EC-Council Course Catalogs

Transcription

Education Services
EC-Council Course Catalogs
ITPro Global
Coyright by ITPro Global ® 2009
Educational Services
Educational Services
EC-Council Certification Path
Senior Security Forensics
Investigator
Advanced
Penetration Testing
Functions include the design,
implementation and creation
of plans, strategies and actions
necessary for a successful
security investigations
program.
Responsibilities will include
careful analysis of risk and
threat conditions and
associated mitigations or
remediation's available
through the use of appropriate
technical security applications
and/or use of security
resources.
Elective
Certifications
The Senior Specialist for Disaster
Recovery is responsible for all aspects
of the IT Disaster Recovery Plan.
Provides oversight and guidance for all
disaster recovery related activities
within the IT department.
Ideal candidates include
those individuals that
have the abilities to
conduct either an
application or network
based penetration test,
which includes initial
identification of
vulnerabilities through a
variety of software tools,
and then exploiting
vulnerabilities using
appropriate techniques
that minimize likelihood
of causing harm to
networks.
This position is responsible for
responding to and
for leading security investigations of varying types.
Job Roles
Based On
Monster.com
Disaster Recovery Specialist
Manages all aspects of IT disaster
recovery including the development,
implementation and testing of a
comprehensive IT Disaster recovery
plan. Responsible for developing,
coordinating, and maintaining a
comprehensive disaster recovery
testing program.
Lead in performing disaster recovery
capacity planning coordination IT
departments to ensure that new
initiative focus proactively on disaster
recovery and its requirements and
costs are part of each new IT initiative.
Some one that can work
individually or in teams
to perform these tasks
using ethical hacking
protocol.
Certified VoIP
Professional
Secure Programmer
An expert level lead
engineer with a strong
technical background in
IP networking, experienced in designing carrier
grade ATM, IP and MPLS
enabled networks to
support the newest as
well as the legacy
technologies for mobile
networks and applications. Conducts technical
research and provide
evaluations on new
technologies and
networking solutions.
Communicates recommendations necessary to
guide our strategic and
technical decision
making.
The Programmer's role is
to define, develop, test,
analyze, and maintain
new software applications
in .NET. This includes
writing, coding, testing,
and analyzing software
programs and applications.
Candidate will work with
network administrators,
systems analysts, and
product vendors to assist
in resolving problems
with software products or
company software
systems.
Deals with computer
crime investigations
and are qualified to
handle Cyberspace,
allegations or
downloading
pornography,
solicitation of minors,
hacking/cracking,
internet stalking
cases, and allegations
of online fraud.
This role will also consist
of assistance in proactive
administration of the
companies Database
servers.
TM
TM
C HFI
Computer
Hacking Forensic
INVESTIGATOR
TM
TM
TM
TM
L PT E CSA
Licensed
Penetration Tester
EC-Council
Certified Security Analyst
EC-Council
E CVP
Disaster
Recovery
Professional
EC-Council
Certified
E C SP
TM
VOIP Professional
EC-Council
Certified Secure Programmer
TM
Certified Ethical Hacker (CEH)
C EH
Certified
Ethical Hacker
Core Certifications
EC-Council Network Security Administrator (ENSA)
Entry Level
Certifications:
Lawyers
and Corporate
Attorneys
A+
Network+
TM
EC-Council
Network
Security
Administrator
Security+
EC-Council
Computer
Crime
Investigator
Accredited Training Center
Ethical Hacking and Countermeasures- v6
HACKER MŨ TRẮNG - v6
Tổng quan
Khóa học tạo cho học viên một môi trường tương tác. Trong môi trường này học viên sẽ được hướng
dẫn cách quét, kiểm tra, hack và bảo mật những hệ thống của chính họ . Với môi trường Lab chuyên sâu sẽ
trang bị cho mỗi học viên kiến thức sâu rộng và kinh nghiệm thực hành với các hệ thống bảo mật cần thiết
hiện thời. Khởi đầu học viên sẽ hiểu được cách thức bảo vệ, quét và cách thức tấn công hệ thống mạng. Sau
đó học viên sẽ được học cách mà những kẻ đột nhập sử dụng để gia tăng phạm vi ảnh hưởng và những bước
có thể tiến hành để bảo mật một hệ thống. Các học viên cũng sẽ học cách phát hiện xâm nhập, hoạch định
chính sách, cách tấn công DDoS, làm tràn bộ nhớ đệm và tạo ra các loại Virus. Sau khi kết thúc khóa học
chuyên sâu trong 60 giờ, học viên sẽ nắm vững kiến thức và kinh nghiệm trong Ethical Hacking. Khóa học
cung cấp kiến thức và chuẩn bị cho bạn dự thi môn CEH (EC-Council Certified Ethical Hacker) môn thi
CEH312-50.
Đối tượng
Khóa học bổ ích cho các nhân viên có trách nhiệm kiểm soát và đảm bảo an ninh mạng, các chuyên viên
bảo mật, các nhà quản trị, và bất kỳ ai quan tâm về sự toàn vẹn của cơ sở hạ tầng mạng.
Thời lượng
40 giờ
Chứng chỉ
Khóa học này cung cấp cho học viên những kiến thức và kỹ năng cần thiết để học viên có thể vượt qua
bài thi CEH 312-50. Sau khóa học, học viên sẽ nhận được chứng chỉ hoàn thành khóa học của EC-Council .
Để nhận được chứng chỉ quốc tế CEH học viên cần phải vượt qua kỳ thi trực tuyến CEH 312-50 tại các trung
tâm khảo thí Prometric.
Thỏa thuận pháp lý
Sứ mệnh của chương trình CEH là giáo dục, giới thiệu, và cung cấp ra các công cụ hack chỉ dành cho
mục đích kiểm tra sự xâm nhập. Trước khi tham gia khóa học này, học viên sẽ phải ký thỏa thuận cam kết học
viên sẽ không sử dụng các kỹ năng mới học được để dùng cho các tấn công bất hợp pháp hay cố tình làm
hại. Học viên sẽ không sử dụng những công cụ đó để làm hại bất kỳ hệ thống máy tính nào, và mượn danh
EC-Council để sử dụng hay lạm dụng những công cụ này, dù không chủ ý.
Không phải ai cũng được học chương trình này. Các đơn vị đào tạo ủy quyền của EC-Council sẽ phải
đảm bảo người nộp đơn vào học làm việc cho các công ty hoặc các tổ chức hợp pháp.
ITPro Global ® 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Email: [email protected]
Nội dung khóa học – phiên bản 6
Chương trình CEHv6 bao gồm giảng dạy trên lớp và tự nghiên cứu. Giảng viên sẽ cung cấp chi tiét các học phần tự nghiên cứu
cho học viên ngay từ đầu khóa học.
Module 1: Introduction to Ethical Hacking

Problem Definition -Why Security?

Essential Terminologies

Elements of Security

The Security, Functionality and Ease of Use
Triangle

Case Study

What does a Malicious Hacker do?
o Vulnerability Research Websites
National Vulnerability Database
(nvd.nist.gov)

Securitytracker (www.securitytracker.com)

Securiteam (www.securiteam.com)

Secunia (www.secunia.com)

Hackerstorm Vulnerability Database Tool
(www.hackerstrom.com)
o Phase2-Scanning

HackerWatch (www.hackerwatch.org)
o Phase3-Gaining Access

MILWORM
o Phase4-Maintaining Access

How to Conduct Ethical Hacking
o Phase5-Covering Tracks

How Do They Go About It
Types of Hacker Attacks

Approaches to Ethical Hacking
o Operating System attacks

Ethical Hacking Testing
o Application-level attacks

Ethical Hacking Deliverables
o Shrink Wrap code attacks

Computer Crimes and Implications
Reconnaissance Types

o Vulnerability Research Tools

o Phase1-Reconnaissaance

o Why Hackers Need Vulnerability
Research
o Misconfiguration attacks

Hacktivism

Hacker Classes

Security News: Suicide Hacker

Ethical Hacker Classes

What do Ethical Hackers do

Can Hacking be Ethical

How to become an Ethical Hacker

Skill Profile of an Ethical Hacker

What is Vulnerability Research
www.itpro.net.vn
Module 2: Hacking Laws
§ U.S. Securely Protect Yourself Against
Cyber Trespass Act (SPY ACT)
§ Legal Perspective (U.S. Federal Law)
o 18 U.S.C. § 1029

Penalties
o 18 U.S.C. § 1030

Penalties
o 18 U.S.C. § 1362
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

o 18 U.S.C. § 2318
§ France Laws
o 18 U.S.C. § 2320
§ German Laws
o 18 U.S.C. § 1831
§ Italian Laws
o 47 U.S.C. § 605, unauthorized publication
or use of communications
§ MALAYSIA: THE COMPUTER CRIMES
ACT 1997
o Washington:
§ HONGKONG: TELECOMMUNICATIONS
RCW 9A.52.110
§ Korea: ACT ON PROMOTION OF
INFORMATION AND COMMUNICATIONS
NETWORK UTILIZATION AND
INFORMATION PROTECTION, ETC.
o Florida:
§ 815.01 to 815.07
§ Greece Laws
o Indiana:

§ Denmark Laws
IC 35-43
§ Netherlands Laws
§ Federal Managers Financial Integrity Act
of 1982
§ Norway
§ The Freedom of Information Act 5 U.S.C. §
552
§ ORDINANCE
§ Mexico
§ Federal Information Security Management
Act (FISMA)
§ The Privacy Act Of 1974 5 U.S.C. § 552a
§ SWITZERLAND
Module 3: Footprinting
§ USA Patriot Act of 2001

Revisiting Reconnaissance
§ United Kingdom’s Cyber Laws

Defining Footprinting
§ United Kingdom: Police and Justice Act
2006

Why is Footprinting Necessary

Areas and Information which Attackers Seek

Information Gathering Methodology
§ European Laws
§ Japan’s Cyber Laws
§ Australia : The Cybercrime Act 2001
o Unearthing Initial Information
·
Finding Company’s URL
§ Indian Law: THE INFORMTION
TECHNOLOGY ACT
·
Internal URL
§ Argentina Laws
·
Extracting Archive of a Website
§ Germany’s Cyber Laws
§ www.archive.org
§ Singapore’s Cyber Laws
·
Google Search for Company’s Info
§ Belgium Law
·
People Search
§ Brazilian Laws
§ Yahoo People Search
§ Canadian Laws
§ Satellite Picture of a Residence
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
§ Best PeopleSearch
o Alchemy Network Tool
§ People-Search-America.com
o Advanced Administrative Tool
§ Switchboard
o My IP Suite
§ Anacubis
o Wikto Footprinting Tool
§ Google Finance
o Whois Lookup
§ Yahoo Finance
o Whois
·
Footprinting through Job Sites
o SmartWhois
·
Passive Information Gathering
o ActiveWhois
·
Competitive Intelligence Gathering
o LanWhois
§ Why Do You Need Competitive
Intelligence?
o CountryWhois
o WhereIsIP
§ Competitive Intelligence Resource
o Ip2country
§ Companies Providing Competitive
Intelligence Services
o CallerIP
§ Carratu International
o Web Data Extractor Tool
§ CI Center
o Online Whois Tools
§ Competitive Intelligence - When Did This
Company Begin? How Did It Develop?
o What is MyIP
o DNS Enumerator
§ Competitive Intelligence - Who Leads This
Company
o SpiderFoot
o Nslookup
§ Competitive Intelligence - What Are This
Company's Plans
§ Competitive Intelligence - What Does
Expert Opinion Say About The Company
§ Competitive Intelligence - Who Are The
Leading Competitors?
§ Competitive Intelligence Tool: Trellian
§ Competitive Intelligence Tool: Web
Investigator
·

Public and Private Websites
Footprinting Tools
o Sensepost Footprint Tools
o Big Brother
o BiLE Suite
www.itpro.net.vn
o Extract DNS Information

Types of DNS Records

Necrosoft Advanced DIG
o Expired Domains
o DomainKing
o Domain Name Analyzer
o DomainInspect
o MSR Strider URL Tracer
o Mozzle Domain Name Pro
o Domain Research Tool (DRT)
o Domain Status Reporter
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Reggie

Faking Websites using Man-in-the-Middle
Phishing Kit

Benefits to Fraudster

Steps to Perform Footprinting
o Locate the Network Range
· ARIN
· Traceroute
§
Traceroute Analysis
· 3D Traceroute
Module 4: Google Hacking
§ What is Google hacking
· NeoTrace
§ What a hacker can do with vulnerable site
· VisualRoute Trace
§ Anonymity with Caches
· Path Analyzer Pro
§ Using Google as a Proxy Server
· Maltego
§ Directory Listings
· Layer Four Traceroute
o Locating Directory Listings
· Prefix WhoIs widget
o Finding Specific Directories
· Touchgraph
o Finding Specific Files
· VisualRoute Mail Tracker
o Server Versioning
· eMailTrackerPro

· Read Notify
§ Going Out on a Limb: Traversal
Techniques
E-Mail Spiders
o Directory Traversal
st
o 1 E-mail Address Spider
o Incremental Substitution
o Power E-mail Collector Tool
§ Extension Walking
o GEOSpider

Site Operator
o Geowhere Footprinting Tool

intitle:index.of
o Google Earth

error | warning
o Kartoo Search Engine

login | logon
o Dogpile (Meta Search Engine)

username | userid | employee.ID | “your
username is”

password | passcode | “your password is”

admin | administrator
o Tool: WebFerret
o robots.txt
o WTR - Web The Ripper
o admin login
o Website Watcher

Steps to Create Fake Login Pages

How to Create Fake Login Pages
www.itpro.net.vn

–ext:html –ext:htm –ext:shtml –ext:asp –
ext:php

inurl:temp | inurl:tmp | inurl:backup | inurl:bak
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

intranet | help.desk
o Default Pages Query for Web Server

Locating Public Exploit Sites
o Outlook Web Access Default Portal
o Locating Exploits Via Common Code
Strings

Searching for Passwords
o Windows Registry Entries Can Reveal
Passwords

Searching for Exploit Code with Nonstandard
Extensions

Locating Source Code with Common Strings

Locating Vulnerable Targets

Google Hacking Database (GHDB)
o Locating Targets Via Demonstration
Pages

SiteDigger Tool
o Usernames, Cleartext Passwords, and
Hostnames!

Gooscan
“Powered by” Tags Are Common Query
Fodder for Finding Web Applications

Goolink Scanner
o Locating Targets Via Source Code

Goolag Scanner
Vulnerable Web Application Examples

Tool: Google Hacks
o Locating Targets Via CGI Scanning

Google Hack Honeypot

A Single CGI Scan-Style Query

Google Protocol

Directory Listings

Google Cartography


o Finding IIS 5.0 Servers

Module 5: Scanning
Web Server Software Error Messages

Scanning: Definition
o IIS HTTP/1.1 Error Page Titles

Types of Scanning
o “Object Not Found” Error Message Used
to Find IIS 5.0

Objectives of Scanning

CEH Scanning Methodology
o Apache Web Server

Apache 2.0 Error Pages
o Checking for live systems - ICMP
Scanning

Application Software Error Messages
·
Angry IP
o ASP Dumps Provide Dangerous Details
·
HPing2
o Many Errors Reveal Pathnames and
Filenames
·
Ping Sweep
·
Firewalk Tool
o CGI Environment Listings Reveal Lots of
Information
·
Firewalk Commands
Default Pages
·
Firewalk Output
o A Typical Apache Default Web Page
·
Nmap
o Locating Default Installations of IIS 4.0 on
Windows NT 4.0/OP
·
Nmap: Scan Methods
·
NMAP Scan Options

www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
·
NMAP Output Format
·
TCP Communication Flags
·
Three Way Handshake
o Atelier Web Ports Traffic Analyzer
(AWPTA)
o Atelier Web Security Port Scanner
(AWSPS)
o Syn Stealth/Half Open Scan
o IPEye
o Stealth Scan
o ike-scan
o Xmas Scan
o Infiltrator Network Security Scanner
o Fin Scan
o YAPS: Yet Another Port Scanner
o Null Scan
o Advanced Port Scanner
o Idle Scan
o NetworkActiv Scanner
o ICMP Echo Scanning/List Scan
o NetGadgets
o TCP Connect/Full Open Scan
o P-Ping Tools
o FTP Bounce Scan
o MegaPing
·
o LanSpy
Ftp Bounce Attack
o SYN/FIN Scanning Using IP Fragments
o HoverIP
o UDP Scanning
o LANView
o Reverse Ident Scanning
o NetBruteScanner
o RPC Scan
o SolarWinds Engineer’s Toolset
o Window Scan
o AUTAPF
o Blaster Scan
o OstroSoft Internet Tools
o Portscan Plus, Strobe
o Advanced IP Scanner
o IPSec Scan
o Active Network Monitor
o Netscan Tools Pro
o Advanced Serial Data Logger
o WUPS – UDP Scanner
o Advanced Serial Port Monitor
o Superscan
o WotWeb
o IPScanner
o Antiy Ports
o Global Network Inventory Scanner
o Port Detective
o Net Tools Suite Pack
o Roadkil’s Detector
o Floppy Scan
o Portable Storage Explorer
o FloppyScan Steps
o E-mail Results of FloppyScan
www.itpro.net.vn

War Dialer Technique
o Why War Dialing
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Wardialing
o Nessus
o Phonesweep – War Dialing Tool
o GFI Languard
o THC Scan
o Security Administrator’s Tool for
Analyzing Networks (SATAN)
o ToneLoc
o Retina
o ModemScan
o Nagios
o War Dialing Countermeasures: Sandtrap
Tool

o PacketTrap's pt360 Tool Suite
Banner Grabbing
o NIKTO
o OS Fingerprinting
§ SAFEsuite Internet Scanner,
IdentTCPScan
·
Active Stack Fingerprinting
·
Passive Fingerprinting

o Cheops
o Active Banner Grabbing Using Telnet
o Friendly Pinger
o GET REQUESTS
o LANsurveyor
o P0f – Banner Grabbing Tool
o Ipsonar
o p0f for Windows
o LANState
o Httprint Banner Grabbing Tool
§ Insightix Visibility
o Tool: Miart HTTP Header
§ IPCheck Server Monitor
o Tools for Active Stack Fingerprinting
·
Xprobe2
·
Ringv2
·
Netcraft
o Disabling or Changing Banner
o IIS Lockdown Tool
o Tool: ServerMask
o Hiding File Extensions
o Tool: PageXchanger

Vulnerability Scanning
o Bidiblah Automated Scanner
o Qualys Web Based Scanner
o SAINT
o ISS Security Scanner
www.itpro.net.vn
Draw Network Diagrams of Vulnerable Hosts
§ PRTG Traffic Grapher

Preparing Proxies
o Proxy Servers
o Free Proxy Servers
o Use of Proxies for Attack
o SocksChain
o Proxy Workbench
o Proxymanager Tool
o Super Proxy Helper Tool
o Happy Browser Tool (Proxy Based)
o Multiproxy
o Tor Proxy Chaining Software
o Additional Proxy Tools
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
·
o Anonymizers
Despoof Tool
·
Surfing Anonymously

Scanning Countermeasures
·
Primedius Anonymizer

Tool: SentryPC
·
StealthSurfer
·
Anonymous Surfing: Browzar
·
Torpark Browser

Overview of System Hacking Cycle
·
GetAnonymous

What is Enumeration?
·
IP Privacy

Techniques for Enumeration
·
Anonymity 4 Proxy (A4Proxy)

NetBIOS Null Sessions
·
Psiphon
o So What's the Big Deal
·
Connectivity Using Psiphon
o DumpSec Tool
·
AnalogX Proxy
o NetBIOS Enumeration Using Netview
·
NetProxy
·
Nbtstat Enumeration Tool
·
Proxy+
·
SuperScan
·
ProxySwitcher Lite
·
Enum Tool
·
JAP
o Enumerating User Accounts
·
Proxomitron
·
Module 6: Enumeration
o Google Cookies
·
G-Zapper
GetAcct
o Null Session Countermeasure

PS Tools
o SSL Proxy Tool
o PsExec
o How to Run SSL Proxy
o PsFile
o HTTP Tunneling Techniques
o PsGetSid
·
Why Do I Need HTTP Tunneling
o PsKill
·
Httptunnel for Windows
o PsInfo
·
How to Run Httptunnel
o PsList
·
HTTP-Tunnel
o PsLogged On
·
HTTPort
o PsLogList
o Spoofing IP Address
o PsPasswd
·
Spoofing IP Address Using Source
Routing
o PsService
·
Detection of IP Spoofing
www.itpro.net.vn
o PsShutdown
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

o PsSuspend
o Terminal Service Agent
Simple Network Management Protocol
(SNMP) Enumeration
o TXNDS
o Unicornscan
o Management Information Base (MIB)
o Amap
o SNMPutil Example
o SolarWinds
o SNScan
o Getif SNMP MIB Browser
o UNIX Enumeration
o SNMP UNIX Enumeration
o SNMP Enumeration Countermeasures
o LDAP enumeration
o JXplorer
o LdapMiner
o Softerra LDAP Browser
o NTP enumeration
o SMTP enumeration
o Netenum

Steps to Perform Enumeration
Module 7: System Hacking

Part 1- Cracking Password
o CEH hacking Cycle
o Password Types
o Types of Password Attack
·
·
Passive Online Attack: Man-in-themiddle and replay attacks
·
Active Online Attack: Password
Guessing
·
Pre-computed Hashes
o Web enumeration

Offline Attacks
Brute force Attack
o Smtpscan
o Asnumber
Passive Online Attack: Wire Sniffing
Syllable Attack/Rule-based Attack/ Hybrid
attacks
o Lynx
Distributed network Attack
Winfingerprint
Rainbow Attack
o Windows Active Directory Attack Tool
·
o How To Enumerate Web Application
Directories in IIS Using DirectoryServices
o Default Password Database

IP Tools Scanner

Enumerate Systems Using Default Password
§ Tools:
o NBTScan
o NetViewX
o FREENETENUMERATOR
www.itpro.net.vn
Non-Technical Attacks
§ http://www.defaultpassword.com/
§ http://www.cirt.net/cgi-bin/passwd.pl
§ http://www.virus.org/index.php?
o PDF Password Cracker
o Abcom PDF Password Cracker
o Password Mitigation
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Permanent Account Lockout-Employee
Privilege Abuse
o Tool: LCP
o Tool: SID&User
o Administrator Password Guessing
·
o Tool: Ophcrack 2
Manual Password cracking Algorithm
o Tool: Crack
·
Automatic Password Cracking
Algorithm
o Tool: Access PassView
o Tool: Asterisk Logger
o Performing Automated Password
Guessing
·
o Tool: CHAOS Generator
Tool: NAT
o Tool: Asterisk Key
·
Smbbf (SMB Passive Brute Force
Tool)
·
SmbCrack Tool: Legion
·
Hacking Tool: LOphtcrack
o Password Recovery Tool: MS Access
Database Password Decoder
o Password Cracking Countermeasures
o Microsoft Authentication
o Do Not Store LAN Manager Hash in SAM
Database
·
o LM Hash Backward Compatibility
LM, NTLMv1, and NTLMv2
o How to Disable LM HASH
·
NTLM And LM Authentication On The
Wire
·
Kerberos Authentication
·
What is LAN Manager Hash?
LM “Hash” Generation
o Password Brute-Force Estimate Tool
o Syskey Utility
o AccountAudit

LM Hash
Part2-Escalating Privileges
o CEH Hacking Cycle
·
Salting
·
PWdump2 and Pwdump3
·
Tool: Rainbowcrack
·
Hacking Tool: KerbCrack
·
Hacking Tool: NBTDeputy
·
Change Recovery Console Password
- Method 1
·
NetBIOS DoS Attack
·
·
Hacking Tool: John the Ripper
o Password Sniffing
o How to Sniff SMB Credentials?
o SMB Replay Attacks
o Replay Attack Tool: SMBProxy
o Privilege Escalation
o Cracking NT/2000 passwords
o Active@ Password Changer
Change Recovery Console Password Method 2
o Privilege Escalation Tool: x.exe

Part3-Executing applications
o CEH Hacking Cycle
o Tool: psexec
o Tool: remoexec
o SMB Signing
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Ras N Map
o Stealth Website Logger
o Tool: Alchemy Remote Executor
o Digi Watcher Video Surveillance
o Emsa FlexInfo Pro
o Desktop Spy Screen Capture Program
o Keystroke Loggers
o Telephone Spy
o E-mail Keylogger
o Print Monitor Spy Tool
o Revealer Keylogger Pro
o Stealth E-Mail Redirector
o Handy Keylogger
o Spy Software: Wiretap Professional
o Ardamax Keylogger
o Spy Software: FlexiSpy
o Powered Keylogger
o PC PhoneHome
o Quick Keylogger
o Keylogger Countermeasures
o Spy-Keylogger
o Anti Keylogger
o Perfect Keylogger
o Advanced Anti Keylogger
o Invisible Keylogger
o Privacy Keyboard
o Actual Spy
o Spy Hunter - Spyware Remover
o SpyToctor FTP Keylogger
o Spy Sweeper
o IKS Software Keylogger
o Spyware Terminator
o Ghost Keylogger
o WinCleaner AntiSpyware
o Hacking Tool: Hardware Key Logger

Part4-Hiding files
o What is Spyware?
o CEH Hacking Cycle
o Spyware: Spector
o Hiding Files
o Remote Spy
o RootKits
o Spy Tech Spy Agent
·
Why rootkits
o 007 Spy Software
·
Hacking Tool: NT/2000 Rootkit
o Spy Buddy
·
Planting the NT/2000 Rootkit
o Ace Spy
·
Rootkits in Linux
o Keystroke Spy
·
Detecting Rootkits
o Activity Monitor
·
Steps for Detecting Rootkits
o Hacking Tool: eBlaster
·
Rootkit Detection Tools
o Stealth Voice Recorder
·
Sony Rootkit Case Study
o Stealth Keylogger
·
Rootkit: Fu
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
·
AFX Rootkit
·
Tool: Mp3Stego
·
Rootkit: Nuclear
·
Tool: Snow.exe
·
Rootkit: Vanquish
·
Steganography Tool: Fort Knox
·
Rootkit Countermeasures
·
Steganography Tool: Blindside
·
Patchfinder
·
Steganography Tool: S- Tools
·
RootkitRevealer
·
Steganography Tool: Steghide
o Creating Alternate Data Streams
·
Tool: Steganos
o How to Create NTFS Streams?
·
Steganography Tool: Pretty Good
Envelop
·
NTFS Stream Manipulation
·
NTFS Streams Countermeasures
·
Tool: Gifshuffle
·
Tool: JPHIDE and JPSEEK
·
Tool: wbStego
·
Tool: OutGuess
o What is Steganography?
·
Tool: Data Stash
·
·
Tool: Hydan
§ Least Significant Bit Insertion in Image files
·
Tool: Cloak
§ Process of Hiding Information in Image
Files
·
Tool: StegoNote
·
Tool: Stegomagic
·
Steganos Security Suite
·
C Steganography
·
Isosteg
·
FoxHole
·
Video Steganography
·
NTFS Stream Detectors (ADS Spy and
ADS Tools)
·
Hacking Tool: USB Dumper
Steganography Techniques
§ Masking and Filtering in Image files
§ Algorithms and transformation
·
Tool: Merge Streams
·
Invisible Folders
·
Tool: Invisible Secrets
·
Tool : Image Hide
·
Tool: Stealth Files
·
Tool: Steganography
·
Masker Steganography Tool
·
Hermetic Stego
·
Steganalysis Methods/Attacks on
Steganography
·
DCPP – Hide an Operating System
·
Stegdetect
·
Tool: Camera/Shy
·
SIDS
·
www.spammimic.com
·
High-Level View
www.itpro.net.vn
·
Case Study: Al-Qaida members
Distributing Propaganda to Volunteers
using Steganography
·
Steganalysis
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

·
Tool: dskprobe.exe
o What do Trojan Creators Look for?
·
Stego Watch- Stego Detection Tool
·
StegSpy
o Different Ways a Trojan can Get into a
System
Part5-Covering Tracks
o CEH Hacking Cycle

Indications of a Trojan Attack

Ports Used by Trojans
o How to Determine which Ports are
Listening
o Covering Tracks
o Disabling Auditing

Trojans
o Clearing the Event Log
o Trojan: iCmd
o Tool: elsave.exe
o MoSucker Trojan
o Hacking Tool: Winzapper
o Proxy Server Trojan
o Evidence Eliminator
o SARS Trojan Notification
o Tool: Traceless
o Wrappers
o Tool: Tracks Eraser Pro
o Wrapper Covert Program
o Armor Tools
o Wrapping Tools
o Tool: ZeroTracks
o One Exe Maker / YAB / Pretator Wrappers
o PhatBooster
o Packaging Tool: WordPad
o RemoteByMail
Module 8: Trojans and Backdoors
o Tool: Icon Plus

Effect on Business
o Defacing Application: Restorator

What is a Trojan?
o Tetris
o Overt and Covert Channels
o HTTP Trojans
o Working of Trojans
o Trojan Attack through Http
o Different Types of Trojans
o HTTP Trojan (HTTP RAT)
§ Remote Access Trojans
o Shttpd Trojan - HTTP Server
§ Data-Sending Trojans
o Reverse Connecting Trojans
§ Destructive Trojans
o Nuclear RAT Trojan (Reverse Connecting)
§ Denial-of-Service (DoS) Attack Trojans
o Tool: BadLuck Destructive Trojan
§ Proxy Trojans
o ICMP Tunneling
§ FTP Trojans
o ICMP Backdoor Trojan
§ Security Software Disablers
o Microsoft Network Hacked by QAZ Trojan
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Backdoor.Theef (AVP)
o Skiddie Rat
o T2W (TrojanToWorm)
o Biohazard RAT
o Biorante RAT
o Troya
o DownTroj
o ProRat
o Turkojan
o Dark Girl
o Trojan.Satellite-RAT
o DaCryptic
o Yakoza
o Net-Devil
o DarkLabel B4

Classic Trojans Found in the Wild
o Trojan.Hav-Rat
o Trojan: Tini
o Poison Ivy
o Trojan: NetBus
o Rapid Hacker
o Trojan: Netcat
o SharK
o Netcat Client/Server
o HackerzRat
o Netcat Commands
o TYO
o Trojan: Beast
o 1337 Fun Trojan
o Trojan: Phatbot
o Criminal Rat Beta
o Trojan: Amitis
o VicSpy
o Trojan: Senna Spy
o Optix PRO
o Trojan: QAZ
o ProAgent
o Trojan: Back Orifice
o OD Client
o Trojan: Back Oriffice 2000
o AceRat
o Back Oriffice Plug-ins
o Mhacker-PS
o Trojan: SubSeven
o RubyRAT Public
o Trojan: CyberSpy Telnet Trojan
o SINner
o Trojan: Subroot Telnet Trojan
o ConsoleDevil
o Trojan: Let Me Rule! 2.0 BETA 9
o ZombieRat
o Trojan: Donald Dick
o FTP Trojan - TinyFTPD
o Trojan: RECUB
o VNC Trojan

Hacking Tool: Loki
o Webcam Trojan

Loki Countermeasures
o DJI RAT

Atelier Web Remote Commander
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Trojan Horse Construction Kit

MD5 Checksum.exe

How to Detect Trojans?

Microsoft Windows Defender

How to Avoid a Trojan Infection
o Netstat
o fPort
o TCPView

Virus History
o CurrPorts Tool

Characteristics of Virus
o Process Viewer

Working of Virus
o Delete Suspicious Device Drivers
o Infection Phase
o Check for Running Processes: What’s on
My Computer
o Attack Phase
o Super System Helper Tool
o Inzider-Tracks Processes and Ports
o Tool: What’s Running
o MS Configuration Utility
o Registry- What’s Running
o Autoruns
o Hijack This (System Checker)
o Startup List

Module 9: Viruses and Worms

Why people create Computer Viruses

Symptoms of a Virus-like Attack

Virus Hoaxes

Chain Letters

How is a Worm Different from a Virus

Indications of a Virus Attack

Hardware Threats

Software Threats

Virus Damage
Anti-Trojan Software
§ TrojanHunter
§ Comodo BOClean
§ Trojan Remover: XoftspySE
§ Trojan Remover: Spyware Doctor
§ SPYWAREfighter
§ Mode of Virus Infection

Stages of Virus Life

Virus Classification

How Does a Virus Infect?

Storage Patterns of Virus
o System Sector virus

Evading Anti-Virus Techniques

Sample Code for Trojan Client/Server

Evading Anti-Trojan/Anti-Virus using Stealth
Tools
·
Self -Modification

Backdoor Countermeasures
·
Encryption with a Variable Key

Tripwire
o Polymorphic Code

System File Verification
o Metamorphic Virus
www.itpro.net.vn
o Stealth Virus
o Bootable CD-Rom Virus
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Cavity Virus

What is Sheep Dip?
o Sparse Infector Virus

Virus Analysis – IDA Pro Tool
o Companion Virus

Prevention is better than Cure
o File Extension Virus

Anti-Virus Software

Famous Virus/Worms – I Love You Virus
o AVG Antivirus

Famous Virus/Worms – Melissa
o Norton Antivirus

Famous Virus/Worms – JS/Spth
o McAfee

Klez Virus Analysis
o Socketsheild

Latest Viruses
o BitDefender

Top 10 Viruses- 2008
o ESET Nod32
o Virus: Win32.AutoRun.ah
o CA Anti-Virus
o Virus:W32/Virut
o F-Secure Anti-Virus
o Virus:W32/Divvi
o Kaspersky Anti-Virus
o Worm.SymbOS.Lasco.a
o F-Prot Antivirus
o Disk Killer
o Panda Antivirus Platinum
o Bad Boy
o avast! Virus Cleaner
o HappyBox
o ClamWin
o Java.StrangeBrew
o Norman Virus Control
o MonteCarlo Family

Popular Anti-Virus Packages
o PHP.Neworld

Virus Databases
o W32/WBoy.a
o ExeBug.d
Module 10: Sniffers
o W32/Voterai.worm.e

Definition - Sniffing
o W32/Lecivio.worm

Protocols Vulnerable to Sniffing
o W32/Lurka.a

Tool: Network View – Scans the Network for
Devices

The Dude Sniffer

Wireshark

Display Filters in Wireshark

Following the TCP Stream in Wireshark

Cain and Abel
o W32/Vora.worm!p2p

Writing a Simple Virus Program

Virus Construction Kits

Virus Detection Methods

Virus Incident Response
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Tcpdump
o Linux Tool: Sshmitm

Tcpdump Commands
o Linux Tool: Tcpkill

Types of Sniffing
o Linux Tool: Tcpnice
o Passive Sniffing
o Linux Tool: Urlsnarf
o Active Sniffing
o Linux Tool: Webspy
What is ARP
o Linux Tool: Webmitm

o ARP Spoofing Attack
DNS Poisoning Techniques
o How does ARP Spoofing Work
o Intranet DNS Spoofing (Local Network)
o ARP Poising
o Internet DNS Spoofing (Remote Network)
o MAC Duplicating
o Proxy Server DNS Poisoning
o MAC Duplicating Attack
o DNS Cache Poisoning
o Tools for ARP Spoofing

Interactive TCP Relay
·
Ettercap

Interactive Replay Attacks
·
ArpSpyX

Raw Sniffing Tools

Features of Raw Sniffing Tools
o MAC Flooding
·


Tools for MAC Flooding
o HTTP Sniffer: EffeTech
Linux Tool: Macof
o Ace Password Sniffer
Windows Tool: Etherflood
o Win Sniffer
o Threats of ARP Poisoning
o MSN Sniffer
o Irs-Arp Attack Tool
o SmartSniff
o ARPWorks Tool
o Session Capture Sniffer: NetWitness
o Tool: Nemesis
o Session Capture Sniffer: NWreader
o IP-based sniffing
o Packet Crafter Craft Custom TCP/IP
Packets
Linux Sniffing Tools (dsniff package)
o Linux tool: Arpspoof
o Linux Tool: Dnssppoof
o Linux Tool: Dsniff
o Linux Tool: Filesnarf
o Linux Tool: Mailsnarf
o Linux Tool: Msgsnarf
o SMAC
o NetSetMan Tool
o Ntop
o EtherApe
o Network Probe
o Maa Tec Network Analyzer
o Tool: Snort
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Tool: Windump

“Rebecca” and “Jessica”
o Tool: Etherpeek

Office Workers
o NetIntercept

Types of Social Engineering
o Colasoft EtherLook
o Human-Based Social Engineering
o AW Ports Traffic Analyzer
·
Technical Support Example
o Colasoft Capsa Network Analyzer
·
More Social Engineering Examples
o CommView
·
Human-Based Social Engineering:
Eavesdropping
o Sniffem
o NetResident
o IP Sniffer
o Sniphere
o IE HTTP Analyzer
o BillSniff
·
Shoulder Surfing
·
Dumpster Diving
·
Dumpster Diving Example
·
Oracle Snoops Microsoft’s Trash Bins
o URL Snooper
·
Movies to Watch for Reverse
Engineering
o EtherDetect Packet Sniffer
o Computer Based Social Engineering
o EffeTech HTTP Sniffer
o Insider Attack
o AnalogX Packetmon
o Disgruntled Employee
o Colasoft MSN Monitor
o Preventing Insider Threat
o IPgrab
o Common Targets of Social Engineering
o EtherScan Analyzer
§ Social Engineering Threats

How to Detect Sniffing
o Online

Countermeasures
o Telephone
o Antisniff Tool
o Personal approaches
o Arpwatch Tool
o Defenses Against Social Engineering
Threats
o PromiScan
o proDETECT
§ Factors that make Companies Vulnerable
to Attacks
§ Why is Social Engineering Effective
Module 11: Social Engineering
§ Warning Signs of an Attack

What is Social Engineering?
§ Tool : Netcraft Anti-Phishing Toolbar

Human Weakness
§ Phases in a Social Engineering Attack
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
§ Behaviors Vulnerable to Attacks
o Client-side Vulnerabilities
§ Impact on the Organization
o Deceptive Phishing
§ Countermeasures
o Malware-Based Phishing
§ Policies and Procedures
o DNS-Based Phishing
§ Security Policies - Checklist
o Content-Injection Phishing
§ Impersonating Orkut, Facebook, MySpace
o Search Engine Phishing
§ Orkut
§ Phishing Statistics: Feb’ 2008
§ Impersonating on Orkut
§ Anti-Phishing
§ MW.Orc worm
§ Anti-Phishing Tools
§ Facebook
o PhishTank SiteChecker
§ Impersonating on Facebook
o NetCraft
§ MySpace
o GFI MailEssentials
§ Impersonating on MySpace
o SpoofGuard
§ How to Steal Identity
o Phishing Sweeper Enterprise
§ Comparison
o TrustWatch Toolbar
§ Original
o ThreatFire
§ Identity Theft
o GralicWrap
§ http://www.consumer.gov/idtheft/
o Spyware Doctor
o Track Zapper Spyware-Adware Remover
o AdwareInspector
Module 12: Phishing
o Email-Tag.com
§ Phishing
§ Introduction
§ Reasons for Successful Phishing
Module 13: Hacking Email Accounts
§ Phishing Methods

Ways for Getting Email Account Information
§ Process of Phishing

Stealing Cookies
§ Types of Phishing Attacks

Social Engineering
o Man-in-the-Middle Attacks

Password Phishing
o URL Obfuscation Attacks

Fraudulent e-mail Messages
o Cross-site Scripting Attacks

Vulnerabilities
o Hidden Attacks
www.itpro.net.vn
o
Web Email
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o
Reaper Exploit

DoS Attack Classification

Tool: Advanced Stealth Email Redirector
o Smurf Attack

Tool: Mail PassView
o Buffer Overflow Attack

Tool: Email Password Recovery Master
o Ping of Death Attack

Tool: Mail Password
o Teardrop Attack

Email Finder Pro
o SYN Attack

Email Spider Easy
o SYN Flooding

Kernel Hotmail MSN Password Recovery
o DoS Attack Tools

Retrieve Forgotten Yahoo Password
o DoS Tool: Jolt2

MegaHackerZ
o DoS Tool: Bubonic.c

Hack Passwords
o DoS Tool: Land and LaTierra

Creating Strong Passwords
o DoS Tool: Targa

Creating Strong Passwords: Change
Password
o DoS Tool: Blast

Creating Strong Passwords: Trouble Signing
In
o DoS Tool: Panther2

Sign-in Seal
o DoS Tool: Crazy Pinger

Alternate Email Address
o DoS Tool: SomeTrouble

Keep Me Signed In/ Remember Me
o DoS Tool: UDP Flood

Tool: Email Protector
o DoS Tool: FSMax

Tool: Email Security

Bot (Derived from the Word RoBOT)

Tool: EmailSanitizer

Botnets

Tool: Email Protector

Uses of Botnets

Tool: SuperSecret

Types of Bots

How Do They Infect? Analysis Of Agabot

How Do They Infect
Module 14: Denial-of-Service
o DoS Tool: Nemesy

Real World Scenario of DoS Attacks

Tool: Nuclear Bot

What are Denial-of-Service Attacks

What is DDoS Attack

Goal of DoS

Characteristics of DDoS Attacks

Impact and the Modes of Attack

DDOS Unstoppable

Types of Attacks

Agent Handler Model
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

DDoS IRC based Model

Deflect Attacks

DDoS Attack Taxonomy

Post-attack Forensics

Amplification Attack

Packet Traceback

Reflective DNS Attacks

Reflective DNS Attacks Tool: ihateperl.pl

DDoS Tools

What is Session Hijacking?
o DDoS Tool: Trinoo

Spoofing v Hijacking
o DDoS Tool: Tribal Flood Network

Steps in Session Hijacking
o DDoS Tool: TFN2K

Types of Session Hijacking
o DDoS Tool: Stacheldraht

Session Hijacking Levels
o DDoS Tool: Shaft

Network Level Hijacking
o DDoS Tool: Trinity

The 3-Way Handshake
o DDoS Tool: Knight and Kaiten

TCP Concepts 3-Way Handshake
o DDoS Tool: Mstream

Sequence Numbers

Worms

Sequence Number Prediction

Slammer Worm

TCP/IP hijacking

Spread of Slammer Worm – 30 min

IP Spoofing: Source Routed Packets

MyDoom.B

RST Hijacking

SCO Against MyDoom Worm

How to Conduct a DDoS Attack

Blind Hijacking

The Reflected DoS Attacks

Man in the Middle: Packet Sniffer

Reflection of the Exploit

UDP Hijacking

Countermeasures for Reflected DoS

Application Level Hijacking

DDoS Countermeasures

Programs that Performs Session Hacking

Taxonomy of DDoS Countermeasures
o Juggernaut

Preventing Secondary Victims
o Hunt

Detect and Neutralize Handlers
o TTY-Watcher

Detect Potential Attacks
o IP watcher

DoSHTTP Tool
o Session Hijacking Tool: T-Sight

Mitigate or Stop the Effects of DDoS Attacks
o Remote TCP Session Reset Utility
(SOLARWINDS)
www.itpro.net.vn
Module 15: Session Hijacking
o RST Hijacking Tool: hijack_rst.sh
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Paros HTTP Session Hijacking Tool
o Tool: HttpZip
o Dnshijacker Tool
o Tool: LinkDeny
o Hjksuite Tool
o Tool: ServerDefender AI

