Certified Security Analyst
Course IDECC200
Course Description
The EC–Council Certified Security Analyst (ECSA) program is a comprehensive, standards-based, methodology intensive training program which teaches information security professionals to conduct real life penetration tests by utilizing EC-Council’s published penetration testing methodology.
The ECSA Program is a 5-day complete hands-on training program. This Penetration Testing training course uses real-time scenarios to train students in penetration testing methodologies. EC-Council’s Certified Security Analyst (ECSA) course will help you master a documented
penetration testing methodology that is repeatable and that can be used in a penetration testing engagement, globally.
Prerequisites
• There are no prerequisites for this course
Audience
Network server administrators, firewall administrators, information security analysts, system administrators, and risk assessment professionals all benefit from the ECSA program.
Duration
Course Content
Need for Security Analysis
Information Security Measures
Risk Analysis
Hardening Security
Security Policies
Sample Policies
Information Security Standards
Information Security Acts and Laws
TCP/IP Packet Analysis Introduction to TCP/IP
TCP/IP Connection
Introduction to IPv6
TCP/IP Security
Internet Control Message Protocol (ICMP)
TCP/IP in Mobile Communications
Penetration Testing Methodologies Introduction to Penetration Testing
Types of Penetration Testing
Penetration Testing Methodology
Pen Test Strategies
Ethics of a Licensed Penetration Tester
Customers and Legal Agreements
Why Do Organizations Need Pen Testing?
Penetration Testing ‘Rules of Behavior’
Legal Issues in Penetration Testing
Penetration Testing Contract
Rules of Engagement
Rules of Engagement (ROE)
Steps for Framing ROE
Clauses in ROE
Penetration Testing Planning and Scheduling Test Plan and Its Purpose
Content of a Test Plan
Building a Penetration Test Plan
Test Plan Identifier
Test Deliverables
Penetration Testing Planning Phase
Internal Employees
Penetration Testing Teams
Tiger Team
Meeting with the Client
Contents of a Pen Testing Project Plan
Work Breakdown Structure or Task List
Penetration Testing Schedule
Penetration Testing Hardware/Software Requirements
Pre-penetration Testing Steps Information Gathering
Information Gathering Terminologies
Information Gathering Steps
Tools to Extract Company’s Data
Search Telephone Numbers Using http://www.thephonebook.bt.com
Geographical Location Search Using Google Earth
People Search Online Services
Link Popularity Search Online Services
Competitive Intelligence
Price Comparison Services
DNS Interrogation Tools
Domain Research Tool (DRT)
DNS Interrogation Tools
DNS Interrogation Online Tools
Traceroute Analysis
Website Mirroring Tools
Email Tracking Tools
GHDB Screenshot
Vulnerability Analysis Why Assessment
Vulnerability Classification
Types of Vulnerability Assessment
How to Conduct a Vulnerability Assessment
How to Obtain a High Quality Vulnerability Assessment
Vulnerability Assessment
Timeline
External Penetration Testing
External Intrusion Test and Analysis
Client Benefits
External Penetration Testing
Traffic Sniffing and Analysis Tool: Tstat
WHOIS Lookup Tools
Common Ports List
Scanning Tools
Hping2 IPID Example
Look for Invalid Ranges in Input Fields
Attempt Escape Character Injection
Examine Server Side Includes (SSI)
