Course Title: Penetration Testing: Network & Perimeter Testing

(1)

Penetration Testing PTS403

Course Title:

(2)

The Security Analyst Series from EC-Council | Press is comprised of five books covering a broad base of topics in advanced penetration testing and information security analysis. The content of this program is designed to expose the reader to groundbreaking methodologies in conducting thorough information security analysis, as well as advanced penetration testing techniques. Armed with the knowledge from the Security Analyst series along with proper experience, readers will be able to perform the intensive assessments required to effectively identify and mitigate risks to the security of the organization's infrastructure.

Penetration testing is the exploitation of vulnerabilities present in an organization's network. It simulates methods that intruders use to gain unauthorized access to an organization’s networked systems and then compromise them. Penetration testers may use proprietary and/or open source tools to test known technical vulnerabilities in networked systems. Apart from automated techniques, penetration testing involves manual techniques for conducting targeted testing on specific systems to ensure that there are no security flaws that may have gone undetected earlier.

Certificate Info

Penetration Testing: Network & Perimeter Testing

Who Should Attend?

This course will significantly benefit Network administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment professionals.

Course Duration: 2 days (9:00 – 5:00)

CPE/ECE Qualification

16 ECE Credits awarded for attendance (1 for each classroom hour) Suggested Retail:

(3)

Visit www.cengage.com/community/eccouncil and click on Training Workshops for ordering details.

What’s included?

Physical Courseware

1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate

Course + Supplement Cost:

See the “Training Workshops” section at

www.cengage.com/community/eccouncil

for current pricing information.

Related Certificates:

Penetration Testing: Security Analysis

Penetration Testing: Communication Media Testing Penetration Testing: Network Threat Testing Penetration Testing: Procedures & Methodologies

(4)

Course Briefing:

1. Advanced Googling

Module Brief:

This module explains the advanced features of the search engine “Google”. It also gives a comprehensive explanation on Site Operator, intitle:index.of, error | warning, Google Advanced Search Form, categorization of the operators , viewing live web cams , locating the source code with common strings , locating the vulnerable targets , locating targets via demonstration pages, locating targets via source code, vulnerable web application examples, locating targets via CGI scanning, a single CGI scan-style query, directory listings, web server software error messages, and the Goolag scanner

2. Routers and Switches Penetration Testing

Module Brief:

This module discusses the need for router testing and various issues involved in it, and aims to give a single point reference for router security assessment and countermeasures for the identified weaknesses. It gives the list of steps for Router Penetration Testing and also steps for Testing Switches.

3. Firewall Penetration Testing

Module Brief:

This module explains what a firewall is and the importance of it. It also explains the various features of firewall and its functioning. This module gives a comprehensive view of the possible vulnerabilities in a firewall and the tests that help discover the vulnerabilities.

4. IDS Penetration Testing

Module Brief:

Intrusion Detection Systems (IDS) is a software/hardware that detects and logs inappropriate, incorrect, or anomalous activity. IDSes are typically characterized based on the source of the data they monitor.

This module gives a brief introduction about various Intrusion Detection Systems and their benefits. It also explains Wireless Intrusion Detection Systems and various IDS testing tools. This module explains IDS Penetration testing steps. It also discusses in detail about Traffic IQ Professional.

5. Physical Security and Stolen Laptop, PDA, and Cell Phone Penetration Testing

Module Brief:

Physical security defends the organization from attackers trying to access a resource or information stored on media of the organization. Cyber security development focuses on mitigating attacks to computer networks as well as preventing the physical attacks.

Business executives are increasingly reliant on laptops, PDAs, and cell phones for their portability, and the ability to work on the go. Losing such a device could result in losing the important financial information, trade secrets, and other personal information.

This module discusses various steps in the penetration testing of physical security and a stolen laptop, PDA, or cell phone and how attackers gather information from a stolen device.

6. E-Mail Security Penetration Testing

Module Brief:

This module explains about email accounts which are a storage area for people to store their private information, including their business data. The module discusses phishing, an Internet scam used to

(5)

Page 5 of 7 Network and Perimeter Testing Copyright © by EC-Council | Press All Rights Reserved. Reproduction is Strictly Prohibited. force the users to give their personal and confidential information, and spamming which is the process of populating the user’s inbox with unsolicited or junk email.

The module familiarizes with HTA (HTML Application) file extensions, which consist of commands that can perform anything on the computer once executed and the attachment which can bypass the security settings on the network. It also gives brief introduction to PhishTank SiteChecker which blocks phishing pages, SpoofGuard which prevents from malicious attacks, and SpamExperts Destop which blocks spam.

7. Security Patches Penetration Testing

Module Brief:

This module explains Patch Management, a part of system management that involves the acquisition, testing, and installation of patches to an administrated computer system. . The module talks about PVG (Patch and vulnerability group) which is created by the organization. PVG uses OS, application patching, automated patch management tools, and configuration changes to eradicate vulnerabilities. It also familiarizes with patch testing in non production system and vender authentication mechanism prior to installation of the patches.

(6)

Course Outline:

Chapter 1: Advanced Googling

 Introduction to Advanced Googling  Common Queries

 Google Advanced Search Form Queries  Other Useful Google Searches

Chapter 2: Routers and Switches Penetration Testing

 Introduction to Routers and Switches Penetration Testing  Steps for Router Penetration Testing

 Testing Switches

Chapter 3: Firewall Penetration Testing

 Introduction to Firewall Penetration Testing  Firewall Logging Functionality

 Periodic Review of Information Security Policies  Firewall Implementation

 Maintenance and Management of Firewalls  Types of Firewalls

 Firewall Limitations

 Steps for Conducting Firewall Penetration Testing

Chapter 4: IDS Penetration Testing

 Types of Intrusion Detection Systems  IDS Testing Tools

 Techniques Used to Evade Intrusion Detection Systems  IDS Penetration-Testing Steps

Chapter 5: Physical Security and Stolen Laptop, PDA, and Cell Phone Penetration Testing

 Introduction to physical Security

 Steps in Conducting Physical Security Penetration Testing  Laptop, PDA, and Cell Phone Theft

 Laptop, PDA, and Cell Phone Penetration-Testing Steps

Chapter 6: E-Mail Security Penetration Testing

(7)

 Steps for E-Mail Penetration Testing  Antiphishing Tools

 Antispam Tools

Chapter 7: Security Patches Penetration Testing

 Introduction to Security Patches Penetration Testing  Patch Management

 Patch and Vulnerability Group (PVG)  Penetration-Testing Steps