| EC-Council Network Security Administrator TM E | NSA How to Out-beat, Outsell and Out- market your competition in selling the E | NSA

|EC-CouncilNetworkSecurityAdministrator

TM

How to Out-beat, Outsell and Out-market your competition in selling

the

E|NSA


TM

1. Understand the demand and supply of Network Administration jobs

2. Leverage industry reports on state of the Network Security

3. Understand Network Security issues

4. Why is Network Security Required?

5. Product knowledge is KEY, Testing Know everything about EC-Council and its certifications

6. Understand the value of the CNSS approval

Agenda: 10 Powerful and Proven

Points on Selling E|NSA


TM

7. Be able to sell how a successful class is delivered – “Did You Know”?

8. Selling with a one-stop shop approach

9. Ability to execute demos, free assessments, etc

10. Sell post class services – Members Portal and the ECE Scheme, ECCUNI credits

Agenda: 10 Powerful and Proven

Points on Selling E|NSA


TM

1. Understand the Demand and Supply of Network Administration Jobs


TM

PAYSCALE.COM: Median Salary by Years Experience - Job: Network Administrator, IT (United States)


TM

Network Security Demand Trend

Permanent IT Jobs Citing Network Security Within The UK

Source: http://www.itjobswatch.co.uk/


TM

Network Security Salary Histogram

Source: http://www.itjobswatch.co.uk/

Salary Histogram For IT Jobs Citing Network Security Over The 3 Months To 8 May 2009 Within The UK


TM

Network World , 03/04/2009

CIOs continue to seek network, desktop and Windows skills and some might pay top dollar for specific high-tech talents, despite the ongoing economic downturn.

Desktop support ranked as the most wanted skill sets for 76% of CIOs, with network and Windows administration taking the second and third slots with 65% and 64%, respectively. Database management is considered hot for 55% of respondents, and telecommunications support and wireless network management was selected by 47% and 46% of CIOs polled, respectively. Rounding out those skills seen as in demand are Web development/Web site design (39%), virtualization (35%) and business intelligence (31%).

"Help desk/technical support and networking tied as the job areas experiencing the most growth, each cited by 15% of CIOs," according to Robert Half Technology.

Separately Bluewolf projected that salaries for those with networking expertise will spike in the coming months. The staffing firm's IT Salary Guide 2009 revealed that network managers could experience salary increases of as much as 14%, with pay ranging between $70,000 and $110,000 -- which is up from the high end of $95,000 in 2008.

"Investments in several key areas, including network administration and security, business intelligence, wireless communications and Web applications have and will continue to drive aggressive hiring," according to Bluewolf.

The data in Bluewolf's salary study is based on data gathered from roughly 300 clients (with $200 million or more in revenue) for many different job openings, amounting to an estimated 4,000 positions. The staffing firm primarily operates in the New York tri-state area and specifies pay in such areas generally tends to run up to 50% higher than the national average.

Network Skills in Demand, Pay Well in Down Economy

Despite hiring freezes and budget cutting, several high-tech talents remain in demand.


TM

Net

wor

k Adm

inis

trat

ion

Win

dows Adm

inis

trat

ion

Des

ktop

Sup

port

Dat

abas

e M

anag

emen

t

Wirel

ess N

etwor

k M

anag

emen

t

Tele

com

mun

icat

ion

Suppo

rt

Web

Dev

elop

men

t

Busin

ess In

telli

genc

e

Virtu

aliz

atio

n

Mic

roso

ft .N

et D

evel

oper

XML

Dev

elop

men

t

0

10

20

30

40

50

60

70

80

Q. “Which of following IT skill sets are most in demand within your IT department?”

IT Skills in Demand Q2-2009

Source: Robert Half Technology survey for 1,400 CIOs from companies with more than 100 employees


TM

NetworkSecurity

JobsStill in Demand!


TM


TM


TM


TM


TM


TM

2. Leverage industry reports on state of the Network Security


TM

The most expensive computer security incidents were those involving financial fraud with an average reported cost of close to $500,000

Virus incidents occurred most frequently, occurring at almost half (49 percent) of the respondents’ organizations

Almost one in ten organizations reported they’d had a Domain Name System incident

Twenty-seven percent of those responding to a question regarding “targeted attacks” said they had detected at least one such attack

The vast majority of respondents said their organizations either had (68 percent) or were developing (18 percent) a formal information security policy

Key Findings of CSI Computer Crime and Security Survey - 2008


TM

"Our initial security reviews and investigations indicate that no account information was altered or removed in any way," Twitter co-founder Biz Stone wrote in a blog post last week.

