EC-Council Network Security Administrator (ENSAv4.0)

Transcription

1 EC-Council Network Security Administrator (ENSAv4.0) Delivery Method: Instructor-led (classroom), Duration: 5days Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyse the internal and external security threats against a network, and to develop security policies that will protect an organization s information. Students will learn how to evaluate network and Internet security issues and design, and how to implement successful security policies and firewall strategies. In addition, they will learn how to expose system and network vulnerabilities and defend against them. Who Should Attend System administrators, Network administrators and anyone who is interested in network security technologies. Learning Outcome Students are able Exam Information The ENSA exam will be conducted on the last day of training. Students need to pass the online Prometric exam to receive the ENSA certification. Course Outlines Module I: Fundamentals of Computer Network Key elements of network o Nodes o The Network Backbone o Segments o Subnets Logical Elements of Network o IP Addresses o Domain Name System o Gateways Types of network media o Historical vs. Current communication Methodology o Asynchronous vs synchronous o Wired media or Bounded Network Media o Dedicated line o Optical remanence

2 o Magnetic remanence o Wireless Transmission o Public switched network o Emanations security Media Access Methods o Multiplexed Media Access o Polling o Token-Based Media Access o Automated Information Systems (AIS) Automated Information Systems (AIS) o Historical vs. Current Technology o Hardware o Software o Memory Critical information characteristics o Confidentiality o Integrity o Availability Information states o Transmission o Stora1ge o Processing Operations Security (OPSEC) o OPSEC process o INFOSEC and OPSEC interdependency o Unclassified indicators o OPSEC surveys/opsec planning Object reuse(computer security) OSI Model o Physical Layer o Data Link Layer o Network Layer o Transport Layer o Session Layer o Presentation Layer o Application Layer Transmission Modes o Simplex o Half Duplex o Full Duplex Types of Transmission o Serial Data Transmission o Parallel Data Transmission o Unicast Transmission o Multicast Transmission

3 Logical Network Classification o Client Server networking o Peer to peer networking o Mixed Mode Networking Network Topologies o Sharing of data o Sharing of devices o File servers o Bus o Star or Hub o Star-Wired ring o Ring o Mesh o Tree o Hybrid Topology Physical Network Classification o LAN o WAN o MAN o PAN o CAN o GAN Network Equipments o Network Interface Cards o Access Points o Switches o Concentrators/hub o Modem o Asynchronous vs. synchronous o Router o Brouter o Bridges o Adapters o Network Load Balancers o Repeaters o Gateways o Transceivers o Converters o Terminals Module II: Network Protocols Introduction to protocols Implementing Network protocols o Introduction to TCP/IP o Configuring TCP/IP o Configuring Netware Links

4 o Managing TCP/IP o Network Classes o Terminal Emulation Protocol (TELNET) of TCP/IP o TELNET: Vulnerabilities o Network News Transfer Protocol o Network News Transfer Protocol: Vulnerabilities Application Layer Protocols o Voice Over Internet Protocol (VoIP) o Boot Strap Protocol (BOOTP) o Data Link Switching Client Access Protocol(DCAP) o Dynamic Host Configuration Protocol (DHCP) o Domain Name System(service) Protocol (DNS) o File Transfer Protocol (FTP) o Trivial FTP (TFTP) o FTP and Trivial FTP: Vulnerabilities o Network Time Protocol o Network News Transfer Protocol o Simple Network Management Protocol(SNMP) and Its Versions o Internet Relay Chat Protocol(IRCP) o Service Location Protocol(SLP) o Hyper Text Transfer Protocol (HTTP) o Hyper Text Transfer Protocol Secure (HTTPs) Presentation Layer Protocol o Light Weight Presentation Protocol(LWPP) Session Layer Protocol o Remote Procedure Call Protocol(RPC) Transport Layer Protocols o Reliable Data Protocol(RDP) o Transmission Control Protocol(TCP) o User Datagram Protocol(UDP) o TCP, UDP: Attacks and Countermeasures Network Layer Protocols o Routing Protocols o Multicasting Protocols o Other Network Protocols Data link Layer Protocol o Address Resolution Protocol(ARP) o Network Address Resolution Protocol (NARP) o Reverse Address Resolution Protocol(RARP) Module III: Protocol Analysis Overview of tcp/ip o Streams o Reliable delivery o Network adaption o Flow control

