Network Security and Penetration Testing

Overview:

This network security course fully arms you to address the information security concerns within the organization for data protection.

You will gain in-depth understanding on the network hacking tools usage and how to conduct the network penetration testing in a careful, and professional manner. This course will also demonstrates various network hacking techniques as well as penetration testing methodologies to help you identify network security vulnerabilities.

Duration:  04 days
Objectives:

-       Enable you to understand and communicate the network

-       security risks associated with hacking and other exploits

-       Discover real-world network hacking techniques and countermeasures

-       Sharpen up your technical skills and learn to fix the network vulnerabilities

-       Learn to perform a network penetration testing on own deployment and evaluate network security threats and possible exploits

-       Enable you to develop and design a secure network

-       Enable you to tackle real-life scenarios and apply new skills to the job with ease

Intended Audience:

-       System engineers, network administrators, firewall administrators, IT managers, information security professionals, penetration testers, ethical hackers and anyone who is interested in network security and penetration testing.

Course outlines:

1. Module 1: Overview of Network Security

  • Security Policy
  • Standards
  • Procedures
  • Baselines
  • Guidelines
  • Security Models
  • The OSI Model & the Domino Effect
  • Security Wheel

2. Module 2: Network Protocols & Analysis

  • Internet Protocol (IP)
  • IP Addressing
  • Transmission Control Protocol (TCP)
  • TCP header
  • TCP Communication Flags
  • Internet Control Message Protocol (ICMP)
  • ICMP MESSAGE TYPES
  • Internet Group Management Protocol (IGMP)
  • Address Resolution Protocol (ARP)
  • Dynamic Host Configuration Protocol (DHCP)
  • User Datagram Protocol (UDP)
  • UDP Datagram Format
  • UDP DATAGRAM FIELDS
  • Domain Name Service (DNS)
  • Lightweight Directory Access Protocol (LDAP)
  • Telnet
  • File Transfer Protocol (FTP)
  • Trivial File Transfer Protocol (TFTP)
  • Simple Mail Transfer Protocol (SMTP)
  • Post Office Protocol (POP)
  • Internet Message Access Protocol (IMAP)
  • Simple Network Management Protocol (SNMP)
  • Voice over IP (VoIP)
  • Session Initiation Protocol (SIP)
  • Hyper Text Transfer Protocol (HTTP)
  • General Headers
  • Request Headers
  • Response Headers
  • HTTPS

3. Module 3: Network Security Threats

  • Spam
  • Malware
  • Worm
  • Trojan
  • Drive-by download
  • Spyware
  • Keystroke logging
  • Adware
  • BOT
  • Social engineering
  • Phishing
  • Tabnabbing
  • Email spoofing
  • Password cracking
  • Denial-of-Service attack
  • Buffer Overflow
  • Network scanning
  • Information gathering
  • Port Scanning
  • Vulnerability Scanning
  • Man-in-the Middle (MiTM)
  • MITM Attack tools
  • MITM Proxy only tools

4. Module 4: Network Vulnerability Assessment

  • NMAP
  • Nessus

5. Module 5: Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)

  • IDS Technologies
  • Detection Types
  • IDS System Components
  • Network Intrusion Detection System (NIDS)
  • NIDS Sensor Placement
  • Wireless Detection System
  • Network Behavior Anomaly Detection
  • IDS Challenges

6. Module 6: Firewalls

  • Packet-Filtering Firewalls
  • Circuit-Level Firewalls
  • Application-Level Firewalls
  • DeMilitarized Zone
  • Honey Pot
  • Best Practices for Firewall Deployments

7. Module 7: Hardening Operating Systems & Patch Management

  • Removing Unnecessary Applications and Services
  • Default Installed Services in OS
  • Service Packs
  • Patch Management
  • Group Policies, Security Templates, and Configuration Baselines
  • Hardening a Hard Disk
  • OS and application hardening in Linux

8. Module 8: Hardening Physical Security

  • Types of Attackers
  • Factors Affecting Physical Security
  • Dumpster Diving
  • Premise Security
  • Office Security
  • Individuals Authentication
  • Workplace Security
  • Physical Security Countermeasures

9. Module 9: Application Security

  • Cookies
  • HTTP Proxies
  • State and Sessions
  • SQL Injection (SQLi)
  • Cross Site Scripting
  • Cross Site Request Forgery (CSRF)
  • HTTP Parameter Pollution Attack
  • Command Injection
  • File Upload Attack

10. Module 10: E-Mail Security

  • Email Message Format
  • Email Attack Vectors / Threats
  • Key features for an Email Security solutions

11. Module 11: Authentication: Encryption, Cryptography & Digital Signatures

  • Objectives of Cryptography
  • Government Access to Keys (GAK)
  • Encryption Algorithms
  • Advanced Encryption Standard (AES)
  • Data Encryption Standard (DES)
  • RC4, RC5, RC6 Algorithms
  • Rivest Shamir Adleman (RSA)
  • Message Digest (One-way Bash) Functions
  • Message Digest Function: MD5
  • Secure Hashing Algorithm (SHA)
  • Secure Shell (SSH)
  • Public Key Infrastructure (PKI)
  • Digital Signature
  • Cryptography Attacks

12. Module 12: Virtual Private Network

  • Basic VPN Requirements
  • Tunneling Basics
  • VPN Tunneling Protocols
  • How Tunneling Works
  • Tunneling Protocols and the Basic Tunneling Requirements
  • General Security Risks
  • Risk Mitigation

13. Module 13: Log Analysis

  • Security Software Logs
  • Operating System Logs
  • Application Logs
  • Challenges in Log Management
  • Architecture of Log Management Infrastructure
  • Log Management Functions
  • Storage
  • Analysis
  • Disposal

14. Module 14: Wireless Network Security

  • Denial of Service (DoS) attacks
  • Man-in-the-middle attacks
  • ARP poisoning
  • Wired Equivalent Privacy (WEP)
  • WPA-PSK and WPA-Enterprise
  • WPA 2
  • WEP vs WPA vs WPA2

15. Module 15: Incident Response

  • Events and Incidents
  • Incident Response Policy
  • Sharing Incidence Information with Outside Parties
  • Incident Response Team Structure
  • Team Models
  • Team Model Selection
  • Handling an Incident
  • Học tại Hồ Chí Minh

  • Học tại Hà Nội

  • Học trực tuyến


Các khóa học khác