Dangers that hijacking Pose
o Tool: ZipEnable

Protecting against Session Hijacking
o Tool: w3compiler

Countermeasures: IPSec
o Yersinia
Module 16: Hacking Web Servers

Tool: Metasploit Framework

Tool: Immunity CANVAS Professional

How Web Servers Work

Tool: Core Impact

How are Web Servers Compromised

Tool: MPack

Web Server Defacement

Tool: Neosploit
o How are Servers Defaced

Hotfixes and Patches

Apache Vulnerability

What is Patch Management

Attacks against IIS

Patch Management Checklist


o IIS Components
o Solution: UpdateExpert
o IIS Directory Traversal (Unicode) Attack
o Patch Management Tool: qfecheck
Unicode
o Patch Management Tool: HFNetChk
o Unicode Directory Traversal Vulnerability
o cacls.exe utility
Hacking Tool
o Shavlik NetChk Protect
o Hacking Tool: IISxploit.exe
o Kaseya Patch Management
o Msw3prt IPP Vulnerability
o IBM Tivoli Configuration Manager
o RPC DCOM Vulnerability
o LANDesk Patch Manager
o ASP Trojan
o BMC Patch Manager
o IIS Logs
o ConfigureSoft Enterprise Configuration
Manager (ECM)
o Network Tool: Log Analyzer
o BladeLogic Configuration Manager
o Hacking Tool: CleanIISLog
o IIS Security Tool: Server Mask
o Opsware Server Automation System
(SAS)
o ServerMask ip100
o Best Practices for Patch Management
o Tool: CacheRight

Vulnerability Scanners
o Tool: CustomError

Online Vulnerability Search Engine
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Network Tool: Whisker

Network Tool: N-Stealth HTTP Vulnerability
Scanner

Hacking Tool: WebInspect

Network Tool: Shadow Security Scanner

Secure IIS
o Countermeasures

o Countermeasures

Cryptographic Interception

Cookie Snooping

Authentication Hijacking
o ServersCheck Monitoring
o GFI Network Server Monitor
o Servers Alive
o Webserver Stress Tool
o Monitoring Tool: Secunia PSI

Countermeasures

Increasing Web Server Security

Web Server Protection Checklist
Directory Traversal/Forceful Browsing
o Countermeasures

Log Tampering

Error Message Interception

Attack Obfuscation

Platform Exploits

DMZ Protocol Attacks
o Countermeasures

Security Management Exploits
o Web Services Attacks
Module 17: Web Application Vulnerabilities

Web Application Setup

Web application Hacking

Anatomy of an Attack

Web Application Threats

Cross-Site Scripting/XSS Flaws
o An Example of XSS
o Countermeasures

SQL Injection

Command Injection Flaws
o Zero-Day Attacks
o Network Access Attacks

TCP Fragmentation

Hacking Tools
o Instant Source
o Wget
o WebSleuth
o BlackWidow
o SiteScope Tool
o Countermeasures
o WSDigger Tool – Web Services Testing
Tool
Cookie/Session Poisoning
o CookieDigger Tool
o Countermeasures
o SSLDigger Tool

Parameter/Form Tampering
o SiteDigger Tool

Hidden Field at
o WindowBomb

Buffer Overflow
o Burp: Positioning Payloads

www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Burp: Configuring Payloads and Content
Enumeration
o RSA SecurID Token
o Biometrics Authentication
o Burp: Password Guessing
·
o Burp Proxy
Fingerprint-based Identification
o Burpsuite
Hand Geometry- based Identification
o Hacking Tool: cURL
Retina Scanning
o dotDefender
Afghan Woman Recognized After 17
Years
o Acunetix Web Scanner
o AppScan – Web Application Scanner
Face Recognition
o AccessDiver
Face Code: WebCam Based Biometrics
Authentication System
o Tool: Falcove Web Vulnerability Scanner
o Tool: NetBrute
o Tool: Emsa Web Monitor
o Tool: KeepNI
o Tool: Parosproxy
o Tool: WebScarab
o Tool: Watchfire AppScan
o Tool: WebWatchBot
o Tool: Mapper
Module 18: Web-Based Password Cracking
Techniques

Authentication - Definition

Authentication Mechanisms
o HTTP Authentication
·
Basic Authentication
·
Digest Authentication

Bill Gates at the RSA Conference 2006

How to Select a Good Password

Things to Avoid in Passwords

Changing Your Password

Protecting Your Password

Examples of Bad Passwords

The “Mary Had A Little Lamb” Formula

How Hackers Get Hold of Passwords

Windows XP: Remove Saved Passwords

What is a Password Cracker

Modus Operandi of an Attacker Using a
Password Cracker

How Does a Password Cracker Work

Attacks - Classification
o Password Guessing
o Query String
o Cookies
o Integrated Windows (NTLM)
Authentication
o Negotiate Authentication
Types of Biometrics Authentication
o Dictionary Maker

Password Crackers Available
o Certificate-based Authentication
o L0phtCrack (LC4)
o Forms-based Authentication
o John the Ripper
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Brutus
Module 19: SQL Injection
o ObiWaN
o Authforce
o Hydra
o Cain & Abel
o RAR
o Gammaprog
o WebCracker
o Munga Bunga
o PassList
o SnadBoy
o MessenPass
o Wireless WEP Key Password Spy
o RockXP
o Password Spectator Pro
o Passwordstate
o Atomic Mailbox Password Cracker
o Advanced Mailbox Password Recovery
(AMBPR)
o Tool: Network Password Recovery
o Tool: Mail PassView
o Tool: Messenger Key
o Tool: SniffPass
o WebPassword
o Password Administrator
o Password Safe
o Easy Web Password
o PassReminder
o My Password Manager

Countermeasures

What is SQL Injection

Exploiting Web Applications

Steps for performing SQL injection

What You Should Look For

What If It Doesn’t Take Input

OLE DB Errors

Input Validation Attack

SQL injection Techniques

How to Test for SQL Injection Vulnerability

How Does It Work

BadLogin.aspx.cs

BadProductList.aspx.cs

Executing Operating System Commands

Getting Output of SQL Query

Getting Data from the Database Using ODBC
Error Message

How to Mine all Column Names of a Table

How to Retrieve any Data

How to Update/Insert Data into Database

SQL Injection in Oracle

SQL Injection in MySql Database

Attacking Against SQL Servers

SQL Server Resolution Service (SSRS)

Osql -L Probing

SQL Injection Automated Tools

Automated SQL Injection Tool: AutoMagic
SQL

Absinthe Automated SQL Injection Tool
o Hacking Tool: SQLDict
o Hacking Tool: SQLExec
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o SQL Server Password Auditing Tool: sqlbf
§ Wireless Concepts and Devices
o Hacking Tool: SQLSmack
o Related Technology and Carrier Networks
o Hacking Tool: SQL2.exe
o Antennas
o sqlmap
o Cantenna – www.cantenna.com
o sqlninja
o Wireless Access Points
o SQLIer
o SSID
o Automagic SQL Injector
o Beacon Frames
o Absinthe
o Is the SSID a Secret
Blind SQL Injection
o Setting up a WLAN
o Blind SQL Injection: Countermeasure
o Authentication and Association
o Blind SQL Injection Schema
o Authentication Modes

SQL Injection Countermeasures
o The 802.1X Authentication Process

Preventing SQL Injection Attacks
§

GoodLogin.aspx.cs
o Wired Equivalent Privacy (WEP)

SQL Injection Blocking Tool: SQL Block
o WEP Issues

Acunetix Web Vulnerability Scanner
o WEP - Authentication Phase

WEP and WPA
o WEP - Shared Key Authentication
Module 20: Hacking Wireless Networks
o WEP - Association Phase
§ Introduction to Wireless
o WEP Flaws
o Introduction to Wireless Networking
o What is WPA
o Wired Network vs. Wireless Network
o WPA Vulnerabilities
o Effects of Wireless Attacks on Business
o WEP, WPA, and WPA2
o Types of Wireless Network
o WPA2 Wi-Fi Protected Access 2
o Advantages and Disadvantages of a
Wireless Network
§ Wireless Standards
o Wireless Standard: 802.11a
§ Attacks and Hacking Tools
o Terminologies
o WarChalking
o Wireless Standard: 802.11b – “WiFi”
o Authentication and (Dis) Association
Attacks
o Wireless Standard: 802.11g
o WEP Attack
o Wireless Standard: 802.11i
o Cracking WEP
o Wireless Standard: 802.11n
o Weak Keys (a.k.a. Weak IVs)
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Problems with WEP’s Key Stream and
Reuse
o Temporal Key Integrity Protocol (TKIP)
o Automated WEP Crackers
o LEAP: The Lightweight Extensible
Authentication Protocol
o Pad-Collection Attacks
o LEAP Attacks
o XOR Encryption
o LEAP Attack Tool: ASLEAP
o Stream Cipher
o Working of ASLEAP
o WEP Tool: Aircrack
o MAC Sniffing and AP Spoofing
o Aircrack-ng
o Defeating MAC Address Filtering in
Windows
o WEP Tool: AirSnort
o WEP Tool: WEPCrack
o WEP Tool: WepLab
o Attacking WPA Encrypted Networks
o Attacking WEP with WEPCrack on
Windows using Cygwin
o Manually Changing the MAC Address in
Windows XP and 2000
o Tool to Detect MAC Address Spoofing:
Wellenreiter
o Man-in-the-Middle Attack (MITM)
o Denial-of-Service Attacks
o Attacking WEP with WEPCrack on
Windows using PERL Interpreter
o DoS Attack Tool: Fatajack
o Tool: Wepdecrypt
o Hijacking and Modifying a Wireless
Network
o WPA-PSK Cracking Tool: CowPatty
o Phone Jammers
o 802.11 Specific Vulnerabilities
o Phone Jammer: Mobile Blocker
o Evil Twin: Attack
o Pocket Cellular Style Cell Phone Jammer
o Rogue Access Points
o 2.4Ghz Wi-Fi & Wireless Camera Jammer
o Tools to Generate Rogue Access Points:
Fake AP
o 3 Watt Digital Cell Phone Jammer
o Tools to Detect Rogue Access Points:
Netstumbler
o Tools to Detect Rogue Access Points:
MiniStumbler
o 3 Watt Quad Band Digital Cellular Mobile
Phone Jammer
o 20W Quad Band Digital Cellular Mobile
Phone Jammer
o ClassicStumbler
o 40W Digital Cellular Mobile Phone
Jammer
o AirFart
o Detecting a Wireless Network
o AP Radar
§ Scanning Tools
o Hotspotter
o Scanning Tool: Kismet
o Cloaked Access Point
o Scanning Tool: Prismstumbler
o WarDriving Tool: shtumble
o Scanning Tool: MacStumbler
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Scanning Tool: Mognet V1.16
o Step 1: Find Networks to Attack
o Scanning Tool: WaveStumbler
o Step 2: Choose the Network to Attack
o Scanning Tool: Netchaser V1.0 for Palm
Tops
o Step 3: Analyzing the Network
o Step 4: Cracking the WEP Key
o Scanning Tool: AP Scanner
o Step 5: Sniffing the Network
o Scanning Tool: Wavemon
§ Wireless Security
o Scanning Tool: Wireless Security Auditor
(WSA)
o WIDZ: Wireless Intrusion Detection
System
o Scanning Tool: AirTraf
o Scanning Tool: WiFi Finder
o Radius: Used as Additional Layer in
Security
o Scanning Tool: WifiScanner
o Securing Wireless Networks
o eEye Retina WiFI
o Wireless Network Security Checklist
o Simple Wireless Scanner
o WLAN Security: Passphrase
o wlanScanner
o Don’ts in Wireless Security
§ Sniffing Tools
§ Wireless Security Tools
o Sniffing Tool: AiroPeek
o WLAN Diagnostic Tool: CommView for
WiFi PPC
o Sniffing Tool: NAI Wireless Sniffer
o MAC Sniffing Tool: WireShark
o WLAN Diagnostic Tool: AirMagnet
Handheld Analyzer
o Sniffing Tool: vxSniffer
o Auditing Tool: BSD-Airtools
o Sniffing Tool: Etherpeg
o AirDefense Guard
(www.AirDefense.com)
o Sniffing Tool: Drifnet
o Google Secure Access
o Sniffing Tool: AirMagnet
o Tool: RogueScanner
o Sniffing Tool: WinDump
o Sniffing Tool: Ssidsniff
o Multiuse Tool: THC-RUT
Module 21: Physical Security

Security Facts

Understanding Physical Security

Physical Security

What Is the Need for Physical Security
o Microsoft Network Monitor

Who Is Accountable for Physical Security
§ Hacking Wireless Networks

Factors Affecting Physical Security
o Steps for Hacking Wireless Networks

Physical Security Checklist
o Tool: WinPcap
o Tool: AirPcap
o AirPcap: Example Program from the
Developer's Pack
®
ITPro Global 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Physical Security Checklist -Company
surroundings
o Gates
o Security Guards
o Physical Security Checklist: Premises
o CCTV Cameras
o Reception
o Server Room
o Workstation Area
o Wireless Access Point
o Other Equipments
o Access Control
·
Biometric Devices
·
Biometric Identification Techniques
·
Authentication Mechanisms

Statistics for Stolen and Recovered Laptops

Laptop Theft

Laptop theft: Data Under Loss

Laptop Security Tools

Laptop Tracker - XTool Computer Tracker

Tools to Locate Stolen Laptops

Stop's Unique, Tamper-proof Patented Plate

Tool: TrueCrypt

Laptop Security Countermeasures

Mantrap

TEMPEST

Challenges in Ensuring Physical Security

Spyware Technologies

Spying Devices

Physical Security: Lock Down USB Ports
·
Authentication Mechanism Challenges:
Biometrics

Tool: DeviceLock
·
Faking Fingerprints

Blocking the Use of USB Storage Devices
·
Smart cards

Track Stick GPS Tracking Device
·
Security Token
·
Computer Equipment Maintenance
·
Wiretapping
§ Why Linux
·
Remote Access
§ Linux Distributions
·
Lapse of Physical Security
§ Linux Live CD-ROMs
·
Locks
§ Basic Commands of Linux: Files &
Directories
Module 22: Linux Hacking
Lock Picking
§ Linux Basic
Lock Picking Tools

Information Security

EPS (Electronic Physical Security)

Wireless Security

Laptop Theft Statistics for 2007
www.itpro.net.vn
o Linux File Structure
o Linux Networking Commands

Directories in Linux

Installing, Configuring, and Compiling Linux
Kernel
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

How to Install a Kernel Patch

Linux Tool: IPTraf

Compiling Programs in Linux

Linux Tool: LIDS

GCC Commands

Hacking Tool: Hunt

Make Files

Tool: TCP Wrappers

Make Install Command

Linux Loadable Kernel Modules

Linux Vulnerabilities

Hacking Tool: Linux Rootkits

Chrooting

Rootkits: Knark & Torn

Why is Linux Hacked

Rootkits: Tuxit, Adore, Ramen

How to Apply Patches to Vulnerable
Programs

Rootkit: Beastkit

Rootkit Countermeasures

Scanning Networks

‘chkrootkit’ detects the following Rootkits

Nmap in Linux

Linux Tools: Application Security

Scanning Tool: Nessus


Port Scan Detection Tools
Advanced Intrusion Detection Environment
(AIDE)

Password Cracking in Linux: Xcrack

Linux Tools: Security Testing Tools

Firewall in Linux: IPTables

Linux Tools: Encryption

IPTables Command

Linux Tools: Log and Traffic Monitors

Basic Linux Operating System Defense

Linux Security Auditing Tool (LSAT)

SARA (Security Auditor's Research
Assistant)

Linux Security Countermeasures

Steps for Hardening Linux

Linux Tool: Netcat

Linux Tool: tcpdump

Linux Tool: Snort

Linux Tool: SAINT
§ Introduction to Intrusion Detection System

Linux Tool: Wireshark
§ Terminologies

Linux Tool: Abacus Port Sentry
§ Intrusion Detection System (IDS)

Linux Tool: DSniff Collection
o IDS Placement

Linux Tool: Hping2
o Ways to Detect an Intrusion

Linux Tool: Sniffit
o Types of Instruction Detection Systems

Linux Tool: Nemesis
o System Integrity Verifiers (SIVS)

Linux Tool: LSOF
o Tripwire
www.itpro.net.vn
Module 23: Evading IDS, Firewalls and Detecting
Honey Pots
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Cisco Security Agent (CSA)
o Firewall Operations
o True/False, Positive/Negative
o Hardware Firewall
o Signature Analysis
o Software Firewall
o General Indication of Intrusion: System
Indications
o Types of Firewall
o General Indication of Intrusion: File
System Indications
o General Indication of Intrusion: Network
Indications
o Intrusion Detection Tools
·
Snort
·
Running Snort on Windows 2003
·
Snort Console
·
Testing Snort
·
Configuring Snort (snort.conf)
·
Snort Rules
·
Set up Snort to Log to the Event Logs
and to Run as a Service
·
Using EventTriggers.exe for Eventlog
Notifications
·
SnortSam
·
Packet Filtering Firewall
·
IP Packet Filtering Firewall
·
Circuit-Level Gateway
·
TCP Packet Filtering Firewall
·
Application Level Firewall
·
Application Packet Filtering Firewall
·
Stateful Multilayer Inspection Firewall
o Packet Filtering Firewall
o Firewall Identification
o Firewalking
o Banner Grabbing
o Breaching Firewalls
o Bypassing a Firewall using HTTPTunnel
o Placing Backdoors through Firewalls
o Hiding Behind a Covert Channel: LOKI
o Steps to Perform after an IDS detects an
attack
o Tool: NCovert
o Evading IDS Systems
o ACK Tunneling
·
Ways to Evade IDS
o Tools to breach firewalls
·
Tools to Evade IDS
§ Common Tool for Testing Firewall and IDS
§ IDS Evading Tool: ADMutate
o IDS testing tool: IDS Informer
§ Packet Generators
o IDS Testing Tool: Evasion Gateway
§ What is a Firewall?
o What Does a Firewall Do
o IDS Tool: Event Monitoring Enabling
Responses to Anomalous Live Disturbances
(Emerald)
o Packet Filtering
o IDS Tool: BlackICE
o What can’t a firewall do
o IDS Tool: Next-Generation Intrusion
Detection Expert System (NIDES)
o How does a Firewall work
www.itpro.net.vn
o IDS Tool: SecureHost
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o IDS Tool: Snare
o A Simple Uncontrolled Overflow of the
Stack
o IDS Testing Tool: Traffic IQ Professional
o Stack Based Buffer Overflows
o IDS Testing Tool: TCPOpera
o IDS testing tool: Firewall Informer

Types of Buffer Overflows: Heap-based
Buffer Overflow
o Atelier Web Firewall Tester
o Heap Memory Buffer Overflow Bug
§ What is Honeypot?
o Heap-based Buffer Overflow
o The Honeynet Project

o Types of Honeypots
§ Low-interaction honeypot
Understanding Assembly Language
o Shellcode

How to Detect Buffer Overflows in a Program
§ Medium-interaction honeypot
o Attacking a Real Program
§ High-interaction honeypot
§ NOPs
o Advantages and Disadvantages of a
Honeypot
§ How to Mutate a Buffer Overflow Exploit
§ Once the Stack is Smashed
o Where to place Honeypots
o Honeypots
·
Honeypot-SPECTER
·
Honeypot - honeyd
·
Honeypot – KFSensor
·
Sebek

Defense Against Buffer Overflows
o Tool to Defend Buffer Overflow: Return
Address Defender (RAD)
o Tool to Defend Buffer Overflow:
StackGuard
o Tool to Defend Buffer Overflow: Immunix
System
o Physical and Virtual Honeypots
o Vulnerability Search: NIST
§ Tools to Detect Honeypots
§ What to do when hacked
o Valgrind
o Insure++
Module 24: Buffer Overflows

Buffer Overflow Protection Solution: Libsafe

Why are Programs/Applications Vulnerable

Buffer Overflows

Reasons for Buffer Overflow Attacks

Knowledge Required to Program Buffer
Overflow Exploits

Understanding Stacks

Understanding Heaps
§ Introduction to Cryptography

Types of Buffer Overflows: Stack-based
Buffer Overflow
§ Classical Cryptographic Techniques
o Comparing Functions of libc and Libsafe

Simple Buffer Overflow in C
o Code Analysis
Module 25: Cryptography
o Encryption
®
ITPro Global 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Cleversafe Grid Builder
http://www.cleversafe.com/
o Decryption
§ Cryptographic Algorithms
§ PGP (Pretty Good Privacy)
§ RSA (Rivest Shamir Adleman)
§ CypherCalc
o Example of RSA Algorithm
§ Command Line Scriptor
o RSA Attacks
§ CryptoHeaven
o RSA Challenge
§ Hacking Tool: PGP Crack
§ Data Encryption Standard (DES)
§ Magic Lantern
o DES Overview
§ Advanced File Encryptor
§ RC4, RC5, RC6, Blowfish

Encryption Engine

Encrypt Files

Encrypt PDF

Encrypt Easy

Encrypt my Folder

Advanced HTML Encrypt and Password
Protect
§ What is SSH?

Encrypt HTML source
o SSH (Secure Shell)

Alive File Encryption
§ Algorithms and Security

Omziff
§ Disk Encryption

ABC CHAOS
§ Government Access to Keys (GAK)

EncryptOnClick
§ Digital Signature

CryptoForge
o Components of a Digital Signature

SafeCryptor
o Method of Digital Signature Technology

CrypTool
o Digital Signature Applications

Microsoft Cryptography Tools
o Digital Signature Standard

Polar Crypto Light
o Digital Signature Algorithm: Signature
Generation/Verification

CryptoSafe

Crypt Edit

CrypSecure
o Challenges and Opportunities

Cryptlib
§ Digital Certificates

Crypto++ Library
o RC5
§ Message Digest Functions
o One-way Bash Functions
o MD5
§ SHA (Secure Hash Algorithm)
§ SSL (Secure Sockets Layer)
o Digital Signature Algorithms: ECDSA,
ElGamal Signature Scheme
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
§ Code Breaking: Methodologies
§ Denial-of-Service Emulation
§ Cryptanalysis
§ Pentest using Appscan
§ Cryptography Attacks
§ HackerShield
§ Brute-Force Attack
§ Pen-Test Using Cerberus Internet Scanner
§ Cracking S/MIME Encryption Using Idle
CPU Time
§ Pen-Test Using Cybercop Scanner
§ distributed.net
§ Pen-Test Using FoundScan Hardware
Appliances
§ Use Of Cryptography
§ Pen-Test Using Nessus
§ Pen-Test Using NetRecon
Module 26: Penetration Testing
§ Pen-Test Using SAINT
§ Introduction to Penetration Testing (PT)
§ Pen-Test Using SecureNet Pro
§ Categories of security assessments
§ Pen-Test Using SecureScan
§ Vulnerability Assessment
§ Pen-Test Using SATAN, SARA and
Security Analyzer
§ Limitations of Vulnerability Assessment
§ Penetration Testing
§ Types of Penetration Testing
§ Risk Management
§ Do-It-Yourself Testing
§ Outsourcing Penetration Testing Services
§ Pen-Test Using STAT Analyzer
§ Pentest Using VigilENT
§ Pentest Using WebInspect
§ Pentest Using CredDigger
§ Pentest Using Nsauditor
§ Terms of Engagement
§ Evaluating Different Types of Pen-Test
Tools
§ Project Scope
§ Asset Audit
§ Pentest Service Level Agreements
§ Fault Tree and Attack Trees
§ Testing points
§ GAP Analysis
§ Testing Locations
§ Threat
§ Automated Testing
§ Business Impact of Threat
§ Manual Testing
§ Internal Metrics Threat
§ Using DNS Domain Name and IP Address
Information
§ External Metrics Threat
§ Enumerating Information about Hosts on
Publicly Available Networks
§ Calculating Relative Criticality
§ Test Dependencies
§ Testing Network-filtering Devices
§ Defect Tracking Tools: Bug Tracker Server
§ Enumerating Devices
§ Disk Replication Tools
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
§ DNS Zone Transfer Testing Tools
§ Pre-attack Phase
§ Network Auditing Tools
§ Best Practices
§ Trace Route Tools and Services
§ Results that can be Expected
§ Network Sniffing Tools
§ Passive Reconnaissance
§ Denial of Service Emulation Tools
§ Active Reconnaissance
§ Traditional Load Testing Tools
§ Attack Phase
§ System Software Assessment Tools
o Activity: Perimeter Testing
§ Operating System Protection Tools
o Activity: Web Application Testing
§ Fingerprinting Tools
o Activity: Wireless Testing
§ Port Scanning Tools
o Activity: Acquiring Target
§ Directory and File Access Control Tools
o Activity: Escalating Privileges
§ File Share Scanning Tools
o Activity: Execute, Implant and Retract
§ Password Directories
§ Post Attack Phase and Activities
§ Password Guessing Tools
§ Penetration Testing Deliverables
Templates
§ Link Checking Tools
§ Web-Testing Based Scripting tools
§ Buffer Overflow protection Tools
§ File Encryption Tools
§ Database Assessment Tools
§ Keyboard Logging and Screen Reordering
Tools
§ System Event Logging and Reviewing
Tools
Module 27: Covert Hacking
§ Insider Attacks
§ What is Covert Channel?
§ Security Breach
§ Why Do You Want to Use Covert
Channel?
§ Motivation of a Firewall Bypass
§ Tripwire and Checksum Tools
§ Covert Channels Scope
§ Mobile-code Scanning Tools
§ Covert Channel: Attack Techniques
§ Centralized Security Monitoring Tools
§ Simple Covert Attacks
§ Web Log Analysis Tools
§ Advanced Covert Attacks
§ Forensic Data and Collection Tools
§ Standard Direct Connection
§ Security Assessment Tools
§ Reverse Shell (Reverse Telnet)
§ Multiple OS Management Tools
§ Direct Attack Example
§ Phases of Penetration Testing
§ In-Direct Attack Example
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
§ Reverse Connecting Agents
·
Example Directory Traversal Function
§ Covert Channel Attack Tools
·
“dot dot” Method
o Netcat
·
Example Code for a “dot dot” Method
o DNS Tunneling
o Virus Infection: Step II
o Covert Channel Using DNS Tunneling
o Virus Infection: Step III
o DNS Tunnel Client
·
o DNS Tunneling Countermeasures
o Virus Infection: Step IV
o Covert Channel Using SSH
o Virus Infection: Step V
o Covert Channel using SSH (Advanced)
§ Components of Viruses
o HTTP/S Tunneling Attack
o Functioning of Replicator part
§ Covert Channel Hacking Tool: Active Port
Forwarder
o Writing Replicator
Marking a File for Infection
o Writing Concealer
§ Covert Channel Hacking Tool: CCTT
o Dispatcher
§ Covert Channel Hacking Tool: Firepass
o Writing Bomb/Payload
§ Covert Channel Hacking Tool: MsnShell
§ Covert Channel Hacking Tool: Web Shell
§ Covert Channel Hacking Tool: NCovert
o Ncovert - How it works
·
Trigger Mechanism
·
Bombs/Payloads
·
Brute Force Logic Bombs
§ Testing Virus Codes
§ Covert Channel Hacking via Spam E-mail
Messages
§ Tips for Better Virus Writing
§ Hydan
Module 28: Writing Virus Codes
Module 29: Assembly Language Tutorial
§ Introduction of Virus

Base 10 System
§ Types of Viruses

Base 2 System
§ Symptoms of a Virus Attack

Decimal 0 to 15 in Binary
§ Prerequisites for Writing Viruses

Binary Addition (C stands for Canary)
§ Required Tools and Utilities

Hexadecimal Number
§ Virus Infection Flow Chart

Hex Example
o Virus Infection: Step I

Hex Conversion
·

nibble
Directory Traversal Method
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Computer memory

Input and output

Characters Coding

C Interface

ASCII and UNICODE

Call

CPU

Creating a Program

Machine Language

Why should anyone learn assembly at all?

Compilers

Clock Cycle

Assembling the code

Original Registers

Compiling the C code

Instruction Pointer

Linking the object files

Pentium Processor

Understanding an assembly listing file

Interrupts

Big and Little Endian Representation

Interrupt handler

Skeleton File

External interrupts and Internal interrupts

Working with Integers

Handlers

Signed integers

Machine Language

Signed Magnitude

Assembly Language

Two’s Compliment

Assembler

If statements

Assembly Language Vs High-level Language

Do while loops

Assembly Language Compilers

Indirect addressing

Instruction operands

Subprogram

MOV instruction

The Stack

ADD instruction

The SS segment

SUB instruction

ESP

INC and DEC instructions

The Stack Usage

Directive

The CALL and RET Instructions

preprocessor

General subprogram form

equ directive

Local variables on the stack

%define directive


Data directives
General subprogram form with local
variables

Labels

Multi-module program

Saving registers
www.itpro.net.vn
o First.asm
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Labels of functions
o NASM

Calculating addresses of local variables
o GDB
o objdump
o ktrace
Module 30: Exploit Writing

Exploits Overview
o strace

Prerequisites for Writing Exploits and
Shellcodes
o readelf

Purpose of Exploit Writing

Types of Exploits

Stack Overflow

Heap Corruption

Steps for Writing a Shellcode

Issues Involved With Shellcode Writing
o Addressing problem
o Null byte problem
o System call implementation
o Format String
o Integer Bug Exploits
o Race Condition
o TCP/IP Attack

The Proof-of-Concept and Commercial
Grade Exploit

Converting a Proof of Concept Exploit to
Commercial Grade Exploit

Attack Methodologies

Socket Binding Exploits

Tools for Exploit Writing
o LibExploit
o Metasploit
o CANVAS
Module 31: Smashing the Stack for Fun and Profit

What is a Buffer?

Static Vs Dynamic Variables

Stack Buffers

Data Region

Memory Process Regions

What Is A Stack?

Why Do We Use A Stack?

The Stack Region

Stack frame

Stack pointer

Procedure Call (Procedure Prolog)

Steps for Writing an Exploit

Compiling the code to assembly

Differences Between Windows and Linux
Exploits

Call Statement

Shellcodes

Return Address (RET)

NULL Byte

Word Size

Types of Shellcodes

Stack

Tools Used for Shellcode Development

Buffer Overflows
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Error

Why do we get a segmentation violation?

Segmentation Error

Instruction Jump

Guess Key Parameters

Calculation

Shell Code
o The code to spawn a shell in C

Lets try to understand what is going on here.
We'll start by studying main:

execve()
o execve() system call

exit.c
o List of steps with exit call

The code in Assembly

JMP

Code using indexed addressing

Offset calculation

shellcodeasm.c

testsc.c

Compile the code

NULL byte

shellcodeasm2.c

testsc2.c

Writing an Exploit

overflow1.c

Compiling the code

sp.c

vulnerable.c

NOPs
o Using NOPs
www.itpro.net.vn
o Estimating the Location
Module 32: Windows Based Buffer Overflow
Exploit Writing

Buffer Overflow

Stack overflow

Writing Windows Based Exploits

Exploiting stack based buffer overflow

OpenDataSource Buffer Overflow
Vulnerability Details

Simple Proof of Concept

Windbg.exe

Analysis

EIP Register
o Location of EIP
o EIP

Execution Flow

But where can we jump to?

Offset Address

The Query

Finding jmp esp

Debug.exe

listdlls.exe

Msvcrt.dll

Out.sql

The payload

ESP

Limited Space

Getting Windows API/function absolute
address

Memory Address

Other Addresses
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Compile the program
§ Tool: LSW DotNet-Reflection-Browser

Final Code
§ Tool: Reflector
§ Tool: Spices NET.Decompiler
§ Tool: Decompilers.NET
Module 33: Reverse Engineering
§ .NET Obfuscator and .NET Obfuscation
§ Positive Applications of Reverse
Engineering
§ Java Bytecode Decompilers
§ Ethical Reverse Engineering
§ Tool: JODE Java Decompiler
§ World War Case Study
§ Tool: JREVERSEPRO
§ DMCA Act
§ Tool: SourceAgain
§ What is Disassembler?
§ Tool: ClassCracker
§ Why do you need to decompile?
§ Python Decompilers
§ Professional Disassembler Tools
§ Reverse Engineering Tutorial
§ Tool: IDA Pro
§ OllyDbg Debugger
§ Convert Machine Code to Assembly Code
§ How Does OllyDbg Work?
§ Decompilers
§ Debugging a Simple Console Application
§ Program Obfuscation
§ Convert Assembly Code to C++ code
§ Machine Decompilers
§ Tool: dcc
§ Machine Code of compute.exe Prorgam
§ Assembly Code of compute.exe Program
Module 34: MAC OS X Hacking

Introduction to MAC OS

Vulnerabilities in MAC
o Crafted URL Vulnerability
o CoreText Uninitialized Pointer Vulnerability
§ Code Produced by the dcc Decompiler in
C
o ImageIO Integer overflow Vulnerability
§ Tool: Boomerang
o DirectoryService Vulnerability
§ What Boomerang Can Do?
o iChat UPnP buffer overflow Vulnerability
§ Andromeda Decompiler
o ImageIO Memory Corruption Vulnerability
§ Tool: REC Decompiler
o Code Execution Vulnerability
§ Tool: EXE To C Decompiler
o UFS filesystem integer overflow Vulnerability
§ Delphi Decompilers
o Kernel "fpathconf()" System call Vulnerability
§ Tools for Decompiling .NET Applications
o UserNotificationCenter Privilege Escalation
Vulnerability
§ Salamander .NET Decompiler
www.itpro.net.vn
o Other Vulnerabilities in MAC
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

How a Malformed Installer Package Can
Crack Mac OS X

Worm and Viruses in MAC
o OSX/Leap-A
o Inqtana.A
o Macro Viruses

Anti-Viruses in MAC
o VirusBarrier
o McAfee Virex for Macintosh
o Endpoint Security and Control
o Norton Internet Security

Mac Security Tools
o MacScan

Types of Router Attacks

Router Attack Topology

Denial of Service (DoS) Attacks

Packet “Mistreating” Attacks

Routing Table Poisoning

Hit-and-run Attacks vs. Persistent Attacks

Cisco Router
o Finding a Cisco Router
o How to Get into Cisco Router
o Breaking the Password
o Is Anyone Here
o Looking Around
o IPNetsentryx
o FileGuard
Countermeasures
Module 35: Hacking Routers, cable Modems and
Firewalls

Network Devices

Identifying a Router
o
Implications of a Router Attack
o Covering Tracks
o ClamXav


SING: Tool for Identifying the Router

Eigrp-tool

Tool: Zebra

Tool: Yersinia for HSRP, CDP, and other
layer 2 attacks

Tool: Cisco Torch

Monitoring SMTP(port25) Using SLcheck

Monitoring HTTP(port 80)

Cable Modem Hacking
o OneStep: ZUP

HTTP Configuration Arbitrary Administrative
Access Vulnerability

www.bypassfirewalls.net

ADMsnmp

Waldo Beta 0.7 (b)

Solarwinds MIB Browser

Brute-Forcing Login Services

Hydra

Analyzing the Router Config

Cracking the Enable Password

Tool: Cain and Abel
www.itpro.net.vn
Module 36: Hacking Mobile Phones, PDA and
Handheld Devices

Different OS in Mobile Phone

Different OS Structure in Mobile Phone

Evolution of Mobile Threat
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Threats
o Tool to Unlock iPhone: iPhoneSimFree

What Can A Hacker Do
o Tool to Unlock iPhone: anySIM

Vulnerabilities in Different Mobile Phones
o Steps for Unlocking your iPhone using AnySIM

Malware

Spyware
o Activate the Voicemail Button on your Unlocked
iPhone
o Spyware: SymbOS/Htool-SMSSender.A.intd
o Spyware: SymbOS/MultiDropper.CG
o Best Practices against Malware

Blackberry
o Blackberry Attacks
o Blackberry Attacks: Blackjacking
o BlackBerry Wireless Security
o BlackBerry Signing Authority Tool
o Countermeasures

PDA
o PDA Security Issues
o ActiveSync attacks
o HotSync Attack
o PDA Virus: Brador
o PDA Security Tools: TigerSuite PDA
o Security Policies for PDAs

iPod
o Misuse of iPod
o Jailbreaking
o Tools for jailbreaking: iFuntastic
o Prerequisite for iPhone Hacking
o Step by Step iPhone Hacking using iFuntastic
o Podloso Virus
o Security tool: Icon Lock-iT XP

Mobile: Is It a Breach to Enterprise Security?
o Threats to Organizations Due to Mobile Devices
o Security Actions by Organizations

Viruses
o Skulls
o Duts
o Doomboot.A: Trojan

Antivirus
o Kaspersky Antivirus Mobile
o Airscanner
o BitDefender Mobile Security
o SMobile VirusGuard
o Symantec AntiVirus
o F-Secure Antivirus for Palm OS
o BullGuard Mobile Antivirus

Security Tools
o Sprite Terminator
o Mobile Security Tools: Virus Scan Mobile

Defending Cell Phones and PDAs Against
Attack

Mobile Phone Security Tips
o Step by step iPhone Hacking
o AppSnapp
Steps for AppSnapp
www.itpro.net.vn
Module 37: Bluetooth Hacking

Bluetooth Introduction
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Security Issues in Bluetooth
o BlueSweep

Security Attacks in Bluetooth Devices
o Bluekey
o Bluejacking
o BlueFire Mobile Security Enterprise Edition
o Tools for Bluejacking
o BlueAuditor
o BlueSpam
o Bluetooth Network Scanner
o Blue snarfing

Countermeasures
o BlueBug Attack
o Short Pairing Code Attacks
Module 38: VoIP Hacking
o Man-In-Middle Attacks

What is VoIP
o OnLine PIN Cracking Attack

VoIP Hacking Steps
o BTKeylogging attack

Footprinting
o BTVoiceBugging attack
o Information Sources
o Blueprinting
o Unearthing Information
o Bluesmacking - The Ping of Death
o Organizational Structure and Corporate Locations
o Denial-of-Service Attack
o Help Desk
o BlueDump Attack
o Job Listings

Bluetooth hacking tools
o Phone Numbers and Extensions
o BTScanner
o VoIP Vendors
o Bluesnarfer
o Resumes
o Bluediving
o WHOIS and DNS Analysis
o Transient Bluetooth Environment Auditor
o Steps to Perform Footprinting
o BTcrack

Scanning
o Blooover
o Host/Device Discovery
o Hidattack
o ICMP Ping Sweeps

Bluetooth Viruses and Worms
o ARP Pings
o Cabir
o TCP Ping Scans
o Mabir
o SNMP Sweeps
o Lasco
o Port Scanning and Service Discovery

Bluetooth Security tools
o BlueWatch
www.itpro.net.vn
o TCP SYN Scan
o UDP Scan
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Host/Device Identification

Enumeration
o
Flooding Attacks
o DNS Cache Poisoning
o Steps to Perform Enumeration
o Sniffing TFTP Configuration File Transfers
o Banner Grabbing with Netcat
o Performing Number Harvesting and Call Pattern
Tracking
o SIP User/Extension Enumeration

REGISTER Username Enumeration

INVITE Username Enumeration

OPTIONS Username Enumeration

Automated OPTIONS Scanning with sipsak

Automated REGISTER, INVITE and
OPTIONS Scanning with SIPSCAN against
SIP server
o Call Eavesdropping
o Interception through VoIP Signaling Manipulation
o Man-In-The-Middle (MITM) Attack
o Application-Level Interception Techniques

How to Insert Rogue Application

SIP Rogue Application

Listening to/Recording Calls

Replacing/Mixing Audio
o Enumerating TFTP Servers

Dropping Calls with a Rogue SIP Proxy
o SNMP Enumeration

Randomly Redirect Calls with a Rogue SIP
Proxy

Additional Attacks with a Rogue SIP Proxy

Automated OPTIONS Scanning Using
SIPSCAN against SIP Phones
o Enumerating VxWorks VoIP Devices

Steps to Exploit the Network
o Denial-of-Service (DoS)
o
Distributed Denial-of-Service (DDoS) Attack
o Internal Denial-of-Service Attack
o DoS Attack Scenarios
o What is Fuzzing

Why Fuzzing

Commercial VoIP Fuzzing tools
o Signaling and Media Manipulation

Registration Removal with
erase_registrations Tool

Registration Addition with add_registrations
Tool
o Eavesdropping
o Packet Spoofing and Masquerading
o Replay Attack
o Call Redirection and Hijacking
o ARP Spoofing
o VoIP Phishing

Covering Tracks
o ARP Spoofing Attack
o Service Interception
o H.323-Specific Attacks
o SIP Security Vulnerabilities
o SIP Attacks
www.itpro.net.vn
Module 39: RFID Hacking
§ RFID- Definition
§ Components of RFID Systems
§ RFID Collisions
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

RFID Risks
o Business Process Risk
o Technical Controls
§ RFID Security
o Business Intelligence Risk
o Privacy Risk
o Externality Risk
Module 40: Spamming

Introduction

Hazards of Electromagnetic Radiation

Techniques used by Spammers

Computer Network Attacks

How Spamming is performed
§ RFID and Privacy Issues

Spammer: Statistics
§ Countermeasures

Worsen ISP: Statistics
§ RFID Security and Privacy Threats

Top Spam Effected Countries: Statistics
o Sniffing

Types of Spam Attacks
o Tracking

Spamming Tools
o Spoofing
o Farelogic Worldcast
o Replay attacks
o 123 Hidden Sender
o Denial-of-service
o YL Mail Man
§ Protection Against RFID Attacks
o Sendblaster
§ RFID Guardian
o Direct Sender
§ RFID Malware
o Hotmailer
o How to Write an RFID Virus
o PackPal Bulk Email Server
o How to Write an RFID Worm
o IEmailer
o Defending Against RFID Malware

Anti-Spam Techniques
§ RFID Exploits

Anti- Spamming Tools
§ Vulnerabilities in RFID-enabled Credit Cards
o AEVITA Stop SPAM Email
o Skimming Attack
o SpamExperts Desktop
o Replay Attack
o SpamEater Pro
o Eavesdropping Attack
o SpamWeasel
§ RFID Hacking Tool: RFDump
o Spytech SpamAgent
§ RFID Security Controls
o AntispamSniper
o Management Controls
o Spam Reader
o Operational Controls
o Spam Assassin Proxy (SA) Proxy
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o MailWasher Free
o USB CopyNotify
o Spam Bully
o Remora USB File Guard

Countermeasures
o Advanced USB Pro Monitor
o Folder Password Expert USB
Module 41: Hacking USB Devices
o USBlyzer
§ Introduction to USB Devices
o USB PC Lock Pro
§ Electrical Attack
o Torpark
§ Software Attack
o Virus Chaser USB
§ USB Attack on Windows
§ Countermeasures
§ Viruses and Worms
o W32/Madang-Fam
Module 42: Hacking Database Servers
o W32/Hasnot-A

Hacking Database server: Introduction
o W32/Fujacks-AK

Hacking Oracle Database Server
o W32/Fujacks-E
o Attacking Oracle
o W32/Dzan-C
o Security Issues in Oracle
o W32/SillyFD-AA
o Types of Database Attacks
o W32/SillyFDC-BK
o How to Break into an Oracle Database and Gain
DBA Privileges
o W32/LiarVB-A
o W32/Hairy-A
o W32/QQRob-ADN
o W32/VBAut-B
o HTTP W32.Drom
§ Hacking Tools
o USB Dumper
o USB Switchblade
o USB Hacksaw
§ USB Security Tools
o MyUSBonly
o USBDeview
o USB-Blocker
www.itpro.net.vn
o Oracle Worm: Voyager Beta
o Ten Hacker Tricks to Exploit SQL Server Systems

Hacking SQL Server
o How SQL Server is Hacked
o Query Analyzer
o odbcping Utility
o Tool: ASPRunner Professional
o Tool: FlexTracer

Security Tools

SQL Server Security Best Practices:
Administrator Checklist
§ SQL Server Security Best Practices: Developer
Checklist
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Introduction to Internet Filter
o
Key Features of Internet Filters
o
Pros and Cons of Internet Filters