Recommendations to Protect Your System from External Threats
Internal Network Penetration Testing Internal Testing
Steps for Internal Network Penetration Testing
Sniffer Tools
Copying Commands in Knoppix
Microsoft Diagnostics and Recovery Toolset (DART)
Reset the Administrator’s Password
Keyloggers and Spy Softwares
WinMend Folder Hidden
Whitespace Steganography
Vulnerability Scanning Tools
Firewall Penetration Testing Firewall Overview
Packet Filtering
Firewall Logging Functionality
Periodic Review of Information Security Policies
Firewall Implementation
Build a Firewall Ruleset
Maintenance and Management of Firewall
Hardware Firewall
Software Firewall
Types of Firewalls
Firewall Penetration Testing Tools
Firewall Identification
IDS Penetration Testing Introduction to IDS
Application-based IDS
Multi-Layer Intrusion Detection Systems
Wireless Intrusion Detection Systems (WIDSs)
Common Techniques Used to Evade IDS Systems
IDS Penetration Testing Steps
Packet Fragmentation
TCP Flags
Password Cracking Penetration Testing Password LM Authentication NTLM Authentication Kerberos Authentication LM, NTLMv1, and NTLMv2 People Search
Dictionary Maker Tool: Word List Compiler
Packet Sniffing Tools
Man-in-the-Middle Attack Using Ettercap
Elcomsoft Distributed Password Recovery
Password Cracking Tools
Keyloggers
Social Engineering Penetration Testing Social Engineering Pen Testing
Impact of Social Engineering on the Organization
Common Targets of Social Engineering
Requirements of Social Engineering
Steps in Conducting Social Engineering Penetration Test
Steps for Dumpster Diving
Accomplice
Identity Theft
Satellite Picture of a Organization
Telephone Recorders and Call Recorders
Vehicle/Asset Tracking System Examples
Spy Gadgets
Web Application Penetration Testing Introduction to Web Applications
Web Application Components
Web App Pen Testing Phases
Connection String Injection
Connection String Parameter Pollution (CSPP) Attacks
Connection Pool DoS
Web Services
Web Services XML Poisoning
SOAP Injection
SQL Penetration Testing
Introduction to SQL Injection
SQL Injection Attacks
SQL Injection Penetration Testing Steps
Blind SQL Injection Attack
Best Practices to Prevent SQL Injection
Penetration Testing Reports and Post Testing Actions Penetration Testing Deliverables
Writing Pen Testing Report
Collect and document the information
Pen Testing Report Format
Result Analysis
Post Testing Actions
Report Retention
Router and Switches Penetration Testing Router Testing Issues
Test for HTTP Configuration Vulnerabilities in Cisco Routers
Analyze the Router Configuration
Need for Router Testing
General Requirements
Technical Requirements
Steps for Router Penetration Testing
The Process to Get Access to the Router
Privileged Mode Attacks
SNMP “Community String”
TFTP Testing
Router Testing Report
Penetration Testing Steps for Switches
Recommendations for Router and Switches Penetration Testing
Wireless Network Penetration Testing Wireless Penetration Testing
Wireless Security Threats
Wi-Fi Discovery Tools
Active Wireless Scanner: inSSIDer
Wireless Packet Sniffers
Wi-Fi Jamming Devices
WEP Cracking Tool
WPA Brute Forcing Using Cain & Abel
WPA-PSK Cracking Tool: Elcomsoft Wireless Security Auditor
Wireless Penetration Testing Tools
Denial-of-Service Penetration Testing Distributed Denial-of-Service Attack
How Do Distributed Denial-of-Service Attacks Work?
