EC Council Security Analyst (ECSA)



Similar documents
Certified Ethical Hacker (CEH)

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

CYBERTRON NETWORK SOLUTIONS

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Demystifying Penetration Testing

Linux Network Security

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

ETHICAL HACKING. By REAL TIME FACULTY

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Vulnerability Assessment and Penetration Testing

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Certified Penetration Testing Specialist

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Networking: EC Council Network Security Administrator NSA

CEH Version8 Course Outline

Build Your Own Security Lab

CRYPTUS DIPLOMA IN IT SECURITY

Certified Ethical Hacker Exam Version Comparison. Version Comparison

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:


Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

EC Council Certified Ethical Hacker V8

Client logo placeholder XXX REPORT. Page 1 of 37

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

An Introduction to Network Vulnerability Testing

Course Title: Penetration Testing: Security Analysis

SONDRA SCHNEIDER JOHN NUNES

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Penetration Testing with Kali Linux

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

Penetration Testing 2014

Securing Cisco Network Devices (SND)

Audience. Pre-Requisites

[CEH]: Ethical Hacking and Countermeasures

Assessing Network Security

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

ANTI-HACKER TOOL KIT. ourth Edition

McAfee Certified Assessment Specialist Network

Kerem Kocaer 2010/04/14

Information Security. Training

Security of IPv6 and DNSSEC for penetration testers

Web App Security Audit Services

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

NETWORK PENETRATION TESTING

Learn Ethical Hacking, Become a Pentester

Network Penetration Testing

Some Tools for Computer Security Incident Response Team (CSIRT)

Ethical Hacking and Countermeasures 5.0 Course ECEH5.0 5 Days COURSE OVERVIEW AUDIENCE OBJECTIVES OUTLINE

Certified Penetration Testing Engineer

Detailed Description about course module wise:

Vinny Hoxha Vinny Hoxha 12/08/2009

CIT 380: Securing Computer Systems

CS5008: Internet Computing

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

nmap, nessus, and snort Vulnerability Analysis & Intrusion Detection

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

information security and its Describe what drives the need for information security.

Conducting a Penetration Test/Vulnerability Analysis to Improve an Organization s Information Security Posture

Certified Penetration Testing Specialist

Ethical Hacking v7 40 H.

Course Title: Penetration Testing: Communication Media Testing, 1st Edition

WHITE PAPER. An Introduction to Network- Vulnerability Testing

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Ethical Hacking Course Layout

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Security Testing Summary of Next-Generation Enterprise VoIP Solution: Unify Inc. OpenScape SBC V8

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

IPv6 Capable Security Assessment / Penetration Testing Tools

Healthcare Information Security Governance and Public Safety II

PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN. Final. Version 1.0

CERTIFIED PENETRATION TESTING CONSULTANT

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Sample Report. Security Test Plan. Prepared by Security Innovation

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Open Source Security Tool Overview

Understanding Security Testing

Security Considerations White Paper for Cisco Smart Storage 1

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

How To Classify A Dnet Attack

!!!!!!!!!!!!!!!!!!!!!!

Rapid Vulnerability Assessment Report

Transcription:

EC Council Security Analyst (ECSA) Course ID SEC190 Course Description Any computer user needs to know how to protect information assets and securely connect to another system over a network. Security5 certification utilizes the working knowledge a computer user possesses to achieve better efficiency in using computing resources. The certification is targeted towards today s knowledge workers who use computing resources in their daily activities. It educates them on practical aspects of security and networking to give them an advantage over common users. Security 5 is also for the regular home user who uses online services and payment systems. The regular user is exposed to aspects of securing financial and critical information, maintaining privacy and availing the best of computing resources available. Security5 is about empowering the knowledge worker with the information necessary to compute securely, network efficiently, and be in control of the computing environment. Prerequisites Basic computing skills like browsing the web and checking emails. Audience Ideal candidates for the Security 5 program are knowledge workers and anyone who wants to gain a working knowledge of networking and computer security. Duration 2 day Course Content Penetration Testing Methodologies Understand how to structure and organize security tests Understand the five stages of a common penetration test attack methodology Analyze the tactical application of each phase The Open Source Security Testing Methodology Manual (OSSTMM) Get an overview of The Security Map and sections of the OSSTMM Learn about an OSSTMM certified security test Understand what is a complete and valid OSSTMM security test See how the OSSTMM addresses privacy law compliance Learn how the OSSTMM addresses?best Practices? compliance The NIST Methodology

See an overview of the NIST Four-Stage Penetration Testing methodology See escalation of privileges according to he NIST methodology Learn about the course methodology Learn about the methodology followed in this course Learn about malicious hackers methodologies Review a common malicious hacker attack methodology Examine methodological variants Test Planning and Scheduling Estimation of Resources for the Test Estimating time and cost of a test Defining the test scope Determination of Test Objectives Technical Preparation Attack network Attack workstation Gathering tools and exploits How to manage confidential data Rules of Engagement Non disclosure agreement Liability limitations Emergency phone number Know the rules of engagement as they pertain to client target networks/systems Defined Roles of the Involved Personnel Review rules of engagement Define test conditions What should be included in rules of engagement Reporting Deliverables Knowing what results are expected at the end of the test Presentation of results Information Gathering Demonstrate understanding of the field of Competitive Intelligence Develop skills involved in competitive intelligence gathering Demonstrate understanding of Informational Vulnerabilities in depth Engage in Passive network discovery techniques Use advanced web resource skills to research identified targets in depth