"Personal information that may have been viewed on these 10 individual accounts includes e-mail address, mobile phone number (if one was associated with the account), and the list of accounts blocked by that user," the posting said. "Password information was not revealed or altered, nor were personal messages (direct messages) viewed."

Stone did not respond to an e-mail seeking comment.

Someone using the alias "Hacker Croll" claims to have gotten access to a Twitter administrator's Twitter password by guessing the secret question to reset the administrator's password on a Yahoo e-mail account where the Twitter password was located, according to a post in the Warez Scene forum.

The 13 screenshots posted on the Korben blog and another site include not only what looks like admin pages for the celebrities' accounts, but also a page of blacklisted users and other administrative-type pages.

Sure enough, Twitter employee Jason Goldman tweeted on Monday 27 Apr. that his Yahoo e-mail account had gotten hacked, IDG News Service discovered.

This isn't the first time Twitter's network has been breached In January, someone hacked into the Twitter internal network and gained access to the Twitter accounts of President Obama, CNN anchor Rick Sanchez, and 31 other high-profile Twitterers. Wired later revealed that the hacker used an automated password guesser to figure out the Twitter administrator's password, which was "happiness".

Twitter's Network Gets Breached Again

Twitter has confirmed that someone broke into its network and gained access to 10 accounts, which appear to include Britney Spears and Ashton Kutcher, according to screenshots posted on a French blog site


TM

SOMERSET, NJ--(Marketwire - May 6, 2009) - Demand for remote access capabilities has never been greater and the latest survey from AEP Networks shows that 92 percent of organizations questioned allow their employees to work remotely or on the move. This is despite the fact that network threats are on the increase and 44 percent of respondents believe that their networks are no more than "quite" secure. Interestingly, no one thought that unauthorized data access would have a minimal impact on their business, while 29 percent believe this would cause major, long-term damage. The rest ranged between these two poles with 61 percent taking the middle ground or tipping the balance towards more significant harm.

When asked about the likely impact of data loss on their organisation only three percent believed that jobs would be lost and the same number would expect no real impact at all. However, a massive 53 percent thought that data loss would result in a negative impact on their business reputation. Customer relationships would be damaged for 22 percent and 19 percent felt that the impact would be felt directly in the bottom line.

Perceived Threat of Unauthorized Data Access and Data Loss Still Weighs HeavySurvey Says -- 92 Percent of Corporates Enable Remote Access, Despite Fact That 44 Percent

Believe Their Data Networks Are No Better Than "Quite" Secure


TM

1 • Malicious Insiders

2 • Malware

3 • Exploited Vulnerabilities

4 • Social Engineering

5 • Careless Employee

6 • Reduced Budgets

7 • Remote Workers

8 • Unstable Third Party Providers

9• Downloaded Software Including Open

Source & P2P Files

Top 9 Network Security Threats in 2009

Source: www.csoonline.com


TM

The Security Landscape

Hacktivism Watch: Political Network Attacks Increase

Friday, March 13, 2009

When armed conflict flared up between Russia and Georgia last summer, the smaller country also

found itself subject to a crippling, coordinated Internet attack. An army of PCs controlled by

hackers with strong ties to Russian hacking groups flooded Georgian sites with dummy

requests, making it near impossible for them to respond to legitimate traffic. The attacks

came fast and furious, at times directing 800 megabits of data per second at a targeted website.

This type of politically motivated Internet attack is becoming increasingly common, says Jose

Nazario, manager of security research for Arbor Networks. "The problem is sweeping and has

changed over the years," Nazario said during a presentation at the security conference SOURCE

Boston this week. He noted that the frequency of these attacks and the number of targets being hit

have grown steadily over the past few years.


TM


Misconfigured networks create huge security risks

There's a perpetual buzz around software flaws and exploits researchers disclose daily, but security experts say it often distracts IT pros from a growing and more serious problem -- networks so sloppily configured and maintained that the bad guys can drive a virtual bulldozer through them without attracting attention.

