Professional Documents
Culture Documents
EC-Council Certified
Security Specialist
http://www.eccouncil.org
http://www.eccouncil.org EC-Council
EC-Council
Page 2
http://www.eccouncil.org EC-Council
Course Description
EC-Council Certified Security Specialist (ECSS) allows students to enhance their skills in three differ-
Page 3
ent areas namely information security, network security, and computer forensics.
Information security plays a vital role in most of the organizations. Information security is a state of
affairs where information, information processing, and communication are protected against the con-
fidentiality, integrity, and availability of information and information processing. In communications,
information security also covers trustworthy authentication of messages that cover identification of the
parties, verifying, and recording the approval and authorization of the information, non-alteration of
the data, and the non-repudiation of the communication or stored data.
Network security plays a vital role in most of the organizations. It is the process of preventing and
detecting the unauthorized use of your computer. It protects the networks and their services from the
unauthorized modification, destruction, or disclosure. Network security provides assurance that a net-
work performs its critical functions correctly and there are no harmful side effects.
Computer forensics is the process of detecting hacking attacks and properly extracting evidence to
report the crime and conduct audits to prevent future attacks. Computer forensics is the application of
computer investigation and analysis techniques in the interests of determining potential legal evidence.
Evidence might be sought in a wide range of computer crime or misuse, including but not limited to
theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensics
enables the systematic and careful identification of evidence in computer related crime and abuse cases.
This course will benefit the students who are interested in learning fundamentals of information secu-
rity, network security, and computer forensics.
The EC-Council Certified Security Specialist (ECSS) program is designed primarily for students of
academic institutions. It covers the fundamental basics of information security, computer forensics, and
network security.
The program will give a holistic overview of the key components of information security. Students,
who complete the ECSS program, will be equipped with the adequate foundation knowledge and
should be able to progress onto the next level.
http://www.eccouncil.org EC-Council
Who Should Attend
This course will significantly benefit individuals who are entering into the world of computer security.
ECSS is an entry level security program.
Duration
2 days (9:00 – 5:00)
Page 4
Certification
The ECSS exam will be conducted on the last day of training. Students need to pass the online Pro-
metric exam to receive the ECSS certification.
http://www.eccouncil.org EC-Council
Page 5
TM
E CS S
EC-Council Certified Security Specialist
http://www.eccouncil.org EC-Council
Course Outline v3
Module 01: Information Security Fundamentals
2009 Data Breach Investigations Report
Security Threat Report 2009: SOPHOS
Data Breach Investigations Report
Internet Crime Report: IC3
Page 6
http://www.eccouncil.org EC-Council
Module 02: Addressing Threats
Page 7
What is a Threat
Current Scenario
Knowing Terms: Vulnerability, Exploit
Internal Threat
Sniffing
External Threat
Types of External Threats
External Threats
o Social Engineering
• Social Engineering Example 1
• Social Engineering Example 2
o Denial of Service Attacks
• What are Denial of Service Attacks
• Impact and the Modes of Attack
o DoS Attack Tools
• Jolt2
• Bubonic.c
• Land and LaTierra
• Targa
o Distributed Denial of Service Attack (DDoS)
• Characteristics of DDoS Attacks
o DDoS Attack Tool
• DDoS Tool: Tribal Flood Network
• DDoS Tool: Shaft
• DDoS Tool: Trinity
• stacheldraht
o Virus and Worm
o Trojan and Rootkit
http://www.eccouncil.org EC-Council
• Worms and their Role in DoS Attack
• Worms and their Role in DoS Attack: Troj/Pointu-A
o Corporate Espionage
• Introduction To Corporate Espionage
• Information that the Corporate Spies Seek
• How the Information is Attacked