5 Relation to other Protocol Tcp/ip Protocol suite o Network Interface Layer o Internet Layer o Transport layer o Application Layer Windowing Sliding Window Acknowledgement TCP o TCP header format o TCP Interface o Algorithms in TCP o TCP Checksum Calculation o Performance Estimation in TCP o Problems related to TCP IP o Overview of IP o IP Header Format o IP Addressing o IP datagram o IPv6 o IPv6 Header o IPv6 Specification o Addressing o Packet Tunneling o Multicast o Hop by Hop option Module IV: Hardening Physical Security Need for physical security Security Statistics Physical Security Breach Incidents o Who is Accountable for Physical Security? Factors Affecting Physical Security Physical Security Threats o Environmental threats o Man Made threats o Prevention & Detection of physical hazards Premises Security o Office Security o CCT (Close Circuit Televisions/Cameras) o Parking Area EPS (Electronic Physical Security) Challenges in Ensuring Physical Security o Countermeasures

6 o Fencing o Security force o Watch Dogs o Locks and Keys o Physical Security: Lock Down USB Ports o Tool: DeviceLock o Blocking the Use of USB Storage Devices o Track Stick GPS Tracking Device o USB Tokens o Fire Safety: Fire Suppression, Gaseous Emission Systems o Uninterruptible Power Supplies o Mantrap Module V: Network Security Overview of Network Security The need for network security The goals of network security Security awareness Functions of Network security administrator o Develop, Maintain and implement IT security o Maintain and implement firewalls o Monitor and secure network and servers o Monitor critical system files o Backup the files o Administrative Security Procedural Controls o Documentation, logs and journals Communication Security (COMSEC) o Functions of COMSEC custodian o identify and inventory COMSEC material o access, control and storage of COMSEC material o report COMSEC incidents o destruction procedures for COMSEC material Functions of INFOSEC Officer Functions of information resources management staff program or functional managers security office senior management system manager and system staff telecommunications office and staff Functions of audit office Functions of OPSEC managers Role of end users Network Security at: o Public vs private o Dial-up vs dedicated o Privileges (class, nodes)

7 o Traffic analysis o End-to-end access control Transmission Security o Frequency hopping o Masking o Directional signals o Burst transmission o Optical systems o Spread spectrum transmission o Covert channel control (crosstalk) o Dial back o Line authentication o Line-of-sight o Low power o Screening o Protected wireline Legal Elements o Criminal prosecution o fraud, waste and abuse o Evidence collection and preservation o Investigative authorities Countermeasures: cover and deception o HUMINT o Technical surveillance countermeasures Reporting security violations Module VI: Security Standards Organizations Internet Corporation for Assigned Names and Numbers (ICANN) International Organization for Standardization (ISO) Consultative Committee For Telephone and Telegraphy (CCITT) International Telecommunication Union (ITU) American National Standards Institute(ANSI) Institute Of Electronics and Electrical Engineers(IEEE) Electronic Industries Association National Center for Standards and Certification Information (NIST) World Wide Web Consortium (W3C) Web Application Security Consortium (WASC) Module VII: Security Standards Introduction to Internet Standards Standards Creation Committee Internet Standards o RFC Evolution o Types and Submissions o Obtaining RFCs Cabling Standards

8 o EIA/TIA -568 o UTP Categories o Cable Specifications o Electronic Industries Association Specification Standards Module VIII: Security Policy Security Policy overview Concept of Security Policy Key Security Elements Security Awareness Programs o Trainings o Meetings o Goals of security Policies Vital role of a security policy Classification of Security policy o User policies o General Policies o Partner Policies o Types of Security Policies: Issues Specific Policies o Policy design Contents of Security Policy Privacy and Confidentiality Security levels o Separation of duties, dual controls, job rotation, least privilege o Security organization and policy development Agency Specific AIS and Telecommunications Policies o Points of contact o References Configuration of security policy National Policy and Guidance o AIS security o Communications security o Employee accountability for agency information Implementation of security policy Incident Handling and Escalation Procedures Security operations and life cycle management o Securing Assets o Requirements definition (e.g.,architecture) o Development o Design review and systems test o Demonstration and validation (testing) o Implementation o Security (e.g., certification and accreditation) o Operations and maintenance (e.g.,configuration management) Defining Responses to Security Violations