How to Conduct DoS Penetration Testing
Recommendations to Prevent Denial of Service
Stolen Laptop, PDAs, and Cell Phones Penetration Testing Stolen Digital Data
Type of Information Lost in Laptop Theft
Penetration Testing Steps
Penetration Testing in Mobiles Using CORE IMPACT Pro
Tools to Extract the Personal Information in Cell Phones
Pen-Testing Tools for the Pocket PC
Pen Testing for the Pocket PC Using MiniStumbler
Cookies Screenshot
Install Software
Source Code Penetration Testing Introduction
Need for Source Code Penetration Testing
Prerequisites for Source Code Penetration Testing
Vulnerable Components in an Application
Attacker’s Goals
Threat Models
Application Decomposition
Identify and Rank Threats
Discover the Countermeasures and Mitigation
Threat Analysis
Steps for Source Code Penetration Testing
Tools for Automated Source Code Penetration Testing for Java
Tools for Automated Source Code Penetration Testing for C, C++, and .NET
STRIDE Threat Model Countermeasures
Authentication Countermeasures
Authorization Countermeasures
Countermeasures
Physical Security Penetration Testing Physical Attacks
Steps in Conducting Physical Security Penetration Testing
Google Maps Image
Surveillance Camera Penetration Testing Introduction to Surveillance Systems
Pen Testing Requirements
Surveillance Camera Network Architecture
Need for Surveillance System Pen Testing
Steps for Surveillance Camera Penetration Testing
Try to Manipulate Resolution
Check the Frame Rate
Database Penetration Testing
Database Penetration Testing Steps
McAfee Security Scanner for Databases
Oracle Auditing – Wrong Statements Logged
Possible Attacks Against Oracle Database Vault
Try to Retrieve Sysxlogins Table Views
SQL Server System Tables
Oracle Server Testing
Port Scanning Basic Techniques
Port Scanning Advanced Techniques
Oracle TNS Listener: Screenshot
Finding the TNS Listener
Listener Modes
Database Password Cracking and Testing Tools
VoIP Penetration Testing
Vulnerability Assessment
Penetration and Vulnerability Testing
VoIP Risks and Vulnerabilities
VoIP Security Threat
VoIP Penetration Testing Steps
SNMP Enumeration Tools
VoIP Tools
VPN Penetration Testing
Virtual Private Network (VPN)
VPN Penetration Testing Steps
Port Scanning Tools
Check for Split Tunneling
Try to Recover and Decrypt Pre-Shared Key (PSK)
SSL VPN Scan Tool
Cloud Penetration Testing
What Is Cloud Computing?
Cloud Computing Model
Types of Cloud Computing Services
Separation of Responsibilities in Cloud
Security Benefits of Cloud Computing
Security Risks Involved in Cloud Computing
Key Considerations for Pen Testing in the Cloud
Scope of Cloud Pen Testing
Virtual Machine Penetration Testing
Prerequisites to Virtual Machine Pen Testing
Virtualization Security Scenario
Virtualization Security Issues
Virtual Environment Pen Testing
Virtual Machine Penetration Testing Steps
Vulnerability Assessment Tool: VMinformer
Configuration Management Tool
Virtualization Best Practices
War Dialing
War Dialing
Recommendations to Improve Modem Security
Virus and Trojan Detection
Indications of a Trojan or Virus Attack
Different Ways a Trojan/Virus Can Get into a System
How Does a Computer Get Infected by a Trojan/Virus?
Port Monitoring Tools
Process Monitoring Tools
Registry Entry Monitoring Tools
Device Drivers Monitoring Tools
Windows Services Monitoring Tool: Process Hacker
Windows 7 Startup Registry Entries
Startup Programs Monitoring Tools
File and Folder Integrity Checkers
Detecting Trojans and Viruses with Capsa Network Analyzer
Anti-Trojan/Anti-Spyware Tools
Anti-Virus Tools
Trojan Countermeasures
Virus and Worms Countermeasures
Log Management Penetration Testing
Steps for Log Management Penetration Testing
Log Management Tools
Log Monitoring Tools
Checklist for Secure Log Management
File Integrity Checking
Process to Check Integrity by Comparing CRC Checksum
Checking and Comparing CRC Value
Hash Value Calculation Tools
Automated File Integrity Verification Tools
Challenges in File Integrity Checking
Mobile Devices Penetration Testing
Requirements for Mobile Device Penetration Testing
Mobile Devices Market Share
Pen Testing Android
Android Architecture
Penetration Testing iOS-based Devices
iOS Architecture
Major iOS Vulnerabilities and Attacks
Jailbreaking
BlackBerry Network Architecture
Vulnerabilities in BlackBerry
Bluetooth Stack
Penetration Testing Steps for Bluetooth-enabled Devices
Recommendations
Telecommunication and Broadband Communication Penetration Testing Broadband Communication