• Insider Threat
• Different Categories of Insider Threat
Page 8
• Process of Hacking
• Corporate Espionage: Case Study
o Employee Monitoring Tools
• Activity Monitor
• Imonitor Employee Activity Monitor
• Chily Employee Activity Monitor
• Net Spy Pro
• Guardian Monitor Professional
• Accidental Security Breach
• Automated Computer Attack
• Countermeasures
• Vulnerabilities in Windows
http://www.eccouncil.org EC-Council
Overt and Covert Channels
How is a Worm Different from a Virus
Page 9
Virus History
Stages of Virus Life
Modes of Virus Infection
Indications of Virus Attack
Underground Writers
Prevention is Better than Cure
Anti-Virus Systems
Anti-Virus Software
AVG Antivirus
Norton Antivirus
McAfee Spam Killer
McAfee VirusScan
F-Secure Anti-Virus
Kaspersky Anti-Virus
How to Detect Trojans
Tool:Netstat
Tool: TCPView
Delete Suspicious Device Drivers
Check for Running Processes: What’s on My Computer
Super System Helper Tool
Tool: What’s Running
Top 10 Latest Viruses
http://www.eccouncil.org EC-Council
Why is Linux Hacked
How to Apply Patches to Vulnerable Programs
Linux Rootkits
o Hacking Tool: Linux Rootkits
o Knark & Torn
o Tuxit, Adore, Ramen
o Linux Rootkit: phalanx2
o Beastkit
Page 10
o Rootkit Countermeasures
o ‘chkrootkit’ Detects the Following Rootkits
Linux Hacking Tools
o Scanning Networks
o Nmap in Linux
o Scanning Tool: Nessus
o Port Scan Detection Tools
o Password Cracking in Linux: John the Ripper
o Firewall in Linux: IPTables
o IPTables Command
o Basic Linux Operating System Defense
o SARA (Security Auditor’s Research Assistant)
o Linux Tool: Netcat
o Linux Tool: tcpdump
o Linux Tool: Snort
o Linux Tool: SAINT
o Linux Tool: Wireshark
o Linux Under Attack: Compromised SSH Keys Lead to Rootkit
http://www.eccouncil.org EC-Council
Authentication Mechanisms
HTTP Authentication
Page 11
o Basic Authentication
o Digest Authentication
Microsoft Passport Authentication
What is a Password Cracker
Modus Operandi of an Attacker Using Password Cracker
How does a Password Cracker Work
Attacks – Classification
Password Guessing
Dictionary Maker
Password Cracking Tools
o L0phtcrack (LC4)
o John the Ripper
o Brutus
o Hydra
o Cain & Abel
o Other Password Cracking Tools
Security Tools
o WebPassword
o Password Administrator
o Password Safe
o Passwords: Dos and Don’ts
o Password Generators
http://www.eccouncil.org EC-Council
Working of Encryption
Digital Signature
What is SSH
SSH (Secure Shell)
RSA (Rivest Shamir Adleman)
Example of RSA algorithm
RSA Attacks
Page 12
RSA Challenge
MD5
SHA (Secure Hash Algorithm)
Code Breaking: Methodologies
Disk Encryption
Cryptography Attacks
Role of Cryptography in Data Security
Magic Lantern
Cleversafe Grid Builder
Microsoft Cryptography Tools
http://www.eccouncil.org EC-Council
o Popular Web Servers
o IIS 7 Components
Page 13
o IIS Vulnerabilities
o IIS Vulnerabilities Detection: Tools
o Apache Vulnerability
o Increasing Web Server’s Security
Web Applications
o Web Application Architecture Components
o Web Application Software Components
o Web Application Setup
o Web Application Threats
o Cross-Site Scripting/XSS Flaws
o An Example of XSS
o Countermeasures
o SQL Injection
o Command Injection Flaws
o Countermeasures
o Cookie/Session Poisoning
o Countermeasures
o Instant Source
o Wget
o GUI for Wget
o WebSleuth
o BlackWidow
o WindowBomb
o WindowBomb: Report
o Burpsuite
o cURL
http://www.eccouncil.org EC-Council
Module 08: Wireless Networks
Wireless Networking
Effects of Wireless Attacks on Business
Wireless Standards
o Wireless Standard: 802.11a
o Wireless Standard: 802.11b – “WiFi”
o Wireless Standard: 802.11g
Page 14
http://www.eccouncil.org EC-Council
Module 09: Intrusion Detection System
Intrusion Detection Systems
Page 15
IDS Placement
Cybersecurity Plan to Boost IT Firms, But Doubts Persist
Types of Intrusion Detection Systems
Ways to Detect an Intrusion
System Integrity Verifiers (SIV)
General Indications of System Intrusions
General Indications of File System Intrusions
General Indications of Network Intrusions
Intrusion Detection Tools
o Snort
IDS Testing Tool: Traffic IQ Professional
IDS Software Vendors
http://www.eccouncil.org EC-Council
o Firewalking
o Banner Grabbing
o Placing Backdoors through Firewalls
Honeypot
o What is a Honeypot
o The Honeynet Project
o Types of Honeypots