The problem runs the gamut from mismatched applications and hardware, security systems that are put in place but not regularly maintained to wireless access points that are opened with no defences attached, according to IT consultants who have seen the problems first hand.

"One of the problems I've come across is the way IT infrastructure is patched together," said Lee Benjamin, principal at ExchangeGuy Consulting . "Look at Wi-Fi access points in a hotel as one example. There are often five or six access points going all the time. Pull into a parking lot and you can find access points.“

On top of that, Benjamin has come across IT infrastructures pieced together with devices that seem to work well but are not properly configured, which makes it a prime target for those who would go hunting for security holes to exploit.


TM


Governments accounted for 1 out of 5 breaches that exposed private data

The number of security breaches that exposed personal identifiable information in government systems in 2008 was far below what the private sector reported, according to a series of reports released by a consumer protection organization on Tuesday.

Of the 656 security breaches reported last year, 16.8 percent occurred in systems operated by state, local and federal governments, including military networks, according to a compilation of reports released by the Identity Theft Resource Center.

The number of breaches reported in 2008 increased 47 percent compared with 2007. But the percentage of incidents the government reported decreased in 2008, dropping from 24.5 percent of the total breaches reported.Companies in the financial and credit market accounted for 11.9 percent of the breaches while organizations in the health care sector were responsible for 14.8 percent. Businesses in general accounted for 36.6 percent of infiltrations, or 240 incidents, and educational institutions accounted for 20 percent.


TM

2008 – 4.2 million credit and debit card numbers were stolen during the creditcard authorization transmission from thesupermarket chain Hannaford Bros., resulting in 1,800 cases of fraud reported so far

2007 – HM Revenue & Customs in the UK reported the loss of personal data of nearly 25 million people, Gartner Research estimates the recovery costs to be about US$500 million

2007 – TJ stores (TJX) reported a breach which includes, as is estimated at this writing, the records of close to 100 million credit and debit card accounts, with a recovery cost estimated to be about US$216 million

2006 – Through one of AT&T’s vendors, computer hackers access the account data and personal information of nearly 19,000 AT&T credit card holders

Major Network Attacks


TM

Percentages of Key Types of Incident

Source: CSI Computer Crime & Security Survey, 2008


TM

3. Understand Network Security Issues


TM

Overview of Network Security

Network security consists of all the processes, policies, and techniques to detect and prevent unauthorized access of a network and other network resources

Key elements of network security:

• Identification• Authentication• Access control• Confidentiality• Integrity• Non-repudiation


TM

The Security, Functionality, and Ease of Use Triangle

The number of exploits is less when the number of vulnerabilities are reduced meaning greater security

Greater security translates to reduced functionality

Moving the ball towards security means moving away from functionality and ease of use.

Functionality

Ease of UseSecurity


TM

Functions of Network Security Administrator


TM

Types of Network Attacks

• Active attacks are the attacks that modify the target system or message by violating the integrity of that system.

Active attacks

• Passive attacks are those that violate the confidentiality without affecting the state of the system.

Passive attacks

• Attacks initiated by an authorized entity for misusing the resources inside the security perimeter.

Internal attacks

• Attacks initiated by an unauthorized or illegitimate user of the system outside the security perimeter.External attacks


TM

Network Attack Techniques: Denial of Service (DoS) Attack

DoS is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have.

DoS attacks disable the network by flooding network traffic.

Basic types of attacks:

• Resources consumption• Resources starvation• Disruption of physical network components


TM

Network Attack Techniques: Distributed Denial of Service Attack (DDoS)

Large numbers of compromised systems attack a single target

DDoS tools use client/server architecture to direct attacks

DDoS attacks tools:• Trinoo• Tribe Flood Net• TFN2K

Countermeasure:

• Filtering incoming and outgoing packets


TM

Network Attack Techniques: SQL Injection

SQL injection is a type of security exploit in which the attacker "injects" Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to data

It is a technique of injecting SQL commands to exploit non-validated input vulnerabilities in a web application database back end

Programmers use sequential commands with user input, making it easier for attackers to inject commands

Attackers can execute arbitrary SQL commands through the web application


TM

Network Attack Techniques: SpammingSpamming involves sending of unsolicited bulk email

Different forms of spam are:

• Email spam• Instant messaging spam• Usenet newsgroup spam• Web search engines spam• Weblogs spam• Mobile messaging spam

Countermeasures:

• Review email headers to identify the owner of the email• Configure the router to block incoming packets from the specified address• Augment the logging capabilities to detect or alert of such activity


TM

Network Attack Techniques: Password Cracking

In this attack, attackers gain unauthorized access to systems and the resources by breaching their password protections.

