Ethical Hacking & Countermeasure Specialist - EC-Council

Ethical Hacking & Countermeasure Specialist
EHS305
Course Title:
Ethical Hacking & Countermeasure Specialist: Secure Network Infrastructures
Page 1 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
Course Description
EHS305
This certification covers a plethora of offensive security topics ranging from how perimeter defenses work
to scanning and attacking the simulated networks. A wide variety of tools, viruses, and malware is
presented in this and the other four books, providing a complete understanding of the tactics and tools
used by hackers. By gaining a thorough understanding of how hackers operate, an Ethical Hacker will be
able to set up strong countermeasures and defensive systems to protect an organization's critical
infrastructure and information.
CertificateInfo
Ethical Hacking & Countermeasure Specialist: Secure Network Infrastructures
Who Should Attend
This course will significantly benefit security officers, auditors, security professionals, site administrators,
and anyone who is concerned about the integrity of the network infrastructure.
Course Duration
2 days (9:00AM – 5:00PM)
CPE/ECE Qualification
16 ECE Credits awarded for attendance (1 for each classroom hour)
Suggested Retail:
$799 USD
Page 2 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
EHS305
Required Courseware:
Visit www.cengage.com/community/eccouncil and click on Training Workshops for ordering details.
What’s included
Physical Courseware
1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate
Course + Supplement Cost:
See the “Training Workshops” section at www.cengage.com/community/eccouncil for current pricing
information.
Related Certificates:
Ethical Hacking & Countermeasure Specialist: Attack Phases
Ethical Hacking and Countermeasures: Threats and Defense Mechanisms
Ethical Hacking and Countermeasures: Web Applications and Data Servers
Ethical Hacking and Countermeasures: Linux, Macintosh and Mobile Systems
Page 3 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
Course Briefing
EHS305
1. Hacking Wireless Networks
Chapter Brief:
A Wireless LAN (WLAN) is an interconnection of computers over a local area network that
exchanges data and other information without the use of cables. As more and more firms adopt
wireless networks, the security issue becomes more crucial. Business is at high risk from whackers
(wireless hackers) who do not need physical entry into the business network to hack, but can
compromise a network with the help of freely available tools.
The module explains about hacking on the wireless networks. It describes about the types of
wireless networks and its standards. It explains about the concepts in wireless technology,
wireless devices, Wired Equivalent Privacy, and Wi-Fi Protected Access. It briefs the steps to
break WEP encryption and attacking WPA encrypted networks. It explains about TKIP and LEAP
concepts, the hacking methods, and the tools on Scanning and Sniffing.
2. Physical Security
Chapter Brief:
Physical security includes the measures to protect personnel, critical assets, and systems against
deliberate attacks and accidents. It intends to prevent the unauthorized access of information and
other assets of a company. Physical security does not just cater to securing systems only, but it
also involves securing the entire premises, boundaries, workstations, and any other area that may
be unique to a company. It provides an added layer of security for networks, by restricting the
access of the network resources.
This module deals with securing of personnel and critical assets from different threats. The
module gives introduction to physical security and the factors that affect the physical security.
The module shows different authentication and access control devices. It explains about the
attacks that are possible in access control. It explains about facility management, housekeeping,
physical security attacks, and countermeasures to avoid the attacks.
3. Evading IDS, Firewall and Honeypots
Chapter Brief:
The Intrusion Detection Systems (IDS) and firewalls, honeypots serve various purposes in
securing the organization from Internet threats. While the IDS detects any attempts made by an
attacker to break into a system, the firewall only allows the authorized users to utilize the network
resources and the honeypots are helpful in studying the mode of attacks the attackers use. The
attacker will have to somehow come around these security features to remain undetected and not
leave any tracks of the attack.
This module deals with how to evade IDS, Firewall, and Honeypots. It explains about the ways to
detect an intrusion, detection of attack by IDS, ways to evade IDS, and the tools used to evade
IDS. It describes the working of firewalls, types of firewalls, ways of bypassing firewalls, and the
tools used to evade firewalls. It introduces Honeypots, the types of Honeypots, the steps to setup
honeypot, and the tools for honeypot.
