Level 2 - Network Security
                      MODULE I: PREPARATION

Part I: Hacking & Psychology
P Why Computers Aren'...
Layer 4: Transport
        Layer 5: Session
        Layer 6: Presentation
        Layer 7: Application
L   Carrier Sense M...
- Using Nmap for Inventory and Asset Management
        - Using Nmap for Security Auditing
        - Using Nmap for System...
- Source and Install
        - Example Usage
•   Nmap-Parser
        - Source and Install
        - Example Usage
•   Dete...
• Nessus Version Comparison
• Picking a Server
       - Supported Operating Systems
       - Minimal Hardware Specificatio...
- Port scanner Settings
         - Proxies, Firewalls, and TCP Wrappers
         - Valid Credentials
         - KB Reuse a...
- Information Gathering
     - Vulnerability Fingerprinting
     - Denial-of-Service Testing

Part III: Network Monitoring...
•   Finding packets
•   Specific packet
•   Marking packets
•   Time display formats and time references
•   Following TCP...
• SNMP users Table
• User DLTs protocol table
• Lua Support in Wireshark
• Saving capture files
• Obtaining dissection dat...
- Packet Sniffing
        - Installing tcpdump
        - tcpdump Basics
        - Examining tcpdump Output
        - Runni...
- Pass Rules
        - Threshold and Suppression
•   Using ACID as a Snort IDS Management Console
        - Software Insta...
- Broadcast and Multicast
        - IP Services
        - IP Routing
        - Applications Using IP
•   Broadband Routers...
- Firewalls and Logging
     - Firewall Log Review and Analysis
     - Firewall Forensics
• Troubleshooting Firewalls
    ...
•   Block Cipher Modes of Operation
•   Stream Ciphers and RC4
•   Confidentiality Using Symmetric Encryption
•   Placemen...
Upcoming SlideShare
Loading in...5
×

Level 2 - Network Security

4,313

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,313
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
120
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Level 2 - Network Security

  1. 1. Level 2 - Network Security MODULE I: PREPARATION Part I: Hacking & Psychology P Why Computers Aren't Secure W The History of Computer Security T Security Concepts - Trust - Authentication - Authentication - Chain of Authority - Accountability - Access Controls - Hacking Concepts H Hacking & Terrorism H Urban Hacking Techniques U Vectors & Exploits Part II: Becoming a Security Professional P Hacking & Emerging Trends H Understanding the Ethical Hacker’s Workflow U People, Process and Technology P Knowing your enemy K Technology Vs Management T Security budget across different verticals S Business Applications B Why is it always possible to hack? Part III: Networking Services P Networking and Protocol Fundamentals N Ethernet & Protocols E Understanding the Open Systems Interconnection Model Layer 1: Physical Layer 2: Data Link 7 Layer 3: Network
  2. 2. Layer 4: Transport Layer 5: Session Layer 6: Presentation Layer 7: Application L Carrier Sense Multiple Access/Collision Detection (CSMA/CD) C The Major Protocols: IP, TCP, UDP, and ICMP T Internet Protocol: IP I Internet Control Message Protocol: ICMP I Transmission Control Protocol: TCP T The TCP Handshake T TCP Sequence T User Datagram Protocol: UDP Part IV: Business & Security Solutions P The Costs of Using Free Security Solutions - Training Costs - Hardware Costs - Consulting Costs - Hidden Costs - The Savings of Using Free Security Solutions - Purchase Costs - Maintenance Costs - Customization Costs MODULE II: NETWORK SECURITY Part I: Network Auditing • What is Network Scanning? • Network Scanning Techniques - Host Discovery - Port and Service Scanning - OS Detection - Optimization - Evasion and Spoofing • Common Network Scanning Tools • Who Uses Network Scanning? • Detecting and Protecting • Network Scanning and Policy • What is Nmap? - History of Nmap - Nmap Features - Nmap’s User Interface - Additional Nmap Resources • Using Nmap in the Enterprise - Using Nmap for Compliance Testing
