Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours



Similar documents
FORBIDDEN - Ethical Hacking Workshop Duration

Loophole+ with Ethical Hacking and Penetration Testing

Thanks for showing interest in Vortex IIT Delhi & What After College (WAC) Ethical Hacking Workshop.

CYBERTRON NETWORK SOLUTIONS

Detailed Description about course module wise:

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

CRYPTUS DIPLOMA IN IT SECURITY

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Certified Ethical Hacker (CEH)

Vulnerability Assessment and Penetration Testing


If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Build Your Own Security Lab

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

INFORMATION SECURITY TRAINING CATALOG (2015)

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

A Systems Engineering Approach to Developing Cyber Security Professionals

Ethical Hacking Course Layout

Penetration Testing with Kali Linux

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Information Security. Training

Professional Penetration Testing Techniques and Vulnerability Assessment ...

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

CEH Version8 Course Outline

Course Content: Session 1. Ethics & Hacking

Securing Cisco Network Devices (SND)

Network Security Administrator

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Network Attacks and Defenses

Networking: EC Council Network Security Administrator NSA

SCP - Strategic Infrastructure Security

Certified Cyber Security Analyst VS-1160

Section 12 MUST BE COMPLETED BY: 4/22

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

RMAR Technologies Pvt. Ltd.

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

NSA/DHS CAE in IA/CD 2014 Mandatory Knowledge Unit Checklist 4 Year + Programs

Learn Ethical Hacking, Become a Pentester

2016 TÜBİTAK BİLGEM Cyber Security Institute

INFORMATION SECURITY TRAINING CATALOG (2016)

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Course Title: Course Description: Course Key Objective: Fee & Duration:

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Student Tech Security Training. ITS Security Office

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Directory and File Transfer Services. Chapter 7

Application Security Testing

Protecting Your Organisation from Targeted Cyber Intrusion

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Security. TestOut Modules

Passing PCI Compliance How to Address the Application Security Mandates

Network Access Security. Lesson 10

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE


Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

Principles of Information Assurance Syllabus

Medical Networks and Operating Systems

CDS and Clearing Limited Thapathali, Kathmandu 7 th Level (Technical) Syllabus

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Codes of Connection for Devices Connected to Newcastle University ICT Network

Introduction p. 2. Introduction to Information Security p. 1. Introduction

CS5008: Internet Computing

Network Security and Firewall 1

What is Web Security? Motivation

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Description: Objective: Attending students will learn:

Linux Network Security

information security and its Describe what drives the need for information security.

Locking down a Hitachi ID Suite server

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Network Security: A Practical Approach. Jan L. Harrington

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Certified Cyber Security Analyst VS-1160

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

CMPT 471 Networking II

Malicious Network Traffic Analysis

Fundamentals of Network Security - Theory and Practice-

Web App Security Audit Services

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Sitefinity Security and Best Practices

Chapter 15: Computer and Network Security

EC Council Certified Ethical Hacker V8

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Information Technology Career Cluster Advanced Cybersecurity Course Number:

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

VMware: Advanced Security

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Transcription:

Ethical Hacking and Information Security Duration Detailed Module Foundation of Information Security Lecture with Hands On Session: 90 Hours Elements of Information Security Introduction As technology advances, organizations increasingly depend on technology and information assets have evolved into critical components of survival. Ethical hackers are individuals who are generally hired in organizations to perform a trusted and controlled attempt to penetrate into the digital resources of the organization which includes systems, network and applications, using the same tools, thoughts and methodology adopted by malicious attackers. The goal of ethical hackers is to help organizations being proactive and take necessary measures against malicious attacks by attacking system themselves, most importantly staying within the legal limits. This activity comes from a proven practice of trying to catch a thief by thinking like a thief. Module Structure This training module introduces you to Ethical Hacking and Information Security. It presents today's most critical cyber security vulnerabilities and solutions for fixing such vulnerabilities. Information Security Supports the Mission of the Organization As an Integral Element of Sound Management Information Security Should Be Cost-Effective Responsibilities and Accountability Should Be Made Explicit Owners Have Security Responsibilities Outside Organizations Requirement of a Comprehensive and Integrated Approach Periodical Assessment of Information Security Information Security is Constrained by Societal Factors Roles and Responsibilities Senior Management Information Security Management Program and Functional Managers/Application Owners Technology Providers Supporting Functions Users Common Threats: A Brief Overview Errors and Omissions Fraud and Theft Employee Sabotage Loss of Physical and Infrastructure Support Malicious Hackers Industrial Espionage Malicious Code Foreign Government Espionage Threats to Personal Privacy

