Certified Security Analyst

Transcription

1 Certified Security Analyst Course ID ECC200 Course Description The EC Council Certified Security Analyst (ECSA) program is a comprehensive, standards-based, methodology intensive training program which teaches information security professionals to conduct real life penetration tests by utilizing EC-Council s published penetration testing methodology. The ECSA Program is a 5-day complete hands-on training program. This Penetration Testing training course uses real-time scenarios to train students in penetration testing methodologies. EC-Council s Certified Security Analyst (ECSA) course will help you master a documented penetration testing methodology that is repeatable and that can be used in a penetration testing engagement, globally. Prerequisites There are no prerequisites for this course Audience Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals all benefit from the ECSA program. Duration Five Days

2 Course Content Need for Security Analysis Information Security Measures Risk Analysis Hardening Security Security Policies Sample Policies Information Security Standards Information Security Acts and Laws TCP/IP Packet Analysis Introduction to TCP/IP TCP/IP Connection Introduction to IPv6 TCP/IP Security Internet Control Message Protocol (ICMP) TCP/IP in Mobile Communications Penetration Testing Methodologies Introduction to Penetration Testing Types of Penetration Testing Penetration Testing Methodology Pen Test Strategies Ethics of a Licensed Penetration Tester Customers and Legal Agreements Why Do Organizations Need Pen Testing? Penetration Testing Rules of Behavior Legal Issues in Penetration Testing Penetration Testing Contract Rules of Engagement Rules of Engagement (ROE) Steps for Framing ROE Clauses in ROE Penetration Testing Planning and Scheduling Test Plan and Its Purpose Content of a Test Plan Building a Penetration Test Plan Test Plan Identifier Test Deliverables Penetration Testing Planning Phase Skills and Knowledge Required

3 Internal Employees Penetration Testing Teams Tiger Team Meeting with the Client Contents of a Pen Testing Project Plan Work Breakdown Structure or Task List Penetration Testing Schedule Penetration Testing Hardware/Software Requirements Pre-penetration Testing Steps Information Gathering Information Gathering Terminologies Information Gathering Steps Tools to Extract Company s Data Search Telephone Numbers Using Geographical Location Search Using Google Earth People Search Online Services Link Popularity Search Online Services Competitive Intelligence Price Comparison Services DNS Interrogation Tools Domain Research Tool (DRT) DNS Interrogation Tools DNS Interrogation Online Tools Traceroute Analysis Website Mirroring Tools Tracking Tools GHDB Screenshot Vulnerability Analysis Why Assessment Vulnerability Classification Types of Vulnerability Assessment How to Conduct a Vulnerability Assessment How to Obtain a High Quality Vulnerability Assessment Vulnerability Assessment Timeline External Penetration Testing External Intrusion Test and Analysis Client Benefits External Penetration Testing Traffic Sniffing and Analysis Tool: Tstat DNS Interrogation Tools

4 WHOIS Lookup Tools Common Ports List Scanning Tools Hping2 IPID Example Look for Invalid Ranges in Input Fields Attempt Escape Character Injection Examine Server Side Includes (SSI) Recommendations to Protect Your System from External Threats Internal Network Penetration Testing Internal Testing Steps for Internal Network Penetration Testing Sniffer Tools Copying Commands in Knoppix Microsoft Diagnostics and Recovery Toolset (DART) Reset the Administrator s Password Keyloggers and Spy Softwares WinMend Folder Hidden Whitespace Steganography Vulnerability Scanning Tools Firewall Penetration Testing Firewall Overview Packet Filtering Firewall Logging Functionality Periodic Review of Information Security Policies Firewall Implementation Build a Firewall Ruleset Maintenance and Management of Firewall Hardware Firewall Software Firewall Types of Firewalls Firewall Penetration Testing Tools Firewall Identification IDS Penetration Testing Introduction to IDS Application-based IDS Multi-Layer Intrusion Detection Systems Wireless Intrusion Detection Systems (WIDSs) Common Techniques Used to Evade IDS Systems IDS Penetration Testing Steps Packet Fragmentation TCP Flags Intrusion Detection Tools

5 Password Cracking Penetration Testing Password LM Authentication NTLM Authentication Kerberos Authentication LM, NTLMv1, and NTLMv2 People Search Dictionary Maker Tool: Word List Compiler Packet Sniffing Tools Man-in-the-Middle Attack Using Ettercap Elcomsoft Distributed Password Recovery Password Cracking Tools Keyloggers Social Engineering Penetration Testing Social Engineering Pen Testing Impact of Social Engineering on the Organization Common Targets of Social Engineering Requirements of Social Engineering Steps in Conducting Social Engineering Penetration Test Steps for Dumpster Diving Accomplice Identity Theft Satellite Picture of a Organization Telephone Recorders and Call Recorders Vehicle/Asset Tracking System Examples Spy Gadgets Web Application Penetration Testing Introduction to Web Applications Web Application Components Web App Pen Testing Phases Connection String Injection Connection String Parameter Pollution (CSPP) Attacks Connection Pool DoS Web Services Web Services XML Poisoning SOAP Injection SQL Penetration Testing Introduction to SQL Injection SQL Injection Attacks SQL Injection Penetration Testing Steps SQL Injection Detection

