Analyze. Secure. Defend. Do you hold ECSA credential?

Similar documents
Hackers are here. Where are you?

Hackers are here. Where are you?

EC-Council Certified Security Analyst (ECSA)

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

EC-Council. Certified Ethical Hacker. Program Brochure

EC-Council C E. Hacking Technology. v8 Certified Ethical Hacker

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

EC Council Certified Ethical Hacker V8

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Course Title: Penetration Testing: Security Analysis

EC-Council. Program Brochure. EC-Council. Page 1

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

InfoSec Academy Pen Testing & Hacking Track

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Penetration testing & Ethical Hacking. Security Week 2014

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Information Security Services

CyberNEXS Global Services

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Course Title: Penetration Testing: Network & Perimeter Testing

Course Title: Penetration Testing: Network Threat Testing, 1st Edition

Detailed Description about course module wise:

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

How To Prevent Hacker Attacks With Network Behavior Analysis

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

CRYPTUS DIPLOMA IN IT SECURITY

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Course Title: Penetration Testing: Communication Media Testing, 1st Edition

CYBERTRON NETWORK SOLUTIONS

NETWORK PENETRATION TESTING

Access FedVTE online at: fedvte.usalearning.gov

Certified Security Analyst

An Introduction to Network Vulnerability Testing

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

Training Course ECSA/LPT

Certified Ethical Hacker (CEH)

Pension Benefit Guaranty Corporation. Office of Inspector General. Evaluation Report. Penetration Testing An Update

GFI White Paper PCI-DSS compliance and GFI Software products

WHITE PAPER. An Introduction to Network- Vulnerability Testing

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

Presented by Evan Sylvester, CISSP

Networking: EC Council Network Security Administrator NSA

Goals. Understanding security testing

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015

M2M Series Routers. Port Forwarding / DMZ Setup

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Computer Network Engineering

IDS and Penetration Testing Lab ISA 674

Introduction to Cyber Security / Information Security

[CEH]: Ethical Hacking and Countermeasures

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Developing Network Security Strategies

Technical Testing. Network Testing DATA SHEET

A Decision Maker s Guide to Securing an IT Infrastructure

Footprinting and Reconnaissance Tools

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

AUTOMATED PENETRATION TESTING PRODUCTS

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

CAST Center for Advanced Security Training

Information Security Assessment and Testing Services RFQ # Questions and Answers September 8, 2014

Designing and Implementing a Server Infrastructure

ICANWK406A Install, configure and test network security

How To Pass The Information And Network Security Certificate

PCI-DSS Penetration Testing

13 Ways Through A Firewall

How To Protect Your Network From Attack From A Hacker On A University Server

Certified Penetration. Testing Consultant (CPTC)

InfoSec Academy Application & Secure Code Track

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Network Segmentation

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Information Technology Security Review April 16, 2012

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

LINUX / INFORMATION SECURITY

Penetration Testing. Presented by

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

CNS-301-3I ~ Citrix NetScaler 11 Advanced Implementation

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Information Systems Security Certificate Program

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

Network Incident Report

Penetration Testing. University of Sunderland CSEM02 Harry R Erwin, PhD

Transcription:

1 Analyze. Secure. Defend. Do you hold ECSA credential? TM E C S A EC-Council Certified Security Analyst

1 EC-Council Cyber Security Professional Path Threat Agent Application of Methodology So You Can Do It?...Prove It TM C E H Certified Ethical Hacker TM E C S A L P T EC-Council Certified Security Analyst Licensed Penetration Tester TM Discover and Exploit Vulnerabilities CORE Penetration Testing Framework EXPERT Report Writing and Ethics MASTER

6 (ECSA)

