Network Defense Specialist. Course Title: Network Defense Specialist: Securing and Troubleshooting Network Operating Systems

Transcription

1 Course Title: Network Defense Specialist: Securing and Troubleshooting Network Operating Systems Page 1 of 12

2 Course Description The Network Defense Series from EC-Council Press is comprised of 5 books designed to educate learners from a vendor-neutral standpoint on how to defend the networks they manage. This series covers the fundamental skills in evaluating the internal and external threats to network security and design, how to enforce the network level security policies, and how to ultimately protect an organization's information. The books in the series cover a broad range of topics from secure network fundamentals, protocols & analysis, standards and policy, hardening infrastructure, configuring IPS, IDS, firewalls, bastion host and honeypots. Learners completing this series will have a full understanding of defensive measures taken to secure their organization's information and along with the proper experience these books will prepare readers for the EC-Council Network Security Administrator (E NSA) certification. Un-patched software on network operating systems and hardware can be a common point of attack for an intruder. Vulnerability analysis will often identify the outdated software and exploitation. This book, the fourth in the series, prepares the practitioner to create and administer the effective policies and best practices in patch management, OS configuration, and analysis to identify the potential network security weaknesses. Certification Info Network Defense Specialist: Securing and Troubleshooting Network Operating Systems Who Should Attend This course will significantly benefit System Administrators, System Engineers, Firewall Administrators, Network Managers, IT Managers, IT Professionals and anyone who is interested in network security technologies. Course Duration 2 days (9:00 5:00) CPE/ECE Qualification 16 ECE Credits awarded for attendance (1 for each classroom hour) Suggested Retail: $799 USD Page 2 of 12

3 Required Courseware: Visit and click on Training Workshops for ordering details. What s included? Physical Courseware 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate Course + Supplement Cost: See the Training Workshops section at for current pricing information. Related Certificates: Network Defense Specialist: Fundamentals & Protocols Network Defense Specialist: Security Policy & Threats Network Defense Specialist: Perimeter Defense Mechanisms Network Defense Specialist: Security & Vulnerability Assessment Page 3 of 12

4 Course Briefing 1. Securing Modems Chapter Brief: A modem is a device that allows two computers to communicate via a standard phone line. It converts digital data into analog signals and convert the analog signals back into digital data and vice-versa. This chapter describes the features, types, and security of modems. It explains the attacks against the modem such as Spoofing, Call Forwarding, War Dialing, and Packet Sniffing. The chapter lists the reasons for modem connection failure. This chapter also describes how to troubleshoot when the modem is not responding, modem damaged, and system crashes. 2. Hardening Routers Chapter Brief: Router is a network device functioning at layer 3; the network layer of the OSI model. It receives packets from a linked network and transmits them to the next connected network. This chapter describes the Types of Routes, Routing Algorithms, Internet Work Operating Systems (IOSs), routing metrics, principles and operation modes. It discusses the router configuration, external and internal configuration sources. It explains about loading the configuration files and explains the steps to configure a router from TFTP Server. This chapter also describes the router configuration modes, Bootstrap Service (BOOTP Service). It explains the concepts such as hardening a router, Cisco Discovery Protocol, logging and Access Control List (ACL). 3. Hardening Operating Systems Chapter Brief: This chapter describes the BIOS Security, Windows Registry, configuring windows services, managing the resources, Need-to-Know Controls, malicious logic protection, Discretionary Access Control List (DACL), NTFS file system permissions and modes of operation. This chapter also describes the Automated Information System (AIS), Windows Infrastructure features, Kerberos Authentication and Domain Security, IPSecurity, Windows 2003 authentication, and lists the Windows 2003 security configuration tools. 4. Patch Management Chapter Brief: Patch management is the process of controlling the deployment and maintenance of interim software releases into the production environments. It helps you to maintain the operational efficiency and effectiveness, overcome security vulnerabilities, and maintain the stability of your production environment. This chapter will familiarize you with updating and applying patches to your devices and network equipment. This chapter describes the Change Management rules, types of patches defined by Microsoft, the patch testing process, patch monitoring and management. This chapter also describes installation steps of Red Hat Up2date Patch Management Utility, process of patch management, and explains the various methods of Microsoft Patch Management process such as Identification, Assessment and Testing. This chapter also discusses the Microsoft Software Update Services and Windows Server Update Services (WSUS). Page 4 of 12