Fundamentals of Computer Networks Introduction to Computer Networks Introduction of Network and Networking Network Devices Networking Ports and Protocols o Well Known TCP and UDP Ports Routing and Switching Various Networking Aspects Assembling and Cabling of Network Devices Routing Technology o Networking Topology o Transmission Modes IP Addressing and Subnetting Machine Identification: MAC Addresses Implementing Basic Security Firewall o Stopping Malware s spread o Packet filtering o Traffic Monitoring Proxy Server OSI Reference Model: Open System Interconnection/Interface Introduction to OSI Model Layers of OSI Model o Responsibility of each layer o Protocols used for each layer o Hardware devices for each layer Reasons for Failure of OSI Model TCP/IP Model vs OSI Model Internet Connection Sharing and Bridging Setting up ICS Restricting and Limiting Network Users Concepts of Computer Virtualization Introduction to Virtual Machines and Virtualization Concept of Virtualization Need and Advantages of Virtualization Installation and Configuration Requirements o Hardware Requirements o Software Requirements Installation and Configuration Performance Optimization o Performance in a Virtualized Environment o CPU & Memory Performance o Guidelines for Resources and Access Control o Network Performance Optimization Host to Host Networking Host to LAN Networking o Storage Performance o Virtual Machine Performance o Application Performance Security Implementation Security Implementation o Fixing via Patches o Optional IDS/IPS Installation o Logging and Error Checking Troubleshooting Network Troubleshooting Memory Troubleshooting Storage Troubleshooting Data Security and Backup o Backup of Data o Backup of Virtual Machine Removing and Uninstalling of Virtual Machine

Basics of Windows Security Introduction to Windows Security Overview of Windows OS Windows File System Security Architecture in Windows o Local Security Authority o Security Account Manager o Security Reference Monitor User Account Security Password Attacks in Windows o Bruteforcing, Dictionary and Rainbow Table Attacks Account Security Strengthening o Strong Password Policy o Additional Security: Syskey Encryption o User Account Control : Parental Controls o Restricting BIOS Setup Services, Port and Protocol Security Auditing and Monitoring Network Connections Restricting Ports, Protocols and Services Windows Firewall with Advance Restrictions Data Security with Cryptography Securing Data by Using EFS and BitLocker File and Folder Permissions Alternate Data Streams Encrypting Office Documents Security Applications in Windows Auditing and Monitoring Windows Auto Startup Defending Windows via Windows Defender Policy Management with MBSA File and Folder Scanning with MSSE Basics of Unix-Linux Security Introduction to Unix-Linux Security Overview to Unix-Linux Operating System Linux File System Minimizing the Security Risks during Installation o Minimal Application Selection o Secure Partitioning o Securing GRUB User Account Security Password Attacks in Linux o Single User Mode o Bruteforcing Attack o Kernel Bypassing User Account Security Strengthening o Strong Password Policy o No GUI Login Policy for Root o GRUB Menu Protection o Restricting BIOS Setup Services, Port, Protocol Security Auditing and Monitoring Network Connections Restricting Ports, Protocols and Services Firewall with Advance Restrictions Configuring Trusted Repository Data Security with Cryptography Securing Data by Using TCFS File and Folder Permissions Encrypting Office Documents Security Applications in Linux Auditing and Monitoring CRON Checking File System Data Integrity Tripwire COPS: Computer Oracle and Password System

Introduction to Computer Malware Introduction to Computer Malware Overview Malware: Malicious Software Proliferation and Purposes Types of Malware o Virus: Vital Information Resources Under Seize o Worm: Write Once Read Multiple o Trojan Horse, Rootkit o Spyware, Keystroke Logger Virus and Worm: Infectious Malware Significance of Virus and Worm Behavioral Activity of Virus and Worm Virus and Worm Development o By Automated Tools o Coding own Viruses and Worms Trojan Horse: Concealment Overview of Trojan Trojan Attack o Direct Connection o Reverse Connection Injection in System Files Keystroke Loggers: Malware for profit Overview of Keystroke Logger User s Credentials Theft o On Spot Checking o Getting Logs on Mail Remote Installation Detection and Removal of Malware Anti Malware Tools Manual Removal of Malwares Secure Communication with Cryptography Introduction to Cryptography and Secure Communication Introduction to Secure Communication, Cryptography Unani s Cryptography: World s First Cryptography Technology Types of Cryptography o Public Key Cryptography o Private Key Cryptography Introduction to Hashing, One Way Functions and Commitment Secure Socket Layer: SSL Introduction to SSL/TLS Technology Advantage of SSL/TLS Session Management Secure Shell: SSH Overview to SSH and Key Management Security Mechanism Kerberos: The Network Authentication Protocol Description of Kerberos o User Client-based Logon o Client Authentication o Client Service Authorization o Client Service Request Drawbacks and Limitations Secure FTP: SFTP Overview of SFTP o SFTP Client o SFTP Server o SFTP Proxy Digital Signatures and Certificates Overview of Digital Signatures and Certificates Pros and Cons

Introduction to Network Security Network Security What is Security? Why security is necessary in network? Threats to Network Confidentiality o Network Reconnaissance o Network Sniffing Integrity o ARP Poisoning o DNS Spoofing Availability o Denial of Service o Distributed Denial of Service Components in Network Security Firewall o Types of Firewall Intrusion Detection System (IDS) Intrusion Prevention System (IPS) Proxy Servers Demilitarized Zone o Honey Pots Operations in Network Security Network Mapping o Ping Sweep o Network Enumeration Network Inventory Management Port Scanning Service Scanning: Vulnerable Services Packet Data Monitoring Fundamentals of Wireless LAN Security Introduction to Wireless LAN Security Technology used in Wireless LAN General security threats Overview of Wireless LAN Security Network Enumeration War Walking War Driving War Flying De-authentication Phase MAC Address Spoofing IP Address Binding Attacks on Wireless LAN Eavesdropping Sniffing Man in the Middle Attack ARP Poisoning Attack DNS Poisoning Attack Getting Access of Wireless LAN WEP Key Cracking WPA De-authentication Attacks Putting Breaks on Hackers Changing the Default Settings Cloaking the SSID MAC Filtering Static IP Configuration MAC IP Binding Increasing Security Encryption