9 Presenting and Reviewing the Process Compliance with Law and Policy o Intellectual Property o Describing the Electronic Communications Privacy Act o Transborder encryption issues o Points To Remember While Writing Security Policy Issue-specific Security Policy (ISSP) o Security Policies o Hacking Creating and Managing ISSPs Module IX: IEEE Standards Introduction to IEEE standards IEEE LAN Protocol Specification o 802-Overview And Architecture o Briding And Management o Logical Link Control(LLC) o CSMA/CD(Ethernet) o Token Passing Bus o Token Passing Ring o DQDB Access Method o Broad Band LAN o Security o Wireless LAN(WLAN) o Demand Priority Access o Wireless Personal Area Networks (WPAN) o Broad Band Wireless MAN (WMAN) o Resilliant Packet Ring Work Group Wireless Networking Standards o IEEE Standards o 802.1X o Architecture o Standards (Wi-Fi Standard) o o o Wi-MAX o IEEE p1451 Standard o ETSI Standards o HIPERLAN o HIPERMAN Module X: Network Security Threats Current Statistics o Defining Terms: Vulnerability, Threats, and Attacks Types of Attackers Classification of Hackers Techniques

10 o Spamming o Revealing hidden passwords o War Dialing o War Diving o War Chalking o War Flying o Wire Tapping o Scanning o Sniffing o Network Reconnaissance o Social Engineering Common Vulnerabilities and Exposures (CVE) o Threats o Trojan o Virus o Worms o Logic Bombs o Eavesdropping o Phishing Attacks o Smurfing o Man-in-the-Middle Attacks o Denial of service o DDoS o Buffer Overflow o Zero Day Attacks o Jamming o Password Attacks o Spoofing o Session Hijacking o Web Page Defacement o Recording Key Strokes o Cracking Encrypted Passwords o Revealing Hidden Password Hiding Evidence of an Attack Problems Detecting Network Attacks Network Scanning Tools: o The Netstat Tool o Nmap o NetscanTool o Superscan o Hping Module XI: Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS) Introduction to IDS

11 History of Intrusion Detection Intrusion Detection Concepts o Architecture o Monitoring Strategies o Analysis type o Timing o Goal of detection o Control Issues IDS for an Organization o Selecting an IDS o Deploying an IDS o Maintaining an IDS Characteristics of IDS o Importance of IDS Aggregate Analysis with IDS Types of IDS o Network based IDS o Host Based IDS o Host Based IDS vs. Network Based IDS o The Hybrid IDS Framework o Distributed IDS o Protocol Intrusion Detection System o Network Behavior Analysis (NBA) o Unified Thread Management Deployment of IDS Types of Signatures o Network signatures o Host based signatures o Compound Signatures True/False-Positive/Negative Major Methods of Operation o Signature Based Detection o Anomaly Based Detection IDS Tool o Snort o BlackICE o M-ICE o Secure4Audit (auditguard) o Emerald o Nides o SECUREHOST o GFI EventsManager Intrusion Prevention System o Intrusion Prevention Strategies o IPS Deployment Risks

12 o Flexible response with Snort o Controlling your Border Information Flow in IDS and IPS o Raw Packet Capture o Filtering o Packet Decoding o Storage o Fragment Reassembly o Stream Reassembly o Stateful Inspection of TCP Sessions o Firewalling IPS Tool o Sentivist o StoneGate IPS o McAfee IDS vs. IPS Intrusion Detection Checklist Module XII: Firewalls Firewalls: Introduction Security features o Securing individual users o Perimeter security for networks Multiple components of Firewall Firewall Operations Software Firewall Hardware Firewall Types of Firewalls o IP Packet Filtering Firewall o Circuit-Level Gateway o Application Level Firewalls Pix Firewall Basic features of PIX firewall Advanced Features of PIX firewall Firewall Features Establishing Rules and Restrictions for your Firewall Firewall Configuration Strategies Scalability Firewall Architecture o Dual-Homed Host Architecture o Screened Host Architecture o Screened Subnet Architecture Handling threats and security tasks Protection against hacking Centralization and Documentation

13 Multi-layer firewall protection Firewall deployment strategies o Screened Host o Two router with one firewall o Introduction to Demilitarized Zone(DMZ) o DMZ screened subnet o Multi firewall DMZ o Screening Router o Dual homed host Specialty firewalls and Reverse firewalls Advantages of using Firewalls Disadvantages of using Firewalls Threats o Firewalking o Banner Grabbing o Placing Backdoors Through Firewalls Limitations of Firewalls Personal Firewall Software o ZoneAlarm Pro o Norton Personal Firewall o McAfee Personal Firewall o Windows Personal Firewall Personal Firewall Hardware o Linksys and Netgear o Cisco s PIX Firewall Log Analysis Firewall Tools Comparison of Various Firewall Products T-REX Open Source Firewall SQUID WinGate Symantec Enterprise Firewall Firewall Testers o Firewalk o FTester o Firewall Leak Tester Module XIII: Packet Filtering and Proxy Servers Application layer gateway o Network Address Translation o Packet Filtering Proxy servers o Role of Proxy Server o Proxy Control o Authentication Process

