FSP-201: Ethical Hacking & IT Security

Transcription

1 FSP-201: Ethical Hacking & IT Security Session

2 OVERVIEW ABOUT SIFS INDIA COURSE INTRODUCTION ENTRY REQUIREMENTS HOW TO APPLY FEE STRUCTURE COURSE MODULES CAREER PROSPECTS LIBRARY TRAINING & INTERNSHIP CONTACT US

3 ABOUT SIFS INDIA SIFS INDIA was founded from 2005 with an aim to impart high quality and easily accessible Forensic Services and Education to meet the growing demand of Law enforcement and other Government and private legal Departments. We aim to encourage new developments and research in the field of Forensic Sciences including Cyber Law, Cyber Forensic, Fingerprint Verification and Handwriting Analysis. SIFS INDIA is registered with Govt. of India, We provide various science services including- Forensic Education-Department of Education provides various Forensic Science Courses in the fields of Forensic Science and Criminal Investigation. These courses provide you advantages for the development of your career in the fields of Private Forensic Investigation, Banks, Police Departments, Detective agency, IT industries, IB, CBI and many more.. We impart services to the several Govt. and Corporate agency to help them in field of forensics under our other departments such as- Forensic Investigation Forensic Training Forensic Internship Forensic Research Security Services Scientific Equipment Department COURSE INTRODUCTION Ethical hacking Ethical hackers are normally white hat guys who normally penetrates and secure IT system. Introduction to Computer Crime and Ethical Hacking: In this module we will have introduction to computers and cyber crime, printing counterfeit currency and documents. In addition software piracy and data recovery. Networking for Ethical Hacking: In this module we will discuss about networked computer crimes and unauthorized access and interception. We will Basics of computer viruses and programs, manipulating computer security and Internet. Image Identification: This module is about image processing, tapes, and video image processing and encryption methods. Database Searching: We will discuss basics of bioinformatics and in detail about database searching. Searching for sequence homology and alignment, basics of UNIX database programming and computing concepts. FSP-201: Ethical Hacking & IT Security 01

4 LEVEL - I 10th Passed from Recognized Board/School and basic knowledge of Science related field. ENTRY REQUIREMENTS LEVEL - II 12th Passed in any discipline from Recognized Board/School/basic knowledge of Science related field. LEVEL - III Graduation Passed from Registered Board/College and basic knowledge of Science related field. HOW TO APPLY 1. First select the course. Then Check the fees and fill up the complete online application form or download the application form. 2. Make sure to sign the application form. Include your complete mailing address and all other details. Please provide telephone number and/or address and also attach a selfattested photograph of the candidate. 3. Things to be send with application form: Attach photocopies of the Academic qualification certificates duly attested by a notary or a Gazetted Officer (Mandatory); Send three additional passport size photographs along with the application form. Payment: Include the total fee as per the course selected as per your choice. Amount can be deposited in the bank or send a cheque or demand draft (DD) or money order (MO) or banker's cheque in favor of "SIFS INDIA" payable in Delhi. Visit: Post/ the above required items to- SIFS INDIA, 2443, Basement, Hudson Line, Kingsway Camp, Delhi , India. What You Will Receive: Admission Letter, Online User name and Password to excess the course content, Printed Material (Books / Notes/ CD/DVD/Software's/Tools/Kit) (For Distance Courses Only), Identity Card and Examination Card, Course Completion Certificate, Mark Sheet and Certification. Fee for Online Course FEE STRUCTURE Fee for Distance Course LEVEL-I ` 8,000/- LEVEL-II ` 12,000/- LEVEL-III ` 15,000/- LEVEL-I ` 9,000/- LEVEL-II ` 13,000/- LEVEL-III ` 16,000/- 02 FSP-201: Ethical Hacking & IT Security

5 COURSE MODULES MODULE-1 MODULE-2 MODULE-3 MODULE-4 MODULE-5 MODULE-6 MODULE-7 MODULE-8 MODULE-9 MODULE-10 MODULE-11 MODULE-12 MODULE-13 MODULE-14 MODULE-15 MODULE-16 MODULE-17 MODULE-18 MODULE-19 MODULE-20 INTRODUCTION TO ETHICAL HACKING FOOTPRINTING AND RECONNAISSANCE SCANNING NETWORK ENUMERATION SYSTEM HACKING TROJANS AND BACKDOORS VIRUSES AND WORMS SNIFFING SESSION HIJACKING SOCIAL ENGINEERING DENIAL OF SERVICE (DOS) HACKING WEBSERVER SQL INJECTION HACKING WIRELESS NETWORKS EVADING IDS, FIREWALLS AND HONEYPOT BUFFER OVERFLOW CRYPTOGRAPHY PENETRATION TESTING MOBILE HACKING STENOGRAPHY