Internet Content Filtering Tools
o
iProtectYou
o
Tool: Block Porn
o
Tool: FilterGate
o
Tool: Adblock
o
Tool: AdSubtract
o
Tool: GalaxySpy
o
Tool: AdsGone Pop Up Killer
o
Tool: AntiPopUp
o
Tool: Pop Up Police
o
Tool: Super Ad Blocker
o
Tool: Anti-AD Guard
o
Net Nanny
o
CyberSieve
o
BSafe Internet Filter
o
Tool: Stop-the-Pop-Up Lite
o
Tool: WebCleaner
o
Tool: AdCleaner
o
Tool: Adult Photo Blanker
o
Tool: LiveMark Family
§ Table 1: How Websites Support Objectives of
terrorist/Extremist Groups
o
Tool: KDT Site Blocker
§ Electronic Jihad
o
Internet Safety Guidelines for Children
Module 43: Cyber Warfare- Hacking, Al-Qaida and
Terrorism
§ Cyber Terrorism Over Internet
§ Cyber-Warfare Attacks
§ 45 Muslim Doctors Planned US Terror Raids
§ Net Attack
§ Al-Qaeda
§ Why Terrorists Use Cyber Techniques
§ Cyber Support to Terrorist Operations
§ Planning
§ Recruitment
§ Research
§ Propaganda
§ Propaganda: Hizballah Website
§ Cyber Threat to the Military
§ Russia ‘hired botnets’ for Estonia Cyber-War
§ NATO Threatens War with Russia
§ Bush on Cyber War: ‘a subject I can learn a lot
about’
§ E.U. Urged to Launch Coordinated Effort Against
Cybercrime
§ Budget: Eye on Cyber-Terrorism Attacks
§ Cyber Terror Threat is Growing, Says Reid
§ Terror Web 2.0
§ Electronic Jihad' App Offers Cyber Terrorism for
the Masses
§ Cyber Jihad – Cyber Firesale
§ http://internet-haganah.com/haganah/
Module 45: Privacy on the Internet

Internet privacy

Proxy privacy

Spyware privacy
Module 44: Internet Content Filtering Techniques
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Email privacy
o
Max Internet Optimizer

Cookies
o
Hotspot Shield

Examining Information in Cookies
o
Anonymous Browsing Toolbar

How Internet Cookies Work
o
Invisible Browsing

How Google Stores Personal Information
o
Real Time Cleaner

Google Privacy Policy
o
Anonymous Web Surfing

Web Browsers
o
Anonymous Friend

Web Bugs
o
Easy Hide IP

Downloading Freeware

Internet Relay Chat
o
Agnitum firewall

Pros and Cons of Internet Relay Chat
o
Firestarter

Electronic Commerce
o
Sunbelt Personal Firewall

Internet Privacy Tools: Anonymizers
o
Netdefender
Internet Privacy Tools: Firewall Tools
o
Anonymizer Anonymous Surfing
o
Anonymizer Total Net Shield
o
Privacy Eraser
o
Anonymizer Nyms
o
CookieCop
o
Anonymizer Anti-Spyware
o
Cookiepal
o
Anonymizer Digital Shredder Lite
o
Historykill
o
Steganos Internet Anonym
o
Tracks eraser
o
Invisible IP Map
o
NetConceal Anonymity Shield
o
Protecting Search Privacy
o
Anonymous Guest
o
Tips for Internet Privacy
o
ViewShield
o
IP Hider
o
Mask Surf Standard
o
VIP Anonymity

Statistics for Stolen and Recovered Laptops
o
SmartHide

Statistics on Security
o
Anonymity Gateway

o
Hide My IP
Percentage of Organizations Following the
Security Measures
Claros Anonymity

Laptop threats
o

Laptop Theft
www.itpro.net.vn
Internet Privacy Tools: Others


Best Practices
Counter measures
Module 46: Securing Laptop Computers
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Fingerprint Reader

Protecting Laptops Through Face
Recognition

Bluetooth in Laptops

Tools
o Laptop Security
o Laptop Security Tools
o Laptop Alarm
o Flexysafe
o Master Lock
o eToken
o STOP-Lock
o True Crypt
o PAL PC Tracker
o Cryptex
o Dekart Private Disk Multifactor
o Laptop Anti-Theft
o Inspice Trace
o ZTRACE GOLD
o SecureTrieve Pro
o XTool Laptop Tracker
o XTool Encrypted Disk
o XTool Asset Auditor
o XTool Remote Delete
§ Securing from Physical Laptop Thefts
§ Hardware Security for Laptops
§ Protecting the Sensitive Data
§ Preventing Laptop Communications from Wireless
Threats
Module 47: Spying Technologies
§ Spying
§ Motives of Spying
§ Spying Devices
o Spying Using Cams
o Video Spy
o Video Spy Devices
o Tiny Spy Video Cams
o Underwater Video Camera
o Camera Spy Devices
o Goggle Spy
o Watch Spy
o Pen Spy
o Binoculars Spy
o Toy Spy
o Spy Helicopter
o Wireless Spy Camera
o Spy Kit
o Spy Scope: Spy Telescope and Microscope
o Spy Eye Side Telescope
o Audio Spy Devices
o Eavesdropper Listening Device
o GPS Devices
o Spy Detectors
o Spy Detector Devices
§ Vendors Hosting Spy Devices
o Spy Gadgets
§ Protecting the Stolen Laptops from Being Used
o Spy Tools Directory
§ Security Tips
o Amazon.com
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Spy Associates

Techniques Used for Corporate Espionage
o Paramountzone

Process of Hacking
o Surveillance Protection

Former Forbes Employee Pleads Guilty
§ Spying Tools

o Net Spy Pro-Computer Network Monitoring and
Protection
Former Employees Abet Stealing Trade
Secrets

California Man Sentenced For Hacking
o SpyBoss Pro

Federal Employee Sentenced for Hacking
o CyberSpy

Facts
o Spytech SpyAgent

Key Findings from U.S Secret Service and
CERT Coordination Center/SEI study on
Insider Threat

Tools
o ID Computer Spy
o e-Surveiller
o KGB Spy Software
o NetVizor
o O&K Work Spy
o Privatefirewall w/Pest Patrol
o WebCam Spy
§ Countermeasures
o Golden Eye
o Best Practices against Insider Threat
§ Anti-Spying Tools
o Countermeasures
o Internet Spy Filter
o Spybot - S&D
Module 49: Creating Security Policies
o SpyCop

Security policies
o Spyware Terminator

Key Elements of Security Policy
o XoftSpySE

Defining the Purpose and Goals of Security
Policy

Role of Security Policy

Classification of Security Policy
Module 48: Corporate Espionage- Hacking Using
Insiders

Introduction To Corporate Espionage

Design of Security Policy

Information Corporate Spies Seek

Contents of Security Policy

Insider Threat

Configurations of Security Policy

Different Categories of Insider Threat

Implementing Security Policies

Privileged Access

Types of Security Policies

Driving Force behind Insider Attack
o
Promiscuous Policy

Common Attacks carried out by Insiders
o
Permissive Policy
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o
Prudent Policy
o
Paranoid Policy
o
Acceptable-Use Policy

Software Activation: Introduction
o
User-Account Policy
o
Process of Software Activation
o
Remote-Access Policy

Piracy
o
Information-Protection Policy
o
Piracy Over Internet
o
Firewall-Management Policy
o
Abusive Copies
o
Special-Access Policy
o
Pirated Copies
o
Network-Connection Policy
o
Cracked Copies
o
Business-Partner Policy
o
Impacts of piracy
o
Other Important Policies
o
Software Piracy Rate in 2006

Policy Statements
o
Piracy Blocking

Basic Document Set of Information Security
Policies

Software Copy Protection Backgrounders
o
E-mail Security Policy
CD Key Numbers

o
Best Practices for Creating E-mail Security
Policies
Dongles
o
o
Media Limited Installations
o
User Identification and Passwords Policy
o
Protected Media

Software Security Policy
o
Hidden Serial Numbers

Software License Policy
o
Digital Right Management (DRM)

Points to Remember While Writing a Security
Policy
o
Copy protection for DVD

Warez

Sample Policies
o
Warez
o
Remote Access Policy
o
Types of Warez
o
Warez Distribution
o
Distribution Methods

Tool: Crypkey

Tool: EnTrial

EnTrial Tool: Distribution File

EnTrial Tool: Product & Package Initialization
Dialog

EnTrial Tool: Add Package GUI
o
Wireless Security Policy
o
E-mail Security Policy
o
E-mail and Internet Usage Policies
o
Personal Computer Acceptable Use Policy
o
Firewall Management policy
o
Internet Acceptable Use Policy
o
User Identification and Password Policy
o
Software License Policy
www.itpro.net.vn
Module 50: Software Piracy and Warez
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Tool: DF_ProtectionKit
§ Example for Attacker to Attack the Feeds

Tool: Crack Killer
§ Tools

Tool: Logic Protect
o Perseptio FeedAgent

Tool: Software License Manager
o RssFeedEater

Tool: Quick License Manager
o Thingamablog

Tool: WTM CD Protect
o RSS Builder
Module 51: Hacking and Cheating Online Games
o RSS Submit

Online Games: Introduction
o FeedDemon

Basics of Game Hacking
o FeedForAll

Threats in Online Gaming
o FeedExpress

Cheating in Online Computer Games
o RSS and Atom Security

Types of Exploits

Example of popular game exploits
Module 53: Hacking Web Browsers (Firefox, IE)

Stealing Online Game Passwords
§ Introduction
o
Stealing Online Game Passwords: Social
Engineering and Phishing
§ How Web Browsers Work

Online Gaming Malware from 1997-2007

Best Practices for Secure Online Gaming

Tips for Secure Online Gaming
§ How Web Browsers Access HTML Documents
§ Protocols for an URL
§ Hacking Firefox
Module 52: Hacking RSS and Atom
o Firefox Proof of Concept Information Leak
Vulnerability
§ Introduction
o Firefox Spoofing Vulnerability
§ Areas Where RSS and Atom is Used
o Password Vulnerability
§ Building a Feed Aggregator
o Concerns With Saving Form Or Login Data
§ Routing Feeds to the Email Inbox
o Cleaning Up Browsing History
§ Monitoring the Server with Feeds
o Cookies
§ Tracking Changes in Open Source Projects
o Internet History Viewer: Cookie Viewer
§ Risks by Zone
§ Firefox Security
o Remote Zone risk
o Blocking Cookies Options
o Local Zone Risk
o Tools For Cleaning Unwanted Cookies
§ Reader Specific Risks
o Tool: CookieCuller
§ Utilizing the Web Feeds Vulnerabilities
o Getting Started
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Privacy Settings
o AutoFill
o Security Settings
o Security Features
o Content Settings
§ Hacking Netscape
o Clear Private Data
o Netscape Navigator Improperly Validates SSL
Sessions
o Mozilla Firefox Security Features
§ Hacking Internet Explorer
o Redirection Information Disclosure Vulnerability
o Window Injection Vulnerability
§ Internet Explorer Security
o Getting Started
o Security Zones
o Custom Level
o Netscape Navigator Security Vulnerability
§ Securing Netscape
o Getting Started
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data
o Trusted Sites Zone
o Privacy
o Overwrite Automatic Cookie Handling
o Per Site Privacy Actions
o Specify Default Applications
o Internet Explorer Security Features
§ Hacking Opera
o JavaScript Invalid Pointer Vulnerability
o BitTorrent Header Parsing Vulnerability
o Torrent File Handling Buffer Overflow Vulnerability
§ Security Features of Opera
o Security and Privacy Features
§ Hacking Safari
o Safari Browser Vulnerability
o iPhone Safari Browser Memory Exhaustion
Remote Dos Vulnerability
Module 54: Proxy Server Technologies
§ Introduction: Proxy Server
§ Working of Proxy Server
§ Types of Proxy Server
§ Socks Proxy
§ Free Proxy Servers
§ Use of Proxies for Attack
§ Tools
o WinGate
o UserGate Proxy Server
o Advanced FTP Proxy Server
o Trilent FTP Proxy
o SafeSquid
o AllegroSurf
o ezProxy
§ Securing Safari
o Proxy Workbench
o Getting started
o ProxyManager Tool
o Preferences
o Super Proxy Helper Tool
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o MultiProxy
o Imperva: SecureSphere
§ How Does MultiProxy Work
o MailMarshal
§ TOR Proxy Chaining Software
o WebMarshal
§ TOR Proxy Chaining Software
o Marshal EndPoint
§ AnalogX Proxy
o Novell ZENworks Endpoint Security Management
§ NetProxy
o Prism EventTracker
§ Proxy+
o Proofpoint Messaging Security Gateway
§ ProxySwitcher Lite
o Proofpoint Platform Architecture
§ Tool: JAP
o Summary Dashboard
§ Proxomitron
o End-user Safe/Block List
§ SSL Proxy Tool
o Defiance Data Protection System
§ How to Run SSL Proxy
o Sentrigo: Hedgehog
o Symantec Database Security
Module 55: Data Loss Prevention
o Varonis: DataPrivilege
§ Introduction: Data Loss
o Verdasys: Digital Guardian
§ Causes of Data Loss
o VolumeShield AntiCopy
§ How to Prevent Data Loss
o Websense Content Protection Suite
§ Impact Assessment for Data Loss Prevention
§ Tools
o Security Platform
o Check Point Software: Pointsec Data Security
o Cisco (IronPort)
o Content Inspection Appliance
o CrossRoads Systems: DBProtector
o Strongbox DBProtector Architecture
o DeviceWall
o Exeros Discovery
o GFi Software: GFiEndPointSecurity
o GuardianEdge Data Protection Platform
o ProCurve Identity Driven Manager (IDM)
Module 56: Hacking Global Positioning System
(GPS)

Geographical Positioning System (GPS)

Terminologies

GPS Devices Manufacturers

Gpsd-GPS Service Daemon

Sharing Waypoints

Wardriving

Areas of Concern

Sources of GPS Signal Errors

Methods to Mitigate Signal Loss

GPS Secrets
o
www.itpro.net.vn
GPS Hidden Secrets
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


o
Secret Startup Commands in Garmin
o Category of Incidents: Low Level
o
Hard Reset/ Soft Reset
o Category of Incidents: Mid Level
Firmware Hacking
o Category of Incidents: High Level
o
Firmware
o How to Identify an Incident
o
Hacking GPS Firmware: Bypassing the
Garmin eTrex Vista Startup Screen
o How to Prevent an Incident
o
Garmin eTrex Legend Startup Screen
o
Garmin eTrex Venture Startup Screen
GPS Tools
o
Tool: GPS NMEA LOG
o
Tool: GPS Diagnostic
o
Tool: RECSIM III
o
Tool: G7toWin
o
Tool: G7toCE
o
Tool: GPS Security Guard
o
GPS Security Guard Functions
o
UberTracker
o Defining the Relationship between Incident
Response, Incident Handling, and Incident
Management
o Incident Response Checklist
o Handling Incidents
o Procedure for Handling Incident
·
Stage 1: Preparation
·
Stage 2: Identification
·
Stage 3: Containment
·
Stage 4: Eradication
·
Stage 5: Recovery
·
Stage 6: Follow-up
§ Incident Management
§ Why don’t Organizations Report Computer Crimes
§ Estimating Cost of an Incident
Module 57: Computer Forensics and Incident
Handling
§ Whom to Report an Incident
§ Computer Forensics
§ Incident Reporting
o What is Computer Forensics
§ Vulnerability Resources
o Need for Computer Forensics
§ What is CSIRT
o Objectives of Computer Forensics
o CSIRT: Goals and Strategy
o Stages of Forensic Investigation in Tracking Cyber
Criminals
o Why an Organization needs an Incident Response
Team
o Key Steps in Forensic Investigations
o CSIRT Case Classification
o List of Computer Forensics Tools
o Types of Incidents and Level of Support
§ Incident Handling
o Incident Specific Procedures-I (Virus and Worm
Incidents)
o Present Networking Scenario
o Incident Specific Procedures-II (Hacker Incidents)
o What is an Incident
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Incident Specific Procedures-III (Social Incidents,
Physical Incidents)
o Credit Card Fraud Detection Technique: Pattern
Detection
o How CSIRT Handles Case: Steps
o Credit Card Fraud Detection Technique: Fraud
Screening
o Example of CSIRT
o Best Practices for Creating a CSIRT
·
in
Step 1: Obtain Management Support and Buy-
o XCART: Online fraud Screening Service
o Card Watch
o MaxMind Credit Card Fraud Detection
·
Step 2: Determine the CSIRT Development
Strategic Plan
·
Step 3: Gather Relevant Information
·
Step 4: Design your CSIRT Vision
·
Step 5: Communicate the CSIRT Vision
·
Step 6: Begin CSIRT Implementation
·
Step 7: Announce the CSIRT
§ World CERTs http://www.trustedintroducer.nl/teams/country.html
o 3D Secure
o Limitations of 3D Secure
o FraudLabs
o www.pago.de
o Pago Fraud Screening Process
o What to do if you are a Victim of a Fraud
o Facts to be Noted by Consumers
§ Best Practices: Ways to Protect Your Credit Cards
§ http://www.first.org/about/organization/teams/
§ IRTs Around the World
Module 58: Credit Card Frauds
§ E-Crime
§ Statistics
§ Credit Card
o Credit Card Fraud
o Credit Card Fraud
o Credit Card Fraud Over Internet
o Net Credit/Debit Card Fraud In The US After
Gross Charge-Offs
Module 59: How to Steal Passwords
§
§
§
§
Password Stealing
How to Steal Passwords
Password Stealing Techniques
Password Stealing Trojans
o MSN Hotmail Password Stealer
o AOL Password Stealer
o Trojan-PSW.Win32.M2.14.a
o CrazyBilets
o Dripper
o Fente
o GWGhost
§ Credit Card Generators
o Kesk
o Credit Card Generator
o MTM Recorded pwd Stealer
o RockLegend’s !Credit Card Generator
o Password Devil
§ Credit Card Fraud Detection
§ Password Stealing Tools
o Password Thief
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Remote Password Stealer
o Symantec Enterprise Firewall
o POP3 Email Password Finder
o Kerio WinRoute Firewall
o Instant Password Finder
o Sunbelt Personal Firewall
o MessenPass
o Xeon Firewall
o PstPassword
o InJoy Firewall
o Remote Desktop PassView
o PC Tools Firewall Plus
o IE PassView
o Comodo Personal Firewall
o Yahoo Messenger Password
o ZoneAlarm
§ Recommendations for Improving Password
Security
§ Best Practices
§ Linux Firewalls
o KMyFirewall
o Firestarter
Module 60: Firewall Technologies
o Guarddog
§ Firewalls: Introduction
o Firewall Builder
§ Hardware Firewalls
§ Mac OS X Firewalls
o Hardware Firewall
o Flying Buttress
o Netgear Firewall
o DoorStop X Firewall
o Personal Firewall Hardware: Linksys
o Intego NetBarrier X5
o Personal Firewall Hardware: Cisco’s PIX
o Little Snitch
o Cisco PIX 501 Firewall
o Cisco PIX 506E Firewall
o Cisco PIX 515E Firewall
Module 61: Threats and Countermeasures

Domain Level Policies
o CISCO PIX 525 Firewall
o Account Policies
o CISCO PIX 535 Firewall
o Password Policy
o Check Point Firewall
o Password Policy
o Nortel Switched Firewall
o Password Policy - Policies
§ Software Firewalls

Enforce Password History
o Software Firewall
o Enforce Password History - Vulnerability
§ Windows Firewalls
o Enforce Password History - Countermeasure
o Norton Personal Firewall
o Enforce Password History - Potential Impact
o McAfee Personal Firewall
www.itpro.net.vn

Maximum Password Age
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Password Age - Vulnerability
o Account Lockout Threshold - Vulnerability
o Maximum Password Age - Countermeasure
o Account Lockout Threshold - Countermeasure
o Maximum Password Age - Potential Impact
o Account Lockout Threshold - Potential Impact
o Maximum Password Age

Reset Account Lockout Counter After
o Minimum Password Age

Kerberos Policy
o Minimum Password Age - Vulnerability
o Kerberos Policy - Policies
o Minimum Password Age - Countermeasure

Enforce User Logon Restrictions
o Minimum Password Age - Potential Impact

Maximum Lifetime for Service Ticket
o Minimum Password Age

Minimum Password Length
o Minimum Password Length - Vulnerability
o Maximum Lifetime for User Ticket
o Maximum Lifetime for User Ticket Renewal

Maximum Tolerance for Computer Clock
Synchronization

Audit Policy
o Minimum Password Length - Countermeasure
o Minimum Password Length - Potential Impact
o Minimum Password Length

Passwords Must Meet Complexity
Requirements
o Passwords must Meet Complexity Requirements Vulnerability
o Passwords must Meet Complexity Requirements Countermeasure
o Passwords must Meet Complexity Requirements Potential Impact
o Passwords must Meet Complexity Requirements

Store Password using Reversible Encryption
for all Users in the Domain

Account Lockout Policy
o Audit Settings
o Audit Account Logon Events
o Audit Account Management
o Audit Directory Service Access
o Audit Logon Events
o Audit Object Access
o Audit Policy Change
o Audit Privilege Use
o Audit Process Tracking
o Audit System Events

User Rights

Access this Computer from the Network
Account Lockout Duration

Act as Part of the Operating System
o Account Lockout Duration - Vulnerability

Add Workstations to Domain
o Account Lockout Duration - Countermeasure

Adjust Memory Quotas for a Process
o Account Lockout Duration - Potential Impact

Allow Log On Locally
o Account Lockout Duration

Allow Log On through Terminal Services

Back Up Files and Directories
o Account Lockout Policy - Policies


Account Lockout Threshold
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Bypass Traverse Checking

Shut Down the System

Change the System Time

Synchronize Directory Service Data

Create a Page File

Take Ownership of Files or Other Objects

Create a Token Object

Security Options

Create Global Objects

Accounts: Administrator Account Status

Create Permanent Shared Objects

Debug Programs

Deny Access to this Computer from the
Network

Deny Log On as a Batch Job

Deny Log On as a Service

Deny Log On Locally

Deny Log On through Terminal Services

Enable Computer and User Accounts to be
Trusted for Delegation

Force Shutdown from a Remote System

Generate Security Audits

Impersonate a Client after Authentication

Increase Scheduling Priority

Load and Unload Device Drivers

Lock Pages in Memory

Log On as a Batch Job

Log On as a Service

Manage Auditing and Security Log

Modify Firmware Environment Values

Perform Volume Maintenance Tasks

Profile Single Process

Profile System Performance

Remove Computer from Docking Station

Replace a Process Level Token

Restore Files and Directories
www.itpro.net.vn
o Accounts: Administrator Account Status Vulnerability
o Accounts: Administrator Account Status
o Accounts: Guest Account Status
o Accounts: Limit Local Account Use of Blank
Passwords to Console Logon Only
o Accounts: Rename Administrator Account
o Accounts: Rename Guest Account

Audit: Audit the Access of Global System
Objects
o Audit: Audit the Use of Backup and Restore
Privilege
o Audit: Shut Down System Immediately if Unable to
Log Security Audits

DCOM: Machine Access/Launch Restrictions
in Security Descriptor Definition Language
(SDDL)
o
DCOM: Machine Access/Launch
Restrictions in Security Descriptor
Definition Language (SDDL)

Devices: Allow Undock without having to Log
On

Devices: Allowed to Format and Eject
Removable Media

Devices: Prevent Users from Installing
Printer Drivers

Devices: Restrict CD-ROM/Floppy Access to
Locally Logged-on User Only

Devices: Restrict CD-ROM Access to Locally
Logged-on User Only

Devices: Unsigned Driver Installation
Behavior
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Domain Controller: Allow Server Operators to
Schedule Tasks

Network Access: Do Not Allow Anonymous
Enumeration of SAM Accounts

Domain Controller: LDAP Server Signing
Requirements


Domain Controller: Refuse Machine Account
Password Changes
Network Access: Do Not Allow Storage of
Credentials or .NET Passports for Network
Authentication

Domain Member: Digitally Encrypt or Sign
Secure Channel Data
Network Access: Let Everyone Permissions
Apply to Anonymous Users

Domain Member: Disable Machine Account
Password Changes
Network Access: Named Pipes that can be
Accessed Anonymously

Domain Member: Maximum Machine
Account Password Age
Network Access: Remotely Accessible
Registry Paths

Domain Member: Require Strong
(Windows 2000 or Later) Session Key
Network Access: Remotely Accessible
Registry Paths and Sub-paths

Interactive Logon: Do Not Display Last User
Name
Network Access: Restrict Anonymous
Access to Named Pipes and Shares

Interactive Logon: Do Not Require
CTRL+ALT+DEL
Network Access: Shares that can be
Accessed Anonymously

Interactive Logon: Message Text for Users
Attempting to Log On
Network Access: Sharing and Security Model
for Local Accounts

Network Security: Do Not Store LAN
Manager Hash Value on Next Password
Change

Network Security: Force Logoff when Logon
Hours Expire

Network Security: LAN Manager
Authentication Level

Network Security: LDAP Client Signing
Requirements








Interactive Logon: Number of Previous
Logons to Cache

Interactive Logon: Prompt User to Change
Password before Expiration

Interactive Logon: Require Domain Controller
Authentication to Unlock Workstation

Interactive Logon: Require Smart Card

Interactive Logon: Smart Card Removal
Behavior


Microsoft Network Client and Server: Digitally
Sign Communications (Four Related
Settings)
Network Security: Minimum Session Security
for NTLM SSP based (Including Secure
RPC) Clients/Servers

Microsoft Network Client: Send Unencrypted
Password to Third-party SMB Servers
Network Security: Minimum Session Security
for NTLM SSP based (Including Secure
RPC) Clients

Microsoft Network Server: Amount of Idle
Time Required before Suspending Session
Recovery Console: Allow Automatic
Administrative Logon

Microsoft Network Server: Disconnect Clients
when Logon Hours Expire
Recovery Console: Allow Floppy Copy and
Access to all Drives and all Folders

Network Access: Allow Anonymous
SID/Name Translation
Shutdown: Allow System to be Shut Down
Without Having to Log On

Shutdown: Clear Virtual Memory Page File




®
ITPro Global 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
System Cryptography: Force Strong Key
Protection for User Keys Stored on the
Computer

Client Service for NetWare

ClipBook
System Cryptography: Use FIPS Compliant
Algorithms for Encryption, Hashing, and
Signing

Cluster Service

COM+ Event System
System Objects: Default Owner for Objects
Created by Members of the Administrators
Group

COM+ System Application

Computer Browser
System Objects: Require Case Insensitivity
for Non-Windows Subsystems

Cryptographic Services

DCOM Server Process Launcher

DHCP Client

DHCP Server

Distributed File System

Distributed Link Tracking Client

Distributed Link Tracking Server

Distributed Transaction Coordinator

DNS Client
o Retain Event Logs

DNS Server
o Retention Method for Event Log

Error Reporting Service
o Delegating Access to the Event Logs

Event Log





System Objects: Strengthen Default
Permissions of Internal System Objects

System Settings: Use Certificate Rules on
Windows Executables for Software
Restriction Policies

Event Log
o Maximum Event Log Size
o Prevent Local Guests Group from Accessing
Event Logs

System Services

Fast User Switching Compatibility

Services Overview

Fax Service

Do Not Set Permissions on Service Objects

File Replication

Manually Editing Security Templates

File Server for Macintosh

System Services - Alerter

FTP Publishing Service

Application Experience Lookup Service

Help and Support

Application Layer Gateway Service

HTTP SSL

Application Management

Human Interface Device Access

ASP .NET State Service

IAS Jet Database Access

Automatic Updates

IIS Admin Service

Background Intelligent Transfer Service
(BITS)

IMAPI CD-Burning COM Service

Certificate Services

Indexing Service
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Infrared Monitor

Plug and Play

Internet Authentication Service

Portable Media Serial Number

Intersite Messaging

Print Server for Macintosh

IP Version 6 Helper Service

Print Spooler

IPSec Policy Agent (IPSec Service)

Protected Storage

IPSec Services

QoS RSVP Service

Kerberos Key Distribution Center

Remote Access Auto Connection Manager

License Logging Service

Logical Disk Manager
o Logical Disk Manager Administrative Service

Machine Debug Manager

Message Queuing
o Remote Access Connection Manager

Remote Administration Service

Help Session Manager
o Remote Desktop Help Session Manager

Remote Installation
o Message Queuing Down Level Clients
o Remote Procedure Call (RPC)
o Message Queuing Triggers
o Remote Procedure Call (RPC) Locator
o Messenger
o Remote Registry Service

Microsoft POP3 Service
o Remote Server Manager

Microsoft Software Shadow Copy Provider
o Remote Server Monitor

MSSQL$UDDI
o Remote Storage Notification

MSSQLServerADHelper
o Remote Storage Server

.NET Framework Support Service

Removable Storage

Net Logon

Resultant Set of Policy Provider

NetMeeting Remote Desktop Sharing

Routing and Remote Access

Network Connections

SAP Agent

Network DDE

Secondary Logon

Network DDE DSDM

Security Accounts Manager

Network Location Awareness (NLA)

Security Center

Network Provisioning Service

Server

Network News Transfer Protocol (NNTP)

Shell Hardware Detection

NTLM Security Support Provider

Simple Mail Transport Protocol (SMTP)

Performance Logs and Alerts

Simple TCP/IP Services
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Smart Card

NetMeeting

Special Administration Console Helper

Disable Remote Desktop Sharing

System Event Notification

Internet Explorer Computer Settings

System Restore Service


Task Scheduler
Disable Automatic Install of Internet Explorer
Components

TCP/IP NetBIOS Helper Service

Disable Periodic Check for Internet Explorer
Software Updates

TCP/IP Print Server


Telnet
Disable Software Update Shell Notifications
on Program Launch

Terminal Services

Make Proxy Settings Per-Machine (Rather
than Per-User)

Security Zones: Do Not Allow Users to
Add/Delete Sites

Turn off Crash Detection

Do Not Allow Users to Enable or Disable
Add-ons

Internet Explorer\Internet Control
Panel\Security Page

Internet Explorer\Internet Control
Panel\Advanced Page

Allow Software to Run or Install Even if the
Signature is Invalid

Allow Active Content from CDs to Run on
User Machines
o Windows System Resource Manager

Allow Third-party Browser Extensions
o Windows Time

Check for Server Certificate Revocation
o Terminal Services Licensing
o Terminal Services Session Directory

Trivial FTP Daemon

Uninterruptible Power Supply

Upload Manager

Virtual Disk Service

WebClient

Web Element Manager

Windows Firewall /Internet Connection
Sharing
o Windows Installer

WinHTTP Web Proxy Auto-Discovery
Service

Check for Signatures On Downloaded
Programs

Wireless Configuration

Do Not Save Encrypted Pages to Disk

Workstation

Empty Temporary Internet Files Folder when
Browser is Closed

World Wide Web Publishing Service

Internet Explorer\Security Features

Software Restriction Policies

Binary Behavior Security Restriction

The Threat of Malicious Software

MK Protocol Security Restriction

Windows XP and Windows Server 2003
Administrative Templates

Local Machine Zone Lockdown Security

Computer Configuration Settings

Consistent MIME Handling
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

MIME Sniffing Safety Features

Windows Update

Scripted Window Security Restrictions

Configure Automatic Updates

Restrict ActiveX Install


Restrict File Download
Reschedule Automatic Updates Scheduled
Installations

Network Protocol Lockdown

System

Internet Information Services

Turn off Autoplay

Prevent IIS Installation

Do Not Process The Run Once List

Terminal Services

Logon

Deny Log Off of an Administrator Logged in
to the Console Session

Don't Display The Getting Started Welcome
Screen At Logon

Do Not Allow Local Administrators to
Customize Permissions

Do Not Process The Legacy Run List

Group Policy

Sets Rules for Remote Control of Terminal
Services User Sessions

Internet Explorer Maintenance Policy
Processing

Client/Server Data Redirection

IP Security Policy Processing

Allow Time Zone Redirection

Registry Policy Processing

Do Not Allow COM Port Redirection

Security Policy Processing

Do Not Allow Client Printer Redirection

Error Reporting

Do Not Allow LPT Port Redirection

Display Error Notification

Do Not Allow Drive Redirection

Report Errors

Encryption and Security

Internet Communications Management

Set Client Connection Encryption Level

Distributed COM

Always Prompt Client For A Password On
Connection

Browser Menus

Disable Save This Program To Disk Option

RPC Security Policy

Attachment Manager

Secure Server (Require Security)

Inclusion List For High Risk File Types

Sessions

Inclusion List For Moderate Risk File Types

Set Time Limit For Disconnected Sessions

Inclusion List For Low File Types

Allow Reconnection From Original Client
Only

Trust Logic For File Attachments

Windows Explorer

Hide Mechanisms To Remove Zone
Information

Turn Off Shell Protocol Protected Mode


Windows Messenger
Notify Antivirus Programs When Opening
Attachments
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Windows Explorer

Remove Security Tab

System\Power Management

Additional Registry Entries

How to Modify the Security Configuration
Editor User Interface

TCP/IP-Related Registry Entries

Disableipsourcerouting: IP Source Routing
Protection Level (Protects Against Packet
Spoofing)

Enabledeadgwdetect: Allow Automatic
Detection Of Dead Network Gateways
(Could Lead To Dos)

Enableicmpredirect: Allow ICMP Redirects
To Override OSPF Generated Routes

Keepalivetime: How Often Keep-alive
Packets Are Sent In Milliseconds (300,000 Is
Recommended)

Synattackprotect: Syn Attack Protection
Level (Protects Against Dos)

Tcpmaxconnectresponseretransmissions:
SYN-ACK Retransmissions When A
Connection Request Is Not Acknowledged

Tcpmaxdataretransmissions: How Many
Times Unacknowledged Data Is
Retransmitted (3 Recommended, 5 Is
Default)

Enable Safe DLL Search Order: Enable Safe
DLL Search Mode (Recommended)

Security Log Near Capacity Warning:
Percentage Threshold for the Security Event
Log at which the System will Generate a
Warning

Registry Entries Available In Windows XP
With SP2 And Windows Server 2003 With
SP1

RunInvalidSignatures

Registry Entries Available in Windows XP
with SP2

Security Center Registry Entries for XP

StorageDevicePolicies\WriteProtect

Registry Entries Available in
Windows Server 2003 with SP1

UseBasicAuth

DisableBasicOverClearChannel

Additional Countermeasures

Securing the Accounts

NTFS

Data and Application Segmentation

Configure SNMP Community Name

Miscellaneous Registry Entries

Disable NetBIOS and SMB on Public Facing
Interfaces

Configure Automatic Reboot from System
Crashes

Disable Dr. Watson: Disable Automatic
Execution of Dr. Watson System Debugger

Enable Administrative Shares

Configure IPsec Policies

Disable Saving of Dial-Up Passwords

Configuring Windows Firewall

Hide the Computer from Network
Neighborhood Browse Lists: Hide Computer
From the Browse List

Configure Netbios Name Release Security:
Allow the Computer to Ignore Netbios Name
Release Requests Except from WINS
Servers
www.itpro.net.vn
Module 62: Case Studies
Module 63: Botnets
Module 64: Economic Espionage
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Module 65: Patch Management
Module 66: Security Convergence
Module 67: Identifying the Terrorist
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Computer Hacking Forensic Investigator-v3
ĐIỀU TRA TỘI PHẠM MÁY TÍNH-v3
Tổng quan khóa học
Khóa học CHFI sẽ đem đến cho học viên những kỹ năng cần thiết để nhận dạng những dấu hiệu của kẻ
xâm nhập mạng máy tính và tập hợp những chứng cớ cần thiết để phục vụ cho công việc tiếp tục điều tra.
Nhiều công cụ hàng đầu hiện nay của ngành điều tra tội phạm máy tính sẽ được đưa vào giảng dạy trong
khóa học này, bao gồm cả phần mềm, phần cứng và những kỹ thuật chuyên ngành. Nhu cầu phát triển ứng
dụng máy tính của các ngành kinh tế để hoạt động trở nên hiệu quả hơn và mở rộng khả năng tích hợp với
nhiều lĩnh vực khác, cũng như nhu cầu của người sử dụng máy tính tại nhà ngày càng tăng, đã dẫn đến một
loại tội phạm mới, “Tội phạm mạng”. Ngày nay không đơn thuần là câu hỏi “Tổ chức của bạn có bị tấn công
không?” mà là câu hỏi “Khi nào thì bị tấn công?”. Ngày nay cuộc chiến giữa các tập đoàn, giữa các chính phủ
và giữa các các quốc gia không còn chỉ diễn ra ở các phòng họp, trên đấu trường quốc tế mà còn xảy ra ở các
chiến trường ảo với việc sử dụng các phương tiện kỹ thuật cao xảy ra trong hầu hết lĩnh vực của đời sống hiện
đại. Nếu bạn hoặc tổ chức của bạn cần có kiến thức và kỹ năng để có thể nhận biết, theo dõi và tố cáo tội
phạm mạng thì đây chính là khóa học dành cho bạn.
Đối tượng tham gia
Nhân viên cảnh sát và cán bộ của các cơ quan lập pháp, cơ quan thi hành pháp luật, nhân viên Bộ Quốc
Phòng; các chuyên gia bảo mật, nhân viên quản trị hệ thống của những công ty: thuơng mại điện tử, ngân
hàng, bảo hiểm và các ngành nghề chuyên nghiệp khác,… các nhà quản lý công nghệ thông tin.
Yêu cầu
Học viên nên tham gia khóa học CEH trước khi học khóa CHFI.
Thời lượng
60 giờ
Chứng chỉ
Bài kiểm tra CHFI 312-49 sẽ được tổ chức vào ngày cuối cùng của khóa học, sau khóa học học viên sẽ
nhận được chứng chỉ hoàn thành khóa học của EC-Council. Để nhận được chứng chỉ quốc tể CHFI, học viên
cần phải vượt qua kỳ thi quốc tế tại các trung tâm khảo thí Prometric.
Module 01: Computer Forensics in
Today’s World





Ways of Forensic Data Collection
Objectives of Computer Forensics
Benefits of Forensic Readiness
Categories of Forensics Data
Computer Facilitated Crimes
www.itpro.net.vn




 Type of Computer Crimes
 Examples of Evidence
Stages of Forensic Investigation in Tracking
Cyber Criminals
Key Steps in Forensics Investigations
Need for Forensic Investigator
When An Advocate Contacts The Forensic
Investigator, He Specifies How To Approach
Tel: (84-4) 37875728 – Fax: (84-4) 37875729




Enterprise Theory of Investigation (ETI)
Where and when do you use Computer
Forensics
Legal Issues
Reporting the Results
Module 02: Law and Computer Forensics


























Privacy Issues Involved in Investigations
Fourth Amendment Definition
Interpol- Information Technology Crime
Center
Internet Laws and Statutes
Intellectual Property Rights
Cyber Stalking
Crime Investigating Organizations
The G8 Countries: Principles to Combat
High-tech Crime
 The G8 Countries: Action Plan to
Combat High-Tech Crime (International
Aspects of Computer Crime)
United Kingdom: Police and Justice Act 2006
Australia: The Cybercrime Act 2001
Belgium
European Laws
Austrian Laws
Brazilian Laws
Belgium Laws
Canadian Laws
France Laws
Indian Laws
German Laws
Italian Laws
Greece Laws
Denmark Laws
Norwegian Laws
Netherlands Laws
Internet Crime Schemes
 Why You Should Report Cybercrime
 Reporting Computer-related Crimes
 Person Assigned to Report the Crime
 When and How to Report an Incident?
 Who to Contact at the Law Enforcement?
 Federal Local Agents Contact
 More Contacts
Cyberthreat Report Form
www.itpro.net.vn
Module 03: Computer Investigation
Process







Securing the Computer Evidence
Preparation for Searches
Chain-of Evidence Form
Accessing the Policy Violation Case:
Example
10 Steps to Prepare for a Computer Forensic
Investigation
Investigation Process
 Policy and Procedure Development
 Evidence Assessment
 Case Assessment
 Processing Location Assessment
 Legal Considerations
 Evidence Assessment
 Evidence Acquisition
 Write Protection
 Acquire the Subject Evidence
 Evidence Examination
 Physical Extraction
 Logical Extraction
 Analysis of Extracted Data
 Timeframe Analysis
 Data Hiding Analysis
 Application and File Analysis
 Ownership and Possession
 Documenting and Reporting
 What Should be in the Final Report?
Maintaining Professional Conduct
Module 04: First Responder Procedure








Electronic Evidence
The Forensic Process
Types of Electronic Devices
 Electronic Devices: Types and Collecting
Potential Evidence
Evidence Collecting Tools and Equipment
First Response Rule
Incident Response: Different Situations
 First Response for System
Administrators
 First Response by Non-Laboratory Staff
 First Response by Laboratory Forensic
Staff
Securing and Evaluating Electronic Crime
Scene
Ask These Questions When A Client Calls A
Forensic Investigator
Tel: (84-4) 37875728 – Fax: (84-4) 37875729





Health and Safety Issues
Consent
Planning the Search and Seizure
 Initial Search of the Scene
 Witness Signatures
 Conducting Preliminary Interviews
 Initial Interviews
 Documenting Electronic Crime Scene
 Photographing the Scene
 Sketching the Scene
 Collecting and Preserving Electronic
Evidence
 Evidence Bag Contents List
 Order of Volatility
 Dealing with Powered OFF Computers at
Seizure Time
 Dealing with a Powered ON PC
 Computers and Servers
 Collecting and Preserving Electronic
Evidence
 Seizing Portable Computers
 Switched ON Portables
 Packaging Electronic Evidence
 Exhibit Numbering
 Transporting Electronic Evidence
 Handling and Transportation to the
Forensic Laboratory
‘Chain of Custody’
Findings of Forensic Examination by Crime
Category




Module 06: Computer Forensic Lab


Module 05 : CSIRT









How to Prevent an Incident?
Defining the Relationship between Incident
Response, Incident Handling, and Incident
Management
Incident Response Checklist
Incident Management
Why don’t Organizations Report Computer
Crimes?
Estimating Cost of an Incident
Vulnerability Resources
Category of Incidents
 Category of Incidents: Low Level
 Category of Incidents: Mid Level
 Category of Incidents: High Level
CSIRT: Goals and Strategy
 Motivation behind CSIRTs
 Why an Organization needs an Incident
Response Team?
 Who works in a CSIRT?
www.itpro.net.vn
Staffing your Computer Security Incident
Response Team: What are the Basic
Skills Needed?
 Team Models
 CSIRT Services can be Grouped into
Three Categories:
 CSIRT Case Classification
 Types of Incidents and Level of Support
 Service Description Attributes
 Incident Specific Procedures
 How CSIRT handles Case: Steps
 US-CERT Incident Reporting System
CSIRT Incident Report Form
 CERT(R) Coordination Center: Incident
Reporting Form
 Limits to Effectiveness in CSIRTs
 Working Smarter by Investing in
Automated Response Capability
World CERTs http://www.trustedintroducer.nl/teams/country.html
http://www.first.org/about/organization/teams/
IRTs Around the World


