Escolar Documentos
Profissional Documentos
Cultura Documentos
INFORMATION SECURITY
& ETHICAL HACKING
securing the digital age
Introduction to Information Security & DESKTOP & SERVER SECURITY LAN Security
Ethical Hacking Setting up a LAN Network
Windows Security. Threats of LAN
INTRODUCTION Registries. Hacking MAC Address
Ports and Services.
Introduction to Data, Information, Network Scanners
Vulnerabilities in Windows.
Knowledge, and Intelligence. Hacking into Windows. Introduction to Wi-Fi LAN
Security, and its need Counter Measure & Securing Windows. Security
Operating System Basics. How to look for vulnerability?
DBMS Basics Deleted file recovery. Firewall Security
Data Communication Basics. Introduction to LINUX. Introduction to Firewalls
Basics of “Computer networking”
OSI model. Working of a Firewall
MALWARES,LAN SECURITY,FIREWALL
TCP/IP protocol suit. Types of Firewall
SECURITY
Networking devices. Firewall Application
Malwares
Cyber Threats. Network Address
VIRUS & Worm.
An approach for ethical hacking. Translation
Spy ware.
Types of Hackers. Intrusion Detection
Trojan
Hackers Vs Crackers. Logging
Bots.
Anatomy of a Hacker Port Filtering
Logic Bombs
Challenges for a hacker
Counter Measures
Don't Get Caught
O Ant viruses
Case Studies of Cyber Crime.
O Anti Spy Ware
www.appinonline.com
INTERNET SECURITY ART OF GOOGLING AND DATA BACKUP
www.appinonline.com
SECURITY AUDTING AND CYBER LAWS
Audit Objectives
Risk Analysis
Auditing Steps
Previous Check
Planning & Organization
Network Control - Policies
Network Ctrl - Hardware / Software
Network Data Standards and Data Access
Hardware and Software Backup and Recovery
Software Communications
Access to Network Operating Systems Software and
Facilities
Data Encryption and Filtering
Internet Applications
Password Protection
Security Trends
Latest Security trends
MOBILE SECURITY
What is Mobile?
Architecture of Mobile communication.
Technology of Mobile Communication.
Mobile Phone Standrads.
GSM.
O Advantages & Disadvantages of GSM.
CDMA.
O Advantages & Disadvantages of CDMA.
Mobile Generation.
Protocols used in Mobile.
SIM.
What is SIM?
How SIM works.
Services of SIM.
O SMS.
O MMS.
O WAP.
O GPRS.
Problems in Mobile Communication
www.appinonline.com
appin NETWORK
®
SECURITY
securing the digital age
NETWORK SECURITY
VOIP VIRTUAL PRIVATE NETWORK SECURITY
Voice over IP (VoIP).
Definition & Trends. Introduction1
Services. Application & Requirements of VPN.
Types of VoIP. Tunneling Mechanism
Components of VoIP. VPN Tunneling.
IP Telephony &IP Paging. Tunneling Protocols.
VPN Types.
What IP Telephony brings for IP Paging?
Virtual Leased Line.
VoIP Technology available for Paging &
Virtual Private Routed Networks.
Intercom. Virtual Private Dial Networks.
O Different types of VoIP. Virtual Private LAN Segments.
VoIP Clients. Open VPN.
Protocols & Acronyms. Models of VPN.
Reasons for VoIP. IPSec VPN
Skype.37-40 VPN Step by Step Security Framework
VoIP Security Scenario. VPN Security Issues
VPN Simplified
How do we secure VoIP?
VPN Tools and related threats
Secure The Devices. Other VPN Threats
N/W Segregation. Countermeasures
Encrypt The Traffic. VPN related topics: WLAN
Intrusion Detection.
Summary of VoIP Security.
www.appinonline.com
WIRELESS LAN Services Provided by Router
Introduction of Wireless LAN Different types of NAT
Basics of Wireless LAN. Full Cone NAT, Restricted cone NAT
Components of Wireless LAN. Port Restricted cone NAT
Types of Wireless LAN. Symmetric NAT
Setting of Wireless LAN. NAPT Services
Detection of Wireless LAN. ADSL Details
How to access Wireless LAN? Trouble Shooting
Advantages & Disadvantages of Wireless LAN. Routing Table Problems
Antennas. Various types of Attacks
SSID Securing the Routers
Access Point Positioning.
Rogue Access Point. IDS & IPS
Tools. Introduction
Detection. What is an Intrusion?
Wired Equivalent Privacy. Intrusion Detection
Tools. Intrusion Detection System(IDS)
Related Technology. Need of an IDS
Detection of MAC Spoofing. Components of an Intrusion Detection System
DOS Attack Types of Intrusion Detection Systems
Man in the Middle Attack. (MITM) Network Based Intrusion Detection Systems
Scanning Tools. Host Based Intrusion Detection Systems
Sniffing Tools. Host Based Intrusion Detection Systems
Multiuse Tool. What is not an IDS?