  3. 3. - Using Nmap for Inventory and Asset Management - Using Nmap for Security Auditing - Using Nmap for System Administration • Securing Nmap - Executable and End-User Requirements - System Environment - Security of scan results • Optimizing Nmap • Advanced Nmap Scanning Techniques • Getting Nmap - Platforms and System Requirements - Installing Nmap on Windows - Installing Nmap on Linux • Starting Nmap Scanning - Target Specification • Discovering Hosts • Port Scanning - Basic Port Scanning - Advanced Port Scanning - Specifying Ports • Detecting Operating Systems • Detecting Service and Application Versions • Other Scanning Options - Nmap Scripting Engine - Performance and Optimization - Evasion and Spoofing - Output Logging - Miscellaneous • Running Zenmap • Managing Zenmap Scans • Building Commands with the Zenmap - Command Wizard • Managing Zenmap Profiles • Managing Zenmap Results • What is OS fingerprinting? • The Mechanics of Nmap OS Fingerprinting • Nmap OS Fingerprint Scan as an Administrative Tool - Security Audits and Inventory • Detecting and Evading the OS Fingerprint Scan - Morph and IP Personality - Honey Pots • Tooling Around with Nmap • NDiff–Nmap Diff - Source and Install - Example Usage • RNmap–Remote Nmap - Source and Install - Example Usage • Bilbo
  4. 4. - Source and Install - Example Usage • Nmap-Parser - Source and Install - Example Usage • Detecting Nmap on your Network - TCP Connect Scan - SYN Scan - XMAS Scan - Null Scan • Discovering Stealthy Scanning Techniques - Nmap Fragment Scan - Nmap Decoys - Detecting Nmap Fragment Scans • Discovering Unauthorized Applications and Services • Testing Incident Response and Managed Services Alerting - Scanning to Test Alert Procedures - Targeted Reconnaissance with Nmap Part II: Web Application Vulnerability Assessment • What Is a Vulnerability Assessment? • Why a Vulnerability Assessment? • Assessment Types - Host Assessments - Network Assessments • Automated Assessments • Stand-Alone vs Subscription • The Assessment Process - Detecting Live Systems - Identifying Live Systems - Enumerating Services - Identifying Services - Identifying Applications - Identifying Vulnerabilities - Reporting Vulnerabilities • Two Approaches - Administrative Approach - The Outsider Approach - The Hybrid Approach • Realistic Expectations • Introducing Nessus • The De Facto Standard • History of Nessus • Basic Components - Client and Server - The Plugins - The Knowledge Base • Installing Nessus
  5. 5. • Nessus Version Comparison • Picking a Server - Supported Operating Systems - Minimal Hardware Specifications - Network Location • Nessus Install Guide - Nessus Install Script - Installation from Source - configuration • UNIX Install Process • Windows Install Process • Final Steps • Installing a Client • Preparing for Your First Scan • Authorization • Risk vs Benefits - Denial of Service - Missing Information - Providing Authentication Information - Plugin Selection • Starting the Nessus Client • Policies - Policy Tab - Options Tab - Credentials Tab - Plugin Selection Tab - Network Tab - Advanced Tab • Target Selection • Starting the Scan • Nessus Command Line • Interpreting Results • The Nessus UI Basics • Viewing Results Using the Nessus Client - For Linux/UNIX and Windows - Using the Basic Report Viewer - Saving and Exporting to Other Formats - Loading and Importing Reports • Reading a Nessus Report - Understanding Vulnerabilities - Understanding Risk - Understanding Scanner Logic • Key Report Elements - Asking the Right Questions • Factors that Can Affect Scanner Output - Plugin Selection - The Role of Dependencies - Safe Checks - Ping the Remote Host
