[CEH]: Ethical Hacking and Countermeasures

Transcription

1 [CEH]: Ethical Hacking and Countermeasures Length Audience(s) Delivery Method : 5 days : This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. : Instructor-led Course Overview This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council ANSI accredited Certified Ethical Hacker exam Audience Profile This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Certification The Certified Ethical Hacker exam may be taken on the last day of the training (optional). Students need to pass the online Prometric/VUE exam to receive CEH certification. Course Outline Module 1: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information Security Controls

2 Module 2: Footprinting and Reconnaissance Footprinting Concepts Footprinting Threats Footprinting Methodology Footprinting Tools Footprinting Countermeasures Footprinting Penetration Testing Module 3: Scanning Networks Overview of Network Scanning CEH Scanning Methodology Module 4: Enumeration Enumeration Concepts NetBIOS Enumeration SNMP Enumeration UNIX/Linux Enumeration LDAP Enumeration NTP Enumeration SMTP Enumeration DNS Enumeration Enumeration Countermeasures SMB Enumeration Countermeasures Enumeration Pen Testing Module 5: System Hacking Information at Hand Before System Hacking Stage System Hacking: Goals CEH Hacking Methodology (CHM) CEH System Hacking Steps Module 6: Trojans and Backdoors Trojan Concepts Trojan Infection Types of Trojans Trojan Detection Countermeasures Anti-Trojan Software Pen Testing for Trojans and Backdoors

3 Module 7: Viruses and Worms Virus and Worms Concepts Types of Viruses Computer Worms Malware Analysis Penetration Testing for Virus Module 8: Sniffers Sniffing Concepts MAC Attacks DHCP Attacks ARP Poisoning Spoofing Attack DNS Poisoning Sniffing Tools Counter measures Sniffing Pen Testing Module 9: Social Engineering Social Engineering Concepts Social Engineering Techniques Imperso-nation on Social Networking Sites Identity Theft Social Engineering Countermeasures Social Engineering Pen Testing Module 10: Denial of Service DoS/DDoS Concepts DoS Attack Techniques Botnet DDoS Case Study DoS Attack Tools DoS/DDoS Protection Tools Denial-of-Service (DoS) Attack Penetration Testing Module 11: Session Hijacking Session Hijacking Concepts Network-level Session Hijacking Session Hijacking Tools

4 Counter-measures Session Hijacking Pen Testing Module 12: Hacking Webservers Webserver Concepts Webserver Attacks Attack Methodology Webserver Attack Tools Patch Management Webserver Security Tools Webserver Pen Testing Module 13: Hacking Web Applications Web App Concepts Web App Threats Web App Hacking Methodology Web Application Hacking Tools Countermeasures Web App Pen Testing Module 14: SQL Injection SQL Injection Concepts Testing for SQL Injection Types of SQL Injection Blind SQL Injection SQL Injection Methodology Advanced SQL Injection Evasion Techniques Module 15: Hacking Wireless Networks Wireless Concepts Wireless Encryption Wireless Threats Wireless Hacking Methodology Wireless Hacking Tools Bluetooth Hacking Wireless Security Tools Wi-Fi Pen Testing

5 Module 16: Hacking Mobile Platforms Mobile Platform Attack Vectors Hacking Android OS Hacking ios Hacking Windows Phone OS Hacking BlackBerry Mobile Device Management (MDM) Mobile Security Guidelines and Tools Mobile Pen Testing Module 17: Evading IDA, Firewalls, and Honeypots IDS, Firewall and Honeypot Concepts IDS, Firewall and Honeypot System Evading IDS Evading Firewalls Detecting Honeypots Firewall Evading Tools Countermeasures Penetration Testing Module 18: Buffer Overflow Buffer Overflow Concepts Buffer Overflow Methodology Buffer Overflow Examples Buffer Overflow Detection Buffer Overflow Counter-measures Buffer Overflow Security Tools Buffer Overflow Penetration Testing Module 19: Cryptography Cryptography Concepts Encryption Algorithms Cryptography Tools Public Key Infrastructure(PKI) Encryption Disk Encryption Cryptography Attacks Cryptanalysis Tools

6 Module 20: Penetration Testing Pen Testing Concepts Types of Pen Testing Pen Testing Techniques Pen Testing Phases Pen Testing Roadmap Outsourcing Pen Testing Services