Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
EC-Council | Network Security Administrator (<strong>312</strong>-<strong>38</strong>) <strong>Exam</strong><br />
<strong>ENSA</strong> (<strong>312</strong>-<strong>38</strong>) <strong>Exam</strong><br />
Credit Towards Certification<br />
• EC-Council Network Security Administrator<br />
<strong>Exam</strong> Details<br />
• Number of Questions: 50<br />
• Passing Score: 70%<br />
• Test Duration: 2 Hours<br />
• Test Format: Multiple Choice<br />
• Test Delivery: Prometric Prime Online Web site<br />
<strong>Exam</strong> Code<br />
The exam code varies when taken at different testing centers.<br />
• Prometric Prime: <strong>312</strong>-<strong>38</strong><br />
• VUE: <strong>312</strong>-<strong>38</strong><br />
Skills Measured<br />
The exam <strong>312</strong>-<strong>38</strong> tests <strong>ENSA</strong> candidates on the following 30 domains.<br />
1. Fundamentals of Networks<br />
2. Network Protocols<br />
3. Protocol Analysis<br />
4. Hardening Physical Security<br />
5. Network Security<br />
6. Security Standards Organizations<br />
7. Security Standards<br />
8. Security Policy<br />
9. IEEE Standards<br />
10. Network Security Threats<br />
11. Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)<br />
12. Firewalls<br />
13. Packet Filtering and Proxy Servers<br />
14. Bastion Host and Honeypots<br />
15. Securing Modems<br />
16. Troubleshooting Network<br />
17. Hardening Routers<br />
18. Hardening Operating Systems<br />
19. Patch Management<br />
20. Log Analysis<br />
21. Application Security<br />
22. Web Security
23. E-Mail Security<br />
24. Authentication: Encryption, Cryptography and Digital Signatures<br />
25. Virtual Private Networks<br />
26. Wireless Network Security<br />
27. Creating Fault Tolerance<br />
28. Incidence Response<br />
29. Disaster Recovery and Planning<br />
30. Network Vulnerability Assessment<br />
Test Objectives<br />
Module 01: Fundamentals of Computer Network<br />
• Defines the nodes, the network backbone, segments, and subnets<br />
• Describes the logical elements of network, IP addresses, IP address space, and<br />
Assignment of IP address<br />
• Explains how to create a Domain Name Space (DNS), creating a new domain name, and<br />
components of DNS<br />
• Explains the working and functional categories of gateways<br />
• Discusses on the various types of media to connect the networks, wired media or<br />
bounded network media, twisted pair cable, and wireless transmission<br />
• Describes the media access methods such as the multiplexed media access, polling, and<br />
token-based media access<br />
• Explains the OSI and TCP/IP reference models and their corresponding layers<br />
• Describes on the methods of data transmission simplex, half duplex, and full duplex<br />
• Discusses on classifying the networks such as client server networking, peer to peer<br />
networking, and mixed mode networking<br />
• Explains the physical arrangement of the Network, the topologies such as bus, star or hub,<br />
ring, mesh, tree, and hybrid topology<br />
• Details the Physical Network Classification including the LAN, WAN, MAN, PAN,<br />
CAN, and GAN<br />
• Explains on the functions of network equipments such as network interface cards, access<br />
points, switches, concentrators/hub, modem, router, brouter, bridges, adapters, network<br />
load balancers, repeaters, gateways, transceivers, converters, and terminals<br />
Module 02: Network Protocols<br />
• Defines the functions and introduces the network protocols<br />
• Explains the TCP/IP and configuring of the TCP/IP, network classes, and telnet<br />
• Describes the application layer protocols such as BOOTP, DCAP, DHCP, DNS, FTP,<br />
TFTP, NTP, NNTP, SNMP, IRCP, SLP, HTTP, and HTTPs in detail<br />
• Explains the light weight presentation layer protocol<br />
• Describes the remote procedure call protocol of session layer<br />
• Describes the reliable data protocol, transmission control protocol and the user data<br />
protocol
• Explains the routing protocols such as BGP, EGP, IP, ICMP, IGMP, IRDP, Mobile IP,<br />
NHRP, OSPF and Multicasting Protocols such as BGMP and DVMP of Network layer<br />
Protocol<br />
• Explains the data Link layer protocols such as ARP, RARP, and NARP<br />
Module 03: Protocol Analysis<br />
• Describes the protocol suite in TCP/IP, layers of TCP/IP, sliding windowing, and<br />
acknowledgement<br />