  6. 6. - Port scanner Settings - Proxies, Firewalls, and TCP Wrappers - Valid Credentials - KB Reuse and Differential Scanning - Scanning Web Servers and Web Sites - Web Servers and Load Balancing - Bugs in the Plugins - Additional Reading - Configuration Files • Vulnerability Types • Critical Vulnerabilities - Buffer Overflows - Directory Traversal - Format String Attacks - Default Passwords - Mis-configurations - Known Backdoors • Information Leaks - Memory Disclosure - Network Information - Version Information - Path Disclosure - User Enumeration • Denial of Service • Best Practices • What Are False Positives? - A Working Definition of False Positives • Why False Positives Matter - False Positives Waste Your Time - False Positives Waste Others’ Time - False Positives Cost Credibility • Generic Approaches to Testing - An Overview of Intrusive Scanning - An Overview of Non intrusive Scanning • The Nessus Approach to Testing • Dealing with False Positives - Dealing with Noise - Analyzing the Report - False Positives • Dealing with a False Positive • Disabling a Nessus Plugin - Disabling a Plugin with Nessus - Disabling a Plugin Under Unix - Marking a Result as a False Positive with Nessus WX - False Positives and Web Servers—Dealing with Friendly s • Under the Hood - Nessus Architecture and Design - Host Detection - Service Detection
  7. 7. - Information Gathering - Vulnerability Fingerprinting - Denial-of-Service Testing Part III: Network Monitoring • What is Wireshark? - Some intended purposes - Features - Live capture from many different network media - Import files from many other capture programs - Export files for many other capture programs - Many protocol decoders - Open Source Software - What Wireshark is not • Where to get Wireshark? • A brief history of Wireshark • Development and maintenance of Wireshark • Obtaining the source and binary distributions • Building from source under Windows • Installing Wireshark under Windows - Install Wireshark - Manual WinPcap Installation - Update Wireshark - Update WinPcap • Start Wireshark • Capturing Live Network Data • The "Capture Interfaces" dialog box • The "Capture Options" dialog box • The "Interface Details" dialog box • Capture files and file modes • Link-layer header type • Filtering while capturing • File Input / Output and Printing • Open capture files • Saving captured packets • Merging capture files • File Sets • Exporting data • Printing packets • The Packet Range frame • The Packet Format frame • Working with captured packets • Viewing packets you have captured • Filtering packets while viewing • Building display filter expressions • The "Filter Expression" dialog box • Defining and saving filters • Defining and saving filter macros
  8. 8. • Finding packets • Specific packet • Marking packets • Time display formats and time references • Following TCP streams • Expert Infos • Time Stamps • Time Zones • Packet Reassembling • How Wireshark handles it • Name Resolution - Name Resolution drawbacks - Ethernet name resolution (MAC layer) - IP name resolution (network layer) - IPX name resolution (network layer) - TCP/UDP port name resolution (transport layer) • Checksums - Wireshark checksum validation - Checksum offloading • Statistics • The "Summary" window • The "Protocol Hierarchy" window • Conversations - What is a Conversation? - The "Conversations" window - The protocol specific "Conversation List" windows • Endpoints - What is an Endpoint? - The "Endpoints" window The protocol specific "Endpoint List" windows • The "IO Graphs" window • WLAN Traffic Statistics • Service Response Time • The protocol specific statistics windows • Customizing Wireshark • Start Wireshark from the command line • Packet colorization • Control Protocol dissection - The "Enabled Protocols" dialog box - User Specified Decodes - Show User Specified Decodes • Configuration Profiles • User Table • Display Filter Macros • GeoIP Database Paths • Tektronix K2xx/5 RF5 protocols Table • SCCP users Table • SMI (MIB and PIB) Modules • SMI (MIB and PIB) Paths
