastion Host security policy 2. Honeypot 2.1. History of Honeypot 2.2. Value of Honeypot 2.3. Types of Honeypots Production Research 2.4. Classifying Honeypots by Interaction Page 26

27 Low-Interaction Honeypots Medium-Interaction Honeypots High-Interaction Honeypots 2.5. Examples of Honeypots Backofficer Friendly Specter Honeyd Homemade Mantrap Honeynet 2.6. Use of Honeypot Preventing Attacks Detecting Attacks Responding to attacks 2.7. Homemade Honeypot Port Monitoring Honeypots Jailed Environment Mantrap 2.8. Advantages and Disadvantages of Honey pot 3. Honeynet Architecture of Honeynet Types of Honeynet Distributed Honeynet GEN I Honeynet Gen II Honeynet Virtual Honeynet Legal Issues related Module 15: Securing Modems 1. Introduction to Modems 2. Origin of Modems 3. Modem Features 4. Types of Modems 4.1. Hardware Modems Internal Direct Connect Modem Advantages and Disadvantages of Internal Direct Modem External Direct Connect Modem Page 27

28 Advantages and Disadvantages of External Direct Modem 4.2. Optical Modems 4.3. Short Haul Modems 4.4. Smart Modem 4.5. Controller Less Modem 4.6. Acoustic Modem Advantages and Disadvantages of acoustic modem 4.7. Null modems 5. Modem Security 5.1. Additional Security to modems Password modems Callback modems Encrypting modems Caller-ID and ANI schemes 5.2. Modem Security should be a priority for the telephony managers 5.3. SecureLogix provides Solutions for Modems Security 5.4. Make modem Security simple with robust Management Tool 6. Categorizing Modem Access 6.1. Dial out Access 6.2. Dial In Access 7. Modem Attacks 7.1. Spoofing Attacks 7.2. Call Forwarding Attacks 7.3. War Dialing 8. Modem Risks 8.1. War Dialers 8.2. Packet Sniffing 9. Modem Failure Symptoms 9.1. Modem Firmware Failure 9.2. Primary Modem Failure 9.3. Reasons for modem Connection Failure Modem Incompabilities Buggy Modem Firmware Bad Phone line Misconfigured Modems or communication software Temporary Modem Failures 9.4. Some Common Failures Page 28

29 Modem Not Responding Modem Damaged Modem Not Compatible 10. Troubleshooting Modems External Modems Internal Modems Module 16: Troubleshooting Network 1. Introduction to troubleshooting 2. A Troubleshooting Methodology 2.1. Troubleshooting Strategies Recognizing Symptoms Understanding The Problem System Monitoring Tools Network Monitor Performance Monitors Protocol Analyzer The Protocol Analysis Process Testing the Cause of the problem Solving Problem 2.2. Device Manager 2.3. Troubleshooting Network Communication Identifying Communication Problems Using Ping and Traceroute Exploring Network Communications Find Path Information Access point Interface Identify Communication Capabilities Load balancing Configuration Best Practices for windows 2000,windows Server General consideration Security ad Manageability High Availability Troubleshooting Network Load Balancing Problems and Solutions Page 29

30 How to isolate networking problems (Windows XP): Network Adapter Network adapter is unplugged 2.4. Network adapter has limited or no connectivity 2.5. Network adapter is connected, but you can't reach the Internet 2.6. Troubleshooting Connectivity Causes for connectivity Problem Troubleshooting Physical Problems Troubleshooting Link Status Physical Troubleshooting Tools Troubleshooting the Topology Troubleshooting the Fault Domain Tracing connectivity ipconfig 2.7. Performance Measurement Tool Host Monitoring Tool Point Monitoring tool Network Monitoring Tool 3. Troubleshooting Network devices 3.1. Windows PC Network Interface Card 3.2. Troubleshooting Cisco Aironet Bridge 3.3. Troubleshooting bridges using the Virtualization Engine 3.4. Troubleshooting BR350 (Bridge) 3.5. Diagnosing Repeater and Gateway Problems 3.6. Troubleshooting Hubs and Switches 3.7. Troubleshooting cable modem 3.8. Troubleshooting DSL or LAN Internet Connection 3.9. Troubleshooting a Universal Serial Bus Device Troubleshooting IEEE 1394 Bus Devices 4. Troubleshooting Network Slowdowns 4.1. NetBios Conflicts 4.2. IP Conflicts 4.3. Bad NICs 4.4. DNS Errors 4.5. Insufficient Bandwidth 4.6. Excessive Network Based Application 4.7. Daisy Chaining 4.8. Spyware Infestation Page 30