Formulate a picture of network boundaries, using IP and DNS information Analyze documents for potential Information Vulnerabilities Information vulnerability and source of information Business intelligence Sales data R&D data Job advertising Web site Mailing list Other sources of great interest Information gathering types Passive Active How and where to passively gather information Information gathering applications Dig Host Nslookup Sam Spade Registrars DNSTracer kartoo Advanced web tricks And other tools and websites Controls to protect information Advanced Vulnerability Analysis Penetration Testing and Security Analysis Understand the three most common present vulnerability types Identify the potential impact of Information Vulnerabilities Identify the risks of Network Vulnerabilities Understanding the different types of System Vulnerabilities and their impact TCP overview TCP protocol suite ICMP, UDP, ICMP, TCP Handshake Tear Down Port and Services Flags

Traceroute and TCPTraceroute LFT Tools to probe protocols Paketto Kieretsu ScanRand Minewt Linkcat Paratrace Identifying targets through sweeping Type of sweeps Evaluating services through scanning Type of scans Stealth Scanning Bounce Attacks Reverse Ident Scanning Nmap How to use Nmap Nessus How to use Nessus How to avoid problems using Nessus Limitations of Nessus Other scanners and tools overview Retina Saint Hping2 Firewalk Nikto Languard ISS IpEye Netscan Tools SuperScan Friendly Pinger Cheops SATAN Advanced OS fingerprinting techniques Proxy Servers

Sniffing Tcpdump Windump Snort Ethereal Ettercap Dsniff Windows Tools Dumpsec Winfo NAT Netbios Enumeration Techniques Userinfo Getacct Dumpreg WinFingerprint AD Enumeration SNMP Weaknesses Snmpwalk Snmpget Snmpgetnext SolarWinds SNScan Phone Phreakers PBX testing Modem Testing WarDialing Fax Security PhonSweep Toneloc THCScan Countermeasures Advanced Denial of Service (DoS) Penetration Testing and Security Analysis Describe the components of a DoS attack Attack Vectors The Battlefield

DoS, DDoS, DRDoS Identify the harm caused to the target system Analyze the potential vulnerabilities in a system that could be exploited by a DoS attack Outline the necessary steps to test a system?s strength against a DoS attack Gathering and documenting the results Advanced Password Cracking Penetration Testing and Security Analysis Demonstrate understanding how passwords work in common operating systems Demonstrate knowledge of the Windows password schemes (PWL, LANMAN, NTLM, Active Directory) Demonstrate knowledge of Linux/Unix authentication mechanisms Demonstrate knowledge of alternate authentication mechanisms (SASL, LDAP, PAM, etc) Demonstrate knowledge of how distributed password cracking works Demonstrate knowledge of advanced password cracking attacks, such as Rainbow Tables Demonstrate ability to test strength of authentication mechanisms using password cracking Use common tools to crack Windows Passwords Use several free tools to crack Linux and common Unix passwords Use advanced approaches to password cracking by combining techniques and resources to compromise the target credentials Advanced Social Engineering Penetration Testing and Security Analysis Describe what Social Engineering is Principles of social engineering Social Engineering Tips Type of social engineering attacks Define the techniques used to execute Social Engineering Social Engineering Goals Social Engineering Rules of engagement Recognize the threat of Social Engineering Outline the methods by which Social Engineering is performed Trusted positions enumeration Trusted person testing Request Testing Guided Suggestions Phishing

Security Policies Gather and document the test results Advanced Internal Penetration Testing and Security Analysis Review the most common platforms Appraise a typical network environment Outline the steps of the assessment Describe the tools used for internal testing Viruses and Containment Testing Categorize and Identify range and function of present Viruses Identify threat levels and countermeasures of various viruses Define impact and points of consideration of Viruses on security testing and analysis Understand how common viruses work Learn how to safely test containment measures Evaluate target networks for proper containment measures Explain how vulnerabilities are discovered Demonstrate knowledge of tools and techniques for enumerating specific hosts and services Employ advanced tools to fingerprint specific operating systems Implement advanced port scanning techniques to further refine targeting information Employ tools like Netcat to verify service information, and eliminate false positives Learn operating system specific tools and techniques Use commonly available Microsoft Resource Kits for advanced Windows enumeration Use Null-Sessions for advanced Windows enumeration Use various common tools in Linux for Linux and Unix enumeration Employ Automated Vulnerability Scanners Understand the strengths and weaknesses of Automated Scanners Using Nessus to refine target information Analyzing the results given by Nessus and other Automated Scanners Overview of common vulnerability scanners Cerberus Internet Scanner Somarsoft Hyena Languard Nessus Saint SATAN Employing Exploitation for verification of Vulnerabilities: Owning the Box Understand the specifics of common classes of System Vulnerabilities