14 o Firewall o Administration and management of Proxy servers o Security and access control o Reverse Proxies o How Proxy Servers Differ From Packet Filters Module XIV: Bastion Host and Honeypots Bastion Hosts o Principles o Need of Bastion host o Building a Bastion Host o Configuring Bastion Host o Locating Bastion Host o Securing the Machine Itself o Making the Host Defend Itself o Selecting Services to be Provided o Disabling Accounts o Disabling Unnecessary Services o Handling Backups o Role of Bastion host o Bastion Host security policy Honeypot o History of Honeypot o Value of Honeypot o Types of Honeypots o Classifying Honeypots by Interaction o Examples of Honeypots o Use of Honeypot o Homemade Honeypot o Advantages and Disadvantages of Honey pot Honeynet o Architecture of Honeynet o Types of Honeynet o Legal Issues related Module XV: Securing Modems Introduction to Modems Origin of Modems Modem Features Types of Modems o Hardware Modems o Optical Modems o Short Haul Modems o Smart Modem o Controller Less Modem o Acoustic Modem o Null modems

15 Modem Security o Additional Security to modems o Modem Security should be a priority for the telephony managers o SecureLogix provides Solutions for Modems Security o Make modem Security simple with robust Management Tool Categorizing Modem Access o Dial out Access o Dial In Access Modem Attacks o Spoofing Attacks o Call Forwarding Attacks o War Dialing Modem Risks o War Dialers o Packet Sniffing Modem Failure Symptoms o Modem Firmware Failure o Primary Modem Failure o Reasons for modem Connection Failure o Some Common Failures Troubleshooting Modems o External Modems o Internal Modems Module XVI: Troubleshooting Network Introduction to troubleshooting A Troubleshooting Methodology o Troubleshooting Strategies o Device Manager o Troubleshooting Network Communication o Network adapter has limited or no connectivity o Network adapter is connected, but you can t reach the Internet o Troubleshooting Connectivity o Performance Measurement Tool Troubleshooting Network devices o Windows PC Network Interface Card o Troubleshooting Cisco Aironet Bridge o Troubleshooting bridges using the Virtualization Engine o Troubleshooting BR350 (Bridge) o Diagnosing Repeater and Gateway Problems o Troubleshooting Hubs and Switches o Troubleshooting cable modem o Troubleshooting DSL or LAN Internet Connection o Troubleshooting a Universal Serial Bus Device o Troubleshooting IEEE 1394 Bus Devices Troubleshooting Network Slowdowns

16 o NetBios Conflicts o IP Conflicts o Bad NICs o DNS Errors o Insufficient Bandwidth o Excessive Network Based Application o Daisy Chaining o Spyware Infestation Troubleshooting Wireless devices o Checking the Led Indicators o Checking Basic setting o SSID o WEP Keys o Security Settings Troubleshooting Methodology TCP/IP Troubleshooting Utilities o Troubleshooting with IP Configuration Utilities o Troubleshooting with Ping o Troubleshooting with Tracert o Troubleshooting with Arp o Troubleshooting with Telnet o Troubleshooting with Nbstat o Troubleshooting with Netstat o Troubleshooting with FTP o Troubleshooting with Nslookup o Troubleshooting NTP o Troubleshooting Tools o Hardware-Based Troubleshooting Tools o Network Technician s Hand Tools o The POST Card o Memory Testers o Electrical Safety Rules o Wire Crimpers o Punch Down Tools o Circuit Testers o Voltmeters o Cable Testers o Crossover Cables o Hardware Loopback Plugs o LED Indicator Lights o Tone Generators Module XVII: Hardening Routers Introduction to Routers Routing Metrics Multiple Routing

