Certified Professional Ethical Hacker

Overview

The Growth of

Environments and Security

Our Motivation?

The Goal: Protecting Information!

CIA Triad in Detail

Approach Security Holistically

Security Definitions

Definitions Relationships

Method: Ping

The TCP/IP Stack

Which Services Use Which Ports?

TCP 3-Way Handshake

TCP Flags

Malware

Types of Malware

Types of Malware Cont...

Types of Viruses

More Malware: Spyware

Trojan Horses

Back Doors

DoS

DDoS

Packet Sniffers

Passive Sniffing

Active Sniffing

Firewalls, IDS and IPS

Firewall ? First

Line of Defense

IDS ? Second Line of Defense

IPS ? Last Line of Defense?

Firewalls

Firewall Types:

(1) Packet Filtering

Firewall Types:

(2) Proxy Firewalls

Firewall Types ?

Circuit-Level Proxy Firewall

Type of Circuit-

Level Proxy ? SOCKS

Firewall Types ?

Application-Layer Proxy

Firewall Types: (3) Stateful

Firewall Types:

(4) Dynamic Packet-Filtering

Firewall Types:

(5) Kernel Proxies

Firewall Placement

Firewall Architecture

Types ? Screened Host

Multi- or Dual-Homed

Screened Subnet

Wi-Fi Network Types

Wi-Fi Network Types

Widely Deployed Standards

Standards Comparison

802.11n - MIMO

Overview of Database Server

Review

Overview

Role of Access Control

Definitions

More Definitions

Categories of Access Controls

Physical Controls

Logical Controls

?Soft? Controls

Security Roles

Steps to Granting Access

Access Criteria

Physical Access

Control Mechanisms

Biometric System Types

Synchronous Token

Asynchronous Token Device

Memory Cards

Smart Card

Cryptographic Keys

Logical Access Controls

OS Access Controls

Linux Access Controls

Accounts and Groups

Password &

Shadow File Formats

Accounts and Groups

Linux and UNIX Permissions

Set UID Programs

Trust Relationships

Review

Protocols Overview

OSI ? Application Layer

OSI ? Presentation Layer

OSI ? Session Layer

Transport Layer

OSI ? Network Layer

OSI ? Data Link

OSI ? Physical Layer

Protocols at

Each OSI Model Layer

TCP/IP Suite

Port and Protocol Relationship

Conceptual Use of Ports

UDP versus TCP

Protocols ? ARP

Protocols ? ICMP

Network Service ? DNS

SSH Security Protocol

SSH

Protocols ? SNMP

Protocols ? SMTP

Packet Sniffers

Example Packet Sniffers

Review

Overview

Introduction

Encryption

Cryptographic Definitions

Encryption Algorithm

Implementation

Symmetric Encryption

Symmetric Downfalls

Symmetric Algorithms

Crack Times

Asymmetric Encryption

Public Key

Cryptography Advantages

Asymmetric

Algorithm Disadvantages

Asymmetric

Algorithm Examples

Key Exchange

Symmetric versus Asymmetric

Using the

Algorithm Types Together

Instructor Demonstration

Hashing

Common Hash Algorithms

Birthday Attack

Example of a Birthday Attack

Generic Hash Demo

Instructor Demonstration

Security Issues in Hashing

Hash Collisions

MD5 Collision Creates

Rogue Certificate Authority

Hybrid Encryption

Digital Signatures

SSL/TLS

SSL Connection Setup

SSL Hybrid Encryption

SSH

IPSec - Network Layer Protection

IPSec

IPSec

Public Key Infrastructure

Quantum Cryptography

Attack Vectors

Network Attacks

More Attacks (Cryptanalysis)

Review

Overview

What is a

Vulnerability Assessment?

Vulnerability Assessment

Benefits of a

Vulnerability Assessment

What are Vulnerabilities?

Security Vulnerability Life Cycle

Compliance and Project Scoping

The Project

Overview Statement

Project Overview Statement

Assessing Current

Network Concerns

Vulnerabilities in Networks

More Concerns

Network Vulnerability

Assessment Methodology

Network Vulnerability

Assessment Methodology

Phase I: Data Collection

Phase II: Interviews, Information Reviews, and Hands-On Investigation

Phase III: Analysis

Analysis cont.

Risk Management

Why Is Risk

Management Difficult?

Risk Analysis Objectives

Putting Together

the Team and Components

What Is the Value of an Asset?

Examples of Some Vulnerabilities that Are Not Always Obvious

Categorizing Risks

Some Examples

of Types of Losses

Different Approaches

to Analysis

Who Uses What?

Qualitative Analysis Steps

Quantitative Analysis

ALE Values Uses

ALE Example

ARO Values and Their Meaning

ALE Calculation

Can a Purely Quantitative Analysis Be Accomplished?

Comparing Cost and Benefit

Countermeasure Criteria

Calculating Cost/Benefit

Cost of a Countermeasure

Can You Get Rid of All Risk?

Management?s Response to Identified Risks

Liability of Actions

Policy Review

(Top-Down) Methodology

Definitions

Policy Types

Policies with Different Goals

Industry Best

Practice Standards

Components that Support the Security Policy

Policy Contents

When Critiquing a Policy

Technical (Bottom-Up)

Methodology

Review

Vulnerability Scanners

Nessus

SAINT ? Sample Report

Tool: Retina

Qualys Guard

http://www.qualys.com/products/overview/

Tool: LANguard

Microsoft Baseline Analyzer

MBSA Scan Report

Dealing with Assessment Results

Patch Management Options

Review

Overview

Staying Abreast: Security Alerts

Vulnerability Research Sites

Nessus

SAINT

SAINT Reports

GFI Languard

GFI Reports

MBSA

MBSA Reports

Review

Reconnaissance Overview

Step One in the

Hacking ?Life-Cycle?

What Information is

Gathered by the Hacker?

Passive vs. Active Reconnaissance

Footprinting Defined

Social Access

Social Engineering Techniques

Social Networking Sites

People Search Engines

Internet Archive:

The WayBack Machine

Footprinting Tools Overview

Maltego GUI

Johnny.Ihackstuff.com

Google (cont.)

Domain Name Registration

WHOIS Output

DNS Databases

Using Nslookup

Traceroute Operation

Web Server Info Tool: Netcraft

Introduction to Port Scanning

Which Services

use Which Ports?

Port Scan Tips

Port Scans Shou