Ambience of a Forensics Lab: Ergonomics
Forensic Laboratory Requirements
 Paraben Forensics Hardware: Handheld
First Responder Kit
 Paraben Forensics Hardware: Wireless
StrongHold Bag
 Paraben Forensics Hardware: Remote
Charger
 Paraben Forensics Hardware: Device
Seizure Toolbox
 Paraben Forensics Hardware: Wireless
StrongHold Tent
 Paraben Forensics Hardware: Passport
StrongHold Bag
 Paraben Forensics Hardware: Project-aPhone
 Paraben Forensics Hardware: SATA
Adaptor Male/ Data cable for Nokia
7110/6210/6310/i
 Paraben Forensics Hardware: Lockdown
 Paraben Forensics Hardware: SIM Card
Reader/ Sony Clie N & S Series Serial
Data Cable
 Paraben Forensics Hardware: USB
Serial DB9 Adapter
Portable Forensic Systems and Towers:
Forensic Air-Lite VI MKII laptop
 Portable Forensic Systems and Towers:
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Original Forensic Tower II
Portable Forensic Systems and Towers:
Portable Forensic Workhorse V
 Portable Forensic Workhorse V: Tableau
335 Forensic Drive Bay Controller
Forensic Air-Lite IV MK II
Forensic Tower II
Forensic Write Protection Devices and Kits:
Ultimate Forensic Write Protection Kit
 Tableau T3u Forensic SATA Bridge
Write Protection Kit
 Tableau T8 Forensic USB Bridge
Kit/Addonics Mini DigiDrive READ ONLY
12-in-1 Flash Media Reader
Power Supplies and Switches
DIBS® Mobile Forensic Workstation
 DIBS® Advanced Forensic Workstation
 DIBS® RAID: Rapid Action Imaging
Device
Forensic Archive and Restore Robotic
Devices: Forensic Archive and Restore (FAR
Pro)
Forensic Workstations
Tools: LiveWire Investigator
Features of the Laboratory Imaging System
 Technical
Specification
of
the
Laboratory-based Imaging System
Computer Forensic Labs, Inc
 Procedures at Computer Forensic Labs
(CFL), Inc
Data Destruction Industry Standards










Module 07: Understanding File Systems
and Hard Disks





Types of Hard Disk Interfaces
 Types of Hard Disk Interfaces: SCSI
 Types of Hard Disk Interfaces: IDE/EIDE
 Types of Hard Disk Interfaces: USB
 Types of Hard Disk Interfaces: ATA
 Types of Hard Disk Interfaces: Fibre
Channel
 Disk Capacity Calculation
 Evidor: The Evidence Collector
 WinHex
EFS Key
FAT vs. NTFS
Windows Boot Process (XP/2003)
http://www.bootdisk.com
www.itpro.net.vn
Module 08: Understanding Digital Media
Devices













Digital Storage Devices
Magnetic Tape
Floppy Disk
Compact Disk
CD-ROM
DVD
 DVD-R, DVD+R, and DVD+R(W)
 DVD-RW, DVD+RW
 DVD+R DL/ DVD-R DL/ DVD-RAM
 HD-DVD (High Definition DVD)
 HD-DVD
Blu-Ray
CD Vs DVD Vs Blu-Ray
HD-DVD vs. Blu-Ray
iPod
Zune
Flash Memory Cards
 Secure Digital (SD) Memory Card
 Compact Flash (CF) Memory Card
 Memory Stick (MS) Memory Card
 Multi Media Memory Card (MMC)
 xD-Picture Card (xD)
 SmartMedia Memory (SM) Card
USB Flash Drives
 USB Flash in a Pen
Module 09: Windows, Linux and
Macintosh Boot Processes












Terminologies
Boot Loader
Boot Sector
Anatomy of MBR
Basic System Boot Process
MS-DOS Boot Process
Windows XP Boot Process
Common Startup Files in UNIX
List of Important Directories in UNIX
Linux Boot Process
Macintosh Forensic Software by BlackBag
 Directory Scan
 FileSpy
 HeaderBuilder
Carbon Copy Cloner (CCC)
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

MacDrive6
Module 10: Windows Forensics
Windows Forensics Tool: Helix
 Tools Present in Helix CD for Windows
Forensics
 Helix Tool: SecReport
 Helix Tool: Windows Forensic Toolchest
(WFT)
 MD5 Generator: Chaos MD5
 Secure Hash Signature Generator
 MD5 Generator: Mat-MD5
 MD5 Checksum Verifier 2.1
 Registry Viewer Tool: RegScanner
 Virtual Memory
 System Scanner
 Integrated Windows Forensics Software: XWays Forensics
 Tool: Traces Viewer
 Investigating ADS Streams






Module 13: Computer Forensic Tools
Part I- Software Forensics Tools






Module 11: Linux Forensics



File System Description
Mount Command
Popular Linux Forensics Tools
 The Sleuth Kit
 Tools Present in “The Sleuth Kit”
 Autopsy
 The Evidence Analysis Techniques in
Autopsy
 SMART for Linux
 Penguin Sleuth
 Tools Included in Penguin Sleuth Kit
 Forensix
 Maresware
 Major Programs Present in Maresware
 Captain Nemo
 THE FARMER'S BOOT CD
Module 12: Data Acquisition and
Duplication




Mount Image Pro
Snapshot Tool
Snapback DatArrest
Hardware Tool: Image MASSter Solo-3
Forensic
 Hardware Tool: LinkMASSter-2 Forensic
www.itpro.net.vn
 Hardware Tool: RoadMASSter-2
Save-N-Sync
Hardware Tool: ImageMASSter 6007SAS
Hardware Tool: Disk Jockey IT
SCSIPAK
IBM DFSMSdss
Tape Duplication System: QuickCopy










Visual TimeAnalyzer
X-Ways Forensics
Evidor
Data Recovery Tools: Device Seizure 1.0
 Data Recovery Tools: Forensic Sorter
v2.0.1
 Data Recovery Tools: Directory Snoop
Permanent Deletion of Files: Darik's Boot
and Nuke (DBAN)
File Integrity Checker: FileMon
 File Integrity Checker: File Date Time
Extractor (FDTE)
 File Integrity Checker: Decode - Forensic
Date/Time Decoder
Partition Managers: Partimage
Linux/Unix Tools: Ltools and Mtools
Password Recovery Tool: Decryption
Collection Enterprise v2.5
 Password Recovery Tool: AIM Password
Decoder
 Password Recovery Tool: MS Access
Database Password Decoder
Internet History Viewer: CookieView - Cookie
Decoder
 Internet History Viewer: Cookie Viewer
 Internet History Viewer: Cache View
 Internet History Viewer: FavURLView Favourite Viewer
 Internet History Viewer: NetAnalysis
FTK- Forensic Toolkit
Email Recovery Tool: E-mail Examiner
 Email Recovery Tool: Network E-mail
Examiner
Case Agent Companion
Chat Examiner
Forensic Replicator
Registry Analyzer
Tel: (84-4) 37875728 – Fax: (84-4) 37875729





















SIM Card Seizure
Text Searcher
Autoruns
Autostart Viewer
Belkasoft RemovEx
HashDig
Inforenz Forager
KaZAlyser
DiamondCS OpenPorts
Pasco
Patchit
PE Explorer
Port Explorer
PowerGREP
Process Explorer
PyFLAG
Registry Analyzing Tool: Regmon
Reverse Engineering Compiler
SafeBack
TapeCat
Vision
Part II- Hardware Forensics Tools

List of Hardware Computer Forensic Tools
 Hard Disk Write Protection Tools:
Nowrite & Firewire Drivedock
 LockDown
 Write Protect Card Reader
 Drive Lock IDE
 Serial-ATA DriveLock Kit
 Wipe MASSter
 ImageMASSter Solo-3 IT
 ImageMASSter 4002i
 ImageMasster 3002SCSI
 Image MASSter 3004SATA
Module 14: Forensics Investigations
Using Encase





Evidence File
 Evidence File Format
Verifying File Integrity
Hashing
Acquiring Image
Configuring Encase
 Encase Options Screen
 Encase Screens
 View Menu
www.itpro.net.vn



















 Device Tab
 Viewing Files and Folders
 Bottom Pane
Viewers in Bottom Pane
 Status Bar
 Status Bar
Searching
Keywords
 Adding Keywords
 Grouping
 Add multiple Keywords
Starting the Search
 Search Hits Tab
 Search Hits
Bookmarks
 Creating Bookmarks
 Adding Bookmarks
 Bookmarking Selected Data
Recovering Deleted Files/folders in FAT
Partition
 Viewing Recovered Files
 Recovering Folders in NTFS
Master Boot Record
NTFS Starting Point
Viewing Disk Geometry
Recovering Deleted Partitions
Hash Values
 Creating Hash Sets
 MD5 Hash
 Creating Hash
Viewers
Signature Analysis
Viewing the Results
Copying Files Folders
E-mail Recovery
Reporting
Encase Boot Disks
IE Cache Images
Module 15: Recovering Deleted Files and
Deleted partitions
Part I: Recovering Deleted Files


Deleting Files
What happens when a File is Deleted in
Windows?
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Storage Locations of Recycle Bin in FAT and
NTFS System
 How The Recycle Bin Works
 Damaged or Deleted INFO File
 Damaged Files in Recycled Folder
 Damaged Recycle Folder
 Tools to Recover Deleted Files
 Tool: Search and Recover
 Tool: Zero Assumption Digital Image
Recovery
 Tool: PC Inspector Smart Recovery
 Tool: Fundelete
 Tool: RecoverPlus Pro
 Tool: OfficeFIX
 Tool: Recover My Files
 Tool: Zero Assumption Recovery
 Tool: SuperFile Recover
 Tool: IsoBuster
 Tool: CDRoller
 Tool: DiskInternals Uneraser
 Tool: DiskInternal Flash Recovery
 Tool: DiskInternals NTFS Recovery
 Recover Lost/Deleted/Corrupted files on
CDs and DVDs
 Tool: Undelete
 Tool: Active@ UNDELETE
 Data Recovery Tool: CD Data Rescue
 Tool: File Recover
 Tool: WinUndelete
 Tool: R-Undelete
 Tool: Image Recall
 Tool: eIMAGE Recovery
 Tool: File Scavenger
 Tool: Recover4all Professional
 Tool: eData Unerase
 Tool: Easy-Undelete
 Tool: InDisk Recovery
 Tool: Repair My Excel
 Tool: Repair Microsoft Word Files
 Tool: Zip Repair
 Tool: Canon RAW File Recovery
Software
Part II: Recovering Deleted Partitions
 Deletion of Partition
 Deletion of Partition using Windows
 Deletion of Partition using Command Line
 Recovery of Deleted Partition
 Deleted Partition Recovery Tools
 Tool: GetDataBack
 Tool: DiskInternals Partition Recovery
 Tool: Active@ Partition Recovery
 Tool: Handy Recovery








www.itpro.net.vn
Tool: Acronis Recovery Expert
Tool: Active Disk Image
Tool: TestDisk
Tool: Recover It All!
Tool: Scaven
Tool: Partition Table Doctor
Tool: NTFS Deleted Partition Recovery
Module 16: Image Files Forensics














Common Terminologies
Understanding Image File Formats
 GIF (Graphics Interchange Format)
 JPEG (Joint Photographic Experts
Group)
 JPEG 2000
 BMP (Bitmap) File
 PNG (Portable Network Graphics)
 Tagged Image File Format (TIFF)
 ZIP (Zone Information Protocol)
How File Compression Works
Huffman Coding Algorithm
Lempel-Ziv Coding Algorithm
Vector Quantization
http://www.filext.com
Picture Viewer: AD
Picture Viewer: Max
FastStone Image Viewer
XnView
Faces – Sketch Software
Steganalysis
 Steganalysis Tool: Stegdetect
Image File Forensic Tool: GFE Stealth
(Graphics File Extractor)
 Tool: ILook v8
 Tool: P2 eXplorer
Module 17: Steganography




Classification of Steganography
Steganography vs. Cryptography
Model of Stegosystem
Model of Cryptosystem
 Introduction to Stego-Forensics
 Important Terms in Stego-Forensics
 Steganography vs. Watermarking
 Attacks on Watermarking
 pplication of Watermarking
 Digimarc's Digital Watermarking
 Watermarking – Mosaic Attack
 Mosaic Attack – Javascript code
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
2Mosaic – Watermark breaking Tool
Steganalysis
teganalysis
Methods/Attacks
on
Steganography
 TEMPSET
 Van Eck phreaking
 Printer Forensics
 Is Your Printer Spying On You?
 DocuColor Tracking Dot Decoding
Steganography Tools
 Tool: Steganos
 Steganography Tool: Pretty Good
Envelop
 Tool: Gifshuffle
 Refugee
 Tool: JPHIDE and JPSEEK
 Tool: wbStego
 Tool: OutGuess
 Tool: Invisible Secrets 4
 Tool: Masker
 Tool: Hydan
 Tool: Cloak
 Tool: StegaNote
 Tool: Stegomagic
 Hermetic Stego
Application of Steganography
How to Detect Steganography?
 Stego Suite – Steg Detection Tool
 StegSpy






Module: 18: Application Password
Crackers









Brute Force Attack
Dictionary Attack
Syllable Attack/Rule-based Attack/Hybrid
Attack
Password Guessing
Rainbow Attack
CMOS Level Password Cracking
 Tool CmosPwd
 ERD Commander
 Active Password Changer
http://www.virus.org/index.php?
Pdf Password Crackers
Password Cracking Tools
 Tool: Cain & Abel
 Tool: LCP
 Tool: SID&User
 Tool: Ophcrack 2
 Tool: John the Ripper
 Tool: DJohn
www.itpro.net.vn


 Tool: Crack
 Tool: Brutus
 Tool: Access PassView
 Tool: RockXP
 Tool: Magical Jelly Bean Keyfinder
 Tool: PstPassword
 Tool: Protected Storage PassView
 Tool: Network Password Recovery
 Tool: Mail PassView
 Tool: Asterisk Key
 Tool: Messenger Key
 Tool: MessenPass
 Tool: Password Spectator Pro
 Tool: SniffPass
 Tool: Asterisk Logger
 Tool: Dialupass
 Tool: Mail Password Recovery
 Tool: Database Password Sleuth
 Tool: CHAOS Generator
 Tool: PicoZip Recovery
 Tool: Netscapass
Common Recommendations for Improving
Password Security
Standard Password Advice
Module 19: Network Forensics and
Investigating Logs















Introduction to Network Forensics
 The Hacking Process
 The Intrusion Process
 Looking for Evidence
Log Files as Evidence
Records of Regularly Conducted Activity
Legality of Using Logs
Maintaining Credible IIS Log Files
Log File Accuracy
Log Everything
Keeping Time
 UTC Time
Use Multiple Logs as Evidence
Avoid Missing Logs
Log File Authenticity
Work with Copies
Access Control
Chain of Custody
Importance of Audit Logs
 Central Logging Design
 Steps to Implement Central Logging
 Centralized Syslog Server
 Syslog-ng: Security Tool
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
IIS Centralized Binary Logging
ODBC Logging
IISLogger: Development tool
Socklog: IDS Log Analysis Tool
KiwiSysLog Tool
Microsoft Log Parser: Forensic Analysis
Tool
 Firewall Analyzer: Log Analysis Tool
 Adaptive Security Analyzer (ASA) Pro:
Log Analysis Tool
 GFI EventsManager
 How does GFI EventsManager work?
 Activeworx Security Center
 EventLog Analyzer
Why Synchronize Computer Times?
What is NTP Protocol?
 NTP Stratum Levels
NIST Time Servers
Configuring the Windows Time Service










Module 20: Investigating Network Traffic
















Network Addressing Schemes
Tool: Tcpdump
CommView
Softperfect Network Sniffer
HTTP Sniffer
EtherDetect Packet Sniffer
OmniPeek
Iris Network Traffic Analyzer
SmartSniff
NetSetMan Tool
Evidence Gathering at the Data-link Layer:
DHCP database
DHCP Log
Siemens Monitoring Center
Netresident Tool
eTrust Network Forensics
IDS Policy Manager
http://www.activeworx.org
Module 21: Investigating Wireless
Attacks




Association of Wireless AP and Device
Search Warrant for Wireless Networks
Key Points to Remember
Points You Should Not Overlook while Testing the
Wireless Network
www.itpro.net.vn

Methods to Access a Wireless Access Point
 Direct-connect To the Wireless Access
Point
 Nmap
 Scanning Wireless Access Points using
Nmap
 Rogue Access Point
 “Sniffing” Traffic Between the Access
Point and Associated Devices
 Scanning using Airodump
 MAC Address Information
 Airodump: Points to Note

Searching for Additional Devices

Forcing Associated Devices to Reconnect

Check for MAC Filtering
 Changing the MAC Address

Passive Attack

Active Attacks on Wireless Networks

Investigating Wireless Attacks
Module 22: Investigating Web Attacks



Types of Web Attacks
 Cross-Site Scripting (XSS)
 Investigating Cross-Site Scripting (XSS)
 Cross-Site Request Forgery (CSRF)
 Anatomy of CSRF Attack
 Pen-testing CSRF Validation Fields
 Code Injection Attack
 Investigating Code Injection Attack
 Command Injection Attack
 Parameter Tampering
 Cookie Poisoning
 Investigating Cookie Poisoning Attack
 Buffer Overflow/Cookie Snooping
 Investigating Buffer Overflow
 DMZ Protocol Attack, Zero Day Attack
 Example of FTP Compromise
 Acunetix Web Vulnerability Scanner
 Tools for Locating IP Address: Hide Real
IP
 Tools
for
Locating
IP
Address:
www.whatismyip.com
 Tools for Locating IP Address: IP
Detective Suite
 Tools for Locating IP Address: Enterprise
IP – Address Manager
Intrusion Detection
CounterStorm-1: Defense against Known,
Zero Day and Targeted Attacks
Module 23: Router Forensics
Tel: (84-4) 37875728 – Fax: (84-4) 37875729










Routing Information Protocol
Hacking Routers
Router Attack Topology
Recording your Session
Router Logs
NETGEAR Router Logs
Link Logger
Sawmill: Linksys Router Log Analyzer
Real Time Forensics
Router Audit Tool (RAT)
Module 24: Investigating DoS Attacks







DoS Attacks
Types of DoS Attacks
 Types of DoS Attacks: Ping of Death
Attack
 Types of DoS Attacks: Teardrop Attack
 Types of DoS Attacks: SYN Flooding
 Types of DoS Attacks: Land
 Types of DoS Attacks: Smurf
 Types of DoS Attacks: Fraggle
 Types of DoS Attacks: Snork
 Types of DoS Attacks: WINDOWS OUTOF-BAND (OOB) Attack
DDoS Attack
 Working of DDoS Attacks (FIG)
 Classification of DDoS Attack
DoS Attack Modes
Indications of a DoS/DDoS Attack
Techniques to Detect DoS Attack
 Techniques to Detect DoS Attack:
Activity Profiling
 Sequential Change-Point Detection
 Wavelet-based Signal Analysis
Challenges in the Detection of DoS Attack











Module 26: Tracking E-mails and
Investigating E-mail Crimes









Module 25: Investigating Internet Crimes





Internet Crimes
Internet Forensics
 Why Internet Forensics
IP Address
Domain Name System (DNS)
 DNS Record Manipulation
 DNS Lookup
Email Headers
 Email Headers Forging
www.itpro.net.vn
 Tracing Back Spam Mails
Switch URL Redirection
 Sample Javascript for Page-based
Redirection
 Embedded JavaScript
Recovering Information from Web Pages
 Downloading a Single Page or an Entire
Web Site
Tool: Grab-a-Site
Tool: SurfOffline 1.4
Tool: My Offline Browser 1.0
www.newprosoft.com
Tool: WayBack Machine
HTTP Headers
 Viewing Header Information
Examining Information in Cookies
 Viewing Cookies in Firefox
Tracing Geographical Location of a URL:
www.centralops.net
 DNS Lookup Result: centralops.net
 DNS Lookup Result: centralops.net
NetScanTools Pro
Tool: Privoxy http://www.privoxy.org




Client and Server in E-mail
E-mail Client
E-mail Server
Real E-mail System
Received: Headers
Forging Headers
List of Common Headers
Exchange Message Tracking Center
MailDetective Tool
 Forensic ToolKit (FTK)
 Tool: E-Mail Detective
 Recover My Email for Outlook
 Diskinternals – Outlook Recovery
 Tool: SpamArrest
 Tool: ID Protect - www.enom.com
U.S. Laws Against Email Crime: CAN-SPAM
Act
U.S.C. § 2252A
U.S.C. § 2252B
Email crime law in Washington: RCW
19.190.020
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Module 27: Investigating Corporate
Espionage









Introduction to Corporate Espionage
Motives behind Corporate Espionage
Information that Corporate Spies Seek
Corporate Espionage: Insider/Outsider
Threat
Techniques of Spying
Defense Against Corporate Spying
Netspionage
Investigating Corporate Espionage
CasesEmployee Monitoring: Activity Monitor
Spy Tool: SpyBuddy
Module 28: Investigating Trademark and
Copyright Infringement









Characteristics of Trademarks
Copyright
Copyright Infringement: Plagiarism
 Plagiarism Detection Factors
 Plagiarism
Detection
Tool:
Copy
Protection System (COPS)
 Plagiarism Detection Tool: SCAM
(Stanford Copy Analysis Mechanism)
 Plagiarism Detection Tool: CHECK
 Plagiarism Detection Tool: Jplag
 Plagiarism Detection Tool: VAST
 Plagiarism Detection Tool: SIM
 Plagiarism Detection Tool: PLAGUE
 Plagiarism Detection Tool: YAP
 Plagiarism Detection Tool: SPlaT
 Plagiarism Detection Tool: Sherlock
 Plagiarism Detection Tool: Urkund
 Plagiarism Detection Tool: PRAISE
 Plagiarism Detection Tool: FreestylerIII
 Plagiarism
Detection
Tool:
SafeAssignment
http://www.ip.com
 How it works?
Investigating Intellectual Property
US Laws for Trademarks and Copyright
Indian Laws for Trademarks and Copyright
Japanese Laws for Trademarks and
Copyright
Australia Laws For Trademarks and
Copyright
www.itpro.net.vn

UK Laws for Trademarks and Copyright
Module 29: Investigating sexually
harassment incidents

















Sexual Harassment - Introduction
Types of Sexual Harassment
Consequences of Sexual Harassment
Responsibilities of Supervisors
Responsibilities of Employees
Complaint Procedures
Investigation Process
Sexual Harassment Investigations
Sexual Harassment Policy
Preventive Steps
U.S Laws on Sexual Harassment
The Laws on Sexual Harassment: Title VII
of the 1964 Civil Rights Act
The Laws on Sexual Harassment: The Civil
Rights Act of 1991
The Laws on Sexual Harassment: Equal
Protection Clause of the 14th Amendment
The Laws on Sexual Harassment: Common
Law Torts
The Laws on Sexual Harassment: State and
Municipal Laws
Module 30: Investigating Child
Pornography










Introduction to Child Pornography
People’s Motive Behind Child Pornography
People Involved in Child Pornography
Role of Internet in Promoting Child
Pornography
Effects of Child Pornography on Children
Measures to Prevent Dissemination of Child
Pornography
Challenges in Controlling Child Pornography
Guidelines for Investigating Child
Pornography Cases
Sources of Digital Evidence
Antichildporn.org
 How to Report Antichildporn.org about
Child Pornography Cases
Tel: (84-4) 37875728 – Fax: (84-4) 37875729











 Report Format of Antichildporn.org
Tools to Protect Children from Pornography:
Reveal
 Tool: iProtectYou
 Child Exploitation Tracking System
(CETS)
http://www.projectsafechildhood.gov/
Innocent Images National Initiative
Internet Crimes Against Children (ICAC)
Reports on Child Pornography
U.S. Laws against Child Pornography
Australia Laws against Child Pornography
Austria Laws against Child Pornography
Belgium Laws against Child Pornography
Cyprus Laws against Child Pornography
Japan Laws against Child Pornography




Module 33: Blackberry Forensics







Module 31: PDA Forensics



Features
PDA Forensics Steps
 Investigative Methods
Tool:
 PDA Secure – Forensic Tool
 EnCase – Forensic Tool
Module 32: iPod Forensics












iPod
 iPod Features
 iPod as Operating System
Apple HFS+ and FAT32
Application Formats
Misuse of iPod
iPod Investigation
 Mac Connected iPods
 Windows Connected iPods
 Storage
 Lab Analysis
 Remove Device From Packaging
Testing Mac Version
Full System Restore as Described in the
Users’ Manual
Testing Windows Version
User Account
Calendar and Contact Entries
Macintosh Version
EnCase
®
ITPro Global 2009
www.itpro.net.vn
Deleted Files
Windows Version
Registry Key Containing the iPod’s
USB/Firewire Serial Number
Tool:
 DiskInternals Music Recovery
 Recover My iPod: Tool









Blackberry: Introduction
BlackBerry Functions
BlackBerry as Operating System
How BlackBerry (RIM) Works
BlackBerry Serial Protocol
BlackBerry Security
BlackBerry Wireless Security
 BlackBerry Security for Wireless Data
 Security for Stored Data
Forensics
Acquisition
Collecting Evidence from Blackberry
 Collecting Evidence from Blackberry:
Gathering Logs
 Collecting Evidence from Blackberry:
Imaging and Profiling
Review of Evidence
Simulator – Screenshot
Blackberry Attacks
Protecting Stored Data
Data Hiding in BlackBerry
BlackBerry Signing Authority Tool
Module 34: Investigative Reports









Understanding the Importance of Reports
Investigating Report Requirements
Sample Forensic Report
 Sample Report
Guidelines for Writing Reports
Important Aspects of a Good Report
Dos and Don'ts of Forensic Computer
Investigations
Case Report Writing and Documentation
Create a Report to Attach to the Media
Analysis Worksheet
Investigative Procedures
Tel: (84-4) 37875728 – Fax: (84-4) 37875729



Collecting Physical and Demonstrative
Evidence
Collecting Testimonial Evidence
Best Practices for Investigators
Module 35: Becoming an Expert Witness






What is Expert Witness
Types of Expert Witnesses
 Computer Forensics Experts
 Medical & Psychological Experts
 Civil Litigation Experts
 Construction & Architecture Experts
 Criminal Litigation Experts
Scope of Expert Witness Testimony
Checklists for Processing Evidence
Examining Computer Evidence
 Recognizing Deposing Problems
Dealing with Media
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
EC-Council Certified Security Analyst/Licensed Penetration Tester ECSA/LPT CERTIFICATION BOOTCAMP (v4)
Nhà Phân tích an ninh /Kiểm tra sự xâm nhập của EC-Council - ECSA/LPT
Tổng quan
ECSA/LPT là lớp học không như các lớp học khác! Cung cấp thế giới thực hành thực trên kinh nghiệm thực tế.
Lớp học chỉ tập trung sâu vào Kiểm tra sự xâm nhập và Hack nâng cao. Bao gồm việc kiểm tra ở tất cả cơ sở hạ
tầng, các hệ điều hành và các môi trường ứng dụng hiện đại.
Chương trình Nhà phân tích an ninh, kiểm tra sự xâm nhập của EC-Council (EC-Council’s Certified Security
Analyst/LPT) là khóa học về an ninh 5 ngày có sự tương tác cao được thiết kế để giảng dạy cho các chuyên viên
an ninh việc sử dụng các phương pháp, các công cụ và công nghệ cao cấp đẻ kiểm tra sự xâm nhập cần thiết để
thực hiện các kiểm tra an ninh thông tin tổng thể.
Đối tượng
Các nhà Quản trị máy chủ mạng, Quản trị bức tường lửa, Các nhà kiểm tra an ninh, Quản trị hệ thống và Các
chuyên viên đánh giá rủi ro.
Thời lượng
5 ngày
Mục tiêu
Các học viên sẽ học cách thiết kế, bảo vệ và kiểm tra các mạng để bảo vệ tổ chức của học viên từ các đe dọa của
các kiểu tin tặc và tội phạm máy tính. Bằng cách giảng dạy các công cụ và các kỹ thuật xâm nhập cơ bản cho việc
kiểm tra xâm nhập và an ninh, lớp học này sẽ giúp học viên thực hiện các đánh giá chuyên sâu cần thiết để xác
định và làm giảm bớt một cách hiệu quả các rủi ro cho an ninh cơ sở hạ tầng của tổ chức.Do học viên học cách
xác định các vấn đề an ninh, học viên cũng học cách làm thế nào tránh và loại trừ các vấn đề đó, bằng việc cung
cấp đồng bộ .cho lớp học các đề tài phân tích và kiểm tra an ninh mạng.
Chứng chỉ
Việc thi lấy chứng chỉ quốc tế môn ECSA sẽ được thực hiện vào ngày cuối cùng của lớp học. Các học viên cần thi
online đạt yêu cầu tại trung tâm thi Prometric môn thi 412-79 để nhận chứng chỉ ECSA. Học viên cũng sẽ được
chuẩn bị để lấy chứng chỉ LPT.
Module 1: The Need for Security Analysis

New Technologies

What Are We Concerned About?

New Threats, New Exploits

So What Are You Trying To Protect?

Limited Focus

Why Are Intrusions
Successful?

Limited Expertise

Authentication

Authorization
So
Often

What Are The Greatest Challenges?

Environmental Complexity
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Confidentiality

Network-Connection Policy

Integrity

Business-Partner Policy

Availability

Other Important Policies

Nonrepudiation

Policy Statements

We Must Be Diligento:p> 

Threat Agents
Basic Document Set of Information
Security Policies

Assessment Questions

ISO 17799

How Much Security is Enough?

Domains of ISO 17799

Risk

No Simple Solutions

Simplifying Risk

U.S. Legislation

Risk Analysis

California SB 1386

Risk Assessment Answers Seven
Questions

Sarbanes-Oxley 2002

Gramm-Leach-Bliley Act (GLBA)

Health Insurance Portability
Accountability Act (HIPAA)

USA Patriot Act 2001

U.K. Legislation

How Does This Law Affect a Security
Officer?

Steps of Risk Assessment

Risk Assessment Values

Information Security Awareness

Security policies

Types of Policies

Promiscuous Policy

The Data Protection Act 1998

Permissive Policy

The Human Rights Act 1998

Prudent Policy

Interception of Communications

Paranoid Policy


Acceptable-Use Policy
The Freedom of Information Act
2000

User-Account Policy

The
Audit
Investigation
and
Community Enterprise Act 2005 
Remote-Access Policy

Information-Protection Policy

Firewall-Management Policy

Special-Access Policy
www.itpro.net.vn
and
Module 2: Advanced Googling

Site Operator

intitle:index.of

error | warning
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

login | logon


username | userid | employee.ID |
“your username is”
Web
Server
Messages

IIS HTTP/1.1 Error Page Titles

“Object Not Found” Error Message
Used to Find IIS 5.0
passcode
|
“your
Software
Error

password |
password is”

admin | administrator

Apache Web Server

admin login

Apache 2.0 Error Pages

–ext:html –ext:htm
ext:asp –ext:php

Application Software Error Messages


inurl:temp | inurl:tmp | inurl:backup |
inurl:bak
ASP Dumps
Details


intranet | help.desk
Many Errors Reveal Pathnames and
Filenames

Locating Public Exploit Sites


Locating Exploits Via Common Code
Strings
CGI Environment Listings Reveal
Lots of Information

Default Pages

A Typical Apache Default Web Page

Locating Default Installations of IIS
4.0 on Windows NT 4.0/OP

Default Pages Query for Web Server

Outlook Web Access Default Portal

Searching for Passwords

Windows Registry
Reveal Passwords

Usernames, Cleartext Passwords,
and Hostnames! –ext:shtml
–

Searching for Exploit Code with
Nonstandard Extensions

Locating Source Code with Common
Strings

Locating Vulnerable Targets

Locating Targets Via Demonstration
Pages

“Powered by” Tags Are Common
Query Fodder for Finding Web
Applications

Locating Targets Via Source Code

Vulnerable
Examples
Web
Application

Locating Targets Via CGI Scanning

A Single CGI Scan-Style Query

Directory Listings

Finding IIS 5.0 Servers
www.itpro.net.vn
Provide
Dangerous
Entries
Can
Module 3: TCP/IP Packet Analysis

TCP/IP Model

Application Layer

Transport Layer

Internet Layer

Network Access Layer
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Comparing OSI and TCP/IP

Sequencing Numbers

Addressing


IPv4 Addresses
Positive
Acknowledgment
Retransmission (PAR)

IP Classes of Addresses

UDP Operation

Reserved IP Addresses


Private Addresses
Port Numbers Positioning between
Transport and Application Layer
(TCP and UDP)

Subnetting

Port Numbers

IPv4 and IPv6

http://www.iana.org/assignments/port
-numbers

Transport Layer


Flow Control
What Makes
Unique?

Three-Way Handshake

Internet Control Message Protocol
(ICMP)

TCP/IP Protocols

Error Reporting and Error Correction

TCP Header

ICMP Message Delivery

IP Header

Format of an ICMP Message

IP Header: Protocol Field

Unreachable Networks

UDP

Destination Unreachable Message

TCP and UDP Port Numbers


Port Numbers
ICMP Echo (Request) and Echo
Reply

TCP Operation

Detecting Excessively Long Routes

Synchronization
Handshake

IP Parameter Problem

ICMP Control Messages

Denial of Service (DoS) Attacks

ICMP Redirects

DoS Syn Flooding Attack


Windowing
Clock Synchronization and Transit
Time Estimation

Acknowledgement


Windowing and Window Sizes
Information Requests
Message Formats

Simple Windowing

Address Masks

Sliding Windows

Router
Solicitation
Advertisement ITPro Global ® 2009
www.itpro.net.vn
or
3-way
Each
and
Connection
and
Reply
and
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Module 4: Advanced Sniffing Techniques

Wireless Sniffing with Wireshark

What is Wireshark?

AirPcap

Wireshark: Filters

Using Channel Hopping

IP Display Filters

Interference and Collisions

Example


Wireshark: Tshark
Recommendations
Wireless

Wireshark: Editcap

Analyzing Wireless Traffic

Wireshark: Mergecap

IEEE 802.11 Header

Wireshark: Text2pcap

IEEE 802.11 Header Fields

Using
Wireshark
Troubleshooting

Filters

Filtering on Source MAC Address
and BSSID

Filtering on BSSID

Filter on SSID

Wireless Frame Types Filters

Unencrypted Data Traffic

Identifying Hidden SSIDs

Network
Methodology
for
Network
Troubleshooting

Using
Wireshark
Administration
for
System

ARP Problems

ICMP Echo Request/Reply Header
Layout
for
Sniffing

TCP Flags

Revealed SSID

TCP SYN Packet Flags Bit Field


Capture Filter Examples
Identifying
Failures

Scenario 1: SYN no SYN+ACK

Identifying the EAP Type

Scenario
2:
Response RST

Identifying
Properties

Scenario 3: SYN SYN+ACK ACK

EAP Identity Disclosure

 Using Wireshark for Security
Administration

Identifying WEP

Identifying TKIP and CCMP

Identifying IPSec/VPN
SYN
Relay
Chat
Authentication
Key

Detecting
Activity

Decrypting Traffic

Wireshark as a Detector for
Proprietary Information Transmission

Scanning

Sniffer Detection

TCP Connect Scan
www.itpro.net.vn
Internet
Immediate
EAP
Negotiation
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

SYN Scan

Report Generation

XMAS Scan

Reports: Result

Null Scan

Identifying False Positives

Remote Access Trojans

Suspicious Signs

NetBus Analysis

False Positives

Trojan Analysis Example NetBus
Analysis

Examples of False Positives

Writing Nessus Plugins

Writing a Plugin
Module 5: Vulnerability Analysis with
Nessus

Nessus

Installing and Running the Plugin

Features of Nessus

Nessus Report with output from our
plugin

Nessus Assessment Process


Nessus: Scanning
Security
Center
http://www.tenablesecurity.com

Nessus: Enumeration

Nessus: Vulnerability Detection

Wireless Concepts

Configuring Nessus

Wireless Concepts

Updating Nessus Plug-Ins

802.11 Types

Using the Nessus Client

Core Issues with 802.11

Starting a Nessus Scan

What’s the Difference?

Generating Reports

Other Types of Wireless

Data Gathering

Spread Spectrum Background

Host Identification

Channels

Port Scan

Access Point

SYN scan

Service Set ID

Timing

Default SSIDs

Port Scanning Rules of Thumb

Chipsets

Plug-in Selection

Wi-Fi Equipment

Dangerous plugins

Expedient Antennas

Scanning Rules of Thumb
www.itpro.net.vn
Module 6: Advanced Wireless Testing
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Vulnerabilities
RADIUS

to
802.1x
and

Wireless Penetration Testing with
Windows
Wired Equivalent Privacy

Attacks And Tools

Security - WEP

War Driving

Wired Equivalent Privacy

The Jargon – WarChalking

Exclusive OR

WarPumpkin

Encryption Process

Wireless: Tools of the Trade

Chipping Sequence

Mapping with Kismet

WEP Issues

WarDriving with NetStumbler

WEP - Authentication Phase

How NetStumbler Works?

WEP - Shared Key Authentication


WEP - Association Phase
“Active” versus
Detection

WEP Flaws

Disabling the Beacon

WEP Attack

Running NetStumbler

WEP: Solutions

Captured Data Using NetStumbler

WEP Solution – 802.11i

Filtering by Channels

Wireless Security Technologies

Airsnort

WPA Interim 802.11 Security

WEPCrack

WPA

Monkey-Jack

802.1X Authentication and EAP

How Monkey-Jack Works

EAP Types

Before Monkey-Jack

Cisco LEAP

After Monkey-Jack

TKIP (Temporal
Protocol)

AirCrack-ng

How Does It Work?
Key
Integrity
“Passive”
WLAN

Wireless Networks Testing

FMS and Korek Attacks

Wireless Communications Testing

Crack WEP

Report Recommendations

Available Options

Wireless Attack Countermeasures

Usage Examples

Cracking WPA/WPA2 Passphrases
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Notes

Determining
Network
Network View

IP Forwarding
Iptables

Installing Iptables and IP Forwarding

Establishing the NAT Rules
Topology:
and
NAT
Using

WarDriving and Wireless Penetration
Testing with OS X

Dnsmasq

What is the Difference between
“Active" and “Passive" Sniffing?

Configuring Dnsmasq

Using a GPS

Apache Web Servers

Attacking
KisMAC

Virtual Directories

Clone the Target Access Point and
Begin the Attack
WEP
Encryption
with

Deauthenticating Clients

Attacking WPA with KisMAC

Start the Wireless Interface

Brute-force Attacks Against 40-bit
WEP

Deauthenticate Clients Connected to
the Target Access Point

Wordlist Attacks

Wait for the Client to Associate to
Your Access Point

Mapping
StumbVerter

Spoof the Application

MITM Attack basics 
Modify the Page

MITM Attack Design

Example Page

MITM Attack Variables

Login/php page

Hardware for the Attack Antennas,
Amps, WiFi Cards

Redirect Web Traffic Using Dnsmasq

Wireless Network Cards

Choosing the Right Antenna

Amplifying the Wireless Signal

Identify and Compromise the Target
Access Point

Compromising the Target

Crack the WEP key

Aircrack-ng Cracked the WEP Key

The
MITM
Configuration
www.itpro.net.vn
WarDrives
Attack
with
Module 7: Designing a DMZ
Laptop

Introduction

DMZ Concepts

Multitiered Firewall With a DMZ Flow

DMZ Design Fundamentals

Advanced Design Strategies

Designing Windows DMZ

Designing Windows DMZ

Precautions for DMZ Setup

Security Analysis for the DMZ
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Designing Sun Solaris DMZ

Output Plugins

Placement of Servers

Rules

Advanced Implementation
Solaris DMZ Server

Working of Snort

Initializing Snort

Solaris DMZ Servers in a Conceptual
Highly Available Configuration

Signal Handlers

Private and Public Network Firewall
Ruleset

Parsing the Configuration File

Decoding

Possible Decoders

Preprocessing

Detection

Content Matching

Content-Matching Functions

The Stream4 Preprocessor

Inline Functionality

Writing Snort Rules

Snort Rule Header
of
a

DMA Server Firewall Ruleset

Solaris DMZ System Design

Disk Layout and Considerations

Designing Wireless DMZ

Placement of Wireless Equipment

Access to DMZ and Authentication
Considerations

Wireless DMZ Components

Wireless DMZ Using RADIUS to
Authenticate Users

WLAN DMZ Security Best-Practices

Snort Rule Header: Actions

DMZ Router Security Best-Practice

Snort Rule Header: Other Fields

DMZ Switch Security Best-Practice

IP Address Negation Rule

Six Ways to Stop Data Leaks

IP Address Filters

Reconnex 
Port Numbers

Direction Operator
Module 8: Snort Analysis

Snort Overview

Rule Options

Modes of Operation

Activate/Dynamic Rules

Features of Snort

Meta-Data Rule Options: msg

Configuring Snort

Reference Keyword

Variables

sid/rev Keyword

Preprocessors

Classtype Keyword
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Payload Detection Rule Options:
content

Modifier Keywords

Offset/depth Keyword

Uricontent keyword

fragoffset keyword

ttl keyword

id keyword

flags keyword

itype keyword : icmp id

Writing Good Snort Rules


Syslog: Enabling Message Logging

Main Display Window

Configuring Kiwi Syslog to Log to a
MS SQL Database

Configuring Ethereal
Syslog Messages

Sending Log Files via email

Configuring Cisco Router for Syslog

Configuring DLink Router for Syslog

Configuring Cisco PIX for Syslog

Configuring an Intertex / Ingate/
PowerBit/ SurfinBird ADSL router
Sample Rule to Catch Metasploit
Buffer Overflow Exploit

Configuring a LinkSys wireless VPN
Router

Tool for writing Snort rules: IDS
Policy Manager

Configuring a Netgear ADSL Firewall
Router

Subscribe to Snort Rules

Analyzing Web Server Logs

Honeynet Security Console Tool

Apache Web Server Log

Key Features 
AWStats

Configuring AWStats for IIS
Module 9: Log Analysis
to
Capture

Introduction to Logs

Log Processing in AWStats

Types of Logs

Analyzing Router Logs

Events that Need to be Logged

Router Logs

What to Look Out For in Logs


W3C Extended Log File Format
Analyzing Wireless Network Devices
Logs

Automated Log Analysis Approaches

Wireless Traffic Log

Log Shipping

Analyzing Windows Logs

Analyzing Syslog

Configuring Firewall Logs in Local
Windows System

Syslog

Viewing Local Windows Firewall Log

Setting up a Syslog

Viewing Windows Event Log
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

AAnalyzing Linux Logs

Configuring an NTP Server

iptables

NTP: Setting Local Date and Time

Log Prefixing with iptables

Log Analysis Tools

Firewall Log Analysis with grep


Analyzing SQL Server Logs
All-Seeing
Tracker

SQL Database Log

Network Sniffer Interface Test Tool

ApexSQL Log

Syslog Manager 2.0.1

Configuring ApexSQL Log

Sawmill

Analyzing VPN Server Logs

WALLWATCHER

VPN Client Log

Log Alert Tools

Analyzing Firewall Logs

Network Eagle Monitor

Why Firewall Logs are Important

Network Eagle Monitor: Features

Firewall Log Sample

SQL Server Database Log Navigator

ManageEngine Firewall Analyzer

What Log Navigator does?

Installing Firewall Analyzer

How Does Log Navigator Work?