17 Types of Routers Routing Algorithms Internet work Operating Systems (IOS) IOS: FEATURES Routing Principles o The ARP Process o LAN to- LAN Routing Process o LAN to- WAN Routing Process Modes Of Operation o User Mode o Enable Mode o Global Configuration MODE IP Routing o Configuring IP and IP routing o Configuring RIP IP Source Routing Configuration of Routers o External configuration sources o Internal configuration sources o Router Initiation o Loading the configuration files o Configuring from the TFTP Server o The Setup Configuration Mode o CLI configuration mode Router Configuration Modes o Global Configuration mode o Interface Configuration mode o Line Configuration Mode o Privilege EXEC mode o ROM Monitor mode o User EXEC Mode Finger Tool Disabling the auxiliary and closing extra interfaces BOOTp service TCP and UDP small servers Disabling Proxy ARP Disabling SNMP Disabling NTP Hardening a Router o Configuring a banner Cisco Discovery Protocol o Configuring CDP o Logging Concept o Cisco Logging Options

18 o Syslog Logging o SNMP Logging Filtering Network Traffic Access Control List o Basics of ACL o Creating Access Control List o ACl Types o Monitoring ACL o Implementing ACL o Securing Routers: ACL Log System Error Messages Securing Routers: Committed Access Rate Securing Routers: Secure Shell o Authentication methods o Configuring SSH o Default Locations of Secure Shell Files Router Commands o Configuring Router Interface setting o Managing Router Configuration o Reviewing IP Traffic and Configuring static Routers Types of Routing o Distance Vector Routing o Link State Routing Routing Protocols o Routing Information Protocol (RIP) o Interior Gateway Routing Protocol (IGRP) o Enhanced Interior Gateway Routing Protocol (EIGRP) o Open Shortest Path First (OSPF) o Border Gateway Protocol (BGP) Routing Table Maintenance Protocol (RTMP) Troubleshooting a router o Troubleshooting tools o Troubleshooting with network management tools o Troubleshooting IP Connectivity in Routers Components of router security Router security: testing tools Module XVIII: Hardening Operating Systems BIOS security Windows Registry o Registry Editor o Rootkit Revealer Configuring Windows Services o Services o Regional settings o Virtual Servers

19 o Share Point Portal Server o Antivirus Protection o Process Resource Access o Managing Access control o Resource Access Privileges o Access Lists o Need-to-know controls o Malicious logic protection o Assurance Discretionary Access Control List (DACL) Objects And Permissions Rights Vs Permissions NTFS File System Permissions Encryption File System Windows Network Security o Firewalls Modes of Operation (Describes the security conditions under which the system actually functions) o Dedicated security mode o System-high security mode o Compartmented security mode o Multilevel security mode AIS o Hardware o Software o Firmware Windows infrastructure features o Active Directory o Group Policy o Share Security o Dynamic DNS updates Kerberos Authentication And Domain Security Trust Relationships Between Domains IP Security o Problems With IP Security Windows Security Tools o Update System o Antivirus o Anti Spyware o Anti Spam Windows o Windows Server 2003 Windows Certificate Authorities Certificate Authority Requirements

20 o Implement Certificate Authorities o Implement a Enterprise Root CA Desktop Management o Concept of least privilege o Internal labeling o Troubleshoot User Logons o Troubleshoot User Configuration o Troubleshoot System performance File Management o Troubleshooting Access to Files And Folders o Troubleshooting Access to Shared Files And Folders Linux o User and File system Security Administration Pluggable Authentication Module Configuring PAM Pam Configuration Files PAM Framework Security With PAM Network Information Services Group Management Utilities Permission Management Tools System Logger Utility Unix Security o UNIX Security Checklist v2.0 Macintosh Security Vista security o Upgrading from XP to Windows Vista o Installing Windows Vista o Securing Windows Vista Module XIX: Patch Management Introduction The Patch Concept Patch testing Patch Monitoring and Management o Create a Change Process o Monitor the Patch Process Consolidating Patches on Red hat Network o Configuring the Proxy Server o Configuring the Proxy Client Red Hat Up2date Patch Management Utility Installation Steps Red Hat Up2date Patch Management: Command Line Interface o Security Patch Compliance o Distribution o Discovery and zero-touch inventory