6 Blind SQL Injection Attack Best Practices to Prevent SQL Injection Penetration Testing Reports and Post Testing Actions Penetration Testing Deliverables Writing Pen Testing Report Collect and document the information Pen Testing Report Format Result Analysis Post Testing Actions Report Retention Router and Switches Penetration Testing Router Testing Issues Test for HTTP Configuration Vulnerabilities in Cisco Routers Analyze the Router Configuration Need for Router Testing General Requirements Technical Requirements Steps for Router Penetration Testing The Process to Get Access to the Router Privileged Mode Attacks SNMP Community String TFTP Testing Router Testing Report Penetration Testing Steps for Switches Recommendations for Router and Switches Penetration Testing Wireless Network Penetration Testing Wireless Penetration Testing Wireless Security Threats Wi-Fi Discovery Tools Active Wireless Scanner: inssider Wireless Packet Sniffers Wi-Fi Jamming Devices WEP Cracking Tool WPA Brute Forcing Using Cain & Abel WPA-PSK Cracking Tool: Elcomsoft Wireless Security Auditor Wireless Penetration Testing Tools Denial-of-Service Penetration Testing Distributed Denial-of-Service Attack How Do Distributed Denial-of-Service Attacks Work? How to Conduct DoS Penetration Testing DoS Vulnerability Scanner GFI LanGuard

7 Recommendations to Prevent Denial of Service Stolen Laptop, PDAs, and Cell Phones Penetration Testing Stolen Digital Data Type of Information Lost in Laptop Theft Penetration Testing Steps Penetration Testing in Mobiles Using CORE IMPACT Pro Tools to Extract the Personal Information in Cell Phones Pen-Testing Tools for the Pocket PC Pen Testing for the Pocket PC Using MiniStumbler Cookies Screenshot Install Software Source Code Penetration Testing Introduction Need for Source Code Penetration Testing Prerequisites for Source Code Penetration Testing Vulnerable Components in an Application Attacker s Goals Threat Models Application Decomposition Identify and Rank Threats Discover the Countermeasures and Mitigation Threat Analysis Steps for Source Code Penetration Testing Tools for Automated Source Code Penetration Testing for Java Tools for Automated Source Code Penetration Testing for C, C++, and.net STRIDE Threat Model Countermeasures Authentication Countermeasures Authorization Countermeasures Countermeasures Physical Security Penetration Testing Physical Attacks Steps in Conducting Physical Security Penetration Testing Google Maps Image Surveillance Camera Penetration Testing Introduction to Surveillance Systems Pen Testing Requirements Surveillance Camera Network Architecture Need for Surveillance System Pen Testing Steps for Surveillance Camera Penetration Testing Try to Manipulate Resolution Check the Compression

8 Check the Frame Rate Database Penetration Testing Database Penetration Testing Steps McAfee Security Scanner for Databases Oracle Auditing Wrong Statements Logged Possible Attacks Against Oracle Database Vault Try to Retrieve Sysxlogins Table Views SQL Server System Tables Oracle Server Testing Port Scanning Basic Techniques Port Scanning Advanced Techniques Oracle TNS Listener: Screenshot Finding the TNS Listener Listener Modes Database Password Cracking and Testing Tools VoIP Penetration Testing Vulnerability Assessment Penetration and Vulnerability Testing VoIP Risks and Vulnerabilities VoIP Security Threat VoIP Penetration Testing Steps SNMP Enumeration Tools VoIP Tools VPN Penetration Testing Virtual Private Network (VPN) VPN Penetration Testing Steps Port Scanning Tools Check for Split Tunneling Try to Recover and Decrypt Pre-Shared Key (PSK) SSL VPN Scan Tool Cloud Penetration Testing What Is Cloud Computing? Cloud Computing Model Types of Cloud Computing Services Separation of Responsibilities in Cloud Security Benefits of Cloud Computing Security Risks Involved in Cloud Computing Key Considerations for Pen Testing in the Cloud Scope of Cloud Pen Testing Cloud Penetration Testing Steps

9 Virtual Machine Penetration Testing Prerequisites to Virtual Machine Pen Testing Virtualization Security Scenario Virtualization Security Issues Virtual Environment Pen Testing Virtual Machine Penetration Testing Steps Vulnerability Assessment Tool: VMinformer Configuration Management Tool Virtualization Best Practices War Dialing War Dialing Recommendations to Improve Modem Security Virus and Trojan Detection Indications of a Trojan or Virus Attack Different Ways a Trojan/Virus Can Get into a System How Does a Computer Get Infected by a Trojan/Virus? Port Monitoring Tools Process Monitoring Tools Registry Entry Monitoring Tools Device Drivers Monitoring Tools Windows Services Monitoring Tool: Process Hacker Windows 7 Startup Registry Entries Startup Programs Monitoring Tools File and Folder Integrity Checkers Detecting Trojans and Viruses with Capsa Network Analyzer Anti-Trojan/Anti-Spyware Tools Anti-Virus Tools Trojan Countermeasures Virus and Worms Countermeasures Log Management Penetration Testing Steps for Log Management Penetration Testing Log Management Tools Log Monitoring Tools Checklist for Secure Log Management File Integrity Checking Process to Check Integrity by Comparing CRC Checksum Checking and Comparing CRC Value Hash Value Calculation Tools Automated File Integrity Verification Tools Challenges in File Integrity Checking Recommendations