Viewing Firewall Analyzer Reports

Snortsnarf

Firewall Analyzer Log Reports

Types of Snort Alarms

Analyzing IDS Logs

ACID (Analysis Console for Intrusion
Databases)

SnortALog

IDS Log Sample

Common Vulnerabilities

Analyzing DHCP Logs

Buffer Overflows Revisited

DHCP Log


NTP Configuration
Smashing the Stack for Fun and
Profit

Time Synchronization and Logging

Smashing the Heap for Fun and
Profit

NTP Overview


NTP Client Configuration
Format Strings
Mayhem

Configuring an NTP client using the
Client Manager

The Anatomy of an Exploit

Vulnerable code
www.itpro.net.vn
Eye
Tool: Event
Log
Module 10: Advanced Exploits and Tools
for
Chaos
and
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Methodologies

Shellcoding

Shellcode Examples

Delivery Code

Delivery Code: Example

Linux Exploits Versus Windows

Windows Versus Linux

Tools of the Trade: Debuggers

Tools of the Trade: GDB

Tools of the Trade: Metasploit

Metasploit Frame work

User-Interface Modes

Metasploit: Environment

Environment: Global Environment

Environment:
Environment

Metasploit: Options

Metasploit: Commands

Metasploit: Launching the Exploit

MetaSploit: Advanced Features

Tools of the Trade: Canvas

Tools of the Trade: CORE Impact

IMPACT Industrializes Penetration
Testing

Ways to Use CORE IMPACT

Other IMPACT Benefits
Module 27: Stolen Laptop, PDAs and Cell
phones Penetration Testing

ANATOMY OF A REAL-WORLD
ATTACK
Module 28: Application Penetration Testing

CLIENT SIDE EXPLOITS
Module 29: Physical Security Penetration
Testing

Impact Demo Lab
www.itpro.net.vn
Module 12: Customers and Legal
Agreements
Module 13: Rules of Engagement
Module 14: Penetration Testing Planning
and Scheduling
Module 15: Pre Penetration Testing
Checklist
Module 16: Information Gathering
Module 17: Vulnerability Analysis
Module 18: External Penetration Testing
Module 19: Internal Network Penetration
Testing
Temporary
Module 20: Routers and Switches
Penetration Testing
Module 21: Firewall Penetration Testing
Module 22: IDS Penetration Testing
Module 23: Wireless Network Penetration
Testing
Module 24: Denial of Service Penetration
Testing
Module 25: Password Cracking Penetration
Testing
Module 26: Social Engineering Penetration
Testing
Module 30: Database Penetration testing
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Module 31: VoIP Penetration Testing
Module 32: VPN Penetration Testing
Module 33: War Dialing
Module 34: Virus and Trojan Detection
Module 35: Log Management Penetration
Testing
Module 36: File Integrity Checking
Module 37: Blue Tooth and Hand held
Device Penetration Testing
Module 38: Telecommunication and
Broadband Communication Penetration
Testing
Module 39: Email Security Penetration
Testing
www.itpro.net.vn
Module 40: Security Patches Penetration
Testing
Module 41: Data Leakage Penetration
Testing
Deliverables and Conclusion
Module 43: Penetration Testing Report and
Documentation Writing
Module 44: Penetration Testing Report
Analysis
Module 45: Post Testing Actions
Module 46: Ethics of a Licensed
Penetration Tester
Module 47: Standards and Compliance
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
EC-COUNCIL CERTIFIED SECURE PROGRAMMER - ECSP (v2)
An ninh cho lập trình viên của EC-Council (v2)
Tổng quan
Nội dung khóa đào tạo “An ninh cho lập trình viên” của EC-Council đưa ra những nền tảng cơ bản để đảm
bảo an ninh cho hệ thống do các nhà thiết kế chương trình ứng dụng và các tổ chức phát triển phần mềm ứng
dụng yêu cầu để tạo lập các chương trình ứng dụng có độ ổn định cao và ít rủi ro cho khách hàng. Nội dung
khóa đào tạo được xây dựng trên cơ sở tổng kết và đóng góp của các chuyên gia giàu kinh nghiệm trong
nhiều lĩnh vực khác nhau.
Đối tượng
Chứng chỉ hoàn thành khóa học ECSP cấp cho các lập trình viên, những người có trách nhiệm thiết kế và xây
dựng các ứng dụng tron môi trường Windows/Web với khung .NET/Java. Chương trình này được thiết kế cho
các nhà thiết kế có các kỹ năng sử dụng C#, C++, Java, PHP, ASP, .NET và SQL.
Thời lượng
Khóa học có thời lượng là 5 ngày
Điều kiện
Học viên phải có kiến thức lập trình cơ bản.
Mục tiêu
Điểm nổi bật của khóa học ECSP là cung cấp những kiến thức về an ninh hệ thống không phụ thuộc vào một
lĩnh vực cụ thể, Nội dung khóa đào tạo ECSP đáp ứng yêu cầu của các ngôn ngữ lập trình khác nhau trên
quan điểm an ninh. Điều này dẫn đến sự hiểu biết sâu hơn về các lĩnh vực chuyên môn / kiến trúc / ngôn ngữ
cũng như về các vấn đề liên quan.
Chứng chỉ
Sau khóa học, học viên sẽ đạt được chứng chỉ hoàn thành khóa học của EC-Council. Để lấy chứng chỉ quốc tế
ECSP bạn phải thi môn thi ECSP 312-92 tại các trung tâm khảo thí Prometric
Module I: Introduction to Secure Coding
 Common Security Mistakes
 Software Security Scenario
 Why Security Mistakes Are Made
 Secure Coding
 Need for Secure Programming
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 Building Blocks of Software Security
o
JAD (Joint Application Development)
 Types of Security Vulnerabilities
o
Fountain Model
 Vulnerability Cycle
o
Spiral Model
 Types of Attacks
o
Build and Fix
 Hackers and Crackers or Attackers
o
Synchronize-and-Stabilize
 Risk Assessment and Threat Modeling

Agile Methodologies
 STRIDE Threat Model

Extreme Programming (XP)
 Common Criteria
o
XP Practices
 Security Architecture
o
The Rules and Practices of Extreme
Programming
 Security Principles

 Secure Development Checklists
 Use of Privilege
o Data, Configuration, and Temporary
Files
Unified Modeling Language (UML)
o
Primary Goals
o
Diagram
o
UML Tool
 Rational Rose
o Network Port Use

o Audit Logs

User-Server Authentication
Vulnerabilities and Other Security Issues in a
Software Application
o Security Through Obscurity
o Buffer Overflows
Module II: Designing Secure Architecture
o
Format String Vulnerabilities/ Race
Conditions

Introduction

Secure Architecture
o Locking Problems

Application Security
o Exception Handling

Factors Affecting Application Security
o Fundamentals of Control Granularity

Software
Engineering
and
Development Life Cycle (SDLC)

Different Phases of Software Development
Life Cycle
System
o
Of
Fail
Safe
Design
o Fail Safe Design Strategies

Fault
Detection
Tolerance
and

and
o Design
Fault
Removal
Avoidance
o Coding
o Input and Parameter Validation
o Testing
o
o System Requirements
o Specifications
o Integration Testing
o
Software Methodology Models
o
Waterfall Model
o
RAD
(Rapid
Development)
www.itpro.net.vn
Encrypting Secrets in Memory and
Storage
o Scrubbing Information
o Maintenance

Concepts
Strategies
Privilege
Access
Levels
for
Information
o Loose Coupling
Application
o High Cohesion
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o

Change Management and Version
Control
o Components of a Digital Signature
o
Best Practices for Software Development
Projects
Signature
o Digital Signature Standard
o Digital Signature Algorithm: Signature
 Introduction to Cryptography
o Digital Signature Algorithms: ECDSA,
ElGamal Signature Scheme
o Encryption
o Decryption
 Classical Cryptographic Techniques
Digital
o Use of Digital Signature
Module III: Cryptography
 Use of Cryptography
Method
of
Technology
o Challenges and Opportunities
 Digital Certificates
 Modern Cryptographic Techniques
o Creating and Verifying a Simple XML
Digital Signature in C#
 Cipher
o
 RSA (Rivest Shamir Adleman)
Cleversafe
Grid
http://www.cleversafe.com/
o Example of RSA Algorithm
 PGP (Pretty Good Privacy)
o RSA Attacks
 CypherCalc
o RSA Challenge
 Command Line Scriptor
o Implementation of RSA in C++
 CryptoHeaven
 Data Encryption Standard (DES)
 Cryptanalysis
o DES Overview
 Cryptography Attacks
o Implementation of DES in Java
 Brute-Force Attack
 RC4, RC5, RC6, Blowfish
o RC5
Builder
 Use Of Cryptography
Module IV: Buffer Overflows
 Blowfish Algorithm in C

Buffer Overflows
 Message Digest Functions

Reasons for Buffer Overflow Attacks
o One-way Bash Functions

Why are Programs/Applications Vulnerable?
o MD5

Understanding Stacks
o Implementation of MD5 in Java

Understanding Heaps

Types of Buffer Overflows: Stack-based
Buffer Overflow
 SHA (Secure Hash Algorithm)
o SHA Implementation in Java
 SSL (Secure Sockets Layer)
 What is SSH?
o SSH (Secure Shell)

 Algorithms and Security
o
A Simple Uncontrolled Overflow of
the Stack
o
Stack Based Buffer Overflows
Types of Buffer Overflows: Heap-based
Buffer Overflow
 Disk Encryption
o
Heap Memory Buffer Overflow Bug
 Government Access to Keys (GAK)
o
Heap-based Buffer Overflow
 Digital Signature
www.itpro.net.vn

How to Detect Buffer Overflows in a Program
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o

Attacking a Real Program
o Heap-Based Buffer Overflow
Defense Against Buffer Overflows
o
Tool to Defend Buffer Overflow:
Return Address Defender (RAD)
o
StackGuard
o
Immunix System
o Vulnerability Search – ICAT
o Off By One/Five Errors
o Double Free Vulnerability

Secure Memory Allocation Tips

Symmetric Encryption
o

Blowfish Algorithm in C

Public Key Cryptography
o Valgrind
o

o Insure++


Comparing Functions of libc and
Libsafe
Simple Buffer Overflow in C
o
o
Creating an SSL Client in C++
o
Creating an SSL Server

Random Number Generation Problem

Anti-Tampering
Code Analysis
o Anti-Tampering Techniques

Erasing Data from Memory Securely using
C/C++

Preventing Memory From Being Paged to
Disk

Using Variable Arguments Properly
o Strcpy()

Signal Handling
o Strncat()

Encapsulation in C++
o Strncpy()

Best Practices for Input Validation
o Sprintf()

Code Profiling And Memory Debugging Tool:
Val grind
Module V: Secure C and C++ Programming

Introduction of C/C++

Vulnerable C/C++ Functions
o Gets()

Public Key Cryptography in C++
Networking
Buffer Overflow Protection Solution: Libsafe
o
Symmetric Encryption in C++
C/C++ Vulnerabilities
o Buffer Overflow
Module VI: Secure Java and JSP Programming

Strings
 Introduction to Java

Countermeasures
 JVM

Integer Vulnerabilities
 Java Security

Truncation
 Sandbox Model

Sign Error
 Security Issues with Java

Countermeasures
o SQL Injection Attack
o Pointer Subterfuge

SQL Injection using UNION
o Dynamic Memory Management

Preventive Measures for
SQL Injection
o Stack Smashing
o
GCC Extension to Protect StackSmashing Attacks
®
ITPro Global 2009
www.itpro.net.vn
o URL Tampering
o
Denial-of-Service (DoS) Attack on
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Applet
 Java GSS Security

Sample
Attack

DoS by Opening Untrusted
Windows

Preventing DOS Attacks
Code
for
o Code for GSS Server
DoS
o Code for GSS Client
o Problem of Untrusted User Input
 Security From Untrusted User Input
 Cross Site Scripting
o .Class File Format
o
o Byte Code Attack
o Reverse Engineering/ Decompilation
by Mocha
 Permissions in Java
o
o Obfuscation Tools: Jmangle
o Cinnabar Canner
types
of
o Policy Tool
o Building a SimpleClassLoader

 Security Manager
 jarsigner - JAR Signing and Verification Tool
Applet
new
o Specifying an additional Policy File at
runtime
 Class Loader
Signing an
Certificates
How to create
permissions?
 Security Policy
 Byte Code Verifier

Overcoming Cross Site Scripting
Problem
Using
RSA-Signed
Policy Tool: Creating a new
Policy File
 Best practices for developing secure Java
Code
o Signing Tools
o Getting RSA Certificates
o Bundling Java Applets as JAR Files
o Signing Java Applets Using Jarsigner
o Signing Java Applets Using Netscape
Signing Tool
Module VII: Secure Java Script and VB Script
Programming

Script: Introduction

JavaScript Vulnerability
o
Cross-Site Scripting (XSS)
 How to Avoid XSS?
 Security Extensions
o Java Authentication and Authorization
Service (JAAS)
o
JavaScript Hijacking

o Java Cryptographic Extension (JCE)
Defending
Against
JavaScript Hijacking
o Java Cryptography Architecture
 Decline Malicious Requests
o JCE: Pseudo Code for Encryption
 Prevent Direct Execution of
the JavaScript Response
o JCE: Pseudo Code for Decryption
o
Sample Code for Encryption and
Decryption
o
Java(TM) Secure Socket Extension
(JSSE)
 Creating Secure Client Sockets
 Creating Secure Server Sockets
 Choosing the Cipher Suites
www.itpro.net.vn
 Malicious Script Embedded
in Client Web Requests
 Tool: Thicket Obfuscator for
JavaScript

JavaScript Security in Mozilla

JavaScript Security in Mozilla:
Same Origin Policy
o Same Origin Check
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o JavaScript Security in Mozilla: Signed
Script Policy

Detecting Exceptions with Scripting
Language
Error-Handling
Mechanisms
o
Using VBScript to Detect an Error
o
Using Jscript to Detect an Error
Netscape's SignTool
o Netscape's SignTool: Signing a File

Privileges

Tool for Encryption: TagsLock Pro

JavaScript
Shell
(Jash):
Command-Line Debugging Tool

Tool: Script Encoder

Tool: Scrambler

VBScript: CryptoAPI Tools

Signing A Script (Windows Script Host )

Verifying a Script

Signature Verification Policy

Software Restriction Policies for Windows XP



o
Javascript

Notifying the Support Team When an Error
Occurs Using CheckForError

Attacks on ASP

ASP DypsAntiSpam: A CAPTCHA for ASP

o
How
To
Prevent
Automatic
Submission With DypsAntiSpam
o
CAPTCHA: Examples
How to Use Database and ASP Sessions to
Implement ASP Security
o
Step 1: Create A User Database
Table
Step-by-Step Guide for Designing a Software
Restriction Policy
o
Step 2: Create And Configure The
Virtual Directory
Step-by-Step Guide for Creating Additional
Rules
o
Step 3: Create The Sample Pages
o
Step 4: Add Validation Code To
Pages
Rule for Blocking Malicious Scripts

Module VIII: Secure ASP Programming

ASP- Introduction

ASP Design Problems

Improving ASP Design

Protecting Your ASP Pages
o
Encoding ASP Code: Script Encoder
o
Protecting Passwords of ASP Pages
with a One-way Hash Function
ASP Best Practices
o
ASP Best Practices: Error Handling
o Using Server-Side Includes
o

Using Server-Side Includes:
Example

Using Server-Side Includes:
Protecting the Contents of
Include Files
Taking
Classes
Advantage
of
Module IX: Secure Microsoft.NET Programming

Common Terminology

Microsoft .NET: Introduction

.NET Framework
VBScript
o
.NET Framework Security Policy
Model
o Using Server.Execute

Security Policy Levels
o Using Server.Transfer

Security Features in .NET

#include Directive

Key Concepts in .NET Security

.BAK Files on the Server

Code Access Security (CAS)

Programming Errors

Evidence-Based Security

Role-Based Security
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o
Role-Based
Principal
o
Role-Based
principal
Security:
Windows

Administration Tool: Authorization Manager
(AzMan) with ASP.Net
Generic

ASP.NET Security Architecture

Authentication and Authorization Strategies
Security:

Declarative and Imperative Security
o
URL Authorization

Cryptography
o
File Authorization

Generate Key for Encryption and Decryption
o
Windows Authentication
o
Symmetric Encryption in .Net
o
Forms Authentication
o
Asymmetric Encryption in .Net
o
Passport Authentication
o
Symmetric Decryption in .Net
o
Custom Authentication
o
Asymmetric Decryption in .Net
o
Implementing Custom Authentication
Scheme

Protecting Client and Server Data Using
Encryption

Configuring Security with Mscorcfg.msc

Cryptographic Signatures

Process Identity for ASP.NET

Impersonation


o
Write a Signature in .Net
o
Verify a Signature in .Net
o
Impersonation Sample Code
Ensuring Data Integrity with Hash Codes

Secure Communication
o
Hash Code Generation

Storing Secrets
o
Verification of Hash Code
o
Permissions
Options for
ASP.NET
Storing
o
Code Access Permissions

Securing Session and View State
o
Identity Permissions

Web Form Considerations
o
Role-Based Security Permissions

Securing Web Services

Secure Remoting
Secrets

SkipVerification

Stack Walk

Writing Secure Class Libraries

Secure Data Access

Runtime Security Policy

.NET Security Tools

Step-By-Step Configuration
Security Policies

Code Access Security Policy Tool

Creating a
Package

Type Safety

Canonicalization

Access Control List Editor

Securing User
Information
o
Security
Policy
of
Runtime
o Caspol.exe
Deployment
o Caspol.exe Parameters

Certificate Creation Tool: Makecert.exe
o
Credentials
Create a Remotable Object
and
Logon
Options in Makecert.exe

Certificate Manager Tool: Certmgr.exe

Certificate Verification Tool: Chktrust.exe

Permissions View Tool: Permview.exe

Obfuscation

PEVerify Tool: Peverify.exe

Dotfuscator: .NET Obfuscator Tool

Best Practices for .NET Security
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
in
Forgeries
Module X: Secure PHP Programming
 Introduction to PHP (Hypertext Preprocessor)
o
SQL Injection
o
PHP Security Blunders
o
Defending SQL Injection Attacks
o
Unvalidated Input Errors
o
PHP Configuration Attacks
o
Solution for Access Control Flaws
o
o
Solution for Session ID Protection
Preventing PHP Configuration
Attacks
o
Error Reporting
File System Attacks
o
o
Data Handling Errors
Defending File System Attacks
o
o
Security Sensitive PHP Functions:
File Functions
Information Gathering Attacks
o
o
PHP Injection Attacks
o
Security Sensitive PHP Functions:
ezmlm_hash
 PHP Vulnerabilities
 Secure PHP Practices
o Safe Mode
o Disable Register Globals
o Informational Vulnerabilities
o Validating Input
o Common File Name Vulnerability
o PHP Input Filter Class
o Revealed Source Code Vulnerability
 Best Practices for PHP Security
o Revealing Error Message Vulnerability
 PHP Tools
o
Sensitive Data
Vulnerability
in
o
Session File
Vulnerability
Shared
in
Web
Root
o
o
Server
o
o Sensitive Data in Globally Readable
File Vulnerability
o
Revealing
Vulnerability
HTML
o
Web
Application
Vulnerability
o
Comment
Fingerprint
o Packet Sniffing Vulnerability
Acunetix Web Vulnerability Scanner
Encryption Software: PHP Code
Lock
Zend Guard
POBS
stands
for
Obfuscator/Obscurer
PHP
Module XI: Secure PERL Programming
 Common Terminology
o Attack Vulnerabilities
 Introduction: Practical Extraction and Report
Language (PERL)
o Global Variable Vulnerability
 Security Issues in Perl Scripts
o Default Password Vulnerability
 Basic User Input Vulnerabilities
o Online Backup Vulnerability
 Overcoming Basic User Input Vulnerabilities
 Common PHP Attacks
 Insecure Environmental Variables
o
Remote Code Execution
 Algorithmic Complexity Attacks
o
Cross-Site Scripting Attack (CSS)
 Perl: Taint, Strict, and Warnings
o
Cross Site Scripting Attack: Example
o
Taint Mode
o
Cross-Site Request Forgeries
(CSRF, Sea-Surf or XSRF)
o
How Does Taint Mode Work?
o
Taint Checking
o
Workaround for Cross-Site Request
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o
Using Tainted Data
 Security of URI in XML
o
Securing the Program Using Taint
 Security of Opaque Data in XML
o
Strict Pragma
 Growth of XML as Percentage of Network
Traffic
 Setuid
 XML Web Services Security Best Practices
o Setuid Sample Code
 XML Security Tools
o Setuid: Authenticating the user
o Security bug with Setuid
 The Perl crypt() Function
 Logging Into a Secure Web Site with
Script
Perl
 Secure Log-in Checklist
o
V-Sentry
o
Vordel SOAPbox
 AJAX- Introduction

Anatomy of an AJAX Interaction (Input
Validation Example)
 AJAX: Security Issues
 Program for Secure Log-in
 How to Prevent AJAX Exploits
 Securing open() Function
 Tool: HTML Guardian ™
 Unicodes
 Tool: Sprajax- AJAX Security Scanner
 Displaying Unicode As Text
 Tool: DevInspect
Module XII: Secure XML, Web Services and AJAX
Programming
 Web Application and Web Services
 Web Application Vulnerabilities
o Coding Errors
Module XIII: Secure RPC, ActiveX and DCOM
Programming
 RPC Introduction
o RPC Authentication
o RPC Authentication Protocol
o Design Flaws
o NULL Authentication
 XML- Introduction
o UNIX Authentication
 XSLT and XPath
o
 XML Signature
o Applying XML Signatures to Security
Data Encryption Standard (DES)
Authentication

 An Enveloped, Enveloping and Detached XML
Signature Simultaneously
o Diffie-Hellman Encryption
 XML Encryption
o
The abstract
Element
<Encrypted-Type>
 Security Considerations for the XML Encryption
Syntax
 Canonicalization
 Validation Process in XML
 XML Web Services Security
o
XML-aware Network Devices
Expand Network Layer Security
www.itpro.net.vn
Data Encryption Standard
(DES) Authentication on
Server Side
o Security Methods
o
Security Support Provider Interface
(SSPI)
o Security Support Providers (SSPs)

Writing an Authenticated
SSPI Client

Writing an Authenticated
SSPI Server
o Secure RPC Protocol
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o
RpcServerRegisterAuthInfo Prevents
Unauthorized Users from Calling
your Server
Module XIV Secure Linux Programming
 Introduction
o RPC Programming Best Practices
 Is Open Source Good for Security?
o Make RPC Function Calls
 Linux – Basics



Making RPC Function Calls:
Using Binding Handles
 Linux File Structure
Making RPC Function Calls:
Choose the Type of Binding
Handles and Choose a
Protocol Sequence
 Linux Networking Commands
Use Context Handles
o Deal of RPC With Network
o Write a Secure RPC Client or Server
 ActiveX Programming: Introduction
 Basic Linux Commands
 Linux Processes
 POSIX Capabilities
o UTF-8 Security Issues
o UTF-8 Legal Values
 Advantages of Security Functionality
o Security Audit
o
Preventing Repurposing
o Communication
o
SiteLock Template
o Encryption
o
IObjectSafety Interface
o Identification and Authentication
o
Code Signing
o Security Management
o
o
How to Create Your Own Code
Signing Certificate and Sign an
ActiveX Component in Windows
Protecting ActiveX Controls
 DCOM: Introduction
 Requirements for Security Measure Assurance
o Enabling Source Address Verification
o iptables and ipchains
o Code to save the ipv6tables state
o
Security in DCOM
o Controlling Access by MAC Address
o
Application-Level Security
o Permitting SSH Access Only
o
Security by Configuration
o
Programmatic Security
o
Run As a Launching user
o
Run As a Interactive User
o Prohibiting Root Logins on Terminal
Devices
o
Run As a Specific User
o Authentication Techniques
o
Security Problem on the Internet
o Authorization Controls
o
Security on the Internet
o Running a Root Login Shell
o
Heap Overflow Vulnerability
o
o
Workarounds for Heap Overflow
Vulnerability
 Network Access Control
o
Layers of Security for Incoming
Network Connections
Protecting
Connections
Outgoing
Network
o Logging in to a Remote Host
o
Tool: DCOMbobulator
o Invoking Remote Programs
o
DCOM Security Best Practices
o Copying Remote Files
 Public-key Authentication between OpenSSH
Client and Server
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Authenticating in Cron Jobs
o Dangers in C/C++
o Protecting Files
o Sample Codes
o File Permissions
o Perl
o Shared Directory
o Perl (cont’d)
o Encrypting Files
o Ada
o Listing Keyring
o Java
o Signing Files
o Java (cont’d)
o Encrypting Directories
o Tcl
 POP/IMAP Mail Server
o Tcl Sample Code
 Testing an SSL Mail Connection
o PHP
 Securing POP/IMAP with SSL and Pine
o PHP (cont’d)
 SMTP Server
 Testing and Monitoring
o Testing Login Passwords (John the
Ripper)
 Linux Security Tools
o
Linux Application
grsecurity
Auditing
Tool:
o grsecurity Configuration
o Testing Login Passwords (CrackLib)
o Testing Search Path
o Searching Filesystems Effectively
o Finding Setuid (or Setgid) Programs
o Securing Device Special Files
o Looking for Rootkits
o Tracing Processes
o Observing Network Traffic
o Detecting Insecure Network Protocols
o Detecting Intrusions with Snort
o Log Files (syslog)
o Testing a Syslog Configuration
Module XV: Secure Linux Kernel Programming
 Introduction
 What to do after Building Kernel?
 Linux Kernel Configuration Menu
 Steps to compile a Linux Kernel
o Compiling the Kernel
Module XVI: Secure Xcode Programming
 Introduction to Xcode
 Mac OS X applications
o
Cocoa
o
Carbon
o
AppleScript
 Minimize Privileges Sample Code
o
Script Editor
 Filter Cross-Site Malicious Content on Input
o
Script Window
 Filter HTML/URIs that may be Re-Presented
o
CDSA
o Logwatch Filter
 Linux Security Best Practices
 Structure Program Internals and Approach
 Avoid Buffer Overflow
 Language−Specific Issues
o C/C++
 Secure Transport API Set and Cryptographic
Service Provider (CSP)
 Creating SSL Certificate on Mac OS X Server
o
Using SSL with the Web Server
o C/C++ (cont’d)
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o
Setting up SSL for LDAP
Labels
 Protecting Security Information
o
Step 4: Apply Policy to Tables and
Schemas
o
Step 5: Authorize Users
 Security in Mac OS X

Security
Management
Preferences
Using
System
o
Step 6: Create and Authorize
Trusted
Program
Units
(Optional)
o
Step 7: Configure Auditing (Optional)
 Authentication Methods
 Encrypted disk images
 Networking Security Standards
 Personal firewall
 Using Oracle Label Security with a Distributed
Database
 Checklist of recommended steps required to
secure Mac OS X
 Oracle Identity Management
Module XVII: Secure Oracle PL/SQL Programming
 Security Tools
 Secure Backups: Tool
 Encryption and Its Types: Obfuscation
 Introduction: PL/SQL
 Obfuscation Sample Code
 PL/SQL in Oracle Server
 Encryption Using DBMS_CRYPTO
 Security Issues in Oracle
 Advanced Security Option
o
SQL Injection
 Row Level Security
o
Defending SQL Injection Attacks
 Oracle Database Vaults: Tool
o
SQL Manipulation
 Auditing
o
Code Injection Attack
o
Auditing Methods
o
Function Call Injection Attack
o
Audit Options
o
View Audit Trail
o
Oracle Auditing Tools
o
Fine-Grained Auditing (FGA)
o
Buffer Overflow
Vulnerabilities
and
Other
o
DBMS_SQL in PL/SQL
o
Prevent DBMS_SQL in PL/SQL
 Types of Database Attacks
 SQL Unit Testing Tools: SPUnit
 Establishing Security Policies
 SQL Unit Testing Tools: TSQLUnit
 Password Management Policy
o
Password Management
Password History
 Testing PL/SQL Programs
policy:
 SQL Unit Testing Tools: utPLSQL
 Steps to Use utPLSQL
 Auditing Policy
 Oracle Policy Manager
Module XVIII: Secure SQL Server Programming
 Oracle Label Security (OLS)
 Introduction
 Create an Oracle Label Security Policy
 SQL Server Security Model
o SQL Server Security Model: Login
o
Step 1: Define the Policy
o
Step 2: Define the Components of
the Labels
 Database User
o
Step 3: Identify the Set of Valid Data
 Guest User
www.itpro.net.vn
 Steps to Create a SQL Server Login
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 Permissions
o AppDetective
 Database Engine Permissions Hierarchy
o NGSSquirrel
 Roles
o AuditPro
o Public Role
o Predefined Roles
 Fixed Server Roles
Module XIX: Secure Network Programming
 Basic Network Concepts:
 Fixed Database Roles
o Network
 User-Defined Roles
o Protocols
 Application roles
 Security Features of MS-SQL Server 2005
 SQL Server Security Vulnerabilities:
o Buffer Overflow in pwdencrypt()
o Extended Stored Procedures Contain
Buffer Overflows
 SQL Injection
o Client Server Model
 Basic Web Concepts
 Network Programming
 Benefits of Secure Network Programming
 Network Interface
 How to Secure Sockets:
o Server Program
 Prevent SQL Injection
o Client Program
 Sqlninja:
o SQL Server Injection & Takeover Tool
o Finding Target
 Data Encryption
 Built-in Encryption Capabilities
 Encryption Keys
 Encryption Hierarchy
 Transact-SQL
 Create Symmetric Key in T-SQL
 Create Asymmetric Key in T-SQL
 Certificates
 Create Certificate in T-SQL
 SQL Server Security: Administrator Checklist
 Ports
 UDP Datagram and Sockets
 Internet Address
 How to connect to secure websites
 URL Decoder
 Reading Directly from a URL
 Content Handler
 Cookie Policy
 RMI Connector
 .Net : Internet Authentication

Network
Scanning
www.securecentral.com
Tool:
ScanFi
 Network Programming Best Practices
 Database Programming Best Practices
 SQL Server Installation
o Authentication
o Authorization
Module XX: Windows Socket Programming
 Introduction
 Best Practices for Database Authorization
 Windows NT and Windows 2000 Sockets
Architecture
 Auditing and Intrusion Detection
 Socket Programming
 How to Enable Auditing
 Client-Side Socket Programming
 Database Security Auditing Tools:
www.itpro.net.vn
o The Socket Address Structure
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 The Socket Address Structure:
Code Analysis
 Initializing a Socket and Connecting
 Server-Side Socket Programming
 Creating a Server
 Winsock 2.0
 Winsock Linking Methods
 Starting a Winsock 2 API
 Accepting Connections:
o AcceptEx
 WinSock: TransmitFile and TransmitPackets
 Grabbing a Web Page Using Winsock
 Generic File – Grabbing Application
o
Binding
Shellcode:
 Socket Descriptor Reuse Shellcode
o Socket Descriptor Reuse Shellcode in
C
o Socket Descriptor Reuse Shellcode:
Sample Code
 Local Shellcode
 execve
 Executing /bin/sh
 Byte Code
 setuid Shellcode
 chroot Shellcode
o
Breaking of chroot jails in Traditional
Way
o
Breaking Out of Chroot Jails on
Linux Kernels
 Writing Client Applications
 TCP Client Application Sample Code
Clean Port
sckcode
 Writing Server Applications
 TCP Server Application Sample Code
 Windows Shellcode
 Winsock Secure Socket Extensions
 Shellcode Examples
o WSADeleteSocketPeerTargetName
 Steps to Execute Shell Code Assembly
o WSAImpersonateSocketPeer
 The Write System Call
o WSAQuerySocketSecurity
o
Linux Shellcode for “Hello, world!”
o WSARevertImpersonation
o
The Write System Call in FreeBSD
o WSASetSocketPeerTargetName
 execve Shellcode in C
o
FreeBSD execve jmp/call Style
 SOCKET_SECURITY_SETTINGS
o
FreeBSD execve Push Style
 Case Study: Using WinSock to Execute a Web
Attack
o
FreeBSD execve Push
Several Arguments
o WSASetSocketSecurity Function
Style,
 Implementation of execve on Linux
 Case Study: Using Winsock to Execute a
Remote Buffer Overflow
 Linux Push execve Shellcode
 MDACDos Application
 System Calls
o The Socket System Call
Module XXI: Writing Shellcodes
o The Bind System Call
 Introduction
o The Listen System Call
 Shellcode Development Tools
o The Accept System Call
 Remote Shellcode
o The dup2 System Calls
 Port Binding Shellcode
o The execve System Call
 FreeBSD Port Binding Shellcode
 Linux Port Binding Shellcode
 Clean Port Binding Shellcode
 Compile, Print, and Test Shellcode
®
ITPro Global 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 Reverse Connection Shellcode
 Socket Reusing Shellcode
 Linux Implementation of Socket Reusing
Shellcode
 Reusing File Descriptors
 Writing Exploits and Vulnerability Checking
Programs
o
Writing Exploits and Vulnerability
Checking Programs Sample Code
 Stack Overflow Exploits
o
Memory Organization
o setuid Root: Executing the Program
o
Stack Overflows
o setuid Root: System calls used by the
program
o
Finding Exploitable Stack Overflows
in Open-Source Software
o
Finding Exploitable Stack Overflows
in Closed-Source Software
 setuid Root
 Using ltrace utility
 Using GDB
 Assembly Implementation
 SysCall Trace
 RW Shellcode
 Encoding Shellcode
 Decoder Implementation and Analysis
 Decoder Implementation Program
 Results of Implementation Program
 OS-Spanning Shellcode
 Assembly Creation
Module XXII: Writing Exploits
 Heap Corruption Exploits
o
Doug Lea Malloc
o
Freed Dlmalloc Chunk
o
Vulnerable Program Example
o
Figures: Fake Chunk, Overwritten
Chunk
 Case Study: OpenSSL SSLv2 Malformed Client
Key Remote Buffer Overflow Vulnerability
CAN-2002-0656
 Exploitation
 Exploitation Sample Code
 The Complication
 Improving the Exploit
 Introduction
 Integer Bug Exploits
 Targeting Vulnerabilities
 Integer Wrapping
o
Remote and Local Exploits
 Program: Addition-Based Integer Wrapping
o
A Two-Stage Exploit
 Multiplication-Based Integer Wrapping
 Format String Attacks
o Example of a Vulnerable Program
 Using %n Character
 Fixing Format String Bugs
o
Case Study: xlockmore UserSupplied
Format
String
Vulnerability CVE-2000-0763
 Bypassing Size Checks
o Signed Size Check Without Integer
Wrapping
 Using the Metasploit Framework
 Determining Attack Vector
 Finding the Offset: Overwriting the Return
Address
 TCP/IP Vulnerabilities
 The First Attack String
 Race Conditions
 Overwriting EIP with a Known Pattern
o
File Race Conditions
 Selecting a Control Vector
o
Signal Race Conditions
 Finding a Return Address
 Case Study: ‘man’ Input Validation Error
www.itpro.net.vn
 Selecting the Search Method in the Metasploit
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Opcode Database
o libpcap
 Search Method in Metasploit Opcode Database
 Using the Return Address

Capturing Packets
o Packet Capturing Example
o Inserting the Return Address
o Saving Captured Packets to a File
o Verifying Return Address Reliability
o The wiretap Library
 Nop Sleds: Increasing Reliability with a Nop
Sled
o Adding a new file format to the wiretap
library
 Choosing a Payload and Encoder
o wtap Struct
o Listing Available Payloads
o Setting up a New Dissector
o Determining Payload Variables
o Programming the Dissector
o Generating the Payload
o Adding a tap Module
o msfencode Options
 Coding for Nessus
 List of Available Encoders
o
 Choosing a Payload and Encoder: msfencode
Results
o Writing Personal-Use Tools in NASL
 msfweb Payload Generation
o
 Setting msfweb Payload Options
 msfweb Generated and Encoded Payload
 Port Scanner
o Working of a Simple Port Scanner
o
Prerequisites for Writing a Port
Scanner
o Port Scanner in C++
o Port Scanner in C#
o
Building a Simple Port Scanner in
VC++
o Port Scanner in Java
o Example JavaScript Port Scanner
o Port Scanner in ASP.Net
o Port Scanner in Perl
o Port Scanner in PHP
o UDP Port Scanning in PHP
o Port Scanner in XML
 Coding for Ethereal
www.itpro.net.vn
Programming
Framework
in
the
Nessus
o Porting to and from NASL
 Integrating Exploits into Framework
Module XXIII: Programming Port Scanners and
Hacking Tools
Nessus Attack Scripting Language
(NASL)

Porting to NASL

Porting from NASL
 Extending Metasploit
o Metasploit Framework (MSF)
o msfweb Interface
o Selecting the Exploit Module
o msfconsole Interface
o Using msfconsole Interface
o Steps Involved in Executing an Exploit
under msfconsole
o msfcli Interface
o Using msfcli Interface
o Updating the MSF
 Writing Snort rules
o Writing Basic Rules
o The Rule Header
o Rule Options
o
Writing Advanced Rules: PerlCompatible Regular Expressions
(PCRE)
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o Byte_test and Byte_jump

o Optimizing Rules
Certificate Enrollment in SATSA
o
Generating a Private Key and
Certificate Signing Request in
SATSA
o
Requesting the Signed Certificate
(Verifying the CSR)
o
Storing a Certificate
Certificate Local Store
o Testing Rules
o Writing Detection Plugins
 Netcat Source Code
Module XXIV: Secure Mobile phone and PDA
Programming

into
Data Integrity with Message Digests

Mobile Phone Programming
o
Generating a Message Digest

Different OS Structure in Mobile Phone
o
Verifying a Message Digest
o

o

Symbian Operating System
Guidelines
Symbian OS
for
Securing
PalmOS
 PalmOS Vulnerabilities

 HotSync Vulnerability
 Creator ID Switching
o
Windows Mobile

Calling
Services

Security Practices for
Windows
Mobile
Programming
Secure
Authentication With Digital Signatures
o
Signing
a
byte
Array
Authentication Purposes
o
Verifying a Digital Signature using
SATSA

Comparison of Common Programming Tasks
o
Using Cipher to Encrypt Data using a
o
Using Cipher to Decrypt Data using a

PDA Programming
Security Issues in Bluetooth
o

Security
Devices
Attacks
in
Bluetooth
Bluetooth security
o
Bluetooth
Security
Management
o
PDA Security Issues
o
Tool: Bluekey
o
Security Policies for PDAs
o
Tool: BlueWatch
o
PDA Security Products
o
Tool: BlueSweep
o
PDA Security Vendors
o
Tool: Bluediving
:
Key

Java 2 Micro Edition(J2ME)
o
Tool: Smartphone Security Client

J2ME Architecture
o

J2ME Security Issues
Tool: BlueFire Mobile
Enterprise Edition
o

CLDC Security

Mobile Information Device Profile (MIDP)
o
MIDP Security

Programming the BlackBerry With J2ME

Security and Trust Services API (SATSA) for
J2ME: The Security APIs
Security
Mobile Phone Security Tips
o

for
Data Confidentiality - Using Ciphers for Data
Encryption
Web

the
Defending Cell Phones and PDAs
Against Attack
Antivirus Tools for Mobile Devices
o
F-Secure Antivirus for Palm OS
Module XXV: Secure Game Designing
®
ITPro Global 2009
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


Game Designing Introduction
Scheme
Type of Games
®

o Console Games
o Mobile Games
o

o Online Games
o Off-line Games
o Wii Games

Threats to Online Gaming

Game Authoring Tools
HACKER SAFE Technology
Guidelines for Developing
Commerce Applications
Secure
E-
Module XXVII: Software Activation, Piracy
Blocking and Automatic Updates

o The 2D Shooter Game Creator
o Multimedia Fusion
o Adventure Game Studio
o Game Maker
o FPS Creator
o Stagecast Creator
HACKER SAFE Certification

Software Activation: Introduction
o
Process of Software Activation
o
Software Activation: Advantages
o
Activation Explained
o
Online License Management Server
o
Activation Policies
o
Policy Control Parameters
Piracy
o RPG Maker XP
o
Impacts of piracy
o The Scrolling Game Development Kit
o
Piracy Blocking
o Visual3D.NET
o
Digital Right Management (DRM)
o
Software
Strategies
o
Copy protection for DVD
o
Application Framework –DVD Copy
Protection System

Game Engine

Best Practices for Secure Game Designing
Module XXVI: Securing E-Commerce Applications
Piracy
Protection

Purpose of Secure E-Commerce Application
o

E-Business Concepts: Secure Electronic
Transaction (SET)
Content Protection During Digital
Transmission
o
Watermark System Design Issues
o
Economic Costs
o
False Positives Rate
o

Working of SET
Secure Socket Layer (SSL)
o
SSL Certificates
o
Interaction with MPEG compression
o
VeriSign SSL Certificates
o
Detector Placement
o
Entrust SSL Certificates
o
Copy Generation Management

Digital Certificates
o
Tool: Crypkey

Digital Signature
o
EnTrial Key Generation
o Digital Signature Technology
o
EnTrial Distribution File
o Digital Signature Algorithm
o
EnTrial
Product
Initialization Dialog


www.itpro.net.vn
Signature

&
Package
Windows Automatic Updates
ECDSA, ElGamal Signature
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o
Options for Setting up Windows
Automatic Updates on XP
o
Automatic Updates Option on AVG
Antivirus
o
Automatic
Explorer
Updates
for
Internet
o
Automatic
Firefox
Updates
for
Mozilla

Real Time Testing
Module XXIX: Writing Secure Documentation and
Error Messages

Error Message
Module XX VIII: Secure Application Testing

Software Development Life Cycle (SDLC)

Introduction to Testing

Types of Testing
o
White Box Testing
 Types of White Box Testing
 Dynamic White-Box Testing
 Integration Test
 Regression Testing
 System Testing
o
Black Box Testing
o
Load Testing
 Strategies For Load Testing
o

Functional Testing
Testing Steps
o
Creating Test Strategy
o
Creating Test Plan
o
Creating Test Cases and Test Data
o
Executing, Bug Fixing and Retesting

Classic Testing Mistakes

User Interface Errors

What Makes a Good User Interfaces

Use Automatic Testing and Tools

Generic Code Review Checklist

Software Testing Best Practices

Testing Tools
o QEngine
o WinRunner
o LoadRunner
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
EC-COUNCIL NETWORK SECURITY ADMINISTRATOR - ENSA (v3)
Quản trị an ninh mạng của EC-COUNCIL (v3)
Tổng quan
Khóa học ENSA nhìn nhận vấn đề an ninh mạng trên quan điểm phòng vệ. Chương trình của ENSA
được thiết kế nhằm cung cấp các kỹ năng cơ bản cần thiết để phân tích các mối đe dọa về an ninh bên trong
và bên ngoài đối với một mạng máy tính, và những kỹ năng để xây dựng các chính sách an ninh nhằm bảo vệ
thông tin của tổ chức. Học viên sẽ học cách đánh giá các vấn đề có liên quan tới an ninh mạng, Internet;
phương pháp thiết kế và làm thế nào để có thể thực hiện thành công các chính sách về an ninh cũng như
chiến lược thực thi bức tường lửa. Học viên cũng sẽ học cách làm thế nào để tìm ra những điẻm yếu dễ bị tấn
công trong một hệ thống mạng và phương pháp bảo vệ.
Đối tượng
Các nhà quản trị hệ thống, Quản trị mạng và bất cứ ai quan tâm đến các công nghệ về an ninh mạng.
Thời lượng
5 ngày
Điều kiện
Khóa học này là điều kiện cần để học chương trình CEH.
Chứng chỉ
Sau khóa học, học viên sẽ được nhận chứng chỉ hoàn thành khóa học của EC-Council. Để đạt chứng chỉ quốc
tế ENSA bạn cần thi môn thi 312-38 tại các trung tâm khảo thí Prometric
 Module: Fundamentals of Network

Pre Interface based Assignment
 Key elements of network

Virtual Addresses

Nodes

Dynamic Addressing

The Network Backbone

Static Addressing

Segments

Subnets
 Logical Elements of Network

IP Addresses

Domain Name System

Domain Names

Creating a new Domain Name

Components Of DNS

IP Address Space

Domain Namensraum

Assignment of IP Address

Name servers


Resolver
Prefix Based Addressing
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