• Defines the header format of TCP and different options in the header<br />
• Explains the interfaces used in TCP/IP, user/ TCP interface commands, and TCP/lower<br />
level interface commands<br />
• Describes the algorithms in TCP, Checksum calculation, performance estimation and<br />
problems related to TCP, overview of IP, and the header format of IP<br />
• Provides the introduction to IP datagram and different techniques associated with IP<br />
datagram, parameter problem in IP<br />
• Discusses the IPv6 including the header format, tunneling, and multicast mechanisms<br />
Module 04: Hardening Physical Security<br />
• Discusses the need for physical security, statistics, physical security breach incidents, and<br />
who is accountable for physical security<br />
• Defines the factors affecting physical security, and types of attackers<br />
• Describes the physical security threats, and methods to detect physical hazards<br />
• Provides an overview of how to implement premises security, using smart cards, and<br />
proximity cards<br />
• Explains the process of biometrics, accuracy of biometrics, and applications of biometrics<br />
• Discusses about implementing workplace security and desktop security<br />
• Explains about securing network devices, server security, securing backup devices, CCT<br />
(Closed Circuit Television)/Cameras, and EPS (Electronic Physical Security)<br />
• Discusses about the challenges in ensuring physical security, countermeasures, and<br />
mantrap<br />
• Defines a physical security checklist<br />
Module 05: Network Security<br />
• Provides an overview of network security<br />
• Discusses the need for network security<br />
• Explains the goals of network security<br />
• Describes the need for security awareness<br />
• Discusses the functions of network security administrator<br />
Module 06: Security Standard Organizations<br />
• Provides an overview of the Internet Corporation for Assigned Names and Numbers<br />
(ICANN), and role of ICANN, working of ICANN
• Provides an overview of the International Organization for Standardization (ISO), how<br />
ISO standards benefits the society, and ISO applications<br />
• Defines the structure of International Telecommunication Union (ITU)<br />
• Defines the structure of American National Standards Institute (ANSI)<br />
• Defines the structure of Institute of Electronics and Electrical Engineers (IEEE)<br />
• Provides an overview of the Electronic Industries Association (EIA)<br />
• Defines the structure of National Institute for Standards and Technology (NIST), and<br />
overview of Services<br />
• Explains the structure of World Wide Web Consortium (W3C), and activities<br />
• Provides an overview of the Web Application Security Consortium (WASC), and board<br />
of directors responsibilities<br />
Module 07: Introduction to Internet Standards<br />
• Discusses the introduction of Internet standards, standards creation committee, and<br />
Internet standards<br />
• Explains the RFC evolution, RFC submission process and obtaining RFC<br />
• Describes the cabling standards, EIA/TIA -568, and UTP categories<br />
Module 08: Security Policy<br />
• Provides an overview of the security policy, benefits, concept, and key elements of<br />
security policy<br />
• Discusses about security awareness program through meetings and trainings<br />
• Explains the purpose and goals of security policy, classification systems, and security<br />
policy framework<br />
• Discusses about the vital role of security policy, classification of security policy, and<br />
types of security policies<br />
• Describes the security policy structure, contents of security policy, privacy and<br />
confidentiality, security levels, security organizations and security policy features<br />
• Explains the configuration of security policy, implementation of security policy, incident<br />
handling and escalating procedures, security operations, and life cycle management<br />
• Details the process of securing assets, defining responses to security violations,<br />
presenting and reviewing the process, compliance with law and policy, transborder<br />
encryption issues, and points to remember while writing security policy<br />
Module 09: IEEE Standards<br />
• Provides an overview and architecture of IEEE 802, and the history of 802 standards<br />
• Discuses about the objectives of IEEE Standards, the IEEE 802 Bridging and<br />
