This course is provided by Wintrac. Wintrac provides one stop shopping for all your IT
training needs. Wintrac’s course catalog of over two thousand courses includes courses on Security Training
Overview
Any computer user needs to know how to protect information assets and securely connect to another system over a network. Security5 certification utilizes the working knowledge a computer user possesses to achieve better efficiency in using computing resources. The certification is targeted towards today?s knowledge workers who use computing resources in their daily activities. It educates them on practical aspects of security and networking to give them an advantage over common users.
Security 5 is also for the regular home user who uses online services and payment systems. The regular user is exposed to aspects of securing financial and critical information, maintaining privacy and availing the best of computing resources available. Security5 is about empowering the knowledge worker with the information necessary to compute securely, network efficiently, and be in control of the computing environment.
Course Objectives
Security5 is an entry level certification for anyone interested in learning computer networking and security basics. The Security 5 program gives individuals basic networking literacy skills to begin high end IT programs.
Prerequisites
Basic computing skills like browsing the web and checking emails.
Target Student:
Ideal candidates for the Security 5 program are knowledge workers and anyone who wants to gain a working knowledge of networking and computer security.
Delivery Method
Instructor-led, group-paced, classroom-delivery learning.
Course duration
2 Days
Course outline
Module 1 - Penetration Testing Methodologies
?
Understand how to structure and organize security tests
?
Understand the five stages of a common penetration test attack
methodology
?
Analyze the tactical application of each phase
?
The Open Source Security Testing Methodology Manual (OSSTMM)
o
Get an overview of The Security Map and sections of the OSSTMM
o
Learn about an OSSTMM certified security test
o
Understand what is a complete and valid OSSTMM security test
o
See how the OSSTMM addresses privacy law compliance
o
Learn how the OSSTMM addresses ?Best Practices? compliance
?
The NIST Methodology
o
See an overview of the NIST Four-Stage Penetration Testing methodology
o
See escalation of privileges according to he NIST methodology
?
Learn about the course methodology
o
Learn about the methodology followed in this course
?
Learn about malicious hackers methodologies
o
Review a common malicious hacker attack methodology
o
Examine methodological variants
Module 2 - Test Planning and Scheduling
?
Estimation of Resources for the Test
o
Estimating time and cost of a test
?
Defining the test scope
o
Determination of Test Objectives
?
Technical Preparation
o
Attack network
o
Attack workstation
o
Gathering tools and exploits
o
How to manage confidential data
?
Rules of Engagement
o
Non disclosure agreement
o
Liability limitations
o
Emergency phone number
o
Know the rules of engagement as they pertain to client target
networks/systems
?
Defined Roles of the Involved Personnel
o
Review rules of engagement
o
Define test conditions
o
What should be included in rules of engagement
?
Reporting
o
Deliverables
o
Knowing what results are expected at the end of the test
o
Presentation of results
Module 3 - Information Gathering
?
Demonstrate understanding of the field of Competitive Intelligence
?
Develop skills involved in competitive intelligence gathering
?
Demonstrate understanding of Informational Vulnerabilities in depth
?
Engage in Passive network discovery techniques
o
Use advanced web resource skills to research identified targets in depth
o
Formulate a picture of network boundaries, using IP and DNS information
o
Analyze documents for potential Information Vulnerabilities
?
Information vulnerability and source of information
o
Business intelligence
o
Sales data
o
R&D data
o
Job advertising
o
Web site
o
Mailing list
o
Other sources of great interest
?
Information gathering types
o
Passive
o
Active
o
How and where to passively gather information
?
Information gathering applications
o
Dig
o
Host
o
Nslookup
o
Sam Spade
o
Registrars
o
DNSTracer
o
kartOO
o
Advanced web tricks
o
And other tools and websites
?
Controls to protect information
Module 4 - Advanced Vulnerability Analysis Penetration
Testing and Security Analysis
?
Understand the three most common present vulnerability types
o
Identify the potential impact of Information Vulnerabilities
o
Identify the risks of Network Vulnerabilities
o
Understanding the different types of System Vulnerabilities and their
impact
?
