Average Rating: 0.00/10
(# Rating Votes: 0 | Rate This Course | Contribute a Review )
Short Description:
Security technologies, common vulnerabilities, and countermeasures to these vulnerabilities will be covered.
Full Description:
Course Overview This course builds on the material presented in the Network Attacks and Countermeasures course. Security technologies, common vulnerabilities, and countermeasures to these vulnerabilities will be covered. In addition to the classroom instruction, this course will contain several hands-on labs and instructor demonstrations.
Who Should Attend This course is designed for IT administrators, engineers and managers who are responsible for the day-to-day operation and/or protection of their organizations' networked systems. The following professionals benefit best from this course:
Systems Administrators
Web Administrators
Support Analysts
Network Engineers
IT Managers
Prerequisites Students are expected to have a basic understanding of the topics covered in the introductory class, including TCP/IP security problems, locking down the OS, web and application security, firewalls, cryptography, and VPNs.
Topics Covered Determining firewall/ACL rules with hping2 & nmap
Mapping networks behind the firewall with firewalk
Tunneling through the firewall with httptunnel
Heap overflows
Format string attacks
Input validation errors
SQL hacking
Prediction web session ID's
SSL exploits
SSH exploits
Sniffing in switched networks with dsniff
Spoof bounce scan
Kernel Loadable Module rootkits (Windows, Solaris and Linux)
Network Based IDS - snort, Network Flight Recorder, port sentry
Host Based IDS - tripwire, AIDE, LIDS, hostsentry, logcheck
Bypassing Intrusion Detection Systems - fragrouter, stick, pudding, tcpreplay
Determining if a packet was spoofed with despoof
Goals & Objectives By the end of this course, students will have an increased awareness of methods used to bypass security technologies, and how to detect and prevent these subversions. They will receive hands-on experience with some of the most popular and advanced security tools in use today, and how to determine if those tools are being used against their own networks. An entire day of the course is dedicated to Intrusion Detection, how hackers bypass Intrusion Detection Systems, and methods used to prevent that from happening.
Course Outline Day 1: Advanced Attacks
Unit Discovering firewall rules and router ACL's
Hping2
Nmap
Mapping networks behind the firewall
Firewalk
Tunneling through the firewall
Httptunnel
Covert tunnels
Using ICMP to tunnel through the firewall
Advanced uses of ICMP for scanning
icmpenum
ISIC
Sniffing in Switched Networks
Dsnif
Antisniff - tool to detect sniffers
Anti Antisniff - kernel patch to defeat the latency test in AntiSniff and similiar tools
Weaknesses in SSL
Weaknesses in SSH
Dsniff
SQL Hacking
Predicting Web Session ID's
Format String Attacks
Heap Overflows
Exploiting Loadable kernel Modules
knark - LKM rootkit for Linux
Tools to detect LKM rootkits
Bypassing tripwire and other integrity checking systems
Testing applications for security
Before install
After install
Before execution
During execution - after specific actions, etc.
After execution
Tools used - debuggers, registry watchers, etc. (separated by platform)
Day 2 Intrustion Detection Systems
Terms & definitions
Host-based
Network-based
Network node
False Positive
False Negative
Misuse Detection
Anomaly Detection
Some Common tools
Snort
LIDS
Hostsentry
Portsentry
Logcheck
Swatch
Tripwire
AIDE
despoof
Problems with Network Intrustion Detection Systems(NIDS)
Insertion attacks
Evasion attacks
Denial of service attacks
Decoys
Application layer
Switched networks
Fast networks
Encryption
Tools used to bypass IDS
Fragrouter
Tcpreplay
Stick
Pudding
RFProxy
Whisker
Ways to improve IDS
Host-based IDS
Network node IDS
Proactive IDS
Protocol scrubbing
Duration:
2 Days
Price:
Lots
Submitted by: admin
Hits: 0
NSEC's Advanced Network Attacks & Countermeasures Course Web Page
|