  9. 9. • SNMP users Table • User DLTs protocol table • Lua Support in Wireshark • Saving capture files • Obtaining dissection data • GUI support • Post-dissection packet analysis • Obtaining packet information • Functions for writing dissectors • Adding information to the dissection tree • Functions for handling packet data • Utility Functions • Files and Folders in WIRESHARK • Capture Files • Libpcap File Contents • Protocols and Protocol Fields • Wireshark Messages - Packet List Messages - Malformed Packet - Packet size limited during capture - Packet Details Messages - Response in frame: 23 - Request in frame: 23 - Time from request: 23 seconds - Stream setup by PROTOCOL (frame 23) • Related command line tools - tshark: Terminal-based Wireshark - tcpdump: Capturing with tcpdump for viewing with Wireshark - dumpcap: Capturing with dumpcap for viewing with Wireshark - capinfos: Print information about capture files - editcap: Edit capture files - mergecap: Merging multiple capture files into one - text2pcap: Converting ASCII hexdumps to network captures - idl2wrs: Creating dissectors from CORBA IDL files Part IV: Intrusion Detection System Setup • Introduction - Disappearing Perimeters - Defense-in-Depth - Detecting Intrusions (a Hierarchy of Approaches) - What Is NIDS (and What Is an Intrusion)? - The Challenges of Network Intrusion Detection - Why Snort as an NIDS? - Sites of Interest • Network Traffic Analysis - The TCP/IP Suite of Protocols - Dissecting a Network Packet
  10. 10. - Packet Sniffing - Installing tcpdump - tcpdump Basics - Examining tcpdump Output - Running tcpdump - ethereal - Sites of Interest • Installing Snort - About Snort - Installing Snort - Command-Line Options - Modes of Operation • Know Your Enemy - The Bad Guys - Anatomy of an Attack: The Five Ps - Denial-of-Service - IDS Evasion - Sites of Interest • The snortconf File - Network and Configuration Variables - Snort Decoder and Detection Engine Configuration - Preprocessor Configurations - Output Configurations - File Inclusions • Deploying Snort - Deploy NIDS with Your Eyes Open - Initial Configuration - Sensor Placement - Securing the Sensor Itself - Using Snort More Effectively - Sites of Interest • Creating and Managing Snort Rules - Downloading the Rules - The Rule Sets - Creating Your Own Rules - Rule Execution - Keeping Things Up-to-Date - Sites of Interest • Intrusion Prevention - Intrusion Prevention Strategies - IPS Deployment Risks - Flexible Response with Snort - The Snort Inline Patch - Controlling Your Border - Sites of Interest • Tuning and Threshold - False Positives (False Alarms) - False Negatives (Missed Alerts) - Initial Configuration and Tuning
  11. 11. - Pass Rules - Threshold and Suppression • Using ACID as a Snort IDS Management Console - Software Installation and Configuration - ACID Console Installation - Accessing the ACID Console - Analyzing the Captured Data - Sites of Interest • Using SnortCenter as a Snort IDS Management Console - SnortCenter Console Installation - SnortCenter Agent Installation - SnortCenter Management Console - Logging In and Surveying the Layout - Adding Sensors to the Console - Managing Tasks • Additional Tools for Snort IDS Management - Open Source Solutions - Commercial Solutions • Strategies for High-Bandwidth Implementations of Snort - Barnyard - Commercial IDS Load Balancers - The IDS Distribution System (I(DS)2) MODULE III: DEFENCE Part I: Firewalls • Introduction to Firewalls - What Is a Firewall? - What Can Firewalls Do? - What Are the Threats? - What Are the Motives? - Security Policies - Determining If You Need a Firewall • Firewall Basics - Firewall Taxonomy - Firewall Products - Firewall Technologies - Open and Closed Source Firewalls • TCP/IP for Firewalls - Protocols, Services, and Applications - Internet Protocol (IP) - Transmission Control Protocol (TCP) - User Datagram Protocol (UDP) - Internet Control Message Protocol (ICMP) - Addressing in IP Networks - Network Address Translation (NAT)