TCP overview
o
TCP protocol suite
o
ICMP, UDP, ICMP, TCP
o
Handshake
o
Tear Down
o
Port and Services
o
Flags
?
Traceroute and TCPTraceroute
?
LFT
?
Tools to probe protocols
o
Paketto Kieretsu
o
ScanRand
o
Minewt
o
Linkcat
o
Paratrace
?
Identifying targets through sweeping
o
Type of sweeps
?
Evaluating services through scanning
o
Type of scans
o
Stealth Scanning
o
Bounce Attacks
o
Reverse Ident Scanning
?
Nmap
o
How to use Nmap
?
Nessus
o
How to use Nessus
o
How to avoid problems using Nessus
o
Limitations of Nessus
?
Other scanners and tools overview
o
Retina
o
Saint
o
Hping2
o
Firewalk
o
Nikto
o
Languard
o
ISS
o
IpEye
o
Netscan Tools
o
SuperScan
o
Friendly Pinger
o
Cheops
o
SATAN
?
Advanced OS fingerprinting techniques
?
Proxy Servers
?
Sniffing
o
Tcpdump
o
Windump
o
Snort
o
Ethereal
o
Ettercap
o
Dsniff
?
Windows Tools
o
Dumpsec
o
Winfo
o
NAT
o
Netbios Enumeration Techniques
o
Userinfo
o
Getacct
o
Dumpreg
o
WinFingerprint
o
AD Enumeration
?
SNMP
o
Weaknesses
o
Snmpwalk
o
Snmpget
o
Snmpgetnext
o
SolarWinds
o
SNScan
?
Phone Phreakers
o
PBX testing
o
Modem Testing
o
WarDialing
o
Fax Security
o
PhonSweep
o
Toneloc
o
THCScan
?
Countermeasures
Module 5 - Advanced Denial of Service (DoS) Penetration
Testing and Security Analysis
?
Describe the components of a DoS attack
o
Attack Vectors
o
The Battlefield
o
DoS, DDoS, DRDoS
?
Identify the harm caused to the target system
?
Analyze the potential vulnerabilities in a system that could be exploited
by a DoS attack
?
Outline the necessary steps to test a system?s strength against a DoS
attack
?
Gathering and documenting the results
Module 6 - Advanced Password Cracking Penetration Testing
and Security Analysis
?
Demonstrate understanding how passwords work in common operating systems
o
Demonstrate knowledge of the Windows password schemes (PWL, LANMAN, NTLM,
Active Directory)
?
Demonstrate knowledge of Linux/Unix authentication mechanisms
o
Demonstrate knowledge of alternate authentication mechanisms (SASL, LDAP,
PAM, etc)
?
Demonstrate knowledge of how distributed password cracking works
o
Demonstrate knowledge of advanced password cracking attacks, such as
Rainbow Tables
? Demonstrate
ability to test strength of authentication mechanisms using
password cracking
?
Use common tools to crack Windows Passwords
? Use
several free tools to crack Linux and common Unix passwords
o
Use advanced approaches to password cracking by combining techniques and
resources to compromise the target credentials
Module 7 - Advanced Social Engineering Penetration Testing
and Security Analysis
?
Describe what Social Engineering is
o
Principles of social engineering
o
Social Engineering Tips
o
Type of social engineering attacks
?
Define the techniques used to execute Social Engineering
?
Social Engineering Goals
?
Social Engineering Rules of engagement
?
Recognize the threat of Social Engineering
?
Outline the methods by which Social Engineering is performed
o
Trusted positions enumeration
o
Trusted person testing
o
Request Testing
o
Guided Suggestions
o
Phishing
?
Security Policies
?
Gather and document the test results
Module 8 - Advanced Internal Penetration Testing and
Security Analysis
?
Review the most common platforms
?
Appraise a typical network environment
?
Outline the steps of the assessment
?
Describe the tools used for internal testing
?
Viruses and Containment Testing
o
Categorize and Identify range and function of present Viruses
o
Identify threat levels and countermeasures of various viruses
?