Securing DNS Services
Gateways

Data Link Layer
Working of Gateway

Network Layer

Functional Categories of Gateway
Devices

Transport Layer

Session Layer

Presentation Layer

Application Layer

Data Gateway

Multimedia Gateway

Home Control Gateway
Wired media or Bounded Network Media


Physical Layer

 Types of network media



Physical Layer

Data Link Layer
Twisted pair cable

Shielded Twisted Pair

Unshielded Twisted Pair

Coaxial cable or copper cable

Fiber-optic cable

Plenum and PVC cable
Wireless Transmission

Infrared transmission

Microwave Transmission

Satellite Transmission
 Media Access Methods

 TCP/IP Model
Multiplexed Media Access

Logical Link Control(LLC)

Media Access Control (MAC)

Network Layer

Transport Layer

Application Layer
 Transmission Modes

Simplex

Half Duplex

Full Duplex
 Types of Transmission

Serial Data Transmission

Parallel Data Transmission

TDM

Unicast Transmission

FDM

Multicast Transmission

Polling

Token-Based Media Access

Client Server networking

CSMA/CD

Peer to peer networking

CSMA/CA

Mixed Mode Networking

Contention Domains
 OSI Model
www.itpro.net.vn
 Logical Network Classification
 Network Topologies

Bus
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


Linear Bus

Network Load Balancers

Distributed Bus

Repeaters

Gateways
Star or Hub

Extended Star

Transceivers

Distributed Star

Converters

Terminals

Star-Wired ring

Ring

Mesh
 Module: Network Protocols

Tree
 Introduction to protocols

Hybrid Topology
 Implementing Network protocols
 Physical Network Classification

LAN

Introduction to TCP/IP

Configuring TCP/IP

Ethernet

Configuring Netware Links

Intranet

Managing TCP/IP

Network Classes

WAN

MAN

Internet

Class A

Class B

PAN

Class C

CAN

Class D

GAN

Class E
 Network Equipments

Terminal Emulation Protocol (TELNET) of
TCP/IP

TELNET: Vulnerabilities

Network News Transfer Protocol

Network News Transfer Protocol:
Vulnerabilities

Network Interface Cards

Access Points

Switches

Concentrators/hub

Modem

Router

Boot Strap Protocol (BOOTP)

Brouter


Bridges
Data Link Switching Client Access
Protocol(DCAP)

Adapters

Dynamic Host Configuration Protocol
(DHCP)
www.itpro.net.vn
 Application Layer Protocols
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Domain Name System(service) Protocol
(DNS)

Mobility Support Protocol for IP(Mobile
IP)

File Transfer Protocol (FTP)

Network Address Resolution Protocol

Trivial FTP

Next Hop Resolution Protocol

(FTP) and Trivial FTP: Vulnerabilities

Open Shortest Path First(OSPF) protocol

Network Time Protocol

Routing Information Protocol

Network News Transfer Protocol

Simple Network Management
Protocol(SNMP) and Its Versions

Internet Relay Chat Protocol(IRCP)

Service Location Protocol(SLP)

Hyper Text Transfer Protocol (HTTP)

Hyper Text Transfer Protocol Secure
(HTTPs)


Multicasting Protocols

Border Gateway Multicast Protocol

Distance Vector Multicast Protocol

Internet Group Management Protocol
Other Network Protocols

The NetBEUI Protocol

The IPX/SPX Protocol
 Presentation Layer Protocol

Light Weight Presentation Protocol(LWPP)
 Session Layer Protocol

Remote Procedure Call Protocol(RPC)
 Transport Layer Protocols

Service Advertisement Protocol

IPX/SPX Node Address

IPX/SPX Server Address

IPX Frame Types

NWLink Protocol

Reliable Data Protocol(RDP)

The AppleTalk Protocol

Transmission Control Protocol(TCP)


User Datagram Protocol(UDP)
Remote Authentication Dial-in User
Service(RADIUS)

TCP, UDP: Attacks and Countermeasures
 Network Layer Protocols

 Data link Layer Protocol

Address Resolution Protocol(ARP)

Routing Protocols
Vulnerabilities and Security Measures

Network Address Resolution Protocol
(NARP)
Exterior Gateway Protocol(EGP)

Reverse Address Resolution Protocol(RARP)

Internet Protocol and its versions

Serial Line Protocol (SLP)

Internet Control Message
Protocol(ICMP) &V6

High Level Data Link Control (HDLC)
Protocol

The Internet Group Management
Protocol (IGMP)

Point-to-Point Protocol (PPP)

ICMP Router Discovery Protocol(IRDP)

Border Gateway Protocol(BGP)

www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 Module: Protocol Analysis

Send
 Overview of TCP/IP

Receive

Streams

Close

Reliable delivery

Status

Network adaption

Abort

Flow control

TCP/lower -level Interface
 Relation to other Protocol

TCP/lower –level Commands
 Tcp/ip Protocol suite

Open call

Physical And Data link Layer

Listen state

Network Layer

Send Call

Transport layer

Receive Call

Application Layer

Close Call

Abort Call

Status call
 TCP


Tcp header format

Source port

Destination port

Sequence Number

Acknowledgement Number


Algoritms in TCP

Appropriate byte Counting(ABC)

Additive Increase Multiplicative
Decrease(AIMD)
Data offset

Selective Acknowledgement(SACK)

Reserved

TCP Friendly Rate Control(TFRC)

Control Bits

TCP Checksum Calculation

Window

Performance Estimation in TCP

Checksum

Urgent Pointer

Options

Packet Replication

Data

Checksum Error
TCP Interface

Out of order data delivery
User/TCP Interface

Bottleneck Bandwidth


Packet Loss



User /TCP Commands

Open
www.itpro.net.vn
Round Trip Time Estimation
Problems related to TCP
 IP
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Overview of IP

IP Header Format

Modes in ESP

Tunnel modes

Transport mode

Version

IHL

IPv6

Type of Service

IPv6 Header

Preceedence

Version

Delay

Priority

Throughput

Flowlabel

Reliablity

Payload Length

Total Length

Next Header

Identification

Hop limit

Flags

Source Address

Fragment Offset

Destination address

Time to live

IPv6 Specification

Protocol

Addressing

Header Checksum

Packet Tunneling

Source Address/ Destination Address

Multicast

Options

Hop by Hop option

Data

IP Addressing

IP datagram
 5.12.
 Module: IEEE standards

Maximum Transmission Unit
 Introduction to IEEE standards

Fragmentation
 IEEE LAN Protocol Specification

Encapsulation

802-Overview And Architecture

Formatting

802.1-Briding And Management

Reassembly

802.2-Logical Link Control(LLC)

Delivery

802.3-CSMA/CD(Ethernet)

Routing

802.4-Token Passing Bus

Multicasting

802.5-Token Passing Ring

Encapsulating Security Payload

802.6-DQDB Access Method
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

802.7-Broad Band LAN
 Security awareness

802.10-Security
 Functions of Network security administrator

802.11-Wireless LAN(WLAN)

Develop, Maintain and implement IT security

802.12-Demand Priority Access

Maintain and implement firewalls

802.15-Wireless Personal Area Networks
(WPAN)

Monitor and secure network and servers

Monitor critical system files

802.16-Broad Band Wireless MAN (WMAN)

Backup the files

802.17-Resilliant Packet Ring Work Group
 Wireless Networking Standards

IEEE Standards

802.1X

802.11 Architecture

802.11 Standards (Wi-Fi Standard)

802.11a

802.11b

802.11e

802.11g

802.11h

802.11i standards

802.11n
 Module: Security Standards
Organizations
 Internet Corporation for Assigned Names and
Numbers (ICANN)
 International Organization for Standardization
(ISO)
 Consultative Committee For Telephone and
Telegraphy(CCITT)
 International Telecommunication Union(ITU)
 American National Standards Institute(ANSI)
 Institute Of Electronics and Electrical
Engineers(IEEE)
 Electronic Industries Association
 National Center for Standards and Certification
Information (NIST)
 World Wide Web Consortium (W3C)

802.15

802.16

Wi-MAX
 Module: Security Standards

ETSI Standards
 Introduction to Standards

HIPERLAN
 Introduction to Internet Standards

HIPERMAN
 Standards Creation Committee
 Internet Standards
 Module: Network Security

RFC Evolution
 Overview of Network Security

Types and Submissions
 The need for network security

Obtaining RFCs
 The goals of network security
www.itpro.net.vn
 Cabling Standards
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

EIA/TIA -568
 Configuration of security policy

UTP Categories
 Implementation of security policy

Cable Specifications
 Incident Handling and Escalation Procedures

Electronic Industries Association
 Security operations and life cycle management
 Specification Standards
 Securing Assets
 Defining Responses to Security Violations
 Module: Security Policy
 Presenting and Reviewing the Process
 Security Policy overview
 Compliance with Law and Policy
 Concept Of Security Policy

Intellectual Property
 Key Security Elements

Legal Issues
 Security Awareness Programs

Describing the Electronic Communications
Privacy Act

Trainings

Meetings
 Goals of security Policies
 Transborder encryption issues
 Points To Remember While Writing Security
Policy
 Vital role of a security policy
 Classification of Security policy

User policies

Password Management policy
 Module: Hardening Physical Security
 Need for physical security
 Security Stastics

IT policies
 Physical Security Breach Incidents

General Policies
 Who is Accountable for Physical Security?

Partner Policies
 Factors Affecting Physical Security

Types of Security Policies: Issues Specific
Policies
 Physical Security Threats
 Policy design

 Contents of Security Policy
 Privacy and Confidentiality
 Security levels

Separation of duties, dual controls, job
rotation

Environmental threats

Floods

Fire

Earthquakes
Man Made threats

Terrorism
 Security organization and policy development

Wars
 Security policy features

Bombs
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Laptop Security Countermeasures
 Prevention & Detection of physical hazards

Laptop Security Tools
 Premises Security

Laptop Tracker - XTool Computer
Tracker

Tools to Locate Stolen Laptops


Dumpster Diving
Office Security

Reception Area

Authenticating individuals


Personal Access Control

Smart Cards

Proximity Control
Biometrics

Process of Biometrics

Accuracy of Biometrics

Applications of Biometrics

Fingerprint Verification

Hand Geometry

Voice Recognition

Retina Scanning

Iris Scanning


Panasonic
Authentication
Securing Network Devices

Server Security

Securing Backup devices

Physical Access to the Boot CDROM and Floppy Drives

Other equipment, such as fax, and
removable media

CCT (Close Circuit Televisions/Cameras)

Parking Area
 EPS (Electronic Physical Security)
 Challenges in Ensuring Physical Security
 Countermeasures

Fencing

Security force

Watch Dogs

Locks and Keys

Facial Recognition

Physical Security: Lock Down USB Ports

Biometric Signatures

Tool: DeviceLock

Further Biometrics technology

Blocking the Use of USB Storage Devices

Techniques for Compromising
Biometrics

Track Stick GPS Tracking Device

USB Tokens

TEMPEST

Fire Safety: Fire Suppression, Gaseous
Emission Systems
Workplace security


Controlling system access: Desktop
security

Workstation security

Laptop Theft: Security Statistics

Laptop Theft
www.itpro.net.vn

Fire Safety: Fire Detection

Failures of Supporting Utilities: Heating
Ventilation, Air Condition
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


Failures of Supporting Utilities: Power
Management and Conditioning
Trojan

Virus
Uninterruptible Power Supplies
 Mantrap


Mantrap: Diagrammatical Representation
 Physical Security Checklist
 Module: Network Security Threats
 Current Statistics

IRC bot

Worms

Logic Bombs

Eavesdropping

Phishing
 Attacks

Smurfing
 Defining Terms: Vulnerability, Threats, and
Attacks

Man-in-the-Middle Attacks
 Types of Attackers

Denial of service
 Classification of Hackers

DDoS
 Techniques

Buffer Overflow

Spamming

Zero Day Attacks

Revealing hidden passwords

Jamming

War Dialing

Password Attacks

War Diving

War Chalking

Spoofing

War Flying

Session Hijacking

Wire Tapping

Web Page Defacement

Scanning

Recording Key Strokes


Brute Force Password Attacks

Port Scanning

Cracking Encrypted Passwords

Network Scanning

Revealing Hidden Password

Vulnerability Scanning
Sniffing
 5.9.2. Passive Sniffing
 Hiding Evidence of an Attack
 Problems Detecting Network Attacks
 Network Scanning Tools:

Network Reconnaissance

The Netstat Tool

Social Engineering

Nmap
 Common Vulnerabilities and Exposures (CVE)

NetscanTool
 Threats

Superscan
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

hping
 Module: Intrusion Detection System (IDS)
and Intrusion Prevention Systems (IPS)
 Introduction to IDS
 History of Intrusion Detection
 Intrusion Detection Concepts

Architecture

Monitoring Strategies

Analysis type

Timing

Goal of detection

Control Issues


Selecting an IDS

Deploying an IDS

Maintaining an IDS

Malformed Packet

Packet Flooding
Tool: Arpwatch (in Linux)

Tool: Psad(in Linux)

Tool: ippl(in Linux)
Host Based IDS
 Types of IDS

Password Download

 Aggregate Analysis with IDS


Tool: Bro
 Importance of IDS

Denial of Service



Network based IDS

Tool: NetRanger
 Characteristics of IDS

Data Resource Theft


 IDS for an Organization

HIDS Architecture

Centralized Host Based

Distributed Real Time Host Based
Operational Concept

Tip Off

Surveillance

Damage Assessment

Compliance
Host Based Detection
NIDS Architecture

Abuse of Privilege Attack Scenarios

Traditional Sensor-Based

Critical data Access and Modification

Distributed Network Node

Changes in Security Configuration
Operational Concept

Tool: Host sentry

Tip off

Tool: KFSensor

Surveillance

Tool: LIDS

Forensic Workbench

Tool: SNARE

Tool: Tiger(in Linux)
Network-Based Detection

Unauthorized Access
www.itpro.net.vn

Host Based IDS Vs Network Based IDS

The Hybrid IDS Framework
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


Prelude IDS
 Intrusion Prevention System

Components

Intrusion Prevention Strategies

Interaction between Prelude
components

IPS Deployment Risks

Flexible response with Snort

Relaying

Reverse Relaying

Tool: Libasfe
Distributed IDS

Introduction and Advantages

Components

Protocol Intrusion Detection System

Network Behavior Analysis (NBA)

Unified Thread Management
 Deployment of IDS
 Types of Signatures

Network signatures

Host based signatures

Compound Signatures
 True/False-Positive/Negative
 Major Methods of Operation

Signature Based Detection

Anomaly Based Detection
 IDS Tool

Snort

BlackICE

M-ICE

Secure4Audit (auditGUARD)

Emerald

Nides

SECUREHOST

GFI EventsManager
www.itpro.net.vn


Snort Inline Patch
Controlling your Border
 Information Flow in IDS and IPS

Raw Packet Capture

Filtering

Packet Decoding

Storage

Fragment Reassembly

Stream Reassembly

Stateful Inspection of TCP Sessions

Firewalling
 IPS Tool

Sentivist

StoneGate IPS

McAfee
 IDS Vs IPS
 Module: Firewalls
 Firewalls: Introduction
 Security features

Securing individual users

Perimeter security for networks
 Multiple components of Firewall
 Firewall Operations
 Software Firewall
 Hardware Firewall
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 Types of Firewalls

Multi firewall DMZ

Packet Filtering Firewall

Two firewalls, One DMZ

IP Packet Filtering Firewall

Two firewalls, Two DMZ

TCP Packet Filtering Firewall

Screening Router

Circuit-Level Gateway

Dual homed host

Application Level Firewalls
 Specialty firewalls and Reverse firewalls

Application Packet Filtering Firewall
 Advantages of using Firewalls

Stateful Multilayer Inspection Firewall
 Disadvantages of using Firewalls

Network Level Firewalls
 Threats
 Pix Firewall

Firewalking
 Basic features of PIX firewal

Banner Grabbing
 ADvanced Features of PIX firewall

Placing Backdoors Through Firewalls
 Firewall Features
 Limitations of Firewalls
 Establishing Rules and Restrictions for your
Firewall
 Personal Firewall Software
 Firewall Configuration Strategies
 Scalability
 Productivity
 Firewall Architecture

Dual-Homed Host Architecture

Screened Host Architecture

Screened Subnet Architecture
 Handling threats and security tasks
 Protection against hacking
 Centralization and Documentation
 Multi-layer firewall protection
 Firewall deployment strategies

Screened Host

Two router with one firewall

Introduction to Demilitarized Zone(DMZ)

DMZ screened subnet
www.itpro.net.vn

ZoneAlarm Pro

PC-Cillin

Norton Personal Firewall

McAfee Personal Firewall

Windows Personal Firewall
 Personal Firewall Hardware

Linksys and Netgear

SonicWall and Watchguard

Cisco’s PIX

Netscreen
 Firewall Log Analysis

Firewall Analyzer

Firewall Logs

Automatic Firewall Detection

Firewall Log Import

Firewall Log Archiving
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


Firewall Tools
Abnormal Traffic Signatures

Firewall Builder

IP Header

Fwanalog

Configuring

Wflogs

Types of Filtering
 Comparison of Various Firewall Products

Stateful Packet Filtering
 T-REX Open Source Firewall

Stateless Packet Filtering
 SQUID

Dynamic Packet Filtering
 WinGate

 Symantec Enterprise Firewall
Filtering rules

Packet Filter Rules That Cover
Multiple Variations

Packet Filter Rules That Cover ICMP

Packet Filter Rules That Block Ping
Packets

Packet Filter Rules That Enable Web
Access

Packet Filter Rules That Enable DNS

Packet Filter Rules That Enable FTP

Packet Filter Rules That Enable EMail
 Firewall Testers

Firewalk

FTester

Firewall Leak Tester
 Module: Packet Filtering and Proxy
Servers
 Application layer gateway

Network Address Translation

Packet Filtering

Advantages/Disadvantages of filtering

Approaches

Flags used

Architecture

Packet Sequencing and Prioritization

Urgent Flag

Packet cataloging

Ack Flag

Packet Fragmentation

Push Flag

Analyzing Packet Fragmentation

Reset Flag

Analyzing Packet Signatures

Syn flag

Signature Analysis

Fin Flag

Common Vulnerabilities and
Exposure

Signatures

Normal Traffic Signatures
www.itpro.net.vn


TCP
UDP

Control Flag
 Proxy servers
Tel: (84-4) 37875728 – Fax: (84-4) 37875729




Role of Proxy Server

Processor Speed

Selecting the OS

Routed Environment

Network Environment

Configuring Bastion Host

Blocking URLs and unblocking URLs

Locating Bastion Host
Proxy Control

Physical Location

Transparent Proxies

Network Location

Non-transparent Proxies

Configuring Bastion Host

Socks Proxy

Making the Host Defend Itself
Authentication Process

Securing the Machine Itself

Authentication Configuration

Making the Host Defend Itself

Types of Authentication

Selecting Services to be Provided
Firewall

Firewalls Based on Proxy


Special Considerations for UNIX System

Special Considerations for Windows
System
Application Proxy firewall

Installation & configuration

Administration and management of Proxy
servers

Disabling Accounts

Disabling Unnecessary Services

Limiting Ports

Security and access control

Handling Backups

Reorganizing the Single-Point-of-Failure
(SPOF)

Role of Bastion host

Reverse Proxies

Bastion Host security policy

How Proxy Servers Differ From Packet
Filters

Performance enhancement, monitoring, and
troubleshooting
 Honeypot

History of Honeypot

Value of Honeypot

Types of Honeypots
 Module: Bastion Host and Honeypots
 Bastion Hosts

Principles

Need of Bastion host

Building a Bastion Host


Selecting the Host Machine

Memory Considerations
www.itpro.net.vn


Production

Research
Classifying Honeypots by Interaction

Low-Interaction Honeypots

Medium-Interaction Honeypots

High-Interaction Honeypots
Examples of Honeypots
Tel: (84-4) 37875728 – Fax: (84-4) 37875729





Backofficer Friendly

Specter

Honeyd

Homemade

Mantrap

Optical Modems

Honeynet

Short Haul Modems
Use of Honeypot

Smart Modem

Advantages and Disadvantages of
Internal Direct Modem
External Direct Connect Modem

External Direct Modem

Preventing Attacks

Controller Less Modem

Detecting Attacks

Acoustic Modem

Responding to attacks

Homemade Honeypot

Port Monitoring Honeypots

Jailed Environment

Mantrap

acoustic modem
Null modems
 Modem Security

Advantages and Disadvantages of Honey pot
 Honeynet
Additional Security to modems

Password modems

Callback modems

Architecture of Honeynet

Encrypting modems

Types of Honeynet

Caller-ID and ANI schemes


Distributed Honeynet

GEN I Honeynet

Gen II Honeynet

Virtual Honeynet
Legal Issues related

Modem Security should be a priority for
the telephony managers

SecureLogix provides Solutions for
Modems Security

Make modem Security simple with robust
Management Tool
 Categorizing Modem Access
 Module: Securing Modems

Dial out Access
 Introduction to Modems

Dial In Access
 Origin of Modems
 Modem Attacks
 Modem Features

Spoofing Attacks
 Types of Modems

Call Forwarding Attacks

War Dialing

Hardware Modems

Internal Direct Connect Modem
www.itpro.net.vn
 Modem Risks
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Virtualization Engine

War Dialers

Packet Sniffing

Troubleshooting BR350 (Bridge)
 Modem Failure Symptoms

Diagnosing Repeater and Gateway Problems

Troubleshooting Hubs and Switches

Troubleshooting cable modem

Troubleshooting DSL or LAN Internet
Connection

Troubleshooting a Universal Serial Bus
Device

Troubleshooting IEEE 1394 Bus Devices




Modem Firmware Failure

Random modem Lock ups due to bug in
firmware

Newer Firmware upgrades reduced the
number of such lockups
Primary Modem Failure

No Longer drops all modems

Just the one Modem is lost
Reasons for modem Connection Failure
 Troubleshooting Network Slowdowns

NetBios Conflicts

Modem Incompabilities

IP Conflicts

Buggy Modem Firmware

Bad NICs

Bad Phone line

DNS Errors

Misconfigured Modems or
communication software

Insufficient Bandwidth

Excessive Network Based Application

Temporary Modem Failures

Daisy Chaining

Spyware Infestation
Some Common Failures

Modem Not Responding

Modem Damaged

Modem Not Compatible

System Crashes
 Troubleshooting Modems

External Modems

Internal Modems
 Module: Troubleshooting Network
 Introduction to troubleshooting
 Troubleshooting Network devices

Windows PC Network Interface Card

Troubleshooting Cisco Aironet Bridge

Troubleshooting bridges using the
www.itpro.net.vn
 Troubleshooting Wireless devices

Checking the Led Indicators

Checking Basic setting

SSID

WEP Keys

Security Setting
 A Troubleshooting Methodology

Overview of Troubleshooting

Troubleshooting Strategies

Recognizing Symptoms

Understanding The Problem

System Monitoring Tools
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Network Monitor

Troubleshooting Physical Problems

Performance Monitors

Troubleshooting Link Status

Protocol Analyzer

Physical Troubleshooting Tools

The Protocol Analysis Process

Troubleshooting the Topology

Testing the Cause of the problem

Troubleshooting the Fault Domain

Solving Problem

Tracing connectivity

Device Manager

Troubleshooting Network Communication

ipconfig
Performance Measurement Tool

Identifying Communication Problems

Host Monitoring Tool

Using Ping and Traceroute

Point Monitoring tool

Exploring Network Communications

Network Monitoring Tool

Find Path Information

Access point Interface

Identify Communication Capabilities

Load balancing




Troubleshooting with IP Configuration
Utilities

Troubleshooting with Ping

Troubleshooting with Tracert
Configuration Best Practices for
windows 2000,windows Server

Troubleshooting with Arp

General consideration

Troubleshooting with Telnet

Security ad Manageability

Troubleshooting with Nbstat

High Availability

Troubleshooting with Netstat
Troubleshooting Network Load
Balancing

Troubleshooting with FTP

Troubleshooting with Nslookup
Problems and Solutions

Troubleshooting NTP

Network adapter is unplugged

Network adapter has limited or no
connectivity
Network adapter is connected, but
you can't reach the Internet
Troubleshooting Connectivity

 TCP/IP Troubleshooting Utilities

How to isolate networking problems
(Windows XP): Network Adapter



Causes for connectivity Problem
www.itpro.net.vn
 Troubleshooting Tools

Hardware-Based Troubleshooting Tools

Network Technician’s Hand Tools

The POST Card

Memory Testers

Electrical Safety Rules

Wire Crimpers

Punch Down Tools
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Circuit Testers

Internal configuration sources

Voltmeters

Router Initiation

Cable Testers

Loading the configuration files

Crossover Cables

Configuring from the TFTP Server

Hardware Loopback Plugs

The Setup Configuration Mode

LED Indicator Lights

CLI configuration mode

Tone Generators
 Router Configuration Modes

Global Configuration mode
 Module: Hardening Routers

Interface Configuration mode
 Introduction to Routers

Line Configuration Mode
 Routing Metrics

Privilege EXEC mode
 Multiple Routing

ROM Monitor mode
 Types of Routers

User EXEC Mode
 Routing Algorithms
 Finger Tool
 Internet work Operating Systems (IOS)
 Disabling the auxiliary and closing extra
interfaces
 IOS: FEATURES
 Routing Principles

The ARP Process

LAN – to- LAN Routing Process

LAN –to- WAN Routing Process
 Modes Of Operation

User Mode

Enable Mode

Global Configuration MODE
 BOOTp service
 TCP and UDP small servers
 Disabling Proxy ARP
 Disabling SNMP
 Disabling NTP
 Hardening a Router

 IP Routing

Configuring IP and IP routing

Configuring RIP
 IP Source Routing
 Configuration of Routers

External configuration sources
www.itpro.net.vn
Configuring a banner

Passwords and secrets

Encrypting passwords

Creating end user accounts

Setting session time-out periods
 Cisco Discovery Protocol

Configuring CDP

Logging Concept

Log Priority
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


Configuring Logging

Timestamping
Cisco Logging Options

Console Logging

Buffered Logging

Terminal Logging

Syslog Logging

SNMP Logging
 Filtering Network Traffic
 Access Control List

Reviewing IP Traffic and Configuring static
Routers
 Types of Routing

Distance Vector Routing

Link State Routing
 Routing Protocols

Routing Information Protocol (RIP)

Interior Gateway Routing Protocol (IGRP)

Enhanced Interior Gateway Routing Protocol
(EIGRP)

Open Shortest Path First (OSPF)

Border Gateway Protocol (BGP)

Basics of ACL

Creating Access Control List
 Routing Table Maintenance Protocol (RTMP)

ACl Types
 Troubleshooting a router

Monitoring ACL

Troubleshooting tools

Implementing ACL


Securing Routers: ACL
Troubleshooting with network management
tools

Troubleshooting IP Connectivity in Routers

Troubleshooting PPP

Troubleshooting Frame Relay

Troubleshooting X.25

Troubleshooting ISDN
 Log System Error Messages
 Securing Routers: Committed Access Rate
 Securing Routers: Secure Shell

Authentication methods

Configuring SSH

Default Locations of Secure Shell Files

Generating the Host Key

Ciphers and MAC’s

Compression

Configuring Root Logins

Restricting User Logins
 Router Commands

Configuring Router Interface setting

Managing Router Configuration
 Components of router security
 Router security: testing tools
 Module: Hardening Operating Systems
 BIOS security
 Windows Registry

Registry Editor

Rootkit Revealer
 Configuring Windows Services

®
ITPro Global 2009
www.itpro.net.vn
E-mail Services
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Regional settings

Update System

Virtual Servers

Antivirus

Share Point Portal Server

Anti Spyware

Antivirus Protection

Anti Spam
 Process
 Resource Access
 Windows

Windows Server 2003

Managing Access control

Windows 2003 Infrastructure Security

Resource Access Privileges

Windows 2003 Authentication

Access Lists

Windows 2003 Security Configuration
Tools

Windows 2003 Resource Security

Windows 2003 Auditing and Logging

Windows 2003 EFS

Windows 2003 Network Security
 Discretionary Access Control List (DACL)
 Privileges
 Objects And Permissions
 Rights Vs Permissions
 NTFS File System Permissions
 Encryption File System
 Windows Network Security

Computer Management

File Management

Security Configuration And Analysis Tool

Firewalls
 Windows infrastructure features

Active Directory

Group Policy

Share Security

Dynamic DNS updates
 Kerberos Authentication And Domain Security
 Trust Relationships Between Domains
 IP Security

 Windows Certificate Authorities
 Certificate Authority Requirements

Major Functions of a CA Hierarchy

Certificate Standard and Format

Implement Microsoft Certificate Authorities

Implement a Microsoft Enterprise Root CA
 Desktop Management

Troubleshoot User Logons

Troubleshoot User Configuration

Troubleshoot System performance
 File Management

Troubleshooting Access to Files And Folders

Troubleshooting Access to Shared Files And
Folders

Troubleshooting Access to Offline Files and
Folders
Problems With IP Security
 Windows Security Tools
 Security Issues

www.itpro.net.vn
Troubleshooting User Account Control
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Troubleshooting Windows Firewall

Introduction to Linux Certificate Authorities

Troubleshooting Windows Defender and
Locators

Certificate Authorities for Linux

Preparing to Install a CA

Open LDAP

Using CATool
 Linux

User and File system Security Administration




Security

Data Security

Network Security
OS Security Measures

Linux Update Agent

Configuring Unix Services
User Management

etc/password fields

etc/shadow fields
Account Security

Password Security

Shadow Password
 Pluggable Authentication Module

Configuring PAM

Pam Configuration Files

PAM Framework

Security With PAM
 Network Information Services
 Group Management Utilities
 Network File System
 Permission Management Tools
 System Logger Utility
 Unix Security

UNIX Security Checklist v2.0

Guest Account

User Account

etc/password fields

Using Kerberos Authentication

etc/shadow fields

Rendezvous Security

etc/gshadow

etc/group
 Macintosh Security


Enterprise Security
Application Security

Restricting User Capabilities

Command Line administration Tools

File System and Navigation

File And Directory Permissions
 Module: Patch Management

 Introduction
Default Directories

Network Interface configuration
 The Patch Concept

Security Scripting
 Patch Sources

Useful Linux Security Tools
 Patch testing
 Linux Certificate Authorities
www.itpro.net.vn
 Patch Monitoring and Management
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Create a Change Process

Monitor the Patch Process
 Consolidating Patches on Red hat Network
version
 Patch Management Tool

Selecting a Tool

Configuring the Proxy Server

Learning Curve

Configuring the Proxy Client

Platform Support

System targeting

Ease of Use

Connection Sensitivity
 Red Hat Up2date Patch Management Utility
Installation Steps
 Red Hat Up2date Patch Management: Command
Line Interface

Security Patch Compliance

Deployment Schedule

Distribution

Cost

Discovery and zero-touch inventory

Client Adoption

Microsoft Baseline Security Analyzer

Troubleshoot Security Patch Management

Qchain

Reporting

BES Patch Management

Shavlik HFNetChkPro 5

 Patch Management Process
Patch Management Tools

Identification

PatchLink Update

Assessment Phase

SecureCentral™ PatchQuest

Inventory

Base Lining
 Module: Log Analysis

Phase
 Introduction to Log Analysis

Obtainment
 Overview of log analysis

Testing
 Audit Events

Deploy Phase
 Log Types


Deployment Preparation

Content

Deployment of the Patch

Source

Format
Confirmation
 Windows Update Services
 Microsoft Patch Management Tool: Microsoft
Baseline Security Analyzer

MBSA: Scanning Updates in GUI Mode

MBSA: Scanning Updates in Command-line
www.itpro.net.vn
 Log Files

Access_log


Variables of Access_log
Analysis of logs
Tel: (84-4) 37875728 – Fax: (84-4) 37875729




access_log


IIS Logs

Domain type
 Limitations of log files

Hours
 System Log Aggregation, Statistics And Analysis

Hits

Introduction To Syslog

Threading

Estimating log quantities and log system
requirements

Back-hauling your logs

Building a central loghost

Parsing and normalizing

Bayesian spam filters for logging

Storage and rotation

Entrance

Exit

Clock Analysis

Download Time
agent log

Browser

Databases and logs

Version

Graphing log data

Operating System

Alerting

Legalities of logs as evidence
error_log

Error 404

Stopped Transmission

Secure Audit Logging

Cross Reference

Setting Up Remote Logging
refer log

Linux Process Tracking


Windows Logging
Referral



 Overview of logging
Missing Links
TCPDump logs
Web Server Log Analysis

Logging on Windows loghosts

NTsyslog

Remote Logging in Windows

Analog

Application Logging

Mach5 FastStat Analyzer

Extended Logging

Web Trends

Firewall Logging

Happy Log

Net Merit

Importance of Time Synchronization

Click Tracks

Passive Detection Methods

Word Tracker
Apache Logs
www.itpro.net.vn
 Monitoring for Intrusion and Security Event

EventCombMT

Event Collection
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Scripting
 Investigating Log Files

Watchlog

LogDog
Log File Rotation Tools

Log file Codes

Log File Information

LogController

Log Messages

Newsyslog

Spinlogs

 Importance of log review

Optimizing system and network Performance

Trimlog

Identifying security incidents, policy
violations, fraudulent activities, and
operational problems

System Log Rotation Service(SLRS)

Bzip2
 How to Secure Logs(Log Security)

Performing audits and forensic analyses

Supporting internal investigations

Limit Access To Log Files

Establishing baselines

Avoid Recording Unneeded Sensitive data

Identifying operational trends and long-term
problems

Protect Archived Log Files

Secure The Processes That Generate the
Log Entries

Configure each log source to behave
appropriately when logging errors occur

Implement secure mechanisms for
transporting log data from the system to the
centralized log management servers
 Log Analysis Tools

UserLock

WSTOOl

Auditing tools


ASDIC

Tenshi

SpoofMAC

Gentle MAC PRO

Log Manager
Generic Log Parsing Tools

LogSentry

SL2

Flog

Simple Log Clustering Tool(SLCT)

xlogmaster

GeekTool (mac O.S)

Dumpel.exe (Windows O.S)
www.itpro.net.vn
 Module: Application Security
 Importance of Application Security
 Why Is Web Security So Difficult?
 Application Threats and Counter Measures
 Web Applications

Managing Users

Managing Sessions

Cookies

What is in a Cookie

Working of a Cookie

Persistent Vs Non-Persistent
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


Secure Vs Non-Secure
 Common Threats On Web
Session Tokens

Identity theft

Session Tokens

Spam Mail

Authentication Tokens

Distributed Denial of Service(DDoS)

Encrypting Private Data

Reflection Dos Attack

Event Logging

Parasitic Malware

What to Log

Bots

Log Management

Cross Site Request Forgery

Session Hijacking
 Embedded Application Security (EMBASSY)

TCP/IP security Technology

Smurf attack

IPSec And SSL Security

FTP bounce

IPSec And SSL Security In Embedded
Systems

RSS/Atomic Injection

DNS Attack

Network Security For Embedded
Applications

Content Spoofing

Embedded Network Security Hardware
Instructions

Logical Attacks

Buffer Overflow

IP and Routing Protocol Spoofing
 Secure Coding


Common Errors

Buffer Overflow

Format String Vulnerabilities

Authentication

Authorization

Cryptography
Best Practices For Secure Coding

Distrust User Input

Input Validation

Magic Switches

Malicious Code Detection
 Module: Web Security
 Identifying Unauthorized Devices
 Restrictive Access
 Network Addresses

Altering the Network Addresses
 Tracking the Connectivity: Tracert/Traceroute
 Testing the Traffic Filtering Devices
 Installing and Protecting IIS
 Client Authorization

Certificate Authorities
 Client-Side Data
 Client Authentication

User’s Approach

Authentication Techniques
 Overview of Web Security
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 Input Data Validation

Image

 Browsing Analysis
 Browser Security
IPIX

VRML

Mozilla Browser

Audio

Internet Explorer

Multimedia




Security Setting of Internet Explorer

Shockwave

Configuring Security Zone

Real Player

Setting up the Internet Zone

Shockwave Flash

Setting up the Intranet Zone

Quick Time

Setting up Trusted and Restricted
Sites Zone

Working with domain Name suffixes

Selecting Custom level Settings

Miscellaneous Options

User Authentication
Browser hijacking

Preventing

Restoring

Tools:

Stringer

Download Cwshredder

Microsoft Anti Spyware software


Browser Behavior Analysis

Benefits of Behavior Analysis
Browser Security Settings

Dynamic Code

Securing Application Code
Netscape/IE Plug-Ins
www.itpro.net.vn
Util

Net Zip Plug-in

Asgard Plug-in Wizard

Neptune
Others


Browser Analysis
 Plug-ins


Java Plug-in
Mozilla Firefox Plug-ins

Acrobat Reader

Adobe Flash Player

Java

Quick Time

RealPlayer

Shockwave

Windows Media player

The Validate HTML Plug-ins

Accessibility Analyzer

Validate Sites HTML

Wayback Versions

Validate P3P

View In

BugMe Not
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Webpage Speed Report

Field names and values

Validate Links (W3C)

Address list

Open Text

Recipients and Senders

Validate RSS

Response targets and threading

Validate CSS
 E-Mail Servers

Validate HTML
 Testing the Email Server
 Common Gateway Interface(CGI)


CGI Script
 E-Mail Encryption

Centurion mail

CGI Mechanism

Kerberos

Web Servers

Hush Mail

Mechanisms and Variables

Pretty good privacy

Third part CGI Scripts

Secure Hive

Server Side Includes
CGI operation
 Installing WorkgroupMail
 Configuring Outlook Express

Responding To the Client
 Secure Email

Using the Client to call a CGI application
 Certificate Revocation
 E-mail Authentication
 Module: E-mail Security

Mail Transfer
 Overview of E-mail

Authenticating Sender
 History of E-mail
 Basics of E-Mail
 Types of E-Mail
 Web Based Versus POP3 E-mail
 E-mail protocols// inc all protocols

Multipurpose Internet Mail Extensions(MIME)
/Secure MIME

Pragmatic General Protocol(PGP)

Simple Mail Transfer Protocol(SMTP)
 Components of an Email

Headers

Working of an E-Mail header

Examining an E-Mail header

Reading E-Mail headers

Opening Attachments

Reading E-Mails for different clients
www.itpro.net.vn

SMTP: Vulnerabilities

Post Office Protocol(POP) and its POP3

Internet Message Access Protocol(IMAP)
 Client and server architecture
 E-Mail Security Risks

Spoofed Addresses

Spam
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Smart Cards

Hoaxes

Phishing
 VeriSign Authentication

Snarfing
 Evolution of Encryption

Malware

Introduction to Encryption

E-Mail spoofing

Encryption Systems

E-Mail viruses

Firewalls Implementing Encryption

Gateway virus scanners

Lack of Encryption

Outlook Viruses

Cost of encryption

E-mail Attachment Security

Preserving data integrity

E-Mail Spamming

Maintaining confidentiality



Protecting against spam

Authentication and Identification

Spam filters

Authenticity of N/W clients

Key Based Encryption Systems
E-Mail Bombing, Chain letters
 How to defend against E-Mail security risks

Symmetric Key

Quarantining Suspicious Email

Public Key

Vulnerability check on Email System

Public Key: SSL
 Tools for E-mail Security

ClipSecure

CryptoAnywhere

BCArchive

CryptainerLE

GfiMailEssentials

SpamAware

Hashing Algorithms

Encryption Algorithms

 Tracking e-mails

readnotify

 Module: Authentication: Encryption,
Cryptography and Digital Signatures
 Authentication

Authentication Tokens

RSA SecurID
www.itpro.net.vn
RSA Algorithm

Performing RSA Encryption and
Decryption

Create your RSA Key Pair

Creating RSA keys

Encrypting and Decrypting with RSA

Cracking an RSA Encrypted
Message
Diffie Hellman Algorithm

Finding Diffie-Hellman Public Keys

DSS and DSA

ELGAMAL

CRYPT(3)
Tel: (84-4) 37875728 – Fax: (84-4) 37875729



RC2 and RC4

Transport Mode

IDEA

Tunnel Mode

SNEFRU


RIPE-MD
Choosing Best IPSec Mode for
Organizations

HAVAL

SKIPJACK

XOR

BLOWFISH

camellia

Cast encryption algorithm

Tiny encryption algorithm

SCA: Size-Changing Algorithms

IPSec Processing

Fragmentation

Enabling IPSec

Algorithms for IPSec

Protocols

Analyzing popular encryption schemes

AH

ESP
Levels of IPSec

Client

Symmetric Vs Asymmetric Encryption

Server

Symmetric key encryption

Secure Server

Asymmetric key encryption

IPSec Protocol Security

Hashing

IPSec Policies

PGP

IP Filters

X.509

Filter Action

SSL

Authentication Methods

Tunnel Setting

Connection Type
Types of Encryption Algorithms

Symmetric Key Encryption

Password Based Encryption

Asymmetric key encryption


IPSec Policy Management
Cryptography

Hashing algorithms

History of Cryptography

IP Sec

Math and Algorithms

Understanding

Private key Exchange

IPSec Architecture

Public Key Exchange

Components of IPSec

Message Authentication

Modes
www.itpro.net.vn

DES for Encryption
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


DES ECB and CBC Analysis
 Introduction to Virtual Private Network

Private Key Exchange
 Types of VPN

3DES

Remote Access VPN’s

HMAC/MD5 and SHA for
Authentication

Intranet Access VPN’s

ExtraNet VPN’s
Limitations
 Digital Certificates
 Working of VPN

Tunneling

Securing Data

Making Combination Work

Paper Certificates and Identity Cards

Authorities that Issue Physical Certificates

Difference Between Physical and Digital
Certificates

Standards For Digital Certificates

Fundamentals of Tunneling

X.509 as Authentication Standard

Tunneling Protocol

Public Key Certificate

Secret Key Certificate

Goals And Assumptions

Viewing digital certificates

Terminology
 Certificate Encryption Process

Control Connections

Security And Disadvantages

Encrypted File System
 Public and Private Keys
 Tunneling
 Point to point Tunneling Protocol(PPTP)
 Layer 2 Tunnel Protocol

A Public Key Generated by PGP

Characteristics

Choosing the size of keys

L2TP Header Format

Generating Keys

L2TP Control Message header

Using a Key Server that is on a User’s
Network

L2TP Data message

L2TP Compulsory Tunnel

L2TP Voluntary Tunnel

Using an Online Key Server
 Digital Signatures

Signature as identifiers

Features of Digital Signatures

Digital Signature In practice

PKI

Standards of Digital Signatures
 VPN Security

Encryption

IPSec Server

AAA Server
 Connection to VPN

SSH And PPP
 Module: Virtual Private Networks
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Concentrator

Wireless Cards

Other Methods

Antenna
 Step1: Setting Up VPN

Wireless Desktop Cards
 Step2: Implement DHCP Services

Wireless Laptop Cards
 Step3: Create An Enterprise Certificate Authority

Wireless USB Adapters
 Step 4: Install IAS

Wireless Internet Video Camera
 Step 5: Configure IAS

Digital Media Adapter
 Step 6: Create A Remote Access Policy

Wireless Converters
 Step 7: Configure The VPN Server

Wireless Print Server
 Step 8: Associate The VPN Server With The
DHCP Server

Wireless Rechargeable Bluetooth mouse
 Step 9: Configure Remote Clients
 Step 10: Test The Client Connection
 VPN Policies
 VPN Registrations And Passwords
 Risk Associated With VPN
 Wireless Technologies

Personal Communication Services(PCS)

Time Division Multiple Access(TDMA)

Code Division Multiple Access(CDMA)

ARDIS

BlueTooth
 Pre Implementation Review – Auditing
 Implementation Review – Auditing
 Post Implementation Review And Reporting