21 o Client Adoption o Troubleshoot Security Patch Management Reporting Patch Management Process o Identification o Assessment Phase o Base Lining o Obtainment o Testing o Deploy Phase o Confirmation Windows Update Services o Software Update Services (SUS) o Windows Server Update Services (WSUS) o WSUS VS SMS 2003 o Role of SMS in Patch Management Process Patch Management Tool: Baseline Security Analyzer o MBSA: Scanning Updates in GUI Mode o MBSA: Scanning Updates in Command-line version 12. Patch Management Tool o Selecting a Tool o Baseline Security Analyzer o Qchain o BES Patch Management o Shavlik HFNetChkPro 5 o PatchLink Update o SecureCentral PatchQuest Module XX: Log Analysis Introduction to Log Analysis Overview of log analysis Audit Events Log Files o Apache Logs o IIS Logs o IIS Logger Limitations of log files Monitoring for Intrusion and Security Event o Importance of Time Synchronization o Passive Detection Methods o Scripting Log Analysis Tools o UserLock o WSTOOl o Auditing tools o Generic Log Parsing Tools

22 o Log File Rotation Tools How to Secure Logs(Log Security) o Limit Access To Log Files o Avoid Recording Unneeded Sensitive data o Protect Archived Log Files o Secure The Processes That Generate the Log Entries o Configure each log source to behave appropriately when logging errors occur o Implement secure mechanisms for transporting log data from the system to the centralized log management servers Inc setting up of Servers: IIS & Apache Module XXI: Application Security Importance of Application Security Why Is Web Security So Difficult? Application Threats and Counter Measures Application dependent guidance Web Applications o Managing Users o Managing Sessions o Encrypting Private Data o Event Logging System Life Cycle Management o acquisition o design review and systems test performance (ensure required safeguards are operationally adequate) o determination of security specifications o evaluation of sensitivity of the application based upon risk analysis o management control process (ensure that appropriate administrative, physical, and technical safeguards are incorporated into all new applications and into significant modifications to existing applications) o systems certification and accreditation process Telecommunications Systems o Hardware o Software o Vulnerability and threat that exist in a telecommunications system o Countermeasures to threats Securing voice communications Securing data communications Securing of keying material Transmission security countermeasures (e.g., callsigns, frequency, and pattern forewarning protection) Embedded Application Security (EMBASSY) o TCP/IP security Technology o IPSec And SSL Security o IPSec And SSL Security In Embedded Systems o Network Security For Embedded Applications

23 o Embedded Network Security Hardware Instructions Secure Coding o Common Errors o Best Practices For Secure Coding o Programming standards and controls o Change controls o internal labeling Threat modeling Module XXII: Web Security Overview of Web Security Common Threats on Web o Identity theft o Spam Mail o Distributed Denial of Service(DDoS) o Reflection Dos Attack o Bots o Cross Site Request Forgery o Session Hijacking o Smurf attack o FTP bounce o RSS/Atomic Injection o DNS Attack o Content Spoofing o Logical Attacks o Buffer Overflow o IP and Routing Protocol Spoofing Identifying Unauthorized Devices Restrictive Access Network Addresses o Altering the Network Addresses Tracking the Connectivity: Tracert/Traceroute Testing the Traffic Filtering Devices IIS Server o Installing the IIS server o Administering the IIS server Client Authorization o Certificate Authorities Client-Side Data Server-side data Client Authentication o User s Approach o Authentication Techniques Input Data Validation Browsing Analysis Browser Security

24 o Mozilla Browser o Internet Explorer o Browser hijacking o Browser Analysis o Browser Security Settings Plug-ins o Netscape/IE Plug-Ins o Mozilla Firefox Plug-ins o Accessibility Analyzer o Validate Sites HTML o Wayback Versions o Validate P3P o View In o BugMe Not o Webpage Speed Report o Validate Links (W3C) o Open Text o Validate RSS o Validate CSS o Validate HTML Common Gateway Interface(CGI) o CGI Script o CGI operation Module XXIII: Security Overview of History of Basics of Types of Web Based Versus POP3 Components of an o Headers o Opening Attachments o Reading s for different clients o Field names and values o Address list o Recipients and Senders o Response targets and threading Servers Encryption o Centurion mail o Kerberos o Hush Mail o Pretty good privacy o Secure Hive Installing WorkgroupMail