4. Cryptography
Chapter Brief:
Page 4 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
EHS305
Cryptography is defined as a method of transmitting and storing the information such that only
the intended individuals can read and process the data. The sensitive information is protected by
encrypting the information. The cryptographic attacks circumvent the security of a cryptographic
system by finding a weakness in a code, cipher, and cryptographic protocol in the encryption.
This module familiarizes you with cryptography and the different techniques used in
cryptography. It explains about the types of cryptosystems and the types of cryptographic
algorithms. It discusses about the private and public key cryptography. It explains about the
different RSA attacks, Hash Functions, and Encryption. It also briefs about digital signatures and
the attacks on digital signatures and explains the attacks on cryptography and the tools used in
cryptography.
Page 5 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
Course Outline
EHS305
Hacking Book 5: Secure Network Infrastructure
Chapter 1: Hacking Wireless Networks
• Introduction to Hacking Wireless Networks
o Wireless Networking
o Wired Network vs. Wireless Network
o Effects of Wireless Attacks on Business
o Types of Wireless Network
• Wireless Standards
o Wireless Standard: 802.11a
o Wireless Standard: 802.11b – “WiFi”
o Wireless Standard: 802.11g
o Wireless Standard: 802.11i
o Wireless Standard: 802.11n
o Wireless Standard:802.15 (Bluetooth)
o Wireless Standard:802.16 (WiMax)
• WiMax Featured Companies
• WiMax Equipment Vendors
• Wireless Concepts
o Related Technology and Carrier Networks
o SSID
o Is the SSID a Secret
o Authentication and Association
o Authentication Modes
o The 802.1X Authentication Process
o 802.11 Specific Vulnerabilities
o Authentication and (Dis)Association Attacks
o MAC Sniffing and AP Spoofing
• Wireless Devices
o Antennas
o Cantenna
o Wireless Access Points
o Beacon Frames
o Phone Jammers
• Phone Jamming Devices
Page 6 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
• Wired Equivalent Privacy (WEP)
EHS305
o
o
o
o
o
o
WEP Issues
WEP - Authentication Phase
WEP - Shared Key Authentication
WEP - Association Phase
WEP Flaws
Breaking WEP Encryption
o
• WPA
Steps to Break WEP Encryption
o
o
o
o
o
What is WPA
WPA Vulnerabilities
WEP. WPA. and WPA2
Wi-Fi Protected Access 2 (WPA2)
Attacking WPA Encrypted Networks
o
Evil Twin: Attack
• TKIP and LEAP
o
Temporal Key Integrity Protocol (TKIP)
• Working of TKIP
• Changing WEP to TKIP
o
o
o
LEAP: The Lightweight Extensible Authentication Protocol
LEAP Attacks
LEAP Attack Tool: ASLEAP
• Working of ASLEAP
• Hacking Methods
o
o
Techniques to Detect Open Wireless Networks
Steps for Hacking Wireless Networks
• Step 1: Find Networks to Attack
• Step 2: Choose the Network to Attack
• Step 3: Analyzing the Network
• Step 4: Sniffing the Network
• Step 4-1: Sniffing Wireless Data
o
o
o
o
o
Step 5: Cracking the WEP Key
Super Bluetooth Hack
Man-in-the-Middle Attack (MITM)
Denial-of-Service Attacks
Hijacking and Modifying a Wireless Network
• Cracking WEP
Page 7 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
o Automated WEP Crackers
EHS305
o
o
o
Pad-Collection Attacks
XOR Encryption
Stream Cipher
• Rogue Access Points
• Scanning Tools
• Sniffing Tools
• Wireless Security Tools
Chapter 2: Physical Security
• Introduction to Physical Security
o
o
Physical Security