6 MODULE-1 INTRODUCTION TO ETHICAL HACKING 1.1 What is Hacking? 1.2 Understanding Security 1.3 Understanding Ethical Hacking 1.4 History of Hacking 1.5 Famous Hackers 1.6 Phases of Hacking 1.7 Ethical Hacking Industry Practices 1.8 Difference between Ethical Hacker and Malicious Hacker 1.9 Types of Hackers MODULE-2 FOOTPRINTING AND RECONNAISSANCE 2.1 Footprinting Concepts Footprinting Terminology What is Footprinting? Why Footprinting? Objectives of Footprinting 2.2 Footprint Methodology Footprint through Search Engines Finding Company's External and Internal URLs Collect Location Information People Search People Search Online Services People Search on Social Networking Services 2.3 Footprinting through Job Sites Website Footprinting Website Mirroring Tools Extract Website Information 2.4 Footprinting Tracking Communications Collecting Information from Header Tracking Tools 04 FSP-201: Ethical Hacking & IT Security

7 2.5 Footprinting using Google Footprinting using Google Hacking Techniques What a Hacker can do with Google Hacking? Google Advance Search Operators Finding Resources Using Google Advance Operator Google Hacking Tool: Google Hacking Database (GHDB) 2.6 WHO IS Footprinting WHO IS Lookup WHO IS Lookup Result Analysis 2.7 DNS Footprinting Extracting DNS Information DNS Interrogation Tools 2.8 Footprinting through Social Engineering Footprinting through Social Engineering Collect Information Using Shoulder Surfing and Dumpster Diving 2.9 Footprinting Tools Maltego DNSEnum Dmitr Additional Footprinting Tools MODULE-3 SCANNING NETWORK 3.1 Introduction to Scanning 3.2 Introduction of Ports and Protocols 3.3 Types of Scanning Port Scanning Network Scanning Vulnerability Scanning 3.4 Objective of Scanning Detect Live Systems on Network Discover Open Ports on System OS Detection FSP-201: Ethical Hacking & IT Security 05

8 3.4.4 Service Detection and Version Detection Obtaining IP from Host Obtaining Host from IP Discover IP Addresses in Network 3.5 Overview of TCP 3.6 Scanning Tools Nmap Host NBT scan Fping Alive Netcat Vega Nessus MODULE-4 ENUMERATION 4.1 Enumeration Concepts 4.2 What is Enumeration? 4.3 Techniques for Enumeration 4.4 Services and Ports to Enumerate MODULE-5 SYSTEM HACKING 5.1 Information at Hand before System Hacking Stage 5.2 System Hacking Cracking Password Window Hacking by Ophcrack Window Hacking by Hiren Boot Window Hacking by Cmd Linux Hacking MODULE-6 TROJANS AND BACKDOORS 6.1 Trojan Concepts What is a Trojan? 06 FSP-201: Ethical Hacking & IT Security

9 6.1.2 Purpose of Trojans What Do Trojan Creators Look For Indications of a Trojan Attack Common Ports used by Trojans 6.2 Trojan Infection How to Infect Systems Using a Trojan Different Ways a Trojan can Get into a System How to Deploy a Trojan 6.3 Trojan Tools Prorat Cybergate 6.4 Trojan Detection MODULE-7 VIRUSES AND WORMS 7.1 What is Virus? 7.2 What are Worms? 7.3 Difference between Viruses and Worms 7.4 What are Key loggers? 7.5 How to infect system with Key loggers 7.6 Counter-measures Virus Detection Methods Virus and Worms Countermeasures Anti-virus Tools MODULE-8 SNIFFING 8.1 Overview of Sniffing 8.2 Types of Sniffing Active and Passive 8.3 What is ARP Poisoning? 8.4 What is MITM? 8.5 Sniffing Tools FSP-201: Ethical Hacking & IT Security 07

10 8.5.1 Ettercap Cain and Able Wireshark 8.6 HTTP Sniffing 8.7 SSL Stripping MODULE-9 SESSION HIJACKING 9.1 What is Session Hijacking? 9.2 Difference between Spoofing and Hijacking 9.3 Steps of Session Hijacking 9.4 Types of Session Hijacking 9.5 Brief introduction of TCP three way handshake 9.6 Client-Server Model Two-tier Three-tier 9.7 How to prevent Session Hijacking? MODULE-10 SOCIAL ENGINEERING 10.1 Social Engineering Concepts What is Social Engineering? Behaviors Vulnerable to Attacks Factors that Make Companies Vulnerable to Attacks Why Is Social Engineering Effective? 10.2 Social Engineering Techniques 10.3 Types of Social Engineering Human Based System Based Mobile Based 10.4 How to Detect Phishing s 10.5 Phishing with Se Toolkit 10.6 Phishing on Web server 08 FSP-201: Ethical Hacking & IT Security

