Professional Documents
Culture Documents
EC-Council Network
Security Administrator
http://www.eccouncil.org
http://www.eccouncil.org
EC-Council
EC-Council
Page 2
http://www.eccouncil.org
EC-Council
Page 3
E|NSA
TM
EC-Council
http://www.eccouncil.org
EC-Council
Course Description
Page 4
The EC-Councils Network Security Administrator certification looks at the network security in defensive view while the CEH certification program looks at the security in offensive mode. The ENSA
program is designed to provide fundamental skills needed to analyze the internal and external security
threats against a network, and to develop security policies that will protect an organizations information. Students will learn how to evaluate network and Internet security issues and design, and how to
implement successful security policies and firewall strategies. In addition, they will learn how to expose
system and network vulnerabilities and defend against them.
The ENSA Course is for experienced hands in the industry and is backed by a curriculum designed by
the best in the field. Students can gain greater industry acceptance as seasoned Network Security professional. Students learn to configure firewalls, intrusion detection systems and AV systems. Develop
effective security policy in the company.
This course looks at the network security in defensive view. The ENSA program is designed to
provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organizations information. Students will
learn how to evaluate network and Internet security issues and design, and how to implement successful security policies and firewall strategies. In addition, they will learn how to expose system
and network vulnerabilities and defend against them.
Prerequisites
This course is a prerequisite for the CEH program.
Duration
5 days (9:00 5:00)
http://www.eccouncil.org
EC-Council
Certification
Course Outline v4
Module I: Fundamentals of Computer Network
1. Key elements of network
1.1. Nodes
1.2. The Network Backbone
1.3. Segments
1.4. Subnets
2. Logical Elements of Network
2.1. IP Addresses
2.1.1. IP Address Space
2.1.2. Assignment of IP Address
2.1.2.1. Prefix Based Addressing
2.1.2.2. Pre Interface based Assignment
2.1.2.3. Virtual Addresses
2.1.2.4. Dynamic Addressing
2.1.2.5. Static Addressing
2.2. Domain Name System
2.2.1. Domain Names
2.2.2. Creating a new Domain Name
http://www.eccouncil.org
EC-Council
Page 5
The Network Security Administrator certification exam 312-38 will be conducted on the last day of
training. Students need to pass the online Prometric exam to receive ENSA certification.
Name servers
2.2.3.3.
Resolver
2.2.3.4.
2.3. Gateways
Page 6
Multimedia Gateway
2.3.2.3.
http://www.eccouncil.org
EC-Council
Page 7
CSMA/CA
4.8.3.3.
Contention Domains
http://www.eccouncil.org
EC-Council
6.3. Availability
7. Information states
7.1. Transmission
7.2. Stora1ge
7.3. Processing
8. Operations Security (OPSEC)
Page 8
http://www.eccouncil.org
EC-Council
Page 9
http://www.eccouncil.org
EC-Council
Page 10
16.8. Brouter
16.9. Bridges
16.10.
Adapters
http://www.eccouncil.org
EC-Council
2.5.5. Class E
Page 11
http://www.eccouncil.org
EC-Council
Page 12
http://www.eccouncil.org
EC-Council
Page 13
http://www.eccouncil.org
EC-Council
Page 14
7.2.1.1.4. Close
7.2.1.1.5. Status
7.2.1.1.6. Abort
7.2.2. TCP/lower -level Interface
7.2.3. TCP/lower level Commands
7.2.3.1.
Open call
http://www.eccouncil.org
EC-Council
Page 15
Delay
8.2.3.3.
Throughput
8.2.3.4.
Reliability
http://www.eccouncil.org
EC-Council
8.4.6. Delivery
8.4.7. Routing
8.4.8. Multicasting
8.4.9. Encapsulating Security Payload
8.4.9.1. Modes in ESP
8.4.9.1.1. Tunnel modes
Page 16
http://www.eccouncil.org
EC-Council
Page 17
Accuracy of Biometrics
6.1.2.2.3.
Applications of Biometrics
6.1.2.2.3.1.
Fingerprint Verification
6.1.2.2.3.2.
Hand Geometry
6.1.2.2.3.3.
Voice Recognition
6.1.2.2.3.4.
Retina Scanning
6.1.2.2.3.5.
Iris Scanning
6.1.2.2.3.5.1.
http://www.eccouncil.org
Panasonic Authenticam
EC-Council
6.1.2.2.3.6.
Facial Recognition
6.1.2.2.3.7.
Biometric Signatures
6.1.2.2.4.