Physical Security Challenges
• Authentications and Access Controls
o
o
o
o
o
o
o
o
Authentication Mechanisms
Smart Cards
Security Token
Keys and Locks
Biometric Identification Techniques
Biometric Hacking Tool: Biologger
Biometrics Authentication
Types of Biometrics Authentication
• Fingerprint-based Identification
• Hand Geometry-based Identification
• Retina Scanning
• Afghan Woman Recognized After 17 Years
• Face Recognition
• Face Code: Webcam Based Biometrics Authentication System
• TEMPEST
• Mantrap
• Attacks against Access Controls
o
o
Authentication Mechanism Challenges: Biometrics
Faking Fingerprints
• Facility Management
o
o
o
Page 8 of 14
Locks
Lock Picking
Lock Picking Tools
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
• Housekeeping
EHS305
o
o
o
Housekeeping Procedures
HVAC (Heating. Ventilating. and Air conditioning) Considerations
Fire Prevention
• Auditing Fire Prevention Preparedness
• Fire Prevention Requirements
• Safeguards
• Physical Security Attacks
o
o
o
o
o
o
o
o
o
o
o
o
Challenges in Ensuring Physical Security
Spyware Technologies
Spying Devices
Wiretapping
Remote Access
Laptop Theft
Laptop Security Tools
Laptop Tracker - XTool Computer Tracker
Tools to Locate Stolen Laptops
Stop's Unique. Tamper-proof Patented Plate
Tool: TrueCrypt
Laptop Security Countermeasures
• Physical Security Checklist
o
o
o
o
o
o
o
o
o
o
o
o
Company’s Surroundings
Gates
Security Guards
Premises
CCTV Cameras
Reception
Server
Server Room
Workstation Area
Wireless Access Points
Other Equipment
FAX Security
• Procedures Governing FAX Security: Sending
• Procedures Governing FAX Security: Receiving
• Procedures Governing FAX Security: Storing
o
Security Checklist
Page 9 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
o Access Control
EHS305
o
o
Biometric Devices
Computer Equipment Maintenance
• Policies and Procedures
o
o
o
o
Facility Management Procedures
Physical Security Policies
Environmental Policy
Air Conditioning Policy
Chapter 3: Evading IDS, Firewalls, and Honeypots
• Introduction to Evading IDS, Firewalls, and Honeypots
• Introduction to Intrusion Detection Systems
• Intrusion Detection Systems (IDS)
o
o
o
o
o
o
o
o
o
o
o
IDS Placement
Ways to Detect an Intrusion
Types of Intrusion Detection Systems
Network Intrusion Detection System (NIDS)
NIDS Evasion Technique
System Integrity Verifiers (SIV)
Indications of Intrusion
General Indications of System Intrusions
General Indications of File System Intrusions
General Indications of Network Intrusions
Intrusion Detection Tools
• Snort Console
• Testing Snort
• Configuring Snort (snort.conf)
• Snort Rules
• Set up Snort to Log to the Event Logs and to Run as a Service
• Using EventTriggers.exe for Eventlog Notifications
o
o
o
Steps to Perform after an IDS Detects an Attack
Evading IDS Systems
Ways to Evade IDS
• Intrusion Prevention Systems (IPS)
• Firewall
o
o
What is a Firewall
What does a Firewall do
Page 10 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
o Packet Filtering
EHS305
o
o
o
o
o
What can't a Firewall do
How does a Firewall Work
Hardware Firewall
Software Firewall
Types of Firewalls
• Packet Filtering Firewall
• IP Packet Filtering Firewall
• Circuit-Level Gateway
• TCP Packet Filtering Firewall
• Application-Level Firewall
• Application Packet Filtering Firewall
• Stateful Multilayer Inspection Firewall
o
o
o
o
o
o
o
o
Firewall Countermeasures
Firewall Identification