Management, 802.2 Logical Link Control Layer, 802.3 CSMA/CD (Ethernet), 802.4<br />
Token Passing Bus, 802.5 Token Ring Passing, 802.6 DQDB Access Method, 802.7<br />
Broadband LAN, 802.10 Security, 802.11 Wireless LAN (WLAN), 802.12 Demand<br />
Priority Access, 802.15 Wireless Personal Area Network, 802.16 Broadband Wireless<br />
MAN (WMAN),and the 802.17 Resilient Packet Ring<br />
• Explains the Wireless Networking Standards
• Elucidates the ETSI Standards, HIPERLAN, Family of HIPERLAN standards,<br />
HIPERLAN/1, HIPERLAN/2, HiperAccess, HiperLink, and the HiperMAN<br />
Module 10: Network Security Threats<br />
• Provides an overview of the various kinds of security threats, and the current security<br />
threats statistics. Defines the terms such as: vulnerability, threats, and attacks, types of<br />
attacks, and classification of hackers.<br />
• Explains the techniques in network attacks. Discusses about various techniques, Common<br />
Vulnerabilities and Exposure (CVE), various threats, attacks, and hiding evidence of an<br />
attack<br />
• Discusses on how to create a Domain Name Space, creating a new domain name, and the<br />
components of DNS<br />
• Explains the working and functional categories of gateways and functional categories of<br />
gateway devices<br />
Module 11: IDS & IPS<br />
• Discusses about the Intrusion Detection System (IDS) and history of IDS and various<br />
intrusion detection concepts<br />
• Explains the methods to choose IDS for an organization<br />
• Discusses the characteristics of IDS, Importance of IDs, and aggregate analysis of IDS<br />
• Explains various types of IDS, NIDS. Explains the architecture, operational concept,<br />
network based detection, and tools related to NIDs, HIDS includes architecture,<br />
operational concept, host based detection and its tools, and difference between NIDS and<br />
HIDS<br />
• Describes the Hybrid IDS frame work, prelude IDS, components and interaction between<br />
prelude components like relaying, reverse relaying, and the functioning of the Libsafe<br />
tool<br />
• Discusses about distributed IDS including its advantages, components, protocol IDS,<br />
Network Behavior Analysis, Unified Thread Management, and deployment of the IDS<br />
• Discusses various types of IDS signatures, True/False-Positive/Negative, and major<br />
methods of operation<br />
• Explains the working of tools such as Snort, BlackICE, M-ICE, Secure4Audit, Emerald,<br />
NIDES, SECUREHOST, and the GFI EventsMANAGER<br />
• Explains the IPS and its Strategies<br />
• Describes the process of raw packet capture, filtering, packet decoding, storage, fragment<br />
reassembly, stream reassembly, stateful inspection of TCP sessions, and firewalling<br />
• Explains the working of IPS Tools such as Sentivist, Stonegate IPS, and McAfee<br />
Module 12: Firewalls<br />
• Explains the security features of a firewall, components, operations, and types of<br />
firewalls<br />
• Defines the types of firewalls based on the functionality, the PIX firewall, and its features
• Explains the rules and restrictions that are to be applied for the good performance of a<br />
firewall<br />
• Explains the configuration strategies in firewall. Describes the features such as scalability,<br />
portability, architecture of firewall based on dual homed, screened host, and screened<br />
subnet<br />
• Discusses on threats and security risks in firewall, protection of network against hacking,<br />
centralization and documentation of the firewall, and multi-layer firewall<br />
• Explains the deployment strategies of firewall, firewalls within router. Introduces DMZ,<br />
multi-firewall DMZ, and advantages and disadvantages of firewall<br />
• Discusses the threats to firewall, such as firewalking, banner grabbing, and placing<br />
backdoors<br />
• Provides an understanding of the limitations of firewall, personal firewall software and<br />
hardware<br />
• Discusses on how the firewall logs affect the performance, discusses the firewall<br />
analyzer, importing logs and archiving logs, firewall builder, and wflogs<br />
• Explains the features and functions of the firewall products such as Wingate, Symantec,<br />
firewall tester like firewalk and ftester<br />
Module 13: Packet Filtering and Proxy Server<br />
• Provides an understanding of Packet Filtering. Discusses about application layer gateway,<br />
network address translation, packet filtering, packet sequencing and prioritization, packet<br />
