Ваша корзина пуста
Сумма: 0 руб.

Тестирование на проникновение хакера и анализ безопасности

О курсе
Тестирование на проникновение хакера и анализ безопасности
от 72 500 руб.
Заказать курс

Тестирование на проникновение хакера и анализ безопасности

Цель курса – получить знания и навыки, необходимые для успешного выявления и устранения проблем безопасности в смешанных компьютерных сетях. Курс посвящен методикам проведения тестирования на проникновение в контексте углубленного анализа безопасности компьютерных сетей.
Расписание и цены
Этот курс набирает желающих участников. Отправьте заявку на участие, а когда наберётся достаточное количество, мы с вами свяжемся.
Заказать обучение
Программа курса

Course Description:

 

The Security Analyst Series from EC-Council | Press is comprised of five books covering a broad base of topics in advanced penetration testing and information security analysis. The content of this program is designed to expose the reader to groundbreaking methodologies in conducting thorough information security analysis as well as advanced penetration testing techniques. Armed with the knowledge from the Security Analyst series, along with proper experience, readers will be able to perform the intensive assessments required to effectively identify and mitigate risks to the security of the organization's infrastructure. A recent “Symantec State of Enterprise Security 2010” report states that ¾ of businesses have experienced a hacking attempt in the past year. The dearth of quality security analysts to thwart any security threats in a timely fashion is one of the major challenges facing organizations today. Organizations need to hire experts in the field of computer security infrastructure or have to train in house security administrators to fight IT security dangers if they are to stand any chance against hackers. EC-Council Certified Security Analyst (ECSA) complements the Certified Ethical Hacker (CEH) certification by exploring the analytical phase of ethical hacking. While CEH exposes the learner to hacking tools and technologies, ECSA takes it a step further by exploring how to analyze the outcome from these tools and technologies.

 

Course Briefing:

 

1. The Need for Security Analysis

 

Module Brief:

 

This module gives us a picture about the information security of the world and the ever increasing security threats looming over us; it is concerned with the theft, fraud/forgery, unauthorized access, interception, or modification of the data.

This module deals with the need for security analysis, various security concerns, what data should be protected, challenges to security, preventive steps to be taken, threat agents and risks, information security awareness, and security policies that are crucial for an organization and provision in law of various countries to deal with the information security related issues.

 

2. TCP/IP Packet Analysis

 

Module Brief:

 

TCP/IP provides a broad range of communication protocols for the various applications on the network; so knowledge of this technology and its security features is crucial in security analysis of a network.

This module deals with TCP/IP model, comparison of OSI and TCP/IP models, processes involved in TCP operation, windowing of TCP/IP packets, TCP and UDP operation sequencing numbers, security issues and features of Internet protocol v6 (IPv6), Denial-of-Service (DoS) attacks, TCP and UDP port numbers, ICMP and ICMP control messages.

 

3. Advanced Sniffing Techniques

 

Module Brief:

 

This module familiarizes with various advanced sniffing techniques using the tool Wireshark. This module deals with the network protocol analyzer Wireshark, its features, IP display filters and commands such as Tshark, Tcpdump, Capinfos, Idl2wrs, Editcap, Mergecap, and Text2pcap, use of Wireshark for network troubleshooting and various scanning techniques, Wireshark DNP3 Dissector Infinite Loop Vulnerability, Timestamps, Packet Reassembling, and Checksums.

 

4. Vulnerability Analysis with Nessus

 

Module Brief:

Nessus is a client-server-based, open-source vulnerability scanner that provides a free, powerful, up-to-date, and easy-to-use remote security scanner for business-critical enterprise devices and applications.

This module will familiarize you with Nessus and its features, phases involved in Nessus assessment process, procedure in configuring Nessus, Nessus client, process for starting Nessus scan, Plug-in selection, types of plug-ins, identifying false positives, framework to write Nessus plug-ins, installing and running the plug-in, Nessus architecture and design, Nessus user community, Tenable Security Center, simplifying a security scan, wireless scanning for WAPs, and detecting WAPs using the Nessus vulnerability scanner.

 

5. Designing a DMZ

 

Module Brief:

 

DMZ is a computer host or small network inserted as a “neutral zone” between a company’s private network and the outside public network. DMZ use has become a necessary method of providing a multilayered, defense-in-depth approach to security.

This module deals with the DMZ design fundamentals, designing DMZ using IPtables, designing wireless DMZ, designing DMZ specific to the operating systems such as Windows, Solaris, and Linux, best practices of DMZ router and switch, and six ways to stop the data leaks.