Page 16
http://www.eccouncil.org EC-Council
o Operating System Attacks
o Application Level Attacks
Page 17
Computer Crimes and Implications
Legal Perspective (US Federal Law)
http://www.eccouncil.org EC-Council
Module 13: Networking Revisited
Network Layers
Application Layer
Transport Layer
Internet Layer
Network Interface Layer
Physical Layer
Page 18
http://www.eccouncil.org EC-Council
o VPN Security Protocol - IPSec
o VPN Security Protocol - PPTP
Page 19
o VPN Security Protocol -L2TP
o Wireless Security Protocol - WEP
o VoIP Security Protocol -H.323
o VoIP Security Protocol- SIP
Public Key Infrastructure (PKI)
Access Control Lists (ACL)
Authentication, Authorization, Accounting (AAA)
RADIUS
TACACS+
Kerberos
Internet Key Exchange protocol (IKE)
http://www.eccouncil.org EC-Council
o Fingerprint-based Identification
o Hand Geometry-based Identification
Digital Certificates
Attacks on Password Authentication
http://www.eccouncil.org EC-Council
Need for a Bastion Host
Basic Principles for Building a Bastion Host
Page 21
General Requirements to Setup a Bastion Host
Hardware Requirements
Selecting the Operating System for the Bastion Host
Positioning the Bastion Host
o Physical Location
o Network Location
o Select a Secure Location
Auditing the Bastion Host
Connecting the Bastion Host
Tool: IPSentry
What is DMZ
Different Ways to Create a DMZ
Where to Place Bastion Host in the DMZ
Benefits of DMZ
http://www.eccouncil.org EC-Council
Types of Proxy Servers
o Transparent Proxies
o Non-transparent Proxy
o SOCKS
Proxy Server-based Firewalls
o Wingate
o Symantec Enterprise Firewall
Page 22
http://www.eccouncil.org EC-Council
VPN Vulnerabilities
Page 23
Module 20: Introduction to Wireless Network Security
Introduction to Wireless Networking
Basics
Types of Wireless Networks
o WLANS
o WPANs
o WMANs
o WWANs
Antennas
SSIDs
Rogue Access Points
Tools to Detect Rogue Access Points: NetStumbler
Netstumbler
What is Wired Equivalent Privacy (WEP)
WEP Tool: AirSnort
802.11 Wireless LAN Security
Limitations of WEP Security
Wireless Transportation Layer Security (WTLS)
Extensible Authentication Protocol (EAP) Methods
802.11i
Wi-Fi Protected Access (WPA)
TKIP and AES
Denial of Service Attacks
Man-in-the-Middle Attack (MITM)
WIDZ, Wireless Intrusion Detection System
Securing Wireless Networks
http://www.eccouncil.org EC-Council
Maximum Security: Add VPN to Wireless LAN
VoIP Standards
Wireless VoIP
VoIP Threats
VoIP Vulnerabilities
VoIP Security
Skype’s International Long Distance Share Grows, Fast.
VoIP Services in Europe
VoIP Sniffing Tools
o AuthTool
o VoIPong
o Vomit
o PSIPDump
o Web Interface for SIP Trace (WIST)
VoIP Scanning and Enumeration Tools
o SNScan
o Netcat
o SiVus
VoIP Packet Creation and Flooding Tools
o SipBomber
o Spitter
o Scapy
http://www.eccouncil.org EC-Council
VoIP Fuzzing Tools
o Ohrwurm
Page 25
o SIP Forum Test Framework
o Asteroid
VoIP Signaling Manipulation Tools
o RTP Tools
Other VoIP Tools
o Tcpdump
o Wireshark
o Softperfect Network Sniffer
o HTTP Sniffer
o SmartSniff
VoIP Troubleshooting Tools
o P.862
o RTCP XR – RFC3611
http://www.eccouncil.org EC-Council
Time Spent Responding to the Security Incident
Cost Expenditure Responding to the Security Incident
Cyber Crime Investigation Process
Challenges in Cyber Crime Investigation
Rules of Forensic Investigation
Role of Forensics Investigator
Investigative Agencies: FBI
Page 26
http://www.eccouncil.org EC-Council
o How Long Does a Copyright Last
o U.S. Copyright Office
Page 27
o Doctrine of “Fair Use”
o How are Copyrights Enforced
Plagiarism
o Types of Plagiarism
o Steps for Plagiarism Prevention
o Plagiarism Detection Factors
Plagiarism Detection Tools
o iParadigm’s: Plagiarism Detection Tool
o iThenticate: Uploading Document
o iThenticate: Generating Report
o iThenticate: Report
o Turnitin
o Essay Verification Engine 2 (EVE2)
o Jplag
o Sherlock: Plagiarism Detector
o Dupli Checker
o SafeAssignment
o PlagiarismDetect.com
Patent Infringement
o Patent
o Patent Infringement
o Types of Patent Infringement
o Patent Search USPTO Recommended Seven-step Strategy for Patent Search
Trademarks and Copyright Laws
o U.S. Laws for Trademarks and Copyright
o Indian Laws for Trademarks and Copyright
http://www.eccouncil.org EC-Council
o UK Laws for Trademarks and Copyright