fragmentation, and analyzing packet signatures<br />
• Explains the process of configuring packet filtering and its types. Discusses about various<br />
types of filtering such as stateful packet filtering, stateless packet filtering, and dynamic<br />
packet filtering<br />
• Explains the pros and cons of filtering and flags used. Discusses about advantages and<br />
disadvantages of filtering and flags used<br />
• Provides an understanding the proxy server. Discusses about proxy servers, role of proxy<br />
servers, routed environment, proxy control, and the socks proxy<br />
• Explains the authentication process and firewalls in proxy server. Discusses about<br />
authentication process, centralized authentication services, and application proxy firewall<br />
• Provides an understanding of the security and benefits of proxy server. Discusses about<br />
security and access control, reverse proxies, and difference between proxy server and<br />
packet filtering<br />
Module 14: Bastion Host and Honeypots<br />
• Explains the concept of Bastion Host which includes its principles, the need for a bastion<br />
host, and how to Build a bastion host. Explains configuring Bastion Host, locating<br />
Bastion Host, securing the machines, defending bastion host, selecting services, disabling<br />
accounts, and unnecessary services, handling backups, and roles and security policy of<br />
Bastion Host<br />
• Discusses about Honeypot, History, Value, and types of Honey pots
• Details the classification of Honeypots such as low-interaction, medium-interaction, and<br />
high-interaction Honeypot, and examples of Honeypots like BOF, Specter, Honeyd,<br />
Homemade, Mantrap, and the Honeynet<br />
• Explains the Homemade Honeypot and advantages and disadvantages of Honeypot<br />
• Introduces the Honeynet, its architecture, types, and legal related issues<br />
Module 15: Securing Modems<br />
• Provides an overview to modems, the origin of modems, and various features of modems<br />
• Discusses about various types of modems like hardware modems, Optical Modems, Short<br />
Haul Modems, Smart Modem, Controller Less Modem, Acoustic Modem, and the Null<br />
Modem<br />
• Explains about Modem security, Additional security to modem, and categorizing modem<br />
access<br />
• Describes the Modem attacks such as Spoofing attacks, Call Forwarding attacks, and war<br />
dialing, and Modem risks like War dialers and packet sniffing<br />
• Explains the Modem failure Symptoms, Modem Firmware Failure, and Primary Modem<br />
Failures<br />
• Discusses about reasons for modem connection failures and some common failures in<br />
modems<br />
• Explains the process of troubleshooting modems, and External and Internal modems<br />
Module 16: Troubleshooting Network<br />
• Explains the Troubleshooting Strategies and methodologies. Discusses the<br />
Troubleshooting Strategy, Recognizing Symptoms, Analyzing Symptoms, Understanding<br />
the problem, System Monitoring Tools, Testing the cause of the problem and solving the<br />
problem<br />
• Discusses on how to troubleshoot network devices, Bridge, hubs, network interface cards<br />
etc. Includes troubleshooting Network devices such as Windows PC Network Interface<br />
Card, Cisco Aironet Bridge, bridges using the Virtualization Engine, BR350 (Bridge),<br />
Diagnosing Repeater and Gateway Problems, Hubs and Switches, cable modem, DSL or<br />
LAN Internet Connection, a Universal Serial Bus Device, and the IEEE 1394 Bus devices<br />
• Explains what to do when network slowdowns. Discusses about Troubleshooting<br />
Network Slowdowns that includes NetBios Conflicts, IP Conflicts, Bad NICs, DNS<br />
Errors, Insufficient Bandwidth, Excessive Network Based Application, Daisy Chaining,<br />
and Spyware Infestation<br />
• Describes the process of troubleshooting Wireless devices such as Checking the Led<br />
Indicators, Checking Basic setting, SSID, WEP Keys, Security Setting, and Device<br />
Manager<br />
• Describes the process of troubleshooting Network Communication such as identifying<br />
communication problems, using Ping and Traceroute, exploring Network<br />
Communications, Finding Path Information, Access point Interface, and Identify<br />
Communication Capabilities<br />
• Describes how Load balancing reduces network traffic.Explains the Network adapter<br />
Troubleshooting. Discusses about How to isolate networking problems (Windows XP).