Page 18
Server Security
6.1.11.2.
6.1.11.3.
http://www.eccouncil.org
EC-Council
Page 19
USB Tokens
8.10.1. TEMPEST
8.10.1.1.
shielding
8.10.1.2.
grounding
8.10.1.3.
attenuation
8.10.1.4.
banding
8.10.1.5.
filtered power
8.10.1.6.
cabling
8.10.1.7.
Zone of control/zoning
8.10.1.8.
TEMPEST separation
Fire Detection
8.11.2.
8.11.3.
http://www.eccouncil.org
EC-Council
9. Mantrap
9.1. Mantrap: Diagrammatical Representation
Physical Security Checklist
Module V: Network Security
1. Overview of Network Security
Page 20
http://www.eccouncil.org
EC-Council
Page 21
http://www.eccouncil.org
EC-Council
Dial back
Line-of-sight
Page 22
Screening
18.13.
Protected wireline
http://www.eccouncil.org
EC-Council
Page 23
http://www.eccouncil.org
EC-Council
6.1.2. IT policies
6.2. General Policies
6.3. Partner Policies
6.4. Types of Security Policies: Issues Specific Policies
6.5. Policy design
7. Contents of Security Policy
Page 24
http://www.eccouncil.org
EC-Council
Page 25
http://www.eccouncil.org
EC-Council
Page 26
http://www.eccouncil.org
EC-Council
4.1. Spamming
Page 27
http://www.eccouncil.org
EC-Council
Page 28
http://www.eccouncil.org
EC-Council
Page 29
3.4. Timing
3.5. Goal of detection
3.6. Control Issues
4. IDS for an Organization
4.1. Selecting an IDS
4.2. Deploying an IDS
4.3. Maintaining an IDS
5. Characteristics of IDS
5.1. Importance of IDS
6. Aggregate Analysis with IDS
7. Types of IDS
7.1. Network based IDS
7.1.1. NIDS Architecture
7.1.1.1. Traditional Sensor-Based
7.1.1.2. Distributed Network Node
7.1.2. Operational Concept
7.1.2.1. Tip off
7.1.2.2. Surveillance
7.1.2.3. Forensic Workbench
7.1.3. Network-Based Detection
7.1.3.1. Unauthorized Access
7.1.3.2. Data Resource Theft
7.1.3.3. Denial of Service
7.1.3.4. Password Download
7.1.3.5. Malformed Packet
7.1.3.6. Packet Flooding
7.1.4. Tool: NetRanger
http://www.eccouncil.org
EC-Council
Page 30
Surveillance
7.2.2.3.
Damage Assessment
7.2.2.4.
Compliance
7.2.3.3.
http://www.eccouncil.org
EC-Council
7.4.1.2.2.
Reverse Relaying
Page 31
http://www.eccouncil.org
EC-Council
Page 32
14.2. Filtering
14.3. Packet Decoding
14.4. Storage
14.5. Fragment Reassembly
14.6. Stream Reassembly
14.7. Stateful Inspection of TCP Sessions
14.8. Firewalling
15. IPS Tool
15.1. Sentivist
15.2. StoneGate IPS
15.3. McAfee
16. IDS vs. IPS
17. Intrusion Detection Checklist
Module XII: Firewalls
1. Firewalls: Introduction
2. Security features
2.1. Securing individual users
2.2. Perimeter security for networks
3. Multiple components of Firewall
4. Firewall Operations
5. Software Firewall
http://www.eccouncil.org
EC-Council
6. Hardware Firewall
Page 33
7. Types of Firewalls
7.1. IP Packet Filtering Firewall
7.2. Circuit-Level Gateway
7.3. Application Level Firewalls
8. Pix Firewall
9. Basic features of PIX firewall
10. Advanced Features of PIX firewall
11. Firewall Features
12. Establishing Rules and Restrictions for your Firewall
13. Firewall Configuration Strategies
14. Scalability
15. Firewall Architecture
15.1. Dual-Homed Host Architecture
15.2. Screened Host Architecture
15.3. Screened Subnet Architecture
16. Handling threats and security tasks
17. Protection against hacking
18. Centralization and Documentation
19. Multi-layer firewall protection
20. Firewall deployment strategies
20.1. Screened Host
20.2. Two router with one firewall
20.3. Introduction to Demilitarized Zone(DMZ)
20.4. DMZ screened subnet
20.5. Multi firewall DMZ
20.5.1. Two firewalls, One DMZ
20.5.2. Two firewalls, Two DMZ
http://www.eccouncil.org
EC-Council
20.6.