Define impact and points of consideration of Viruses on security testing
and analysis
o
Understand how common viruses work
o
Learn how to safely test containment
measures
o
Evaluate target networks for proper containment measures
?
Explain how vulnerabilities are discovered
?
Demonstrate knowledge of tools and techniques for enumerating specific
hosts and services
o
Employ advanced tools to fingerprint specific operating systems
o
Implement advanced port scanning techniques to further refine targeting
information
o
Employ tools like Netcat to verify service information, and eliminate
false positives
?
Learn operating system specific tools and techniques
o
Use commonly available Microsoft Resource Kits for advanced Windows
enumeration
o
Use Null-Sessions for advanced Windows enumeration
o
Use various common tools in Linux for Linux and Unix enumeration
?
Employ Automated Vulnerability Scanners
o
Understand the strengths and weaknesses of Automated Scanners
o
Using Nessus to refine target information
o
Analyzing the results given by Nessus and other Automated Scanners
?
Overview of common vulnerability scanners
o
Cerberus Internet Scanner
o
Somarsoft Hyena
o
Languard
o
Nessus
o
Saint
o
SATAN
?
Employing Exploitation for verification of Vulnerabilities: Owning the
Box
?
Understand the specifics of common classes of System Vulnerabilities
o
Understand Stack based overflows
o
Understand Format String vulnerabilities
o
Understand Heap based overflows
o
Develop and execute proof of concept Stack based overflows
o
Develop and execute proof of concept Understand Format String
vulnerabilities
o
Develop and execute proof of concept Understand Heap based overflows
?
Demonstrate understanding of aspects of an exploit, in terms of threat
agents and methods of countering such threats
?
Demonstrate ability to employ Shellcode within exploits
?
Gather and document the test results
Module 9 - Advanced External Penetration Testing and
Security Analysis
?
Describe the goals of external testing
?
Network Categories
?
Understand the challenges facing a tester in an external penetration test
?
Evaluate the potential attacks from outside of a security perimeter
?
Web Security Challenges
?
Current situation
o
Attack Trends
o
What creates those vulnerabilities
?
Understand the impact of web applications on Perimeter Security
o
Test and Analyze higher-layer applications for Network Vulnerabilities
o
Demonstrate Knowledge of common types of web application System
Vulnerabilities
o
Employ attack proxies to audit web applications
o
Employ application scanners to audit web applications
?
Anatomy of a remote exploit
?
Common Attacks
o
Network packet sniffers
o
IP spoofing
o
Password attacks
o
Distribution of sensitive internal information to external sources
o
Man-in-the-middle attacks
o
Phishing
?
Examine the methodology of external penetration testing
?
Demonstrate the tools used for external penetration testing
o
Website Crawler
o
Idle Scanning
o
Form Scalpel
o
Java Decompiler
o
Brutus AET2
o
Achilles
o
Web Proxies
?
Gather and document the results
Module 10 - Advanced Router Penetration Testing and
Security Analysis
?
Overview of routing
technologies
o
Router Security
o
Routing Protocols
?
Demonstrate knowledge of vulnerabilities in Routers
o
Understanding many Informational Vulnerabilities, as well as network
vulnerabilities present in many routers
o
Analyzing Cisco packet captures for information disclosure and cracking
Cisco passwords
?
Demonstrate knowledge of vulnerabilities in various network devices
o
Explore the role of Network Appliances such as printers and PBX's in
potential security violations
o
Using Man in the Middle Attacks to intercept secured and encrypted
traffic
?
The potential for router exploitation
o
Router Attacks
o
DDoS Attacks
o Routing
Table Attacks
o
Arp Poisoning
o
SNMP Attacks
o
Brute Force Attacks
o
BGP attacks
?
Analysis of router vulnerabilities and attacks
o
CVE
o
US-CERT
o
Packet Storm
o
Neohapsis
o
Bugtraq
o
SecurityFocus
?
Tools used for testing
?
Gathering and documenting the results
Module 11 - Advanced Firewall Penetration Testing and
Security Analysis
?