Frequency and Data rates

Bluetooth Architecture and components
Ultra Wideband
 Wireless Communications: Examples
 Module: Wireless Network Security
 Introduction to Wireless

Satellite communications

Cellular phone communications

Types of wireless networks: WLAN, WWAN,
WPAN and WMAN

Wired Vs. Wireless Networks

PDA

Advantages and Disadvantages of Wireless

BlackBerry
 Types of Wireless Networks
 Devices using Wireless Communications
 Service Set Identifier (SSID)
 Detecting Wireless Network

Based on Type of Connection

Based on Geography

How to scan
 Components of Wireless Network

Tool: Kismet

Netstumbler

Access Points
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 Types of Wireless Attacks

Man in the Middle Attacks

Eavesdropping

Manipulation

Denial of Service or Distributed Denial of
Service

Social Engineering

“Weak key” Attacks

Dictionary Attacks

Birthday Attacks
 Wireless Threats

Rogue Access Points

MAC Sniffing and AP Spoofing
 Wireless Security



Eavesdropping
Security Vulnerabilities With Public Access
Wireless Networks

WEP Key Cracking Tools

WEPCrack

AirSnort

Aircrack

Authentication Mechanism

Kerberos

Components

Exchanges Of Kerberos Client
Security Measures


 Risks Due To Wireless Networks
 Wired Equivalent Privacy
Multifactor Authentication

 WLANs in Public Space


WPA
 Open Wi-Fi Vulnerabilities
Unauthorized Network Access
Communications

Hotspot

LDAP

 Overview of Wi-Fi

Authentication

Change the SSID

Use Encryption

Use a VPN

Use a Firewall
WLAN Security Policy Development Issues

Goals And Characteristics

Auditing WLAN Security Policy
RADIUS Authentication

Security

Configuration
 Wireless Auditing

Baselining
 DHCP Services

Server And Client
 Mobile Security Through Certificates
 Wireless Network Attack Tool: AirSnarf
 Certificate Management Through PKI
 Tools to detect MAC Address Spoofing:
Wellenreiter v2
 Trouble Shooting Wireless Network
 WLAN Management

Detecting Rogue Points
www.itpro.net.vn

Multipath and Hidden Node

Identifying And Resolving Interface Problems
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 Wireless Network Security Checklist
 Module: Creating Fault Tolerance
 Network Security: Fault Tolerance

RAID Level 0(Striping)

RAID Level 1(Mirroring or Duplexing)

RAID Level 2(Striping with Error
Correction Code(ECC))

RAID Level 3(Striping with Parity on a
single Drive)

RAID Level4(Striping by block with Parity
on a single Drive)

RAID Level 5(Striping with Parity
Information Spread Across Drives)
 Why Create Fault Tolerance
 Planning For Fault Tolerance
 Network Security

Key Aspect of Fault Tolerance

Fault Tolerant Network
 Reasons for Network Failure

Clustered Servers

Simple Server Redundancy

Viruses And Trojans

Archiving

Intrusion And Unauthorized Access

Auditing

Power Supply Failure
 Reasons For System Failure

Anatomy of Auditing

Auditing Mechanism

Audit Browsing

Crime

User Error

Deployment Testing

Environmental

Circuit Redundancy

Routine Events

Offsite Storage
 Preventive Measures

Perimeter Security

Physical Security

Understanding Vulnerabilities

Backups

Authentication

Security Policies

Files Back up

Tape Backup – Pros And Cons

Practical tips
 Module: Incident Response

Setting Privileges
 What is an Incident

Access Rights
 Category of Incident

Partitions
 Types of Incident

Peripherals
 Who should I report an Incident

UPS And Power Generators
 Step by Step Procedure

RAID
 Managing Incidents
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 What Is an Incident Response
 Recovery of Small and Large Computer Systems
 Incident Response Architecture
 Emergency Management
 Six Step Approach for Incident Handling
(PICERF Methodology)
 Disaster Recovery Planning

Preparation

Identification

Containment

Eradication

Recovery

Follow-up
 Incident Response Team

Basic Requirements

Ways of Communication

Staffing Issues

Stages
 Obstacles in Building a Successful Incident
Response Team
 Computer Security Incident Response Team

Services

Reactive Services

Proactive Services

Security Quality Management Services
 Process of Disaster Recovery Plan

Organizing

Training

Implementing

Process
 Disaster Recovery Testing

Testing Process

Testing Steps

Testing Scenarios
 Disaster Recovery Planning Team

Training the Disaster Recovery Planning
Team
 Business Process Inventory
 Risk Analysis

Concept of risk Analysis

Methods of Risk Analysis

Process of Risk Analysis

Continuous Risk Assessment

Techniques To minimize Risk
 Business Continuity Planning Process
 Module: Disaster Recovery and Planning
 Overview of Disaster and its types
 What is a Disaster Recovery
 Principles of Disaster Recovery
 Types of Disaster Recovery Systems

Synchronous Systems

Asynchronous Systems
 Backup Site
www.itpro.net.vn

Business Impact Analysis

Risk Assessment

Other Policies, standards and process

Monitoring
 Business Continuity Management
 Six myths about Business Continuity
Management and Disaster Recovery
 Disaster Prevention
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
 Module: Network Vulnerability
Assessment
 Statistics of Network Vulnerabilities in 2006
 Vulnerability Assessment

Vulnerability Assessment services

Advantages of Vulnerabilities Assessment
services
 Goals of vulnerability assessment
 Features of a good vulnerability assessment

Phase 1- Acquisition

Phase 2 - Identification

Phase 3 - Analyzing

Phase 4 - Evaluation

Phase 5 - Generation
 How to assess vulnerability assessment tools
 Selecting vulnerability assessment tools

Tools:

Network Vulnerability Assessment Timeline

SAINT

Network Vulnerability Assessment Team

Nessus
 Vulnerability classes

BindView
 Source Of Vulnerabilities

Nmap

Design Flaws

Ethereal

Poor Security management

Retina

Incorrect Implementation

Sandcat Scanner

Vforce

NVA-Team Checklist
 Choice of Personnel for Network Vulnerability
Assessment
 Network vulnerability Assessment methodology:
www.itpro.net.vn
 10.1.10. Tool: ScanIT Online
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Education Services
QUẢN LÝ DỰ ÁN (PM)
CHỨNG CHỈ QUỐC TẾ 212-79
THỜI LƯỢNG KHÓA HỌC: 5 ngày
TỔNG QUAN KHÓA HỌC


Khóa học này được thiết kế để dạy cho học viên các quy tắc cơ bản để quản trị tốt một dự án. Học viên
sẽ học cách xác định và lên kế hoạch các nguồn tài nguyên dự án, tạo lập sơ đồ hoạt động của dự án, và
làm yêu cầu chủ yếu các báo cáo hoạch định và đánh giá.
Các vấn đề quan trọng của việc lựa chọn nhân sự và quản trị nhóm cũng được giảng dạy. Những mục tiêu
học tập này được tăng cường bằng khóa học dự án cho phép học viên áp dụng những nguyên lý và các
công cụ mà họ đã học được
KIẾN THỨC ĐẠT ĐƯỢC
















Một dự án là một nỗ lực được thực hiện để tạo ra một sản phẩm hay dịch vụ độc đáo. Mỗi dự án có một
sự khởi đầu và một sự kết thúc nhất định. Và mỗi sản phẩm hay dịch vụ được tạo ra thì khác nhau ở một
khía cạnh nào đó so với các sản phẩm và dịch vụ tương tự.
Có rất nhiều loại dự án khác nhau phụ thuộc vào từng ngành công nghiệp và phạm vi hoạt động.
Một vài ví dụ:
Phát triển một sản phẩm hay dịch vụ mới,
Thực hiện một sự thay đổi về cơ cấu, nhân viên, hay phong cách của một tổ chức,
Thiết kế phần mềm máy tính, ví dụ như một hệ thống (kho) quản trị vật tư, một hệ thống xử lý khiếu nại,
hay một hệ thống kế toán.
Quản trị dự án có nghĩa nhiều hơn việc đơn thuần lập kế hoạch. Nó liên quan đến việc cân đối rất nhiều
các phần việc khác nhau, những việc mà các giám đốc dự án sắp xếp thành chín lĩnh vực kiến thức.
Một dự án điển hình bắt đầu với việc ai đó có một ý tưởng, hoặc bằng một ý tưởng thống nhất thông qua
thảo luận. Rồi ý tưởng đạt được sự chấp thuận từ một nhóm rộng hơn: có thể không chính thức thông qua
thảo luận với các đồng nghiệp và sau đó thông qua một quá trình chính thức hơn liên quan đến Ban quản
trị cao cấp, Ban giám đốc hay Hội đồng quản trị. Điều này sẽ dẫn đến một quá trình lập quỹ, quá trình
thường tạo ra sự chậm trễ đáng kể, và rồi, nếu việc lập quỹ thành công, dự án có thể bắt đầu, nhân viên
sẽ được tuyển và công việc có thể bắt đầu. Công việc này phải được lập kế hoạch và quản lý, các vấn đề
được giải quyết, đến khi dự án hoàn thành, hy vọng là thành công, và được kết thúc.
Các phương pháp chính thức của của Quản trị dự án cung cấp một khung để quản trị quá trình này, cung
cấp một loạt các yếu tố - các khuôn mẫu và thủ tục để quản trị dự án thông qua vòng đời dự án.
Các yếu tố chính bao gồm:
Xác định mục tiêu rõ ràng của dự án một cách chính xác, hệ thống.
Phân chia dự án thành các nhiệm vụ và giai đoạn có thể quản lý được.
Kiểm soát các dự án thông qua các giai đoạn của dự án sử dụng việc xác định dự án như là một nền tảng.
Nêu bật các rủi ro và thiết lập các thủ tục cụ thể để thực hiện.
Cung cấp các cơ chế để làm việc với cá vấn đề chất lượng.
Xác định vai trò để cung cấp các nền tảng cho nhóm hoạt động hiệu quả.
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Education Services
ĐỐI TƯỢNG KHÓA HỌC

Những học viên quan tâm học các nguyên lý cơ bản của quản trị tốt dự án
CHỨNG CHỈ KHÓA HỌC
Chương trình này cung cấp kiến thức và kỹ năng học viên cần để thi đạt yêu cầu môn thi Quản lý dự án
của EC-Council 212-79. Môn thi 120 phút sẽ được tiến hành vào ngày cuối của lớp học tại địa điểm lớp (
Đăng ký thi qua Trung tâm Prometric)
NỘI DUNG KHÓA HỌC
Module I: Giới thiệu về Quản lý dự ánIntroduction to Project Management







Hiểu được khái niệm dự án và các đặc tính
của dự án
Tầm quan trọng của Quản lý dự án
Hiểu được Vòng đời dự án
Hiểu được việc phân tích những người liên
quan đến dự án
Làm quen với Khung quản lý dự án
Xem xét các yếu tố khác nhau của Quản lý
dự án
Học các cách ứng xử trong Quản lý dự án và
Quản lý dự án phần mềm
Module II: Tổng quan về Lập kế hoạch và đánh
giá dự án- Overview of Project Planning and
Evaluation



Học về lập ké hoạch dự án
Học về các bước trong lựa chọn dự án
Hiểu việc đánh giá dự án
Module III: Quản lý chiến lược và Lựa chọn dự
án- Strategic Management and Project Selection




Hiểu được tiêu chuẩn lựa chọn và bản chất
của lựa chọn dự án
Hiểu được loại hình số và không số của việc
lựa chọn dự án và các hình thức của nó
Hiểu được cách lập kế hoạch kỹ thuật
Hiểu được Quy trình Lập bảng tổng hợp
danh mục đầu tư các dự án (PPP)
Module IV: Phương pháp Quản lý dự án- Project
Management Methodology
www.itpro.net.vn






Hiểu được các kế hoạch, phương thức và
phương pháp của Quản lý dự án
Hiểu được khung Quản lý dự án và các
bước của nó
Hiểu được Phương thức phát triển hệ thống
theo chức năng và các nguyên tắc của nó
Hiểu việc thực hiện của các phương thức và
phương pháp
Tạo WBS, Dự tính, và Các tiêu chuẩn kiểm
tra và tầm quan trọng của các chuẩn
Học về các gói và các công cụ phần mềm và
việc thực nhiện chúng
Module V: Quản lý dự án thống nhất- Project
Integration Management











Về thống nhất quản lý dự án
Biểu đồ quản lý dự án thống nhất
Phát triển Chuẩn y dự án
Yêu cầu đầu vào và đầu ra trong xây dựng
Chuẩn y dự án
Các công cụ và công nghệ trong xây dựng
Chuẩn y dự án
Điều hành và kiểm soát Chuẩn y dự án
Yêu cầu đầu vào và đầu ra trong Chuẩn y dự
án
Kiểm soát sự thay đổi thống nhất
Yêu cầu đầu vào và đầu ra trong kiểm soát
sự thay đổi thống nhất
Các công cụ và công nghệ trong kiểm soát
sự thay đổi thống nhất
Kết thúc dự án
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Education Services



Yêu cầu đầu vào và đầu ra của kết thúc dự
án
Các công cụ và công nghệ của kết thúc dự
án
Tóm lược
Module VI: Quản lý phạm vi dự án- Project Scope
Management






Hiểu Quản lý phạm vi dự án và các chu trình
quản lý phạm vi dự án
Hiểu Lập kế hoạch phạm vi dự án, yêu cầu
đầu vào, các công nghệ được sử dụng và
các kết quả đầu ra.
Học điịnh nghĩa phạm vi dự án, các yêu cầu
đầu vào, các công nghệ được sử dụng và
các sản phẩm đầu ra.
Hiểu việc tạo ra WBS, các yêu cầu đầu vào,
các công cụ và công nghệ và kết quả đầu ra
Hiểu viẹc kiểm tra phạm vi dự án, yêu cầu
đầu vào, các công cụ và công nghệ được sử
dụng và các kết quả đầu ra.
Học việc kiểm soát phạm vi dự án, các yêu
cầu đầu vào, các công cụ, công nghệ được
sử dụng và kết quả đầu ra.
Module VII: Quản lý thời gian dự án- Project Time
Management










Các chu trình Quản lý thời gian dự án
Quản lý hoạt động
Hoạt động: Tính toán tài nguyên
Chuỗi các hoạt động
Tính toán độ dài các hoạt động
Lập kế hoạch dự án
Kiểm soát kế hoạch
Phát triển kế hoạch
Kiểm soát kế hoạch: Tác động lên chi phí.
Tóm lược
Module VIII: Phân tích tài chính dự án- Project
Financial Analysis



Tầm quan trọng của Phân tích tài chính dự
án
Tầm quan trọng của các Quyết định Đầu tư
Hiểu biết thiết yếu dự án
www.itpro.net.vn






Phương pháp quản lý đối với Tài chính dự
án
Sự liên quan đến vòng đời dự án
Lập kế hoạch các chiến lược đầu tư
Kiểm tra Luận chứng khả thi tài chính
Sử dụng các công nghệ và các đề án tài
chính
Sử dụng các phương pháp đánh giá
Module IX: Quản lý chi phí dự án- Cost
Management









Tầm quan trọng của Quản lý chi phí dự án
Quan điểm quản lý của Quản lý chi phí
Chu trình của Quản lý chi phí
Lập kế hoạch tài nguyên
Dự tính của Chi phí dự án
Sự kết nối then chốt của chi phí dự án
Xây dựng và phân bổ Ngân sách
Thực hiện kiểm soát chi phí
Các nhân tố ảnh hưởng vượt quá chi phí
Module X: Quản lý chất lượng dự án- Quality
Management









Tầm quan trọng của Quản lý chất lượng dự
án
Theo dõi chất lượng của Những người liên
quan đến dự án
Các khái niệm cơ bản của Quản lý chất
lượng dự án
Các chu trình của Quản lý chất lượng dự án
Kế hoạch quản lý chất lượng
Thiết kế hệ thống quản lý chất lượng
Các yếu tố của hệ thống quản lý chất lượng
Mô hình đánh giá của đảm bảo chất lượng
và Kiểm soát chất lượng
Quản lý chất lượng tổng thể (TQM)
Module XI: Quản lý mua sắm dự án- Project
Procurement Management



Tổng quan
Mô tả kế hoạch thu mua và các yêu cầu cần
đạt được
Yêu cầu đầu vào và kết quả đầu ra của kế
hoạch thu mua và yêu cầu cần đạt được
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Education Services

















Các công cụ và công nghệ của kế hoạch thu
mua và các yêu cầu cần đạt được
Kế hoạch ký kết hợp đồng
Yêu cầu đầu vào và kết quả đầu ra của kế
hoạch ký kết hợp đồng
Các công cụ và công nghệ của kế hoạch ký
kết hợp đồng
Yêu cầu phản hồi của nhà cung cấp
Yêu cầu đầu vào và kết quả đầu ra của yêu
cầu phản hồi của nhà cung cấp
Các công cụ và công nghệ của Yêu cầu
phản hồi của nhà cung cấp
Lựa chọn nhà cung cấp
Các yêu cầu đầi vào và kết quả đầu ra của
lựa chọn nhà cung cấp
Các công cụ và công nghệ của lựa chọn nhà
cung cấp
Quản trị hợp đồng
Yêu cầu đầu vào và kết quả đầu ra của Quản
trị hợp đồng
Các công cụ và công nghệ của Quản trị hợp
đồng
Kết thúc hợp đồng
Các yêu cầu đầu vào và kết quả đầu ra của
kết thúc hợp đồng
Các công cụ và công nghệ của kết thúc hợp
đồng
Tóm lược
Module XII: Quản lý rủi ro dự án- Project Risk
Management









Quản lý rủi ro là gì?
Các loại rủi ro
Lập kế hoạch quản lý rủi ro
Các công cụ và Công nghệ của Quản lý rủi
ro
Phân tích rủi ro
Các nhân tố rủi ro định lượng và định tính và
cac syêu cầu đầu vào và kết quả đầu ra
Các công cụ và công nghệ của các nhân tố
rủi ro
Lập kế hoạch đối phó với rủi ro
Các yêu cẩu đầu vào và kết quả đầu ra của
đối phó rủi ro
www.itpro.net.vn



Các chiến lược lập kế hoạch đối phó rủi ro
Kiểm tra và kiểm soát rủi ro
Các yêu cầu đầu vào và kết quả đầu ra của
kiểm soát và kiểm tra rủi ro
Module XIII: Quản lý nguồn nhân lực dự ánProject Human Resources Management


















Quản lý nguồn nhân lực dự án
Lập kế hoạch nguồn nhân lực dự án
Yêu cầu đầu vào và kết quả đầu ra của lập
kế hoạch nguồn nhân lực dự án
Các công cụ và công nghệ của lập kế hoạch
nguồn nhân lực dự án
Yêu cầu các nhân viên cần thiết
Yêu cầu đội dự án
Yêu cầu đầu vào và kết quả đầu ra của yêu
cầu đội ngũ dự án
Các công cụ và công nghệ của yêu cầu đội
ngũ dự án
Xây dựng đội ngũ dự án
Yêu cầu đầu vào và kết quả đầu ra của xây
dựng đội ngũ dự án
Các công cụ và công nghệ xây dựng đội
ngũ dự án
Quản lý đội ngũ dự án
Yêu cầu đầu vào và kết quả đầu ra của quản
lý đội ngũ dự án
Các công cụ và công nghệ của quản lý đội
ngũ dự án
Chuẩn bị lập ké hoạch tổ chức
Lãnh đạo phát triển đội ngũ dự án
Tạo dựng các hoạt động xây dựng đội ngũ
Áp dụng các kỹ năng quản lý chung
Module XIV: Kiểm tra dự án và Kết thúc dự ánProject Audit and Closure







Tầm quan trọng của kiểm tra diự án
Các yêu cầu của Kiểm tra dự án
Vòng đời kiểm tra dự án
Các trách nhiệm của người kiểm tra dự án
Đánh giá thành công dự án
Thủ tục kiểm tra dự án
Các xem xét kiểm tra dự án
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Education Services





Kết thúc dự án
Các loại kết thúc dự án
Thủ tục kết thúc dự án
Kết thúc các dự án không thành công
Báo cáo kết thúc dự án
Module XV: Quản lý các quy chuẩn và tương lai
dự án- Ethics and Future of Project Management
















Các quy định chuẩn và tương lai của Quản
lý dự án
Các quy chuẩn quản lý dự án
Sự cần thiết của các quy chuẩn
Các quy chuẩn của tổ chức
Các trách nhiệm của Giám đốc dự án
Chuẩn các quy định
Quy chuẩn trong không khí làm việc
Các quan hệ với nhân viên và khách hàng
Các trách nhiệm theo hướng cộng đồng
Quản lý tương lai của dự án
Các chi tiết của chu trình của tương lai
Quản lý các xu hướng mới
Cộng tác của Quản lý dự án
Các vấn đề phát sinh với sự thay đổi trong
xu hướng
Quản lý các dự án quốc tế
Tương lai của các sự án
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Phục hồi thảm họa và duy trì kinh doanh liên tục
(Disaster Recovery and Business Continuity)
Thời lượng: 5 ngày
Mô tả khóa học
Khóa học cung cấp cho học viên những phương pháp để nhận dạng các lỗ hổng, các điểm yếu trong hệ
thống và đưa ra các biện pháp thích hợp để phòng chống nhằm giảm nhẹ những rủi ro về bảo mật cho một tổ
chức. Khóa học cũng cung cấp các kỹ năng mạng một cách chuyên nghiệp, cơ bản về khôi phục sau thảm
họa. Nội dung bao gồm chuẩn bị kế hoạch khôi phục sau thảm họa; đánh giá rủi ro; phát triển các thủ tục và
các chính sách; hiểu rõ vị trí và mối quan hệ của các thành viên trong tổ chức; triển khai thực hiện kế hoạch và
khôi phục sau thảm họa. Khóa học đưa ra một cách tiếp cận toàn diện để phát triển kế hoạch khôi phục sau
thảm họa. Học viên sẽ học cách thiết lập một hệ thống mạng an toàn bằng cách thiết lập những chính sách và
thủ tục cũng như làm thế nào để có thể khôi phục hệ thống mạng trong trường hợp xảy ra thảm họa.
Học viên
Học viên là những người có chức năng quản trị hệ thống mạng máy tính, quản trị máy chủ chuyên
nghiệp, quản trị firewall, phát triển ứng dụng và các kỹ sư bảo mật.
Chứng chỉ
Cuối kỳ học viên sẽ làm bài kiểm tra và được cấp chứng chỉ đã hoàn thành khóa học. Để nhận được
chứng chỉ của EC-Council về “chuyên ngành thảm họa và phục hồi” (Disaster Recovery Professional) học viên
cần vượt qua kỳ thi trực tuyến tổ chức tại các trung tâm khảo thí của EC-Council
Nội dung khóa học
Module 01: Introduction to Disaster Recovery and
Business Continuity






Disaster Recovery & Business Continuity:
Terminologies
Disaster Types
Consequences of Disaster
Disaster Recovery & Business Continuity
Principles of Disaster Recovery and
Business Continuity
Disaster Recovery & Business Continuity:
Issues Addressed
www.itpro.net.vn






Activities of Disaster Recovery & Business
Continuity
Disaster Recovery and Business Continuity
Program
Disaster Recovery & Business Continuity
Solutions
Best Practices in Disaster Recovery &
Business Continuity Program
International Strategy for Disaster Reduction
(ISDR)
International Day for Disaster Reduction
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Module 02: Nature and Causes of Disasters



































Nature of Disasters
Categorization of Disasters
Natural Disasters
Earthquakes
Protecting Yourself During Earthquake
Earthquakes: Volcanoes
Protection from Volcanoes
Forecasting Volcanoes
Estimating Earthquakes
Earthquakes: Tsunami
Protecting Yourself During Tsunami
Landslides
Effects of Landslides
Protecting Yourself from Landslides
Hurricanes
Safety Measures During Hurricanes
Predicting Hurricanes
Floods
Effect of floods
Prevention Measures
Wildfires
Safety Measures
Drought
Consequences of Drought
Measures to Overcome Drought Effects
Man-Made Disasters
Accidents
Power Outage
Telecommunication Outage
Categorization of Human Intentional
Disasters
Arson
Civil Disorder
Terrorism
War
Chemical Biological Radiological Nuclear
(CBRN)
Module 03: Emergency Management




Emergency
Emergency Management
Need for Emergency Management
Emergency Management Phases
www.itpro.net.vn









Mitigation
Preparedness
Response
Recovery
Effect of Disaster on Business Organizations
Emergency Management for Business
Organizations
FEMA- Federal Emergency Management
Agency
FEMA as an Organization
Activities of FEMA
Module 04: Laws and Acts






















Applicable Acts in DR
Laws and Acts in United States of America
Industries: Sarbanes-Oxley Act
Foreign Corrupt Practices Act (FCPA)
Healthcare: HIPAA Regulations
Financial Institutions: Gramm-Leach-Bliley
Act
Flood Disaster Protection Act of 1973
Robert T. Stafford Disaster Relief and
Emergency Assistance Act
CAN-SPAM Act of 2003
Federal Financial Institutions Examinations
Council (FFIEC)
Personal Information Protection and
Electronic Documents Act (PIPEDA)
Laws and Acts of Europe
Data Protection Act 1998
Transmission of Personal Data: Directive
2002/58/EC
Personal Data: Directive 95/46/EC
Insurance: Financial Groups Directive (FGD)
The Foundation of Personal Data Security
Law: OECD Principles
Dutch Personal Data Protection Act
Austrian Federal Act concerning the
Protection of Personal Data
German Federal Data Protection Act
Laws and Acts in Australia
Health Records and Information Privacy Act
(HRIP)
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Financial Transactions Reporting (FTR) Act
1988
Module 05: Business Continuity Management


























Business Continuity Management
Business Continuity Planning
Objectives of Business Continuity Planning
Essential Resources in Business Continuity
Planning
Business Continuity Management Planning
Steps
ISO (International Organization for
Standardization)
Overview of BS 7799 / ISO 17799
ISO/IEC 17799:2005
ISO/IEC 17799:2005: Business Continuity
Management
Risk Analysis
Risk Assessment
Basic Elements of Risk Assessment
Business Impact Analysis (BIA)
Components of Business Impact Analysis
Threat Analysis
Risk Analysis and Business Impact Analysis
Crisis Management
Steps in Crisis Management
Crisis Management Phases
Compliance
Preparedness
Training and Resource Development
Contingency Planning
Points to remember in BCM Plan Testing
Birmingham City Council’s BCM Assessment
Template
Greenwich Council – Emergency and BCM
Plan
Module 06: Disaster Recovery Planning Process







Disaster Recovery Planning Process
Management Support
Organizing DR Team
Components of Disaster Recovery Team
Disaster Recovery Planning Team
Building a Planning Team
Establishing Team at the Departmental Level
www.itpro.net.vn


































Risk Assessment
Risk Assessment
Conduct Business Impact Analysis
Critical Business Activities
Analysis Sheet
Example: Analysis Sheet for IT System
Roles and Responsibilities
Individual: Leader
Individual: Disaster Recovery Coordinator
Individual: IT Administrator
Individual: Network Manager
Individual: Disaster Recovery Manager
Individual: DR Team Member
Team: Administration Team
Team: Technical Team
Team: Damage Evaluation and Salvage
Team
Team: Physical Security Team
Team: Communications Team
Responsibilities Common to all Disaster
Recovery Teams
Developing Charts of Responsibilities
Facility Disaster Recovery Chart of
Responsibilities
Department Disaster Recovery Chart of
Responsibilities
Business Process Disaster Recovery Chart
of Responsibilities
Developing Policies and Procedures
Assumptions for DR Planning
Need for Disaster Recovery Planning
Disaster Recovery Plan Development
Disaster Recovery & Management:
Budgeting
Centralized Office of DR Planning: Budget
Safety and Health Procedures
Procedures for Internal and External
Communications
Procedures for Containment and Property
Protection
Procedures for Recovering and Resuming
Operations
Assessing Insurance Requirements &
Coverage Needs
Tel: (84-4) 37875728 – Fax: (84-4) 37875729






























Need for Insurance
Evaluating Insurance Policies
Testing and Training
DRP Testing and Rehearsal Process
DRP Testing: Advantages
DRP Testing: Methods
DRP Testing Steps
DRP Testing Flow Chart
Training DR Teams
Commence Training Program for Disaster
Recovery
Training for Executives
Training for Middle Managers
Training for Supervisors
Training for Disaster Response Teams
Training for Employees
Documentation of DR Procedures
Need for Documentation of Plans
Important Documentations in Disaster
Recovery Process
Writing Disaster Recovery Plan
Best Practices for Documentation
Managing Records
DRP Maintenance
Monitoring Process
Monitoring Procedures
Evaluate Latest Technologies
Conducting Regular Reviews
Conducting Training Programs for Updated
Plan
DRP Implementation
DR Plan Implementation
Internal and External Awareness Campaigns
Module 07: Risk Management









What is Risk
Introduction to Risk Management
Functions of Risk Management
Analytic Process of Risk Management
Risk Analysis
Risk Reduction Analysis
Management Decision
Risk Reduction Planning
Reviews and Audit
www.itpro.net.vn










Project Risk Management
IT Security Risk Management
Risk Management Standards
Financial Risk Management
Basel II and Risk Management
Pillar I: Minimum Capital Requirement
Pillar II: Supervisory Review Process
Pillar III: Market Discipline
Quantitative Risk Management
Best Practices in Risk Management
Module 08: Facility Protection






















Facility Protection
Water Supply
Protecting Water Supply
Fire
Types of Fire Extinguishers
APW Extinguishers
Dry Chemical Extinguisher
Carbon Dioxide Extinguishers
Points to Remember
Using a Fire Extinguisher
Fire Suppression for Companies
Fire exits
Power Supply
Common Power Supply Problems
Ensuring Steady Power Supply
Ventilation
Kinds of Ventilation
Measures for Proper Ventilation
Air Conditioners
Measures for Proper Working of Air
Conditioners
Building and Premises
Checklist for Securing Facility
Module 09: Data Recovery







Types of Data Recovery
Logical Data Recovery
Physical Data Recovery
Disk-to-Disk-to Disaster Recovery (3DR)
Concept
Steps in Data Recovery
Recovery Management
Recovery Management Evaluation Metrics
Tel: (84-4) 37875728 – Fax: (84-4) 37875729









Recovery Time Objective (RTO)
Role of RTO in Disaster recovery
Recovery Point Objective (RPO)
Network Recovery Objective (NRO)
Recovery Management Model Layers
Data Protection Continuum
Do’s and Don'ts
Lumigent's Log Explorer
Best Practices in Data Recovery
Module 10: System Recovery























System Restore in Windows XP
Linux System Recovery
Linux System Crash Recovery
Crash Recovery Kit for Linux
Mac System Recovery
Restoring Windows Server 2003
Recovering from Boot problems in Windows
Server 2003
Step 1: Start computer by using Last Known
Good Configuration
Step 2: Starting computer in Safe Mode
Step 3: Use Event Viewer to Identify the
Cause of the Startup Problem
Step 4: Use System Information to Identify
the Cause of the Startup Problem
Step 5: The Safe Mode Boot Log File
Step 6: Use Device Manager to Identify the
Cause of the Startup Problem
Step 7: Use System Configuration Utility
Microsoft Windows Recovery Console
Automated System Recovery
Windows 2000 Backup and Restore Utility
Methods for Restoring Replicated Data
Restoring Server Services
Active Directory Recovery: Non-Authoritative
Restore
Active Directory Recovery: Authoritative
Restore
Verifying Active Directory Restoration:
Advanced Verification
Verifying Active Directory Restoration: Basic
Verification
www.itpro.net.vn
































Active Directory Recovery on a Computer
with a Different Hardware Configuration
Sysvol Recovery: Primary Restore
Sysvol Recovery: Non-authoritative Restore
Sysvol Recovery: Authoritative Restore
Recovery of Global Catalog Server
Recovery of an Operations Master
Domain Controller Recovery: With a Working
Domain Controller
Domain Controller Recovery: Without a
Working Domain Controller
Database Integrity Testing
Rights Management Services Restoration
Rights Management Services Database
Restoration
Tools for Active Directory Disaster Recovery:
Recovery Manager
Restoring IIS Configurations: iisback.vbs
Restoring Microsoft IIS Metabase Backup
WANSync IIS
WANSync IIS: Working
Restoring Exchange Server 2003
Data Recovery Scenarios
Exchange Data Recovery Preparation
Single Mailbox Recovery
Single Item Recovery using Deleted Items
Retention
Single Item Recovery using Third-party Brick
Backup Programs
Full-Server Recovery: Preparation
Full-Server Recovery: Option 1
Exchange Server Backup/Recovery Solution:
SonaSafe
Recovering Blackberry Enterprise Server
IBM WebSphere Application Server
Recovery
Recovering Coldfusion Application Server:
CFMAIL Bug
Variable Deadlocks
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
















ODBC Errors
Recovering Coldfusion Application
Server:500 IIS Internal Server Error
System Registry Access Problem
Recovering from Domino Server Crashes
Tool: SteelEye LifeKeeper
Restoring MySQL Server
Restoring MS SQL Server: Option 1
Restoring My SQL Server
Recovering Cisco IOS
Module 11: Backup and Recovery






















Backup
Need for Backup
Types of Backup:
Full Backup
Incremental Backup
Differential Backup
Hot Backup
Hot Backup Sample Code
Cold Backup
Cold Backup Sample Code
Backup Sites
Hot Site/ Cold Site
Redundant Array of Inexpensive Disks
(RAID)
RAID: Some Important Levels
Wide Area File Services (WAFS)
Backup for UNIX
Bare Metal Recovery for LINUX
Bucky Backup for Mac OS X
System Backup Administrator
NanoCopy Technology
Backup4all
Backup4all Features
www.itpro.net.vn





ABC Backup Software
Genie Backup Manager
NTI BackupNow
High Availability Disaster Recovery (HADR)
Best Practices in Backup & Recovery
Module 12: Centralized and Decentralized System
Recovery















Distributed Computing
Objectives of Distributed Computing
Architecture for Distributed Computing
Working of Distributed Computing
Centralized Backup
Centralized Backup Using SAN or NAS
Server
Data Consolidation
Cross-Platform Data Consolidation
Mainframe as Centralized Storage Source
Tiers of Disaster Recovery
GDPS/PPRC
GDPS/PPRC Configuration
GDPS/PPRC Single-site Workload
Configuration
GDPS/PPRC Multi-site Workload
Configuration
Best Practices in Centralized and
Decentralized System Recovery
Module 13: Windows Data Recovery Tools
















Digital Photo Recovery
Active@ UNERASER
Test Disk
PhotoRec
BadCopy Pro
Directory Snoop
Data Advisor
Fast File Undelete
File Scavenger
GetDataBack
Kernel Recovery for FAT+NTFS
R-Mail
R-Studio
Recover4all
Recover It All
Recover My Files Data Recovery
Tel: (84-4) 37875728 – Fax: (84-4) 37875729











Quick Recovery for Windows
Restorer2000
File Recovery
EasyRecovery DataRecovery
EasyRecovery Professional
RecoverSoft Media Tools Professional
RecoverSoft Data Rescue PC
ADRC Data Recovery Software Tool
SalvageRecovery for Windows
Disk Doctors Email Recovery
Winternals Recovery Manager
Module 14: Linux, Mac and Novell Netware Data
Recovery Tools














Kernel Recovery for Linux
Kernel Recovery for ReiserFS
Kernel Recovery for JFS
Kernel Recovery for Macintosh
Kernel Recovery for Novell-Netware
Stellar Phoenix Linux
R-Linux
Quick Recovery for Linux
Quick Recovery for Macintosh
SalvageRecovery for Linux
SalvageRecovery for Mac
SalvageRecovery for Netware
Disk Doctors Linux Data Recovery Software
DiskInternals Linux Reader
Module 15: Incident Response














Incident
Category of Incidents
Low Level
Mid Level
High Level
How to Identify an Incident?
How to Prevent an Incident?
Relationship between Incident Response,
Incident Handling, and Incident Management
Incident Management Plan
Incident Handling
Information Security Life Cycle
Incident Response
Incident Response Policy
Risk Analysis
www.itpro.net.vn



















Risk Analysis and Incident Response
Incident Response Methodology
Preparation
Identification
Containment
Eradication
Recovery
Follow up
CERT (Computer Emergency Response
Team)
CSIRT (Computer Security Incident
Response Team)
General Categories of CSIRTs
Members of CSIRT Team
Building an Effective CSIRT
FIRST (Forum of Incident Response and
Security Teams)
Request Tracker for Incident Response
Helix – Incident Response & Computer
Forensics Live CD
Incident Response Tools Present in Helix CD
THE FARMER'S BOOT CD
Resources
Module 16: Role of Public Services in Disaster
















Public Services
State and Local Governments
Public Utilities and Departments
Hospitals
Blood Banks
Medical Laboratories
Food Banks
Fire Fighting Service
Waste/ Debris Management
Police
Armed Forces
Public Transportation
Water Supply System
Electricity Department
Information & Public Relations Department
IT Service Providers
Module 17: Organizations Providing Services
during Disasters
Tel: (84-4) 37875728 – Fax: (84-4) 37875729




















Organizations Providing Services during
Disasters
Relief Organizations
International Committee of the Red Cross
(ICRC)
International Federation of Red Cross and
Red Crescent Societies (IFRC)
United Nations Children's Fund (UNICEF)
National Emergency Response Team
(NERT)
CARE
Ananda Marga Universal Relief Team
(AMURT)
Action Against Hunger (AAH)
Emergency Nutrition Network (ENN)
Doctors Without Borders
Hunger Plus, Inc.
InterAction
International Rescue Committee (IRC)
Mennonite Central Committee (MCC)
Mercy Corps (MC)
Refugees International
Relief International
Save the Children
Project HOPE
Module 18: Organizations Providing Disaster
Recovery Solutions















Organizations Providing Disaster Recovery
Solutions
Symantec
System Sizing
System Sizing: Practices
Disk-based Backup
Manual System Recovery
Disadvantages
Automated System Recovery
IBM
Human Capital Resilience
Human Capital Risks in Crisis Situations
Business Resilience
Elements of Business Resilience
Framework for Business Resilience
Causes of E-Mail Outages
www.itpro.net.vn
















E-Mail Continuity
DELL
Oracle Data Guard Utility
RMAN Utility for Database Backup
NAS (Network Attached Storage)
Sun Microsystems
Integrated Solutions of Sun and Vignette
Sun Cluster Geographic Edition
Infosys Business Continuity Planning
Solution
Infosys BCP solution
Sybase Business Continuity Planning
Solution
Sybase Model
HP Business Continuity and Availability
solutions
HP 3-tiered Service Levels Balance
Investment with Risk
PricewaterhouseCoopers Fast Track BCP
AT&T's Business Continuity and Disaster
Recovery
Module 19: Case Studies














Business Continuity for Critical Applications
Jones Walker: Weathering the Storm
Let’s be prepared: An educational project
about disasters in Cuba
From rehabilitation to safety: Gujarat school
safety initiative, India
Disaster-resistant schools: A tool for
universal primary education
Disaster Recovery Situation Assessment
Disaster Recovery Planning
Business Continuity Planning and Business
Impact Analysis
Local risk management in earthquake zones
of Kazakhstan
Disaster Recovery Case Study: Max Re
Disaster Recovery Case Study: GSD&M
Storage Assessment Services
Backup and Recovery Plan and Design
Storage Infrastructure Design and
Implementation
Tel: (84-4) 37875728 – Fax: (84-4) 37875729




Continuous Data Protection and Disaster
Recovery
Disaster Recovery Testing
Disaster Recovery Strategy Assessment and
Validation
Case Study: Improving Disaster Recovery
Without Breaking the Bank
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
VoIP chuyên nghiệp
EC-Council Certified VoIP Professional
VoIP là dịch vụ thoại được truyền tải qua hệ thống mạng máy tínhảtên cơ sở sử dụng giao thức IP
(Internet Protocol). IP là nền tảng của mạng Internet, được sử dụng để truyền tải emails, tin nhắn và các trang
Web tới hàng triệu máy vi tính hoặc điện thoại di động. VoIP là một tập hợp công nghệ mà cho phép các thiết
bị hỗ trợ internet có thể truyền tải thoại và các dữ liệu đa phương tiện thông qua web chứ không phải thông
qua hệ thống mạng điện thoại thông thường. Khóa học đề cập đến công nghệ VoIP: các khái niệm, những mối
hiểm họa và các vấn đề về an toàn bảo mật.
Học viên
Học viên là các kỹ sư tin học chuyên nghiệp, những người có trách nhiệm thiết kế, xây dựng các hệ
thống mạng VoIP
Chứng chỉ
Cuối kỳ học viên sẽ làm bài kiểm tra và được cấp chứng chỉ đã hoàn thành khóa học. Để nhận được
chứng chỉ của EC-Council về “VoIP chuyên nghiệp” học viên cần vượt qua kỳ thi trực tuyến tổ chức tại các
trung tâm khảo thí của EC-Council
Module 01: Introduction to VoIP







What is VoIP?
Why use IP for Voice?
VoIP-Convergence of Technologies
Basic VoIP Architecture
Need of a Layered Architecture
VoIP Layers
TCP/IP Overview
o



Functions of TCP/IP Layers
VoIP Layers Vs. TCP/IP Layers
Public Switched Telephone
Networking(PSTN)
Circuit Switching Vs. Packet Switching
www.itpro.net.vn






Basic VoIP Features
Benefits of VoIP
Building The ROI Model
Disadvantages of VoIP
Future of VoIP
Growth in VoIP Subscribers
Module 02: Analog to Digital Conversions

Source:
o
A to D Conversion
o
Types of ADC's
o
Sigma Delta ADC
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o
Successive Approximation ADC
o
Pipelined ADC
o
Flash ADC
o
Comparison of ADC's
o
Working of ADC's
o
Voice Compression
o
Encryption
o
Headers


Call Control Signaling
Signaling System 7 (SS7)
o
Signaling Points
o
Signaling Links
o
SS7 Protocol Stack
Module 04: VoIP Devices and Cisco Components

Destination
o
Analog Telephone Adaptor (ATA)
o
Media Gateway
Sequencing
o
Features of Media Gateway
o
Decryption
o
Media Gateway Controller
o
Decompression
o
Signaling Gateway
o
Digital to Analog Conversion
o
Call Manager
o
VoIP Switches
o
IP Phones
o
Private Branch eXchange (PBX)
o
PSTN Gateway
o
Session Controller
o
Modems
o
VoIP Router
Analog Signaling
Types of Analog Signaling
o
Earth & Magnet (E&M) Signaling
o
Loop-Start
o
Ground-Start
o
Dial-Pulse Signaling
o












Basic VoIP Equipments
VoIP Network Components
o
Module 03: Traditional Voice Telephony
Principles




Dual Tone Multi-Frequency Signaling
Analog Systems
Analog Network Components
Cabling
Basic Telephone System Operation
Plain Old Telephone Service (POTS)
Direct Inward Dialing (DID)
Digital Subscriber Line (DSL)
Digital Loop Carrier (DLC)
Passive Optical Network (PON)
Dial Plans
Four-Wire Circuit
Time Division Multiplexing (TDM)
www.itpro.net.vn

o
Cisco's VoIP Components
Types of VoIP Ports

Foreign Exchange Station
(FXS)

Foreign
Exchange
Office
Magnet
(E&M)
(FXO)

Earth
&
Interface
o
VNM/VIC
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

VNM Models: NM-1V
o
Configuring POTS Dial Peers

VNM Models: NM-2V
o
Configuring Dial-Peer For VoIP

VNM
o
Configuring Dial-Peer For VoFR
o
Configuring Dial-Peer For VoATM
Models:
NM-HDV
High-Density VNM