31 5. Troubleshooting Wireless devices 5.1. Checking the Led Indicators 5.2. Checking Basic setting 5.3. SSID 5.4. WEP Keys 5.5. Security Settings 6. Troubleshooting Methodology 7. TCP/IP Troubleshooting Utilities 7.1. Troubleshooting with IP Configuration Utilities 7.2. Troubleshooting with Ping 7.3. Troubleshooting with Tracert 7.4. Troubleshooting with Arp 7.5. Troubleshooting with Telnet 7.6. Troubleshooting with Nbstat 7.7. Troubleshooting with Netstat 7.8. Troubleshooting with FTP 7.9. Troubleshooting with Nslookup Troubleshooting NTP Troubleshooting Tools Hardware-Based Troubleshooting Tools Network Technician s Hand Tools The POST Card Memory Testers Electrical Safety Rules Wire Crimpers Punch Down Tools Circuit Testers Voltmeters Cable Testers 7.22.Crossover Cables Hardware Loopback Plugs LED Indicator Lights Tone Generators Module 17: Hardening Routers 1. Introduction to Routers 2. Routing Metrics Page 31

32 3. Multiple Routing 4. Types of Routers 5. Routing Algorithms 6. Internet work Operating Systems (IOS) 7. IOS: FEATURES 8. Routing Principles 8.1. The ARP Process 8.2. LAN to- LAN Routing Process 8.3. LAN to- WAN Routing Process 9. Modes Of Operation 9.1. User Mode 9.2. Enable Mode 9.3. Global Configuration MODE 10. IP Routing Configuring IP and IP routing Configuring RIP 11. IP Source Routing 12. Configuration of Routers External configuration sources Internal configuration sources Router Initiation Loading the configuration files Configuring from the TFTP Server The Setup Configuration Mode CLI configuration mode 13. Router Configuration Modes Global Configuration mode Interface Configuration mode Line Configuration Mode Privilege EXEC mode ROM Monitor mode User EXEC Mode 14. Finger Tool 15. Disabling the auxiliary and closing extra interfaces 16. BOOTp service 17. TCP and UDP small servers 18. Disabling Proxy ARP Page 32

33 19. Disabling SNMP 20. Disabling NTP 21. Hardening a Router Configuring a banner Passwords and secrets Encrypting passwords Creating end user accounts Setting session time-out periods 22. Cisco Discovery Protocol Configuring CDP Logging Concept Log Priority Configuring Logging Timestamping Cisco Logging Options Console Logging Buffered Logging Terminal Logging Syslog Logging SNMP Logging 23. Filtering Network Traffic 24. Access Control List Basics of ACL Creating Access Control List ACl Types Monitoring ACL Implementing ACL Securing Routers: ACL 25. Log System Error Messages 26. Securing Routers: Committed Access Rate 27. Securing Routers: Secure Shell Authentication methods 27.2.Configuring SSH Default Locations of Secure Shell Files Generating the Host Key Ciphers and MAC s Compression Page 33