WinPcap Tool. Detection Methodologies
Auditing Tools. Signature-based Detection
Wireless Intrusion Detection System. Limitations of Signature-based Detection
Securing Wireless Network. Anomaly-based Detection
Limitation of Anomaly-based Detection System
ROUTER SECURITY Stateful protocol analysis based
What is Router? Factors Determining the Effectiveness of an IDS
Static and Dynamic Routers Various Tools Available
Work to Router Conclusion
Keeping the Messages Moving Introduction to IPS
Directing Traffic What is an Intrusion Prevention System?
Transmitting Packets Need for having an IPS
Knowing Where to Send Data Types of IPS
MAC Addresses Host Based Intrusion Prevention system
Understanding the Protocols Limitation of Host Based Intrusion Prevention system
Tracing a Message Network Based IPS
Denial of Service Attacks Counter Measures taken by an IPS
Configuration of Router Session Sniping
Essential Configuration of a Router Packet Filtering & Packet Scrubbing
Protocols on a Router IP Blocking & Deception
RFC1483, Architecture Risks Involved
Handshake Protocols Conclusion
www.appinonline.com
ACCESS CONTROL SYSTEM VULNERABILITY ASSESSMENT AND PENETRATION TESTING
Introduction: What is Access Control Vulnerability Assessment
Access Control in Physical Security Vulnerabilities
Access Control in Information Security Scope of Vulnerability Assessment
Need of an Access Control System Tools used for Vulnerability Tests
Some Concepts Related to Access Control Types of Vulnerability Assessment
The Essential Services provided by Access Control Systems Network Based Vulnerability Assessment
Access Control Polices Host Based Vulnerability Assessment
Discretionary Access Control(DAC) Application Level Vulnerability Assessment
Limitations of Discretionary Access Control Vulnerability Assessment Vs Risk Assessment
Non-Discretionary Access Control Penetration Testing
Mandatory Access Control(MAC) Scope of Penetration Testing
Role-based Access Control Information Gathering
Temporal Constraints Footprinting/Fingerprinting
Workflow Network Surveying
Architecture of a Work Flow Management System(WFMS) Port Scanning and Services Identification
Architecture of a WFMS Evading Firewall Rules
Chinese Wall Automated Vulnerability Scanning
Access Contril in Telecommunication Exploiting Services for Know Vulnerabilities
Access Policy Password cracking or Brute Forcing
Who defines the Access Policy? Denial of Service(DoS) Testing
Access Policy Escalation of Privileges
Classification of Access Policies Tools Used
Introduction to Backdoors
E-MAIL SECURITY Define: Backdoor
Introduction How does a Backdoor works?
History of E-mail Protocols used by Backdoor
How E-mail Works? Files used by Backdoor
Modern E-mail Networks Developing a Rootkit
Various Mail Servers How Listening and Handshaking take place?
E-mail Protocols Counter Measures
How to steal Data from an E-mail How to avoid a Trojan Infection?
Social Engineering Introduction: Buffer Overflow
Security Vulnerability Stack-Based Overflows
Keyloggers Example Source Code
E-mail Exchange Server Security Introduction: Buffer Overflow
Relay Restrictions Exploitation
Virus Protection
RPC over HTTP Advanced level registry and code security
Protecting front-end Servers
Keep Exchange Server up-to-date
www.appinonline.com
appin
securing the digital age
®
LA ISO 27001
(ISMS)
INTRODUCTION TO INFORMATION
SECURITY AUDITING
MANAGING SECURITY AWARENESS
ISO 27001
Information security management system Return On Investment
What is Information Security
ISMS Return On Investment
History of ISO 27001
ISMS implementation Where to invest first
Standards and International Organization for
Management security Security Policies
Standardization
Managing Security Awareness Training and Awareness
BS7799 / ISO 1799
Need for Security Management System Administration
ISO 27001
Impact of a sound Security Management Establish Effective Security Configurations
Domain of BS 7799-1
System Maintain Software
Improvement in ISO 27001 over BS 7799
Security awareness usually fails, WHY? Detect Security Breaches
Control objective and controls in iso 27001
ISO 27001 certification Respond intelligently to incidents
Selection and Implementation of Controls
ISO 27001 certification Security Evaluations
Developing and Adopting Policies
Role of auditiors
Mandatory requirments
Marketing ISO 27001 to Senior Management
Information security management system
Preparing for Certification
Management responsibility
Compliance accreditation and certification
Management Review of the ISMS
ISMS Improvement
The 6-step process for Certification www.appinonline.com
SECURITY MANAGEMENT PRACTICES AND FRAMEWORK
www.appinonline.com
appin ®
=Where and when do you use Cyber =Understanding where the evidence
Forensics might be: Stand-Alone PCs, Networks
and File-server, backup, Electronic
Cyber Laws Bulletin Boards, and Electronic Mail
=What is cyber laws =Searching for Information
www.appinonline.com