Understand Stack based overflows Understand Format String vulnerabilities Understand Heap based overflows Develop and execute proof of concept Stack based overflows Develop and execute proof of concept Understand Format String vulnerabilities Develop and execute proof of concept Understand Heap based overflows Demonstrate understanding of aspects of an exploit, in terms of threat agents and methods of countering such threats Demonstrate ability to employ Shellcode within exploits Gather and document the test results Advanced External Penetration Testing and Security Analysis Describe the goals of external testing Network Categories Understand the challenges facing a tester in an external penetration test Evaluate the potential attacks from outside of a security perimeter Web Security Challenges Current situation Attack Trends What creates those vulnerabilities Understand the impact of web applications on Perimeter Security Test and Analyze higher-layer applications for Network Vulnerabilities Demonstrate Knowledge of common types of web application System Vulnerabilities Employ attack proxies to audit web applications Employ application scanners to audit web applications Anatomy of a remote exploit Common Attacks Network packet sniffers IP spoofing Password attacks Distribution of sensitive internal information to external sources Man-in-the-middle attacks Phishing Examine the methodology of external penetration testing Demonstrate the tools used for external penetration testing Website Crawler Idle Scanning Form Scalpel

Java Decompiler Brutus AET2 Achilles Web Proxies Gather and document the results Advanced Router Penetration Testing and Security Analysis Overview of routing technologies Router Security Routing Protocols Demonstrate knowledge of vulnerabilities in Routers Understanding many Informational Vulnerabilities, as well as network vulnerabilities present in many routers Analyzing Cisco packet captures for information disclosure and cracking Cisco passwords Demonstrate knowledge of vulnerabilities in various network devices Explore the role of Network Appliances such as printers and PBX's in potential security violations Using Man in the Middle Attacks to intercept secured and encrypted traffic The potential for router exploitation Router Attacks DDoS Attacks Routing Table Attacks Arp Poisoning SNMP Attacks Brute Force Attacks BGP attacks Analysis of router vulnerabilities and attacks CVE US-CERT Packet Storm Neohapsis Bugtraq SecurityFocus Tools used for testing Gathering and documenting the results

Advanced Firewall Penetration Testing and Security Analysis Introduction to firewalls What is a Firewall Commonly use Firewall Personal Firewall Type of Firewall Technical overview of firewall systems Different implementations NAT PAT Limitations Vulnerability analysis of firewalls Things a firewall cannot see Penetration testing steps Tools used for testing firewalls Firewalk Ftester Gathering and documenting the results Advanced Intrusion Detection Systems (IDS) Penetration Testing and Security Analysis What is Intrusion Detection? The need for IDS Sensor Placement IDS overview IDS detection methods Detection Engines IDS analysis challenges Analysis Engines Host Based Challenges Network Based challenges Penetration testing techniques IDS Evasion Techniques IDS Insertion Attack IDS Fragmentation Attack Tools used for IDS testing and countermeasures PSAD Samhain Tripwire

Stick Snot AdMutate Nikto Apsend Apsr Gathering and documenting test results Advanced Wireless Penetration Testing and Security Analysis Present an overview of Wireless Security Types of wireless Network Technology used in WLAN Access Point Chipsets Learn about Wireless Technologies Understand the problems with WLAN security Issues with WLAN Security WEP security issues Cisco LEAP EAP 802.1X WPA TKIP RADIUS Examine the tools used for Wireless Networks Testing Airsnort WepCrack Monkey-Jack Kismet Examine Countermeasures Advanced Application Penetration Testing and Security Analysis Identify types of common applications Common Applications used Outline the technology of the applications Mobile code OLE DCOM

ActiveX JAVA CGI Detect the vulnerabilities in the applications Buffer Overflow Stack Overflow Format Strings Vulnerable functions Examine the techniques of penetration testing Reverse Engineering Spoofing Authentication Intercepting Data Modifying input CSS/XSS Describe the tools employed in testing the applications Modifying source of pages Intercepting and modifying requests GDB Metasploit CANVAS CORE Impact NIKTO SQLDict SQLbf SQLexec SQLSmack Discover and analyze Web Application System Vulnerabilities Use SQL-Injection attacks against target servers to retrieve database information Test for Cross-Site Scripting vulnerabilities Use automated scanners, such as Nikto, for web application testing Document the results of the testing Advanced Physical Security Penetration Testing and Security Analysis Identify the goal of physical security The four security processes Component of physical security Threats to physical security Recognize the potential vulnerabilities of an organization with poor physical security

Piggybacking Perimeter compromise Stolen Equipment Bypassing system security mechanisms Social Engineering Analyze the potential attacks against the physical environment Intrusion Detection systems Types of locks and their features Point out recommended safeguards to these attacks Access Control Equipment anti-theft devices Restricted zones Security Policies Guards Awareness, Training, and Education Document the test results Reporting and Documentation Learn the basics of report writing Major Stages of report writing Understand the requirements of the report Report types Focus of the report Review different report writing options Online DB Spreadsheet Using Template Using a tree Free Flow document Outline reporting tips Do a report workshop Questionable areas, how to address them Describe the reporting consultation

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information