34 Configuring Root Logins Restricting User Logins 28. Router Commands Configuring Router Interface setting Managing Router Configuration Reviewing IP Traffic and Configuring static Routers 29. Types of Routing Distance Vector Routing Link State Routing 30. Routing Protocols Routing Information Protocol (RIP) Interior Gateway Routing Protocol (IGRP) Enhanced Interior Gateway Routing Protocol (EIGRP) Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) 31. Routing Table Maintenance Protocol (RTMP) 32. Troubleshooting a router Troubleshooting tools Troubleshooting with network management tools Troubleshooting IP Connectivity in Routers 33. Components of router security 34. Router security: testing tools Module 18: Hardening Operating Systems 1. BIOS security 2. Windows Registry 2.1. Registry Editor 2.2. Rootkit Revealer 3. Configuring Windows Services Services 3.2. Regional settings 3.3. Virtual Servers 3.4. Share Point Portal Server 3.5. Antivirus Protection 3.6. Process 4. Resource Access 4.1. Managing Access control Page 34

35 4.2. Resource Access Privileges 4.3. Access Lists 4.4. Need-to-know controls 4.5. Malicious logic protection 4.6. Assurance 5. Discretionary Access Control List (DACL) 6. Objects And Permissions 7. Rights Vs Permissions 8. NTFS File System Permissions 9. Encryption File System 10. Windows Network Security Firewalls 11. Modes of Operation (Describes the security conditions under which the system actually functions) Dedicated security mode System-high security mode Compartmented security mode Multilevel security mode 12. AIS Hardware Software Firmware 13. Windows infrastructure features Active Directory Group Policy Share Security Dynamic DNS updates 14. Kerberos Authentication And Domain Security 15. Trust Relationships Between Domains 16. IP Security Problems With IP Security 17. Windows Security Tools Update System Antivirus Anti Spyware Anti Spam 18. Windows Windows Server 2003 Page 35

36 Windows 2003 Infrastructure Security Windows 2003 Authentication Windows 2003 Security Configuration Tools Windows 2003 Resource Security Windows 2003 Auditing and Logging Windows 2003 EFS Windows 2003 Network Security 19. Windows Certificate Authorities 20. Certificate Authority Requirements Implement Microsoft Certificate Authorities Implement a Microsoft Enterprise Root CA 21. Desktop Management Concept of least privilege Internal labeling Troubleshoot User Logons Troubleshoot User Configuration Troubleshoot System performance 22. File Management Troubleshooting Access to Files And Folders Troubleshooting Access to Shared Files And Folders 23. Linux User and File system Security Administration Security Data Security Network Security OS Security Measures Linux Update Agent Configuring Unix Services Guest Account User Account etc/password fields etc/shadow fields etc/gshadow etc/group File System and Navigation File And Directory Permissions Default Directories Page 36

37 Network Interface configuration Security Scripting 24. Pluggable Authentication Module Configuring PAM Pam Configuration Files PAM Framework Security With PAM 25. Network Information Services 26. Group Management Utilities 27. Permission Management Tools 28. System Logger Utility 29. Unix Security UNIX Security Checklist v Macintosh Security 31. Vista security Upgrading from XP to Windows Vista Installing Windows Vista Securing Windows Vista Module 19: Patch Management 1. Introduction 2. The Patch Concept 3. Patch testing 4. Patch Monitoring and Management 4.1. Create a Change Process 4.2. Monitor the Patch Process 5. Consolidating Patches on Red hat Network 5.1. Configuring the Proxy Server 5.2. Configuring the Proxy Client 6. Red Hat Up2date Patch Management Utility Installation Steps 7. Red Hat Up2date Patch Management: Command Line Interface 7.1. Security Patch Compliance 7.2. Distribution 7.3. Discovery and zero-touch inventory 7.4. Client Adoption 7.5. Troubleshoot Security Patch Management 8. Reporting Page 37