o Hong Kong Laws for Intellectual Property
o External Threat
o Network Attacks
o Automated Computer Attack
o Sources of Evidence on a Network
Traffic Capturing and Analysis Tools
o Wireshark
o Tcpdump
o NetIntercept
o CommView
o EtherSnoop
o eTrust Network Forensics
o ProDiscover Investigator
o Documenting the Evidence Gathered on a Network
o Evidence Reconstruction for Investigation
Router Forensics
o What is a Router
o Functions of a Router
o A Router in an OSI Model
o Routing Table and its Components
o Router Architecture
o Implications of a Router Attack
http://www.eccouncil.org EC-Council
o Routers Vulnerabilities
o Types of Router Attacks
Page 29
o Router Attack Topology
• Denial of Service (DoS) Attacks
• Packet Mistreating Attacks
• Routing Table Poisoning
• Hit-and-Run and Persistent Attacks
o Router Forensics Vs. Traditional Forensics
o Investigating Routers
o Seize the Router and Maintain Chain of Custody
o Incident Response & Session Recording
o Accessing the Router
o Volatile Evidence Gathering
o Router Investigation Steps
o Link Logger
o Router Audit Tool (RAT)
o Generate the Report
http://www.eccouncil.org EC-Council
Incident Management
Reporting an Incident
Pointers to Incident Reporting Process
Report a Privacy or Security Violation
Preliminary Information Security Incident Reporting Form
Incident Response Procedure
Incident Response Policy
Page 30
http://www.eccouncil.org EC-Council
Module 26: Digital Evidence
Digital Evidence
Page 31
Challenging Aspects of Digital Evidence
The Role of Digital Evidence
Characteristics of Digital Evidence
Fragility of Digital Evidence
Types of Digital Data
Rules of Evidence
Best Evidence Rule
Evidence Life Cycle
Digital Evidence Investigative Process
Where to Find Digital Evidence
Securing Digital Evidence
Documenting Evidence
Evidence Examiner Report
Handling Digital Evidence in a Forensics Lab
Obtaining a Digital Signature and Analyzing it
Processing Digital Evidence
Storing Digital Evidence
Evidence Retention and Media Storage Requirements
Forensics Tool: Dcode
Forensics Tool: WinHex
Forensics Tool: PDA Secure
Forensics Tool: Device Seizure
http://www.eccouncil.org EC-Council
Understanding System Boot Sequence
Exploring Microsoft File Structures
Exploring Microsoft File Structures: FAT vs. NTFS
FAT
o FAT Structure
NTFS
o NTFS Architecture
Page 32
http://www.eccouncil.org EC-Council
Understanding Linux Loader
Popular Linux File Systems
Page 33
Use of Linux as a Forensics Tool
Advantages of Linux in Forensics
Popular Linux Forensics Tools
Mac OS X
Mac Security Architecture Overview
Exploring Macintosh Boot Tasks
Mac OS X File System
Mac Forensic Tool: MacLockPick
Mac Forensic Tool: MacAnalysis
http://www.eccouncil.org EC-Council
o Audio File Steganography
• Low-bit Encoding in Audio Files
o Video File Steganography
Hiding Information in DNA
Steganographic File System
Real World Applications of Steganography
Practical Applications of Steganography
Page 34
http://www.eccouncil.org EC-Council
Examining Intrusion and Security Events
Logon Event in Window
Page 35
Windows Log File
Logging in Windows
Remote Logging in Windows
Ntsyslog
Logs and Legal Issues
o Legality of Using Logs
o Laws and Regulations
Log Management
o Functions of Log Management
o Challenges in Log Management
Centralized Logging and Syslogs
o Central Logging Design
o Centralized Logging Setup
o Logging in Unix / Linux -Syslog
o Remote Logging with Syslog
o Significance of Synchronized Time
o Event Gathering
o EventCombMT
o Writing Scripts
o Event Gathering Tools
o Dumpel
o LogDog
o Forensic Tool: fwanalog
Log Capturing and Analysis Tools
o Syslog-ng Logging System
o WinSyslog Syslog Server
http://www.eccouncil.org EC-Council
o Kiwi Syslog Server
http://www.eccouncil.org EC-Council
Using Specialized E-mail Forensic Tools
o EnCase Forensic
Page 37
o FTK Imager
o FINALeMAIL
o Netcraft
o eMailTrackerPro
o E-mail Examiner
o LoPe
U.S. Laws Against Email Crime: CAN-SPAM Act
Email Crime Law in Washington: RCW 19.190.020
http://www.eccouncil.org EC-Council
Sample Report
Writing Report Using FTK
http://www.eccouncil.org EC-Council
For Training Requirements, Please
Contact EC-Council ATC.
Page 39
EC-Council
http://www.eccouncil.org
info@eccouncil.org
http://www.eccouncil.org EC-Council