Introduction to firewalls
o What
is a Firewall
o
Commonly use Firewall
o
Personal Firewall
o
Type of Firewall
?
Technical overview of firewall systems
o
Different implementations
o
NAT
o
PAT
o
Limitations
?
Vulnerability
analysis of firewalls
o
Things a firewall cannot see
?
Penetration testing steps
?
Tools used for testing firewalls
o
Firewalk
o
Ftester
?
Gathering and documenting the results
Module 12 - Advanced Intrusion Detection Systems (IDS)
Penetration Testing and Security Analysis
?
What is Intrusion Detection?
o
The need for IDS
o
Sensor Placement
?
IDS overview
o
IDS detection methods
o
Detection Engines
?
IDS analysis challenges
o
Analysis Engines
o
Host Based Challenges
o
Network Based challenges
?
Penetration testing techniques
o
IDS Evasion Techniques
o
IDS Insertion Attack
o
IDS Fragmentation Attack
?
Tools used for IDS testing and countermeasures
o
PSAD
o
Samhain
o
Tripwire
o
Stick
o
Snot
o
AdMutate
o
Nikto
o
Apsend
o
Apsr
?
Gathering and documenting test results
Module 13 ? Advanced Wireless Penetration Testing and
Security Analysis
?
Present an overview of Wireless Security
o
Types of wireless Network
o
Technology used in WLAN
o
Access Point
o
Chipsets
?
Learn about Wireless Technologies
?
Understand the problems with WLAN security
o
Issues with WLAN Security
o
WEP security issues
o
Cisco LEAP
o
EAP
o 802.1X
o
WPA
o
TKIP
o
RADIUS
?
Examine the tools used for Wireless Networks Testing
o
Airsnort
o
WepCrack
o
Monkey-Jack
o
Kismet
?
Examine Countermeasures
Module 15 - Advanced Application Penetration Testing and
Security Analysis
?
Identify types of common applications
o
Common Applications used
?
Outline the technology of the applications
o
Mobile code
o
OLE
o
DCOM
o
ActiveX
o
JAVA
o
CGI
?
Detect the vulnerabilities in the applications
o
Buffer Overflow
o
Stack Overflow
o
Format Strings
o
Vulnerable functions
?
Examine the techniques of penetration testing
o
Reverse Engineering
o
Spoofing Authentication
o
Intercepting Data
o
Modifying input
o
CSS/XSS
?
Describe the tools employed in testing the applications
o
Modifying source of pages
o
Intercepting and modifying requests
o
GDB
o
Metasploit
o
CANVAS
o
CORE Impact
o
NIKTO
o
SQLDict
o
SQLbf
o
SQLexec
o
SQLSmack
?
Discover and analyze Web Application System Vulnerabilities
o
Use SQL-Injection attacks against target servers to retrieve database
information
o
Test for Cross-Site Scripting vulnerabilities
o
Use automated scanners, such as Nikto, for web application testing
?
Document the results of the testing
Module 15 - Advanced Physical Security Penetration Testing
and Security Analysis
?
Identify the goal of physical security
o
The four security processes
o
Component of physical security
o
Threats to physical security
?
Recognize the potential vulnerabilities of an organization with poor
physical security
o
Piggybacking
o
Perimeter compromise
o
Stolen Equipment
o
Bypassing system security mechanisms
o
Social Engineering
?
Analyze the potential attacks against the physical environment
?
Intrusion Detection systems
?
Types of locks and their features
?
Point out recommended safeguards to these attacks
o
Access Control
o
Equipment anti-theft devices
o
Restricted zones
o
Security Policies
o
Guards
o
Awareness, Training, and Education
?
Document the test results
Module 16 - Reporting and Documentation
?
Learn the basics of report writing
o
Major Stages of report writing
?
Understand the requirements of the report
o
Report types
o
Focus of the report
?
Review different report writing options
o
Online DB
o
Spreadsheet
o
Using Template
o
Using a tree
o
Free Flow document
?
Outline reporting tips
o
Do a report workshop
o
Questionable areas, how to address them
?
Describe the reporting consultation
|