38 9. Patch Management Process 9.1. Identification 9.2. Assessment Phase Inventory Base Lining 9.3. Obtainment 9.4. Testing 9.5. Deploy Phase Deployment Preparation Deployment of the Patch 9.6. Confirmation 10. Windows Update Services Microsoft Software Update Services (SUS) Windows Server Update Services (WSUS) WSUS VS SMS Role of SMS in Patch Management Process 11. Microsoft Patch Management Tool: Microsoft Baseline Security Analyzer MBSA: Scanning Updates in GUI Mode MBSA: Scanning Updates in Command-line version 12. Patch Management Tool Selecting a Tool Learning Curve Platform Support System targeting Ease of Use Connection Sensitivity Deployment Schedule Cost Microsoft Baseline Security Analyzer Qchain BES Patch Management Shavlik HFNetChkPro PatchLink Update SecureCentral PatchQuest Module 20: Log Analysis 1. Introduction to Log Analysis Page 38

39 2. Overview of log analysis 3. Audit Events 4. Log Files 4.1. Apache Logs 4.2. IIS Logs IIS Logger 5. Limitations of log files 6. Monitoring for Intrusion and Security Event 6.1. Importance of Time Synchronization 6.2. Passive Detection Methods EventCombMT Event Collection 6.3. Scripting 7. Log Analysis Tools 7.1. UserLock 7.2. WSTOOl 7.3. Auditing tools ASDIC Tenshi SpoofMAC Gentle MAC PRO Log Manager 7.4. Generic Log Parsing Tools LogSentry SL Flog Simple Log Clustering Tool(SLCT) xlogmaster GeekTool (mac O.S) Dumpel.exe (Windows O.S) Watchlog LogDog 7.5. Log File Rotation Tools LogController Newsyslog Spinlogs System Log Rotation Service(SLRS) Page 39

40 Bzip2 8. How to Secure Logs(Log Security) 8.1. Limit Access To Log Files 8.2. Avoid Recording Unneeded Sensitive data 8.3. Protect Archived Log Files 8.4. Secure The Processes That Generate the Log Entries 8.5. Configure each log source to behave appropriately when logging errors occur 8.6. Implement secure mechanisms for transporting log data from the system to the centralized log management servers 9. Inc setting up of Servers: IIS & Apache Module 21: Application Security 1. Importance of Application Security 2. Why Is Web Security So Difficult? 3. Application Threats and Counter Measures 4. Application dependent guidance 5. Web Applications 5.1. Managing Users 5.2. Managing Sessions Cookies What is in a Cookie Working of a Cookie Persistent Vs Non-Persistent Secure Vs Non-Secure Session Tokens Session Tokens Authentication Tokens 5.3. Encrypting Private Data 5.4. Event Logging What to Log Log Management 6. System Life Cycle Management 6.1. acquisition 6.2. design review and systems test performance (ensure required safeguards are operationally adequate) 6.3. determination of security specifications 6.4. evaluation of sensitivity of the application based upon risk analysis Page 40

41 6.5. management control process (ensure that appropriate administrative, physical,and technical safeguards are incorporated into all new applications and into significant modifications to existing applications) 6.6. systems certification and accreditation process 7. Telecommunications Systems 7.1. Hardware 7.2. Software 7.3. Vulnerability and threat that exist in a telecommunications system 7.4. Countermeasures to threats 8. Securing voice communications 9. Securing data communications 10. Securing of keying material 11. Transmission security countermeasures (e.g., callsigns, frequency, and pattern forewarning protection) 12. Embedded Application Security (EMBASSY) TCP/IP security Technology IPSec And SSL Security IPSec And SSL Security In Embedded Systems Network Security For Embedded Applications Embedded Network Security Hardware Instructions 13. Secure Coding Common Errors Buffer Overflow Format String Vulnerabilities Authentication Authorization Cryptography Best Practices For Secure Coding Distrust User Input Input Validation Magic Switches Malicious Code Detection Programming standards and controls Change controls internal labeling 14. Threat modeling Module 22: Web Security Page 41