5 5. Log Analysis Chapter Brief: Log analysis is the process of detecting attacks on a specific system, network, or applications. Log analysis uses logs of firewall, web server, system, IDS events, or Windows event. It allows users to notify the actual changes to the database. This chapter discusses the log analysis, audit events, and log types, log files, Access_log, Agent_log, Error_log, refer_log, and TCPDump Logs. This chapter also describes the concept of Web Server log analysis, Syslog statistics and analysis, monitoring and security events, and lists the log analysis and parsing tools. 6. Application Security Chapter Brief: Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the application. This chapter discusses the threats to applications and the importance of application security, application dependant guidance. It discusses about cookies, session tokens, authentication tokens, System Life Cycle Management, and Telecommunications system. It explains security related to embedded applications, IPSec, and SSL. It explains the best practices for secure coding. This chapter also discusses the steps to Threat Modeling approach and provides a list of secure coding tools. Page 5 of 12

6 Course Outline Chapter 1: Securing Modems Introduction to Securing Modems Introduction to Modems o Types of Modems o Modem Security Modem Security : Password Modems Modem Security : Callback Modems Modem Security : Encrypting Modems Modem Security : Caller-ID and ANI Schemes Modem Security Should be a Priority for Telephony Managers SecureLogix Provides Solutions for Modem Security Make Modem Security Simple With Robust Management Tool Modem Attacks and Risks Modem Failure Symptoms: Modem Firmware Failure Reasons for Modem Connection Failure Modem Not Responding Modem Damaged System Crashes Troubleshooting Modems Chapter 2: Hardening Routers Introduction to Hardening Routers Introduction to Routers o Router Basics Internet Work Operating Systems (IOS) Cisco Internetwork Operating System (IOS) Routing Principles Configuring Routers o Configuring Routers: IP Source Routing External Configuration Sources Internal Configuration Sources Router Initiation Loading the Configuration Files Steps to Configure a Router From TFTP Server Setup Configuration Mode Page 6 of 12

7 CLI Configuration Mode Finger Tool Disabling the Auxiliary Services and Closing Extra Interfaces Bootstrap Service (BOOTP Service) TCP and UDP Small Servers Disabling Proxy ARP Disabling Simple Network Management Protocol (SNMP) Disabling Network Time Protocol (NTP) Hardening Routers Display Notifications on Banners Passwords and Secrets Console Password Setup Setting a Virtual Terminal Password Auxiliary Passwords Creating End User Accounts Setting Session Timeout Periods Cisco Discovery Protocol Configuring CDP Router# show cdp Logging Concept Timestamping Cisco Logging Options Console Logging How to Change the Console Logging Level o Disabling Console Logging o Buffered Logging o Terminal Logging Filtering Network Traffic Access Control Lists (ACLs) o Creating a Standard ACL: Step 1 o Creating a Standard ACL: Step 2 o Creating a Standard ACL: Step 3 o Creating a Standard ACL: Step 4 o Creating a Standard ACL: Step 5 Logging System Error Messages Enabling System Error Message Logging Committed Access Rate (CAR) Page 7 of 12

8 Secure Shell (SSH) Routing Protocols: Routing Information Protocol Routing Protocols: Interior Gateway Routing Protocol Routing Protocols: Enhanced Interior Gateway Routing Protocol (EIGRP) Troubleshooting Routers Troubleshooting Tools Troubleshooting with Network Management Tools Troubleshooting IP Connectivity in Routers Troubleshooting PPP and Frame Relay Troubleshooting X.25 Troubleshooting ISDN Components of Router Security Router Security: Testing Tools Chapter 3: Hardening Operating Systems Introduction to Hardening Operating Systems Configuring Windows Managing Resources o Managing Resources: Malicious Logic Protection o Managing Resources: Assurance o Managing Resources: Discretionary Access Control List (DACL) o Managing Resources: Objects and Permissions o Managing Resources: Rights vs. Permission o Managing Resources: NTFS File System Permissions o Managing Resources: Encryption File System (EFS) o Managing Resources: Modes of Operation o Managing Resources: Automated Information System (AIS) o Managing Resources: Windows Infrastructure Features Kerberos Authentication and Domain Security o Kerberos Authentication and Domain Security: Trust Relationships between Domains IPsec Windows 2003 Authentication o Windows 2003 Security Configuration Tools o Windows 2003 Resource Security o Windows 2003 Auditing and Logging o Windows 2003 EFS o Windows 2003 EFS (cont d) Page 8 of 12

