Cyber Security

Cyber-Security


Uphold Security in the Digital Age!!

Computers around the world are systemically being victimized by rampant hacking. This hacking is so flawless that the victim does not even realize unless all his valuables are actually stolen.  Time has come when organizations take preemptive measures against malicious attacks by deploying Ethical Hackers.

Endorphin Corporation now brings 4 months diploma course in computer security from 1st December 2014.

Course Duration:

4 Months

Who should attend? 

  • Students IT Students & Professionals
  • Web Developers
  • Network Engineers
  • System Administrators
  • Law Professionals
  • Banking & finance Sector Professionals.

Course Contents:

BASIC CONCEPTS

1. Information Security Concepts

  • Meaning of Information
  • Information Classification
  • Concept of Risk and its Management
  • Cyberspace: What to care about?
  • Cyber crime and Cyber terrorism
  • Information Warfare and Surveillance

2. Basic Regulations, Laws & Standards

  • Sarbans Oxley
  • Graham Leech Bliley
  • HIPPA
  • ISO 17799 – ISO 27001
  • AS 4360
  • Types of security controls

3. Telecommunication & Networking Basics

  • Hardware Networking
  • LAN and WAN technologies
  • Network Topologies
  • Telecom Protocols and devices

Practical:  Understanding Networking

4. Wireless Networks

  • Types of wireless networks
  • Wireless devices & antennas
  • Wireless Security
  • WEP & WPA in depth
  • Wireless Attack tools
  • Defense Strategies

Practical: Wireless Tools

5. Operating Systems

  • OS Basics
  • OS Fingerprinting Techniques

6. Web Servers

  • How web servers work
  • Types of Web Server Vulnerabilities

7. Cryptography

  • Purpose of cryptography
  • History
  • Types of cryptograms

BEFORE ATTACK

8. Ethical Hacking or Penetration Testing

  • Definition of PT
  • Security Issues
  • Hacker & Tester
  • Methodology
  • Related Standards – OWASP, OSSTMM, CISecurity
  • Common types of network attacks
  • Security Guidelines
  • Footprinting
  • Using Google to Gather Information
  • Understanding DNS Enumeration
  • Understanding Whois and ARIN Lookups
  • Identifying Types of DNS Records
  • Using Traceroute in Footprinting
  • Understanding Email Tracking
  • Understanding Web Spiders
  • WHOIS Lookup
  • WHOIS Lookup Result Analysis
  • WHOIS Lookup Tools: SmartWhois
  • WHOIS Lookup Tools
  • WHOIS Lookup Online Tools
  • Extracting DNS Information
  • DNS Interrogation Tools
  • DNS Interrogation Online Tools
  • Locate the Network Range
  • Traceroute
  • Traceroute Analysis
  • Traceroute Tool: 3D Traceroute
  • Traceroute Tool: LoriotPro
  • Traceroute Tool: Path Analyzer Pro
  • Traceroute Tools
  • Ping Sweep Techniques
  • nmap Command Switches
  • Scan Types
  • TCP Communication Flag Types
  • War-Dialing Techniques
  • Banner Grabbing and OS Fingerprinting Techniques
  • Scanning Anonymously
  • Enumeration
  • Null Sessions
  • SNMP Enumeration
  • Windows 2000 DNS Zone Transfer

Practical: Vulnerability Assessment

ATTACK METHODS

9. Social Engineering

  • What is Social Engineering
  • Kevin Mitnick – The Master
  • Social Engineering Stories
  • Dumpster Diving
  • Persuasion
  • Online & Telephone Social Engineering
  • 10MalwareTypes of malware, Spyware, Viruses & Worm
  • Trojans
  • Rootkits
  • Keyloggers
  • Spyware & Adware
  • How to prevent Infection

Practical: Using Keyloggers

  • ARP Spoofing and Poisoning
  • Wireshark Filters
  • Understanding MAC Flooding and DNS Spoofing
  • Understanding Rootkits
  • Planting Rootkits on Windows 2000 and XP Machines
  • Rootkit Embedded TCP/IP Stack
  • Rootkit Countermeasures
  • Attacking a Web Server
  • Patch-Management Techniques
  • Web Server Hardening Methods
  • Web Application Vulnerabilities
  • Web Application Threats and Countermeasures
  • Google Hacking
  • Web-Based Password-Cracking Techniques
  • Authentication Types
  • Password Attacks and Password Cracking
  • 11Attacking ApplicationSQL Injection
  • Finding a SQL Injection Vulnerability
  • The Purpose of SQL Injection
  • SQL Injection Using Dynamic Strings
  • SQL Injection Countermeasures
  • Buffer Overflows
  • Types of Buffer Overflows and Methods of Detection
  • Buffer Overflow Countermeasures

AFTER ATTACK

12. Computer Forensics

  • Types of Computer crimes
  • Approaching the scene of a crime
  • Types of evidences
  • Civil vs Criminal
  • Tools of the trade
  • Seizure concepts
  • The legal system

Practical: Examining a crime scene

ATTACK PREVENTION

13. Security Management Practices

  • Definitions & Goals
  • Control Types
  • Risk Management & Analysis
  • Components of a Security Program
  • Roles & Responsibilities
  • Information Classification
  • Employee Management
  • Awareness Training

Practical: Risk Analysis & Management

  • Securing Windows 2000
  • Securing Unix & Linux
  • The Simplest Way to Get a Password
  • Types of Passwords
  • Passive Online Attacks
  • Active Online Attacks
  • Offline Attacks
  • Nonelectronic Attacks
  • Cracking a Password
  • Understanding the LAN Manager Hash
  • Cracking Windows 2000 Passwords
  • Redirecting the SMB Logon to the Attacker
  • SMB Relay MITM Attacks and Countermeasures
  • NetBIOS DoS Attacks
  • Password-Cracking Countermeasures

14. Access Control Domain Objectives

  • Types & characteristics
  • Identification, authentication & authorization methods
  • Access control models & techniques
  • Single sign-on technologies and characteristics
  • Centralized and decentralized administration
  • IDS: Intrusion detection system

Practical: Authentication in Active Directory