• Explains how to overcome the Connectivity problem<br />
• Explains the mostly used TCP/IP Troubleshooting utilities: Discusses about TCP/IP<br />
Troubleshooting Utilities that includes Troubleshooting with IP Configuration Utilities,<br />
with Ping, with Tracert, with ARP, with Telnet, with Nbstat, with Netstat, with FTP, and<br />
with Nslookup<br />
• Describes the working of troubleshooting tools: Discusses about troubleshooting rools<br />
that includes hardware-Based troubleshooting tools, network technician’s hand tools, The<br />
POST card, memory testers, electrical safety rules, wire crimpers, punch down tools,<br />
circuit testers, voltmeters, cable testers, crossover cables, hardware loopback plugs, LED<br />
indicator lights, and tone generators<br />
Module 17: Hardening Routers<br />
• Details the routing metrics, router types, algorithms of routers, and Internet work<br />
operating system<br />
• Explains the principles of routing, and router’s modes of operation<br />
• Describes the process of configuring IP, RIP, configuring the router, external, internal<br />
configuration modes<br />
• Explains the configuration modes like interface, line, Rom, and privilege monitor<br />
• Discusses on methods of Hardening a router, passwords, secrets, user accounts sessions<br />
• Defines what Cisco discovery is, the logging concept, and Cisco logging options<br />
• Explains how to create access control list, implementing, monitoring and logging system<br />
error messages<br />
• Explains how to secure routers, configuring SSH, ciphers, MAC, compression, and root<br />
logins<br />
• Defines the Router commands, types of routing, and protocols<br />
• Explains the working of troubleshooting tools, PPP, X.25, ISDN, Frame relay,<br />
components of router security, and testing tools<br />
Module 18: Hardening Operating Systems<br />
• Explains what BIOS security is, the Windows registry, working of registry editor, and<br />
Root kit revealer. Explains the configuring Windows services such as e-mail service, and<br />
regional setting etc.<br />
• Defines how the resource are accessed in a network, access control, DACL, what are the<br />
objects and permission, introduction to NTFS, EFS, and infrastructure feature of<br />
Windows operating system<br />
• Provides an understanding of Kerberos authentication, trust relationship between<br />
domains , and IPSec<br />
• Describes the various features of Windows 2003 such as authentication, security<br />
configuration, EFS, and network security<br />
• Explains the concept of Certification Authority of Windows, implementation of the CA,<br />
and enterprise root CA<br />
• Defines the Linux user and file system, data and network security, introduction to<br />
account security, and user management, some OS security measures, and interface<br />
configuration
• Describes the PAM module, configuration files framework, and security, network<br />
information services, and an introduction to system logger utility<br />
• Provides an understanding how to secure UNIX and the UNIX Security Checklist<br />
• Explains the security with Macintosh, Enterprise security, Kerberos authentication, and<br />
application security<br />
• Discusses on Vista Security and installation of Windows Vista<br />
Module 19: Patch Management<br />
• Discuses the concept of Patch Management, Types of Patches defined by Microsoft<br />
• Describes the Patch testing<br />
• Explains the process of Patch Monitoring and Management, how to Create a Change<br />
Process, and to Monitor the Patch Process<br />
• Discuses the Consolidating Patches on Red hat Network, Red Hat Up2date Patch<br />
Management Utility Installation Steps, and Red Hat Up2date Patch Management:<br />
Command Line Interface<br />
• Explains the Microsoft Patch Management Process<br />
• Provides details of the Widows Update Services, Microsoft Software Update Services,<br />
Windows Server Update Services (WSUS), WSUS Vs SMS 2003, and Role of SMS in<br />
Patch Management Process<br />
• Describes the working of Patch Management Tools<br />
Module 20: Log Analysis<br />
• Introduces the concept of log analysis. Discusses about the log analysis, Audit events and<br />
log types<br />
• Categorizes the log files and discusses about Log files, Access_log, Agent_log, Error_log,<br />
refer_log and TCPDump Logs<br />
• Provides an understanding the concept of web server Log Analysis: Discusses about web<br />
server log analysis and its tools, Apache log, IIS log and limitations of log file analysis<br />
• Helps in identifying Syslog statistics and analysis. Discusses about syslog, Statistics and<br />
analysis of syslog<br />
• Provides an understanding of the concept of logging including the overview of Logging,<br />