Screening Router
20.7.
Page 34
24.1. Firewalking
24.2. Banner Grabbing
24.3. Placing Backdoors Through Firewalls
25. Limitations of Firewalls
26. Personal Firewall Software
26.1. ZoneAlarm Pro
26.2.
26.3.
26.4.
http://www.eccouncil.org
EC-Council
Page 35
32. SQUID
33. WinGate
34. Symantec Enterprise Firewall
35. Firewall Testers
35.1. Firewalk
35.2.
FTester
35.3.
http://www.eccouncil.org
EC-Council
TCP
1.2.11.1.1.
Urgent Flag
Page 36
Syn flag
UDP
http://www.eccouncil.org
EC-Council
Page 37
http://www.eccouncil.org
EC-Council
Page 38
http://www.eccouncil.org
EC-Council
3.8.2.3.
Gen II Honeynet
3.8.2.4.
Virtual Honeynet
Page 39
3.8.2.2.
http://www.eccouncil.org
EC-Council
Page 40
http://www.eccouncil.org
EC-Council
Page 41
http://www.eccouncil.org
EC-Council
2.3.7.3.
Page 42
2.5. Network adapter is connected, but you cant reach the Internet
2.6. Troubleshooting Connectivity
2.6.1. Causes for connectivity Problem
2.6.2. Troubleshooting Physical Problems
2.6.3. Troubleshooting Link Status
2.6.4. Physical Troubleshooting Tools
2.6.5. Troubleshooting the Topology
2.6.6. Troubleshooting the Fault Domain
2.6.7. Tracing connectivity
2.6.7.1. ipconfig
2.7. Performance Measurement Tool
2.7.1. Host Monitoring Tool
2.7.2. Point Monitoring tool
2.7.3. Network Monitoring Tool
3. Troubleshooting Network devices
3.1. Windows PC Network Interface Card
3.2. Troubleshooting Cisco Aironet Bridge
3.3. Troubleshooting bridges using the Virtualization Engine
3.4. Troubleshooting BR350 (Bridge)
3.5. Diagnosing Repeater and Gateway Problems
3.6. Troubleshooting Hubs and Switches
3.7. Troubleshooting cable modem
http://www.eccouncil.org
EC-Council
Page 43
http://www.eccouncil.org
EC-Council
Page 44
Voltmeters
http://www.eccouncil.org
EC-Council
Page 45
http://www.eccouncil.org
EC-Council
Page 46
Logging Concept
24.3.
ACl Types
24.4.
Monitoring ACL
http://www.eccouncil.org
EC-Council
Implementing ACL
24.6.
Page 47
24.5.
28.3.
30.3.
30.4.
30.5.
http://www.eccouncil.org
EC-Council
32.3.
Page 48
http://www.eccouncil.org
EC-Council
Page 49
http://www.eccouncil.org
EC-Council
Page 50
23. Linux
23.1. User and File system Security Administration
23.1.1. Security
23.1.1.1.
Data Security
23.1.1.2.
Network Security
http://www.eccouncil.org
EC-Council
23.1.2.3.
Guest Account
23.1.2.4.
User Account
23.1.2.5.
etc/password fields
23.1.2.6.
etc/shadow fields
23.1.2.7.
etc/gshadow
23.1.2.8.
etc/group
Page 51
23.1.2.2.
Default Directories
24.3.
PAM Framework
24.4.
http://www.eccouncil.org
EC-Council
Page 52
http://www.eccouncil.org
EC-Council
Page 53
9.6. Confirmation
10. Windows Update Services
10.1. Microsoft Software Update Services (SUS)
10.2. Windows Server Update Services (WSUS)
10.3. WSUS VS SMS 2003
10.4. Role of SMS in Patch Management Process
11. Microsoft Patch Management Tool: Microsoft Baseline Security Analyzer
11.1. MBSA: Scanning Updates in GUI Mode
11.2. MBSA: Scanning Updates in Command-line version
12. Patch Management Tool
12.1. Selecting a Tool
12.1.1. Learning Curve
12.1.2. Platform Support
12.1.3. System targeting
12.1.4. Ease of Use
12.1.5. Connection Sensitivity
12.1.6. Deployment Schedule
12.1.7. Cost
12.2. Microsoft Baseline Security Analyzer
12.3. Qchain
12.4. BES Patch Management
12.5. Shavlik HFNetChkPro 5
12.6. PatchLink Update
12.7. SecureCentral PatchQuest
Module XX: Log Analysis
1. Introduction to Log Analysis
http://www.eccouncil.org
EC-Council
Page 54
http://www.eccouncil.org
EC-Council
Page 55
http://www.eccouncil.org
EC-Council
5.2.1. Cookies
5.2.1.1. What is in a Cookie
5.2.1.2. Working of a Cookie
5.2.1.3. Persistent Vs Non-Persistent
5.2.1.4. Secure Vs Non-Secure
5.2.2. Session Tokens
Page 56
Authentication Tokens
http://www.eccouncil.org
EC-Council
http://www.eccouncil.org
EC-Council
Page 57
Page 58
http://www.eccouncil.org
EC-Council
Page 59
15.2.1.2.