25 Configuring Outlook Express Secure Authentication o Mail Transfer o Authenticating Sender protocols o Multipurpose Internet Mail Extensions(MIME) /Secure MIME o Pragmatic General Protocol(PGP) o Simple Mail Transfer Protocol(SMTP) o Post Office Protocol(POP) and its POP3 o Internet Message Access Protocol(IMAP) Client and server architecture Security Risks o Spoofed Addresses o Spam o Hoaxes o Phishing o Snarfing o Malware o spoofing o viruses o Gateway virus scanners o Outlook Viruses o Attachment Security o Spamming How to defend against security risks o Quarantining Suspicious o Vulnerability check on System Tools for Security o ClipSecure o CryptoAnywhere o BCArchive o CryptainerLE o GfiMailEssentials o SpamAware Tracking s o readnotify Module XXIV: Authentication: Encryption, Cryptography and Digital Signatures Authentication o Authentication Tokens o RSA SecurID o Smart Cards VeriSign Authentication Encryption o Encryption Systems

26 o Firewalls Implementing Encryption o Lack of Encryption o Cost of encryption o Preserving data integrity o Maintaining confidentiality o Authentication and Identification o Authenticity of N/W clients o Key Based Encryption Systems o Encryption Algorithms o Analyzing popular encryption schemes o Types of Encryption Algorithms o Hashing algorithms Cryptography o History of Cryptography o Math and Algorithms o Message Authentication o Strength (e.g., complexity, secrecy, characteristics of the key) o Cryptovariable or key Digital Certificates o Paper Certificates and Identity Cards o Authorities that Issue Physical Certificates o Difference Between Physical and Digital Certificates o Standards For Digital Certificates o X.509 as Authentication Standard o Public Key Certificate o Viewing digital certificates Certificate Encryption Process o Encrypted File System Public and Private Keys o A Public Key Generated by PGP o Choosing the size of keys o Generating Keys Digital Signatures o Signature as identifiers o Features of Digital Signatures o Digital Signature In practice o PKI key management protocols (bundling, electronic key, over-the-air rekeying) Module XXV: Virtual Private Networks and Remote Networking Introduction to Virtual Private Network Types of VPN o Remote Access VPN s o Intranet Access VPN s o ExtraNet VPN s Tunneling

27 o Fundamentals of TunnelingTunneling Protocol Point to point Tunneling Protocol(PPTP) o Goals And Assumptions o Terminology o Control Connections o Security And Disadvantages Layer 2 Tunnel Protocol o Characteristics o L2TP Header Format o L2TP Control Message header o L2TP Data message o L2TP Compulsory Tunnel o L2TP Voluntary Tunnel VPN Security o Encryption o IPSec Server o AAA Server Connection to VPN o SSH And PPP o Concentrator o Other Methods Step1: Setting Up VPN Step2: Implement DHCP Services Step3: Create An Enterprise Certificate Authority Step 4: Install IAS Step 5: Configure IAS Step 6: Create A Remote Access Policy Step 7: Configure The VPN Server Step 8: Associate The VPN Server With The DHCP Server Step 9: Configure Remote Clients Step 10: Test The Client Connection VPN Policies VPN Registrations And Passwords Risk Associated With VPN Pre Implementation Review Auditing Implementation Review Auditing Post Implementation Review And Reporting VPN Product Testing Common VPN Flaws Module XXVI: Wireless Network Security Introduction to Wireless o Types of wireless networks: WLAN, WWAN, WPAN and WMAN o Wired Vs. Wireless Networks o Advantages and Disadvantages of Wireless

28 Types of Wireless Networks o Based on Type of Connection o Based on Geography Components of Wireless Network o Access Points o Wireless Cards o Antenna o Wireless Desktop Cards o Wireless Laptop Cards o Wireless USB Adapters o Wireless Internet Video Camera o Digital Media Adapter o Wireless Converters o Wireless Print Server o Wireless Rechargeable Bluetooth mouse o Wireless Modems o Wireless Router o Wireless Gateways o Wireless USB o Wireless Game Adapter o Wireless Range Extender o GSM Network Devices Wireless Technologies o Personal Communication Services(PCS) o Time Division Multiple Access(TDMA) o Code Division Multiple Access(CDMA) o ARDIS o BlueTooth o Ultra Wideband Wireless Communications: Examples o Satellite communications o Cellular phone communications Devices using Wireless Communications o PDA o BlackBerry Service Set IDentifier (SSID) Detecting Wireless Network o How to scan o Tool: Kismet o Netstumbler Types of Wireless Attacks o Man in the Middle Attacks o Denial of Service or Distributed Denial of Service o Social Engineering o Weak key Attacks