Setting up Remote Logging, Windows Logging, and Application Logging and Firewall<br />
Logging<br />
• Introduces Monitoring and security events. Discusses about Monitoring and Security<br />
events, Importance of Time Synchronization, and Passive Detection Methods and<br />
Scripting<br />
• Explains the working of Log Analysis tools. Discusses about log analysis tools such as<br />
Userlock and WStool and Auditing tool like ADSIC, Tenshi, SpoofMAC, and Gentle<br />
MAC Pro<br />
• Explains the working of various log parsing tools log parsing tools such as: LogSentry,<br />
SL2, Flog, SLCT, xlogmaster, Geek Tool, Dump.exe, Watchlog, and Logdog<br />
• Introduces the Log File Rotation Tools like Logcontroller, Newsyslog, Spinlogs, Trimlog,<br />
SLRS, and Bzip2<br />
• Discusses about Secure logs and features and provides understanding of Log security
Module 21: Application Security<br />
• Discusses the issues that make Web Security difficult<br />
• Explains various the Application Threats and Countermeasures, Input Validation,<br />
Authentication, Authorization, and Configuration Management<br />
• Discusses on Securing Web Applications, Authentication, and Authorization. Discusses<br />
on Managing Sessions, working of Cookies, Persistent vs. Non-Persistent Cookies,<br />
Secure vs. Non-secure Cookies, Session Tokens, Authentication Tokens, Event Logging,<br />
and Log Management.<br />
• Describes the Embedded Application Security, TCP/IP Security Technology, IPSec and<br />
SSL Security, IPSec and SSL In Embedded Systems, Network Security For Embedded<br />
Applications, and Embedded Network Security Hardware Instructions<br />
• Discusses the Remote Administration Security and preventive methods for unauthorized<br />
Persons<br />
• Introduces the concept of Threat modeling, use of Threat modeling, Terminology, Input<br />
and Output of Threat modeling, step by step approach, and the five steps of Threat<br />
modeling<br />
Module 22: Web Security<br />
• Explains various types of network threats. Discusses about need for web security, and<br />
common Threats on web.<br />
• Discusses on how to Identify unauthorized Network Devices, Restrictive Access,<br />
Network Address, Altering Network Addresses, Tracking the connectivity, Testing the<br />
traffic Filtering Devices and, and Installing and protecting IIS<br />
• Discusses on how to Identify Client Authorization, Certificate Authorities, Client-side<br />
Data, Client Authentication, and Input Data Validation<br />
• Explain the process of deploying and managing Web-based solutions. Discusses about<br />
Browsing analysis, Browser Security for Mozilla Browser, Internet Explorer, Security<br />
Settings of Internet Explorer, Browser Hijacking, Tools to Hijack, Browser Analysis, and<br />
Browser security settings<br />
• Describes the concept of Plug-ins. Discusses about Plug-ins, for Netscape/IE, Mozilla<br />
Firefox Plug-ins, Accessibility Analyzer, Way back versions, Validate P3P, Links, RSS,<br />
CSS and HTML, View-in, BugMe Not, Webpage Speed Report, and Open Text<br />
• Explains the Common Gateway Interface (CGI). Discusses about CGI, CGI Script, and<br />
CGI operation.<br />
Module 23: E-Mail Security<br />
• Analyzes the key concepts of Electronic Mail: Describes the concept of E-mail, history,<br />
basics of E-mail, types of E-mail and compares Web Based e-mails with Pop3 e-mails<br />
• Explains the implementing the components of an E-mail such as: Headers, opening<br />
attachments, reading e-mails for different clients, field names and values, address list,<br />
recipients and senders and response targets and threading
• Explains the Configuring and Testing of E-mail Servers such as: Unix Email Servers,<br />
Microsoft Exchange 2000 Email Server, Novel GroupWise Email Server, and Testing the<br />
Email Server.<br />
• Discusses the analysis of the core elements in e-mail Encryption. Discusses about<br />
Centurion mail, Kerberos, Hush Mail, Pretty good privacy and Secure Hive<br />
• Explains how to configure Outlook Express and Install WorkgroupMail, how to secure email<br />
and e-mail authentication<br />
• Describes how to identify common email protocols such as: Multipurpose Internet Mail<br />
Extensions (MIME) /Secure MIME, Pragmatic General Protocol (PGP), Simple Mail<br />
Transfer Protocol (SMTP), Post Office Protocol (POP) and its POP3, and Internet<br />
Message Access Protocol (IMAP)<br />
• Details an Client Server Architecture in LAN and in Internet<br />
• Analyzes the risks related to e-mail Security such as: Spoofed Addresses, Spam, Hoaxes,<br />
Phishing, Snarfing, Malware, E-Mail spoofing, E-Mail viruses, Gateway virus scanners,<br />