15.2.1.3.
15.2.1.4.
15.2.1.5.
15.2.1.6.
15.2.1.7.
Miscellaneous Options
15.2.1.8.
User Authentication
Stringer
15.3.3.2.
Download Cwshredder
15.3.3.3.
http://www.eccouncil.org
EC-Council
Page 60
IPIX
16.1.2. VRML
16.1.3. Audio
16.1.4. Multimedia
16.1.4.1.
Shockwave
16.1.4.2.
Real Player
16.1.4.3.
Shockwave Flash
16.1.4.4.
Quick Time
16.1.5. Util
16.1.5.1.
16.1.5.2.
16.1.5.3.
Neptune
16.1.6. Others
16.1.6.1.
Java Plug-in
http://www.eccouncil.org
EC-Council
16.2.6. Shockwave
Page 61
16.11.
Open Text
16.12.
Validate RSS
16.13.
Validate CSS
16.14.
Validate HTML
http://www.eccouncil.org
EC-Council
Page 62
6. Components of an Email
6.1. Headers
6.1.1. Examining an E-Mail header
6.1.2. Reading E-Mail headers
6.2. Opening Attachments
6.3. Reading E-Mails for different clients
6.4. Field names and values
6.5. Address list
6.6. Recipients and Senders
6.7. Response targets and threading
7. E-Mail Servers
8. E-Mail Encryption
8.1. Centurion mail
8.2. Kerberos
8.3. Hush Mail
8.4. Pretty good privacy
8.5. Secure Hive
9. Installing WorkgroupMail
10. Configuring Outlook Express
11. Secure Email
12. E-mail Authentication
12.1. Mail Transfer
http://www.eccouncil.org
EC-Council
Page 63
http://www.eccouncil.org
EC-Council
Page 64
17.6. SpamAware
18. Tracking e-mails
18.1. readnotify
Module XXIV: Authentication: Encryption, Cryptography and Digital Signatures
1. Authentication
1.1. Authentication Tokens
1.2. RSA SecurID
1.3. Smart Cards
2. VeriSign Authentication
3. Encryption
3.1. Encryption Systems
3.2. Firewalls Implementing Encryption
3.3. Lack of Encryption
3.4. Cost of encryption
3.5. Preserving data integrity
3.6. Maintaining confidentiality
3.7. Authentication and Identification
3.8. Authenticity of N/W clients
3.9. Key Based Encryption Systems
3.9.1. Symmetric Key
3.9.2. Public Key
http://www.eccouncil.org
EC-Council
3.10.1.2.
3.10.1.3.
Page 65
http://www.eccouncil.org
EC-Council
3.11.7. SSL
3.12. Types of Encryption Algorithms
3.12.1. Symmetric Key Encryption
3.12.2. Asymmetric key encryption
3.13. Hashing algorithms
3.13.1. IPSec
Page 66
Transport Mode
3.13.4.2.
Tunnel Mode
3.13.4.3.
AH
3.13.8.2.
ESP
Client
3.13.9.2.
Server
3.13.9.3.