 

6. Snort Analysis

 

Module Brief:

 

Snort is a widely used, open-source, network-based intrusion detection system capable of performing real-time traffic analysis and packet logging on IP networks. It is used to perform protocol analysis and content matching to detect a variety of attacks and probes such as: buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more.

This module deals with Snort operation modes and its features, configuration of Snort for variables, preprocessors, output plug-ins, and rules, stream4 preprocessor and inline functionality, Snort rules which include Snort rule header and rule options, subscribing to the Snort rules and tools used for writing Snort rules.

 

7. Log Analysis

 

Module Brief:

 

Logs are used to keep track of the network, user activities, and services. This module deals with logs, events that need to be logged, log shipping, different techniques, and tools used for analyzing the logs such as Syslog, web server logs, wired router logs, wireless network devices logs, Windows logs, Unix logs, Linux logs, SQL server logs, Oracle logs, Solaris log files, VPN server logs, firewall logs, IDS logs, and DHCP logs, configuring NTP, use of log analysis and log alert tools.

 

Course Outline:

 

Chapter 1: The Need for Security Analysis

 

          Introduction to the Need for Security Analysis

          Security Concerns

          What Should Be Protected

          Reasons Intrusions Succeed

          Challenges to Security

          Preventative Steps

          Threat Agents

          Needs Assessment Questions

          How Much Security is Enough?

          Risk

          Information Security Awareness

          Security Policies

          U.S. Legislation

          U.K. Legislation

 

Chapter 2: TCP/IP Packet Analysis

 

          Introduction to TCP/IP Packet Analysis

          TCP/IP Protocol Suite

          TCP (Transmission Control Protocol)

          Internet Protocol (IP)

          Other Protocols

 

Chapter 3: Advanced Sniffing Techniques

 

          Introduction to Advanced Sniffing Techniques

          Wireshark: Filters

          Protocol Dissection

          Steps to Solve GNU/Linux Server Network Connectivity Issues

          Network Troubleshooting Methodology

          Using Wireshark for System Administration

          Using Wireshark for Security Administration

          Wireless Sniffing with Wireshark

          Navigating Wireshark’s Packet Details Window

          Scanning

          Remote-Access Trojans

          Wireshark DNP3 Dissector Infinite Loop Vulnerability

          Time Stamps

          Packet Reassembling

          Checksums

 

Chapter 4: Vulnerability Analysis with Nessus

 

          Introduction to Vulnerability Analysis with Nessus

          Features of Nessus

          Nessus Assessment Process

          Deployment Requirements

          Configuring Nessus

          Updating Nessus Plug-Ins

          Using the Nessus Client

          Service Detection

          Vulnerability Fingerprinting

          DoS Testing

          False Positives

          Writing Nessus Plug-Ins

          Nessus Architecture and Design

          Nessus User Community

          Tenable Security Center

 

Chapter 5: Designing a DMZ

 

          Introduction to Designing a DMZ

          DMZ Concepts

          DMZ Design Fundamentals

          Advanced Design Concepts

          DMZ Architecture

          Designing a DMZ Using IPtables

          Designing a Wireless DMZ

          Specific Operating System Design

          DMZ Router Security Best Practices

          DMZ Switch Security Best Practices

          Six Ways to Stop Data Leaks

 

Chapter 6: Snort Analysis

 

          Introduction to Snort Analysis

          Modes of Operation

          Features of Snort

          Configuring Snort

          How Snort Works

          Content Matching

          The Stream4 Preprocessor

          Inline Functionality

          Writing Snort Rules

          Snort Tools

 

Chapter 7: Log Analysis

 

          Introduction to Log Analysis

          Events That Must Be Logged

          What to Look For in Logs

          Automated Log Analysis Approaches

          Log Shipping

          Analyzing Syslog

          Analyzing Web Server Logs

          Analyzing Wired Router Logs

          Analyzing Wireless Network Device Logs

          Analyzing Windows Logs

          Analyzing UNIX Logs

          Analyzing Linux Logs

          Analyzing SQL Server Logs

          Analyzing Oracle Logs

          Analyzing Solaris Log Files

          Analyzing VPN Server Logs

          Analyzing Firewall Logs

          Analyzing IDS Logs

          Analyzing DHCP Logs

          Network Time Protocol

          Log Analysis Tools

          Log Alert Tools