Outlook Viruses, E-mail Attachment Security, E-Mail Spamming, E-Mail Bombing,<br />
Chain letters and How to defend against E-Mail Security Risks<br />
• Explains how to implement the tools to secure e-mail such as: ClipSecure,<br />
CryptoAnywhere, BCArchive, CryptainerLE, GfiMailEssentials and SpamAware<br />
• Describes the process of tracking an E-mail and the working of readnotify tool<br />
Module 24: Authentication: Encryption, Cryptography and Digital Signatures<br />
• Defines Authentication, VeriSign Authentication, and Evolution of Encryption<br />
• Discusses about Symmetric vs. asymmetric encryption, symmetric key encryption,<br />
asymmetric key encryption, Hashing, PGP, X.509, and SSL.<br />
• Explains the IPSec Architecture, Components of IPSec, IPSec Modes, IPSec Processing,<br />
Enabling IPSec, Algorithms for IPSec, IPSec Protocols, Levels of IPSec, and IPSec<br />
Policies<br />
• Describes the concept of Cryptography, History, Math and Algorithms, Message<br />
Authentication, DES for Encryption, DES ECB and CBC Analysis, 3DES, HMAC/MD5<br />
and SHA for Authentication and IPSec Limitations<br />
• Describes the Digital Certificates, Public and Private Keys, and Certificate Encryption<br />
Process<br />
• Describes the Digital Signatures, its features, Digital Signature In practice, and PKI<br />
Module 25: VPN<br />
• Describes the concept of Virtual Private Network (VPN), Classification, Internal LAN<br />
VPNs, Remote Access VPNs, and Extranet VPNs<br />
• Discusses about Tunneling, Types such as: Voluntary Tunneling, Compulsory Tunneling;<br />
VPN Tunneling Protocols, Point-to-Point Tunneling Protocol (PPTP), Layer Two<br />
Tunneling Protocol (L2TP), and Internet Protocol Security (IP Sec)<br />
• Explains the VPN security, Privacy to the Clients, Reliability of Data, Genuineness of<br />
Information, and Connection to VPN: SSH and PPP, Concentrator, and Setup Client<br />
Software
• Describes the process of Setting-up VPN, implementing the DHCP service, creating an<br />
Enterprise Certificate Authority, Installation of IAS, Configuring an IAS, Creating a<br />
Remote Access Policy, Configuring a VPN server, Associate the VPN server with the<br />
DHCP server, Configuring a Remote Client, and Test the Client Connection<br />
• Discusses the implementation and configuration of VPN server, DHCP server, and IAS<br />
servers<br />
• Describes the VPN policies, Internet Service Provider (ISP), Tokens, Client Software for<br />
TCH Applications, Non-TCH Entities/Users, Support Services, and Authorization of use<br />
of Technology, and VPN Registration and Passwords<br />
• Explains the risks associated with VPN such as: Security Risk, Third-Party Risk,<br />
Business Risk, Implementation Risk, and Operating Risk<br />
• Details the process of Testing of the VPN product and Flaws associated with VPNs<br />
Module 26: Wireless Network Security<br />
• Introduces the concept of Wireless Networks, Types of Wireless Network: based on<br />
connection, and based on Geography<br />
• Explains the components of Wireless Network such as: Access Points, Wireless Cards,<br />
Antenna, Wireless Desktop Cards, Wireless Laptop Cards, Wireless USB Adapters,<br />
Wireless Internet Video Camera, Digital Media Adapter, Wireless Converters, Wireless<br />
Print Server, Wireless Rechargeable Bluetooth mouse<br />
• Discuses the Wireless Technologies, Personal Communication Services(PCS), Time<br />
Division Multiple Access(TDMA), Code Division Multiple Access(CDMA), ARDIS,<br />
Bluetooth, Bluetooth Architecture and components, Ultra Wideband<br />
• Explains the process of detecting Wireless Network, How to Scan Wireless Network,<br />
Wardriving, WarChalking, and the working of the wireless network detecting Tool:<br />
Kismet, and Netstumbler<br />
• Discuses the Types of Wireless Threats and Attacks such as: Man in the Middle Attacks,<br />
Denial of Service (DoS), Distributed Denial of Service (dDoS), Social Engineering,<br />
Weak key Attacks, Dictionary Attacks, Birthday Attacks, Wireless Threats. Provides an<br />
overview of Wi-Fi, Open Wi-Fi Vulnerabilities, risks due to Wireless Networks, Wired<br />
Equivalent Privacy, WEP Key Cracking Tools, AirSnarf (Wireless Network Attack Tool),<br />
and Wellenreiter v2 Tool (to detect MAC Address Spoofing)<br />
• Explains the wireless Standards, IEEE 802.11a (Wi-Fi), IEEE 802.11b (Wi-Fi), and IEEE<br />
802.11g (Wi-Fi)<br />
• Describes the process of securing Wireless Communication: Authentication, LDAP,<br />
Multifactor Authentication, Authentication Mechanism, Kerberos, WPA, Security<br />
Measures, Change the SSID, Use Encryption, Use a VPN, Use a Firewall.<br />
• Explains the WLAN Security Policy Development issues, goals and characteristics,<br />