Secure Server
IP Filters
http://www.eccouncil.org
EC-Council
4. Cryptography
Page 67
http://www.eccouncil.org
EC-Council
8.4. PKI
9. key management protocols (bundling, electronic key, over-the-air rekeying)
Module XXV: Virtual Private Networks and Remote Networking
1. Introduction to Virtual Private Network
2. Types of VPN
Page 68
http://www.eccouncil.org
EC-Council
Page 69
7.2. Concentrator
7.3. Other Methods
8. Step1: Setting Up VPN
9. Step2: Implement DHCP Services
10. Step3: Create An Enterprise Certificate Authority
11. Step 4: Install IAS
12. Step 5: Configure IAS
13. Step 6: Create A Remote Access Policy
14. Step 7: Configure The VPN Server
15. Step 8: Associate The VPN Server With The DHCP Server
16. Step 9: Configure Remote Clients
17. Step 10: Test The Client Connection
18. VPN Policies
19. VPN Registrations And Passwords
20. Risk Associated With VPN
21. Pre Implementation Review Auditing
22. Implementation Review Auditing
23. Post Implementation Review And Reporting
24. VPN Product Testing
25. Common VPN Flaws
Module XXVI: Wireless Network Security
1. Introduction to Wireless
1.1. Types of wireless networks: WLAN, WWAN, WPAN and WMAN
1.2. Wired Vs. Wireless Networks
1.3. Advantages and Disadvantages of Wireless
2. Types of Wireless Networks
http://www.eccouncil.org
EC-Council
Page 70
http://www.eccouncil.org
EC-Council
Page 71
http://www.eccouncil.org
EC-Council
Page 72
Communications
Kerberos
http://www.eccouncil.org
EC-Council
Components
19.1.3.3.
Page 73
19.1.3.2.
19.2. WPA
http://www.eccouncil.org
EC-Council
3. Network Security
3.1. Key Aspect of Fault Tolerance
3.2. Fault Tolerant Network
4. Reasons for Network Failure
4.1. Viruses And Trojans
4.2. Intrusion
Page 74
http://www.eccouncil.org
EC-Council
Page 75
6.9.6. RAID Level 5(Striping with Parity Information Spread Across Drives)
6.10. Clustered Servers
6.11. Simple Server Redundancy
6.12. Archiving
6.13. Auditing
6.13.1. Anatomy of Auditing
6.13.2. Auditing Mechanism
6.13.3. Audit Browsing
6.13.4. Effectiveness of security programs
6.13.5. Investigation of security breaches
6.13.6. Review of audit trails and logs
6.13.7. Review of software design standards
6.13.8. Review of accountability controls
6.13.9. verification, validation, testing, and evaluation processes
6.14. Privacy
6.15. Deployment Testing
6.16. Circuit Redundancy
6.17. Offsite Storage
6.18. Perimeter Security
6.19. Understanding Vulnerabilities
6.20.
Authentication
http://www.eccouncil.org
EC-Council
Page 76
6.2. Identification
6.3. Containment
6.4. Eradication
6.5. Recovery
6.6. Follow-up
7. Incident Response Team
7.1. Basic Requirements
7.2. Ways of Communication
7.3. Staffing Issues
7.4. Stages
8. Obstacles in Building a Successful Incident Response Team
9. Computer Security Incident Response Team
9.1. Services
9.1.1. Reactive Services
9.1.2. Proactive Services
9.1.3. Security Quality Management Services
Module XXIX: Disaster Recovery and Planning
1. Overview of Disaster and its types
2. What is a Disaster Recovery
3. Principles of Disaster Recovery
4. Types of Disaster Recovery Systems
http://www.eccouncil.org
EC-Council
Page 77
http://www.eccouncil.org
EC-Council
Page 78
22.3.
22.4.
22.5.
22.6.
roles and responsibilities of all the players in the risk analysis process
23.3.
23.4.
23.5.
corrective actions
23.6.
Risk Assessment
24.3.
24.4.
Monitoring
24.5.
http://www.eccouncil.org
EC-Council
Page 79
1. Vulnerability Assessment
1.1. Vulnerability Assessment services
1.2. Goals of vulnerability assessment
2. Features of a good vulnerability assessment
2.1. Network Vulnerability Assessment Timeline
2.2. Network Vulnerability Assessment Team
3. Vulnerability classes
4. Source Of Vulnerabilities
4.1. Design Flaws
4.2. Poor Security management
4.3. Incorrect Implementation
5. Choice of Personnel for Network Vulnerability Assessment
6. Network vulnerability Assessment methodology:
6.1. Phase 1- Acquisition
6.2. Phase 2 - Identification
6.3. Phase 3 - Analyzing
6.4. Phase 4 - Evaluation
6.5. Phase 5 - Generation
7. How to assess vulnerability assessment tools
8. Selecting vulnerability assessment tools
8.1. SAINT
8.2. Nessus
8.3. BindView
8.4. Nmap
8.5. Ethereal
8.6. Retina
8.7. Sandcat Scanner
http://www.eccouncil.org
EC-Council
8.8. Vforce
8.9. NVA-Team Checklist
Page 80
http://www.eccouncil.org
EC-Council
http://www.eccouncil.org
EC-Council
Page 81