VIC Models: VIC-2E/M

VIC-2FXS
o
Supervisory Disconnect

VIC-2FXO
o
Configuring

VWIC-2MFT-T1
o
Two-Port ISDN BRI Card
o
Four-Port Analog DID/FXS VICs








a
o
Configuring ISDN BRI Voice Ports
o
Configuring ISDN PRI Voice Ports
o
Configuring ISDN PRI Voice Ports
with Q.931
Prerequisites for VoIP Configuration
Voice Port Cabling and Configuration
o
Configuring QSIG
o
Port Numbering: 1700 Series
o
Configuring T-CCS
o
Port Numbering: Cisco 1760
o
Port Numbering: 2600 and 3600


Configuring H.323 Gateways
Configuring H.323 Gatekeepers
Series
o
H.323 ID Addresses
o
Port Numbering: MC3810 Series
o
Zone Prefixes
o
Port Numbering: 7200 Series
o
Gatekeeper Zone Prefix
o
Port Numbering: AS5300 Series
o
Technology Prefixes
o
Port Numbering: AS5x00 Series
o
IP Precedence
o
RTP Priority
o
Traffic Shaping
Configuring Voice Ports
Configuring FXO or FXS Voice Ports
Configuring E&M Ports
Configuring to adjust Parameters of E&M
Ports
Configuring DID Ports
Connection Command
Configuring Delay
o
Fine-Tuning FXS/FXO Ports
o
Fine-Tuning E&M Ports
o
Fine-Tuning DID Ports
www.itpro.net.vn
Supervisory
Disconnect Voice Class
Module 05: Configuring VoIP


Configuring Trunking

Configuring cRTP
o
Enable cRTP on a Serial Interface
o
Enable cRTP with Frame Relay
Encapsulation
o
Change the Number Of Header
Compression Connections
o
Displaying Statistics
o
Configuring Custom Queuing
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o
Enabling Custom Queuing

Applying Configuration to an
Interface


Enabling Priority Queuing:


Verifying Policy Routing
Configuring RSVP
Call Admission Control (CAC)
Verifying Call Admission Control
Set Up Configuration
o
Configuring Priority Queuing with
Configuring
the
WFQ
Queue
Applying Priority List to an
o

Verifying Priority Queuing: Show


Queuing Priority Command

Enabling Weighted Fair queuing
o
o
o
Verifying
Link
fragmentation
and
Interleaving

Verifying Weighted Fair Queuing:
Show Queuing Command

Verifying WRED
Configuring Link fragmentation and
Interleaving
Verifying Weighted Fair Queuing:
Show Interface Command
Verifying Traffic Shaping
Configuring Congestion Avoidance with
WRED
o
Verifying Priority Queuing: Show
Verifying Priority Queuing with WFQ
Configuring Traffic Shaping
o
Interface Command
o
Verifying RSVP
o
Interface
o
o
Enabling Priority Queuing:
Limits

Policy Routing
o

Priority-List Command
o
Configuring Class-Based Weighted Fair
Queuing (CBWFQ)
Configuring a Single-Router VoIP Network
o
Reviewing the Design
o
Configuring the Router: Step by Step
o
Testing and Verification
Module 06: Implementation and Applications of
VoIP
o
Defining Class Maps
o
Creating Policies
o
Attaching Policies to Interfaces
o
Phone to Phone Connection
o
Verifying CBWFQ: Show-Policy-Map
o
Analog Telephone Adaptor (ATA)

VoIP Implementation Types
Command
o
Verifying CBWFQ: Show-Policy-Map
Setup
o
Interface Command
o
Configuring Packet Classification
o
IP Precedence
o
Verifying IP Precedence
www.itpro.net.vn
Phone to Phone Connection Using
Gateway
o
Phone to Phone Connection Using
Router
o
Computer to Computer Connection
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
o













Phone to Computer and Vice-Versa
IP-Enabled PBX (Private Branch Exchange)
Method
IP Centric LAN Method
Satellite VoIP
Software Support for VoIP
Applications of VoIP

IntServ Vs. DiffServ
Module 08: H.323 Standards



VoIP Standards
What is the need for VoIP Protocols?
Introduction to H.323
o
Network Components of H.323
o
What is Skype?
o
Components of H.323
o
System Requirements
o
H.323 Protocols Suite
o
Getting Started with Skype
o
H.323 Protocol Stack
o
Skype is Safe
o
Control and Signaling in H.323
o
Features of Skype
o
H.323 Advantages
o
Network Address Translation (NAT)
o
o H.323 and NAT
Skype for Windows
Skype for Mac OSX
Skype for LINUX
Skype for Business
Skype Web Toolbar
Skype Email Toolbar
Skype Office Toolbar
Skype for Mobile

H.225
o
H.225/Q.931 Call Signaling
o
Q.931 Call Signaling Messages
o
H.225/Q.931 Signaling
o
H.225
Module 07: Quality of Service (QoS) of VoIP











Introduction to QoS
Quality of Experience (QoE) Vs. QoS
QoE for VoIP
Why is QoS needed in IP Transmission?
Why is QoS needed for VoIP Networks?
Factors Affecting Quality of Voice in VoIP
QoS Monitoring
Registration,
Admission,
Status (RAS)
o
H.225/Q.931 RAS
o
Key RAS Messages
o
H.225 Protocol Structure
o
Passive Monitoring
o
H.225 Security Considerations
o
Active Monitoring
o
H.235: Security and Encryption for
H.323
QoS Protocols
o
RTP
o
H.245 Call Control Messages
o
RTCP
o
H.245 Call Control
o
RSVP
o
H.245 Security Mechanism
Multiprotocol Label Switching (MPLS)
Integrated Services (IntServ)
Differentiated Services (DiffServ)
www.itpro.net.vn


H.261 (Video Stream for Transport Using the
Real-Time Transport)
H.263 (Bitstream in the Real-Time Transport
Protocol)
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

















DVB (Digital Video Broadcasting)
H.450.1
H.450.2
H.450.3
H.450.4
H.450.5
H.450.6
H.450.7
H.450.8
T.38
T.120
T.121
T.122
T.124
T.125
T.126
T.127
Module 09: SIP and Supporting Protocols


Session Initiation Protocol (SIP)
o
Components of SIP
o
SIP Messages
o
Headers for SIP Entities
o
SIP Functions
o
SIP: Supported Protocols
o
Understanding SIP's Architecture
o
Registering with a SIP Registrar
o
Requests through Proxy Servers
o
Requests through Redirect Servers
o
Peer to Peer Architecture
o
Instant Messaging and SIMPLE
o
SIP security
o
H.323 Vs. SIP
Session Description Protocol (SDP)
o
SDP Specifications
o
Security Issues
www.itpro.net.vn













Real-Time Transport Protocol (RTP)
Real-Time Transport Control Protocol
(RTCP)
Real-Time Transport Streaming Protocol
(RTSP)
Simple Gateway Control Protocol (SGCP)
Session Announcement Protocol (SAP)
Skinny Client Control Protocol (SCCP)
Security Implications for Skinny
Dynamic Host Configuration Protocol
(DHCP)
Trivial File Transfer Protocol (TFTP)
Hyper Text Transfer Protocol (HTTP)
Skype Protocol
Inter-Asterisk Exchange (IAX)
Simple Network Management Protocol
(SNMP)
Module 10: Megaco Protocol














Media Gateway Control Protocol (MGCP)
History of Megaco (H.248)
Media Gateway Reference Architecture
MGCP Connections
Per-Call Requirements
Megaco Vs. MGCP
Megaco Protocol Design
Megaco Commands
Megaco Messaging Sequence
Megaco Packages
Megaco IP Phone Media Gateway
Role of Call Processing Language
Call Processing Language Characteristics
Protocol Security
Module 11: Resource Reservation Protocol










Resource Reservation Protocol (RSVP)
RSVP Setup
RSVP Message Structure
RSVP Message
RSVP Message Types
RSVP Object Fields
RSVP Object Classes
RSVP Operation
RSVP Data Payload
RSVP Quality of Service
Tel: (84-4) 37875728 – Fax: (84-4) 37875729





RSVP Session Start-up
RSVP Reservation Style
RSVP Tunneling
RSVP Traffic Control Module
Security Implications

Module 12: Wireless VoIP












Speech Encryption
o
Media Encryption
o
Wireless Encryption
IPSec and Role of IPSec in VoIP
o
Transport Mode
o
Tunnel Mode
Voice Over WLAN (VoWLAN)
o
VoWLAN Call Routing
o
Characteristics of VoWLAN
o
IETF Encryption Solutions for VoIP
o
Limitations of VoWLAN
o
Suites from the IETF
o
S/MIME: Message Authentication
o
Transport Layer Security (TLS)
o
TLS: Key Exchange and Signaling

Solutions to VoIPSec Issues
Wireless VoIP
o
Wireless VoIP Deployment
o
Advantages of Wireless VoIP
o
Limitations of Wireless VoIP
o
Standards and Protocols
Unlicensed Mobile Access (UMA)
Wireless VoIP Gateway: AH1038
Wireless VoIP Gateway: D-Link DVGG1402S
Wireless VoIP Gateway: Motorola HH1620
DSL
Wireless IP Phone
Wireless VoIP Phone: EZLoop
Wireless VoIP Phone: P-2000W_V2
Wireless VoIP Phone: Shenzhen WP10W-S
Challenges to Build Successful Wireless
VoIP Product
Attacks on Wireless VoIP
Packet Security
o
o
Why VoIP needs Encryption?
o
VoIP Encryption

o
How to Encrypt VoIP?
o
Pros & Cons of VoIP Encryption
o
Voice and Data Encryption Device
(V/DED)
www.itpro.net.vn
Real-Time
Transport
SRTP: Voice/ Video Packet Security
Module 14: Troubleshooting VoIP Network
o
Encryption
Secure
Protocol (SRTP)












Module 13: Encryption Techniques for VoIP

o





Issues of Network Slow Down
Troubleshooting Packet Loss
Troubleshooting Jitter
Troubleshooting Packetization Delay
Troubleshooting Bandwidth Problems
Troubleshooting Echo
Troubleshooting Voice Quality on Voice Ports
Troubleshooting Two-stage Dialing Failures
Troubleshooting Socket Failures
Troubleshooting Speech Recognition
Troubleshooting Cabling
Troubleshooting Private Branch Exchange
(PBX) Problems
Troubleshooting Central Office (CO)
Problems
Troubleshooting Trunk Signaling
Troubleshooting Gateways and Gatekeepers
Troubleshooting Dial Peers
Troubleshooting Serial Interfaces
Troubleshooting Frame Relay
Tel: (84-4) 37875728 – Fax: (84-4) 37875729








Troubleshooting FXS and FXO Voice Ports
Troubleshooting E&M Voice Ports
Troubleshooting Dial Plans
Basic VoIP Issues and Solutions
Troubleshooting RSVP
Troubleshooting MGCP
Troubleshooting RTP
Troubleshooting RTSP
Module 15: VoIP Testing and Tools








Test Strategy
VoIP Network Component Testing
Netcat
o
Smap
o
SIPScan
o
SIPcrack
o
VoIPaudit
o
iWAR
o
SiVUS
o
SCTPscan
o
Gateway Testing
o
Gatekeeper Testing
o
Sipsak
o
IVR Testing
o
SIPp
o
Billing and Prepaid Testing
o
SIPNess Messenger
o
NMS Testing
o
SIP Bomber
o
VoIP Test Suite
o
Spitter
o
Sip Send Fun
o
Scapy
MediaPro: VoIP and Video Analyzer
323Sim: H.323 Simulator
Vulnerability Assessment
Penetration and Vulnerability Testing
VoIP Security Tools
VoIP Sniffing Tools


VoIP Packet Creation and Flooding Tools
VoIP Fuzzing Tools
o
Ohrwurm
o
Auth Tool
o
Fuzzy Packet
o
VoIPong
o
SIP Forum Test Framework (SFTF)
o
Vomit
o
Asteroid
o
PSIPDump
o
SIP-Proxy
o
Netdude
o
Oreka
o
Wireshark
o
o

o
VoIP Signaling Manipulation Tools
o
RTP Tools
o
Tcpdump
o
Windump
o
Ethereal (Wireshark)
o
Softperfect Network Sniffer
o
Http Sniffer
Web Interface for SIP Trace (WIST)
RTP Break
VoIP Scanning and Enumeration Tools
o

SNScan
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729


o
Ether Detect Packet Sniffer
o
Iris Network Traffic Analyzer
o
SmartSniff
o
NetResident Tool






VoIP Troubleshooting Tools
o
P.862
o
P.563
o
RTCP-RFC3550
o
RTCP XR-RFC3611
o
Packet Statistics
o
Test Tools
o
Traceroute
o
VQmon









o
Other VoIP Tools
o




o
Denial of Service (DOS)
o
DoS Attack Scenarios
o
Eavesdropping
o
Packet Spoofing and Masquerading
o
Replay Attack
o
Call Redirection and Hijacking
o
ARP Spoofing
ARP
Spoofing
Environmental
Network Intrusion Detection Systems
Host-Based Intrusion Detection Systems
Guidelines for Securing VoIP Network
Best-Practice Approaches for Minimizing
common VoIP Network Risks
Attack





Logical Separation of Data
Converged Network
Virtual LANs (VLANs)
o
VLAN Security
o
VLANs and Softphones
QoS and Traffic Shaping
NAT and IP Addressing
o
How does NAT Work?
o
Service Interception
o
NAT: Modes of Operation
o
H.323-Specific Attacks
o
NAT and Encryption
o
SIP Security Vulnerabilities
Module 17: VoIP Security
Safeguard
Module 18: Logical Segregation of Network
Traffic
Scenarios
www.itpro.net.vn
Safeguard
Recommendations
VoIP is Prone to Numerous Threats
VoIP Vulnerabilities

Human
Recommendations
Module 16: Threats to VoIP Communication
Network


Why VoIP Security?
Constituents of VoIP Security
VoIP Myths and Realities
Securing VoIP with DoS Attacks
Securing against Replay Attack
Securing ARP Caches against ARP
Manipulation
Securing H.235 Protocol
Transport Layer Security (TLS)
Skype Protocol Security
IAX Protocol Security
Security Implications for TFTP
Security Implications for HTTP
Security Implications for DHCP
Security Policies and Processes
Physical Security

Authentication Header (AH)
o
AH: Transport and Tunnel Modes
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Encapsulation Security Payload (ESP)
o
o
ESP Header: Transport Mode and
Sarbanes-Oxley Act (SOX)

Tunnel Mode



Deep packet Inspection (DPI)
o
Shallow packet Inspection
o
Stateful Inspection
o
Medium-Depth Packet Inspection
o
H.323 Firewalls Issues
o
SIP Firewalls Issues
o
Bypassing Firewalls and NAT
o
Methods for Enabling SIP
Alcatel
Global Crossing
Avaya
Whaleback
Nortel
Norstar VoIP Gateway
Polycom
Packet8
Vonexus
Infotel
Net 4 India
Dialexia
NGT
Qwest
Pingtel
Cisco
3Com
Vocalocity
Motorola
Nokia
Regulatory Compliance
www.itpro.net.vn
SOX
Compliance
and
Enforcement
o
Gramm-Leach-Bliley Act (GLBA)

Privacy Rule -Protection of
Nonpublic
Personal
Information

Risk
Management
Guidelines for VoIP Systems

Development
and
Implementation
of
Information Security
Access Control Lists
Module 20: Regulatory Compliance of VoIP


VoIP-Aware Firewalls Issues
Module 19: Hardware and Software VoIP Vendors




















Internal Controls
Firewalls
o
Management Assessment of
o
Health
Insurance
Portability
and
Accountability Act (HIPAA)

Security Standards for the
Protection of PHI

Safeguards Standard for the
Protection of PHI

Types of Safeguards

Administrative
safeguards

Physical safeguards

Technical
safeguards
o
Communication Assistance for Law
Enforcement ACT (CALEA)

Assistance
Capability
Requirements

Cooperation of Equipment
Manufacturers and Providers
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
of
Telecommunications
o
Host/Device Discovery
o
ICMP Ping Sweeps
o
ARP Pings
o
TCP Ping Scans
o
SNMP Sweeps
o
Port Scanning and Service Discovery
o
TCP SYN Scan
European Union (EU) Regulatory
o
UDP Scan
Framework
o
Host/Device Identification
Support Services

Technical Requirements and
Standards

o
Steps to Resolve CALEA
Enhanced
911
and
Related
Regulations

o

E911 Regulatory Basics

EU Regulatory Basics
Module 21: VoIP Hacking



Types of VoIP Hacking
Stages of VoIP Hacking:
o
Foot printing
o
Scanning
o
Enumeration
What is Enumeration?
o
Steps to Perform Enumeration
o
Banner Grabbing with Netcat
o
SIP User/Extension Enumeration


Footprinting
Information Sources
o
Unearthing Information
o
Organizational
Structure
o
Help Desk
o
Job Listings
o
Phone Numbers and Extensions
o
VoIP Vendors
o
Resumes
o
WHOIS and DNS Analysis
o
Steps to Perform Footprinting
Scanning
Objectives of Scanning
www.itpro.net.vn
INVITE
Username
Enumeration
o
o
Username
Enumeration

OPTIONS
Username
Enumeration
and

Corporate Locations

REGISTER
Automated
OPTIONS
Scanning with sipsak

Automated
INVITE
REGISTER,
and
Scanning
with
OPTIONS
SIPSCAN
against SIP server

Automated
OPTIONS
Scanning Using SIPSCAN
against SIP Phones
o
Enumerating TFTP Servers
o
SNMP Enumeration
o
Enumerating VxWorks VoIP Devices
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Steps to Exploit the Network

erase_registrations Tool
o
DoS & DDoS Attacks
o
Flooding Attacks
o
DNS Cache Poisoning
o
Sniffing
TFTP

Registration
Addition
with
add_registrations Tool
Configuration
File
o
VoIP Phishing
Covering Tracks
Transfers
o
Registration Removal with
Performing Number Harvesting and
Call Pattern Tracking
o
Call Eavesdropping
o
Interception through VoIP Signaling
Manipulation
o
Man-In-The-Middle (MITM) Attack
o
Application-Level
Interception
Techniques

How
to
Insert
Rogue
Application?

SIP Rogue Application

Listening to/Recording Calls

Replacing/Mixing Audio

Dropping Calls with a Rogue
SIP Proxy

Randomly
Redirect
Calls
with a Rogue SIP Proxy

Additional Attacks with a
Rogue SIP Proxy
o
What is Fuzzing?

Why Fuzzing?

Commercial VoIP Fuzzing
tools
o
Signaling and Media Manipulation
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Kế hoạch nguồn lực doanh nghiệp
(Enterprise Resource Planning)
Khóa học giới thiệu những khái niệm chính của các hệ thống phần mềm đóng gói tích hợp được sử dụng
như nền tảng của hệ thống quản lý ở hầu hết các công ty lớn. Chức năng chính của phần mềm kế hoạch
nguồn lực doanh nghiệp (ẺRP) được xây dựng trên cơ sở “Kế hoạch Tài liệu Yêu cầu” và “Kế hoạch Xử lý
Nguồn lực”. Khóa học cũng sẽ lý giải những chức năng và tầm quan trọng của ERP. Thị trường cho hệ thống
ERP đã được ghi nhận và đang phát triển rộng rãi. Hệ thống SAP R/3 được sử dụng để giải thích cho những
chức năng của hệ thống ERP.
Khóa học được thiết kế dành cho mọi người ở tất các các vị trí, những người mới biết đến lĩnh vực Hệ
thống thông tin quản lý doanh nghiệp và cần phải hiểu tổng quan về nó. Khóa học sẽ giúp mọi người hiểu và
nắm rõ về ERP một cách nhanh chóng và có thể tham gia vào quá trình khởi tạo hệ thống ERP trong tổ chức
của họ.
Chứng chỉ
Học viên sẽ làm bài kiểm tra vào ngày cuối của khóa học và nhận chứng chỉ hoàn thành khóa học của
EC-council. Để đạt được chứng chỉ CEP quốc tế, học viên cần phải vượt qua kỳ thi trực tuyến đăng ký tại các
trung tâm khảo thí Prometric.










The evolution of software systems for
planning and control in manufacturing
companies
Material Requirements Planning
Manufacturing Resource Planning
Enterprise Resource Planning (ERP)
systems
Basic methods and common features of ERP
systems
The market for ERP systems
Selected functions of the SAP R/3 system
Supply Chain Management (SCM) systems
Basic methods and common features of SCM
systems
The market for SCM systems









www.itpro.net.vn
Selected procedures of the mySAP SCM
system APO
Customer Relationship Management (CRM)
systems
Basic methods and common features of
CRM systems
The market for CRM systems
Selected functions of the mySAP CRM
system
Information Warehouses
Architectures, interfaces, and integration
issues
Present state of ERP, SCM, and CRM
applications and possible developments in
the near future
Case studies
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Juniper Networks Authorized Education Center
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Linux Security
Bảo mật Linux
Mục tiêu chính của khóa học này là cung cấp đến người học với một sự hiểu biết về mạng, cụ thể là mạng
Linux và bảo mật. Bạn sẽ học được cách làm như thế nào để thiết lập một máy chủ Linux và làm thế nào để
cấu hình phân giải tên và quay số truy cập mạng sử dụng hệ thống window X. Bạn cũng sẽ được tiếp xúc với
các công nghệ chia sẻ tập tin Network File System (NFS), chia sẻ tập tin NetWare’s NCP và giao thức truyền
file File Transfer Protocol (FTP). Cuối cùng bạn sẽ được giới thiệu về bảo mật mạng, bao gồm các khái niệm
như tường lửa, mã hóa và phát hiện sự truy cập mạng. Để củng cố thêm các tài liệu, khóa học cung cấp một
loạt các phòng thí nghiệm và bài tập thực hành đặt bạn trong vai trò của người giải quyết vấn đề, yêu cầu bạn
cần phải áp dụng các khái niệm đã được trình bày trong các module vào các tình huống có thể xảy ra trong
thực tế cuộc sống môi trường làm việc.
Các kỹ sư quản trị mạng máy chủ, các kỹ sư về bảo mật, các kỹ sư về quản trị hệ thống, các nhà phát triển
ứng dụng và các nhân viên văn phòng làm về bảo mật Công nghệ thông tin.
Chứng chỉ
Học viên sẽ được làm bài kiểm tra chứng chỉ môn Linux Security vào ngày cuối của khóa học và nhận được
chứng chỉ hoàn thành khóa học của EC-Council. Để đạt được chứng chỉ Linux Security 212-77 quốc tế, học
viên cần phải vượt qua kỳ thi trực tuyến đăng ký tại các trung tâm khảo thí Prometric.
Module 1: Linux Networking Fundamentals





Explain the purposes and development of
computer networking
Identify common types of networking
hardware
Describe how networking software
operates
Understand when popular networking
protocols are used
Define network routing and describe the
purpose of popular routing protocols
www.itpro.net.vn
Module 2: Configuring Basic Linux Networking




Describe how networking devices differ from
other Linux devices
Configure Linux networking using scripts and
text-mode utilities
Configure Linux networking using popular
graphical utilities
Effectively use networking utilities to test a
network and troubleshoot networking
problems
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Understand the IPX and AppleTalk protocols
Module 3: Configuring Client Services





Configure DNS name solution
Configure dial-up network access using PPP
Understand client services such as DHCP
and LDAP
Use remote graphical applications and
remote dial-up authentication
Use common clients tools such as Linux
Web browsers and email clients
Module 4: Using Simple Network Services




Configure “Superservers” to handle multiple
network services
Set up administrative services like logging
and printing
Use simple network information services like
finger and talk
Understand basic mailing list and news
server configurations

Module 5: Configuring File Sharing Services




Configure an FTP server for anonymous or
regular users
Set up NFS file sharing between Linux and
UNIX systems
Understand NetWare NCP based file sharing
Use SMB to share files and printers with
Windows based Pcs
Module 6: Configuring Major Network Services




Expand the routing capabilities of your Linux
server
Set up your own DNS name server
Configure a basic email server
Understand how Linux can excel as a Web
server
Module 7: Security, Ethics and Privacy

List security risks typical in modern
networked computer systems
www.itpro.net.vn




Understand how to assess risk and create a
security policy
Describe the function of top securityawareness organizations
Outline the role of the government in security
and privacy
Locate Linux products designed especially
for security-conscious environments
Module 8: Making Data Secure




Explain commonly used cryptographic
systems
Understand digital certificates and certificate
authorities
Use the PGP and CPG data-encryption
utilities
Describe different ways in which
cryptography is applied to make computer
systems more secure.
Module 9: User Security




Follow good password security practices
Understand Linux Pluggable Authentication
Modules (PAM)
Use Common utilities to promote user
security
Set up user access to system administration
tasks with sudo
Module 10: File Security



Correctly set up special Linux file
permissions
Monitor log files to check for suspicious
system activity
Automate checks for file integrity and
unauthorized modifications
Module 11: Linux Networking Fundamentals



Summarize the types of network security
breaches that crackers attempt
Describe how to use special routing
techniques to protect local network traffic
Configure a basic Linux firewall
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Use networking utilities and techniques that
protect network traffic through encryption
Module 12: Network Intrusion Detection



Use network scanning and packet-sniffing
utilities
Understand basic intrusion detection
systems
Perform automated security audits of your
Linux system
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Quản trị dự án an ninh công nghệ thông tin
Project Management in IT Security (PMITS)
Giới thiệu
Dự án an ninh công nghệ thông tin là một dự án có tính đặc thù của dự án thương mại điện tử. Nội dung
chương trình chỉ ra cho chúng ta biết làm thế nào để quản lý các dự án an ninh công nghệ thông tin. Mục đích
là để nâng cao mức độ thành công cho các tổ chức cũng như các nhà quản lý CNTT trong các dự án CNTT.
Nó như là khuôn khổ hoạt động cho những người muốn thiết kế dự án an ninh CNTT riêng. Khóa học giúp cho
học viên củng cố thêm các kỹ năng về công nghệ thông tin kỹ năng quản lý dự án và cung cấp lộ trình cho
việc thực hiện an ninh thông tin trong các tổ chức của họ.
Khóa học quản trị dự án an ninh công nghệ thông tin (PMITS) còn có một mối liên quan là giúp cho học
viên tiếp tục để có được chứng chỉ thương mại điện tử chuyên nghiệp của hãng EC-Council, chứng chỉ này
cũng bổ xung kiến thức cho học viên trong lĩnh vực kinh doanh.
Khóa học PMITS chuẩn hóa các kiến thức cơ bản cho các nhà kinh doanh chuyên nghiệp bằng cách kết
hợp các bài thực hành tốt nhất được xây dựng bởi các chuyên gia giàu kinh nghiệm trong lĩnh vực chuyên
môn. Mục tiêu của EC-Council PMITS đó là nâng cao giá trị cho các chuyên gia giàu kinh nghiệm về lĩnh vực
an ninh thông tin bằng cách giúp họ phân tích các kết quả của dự án. Khóa học cũng cung cấp thông tin ngắn
gọn về nội dung của các kế hoạch an ninh công nghệ thông tin và những tiêu chuẩn pháp lý liên quan tới sự
hợp tác an ninh công nghệ thông tin.
Bước đầu tiên trong việc phát triển dự án an ninh công nghệ thông tin là xác định những vấn đề. Chúng ta
có thể dễ dàng đưa ra vấn đề đó là “ Mạng của chúng ta không an toàn hoặc là có những tài sản trong tổ chức
cần phải được bảo vệ tránh những cuộc tấn công có chủ ý và không có chủ ý “. Những lởi tuyên bố trên là
đúng trên cấp độ vĩ mô, điều đó có nghĩa rằng những lời tuyên bố chung này được áp dụng cho hầu hết các tổ
chức (và mạng máy tính) trên toàn thế giới. Tuy nhiên tình hình ở mỗi tổ chức là khác biệt và mỗi một tổ chức
lại có những điểm riêng biệt về lỗ hổng bảo mật mà cần phải xem xét. Áp dụng chung một cách giải quyết cho
mọi vấn đề về an ninh mạng là không phù hợp. Để giải quết vấn đề an ninh công nghệ thông tin một cách hiệu
quả cần xây dựng kế hoạch an ninh thông tin tổng thể trong đó đề cập từng lĩnh vực cụ thể cần đảm bảo an
ninh thông tin (ví dụ cơ sở hạ tầng, mạng không dây ). Chúng ta có thể chia nhỏ kế hoạch an ninh thông tin
thành các phân đoạn nhỏ hơn và tập trung vào từng phân đoạn. Như vậy cho phép quản lý từng khía cạnh của
công việc đảm bảo an ninh thông tin một cách tốt nhất. Một thách thức thường gặp là rất nhiều lĩnh vực chồng
chéo nhau (ví dụ truy cập vật lý dưới hoạt động bảo mật, cơ sở hạ tầng bảo mật, hoặc bảo mật chung ). Tạo ra
một kế hoach bảo mật công nghệ thông tin tổng thể và các kế hoạch cho từng cá nhân sẽ mang đến cho
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
chúng ta cơ hội để có cách nhìn tổng quan nhất về kế hoạch bảo mật công nghệ thông tin của mình và đảm
bảo rằng tất cả các yếu tố an ninh quan trọng đã được lưu ý.
Chương trình Quản trị dự án an ninh công nghệ thông tin của hãng EC-Council được bố trí học trên lớp
với tính tương tác cao trong 2 ngày cho các chuyên gia an ninh công nghệ thông tin. Nội dung bao gồm các
thành phần của dự án tổng thể an ninh thông tin, chi phí đầu tư, những cơ sở để dự án thành công, các mức
giới hạn của một dự án, chiến lược tổng thể an ninh công nghệ thông tin và ảnh hưởng của văn hóa cộng
đồng và các chinh sách về an ninh công nghệ thông tin. Học viên sẽ được học để nhận biết các vấn đề phát
sinh trong thời gian một lên kế hoạch an ninh thông tin và cách phòng trách và khắc phục.
Các cán bộ quản lý nhân sự có nhiệm vụ lập kế hoạch an ninh thông tin, các nhân viên quản trị mạng,
quản trị máy chủ, quản trị hệ thống và các chuyên gia đánh giá những rủi ro.
Chứng chỉ
Học viên sẽ làm bài kiểm tra vào ngày cuối của khóa học và được cấp chứng chỉ hoàn thành khóa học
của EC-Council. Để nhận được chứng chỉ PMITS quốc tế, học viên cần phải vượt qua kỳ thi trực tuyến tổ chức
tại các trung tâm khảo thí Prometric.
Nội dung khóa học PMITS
Module 01: Components of Project Management
in IT Security
o

Identify the Sponsor for the Security Project
o
Corporate Security Project Plan Components
Defining a Project
o
The Costs involved in Security

Introduction
o
Basis for Success of a Project

The Security Issue

Role of Network Security
 Integrity,
Availability
Confidentiality
and

The Outcome

Various Possible Security Project Solutions

The Optimal Solution

Limitations of Security Project


Scope of Project

Dead Lines

Quality

Economy
Develop the Proposal
www.itpro.net.vn

Well Defined Project Objectives

Minimized and Well Defined Scope

Smaller Schedules

Experienced Project Manager

Executive Support

User Involvement

Well Defined Project Management Process
o
Limitations of a Project
o
Corporate Strategy and IT Security
o Importance of the influence of Corporate Culture
and Policies on IT Security
Module 02: Organizing the IT Security Project
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Developing the IT Project Team
o
Introduction
o
Making of the IT Security Project Team

Training Objectives
o
The IT Security Project Stakeholders

Team-building
o
Requirement Specifications of the IT Security
Project
o
Objectives of the IT Security Project
o
Processes involved in the IT Security Project
o
Structuring the details of IT Security Project Work

The Acceptance Criteria
o
Project Tasks and Sub-tasks in the Project

Risk Management
o
Verifying Scope of the Project

Change Management
o
Tasks in Detail

Communication

Quality

Status Reports

Defect Tracking

Escalation Process

Documentation

Approval Procedures

Deployment

Operations

Training
o
Module 03: Developing the IT Security Project
Team
o
Introduction
o
List of the
Requirements
IT
Security

Roles and Responsibilities

Skill Set
Project
Team
Module 04: Planning the IT Security Project

Ownership

Resources

Priority

Schedule

Budget Allocated

Project Dependencies

Limitations

Experience

Tools

Budget Constraints

Change in the Organization

Government
Requirements
or
Regulatory
o
The Critical Path
o
Testing the Results
o
Defining the Budget, Schedule, Risks, and
Communications
Module 05: Managing the IT PM

Technical Skill Set
o
Start of the IT Security Project

Communication Ability
o

Training and Negotiation
Examine and Organize the IT Security Project
Progress

Ability to Negotiate and Understanding
of Technical Aspects

Reporting

Legality, Regulations and Cost Factors
o
Identifying the
Constraints
o
Hiring the Staff
www.itpro.net.vn
Staffing
Requirements
and

Authentication

Issue Report and Rectification

Documentation
o
Manage the IT Security Project Risk
o
Change Management in the IT Security Project

Potential Customers
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Staff

Law concerning Unauthorized Access

Environmental

Myths and Facts
o Test the IT Security Project Results
Module 06: Building Quality into IT Security
Projects
o
Introduction
o
Quality in the IT Security Project
o

User Requirements

Functional Specifications

Technical Requirements

Acceptance Criteria

Quality Metrics

Operational Standards of the IT Project

Monitoring IT Security Project Quality

Private Entity

Penetration Test

Legal Liability and Related Tools

Legal Assessment and Implementation in
Corporate Scenario

Define
Rights
and
Protection
and
involvement
of
Certified
third-party
individuals

Standards and Insurance
o
Overview of the Corporate IT Security Project
Plan
o
Security Auditing

Reasons for Security Breaches
o Factors of the Corporate IT Security Project

Test the IT Security Project Quality
Goals of the IT Security Project


Module 07: Closing Out the IT PM
o
Introduction
o
Evaluate the Project on Completion
Close all Open Issues, Change Requests, and
Error Reports
o
Prepare for Implementation, Deployment, and
Operational Transfer
o
Review the Lessons Learned
o
Documentation and Compliance Reports
Module 08: Define a Corporate IT Project Plan
Define a Security Strategy for the IT Project
o
Legal Standards
Gramm-Leach-Bliley Act

Health
Insurance
Portability
and
Accountability Act 195 Sarbanes-Oxley Act

Federal
Information
Management Act
and
Work
Breakdown
Structure

Risks associated with the Project
o
Project Constraints
o
Project Assumptions
o
Project Schedule and Budget
o
Closing Out the Project
o
IT Infrastructure Security Project Plan
Infrastructure Security Assessment

Information

People and Process
 Policies
 Compliance with Processes

Technology

Establishing Baselines

FERPA and the TEACH Act

Recognizing External Threats

Electronic Communications Privacy Act and
Computer Fraud and Abuse Act

Network Security Checklist
www.itpro.net.vn
and
Examples


Security
Skills related to Operating System,
Networking, Application Security, Security
Tools, and Programming
o Project
o
o
Scope, Timing, Budget and Quality
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Project Parameters

Project Team

Project Organization

Types of Wireless Devices

Project Work Breakdown Structure

Wireless Threats

Risks Mitigation Strategies

Risk Assessment

Project Constraints and Assumptions

Impact Analysis


Overview of Infrastructure Security Project
o


Module 09: General IT Security Plan
o
Wireless Security Project Plan
Wireless Security Auditing
Project Parameters

Requirements

Scope, Schedule, Budget, Skill Sets
and Procedures

Project Team
IT Security Assessment and Audit


Perimeters


The Internal Network

Project Risks and Mitigation Strategies

Information


Risk Assessments


Wireless Security Project Outline


Vulnerability Scanning and Penetration
Testing

Risk Assessment
Impact Analysis
Module 10: IT Operational Security Plan
o
Operational Security Assessment
o
Authentication
o
Access Control

Incident Response
o
Auditing

The Response Team

Review the Policy

Policies

Review the Procedures

Disaster Recovery

Review the Operations

Regulatory Issues

Requisites of Legal Reporting
o
Attacks
o
Assessment and Audit Report

Entries in the Finding Report

Planning of the Project
Health
Insurance
Accountability Act
Portability

Gramm-Leach-Bliley Act

Sarbanes-Oxley Act

Issue, Solution, Scope, Cost, Time, Quality,
Functional Specifications and Skill Set

Requirements
o
Project Team

Scope, Schedule, Budget, Skill Sets and
Procedures
o
o
o
Project Risks and Mitigation Strategies
General IT Security Project Plan

Project WBS, Constraints, Schedule and
Budget
www.itpro.net.vn
and
o Project Parameters
o General IT Security Project Parameters
o


Incident Response
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Policy Management

Disaster Planning

Regulatory/Compliance
o
o
o
Overview of the Operational Security Project
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Storage Area Networks
Mạng lưu trữ dữ liệu
Mạng lưu trữ dữ liệu (SAN) của EC-Council là khóa học nội dung bao gồm những kiến thức cơ bản về công
nghệ mạng lưu trữ dữ liệu. Khóa học cung cấp cho học viên kiến thức sâu về sự hội tụ của kiến trúc kênh sợi
quang, công nghệ chuyển mạch quang, quản trị các thiết bị phần phần cứng SAN, và khả năng truyền tải được
xa hơn nhờ sử dụng phương pháp quản lý AP
Những kỹ sư quản trị hệ thống, quản trị dự án, những người chụi trách nhiệm phát triển và thiết kế hệ thống.
Chứng chỉ
Học viên sẽ c làm bài kiểm tra vào ngày cuối của khóa học và được cấp chứng chỉ hoàn thành khóa học. Để
đạt được chứng chỉ quốc tế, học viên cần phải vượt qua kỳ thi trực tuyến (mã môn thi 212-93) tổ chức tại các
trung tâm khảo thí Prometric.

Module 1 – Basics Concepts of Storage Area
Networking






Define the concept of a storage area network
Discuss the reasons for the growing need for
storage space
Discuss the history of storage area network
development
Understand the difference between network
attached storage and storage area networks
Identify and explain the benefits of using
storage area networks in enterprise-level
networks
Discuss evolving SAN technologies






Module 2 – Understanding Fibre Channel

www.itpro.net.vn
Understand the basic operations of the Fibre
Channel transport protocol used by most
storage area networks
Describe the Fibre Channel layered
architecture
Understand the Physical Interface layer of
the Fibre Channel model
Understand the use of ordered sets and byte
encoding in Fibre Channel communications
Identify and describe the Link Services used
at the third layer of the Fibre Channel model
Identify and describe the Basic Services
used at the fourth layer of the Fibre Channel
model
Understand the upper-level protocols used in
the fifth layer of the Fibre Channel model
Describe the basic topologies used in Fibre
Channel networks
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Discuss the role that initiators, target devices,
and connectivity devices play in Fibre
Channel networks
Module 3 – Arbitrated Loop Technology








Recognize the difference between Token
Ring networks and Arbitrated Loop networks
Describe the purpose of identifiers and
addresses used for ports attached to an
Arbitrated Loop
Understand how hubs can be used to
centralize loop wiring
Understand and describe the steps involved
with loop initialization
Describe the port login procedure and why it
is necessary in an Arbitrated Loop
Describe the process used by a member of
the Arbitrated Loop to gain access to the
shared media
Understand how a system of priorities is
used to pass data in Arbitrated Loops
Describe the effects of adding a switch to a
network

Describe the attributes of the Bluefin SAN
Management Specification
Module 6 – Connecting SANs Over Long
Distances




Understand how to use separate SANs for
disaster recovery
Describe the basics of Asynchronous
Transfer Mode (ATM) and frame relay
Understand multiplexing technologies, such
as TDM, WDM, and DWDM
Discuss emerging SAN technologies, such
as iSCSI, FCIP, and InfiniBand
Module 4 – Fabric Switching






Describe the evolution of Ethernet networks
and SANs
Understand and discuss the reasons for
implementing a fabric switched network
Understand the method fabric switch ports
use for addressing frames
Describe the login process for fabric switches
Understand how a name server database
simplifies routing in a fabric switched network
Identify some of the services that can be
incorporated into a switch to enhance
network functionality
Module 5 - Complex SAN Topologies


Understand and describe varied and
complex SAN topologies
Discuss the SAN management software
applications that can be used to help
manage SAN hardware
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729
Wireless Network Architect
Kiến trúc mạng không dây
Trong môi trường mạng cục bộ, hiện nay các tổ chức và doanh nghiệp thường sử dụng cáp đồng trục
và cáp quang để kết nối mạng. Việc sử dụng giải pháp mạng LAN không dây cho phép các tổ chức mở rộng
những mạng LAN cục bộ sẵn có để phục vụ người sử dụng di động. Khóa học cung cấp cho học viên những
hiểu biết về hai chuẩn quốc tế của mạng không dây: chuẩn IEEE 802.11 (còn được gọi là Wifi) và chuẩn
Bluetooth. Những kiến thức khóa học cho phép các tổ chức triển khai giải pháp không dây với hiệu suất cao
nhất và không có rủi ro.
Những nhà quản trị mạng, quản trị máy chủ, kỹ sư bảo mật, kỹ sư hệ thống, kỹ sư phát triển ứng dụng
và các văn phòng có chức năng an ninh công nghệ thông tin
Nội dung khóa học v2
Introduction to Wireless Communications

Explain how the major wireless
technologies are used today

Describe the applications used in
wireless technology

List and explain the advantages of
wireless technology

List and explain the disadvantages of
wireless technology

Describe how different factors affect the
design of a radio system

Tell why standards are beneficial and list
the major telecommunications standards
organizations

Explain the radio frequency spectrum
Infrared

Explain the differences between the OSI
communications model and the IEEE 802
communications
standards
How Wireless Works

Explain how network data is represented
using binary notation

Tell how an infrared WLAN transmits
data

List and explain the two types of wireless
transmission

Describe the features of IrDA

Describe the different ways in which data
can be transmitted by radio waves
Understanding Radio Frequency
Communications

List the components of a radio system
www.itpro.net.vn
Bluetooth

Explain how Bluetooth is used

Tell how Bluetooth works

Describe several issues that Bluetooth
faces
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

Give examples of how WLANs are used
today
List the advantages of wireless
communications

List the components and modes of a
WLAN
Discuss the challenges of wireless
communications

Explain the steps needed to build a
wireless infrastructure
Low-Speed Wireless Local Area Networks



Tell the advantages and disadvantages
of HomeRF

Explain the background of IEEE 802.11
WLANs

Describe how an 802.11b network
functions
High-Speed WLANs and WLAN Security

Tell how IEEE 802.11a networks function
and how they differ from IEEE 802.11b
networks

List the advantages and disadvantages
of an IEEE 802.11g network

Describe HiperLAN/2 networks

Compare low-speed and high-speed
WLANs

Explain basic and enhanced WLAN
security facilities
Digital Cellular Telephony

Describe the applications that can be
used on a digital cellular telephone

Explain how cellular telephony functions

List and describe the features of the
generations of cellular telephony

List and describe the four types of client
software used on a digital cellular
telephone

Discuss the issues surrounding 3G
implementation
Fixed Wireless

Define fixed wireless

Explain the features of a remote wireless
bridge

List and describe three types of landbased fixed broadband wireless devices

Tell how satellite transmissions work
Wireless Communications in Business
www.itpro.net.vn
Tel: (84-4) 37875728 – Fax: (84-4) 37875729

EC-Council Course Catalogs

Transcription

Similar documents

Newsletter - 5th May 2016.pub

attached file - Lifestyle Vietnam

Providing Quality Locksmith Supplies Since 1974

Lâm Thị Diễm Khoa Điện tử - Viễn thông Trường Đại Học Khoa Học

Charity Name

parent handbook - San Jose Unified School District

November 2011