auditing WLAN Security Policy, RADIUS Authentication, Wireless Auditing, Baselining,<br />
and DHCP Services<br />
• Describes Certificate Management through PKI, Trouble Shooting Wireless Network,<br />
Multipath and Hidden Node<br />
• Explains the process of developing the Wireless Network Security Checklist<br />
Module 27: Creating Fault Tolerance
• Discuses the Network Security Fault tolerance, Creating Fault Tolerance, Availability,<br />
and Reliability<br />
• Explains how to plan for Fault Tolerance, Reasons of System Failure such as: Crime,<br />
User Error, Environmental Factors, and Routine Technical Events. Discusses about Fault<br />
Tolerant Network, Reasons For Network Failure such as: Viruses, Trojans, and Intrusion<br />
• Discuses the Preventive Measures: Backup, Tape Backup: Pros and Cons, Problems with<br />
Tape Backup, Practical Tips, UPS and Power Generators, and Access Rights<br />
• Discuses the Redundant Array of Independent Disks (RAID), RAID Level 0, RAID<br />
Level 1, RAID Level 2, RAID Level 3, RAID Level 4, RAID Level 5, Basic<br />
Input/Output System (BIOS), RAID 0+1: Striping with Mirroring, Clustered Servers,<br />
Simple Server Redundancy, and Archiving<br />
• Discuses the Conducting Deployment Testing, Auditing, and Circuit Redundancy.<br />
• Discuses the Network Vulnerabilities, Types of Vulnerabilities, Working of<br />
Vulnerabilities, Authentication, and Working of Authentication.<br />
Module 28: Incident Response<br />
• Introduces an Incident, discusses the categories of Incidents, different types of Incidents,<br />
Confidentiality, Integrity and Availability (CIA) related Incidents, reconnaissance attacks,<br />
Repudiation, Harassment, Extortion, Pornography Trafficking, organized Crime Activity,<br />
Subversion, Hoaxes, and Caveat.<br />
• Explains how to report an Incident, step-by-step procedure for responding to an Incident,<br />
establishing general procedures for responding to incidents, and preparing to respond to<br />
incidents<br />
• Describes the process of managing Incidents, what an Incident Response is, Incident<br />
Response Architecture, Policy, Technology, Procedures, Standard and Matrices,<br />
Communication, Intrusion Detection, Impact Assessment, Liaison with Agencies, and<br />
Information Validation.<br />
• Explains the Six Step Approach for Incident Handling: Preparation, Detection,<br />
Containment, Eradication, Recovery, and Follow-up<br />
• Describes what an Incident Response Team is, it’s functional requirements, ways of<br />
Communication, and Staffing Issues<br />
• Discusses the Incident Response Team Life Cycle, Initial, Critical, Established, Post<br />
established stages, and Obstacles in building a successful Response Team.<br />
• Explains the Computer Security Incident Response Team, CSIRT’s organizational<br />
models, CSIRT Services.<br />
• Explains how to conduct a Computer Forensic Investigation<br />
Module 29: Disaster Recovery and Planning and Risk Analysis<br />
• Discuses the Disaster Recovery (DR) principles in an organization, types of Disaster<br />
Recovery, Backup sites, and Recovery of Small or Large Systems.<br />
• Explains the steps for Disaster recovery Process<br />
• Explains the Disaster Recovery Testing and steps, testing Scenarios, and the making of<br />
DR Planning Team
• Discuses the Business Continuity Planning Process (BCP), Business Impact Analysis<br />
(BIA) and also discusses the Interview Key Staff, Analyze Present Written Stability Plans<br />
and Materials.<br />
• Describes the BCP: Risk Assessment, Risk Monitoring and other policies, standards and<br />
process of BCP, change management policies, Data synchronization, Training employees<br />
and planning communities, insurance and Government and Community policy<br />
• Explains the Business Continuity Management, Six Myths About Business Continuity<br />
Management, and Disaster Recovery<br />
• Describes the Disaster prevention process<br />
Module 30: Network Vulnerability Assessment (NVA)<br />
• Discuses the statistics of network vulnerabilities, vulnerability assessment, vulnerability<br />
classes, goals and features of good vulnerability assessment, and choice of personnel for<br />
network vulnerability assessment team.<br />
• Explains the network vulnerability assessment methodology and its phases: Phase I –<br />
Acquisition, Phase II: Identification, Phase III: Analyzing, Phase IV: Evaluation, and<br />
Phase V: Generation,<br />
• Explains the working of the vulnerability assessment tools, How to assess vulnerability<br />
assessment tools, selecting vulnerability assessment tools.<br />
• Explains the NVA-team checklist and tool: ScanIT Online.