The following tools are used to crack passwords:

• Cain and Abel• John the Ripper• THC Hydra• Air Crack• L0phtcrack• Airsnort• Solar Winds• Pwdump• RainbowCrack • Brutus


TM

Network Attack Techniques: War Dialing

Process of dialing large number of telephone numbers to locate:

• Insecure modems and dial-in accounts• Inventory and lock down devices and band devices• Break-in attempts

War dialing tools:

• Toneloc• SecureLogix Telesweep Secure• Sandstorm PhoneSweep


TM

Network Attack Techniques: War Driving, War Chalking, and War Flying

War driving:

• Uses either a laptop's or PC’s wireless NIC set in licentious mode for detecting unsecured wireless LAN signals

War flying:

• Activity of using an aero plane and a Wi-Fi-equipped computer, (Laptop, PDA etc) for detecting Wi-Fi wireless networks

War chalking:

• Marking series of distinct symbols on edifices for indicating access points in the vicinity• Symbols describe the settings to connect to wireless networks through the Internet


TM

Network Attack Techniques: Scanning

Scanning is a process of identifying the systems, open ports, and services running in a network.

Objectives:

• Detects systems running on the network• Discovers active/running ports• Performs fingerprinting i.e. discovering operating

systems running on the target system• Identifies the services running/listening on the target

system


TM

Network Attack Techniques: Sniffing

Sniffing is a technique of capturing data packets from the network traffic as it flows through network.

The objective of sniffing is to steal:

• Passwords (from email, the web, SMB, ftp, SQL, or telnet). • Email text. • Files in transfer (email files, ftp files, or SMB).

Sniffing countermeasures:

• Encrypting traffic containing confidential information• Using instrument software to locate sniffer position in the network


TM

Network Attack Techniques: Man-in-the-Middle Attack

A Man-in-the-Middle (MITM) attack is a type of attack in which attacker is able to read, insert, and modify the message in between two users without interfering them.

This attack is also called TCP hijacking.


TM

Network Attack Techniques: Social Engineering

Social engineering is the human side of breaking into a corporate network.

• Physical• Psychological

Companies with authentication processes, firewalls, virtual private networks, and network monitoring software are still open to attacks.

Social engineering is a non-technical kind of intrusion that relies heavily on human interaction.

It involves tricking other people to break normal security procedures.

Attacks at two levels:


TM

Network Security Threat: Trojan

Malicious program that is masqueraded as legitimate software

Has spying capabilities that facilitate computers to be controlled remotely

Configures the network of zombie computers for launching DDoS attacks

Trojan resides mainly at:

• Server system• Attacker’s system


TM

Network Security Threat: Virus

Malicious program that replicates itself and infects systems with or without human intervention

Major virus types:• Boot sector infectors:

• Attacks the susceptible boot program on the bootable floppy disk• File infectors:

• Attack and modify .EXE and .COM program files• Macro viruses:

• Use built-in programming languages of popular applications for creating malicious macros


TM

Network Security Threat: IRC Bot

An IRC bot is a type of virus that infects the Windows operating system of a computer that is connected to the network. • Send spam mails.• Collect private data like passwords, bank account information, and credit account

information.• Create a denial-of-service attack on your computer.

An infected IRC bot system or computer will:

• Installing anti-virus software.• Reinstalling operating systems.

Countermeasures:


TM

Network Security Threat: Worm

Categories of Worms:

Email worms: Spread through infected emails

Instant messaging worms: Spread through instant messaging applications

Internet worms: Scan the Internet for vulnerable machines and try gaining access

File-sharing network worms: Copy themselves to a shared folder with a harmless name

Malicious program that replicates and distribute itself to other systems without human intervention


TM

Network Security Threat: Logic Bomb

A logic bomb resides in a device inactively and can destroy data when it is triggered by an event.

It is a type of program that is activated on a particular date or time.

It is not a virus, but works in a similar pattern.