2 What is the EC-Council Security Analyst program? You are an ethical hacker. In fact, you are a Certified Ethical Hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep. You have sufficient knowledge and an arsenal of hacking tools and you are also proficient in writing custom hacking code. Is that enough? Can you become an industry accepted security professional? Will organizations hire you to help them protect their systems? Do you have any knowledge in applying a suitable methodology to conduct a penetration test for an enterprise client? Do you have any experience writing a custom penetration testing report? More importantly, do you have a globally recognized certification that can verify your penetration testing capabilities? If you are the person above, what you may be lacking is the knowledge and experience to execute a successful penetration test according to accepted industry standards. The ECSA is a security credential like no other! The ECSA course provides you with a real world hands-on penetration testing experience and is a globally accepted hacking and penetration testing class available that covers the testing of modern infrastructures, operating systems and application environments while teaching the students how to document and write a penetration testing report. The ECSA program takes the tools and techniques you learned in the Certified Ethical Hacker course (CEH) and elevates your ability into full exploitation by teaching you how to apply the skills learned in CEH by utilizing EC-Council s published penetration testing methodologies. It is a highly interactive, comprehensive, standards-based and methodology intensive 5-day security training program 5-day which teaches information security professionals to conduct real life penetration tests. This course is part of the Information Security Track of EC-Council. This is a Professional level course, with the Certified Ethical Hacker being the Core and the Licensed Penetration Tester being the Master level certification.

3 The Cyber Range ilabs As the ECSA course is a fully hands-on program, the exercises cover real world scenario. By practicing the skills that are provided to you in the ECSA class, we are able to bring you up to speed with the latest threats that organizations may be vulnerable to. ECSA Class This can be achieved with the EC-Council Cyber Range ilabs. It allows you to dynamically access a host of Virtual Machines preconfigured with vulnerabilities, exploits, tools, and scripts from anywhere with an internet connection. Our web portal enables you to launch an entire range of target machines and access them remotely with one simple click. It is the most cost effective and easy to use live range lab solution available. 24x7 With ilabs, lab exercises can be accessed 24x7, allowing the student to practice skills in a safe and fully functional network anytime it is convenient. Our guided step-by-step labs include exercises with detailed tasks, supporting tools, and additional materials as well as our state-of-the-art Open Environment allowing you to launch a complete live range open for any form of hacking or testing. I Class Available target machines are completely virtualized, allowing you to control and reset machines quickly and easily with no required instructor or administrative interaction.

4 What s New in ECSA V9? Skills Based Competency The ECSAV9 penetration testing course is designed to enhance the skills based competency of a penetration tester. This course is intensively hands-on and a tremendous amount of emphasis is placed on the practical competency of the student. Unlike the previous version of ECSA exam, in the new ECSAv9, a student will only be allowed to challenge the ECSA exam after meeting certain eligibility requirements. To become eligible, a student must conduct a detailed penetration test through the EC-Council Cyber Range ilabs environment and submit a written report via EC-Council s ASPEN system. Only candidates that successfully complete the penetration test in the Cyber Range ilabs environment are allowed to challenge the ECSA exam. You will conduct a penetration test on a company that has various departments, subnets and servers, and multiple operating systems with defense mechanisms architecture that has both militarized and non-militarized zones. The design of the course is such that the instructor in the class will actually take you through the core concepts of conducting a penetration test based on EC-Council s published penetration testing methdology and guide you through the report writing process for this organization.

95 WHO IS IT FOR? Who Should Attend Ethical Hackers, Penetration Testers, Network Server Administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment Professionals. Duration 5 days (9:00-5:00) certification Certification Exam The ECSA exam aims to test a candidate s knowledge and application of critical penetration testing methodologies. To be eligible to attempt the exam, candidates are required to perform real-world penetration testing over EC-Council s secure cyber range and to produce a penetration test report that clearly documents the vulnerabilities found. This report will be graded by our professionals. Candidates that successfully submit an acceptable report will proceed on to a multiple-choice exam that tests a candidate s knowledge. Candidates that successfully pass the multiple-choice exam will be awarded the ECSA credential.

10 6 What is the Outline of ECSA? Core Modules 1. Security Analysis and Penetration Testing Methodologies 2. TCP IP Packet Analysis 3. Pre-penetration Testing Steps 4. Information Gathering Methodology 5. Vulnerability Analysis 6. External Network Penetration Testing Methodology 7. Internal Network Penetration Testing Methodology 8. Firewall Penetration Testing Methodology 9. IDS Penetration Testing Methodology 10. Web Application Penetration Testing Methodology 11. SQL Penetration Testing Methodology 12. Database Penetration Testing Methodology 13. Wireless Network Penetration Testing Methodology 14. Mobile Devices Penetration Testing Methodology 15. Cloud Penetration Testing Methodology 16. Report Writing and Post Test Actions