Firewalking
Banner Grabbing
Breaching Firewalls
Bypassing a Firewall Using HTTP Tunnel
Placing Backdoors through Firewalls
Hiding behind a Covert Channel: LOKI
• Honeypot
o
o
o
o
o
o
o
o
o
o
o
o
o
What is a Honeypot
The Honeynet Project
Types of Honeypots
Advantages and Disadvantages of a Honeypot
Where to Place a Honeypot
Honeypots
How to Set Up a Honey Pot
Honeypot-SPECTER
Honeypot - honeyd
Honeypot – KFSensor
Sebek
Google Hack Honeypot (GHH)
Physical and Virtual Honeypots
• Security Responses to Hacking Attacks
• Tools
Page 11 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
o Tripwire (www.tripwire.com)
o Tool: NCovert
o ACK Tunneling
o Tools to Breach Firewalls
o Common Tool for Testing Firewall and IDS
• Tomahawk
• RedSeal Network Advisor
• IDS Testing Tool – Traffic IQ Gateway
• IDS Tool: EMERALD
• IDS Tool: BlackICE
• BlackICE: Screenshot
• IDS Tool: Next-Generation Intrusion Detection Expert System (NIDES)
• IDS Tool: SecureHost
• IDS Tool: Snare
• IDS Testing Tool: Traffic IQ Professional
• IDS Testing Tool: TCPOpera
• Atelier Web Firewall Tester
EHS305
Chapter 4: Cryptography
• Introduction to Cryptography
o Cryptography: Introduction
o Symmetric and Asymmetric Key Cryptosystems
o Algorithms and Security
o Types of Cryptography Algorithms
o A Hybrid Cryptographic Scheme: Example
• Private Key Cryptography
o Data Encryption Standard (DES)
o DES Challenge III. II. I
o AES (RIJNDAEL)
o AES (RIJNDAEL)
o Related-key Cryptanalysis of the Full AES-192 and AES-256
o RC4. RC5. RC6. Blowfish
o RC5
• Public-key Cryptography
o The DSA and related signature schemes
o RSA (Rivest Shamir Adleman)
o Example of RSA Algorithm
Page 12 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
o The RSA Signature Scheme
EHS305
o
o
o
o
o
o
Possible Attack on RSA Signatures: Integer Factorization
RSA Attacks
RSA Challenge
Elliptic Curve Cryptography (ECC)
ECC and RSA Key Comparison
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS Systems
• Digital Signature
o
o
o
o
o
o
Digital Signature Algorithm Validation System (DSAVS)
Digital Signature Assurance Methodology
Digital Signature Assurance Reference Model
Digital Signed Record
Entrust: Securing Digital Identities and Information
Attacks on Digital Signatures
• Meet-in-the-Middle Attack
• Rabin Public-key Signature Scheme
• Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare
o
o
o
o
o
o
o
Message Digest Functions
One-way Bash Functions
MD5
MD5: Timeline
SHA (Secure Hash Algorithm)
distributed.net
Server-Gated Cryptography (SGC)
• Encryption
o
o
o
o
SSL (Secure Sockets Layer)
Secure Shell (SSH)
Disk Encryption
Encryption-Breaking Initiatives
• Cryptographic Attacks
o
o
o
o
o
o
o
Brute-Force Attack
Code Breaking: Methodologies
Cryptography Attacks
The Full Cost of Cryptanalytic Attacks
Types of Attacks on Signature Schemes
Magic Lantern
WEPCrack: Screenshot
Page 13 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking & Countermeasure Specialist
o Cracking S/MIME Encryption Using Idle CPU Time
EHS305
o
Attacking and defending the McEliece cryptosystem
• Cryptographic Tools
o
o
o
o
o
o
o
o
PGP
Cryptomathic Authenticator
Cryptographic Algorithm Validation Program (CAVP)
Cryptographic Module Testing
Cleversafe Grid Builder
PGP (Pretty Good Privacy)
CypherCalc
Command Line Scriptor
o
CryptoHeaven
• Microsoft Cryptography Tools
Page 14 of 14
Secure Network Infrastructures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.