11 MODULE-11 DENIAL OF SERVICE (DOS) 11.1 DoS/DDoS Concepts What is a Denial of Service Attack? What Are Distributed Denial of Service Attacks? How Distributed Denial of Service Attacks Work Symptoms of a DoS Attack Cyber Criminals 11.2 DDoS Case Study DDoS Attack DDoS Attack Tools: LOIC Anonymous MODULE-12 HACKING WEBSERVER 12.1 What is Webserver? 12.2 What is Database? 12.3 Hacking Webserver with Metasploit MODULE-13 SQL INJECTION 13.1 What is SQL Injection? SQL Injection Attacks How Web Applications Work? 13.2 Vulnerability Testing for SQL Injection 13.3 SQL Injection Cheat Sheet 13.4 SQL Injection Tools SQL MAP Havij 13.5 SQL Injection counter measures MODULE-14 HACKING WIRELESS NETWORKS 14.1 Wireless Concepts Wireless Networks FSP-201: Ethical Hacking & IT Security 09

12 Wireless Standards Service Set Identifier (SSID) Wi-Fi Authentication Modes Wi-Fi Authentication Process Using a Centralized Authentication Server 14.2 Wireless Encryption Types of Wireless Encryption WEP Encryption How WEP Works? What is WPA? How WPA Works? MODULE-15 EVADING IDS, FIREWALLS AND HONEYPOT 15.1 IDS, Firewall and Honeypot Concepts Intrusion Detection System (IDS) and their Placement How IDS Works? Ways to Detect an Intrusion 15.2 Firewall Firewall Architecture Demilitarized Zone (DMZ) Types of Firewall Packet Filtering Firewall Circuit-Level Gateway Firewall 15.3 Honeypot Types of Honeypots How to Set Up a Honeypot? MODULE-16 BUFFER OVERFLOW 16.1 Buffer Overflow Concepts 16.2 Buffer Overflows 16.3 Why Are Programs and Applications Vulnerable to Buffer Overflows? 16.4 Buffer Overflow Counter-measures 16.5 Defense against Buffer Overflows 16.6 Preventing BOF Attacks 10 FSP-201: Ethical Hacking & IT Security

13 MODULE-17 CRYPTOGRAPHY 17.1 Cryptography Concepts 17.2 Cryptography 17.3 Types of Cryptography 17.4 Algorithms Symmetric Asymmetric Hash 17.5 How to create Hash in any file 17.6 How to generate public and private keys MODULE-18 PENETRATION TESTING 18.1 Pen Testing Concepts 18.2 Security Assessments 18.3 Security Audit 18.4 Vulnerability Assessment 18.5 Limitations of Vulnerability Assessment 18.6 Introduction to Penetration Testing 18.7 Penetration Testing 18.8 Why Penetration Testing? 18.9 Comparing Security Audit, Vulnerability Assessment and Penetration Testing What should be tested? What Makes a Good Penetration Test? Types of Pen Testing Black-box Penetration Testing Grey-box Penetration Testing White-box Penetration Testing MODULE-19 MOBILE HACKING 19.1 SIM Cloning 19.2 Call Spoofing 19.3 Message Spoofing FSP-201: Ethical Hacking & IT Security 11

14 19.4 Hacking Codes 19.5 Hacking Android OS MODULE-20 STENOGRAPHY 20.1 What is Stenography? 20.2 Hiding Text behind Image 20.3 Hiding Image behind Image 20.4 Hiding Video behind Image 20.5 Hiding Text behind Text 20.6 Drive Hiding 20.7 Tools of Stenography Cyber investigator: Electronic evidence is fragile and can easily be modified. Moreover, cyber thieves, criminals, dishonest and even honest employees hide, wipe, disguise, cloak, encrypt and destroy evidence from storage media using a variety of freeware, shareware and commercially available utility programs. Cyber investigator can easily detect it at private level. Ethical Hacker: Ethical Hackers is a term commonly applied to a computer user who intends to gain authorized access to a computer system. Ethical Hackers are skilled computer users who penetrate computer systems to gain knowledge about computer systems and how they work. Placement Agencies: In government sector: Central Bureau of Investigation (CBI), Intelligence Bureau (IB), Central Forensic Science Lab (CFSL), State Forensic Lab (SFL) In private sector: Private Detective Agencies, Banks & Insurance Company, Legal firms and private companies... LIBRARY CAREER PROSPECTS We have online Forensic e-library, which have more than 1000 Forensic Books. We provide membership number with username and password to enrolled students. Students can use this to access our online materials straight away. 12 FSP-201: Ethical Hacking & IT Security

15 TRAINING & INTERNSHIP After completion of online course we provide Training and Internship which help in making your career as a Forensic Expert. Training includes several practical aspects with real cases and crime scene visit All right including copyrights reserved with the publishers. No part of this book may be reproduced or Copied in any form of by any means (Graphic, Electronic or Mechanical), or reproduced on any information storage devices, without the written permission of the publishers. Note: Due care has been taken while publishing this book, but the author, Publisher and Printers are not responsible in any manner for any mistake that may have inadvertently crept in. In case of doubts the reader shall cross-check the contents with original Government Publication of Notifications, Any mistakes noted may be brought to our notice which shall be taken care in the next edition. All disputes subject to Delhi Jurisdiction only. CONTACT US Published by SIFS INDIA Office: 2443, Basement, Hudson Line, Kingsway Camp, Delhi , India Phone : , education@sifs.in, Web : FSP-201: Ethical Hacking & IT Security 13