11 7 Self-Study Modules 1. Password Cracking Penetration Testing 2. Router and Switches Penetration Testing 3. Denial-of-Service Penetration Testing 4. Stolen Laptop, PDAs and Cell Phones Penetration Testing 5. Source Code Penetration Testing 6. Physical Security Penetration Testing 7. Surveillance Camera Penetration Testing 8. VoIP Penetration Testing 9. VPN Penetration Testing 10. Virtual Machine Penetration Testing 11. War Dialing 12. Virus and Trojan Detection 13. Log Management Penetration Testing 14. File Integrity Checking 15. Telecommunication and Broadband Communication Penetration Testing 16. Email Security Penetration Testing 17. Security Patches Penetration Testing 18. Data Leakage Penetration Testing 19. SAP Penetration Testing 20. Standards and Compliance 21. Information System Security Principles 22. Information System Incident Handling and Response 23. Information System Auditing and Certification Note: Self-study modules are available in ASPEN portal

8 GET CERTIFIED ECSA v9 Exam Information Candidates that submit reports to the required standards will be provided with exam vouchers for the multiple-choice ECSA v9 exam. Multiple-choice exams are proctored online through the EC-Council Exam portal: Credit Towards Certification: ECSA v9 Number of Questions: 150 Passing Score: 70% Test Duration: 4 hours What Will You Do The ECSA ASSESSMENT The course comprises of 2 sets of lab challenges. Both are on the EC- Council ilabs Cyber Range. The first set covers practise labs for each module. In all, there are 45 such labs in total. The other is a Challenge Scenario which mimics an actual penetration test in an imaginary financial service company. As a pre-requisite, you will be required to actually complete a penetration testing activity and submit a report to EC-Council before you will be allowed to attempt the ECSA V9 Exam. The Challenge Scenario Brian works as a personal loan manager at FNB Financial Services which is a large multinational consulting corporation, headquartered in Atlanta, U.S.A. FNB specializes in personal, home equity, and debt consolidation loans around the world. Brian has been a trusted foot soldier for his organization for over a decade and is reeled in to handle only high-profile cases. Since Brian mostly telecommutes with his overseas clientele, he relies heavily on the network infrastructure of his organization. Infrastructure Available to Brian Like any large organization, FNB s internal network consists of several subnets housing various organizational units. The front office is connected to a separate subnet which connects to the company s public-facing computers. The company has installed various kiosks to help customers understand their product and services. The front office also has a Wi-Fi connectivity to cater users who carry their own smartphones and laptops. The FNB s internal network is made up of Militarized and Demilitarized Zones connected with a huge pool of database servers in Database Zone. As a security precaution, and by design, all the internal resource zones are configured with different subnet IPs. The militarized zone houses the application servers that provide application frameworks for various departments of the organization.

9 The Demilitarized Zone contains public facing systems of the organization such as web and mail servers. FNB headquarters network topology and protocols are replicated around the world in all its satellite offices for easy communication with the headquarters. Brian s Predicament Brian is all set to present a loan consolidation plan to one of his biggest client from Japan. Mr. Takamashi, client s representative, has agreed for a video conference to go over and discuss Brian s proposal. Half an hour before the call, Brian switches on his laptop which is connected to the company s Wi-Fi and LAN, to make last minute tweaks in his proposal. To his horror he finds all his files gone. The hard drive of his laptop had been wiped clean with just one file sitting in there titled, Gothcha! Brian obviously had to postpone his call with the client which he knew did not go down well. He called the network admin of FNB to take a look at his computer. To his surprise the network admin informed him that this was something that employees of FNB were facing throughout the world. Computers of FNB employees around the world were systematically being victimized by rampant hacking. The hacking was not only widespread, but was being executed so flawlessly that the attackers, after compromising a system, stole everything of value and completely erased their tracks within 20 minutes. Brian immediately brought this to the notice of the top management. Understandably they were concerned about their network and the reputation of their organization. The sheer volume of systems hacked was an alarming revelation for them. The management has decided to seek the service of a penetration tester or security auditor to audit their networks for security vulnerabilities in order to avoid future attacks. FNB has identified you as a third-party penetration tester to perform the pen testing of their information infrastructure. Your challenge is to perform a thorough pen test so that people like Brian don t have to cancel their business calls in future.

22 EC-Council 101 C Sun Ave NE Albuquerque, NM 87109 http://www.eccouncil.org Email: ecsaexam@eccouncil.org

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information