Risks in Broadband Communication
Steps for Broadband Communication Penetration Testing
Cookies Analysis Tool: IECookiesView
Wardriving Tools
WEP Cracking Tools
Guidelines for Securing Telecommuting and Home Networking Resources
Email Security Penetration Testing
Commonly Used Email Service Protocols
SMTP Enumeration Tool: NetScanTools Pro
Vulnerability Scanners
Patch Management Tools
Anti-Phishing Tools
Common Spam Techniques
Anti-Spamming Tools
Security Patches Penetration Testing Patch Management
Patch and Vulnerability Group (PVG)
Steps for Security Patches Penetration Testing
Security Patches Penetration Testing Tools
Data Leakage Penetration Testing Data Leakage
Data Leakage Statistics
Data Leakage Statistics – Types of Incidents
Data Leakage Penetration Testing Steps
Data Privacy and Protection Acts
Data Protection Tools
SAP Penetration Testing SAP World
The SAP RFC Library
Methodology and Goals
Setting Up the Assessment Platform
Sapyto Architecture
Connectors and Targets
Installation of Sapyto
SAP Penetration Testing
Standards and Compliance Incident Handling
Incident Response
Need for Incident Response
Goals of Incident Response
Parameters of Investigations
Laws
Compliance Checklists
Intellectual Property Rights
Privacy Act
Standards of Conduct
Legal Issues Affecting Information Assurance
Information System Security Principles Defense in Depth
System Interconnection
Monitoring Systems Interconnection
System Interconnection Policy
Aggregation
Inference and Object Reuse
Polyinstantiation
How Security is Affected
Threat from Aggregation
Basic Security Requirements
Information Valuation
States of Information
Protection Profiles
Security Target
Account Management
Security Policy for Account Administration
Configuration Management
Change Control
Configuration Management Plan
Cryptanalysis
Digital Signature
Steganography and Watermarking
Non-Repudiation
Message Digest Tools
Key Management
Electronic Key Management System (EKMS)
EKMS Requirements
Public Key Infrastructure (PKI)
Need for Public Key Infrastructure (PKI)
Public Key Infrastructure Requirements
Email Security
Life Cycle Security
System Security Plan (SSP)
Access Control Models
Business Aspects of Information Security
Information Warfare (INFOWAR)
Intellectual Property Rights
COMSEC
System Security Architecture
Software Piracy
Addressing Account Management
Policy for Redeploying Classified Systems
Hardware Asset Management Program
Key Management Infrastructure (KMI)
Development of Configuration Control Policies
Report to the DAA the Deficiencies/Discrepancies in the Configuration Control Policy
Improvements to the Security Plans Developed by Site Personnel
Security Domains
Administrative Security Procedures Appropriate for the System Certification
Security Features Necessary to Support Site Operations
Maintenance Procedures to Ensure Security against Unauthorized Access
Procedures to Counter Potential Threats from Insiders or Outsiders of the Organization
Physical Security
Information System Incident Handling and Response EMSEC/TEMPEST
Emergency/Incident Response Team
Education, Training, and Awareness (ETA)
Concept of Operations (CONOP)
Business Continuity Plan (BCP)
Disaster Recovery Planning (DRP)
Business Continuity Plan Development and Planning
Resource Requirements for Business Continuity Plan
Security Policy for Backup Procedures
Generally Accepted Systems Security Principles (GASSP)
Personal Information Security Breaches
Investigation of Personal Information Security Breaches
Process of Responding to and Reporting Security Incidents
Agency Specific Security Policies and Procedures
Information System Auditing and Certification Certification and Accreditation
National Information Assurance Partnership (NIAP)
Information Technology Security Evaluation Criteria (ITSEC)
Discuss the Concepts of Availability, Integrity, Confidentiality, Authentication, and Non-repudiation
Key Participants of the Certification and Accreditation Process
Information System Security Auditing and Logging
Information Systems Monitoring Process
Evaluation Assurance Levels (EALs)
Assessment Use During Certification of Information Systems
Systems Security Plan
Budget/Resources Allocation/ Scheduling
Information System Security Certification Requirements
System Architectural Description Document
Agency-specific C&A Guidelines
Security Processing Mode
Change Control Management Process
Security Accreditation Package