Its main intent is to delete the data in hard drive or delete the files that are important for a specific event.


TM

Network Security Threat: Rootkit

A rootkit is a set of programs to control a compromised computer in a network

Rootkit hides running processes, files, or system data enabling attacker to access a system without the knowledge of the user

Two different types of rootkits are:

Kernel level rootkit:

• Appends additional code and/or replaces a portion of kernel code with modified code for hiding a backdoor on a computer

Application level rootkit:

• Modifies the behavior of existing applications using hooks, patches, and injected code


TM

4. Why is Network Security Required?


TM

To prevent unauthorized access to the network that is of potential threat to the network and its resources

To ensure that the authentic users can effectively access the network and its services

To ensure that the applications to protect the network from unauthorized access are in place

The Need for Network Security


TM


TM

What is E|NSA?

The ENSA program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information

Students will learn how to evaluate network and Internet security issues and design, and how to implement successful security policies and firewall strategies


TM


TM

To achieve EC-Council Network Security Administrator (ENSA), EC-Council Network Security Administrator (ENSA) certification 312-38 exam

Candidates who complete the EC-Council Network Security Administrator (ENSA) program will also have that extra credential meeting the requirements of the CNSS 4011 Federal Security Certification and Training Standards

How to become an E|NSA ?


TM

ENSA is for experienced hands in the industry and is backed by a curriculum designed by the best in the field

Greater industry acceptance as seasoned Network Security professional

Learn to configure firewalls, intrusion detection systems and AV systems

Develop effective security policy in the company

What are the benefits of being an E|NSA?


TM

Course Duration & Exam Details

Duration:• 5 days (9:00 – 5:00)

Exam Details• The ENSA 312-38 exam will be

conducted on the last day of training. Students need to pass the online Prometric exam to receive the ENSA certification. The exam will be 2 hours with 50 questions. The passing score is 70%.


TM

System administrators, Network administrators and anyone who is interested in network security technologies

Who Should Attend ?


TM

Preview of Program

1. Fundamentals of Network

2. Network Protocols

3. Protocol Analysis

4. IEEE standards

5. Network Security

6. Security Standards Organizations

7. Security Standards

8. Security Policy

9. Hardening Physical Security

10. Network Security Threats

11. Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS)

12. Firewalls

13. Packet Filtering and Proxy Servers

14. Bastion Host and Honeypots


TM

Preview of Program (cont’d)

15. Securing Modems

16. Troubleshooting Network

17. Hardening Routers

18. Hardening Operating Systems

19. Patch Management

20. Log Analysis

21. Application Security

22. Web Security

23. E-mail Security

24. Authentication: Encryption, Cryptography and Digital Signatures

25. Virtual Private Networks

26. Wireless Network Security

27. Creating Fault Tolerance

28. Incident Response

29. Disaster Recovery and Planning

30. Network Vulnerability Assessment


TM

Covers the fundamentals of Network Security and all that needs to ensure that the basic functionality of networks is proper. Covers Protocol Analysis in-depth

Discusses on various standards to ensure Network security including IEEE standards, including Security Policies, which play a major role in Network Security

Covers how to Harden Physical Security, Operating System Security, Routers and Networks. Discusses on what type of threats a Network might encounter including threats against various Network elements such as modems and how to minimize such risks

Covers deployment of security measures such as Firewalls, Proxy Servers and Packet Filters, Bastion hosts and honeypots

What Makes E|NSA v4 Different?


TM

Covers the concept of Patch Management in-depth. Discusses on how to secure various Applications such as E-mail security, web security and so on from threats on the Web

Covers the concept of Authentication, Encryption, Cryptography and Digital Signatures

Covers the concept of Virtual Private Networks to ensure security of a Corporate Network. Discusses on how to secure Wireless Networks from external threats

Covers how to create Fault-tolerant Systems and how to handle disasters including Incident Response procedures, Disaster recovery Plans, Risk Assessment and Network Vulnerability Assessment

What Makes E|NSA v4 Different?


TM

What is New in E|NSA v4?