Concept of File Systems and Hard Steganography
Disks =Definition
www.appinonline.com
Network Attacks Investigation Trademark and Copyright
=Network Addressing Schemes Infringement Issue
=Sniffer =Characteristics of Trademarks
=Tool: Tcpdump =Copyright
=Network Sniffer =Copyright Infringement:
=HTTP Sniffer =Patent
=EtherDetect Packet Sniffer
=Ethereal
=IDS/IPS Log
Report Generation
= Importance of Reports
=Honey Pot Log
=Report Requirements
Honey Net Log
=Forensic Report
=Things to remember
Digital Storage Devices =Case Studies and references
=Magnetic Tape
=Floppy Disk
=Compact Disk
=CD-ROM
=DVD
=DVD-R, DVD+R, and DVD+R(W)
=DVD-RW, DVD+RW
=HD-DVD (High Definition DVD)
=HD-DVD
=CD Vs DVD Vs Blu-Ray
=HD-DVD vs. Blu-Ray
=iPod
=Flash Memory Cards
=Secure Digital (SD) Memory Card
=Compact Flash (CF) Memory Card
=Memory Stick (MS) Memory Card
=Multi Media Memory Card (MMC)
=xD-Picture Card (xD)
=Smart Media Memory (SM) Card
=USB Flash Drives
=USB Flash in a Pen
www.appinonline.com
appin ®
SECURED
PROGRAMMING
Overview of Threats and Risks Secure Programming Issues and Techniques
O Physical threats O Implementing authentication
O Electronic threats Username/password
O The Threat Equation Biometrics
O Handling risks in software Digital Certificates
Commonly used systems such as X.509
Types of Attacks and Attackers Certificate Authentication, Kerberos,
Microsoft Passport, etc.
Secure Programming Concepts and O Authorization
Principles Using Access Control Lists (ACLs)
O Designing for security O Implementing encryption
O Threat modeling O Using auditing in applications
How to decompose a system O Denial of service attacks and techniques
How to develop and use Threat for increasing availability
Trees
O How much effort should be spent on
protecting information? Common Methods of Attack and How to
O Why deploying redundant security Prevent Them
measures is appropriate (practicing O Buffer overflows
"defense in depth") Protecting against buffer overflows
O Planning for if/when code fails it Avoiding dangerous calls
does so in a secure manner O Malicious input
O Executing code with the minimum Input issues and trust boundaries
rights needed to function properly Treating all input as
(the principle of "least privilege") malicious and always validating it
O Does security though hiding O Race conditions
implementation details work Avoiding deadlocks
("security through obscurity")? Avoiding TOCTOU (Time of Change/
O Remaining alert and staying aware
Time of Use) race conditions
Remedies
Stride Model O Spoofing
O Spoofing Identity
Spoofing types and defenses
O Tempering With Data
O Repudiation Secure Programming Do's and Don'ts
O Information Disclosure
O Denial of Service
O Escalation of Privileges
www.appinonline.com
appin ®
Security Testing
Guidelines for “Dot net” secured programming
O Fundamental differences from
O Introduction
functional testing
O General Types of attacks can be possible
O The most common security flaws
O Architectural Principle
O Using code coverage as a metric
O Design Ideas
O Using threat coverage as a metric
O Language Specific Tips
O How to assess the vulnerability of your
system
O How to assess the vulnerability of your
Guidelines for “Database” secured programming
O Introduction
own code
O General Types of attacks can be possible
O How to assess the vulnerability of
commercial products such as databases, O Architectural Principle
communication packages, server O Design Ideas
software, operating systems O Language Specific Tips
Guidelines for “C” secured programming Source Level Security Auditing Tools
O Introduction
O General Types of attacks can be possible
O Architectural Principle
O Design Ideas
O Language Specific Tips
www.appinonline.com
appin ®
Cryptography
Course Details
www.appinonline.com
Cryptography
1. Introduction
Essentials of Crypto
=Internet Technology
Cryptographic Techniques
Legal Restrictions
Encryption Building Blocks
=Stream Ciphers
=Block Ciphers 3. Link Encryption
How Crypto Systems Fail Security Objectives
=Cryptanalysis and Modern Codes Product Example: In-line Encryptor
=Brute Force Cracking of Secret Keys Red/Black Separation
=Attacks on Improper Crypto Use Crypto Algorithm and Keying
Choosing Between Strong and Weak Crypto Encryptor Vulnerabilities
=Properties of Good Crypto Algorithms Product Security Requirements
=Crypto Algorithms to Consider Key Recovery and Escrowed Encryption
=Selecting a Block Cipher Mode
=Identifying a Safe Key Length 4 .Management of Secret Keys
=Levels of Risk for Different Applications
Basic Issues in Secret Key Management
IPSEC Authentication
IPSEC Encryption
www.appinonline.com
6. Virtual Private Networks
Security Objectives
10. Secured Electronic Mail
Basic Issues with VPNs
E-Mail Security
Technology: IPSEC Proxy Cryptography
Basics of Internet Electronic Mail
=ESP Tunnel Mode
=Internet E-Mail Software Architecture
=ESP Transport Mode
=E-Mail Security Problems
=Password Protection
www.appinonline.com