42 1. Overview of Web Security 2. Common Threats on Web 2.1. Identity theft 2.2. Spam Mail 2.3. Distributed Denial of Service(DDoS) 2.4. Reflection Dos Attack 2.5. Bots 2.6. Cross Site Request Forgery 2.7. Session Hijacking 2.8. Smurf attack 2.9. FTP bounce RSS/Atomic Injection DNS Attack Content Spoofing Logical Attacks Buffer Overflow IP and Routing Protocol Spoofing 3. Identifying Unauthorized Devices 4. Restrictive Access 5. Network Addresses 5.1. Altering the Network Addresses 6. Tracking the Connectivity: Tracert/Traceroute 7. Testing the Traffic Filtering Devices 8. IIS Server 8.1. Installing the IIS server 8.2. Administering the IIS server 9. Client Authorization 9.1. Certificate Authorities 10. Client-Side Data 11. Server-side data 12. Client Authentication User s Approach Authentication Techniques 13. Input Data Validation 14. Browsing Analysis 15. Browser Security Mozilla Browser Page 42

43 15.2. Internet Explorer Security Setting of Internet Explorer Configuring Security Zone Setting up the Internet Zone Setting up the Intranet Zone Setting up Trusted and Restricted Sites Zone Working with domain Name suffixes Selecting Custom level Settings Miscellaneous Options User Authentication Browser hijacking Preventing Restoring Tools: Stringer Download Cwshredder Microsoft Anti Spyware software Browser Analysis Browser Behavior Analysis Benefits of Behavior Analysis Browser Security Settings Dynamic Code Securing Application Code 16. Plug-ins Netscape/IE Plug-Ins Image IPIX VRML Audio Multimedia Shockwave Real Player Shockwave Flash Quick Time Util Net Zip Plug-in Asgard Plug-in Wizard Page 43

44 Neptune Others Java Plug-in Mozilla Firefox Plug-ins Acrobat Reader Adobe Flash Player Java Quick Time RealPlayer Shockwave Windows Media player The Validate HTML Plug-ins Accessibility Analyzer Validate Sites HTML Wayback Versions Validate P3P View In BugMe Not Webpage Speed Report Validate Links (W3C) Open Text Validate RSS Validate CSS Validate HTML 17. Common Gateway Interface(CGI) CGI Script CGI Mechanism Web Servers Mechanisms and Variables Third part CGI Scripts Server Side Includes CGI operation Responding To the Client Using the Client to call a CGI application Module 23: Security 1. Overview of Page 44

45 2. History of 3. Basics of 4. Types of 5. Web Based Versus POP3 6. Components of an Headers Examining an header Reading headers 6.2. Opening Attachments 6.3. Reading s for different clients 6.4. Field names and values 6.5. Address list 6.6. Recipients and Senders 6.7. Response targets and threading 7. Servers 8. Encryption 8.1. Centurion mail 8.2. Kerberos 8.3. Hush Mail 8.4. Pretty good privacy 8.5. Secure Hive 9. Installing WorkgroupMail 10. Configuring Outlook Express 11. Secure Authentication Mail Transfer Authenticating Sender 13. protocols Multipurpose Internet Mail Extensions(MIME) /Secure MIME Pragmatic General Protocol(PGP) Simple Mail Transfer Protocol(SMTP) Post Office Protocol(POP) and its POP SMTP: Vulnerabilities Internet Message Access Protocol(IMAP) 14. Client and server architecture 15. Security Risks Spoofed Addresses Page 45

46 15.2. Spam Hoaxes Phishing Snarfing Malware spoofing viruses Gateway virus scanners Outlook Viruses Attachment Security Spamming Protecting against spam Spam filters Bombing, Chain letters 16. How to defend against security risks Quarantining Suspicious Vulnerability check on System 17. Tools for Security ClipSecure CryptoAnywhere BCArchive CryptainerLE GfiMailEssentials SpamAware 18. Tracking s readnotify Module 24: Authentication: Encryption, Cryptography and Digital Signatures 1. Authentication 1.1. Authentication Tokens 1.2. RSA SecurID 1.3. Smart Cards 2. VeriSign Authentication 3. Encryption 3.1. Encryption Systems 3.2. Firewalls Implementing Encryption 3.3. Lack of Encryption Page 46