EC-Council’s ENSA courseware is certified to have met the CNSS 4011 Training Standards

Exercise questions at the end of each Module

Activities for every Topic

The lab exercise is a complete revamp

New demos of tools are added

Focus on up-to-date hacking tools and techniques

More concepts are covered

More and latest hacking and security tools are showcased

The flow of topics in each module helps the student in preparing for the ENSA v4 Exam

• Protocol Analysis• IEEE standards• Network Security• Security Standards Organizations• Security Standards• Securing Modems• Troubleshooting Network• Log Analysis

8 new modules are introduced:


TM

Comparison between E|NSA v3 and E|NSA v4

ENSA v3 ENSA v4

Total Modules 22 30

Total Number of Pages 1296* 1609*

Average Number of Pages per module 59* 53* (without slides)

Total Number of Slides 662* 1000*

Average Number of Slides per module 30* 33*

Latest Security News No YES

Real Life Case Studies N0 YES

Computer Cartoons in Slides YES YES


TM

Comparison between E|NSA v4and COMPTIA’S Sec+

Topics CoveredNetwork Security

Administrator (ENSA)

CompTIA Security+

Fundamentals of Networks Yes Yes

Network Protocols Yes Yes

Protocol Analysis Yes No

Hardening Physical Security Yes Yes (Very Few)

Network Security Yes Yes (Very Few)

Security Standards Organizations Yes NoSecurity Standards Yes NoSecurity Policy Yes Yes

IEEE Standards Yes Yes (very Few)

Network Security Threats Yes Yes (very Few)Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)

Yes Yes (very Few)


TM

Comparison between E|NSA v4and COMPTIA’S Sec+ (cont’d)


Administrator (ENSA)CompTIA Security+

Firewalls Yes Yes (very Few)

Packet Filtering and Proxy Servers Yes No

Bastion Host and Honeypots Yes Yes (very Few)

Securing Modems Yes No

Troubleshooting Network Yes No

Hardening Routers Yes Yes (very Few)

Hardening Operating Systems Yes Yes

Patch Management Yes No

Log Analysis Yes No


TM

Comparison between E|NSA v4and COMPTIA’S Sec+ (cont’d)


Administrator (ENSA)

CompTIA Security+

Application Security Yes No

Web Security Yes Yes

E-Mail Security Yes Yes

Authentication: Encryption, Cryptography and Digital Signatures

Yes Yes

Virtual Private Networks Yes Yes (very Few)

Wireless Network Security Yes Yes

Creating Fault Tolerance Yes Yes (very Few)

Incidence Response Yes Yes (very Few)

Disaster Recovery and Planning Yes Yes

Network Vulnerability Assessment Yes No


TM

Difference between E|NSA and C|EH

E|NSA C|EH

ENSA certification looks at the network security in defensive view

CEH certification program looks at the security in offensive mode

Provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information

The goal of the ethical hacker is to help the organization take preemptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits.

ENSA certifies professionals in evaluating network and Internet security issues and design, and implementing successful security policies and firewall strategies

CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective


TM

ENSA equips professionals with knowledge of different network architectures, communication protocols, and vulnerabilities in networks that help ethical hackers as a primary tool in their profession

ENSA provides fundamental skills to analyze and respond to internal and external network threats which are basic prerequisites for a successful CEH professionals

Knowledge of how to configure network security devices and application is mandatory for exploiting the vulnerabilities

E|NSA as a Precursor to C|EH


TM

1. • ENSA is NSTISSI-4011 Approved

2.• More than 600 MB of network security

assessment and protection tools

3.• A large number of whitepapers for

additional reading

4.• More than 200 minutes of video

demonstration for tools and techniques

5.• Labs for all major network security tools

and techniques

E|NSA : Key Selling Points


TM

Major Topics Covered in E|NSA


TM

If an attacker breach physical security, he can steal servers and networking equipment, bypassing all network security measures such as IDS and firewalls

In this class students will be sensitized with the need for physical security, different factors affecting physical security and challenges in ensuring physical security

Students will learn personnel security best practices and procedures

They will also learn different access control and facility protection techniques

Hardening Physical Security: What Students will Learn


TM

In this class students will get a hands-on experience of security awareness programs

They will acquire the skills to create and implement organizational security policies

This class will emphasize on the importance of policies in ensuring network security

Security Policy: What Students will Learn


TM

This class will make students familiar with the different types of network attacks such as malware attacks and DoS attacks

This class will emphasize on classification of hackers and their techniques, Common Vulnerabilities and Exposures (CVE), attacks, hiding evidence of an attack, and problems detecting network attacks