9 User and File System Security Administration Security: Data Security & Network Security Windows Certification Authorities Securing Linux User Management o Account Security o Securing Linux (ACLs): File System and Navigation o Securing Linux (ACLs): File and Directory Permissions o Securing Linux (ACLs): File and Directory Permissions (cont d) o Securing Linux (ACLs): Pluggable Authentication Module (PAM) o Securing Linux (ACLs): Configuring PAM o Securing Linux (ACLs): PAM Configuration Files o Securing Linux (ACLs): PAM Framework o Securing Linux (ACLs): Security with PAM o Securing Linux (ACLs): Network Information Services (NIS) Group Management Utilities Upgrading to Windows Vista UNIX Security Checklist Macintosh Security Using Kerberos Authentication Rendezvous Security Restricting User Capabilities Command Line Administration Tools Chapter 4: Patch Management Introduction to Patch Management Patching Patch Tuesday Patch Testing Database Patch Management Process Update Management Microsoft Update Management Offerings Patch Management and Monitoring Identifying and Installing Patches on Red Hat Networks Microsoft Patch Management Process o Microsoft Patch Management Process: Identification o Microsoft Patch Management Process: Assessment Page 9 of 12

10 o Microsoft Patch Management Process: Obtainment o Microsoft Patch Management Process: Testing o Microsoft Patch Management Process: Deployment o Microsoft Patch Management Process: Confirmation Windows Patch Management: SUS, WSUS, SMS, and SCCM Implementing Windows Update Services Microsoft Software Update Services (SUS) Features: SUS Client-side, Server-side Components WSUS vs. SMS 2003 Automating Microsoft Windows Patch Management with WSUS Role of SMS in Patch Management Process Microsoft System Center Configuration Manager 2007 (SCCM) Update Levels in Windows Security TechCenter Microsoft Security Identifying Missing Patches on Windows Desktop Systems Working With Patch Management Tools o Working with Patch Management Tools: Selecting a Tool o Working with Patch Management Tools Microsoft Baseline Security Analyzer (MBSA) o Working with Patch Management Tools: MBSA: Scanning Updates in GUI Mode o Working with Patch Management Tools MBSA: Scanning Updates in Command-line Version o Working with Patch Management Tools: Qchain o Working with Patch Management Tools: BigFix Enterprise Suite (BFS) o Working with Patch Management Tools Shavlik NetChk Protect o Working with Patch Management Tools: PatchLink Update o Working with Patch Management Tools: ManageEngine Security Manager Plus o Working with Patch Management Tools: Altiris Patch Management Solution o Working with Patch Management Tools: GFI LANguard Chapter 5: Log Analysis Introduction to Log Analysis o Audit Event o Audit Policy o Log Characteristics o Overview of Logging Overview of Logging: NTsyslog Page 10 of 12

11 Overview of Logging: Application Logging Overview of Logging: Firewall Logging Reviewing Firewall Logs with the grep Command Overview of Logging: Linux Process Tracking Overview of Logging: Windows Logging Overview of Logging: Organizing Firewall Logs Web Server Logs o Web Server Logs: Apache Logs o Web Server Logs: IIS Logs o Web Server Logs: IIS Logger Limitations of Log File Analysis Syslog Monitoring and Security Events Importance of Time Synchronization Passive Detection Methods EventCombMT Scripting Log Analysis and Auditing Tools Userlock WSTOOL ASDIC Tenshi Log Parsing Tools Log File Rotation Tools Newsyslog System Log Rotation Service (SLRS) Securing Logs Chapter 6: Application Security Introduction to Application Security Difficulties in Web Security Application Threats and Countermeasures Application Dependant Guidance Securing Web Applications o Securing Web Applications: Managing users o Securing Web Applications: Cookies Working of Cookies Page 11 of 12

12 Persistent vs. Non-Persistent Cookie o Session Tokens o Authentication Tokens o Encrypting Private Data Embedded Application Security IPsec and SSL Security IPsec and SSL in Embedded Systems Network Security Solution for Embedded Applications Embedded Network Security Hardware Instructions Embedded Network Security Hardware Instructions Writing Secure Coding Practice Writing Secure Coding Practice Secure Coding Common Errors Common Error: Buffer Overflow Common Error: Format String Vulnerabilities Common Error: Authentication Common Error: Authorization Common Error: Cryptography Best Practices for Secure Coding Remote Administration Security Implementation Threat Modeling for Web Applications o Threat Modeling for Web Applications: Step1:Identify Security Objective o Threat Modeling for Web Applications: Step 2: Create an Application Overview o Threat Modeling for Web Applications: Step 3: Decompose Your Application o Threat Modeling for Web Applications: Step 4: Identify Threats o Threat Modeling for Web Applications: Step 5: Identify Vulnerabilities Page 12 of 12