10 Mobile Devices Penetration Testing Requirements for Mobile Device Penetration Testing Mobile Devices Market Share Pen Testing Android Android Architecture Penetration Testing ios-based Devices ios Architecture Major ios Vulnerabilities and Attacks Jailbreaking BlackBerry Network Architecture Vulnerabilities in BlackBerry Bluetooth Stack Penetration Testing Steps for Bluetooth-enabled Devices Recommendations Telecommunication and Broadband Communication Penetration Testing Broadband Communication Risks in Broadband Communication Steps for Broadband Communication Penetration Testing Cookies Analysis Tool: IECookiesView Wardriving Tools WEP Cracking Tools Guidelines for Securing Telecommuting and Home Networking Resources Security Penetration Testing Commonly Used Service Protocols SMTP Enumeration Tool: NetScanTools Pro Vulnerability Scanners Patch Management Tools Anti-Phishing Tools Common Spam Techniques Anti-Spamming Tools Security Patches Penetration Testing Patch Management Patch and Vulnerability Group (PVG) Steps for Security Patches Penetration Testing Security Patches Penetration Testing Tools Data Leakage Penetration Testing Data Leakage Data Leakage Statistics Data Leakage Statistics Types of Incidents How Data Can Be Leaked

11 Data Leakage Penetration Testing Steps Data Privacy and Protection Acts Data Protection Tools SAP Penetration Testing SAP World The SAP RFC Library Methodology and Goals Setting Up the Assessment Platform Sapyto Architecture Connectors and Targets Installation of Sapyto SAP Penetration Testing Standards and Compliance Incident Handling Incident Response Need for Incident Response Goals of Incident Response Parameters of Investigations Laws Compliance Checklists Intellectual Property Rights Privacy Act Standards of Conduct Legal Issues Affecting Information Assurance Information System Security Principles Defense in Depth System Interconnection Monitoring Systems Interconnection System Interconnection Policy Aggregation Inference and Object Reuse Polyinstantiation How Security is Affected Threat from Aggregation Basic Security Requirements Information Valuation States of Information Protection Profiles Security Target Account Management Security Policy for Account Administration Peer-to-Peer Security

12 Configuration Management Change Control Configuration Management Plan Cryptanalysis Digital Signature Steganography and Watermarking Non-Repudiation Message Digest Tools Key Management Electronic Key Management System (EKMS) EKMS Requirements Public Key Infrastructure (PKI) Need for Public Key Infrastructure (PKI) Public Key Infrastructure Requirements Security Life Cycle Security System Security Plan (SSP) Access Control Models Business Aspects of Information Security Information Warfare (INFOWAR) Intellectual Property Rights COMSEC System Security Architecture Software Piracy Addressing Account Management Policy for Redeploying Classified Systems Hardware Asset Management Program Key Management Infrastructure (KMI) Development of Configuration Control Policies Report to the DAA the Deficiencies/Discrepancies in the Configuration Control Policy Improvements to the Security Plans Developed by Site Personnel Security Domains Administrative Security Procedures Appropriate for the System Certification Security Features Necessary to Support Site Operations Maintenance Procedures to Ensure Security against Unauthorized Access Procedures to Counter Potential Threats from Insiders or Outsiders of the Organization Physical Security Information System Incident Handling and Response EMSEC/TEMPEST Emergency/Incident Response Team Education, Training, and Awareness (ETA) Concept of Operations (CONOP) Business Continuity Plan (BCP) Business Organization Analysis

13 Disaster Recovery Planning (DRP) Business Continuity Plan Development and Planning Resource Requirements for Business Continuity Plan Security Policy for Backup Procedures Generally Accepted Systems Security Principles (GASSP) Personal Information Security Breaches Investigation of Personal Information Security Breaches Process of Responding to and Reporting Security Incidents Agency Specific Security Policies and Procedures Information System Auditing and Certification Certification and Accreditation National Information Assurance Partnership (NIAP) Information Technology Security Evaluation Criteria (ITSEC) Discuss the Concepts of Availability, Integrity, Confidentiality, Authentication, and Nonrepudiation Key Participants of the Certification and Accreditation Process Information System Security Auditing and Logging Information Systems Monitoring Process Evaluation Assurance Levels (EALs) Assessment Use During Certification of Information Systems Systems Security Plan Budget/Resources Allocation/ Scheduling Information System Security Certification Requirements System Architectural Description Document Agency-specific C&A Guidelines Security Processing Mode Change Control Management Process Security Accreditation Package Life Cycle Security Planning