  12. 12. - Broadcast and Multicast - IP Services - IP Routing - Applications Using IP • Broadband Routers and Firewalls - How Broadband Routers and Firewalls Work - Linksys Broadband Routers/Firewalls - Linksys Requirements - How the Linksys Router/Firewall Works - Configuring Linksys - Linksys Checklist • Cisco PIX Firewall and ASA Security Appliance - PIX/ASA Features - Choosing Between the PIX and the ASA - Cisco PIX Firewall and ASA Models - How the PIX/ASA Firewall Works - Configuring the Cisco PIX/ASA - PIX/ASA Checklist • LinuxBased Firewalls - NetFilter Features - NetFilter Requirements - How NetFilter Works - Configuring NetFilter - NetFilter Checklist • Application Proxy Firewalls - Application Layer Filtering - Proxy Server Functionality - Limitations of Application Proxy Firewalls - Microsoft ISA Server 2004 Firewall • Where Firewalls Fit in a Network - Different Types of Office Requirements - Single-Firewall Architectures - Dual-Firewall Architecture - The Firewall System - Where Personal/Desktop Firewalls Fit in a Network - Where Application Firewalls Fit in a Network - Firewalls and VLANs - Using Firewalls to Segment Internal Resources - High-Availability Firewall Designs • Firewall Security Policies - Written Security Policies - Firewall Policies/Rulesets • Managing Firewalls - Default Passwords - Maintaining the Underlying Platform - Firewall Management Interface - Management Access - Common Firewall Management Tasks • What Is My Firewall Telling Me?
  13. 13. - Firewalls and Logging - Firewall Log Review and Analysis - Firewall Forensics • Troubleshooting Firewalls - Developing a Troubleshooting Checklist - Basic Firewall Troubleshooting - Advanced Firewall Troubleshooting - Troubleshooting Examples MODULE IV: EXTENSION Part XX: Advanced Cryptography • Security Trends • The OSI Security Architecture • Security Attacks • Security Services • Security Mechanisms • A Model for Network Security • Recommended Reading and Web Sites • Symmetric Ciphers - Classical Encryption Techniques - Symmetric Cipher Model - Substitution Techniques - Transposition Techniques • Rotor Machines • Steganography • Block Ciphers and the Data Encryption Standard • Block Cipher Principles • The Data Encryption Standard • The Strength of Des • Differential and Linear Cryptanalysis • Block Cipher Design Principles • Finite Fields • Groups, Rings, and Fields • Modular Arithmetic • The Euclidean Algorithm • Finite Fields of The Form GF(p) • Polynomial Arithmetic • Finite Fields Of the Form GF(2n) • Advanced Encryption Standard • Evaluation Criteria For AES • The AES Cipher • More on Symmetric Ciphers • Multiple Encryption and Triple DES
  14. 14. • Block Cipher Modes of Operation • Stream Ciphers and RC4 • Confidentiality Using Symmetric Encryption • Placement of Encryption Function • Traffic Confidentiality • Key Distribution • Random Number Generation • Public-Key Encryption and Hash Functions • Introduction to Number Theory • Prime Numbers • Fermat's and Euler's Theorems • Testing for Primality • The Chinese Remainder Theorem • Discrete Logarithms • Public-Key Cryptography and RSA • Principles of Public-Key Cryptosystems • The RSA Algorithm • Key Management; Other Public-Key Cryptosystems • Key Management • Diffie-Hellman Key Exchange • Elliptic Curve Arithmetic • Elliptic Curve Cryptography • Message Authentication and Hash Functions • Authentication Requirements • Authentication Functions • Message Authentication Codes • Hash Functions • Security of Hash Functions and Macs • Mathematical Basis of the Birthday Attack • Hash and MAC Algorithms • Secure Hash Algorithm • Whirlpool • HMAC • CMAC • Digital Signatures and Authentication Protocols • Digital Signatures • Authentication Protocols • Digital Signature Standard • Network Security Applications • Authentication Applications • Kerberos • X.509 Authentication Service • Public-Key Infrastructure

×