Application Reverse Engineering Why to & What to Reverse Engineering Reverse Engineering as a Function Need and Benefits of Reverse Engineering Introduction to Assembly Language Role of Assembly Language in Reverse Engineering Concept of Debuggers and Dis-assemblers Binary Code to Assembly Code Conversion Understanding Data Flow Introduction to Address Registers and Data Registers Step Over view of Data flow Step Into view of Data flow Getting into Data Flow Monitoring CPU and Stack Flow Memory Enumeration String Extraction Software Code Changing Patch Generation Few Principles of Software Security Encryption Online Key Checking Fake Checking Points DLL Breakpoints Exploiting Computer Memory Architecture Intel x86 Architecture Introduction to Machine Language Registers Stack and Procedure Calls Storing Local Variables Calling Conventions and Stack Frames Process Memory Layout Buffer Overflow Exploitation Stack Overflow and Exploitation Terminologies o Exploit o Payload Understanding Simple Overflow o Writing a C program o Detecting the Overflow Countermeasures to Buffer Overflow Exploitation MetaSploit Framework Introduction to MSF: MetaSploit Framework MSF Installation and Configuration Getting Familiar with MSF o Using Console o Using WebGUI Client Side Exploitation with MSF MS Word Adobe PDF Reader Remote Exploitation with MSF Microsoft Windows XP NetBIOS

An Eye Opener to Cyber Social Media Security Introduction to Cyber Social Media Cyber Social Life: Now and Then Advantages of Cyber Social Life Disadvantages of Cyber Social Life Major Social Networking Providers Cyber Social Media Threats Social Engineering o Human Based Social Engineering o Computer Based Social Engineering Fake Emails Keystroke Loggers Phishing o Hidden Frames o URL Obfuscation o HTML Image Mapping Identity Theft Securing Your Cyber Social Life Awareness is the Key Email Security o Detecting Fake Emails o Creating Account Filters Online Account Security o Strong Password Setup o Designing Account Recovery Mechanism o Secure Logout o Browser Remember Password Recognizing Phishing Websites Security from Malware Google Best Friend of a Hacker Working of Google and its methodology Introduction to Crawlers, Bots Caching Process of Crawlers Various Roles of Google as a Friend of Hacker Advance Google Search Operators Hacking Tool o Significance of Google Hacking o Anonymity with Google o Using Google as a Proxy Server Directory Traversal Tool o Finding Directory Listings o Locating Specific Directories Vulnerable Website Locator o Locating via Company Tags o Locating via Web Applications o Locating via Common Names Various Attacks with the help of Google Password Harvesting Controlling CCTV Camera Tools for Google Hacking Gooscan Goolink Scanner URL Harvester

Getting Started with Web Application Security Introduction to Web Application Security Concept of Web Server and Database Server Introduction to Risk Assessment and Threat Modeling Authentication and Authorization Mechanism Session Management in Web Applications Confidentiality, Integrity and Availability Injection Based Attacks and Countermeasures SQL Injection Types of SQL Injection o Form Based o URL Based-Blind SQL Injection HTML Injection (Cross Site Scripting) XSS Types of XSS Attacks o Stored XSS or Persistent XSS o Reflected XSS or Non-Persistent XSS o DOM Based XSS Code Injection o Remote Code Execution Introduction to other Miscellaneous Web Based Attacks Google Hacking: Notice Google s Power Application Username Enumeration Web Based Brute Forcing Anonymous Web Application Crawling Insecure Cryptographic Storage Broken Authentication and Session Management Few Principles of Web Application Security Minimize Attack Surface Area Secure Defaults Principle of Least Privileges Defense in Depth Getting Familiar with Indian Cyber Law Introduction to Cyber Introduction to Cyber, Cyberspace Boundary line of Cyber and Cyberspace Cyber Law: Need of Cyber World Introduction & need of Cyber Law Jurisprudence of Cyber Law Evolution of Key Terms and Concepts No Men s Land between Legal and Illegal Cyber Crime and Criminals Introduction to Cyber Crime Nature, Mindset, Psychology of Cyber Criminal Classification of the Hackers: On the behalf of Working o Hacktivists o Black Hat Hackers o Grey Hat Hackers o White Hat Hackers Classification of Hackers: On the behalf of Knowledge o Coders o Admins o Script Kiddies Why Hackers Hack?? Indian Cyber Law Introduction to IT Act 2000 Amendment 2008 Under Umbrella of IT Act 2000 o Cyber Crimes o Electronic and Digital Signatures o Intellectual Property o Data Protection and Property Limitations of IT Act 2000

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information