29 o Dictionary Attacks o Birthday Attacks Wireless Threats o Rogue Access Points o MAC Sniffing and AP Spoofing Overview of Wi-Fi o Hotspot Open Wi-Fi Vulnerabilities o Unauthorized Network Access o Eavesdropping WLANs in Public Space o Security Vulnerabilities With Public Access Wireless Networks o Risks Due To Wireless Networks Wired Equivalent Privacy o WEP Key Cracking Tools o WAP o Wireless Network Attack Tool: AirSnarf o Tools to detect MAC Address Spoofing: Wellenreiter v2 o WLAN Management o Detecting Rogue Points Wireless Security o Authentication o WPA o Security Measures o WLAN Security Policy Development Issues o RADIUS Authentication Wireless Auditing o Baselining DHCP Services o Server And Client Mobile Security Through Certificates Certificate Management Through PKI Trouble Shooting Wireless Network o Multipath and Hidden Node Wireless Network Security Checklist Module XXVII: Creating Fault Tolerance Network Security: Fault Tolerance Why Create Fault Tolerance o Planning For Fault Tolerance Network Security o Key Aspect of Fault Tolerance o Fault Tolerant Network Reasons for Network Failure o Viruses And Trojans o Intrusion

30 o Power Supply Failure Reasons For System Failure o Crime o User Error o Environmental o Routine Events Preventive Measures o Physical Security o Backups o Practical tips o Setting Privileges o Access Rights o Partitions o Peripherals o UPS And Power Generators o RAID o Clustered Servers o Simple Server Redundancy o Archiving o Auditing o Privacy o Deployment Testing o Circuit Redundancy o Offsite Storage o Perimeter Security o Understanding Vulnerabilities o Authentication Module XXVIII: Incident Response What is an Incident Category of Incident Types of Incident o Who should I report an Incident Step by Step Procedure o Managing Incidents What Is an Incident Response o Incident Response Architecture Six Step Approach for Incident Handling (PICERF Methodology) o Preparation o Identification o Containment o Eradication o Recovery o Follow-up Incident Response Team o Basic Requirements

31 o Ways of Communication o Staffing Issues o Stages Obstacles in Building a Successful Incident Response Team Computer Security Incident Response Team o Services Module XXIX: Disaster Recovery and Planning Overview of Disaster and its types What is a Disaster Recovery Principles of Disaster Recovery Types of Disaster Recovery Systems o Synchronous Systems o Asynchronous Systems Backup Site Recovery of Small and Large Computer Systems Emergency Management Disaster Recovery Planning Security Planning o Directives and procedures for NSTISS policy o Program budget Process of Disaster Recovery Plan o Organizing o Training o Implementing Disaster Recovery Testing o Testing Process o Testing Steps o Testing Scenarios Contingency Planning/Disaster Recovery contingency plan components, agency response procedures and continuity of operations team member responsibilities in responding to an emergency situation guidelines for determining critical and essential workload determination of backup requirements development of procedures for off-site processing development of plans for recovery actions after a disruptive event emergency destruction procedures Disaster Recovery Planning Team o Training the Disaster Recovery Planning Team Business Process Inventory Risk Analysis o Concept of risk Analysis o Methods of Risk Analysis o Process of Risk Analysis

32 o Continuous Risk Assessment o Techniques To minimize Risk o Cost/benefit analysis of controls o Implementation of cost-effective controls Risk Management o Information identification o roles and responsibilities of all the players in the risk analysis process o risk analysis and/or vulnerability assessment components o risk analysis results evaluation o corrective actions o acceptance of risk (accreditation) Business Continuity Planning Process o Business Impact Analysis o Risk Assessment o Other Policies, standards and process o Monitoring o Business Continuity Management Emergency destruction procedures Six myths about Business Continuity Management and Disaster Recovery Disaster Prevention Module XXX: Network Vulnerability Assessment Vulnerability Assessment o Vulnerability Assessment services o Goals of vulnerability assessment Features of a good vulnerability assessment o Network Vulnerability Assessment Timeline o Network Vulnerability Assessment Team Vulnerability classes Source Of Vulnerabilities o Design Flaws o Poor Security management o Incorrect Implementation Choice of Personnel for Network Vulnerability Assessment Network vulnerability Assessment methodology: o Phase 1- Acquisition o Phase 2 - Identification o Phase 3 - Analyzing o Phase 4 - Evaluation o Phase 5 - Generation How to assess vulnerability assessment tools Selecting vulnerability assessment tools o SAINT o Nessus o BindView o Nmap

33 o Ethereal o Retina o Sandcat Scanner o Vforce o 8.9. NVA-Team Checklist o ScanIT Online