They will also be familiarized with different network vulnerability scanning tools

Network Security Threat: What Students will Learn


TM

This class will familiarize students with IDS and Intrusion Detection Concepts

Students will learn about different characteristics and types of IDS and IPS

They will learn to properly install, configure and monitor various IDS and IPS devices and applications

Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS): What Students will Learn


TM

This class will emphasize on firewall operations, software firewall, hardware firewall, and different types of firewalls

Student will learn different firewall deployment strategies

This class will also familiarize with various advance firewall concepts such as Specialty Firewalls and Reverse Firewalls

This class will also provide demonstrations of different firewall testing tools used for testing robustness of firewalls

Firewalls: What Students will Learn


TM

This class will emphasize on the need of bastion host

Students will learn how to build and configure a bastion host to achieve a minimum level of network security assurance

Students will get hands-on experience in deploying honeypots and different types of attacks targeted at honeypots

They will also be equipped with knowledge of different techniques and tools for protecting honeypots from attacks

Bastion Hosts & Honeypots: What Students will Learn


TM

Students will hands-on experience on creating and implementing Access Control List

This class will familiarize students with various router commands and type of routing and routing protocols

Students will also learn about multiple routing mechanism, types of routers, routing algorithms, Internet work Operating Systems (IOS) and its features, and Routing Table Maintenance Protocol (RTMP)

Students will learn to configure Windows services, Discretionary Access Control List (DACL), NTFS file system permissions, Kerberos Authentication And Domain Security, IP security, desktop and file management, and different OS related security issues

Hardening Routers and Operating Systems: What Students will Learn


TM

In this class students will learn about VPN security, the process of setting-up VPN, implementing the DHCP service, creating an enterprise certificate authority, installing and configuring an IAS, creating a remote access policy, configuring a VPN server, associating a VPN server with the DHCP server, configuring a remote Client, and testing the client connection

The students will also learn different risks associated with use of VPN and how to secure VPNs from these risks

Virtual Private Network: What Students will Learn


TM

In this class students will be familiarized with the various types and components of a wireless network

They will get hands-on experience in using different wireless network attack tools such as Kismet, WEPCrack, Airsnort, and Aircrack

Students will learn about various wireless network attacks and different techniques used to defend against these attacks

Students will also be familiarized with different wireless networking standards

Wireless Network Security: What Students will Learn


TM

Major Tools Covered in E|NSA


TM

Wireshark is a foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions

Wireshark

Wireshark has a rich feature set which includes the following:

• Deep inspection of hundreds of protocols• Live capture and offline analysis • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, • Capture files compressed with gzip can be decompressed on the fly • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB,

Token Ring, Frame Relay, FDDI, and others (depending on your platfrom) • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3,

SSL/TLS, WEP, and WPA/WPA2


TM

The Nessus® vulnerability scanner features high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture

Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks

Nessus


TM

Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing

It can also be used for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics

Nmap


TM

Retina Network Security Scanner, the industry and government standard for multi-platform vulnerability management, identifies known and zero day vulnerabilities plus provides security risk assessment, enabling security best practices, policy enforcement, and regulatory audits

Retina Security Management Appliance provides centralized vulnerability and security incident management

Retina


TM

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol

It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts

It is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities

Netcat


TM

SuperScan tool is a TCP port scanner, pinger, and hostname resolver

This tool can perform ping scans, port scans using any IP range, and scan any port range from a built-in list or specified range

SuperScan


TM

It is a network security and vulnerability scanner that allows auditing and monitoring network computers for possible vulnerabilities, checking network for all potential methods that a hacker might use to attack it and create a report of potential problems that were found

Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning, and network connections monitoring

NSAuditor


TM

OpManager is a complete, end-to-end Network & IT infrastructure monitoring platform that offers advanced fault and performance management across WAN, VoIP services, network devices, servers, applications, databases and other IT infrastructure such as printers, UPS etc.

Opmanager


TM

E|NSA Labs include video demonstration of installation, configuration and use of these and many more network security tools


TM

6. Understand The Value Of The CNSS’ NSTISSI-4011 Approval


TM

EC-Council was honored at the 12th Colloquium for Information Systems Security Education (CISSE) by the United States Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS) when its Network Security Administrator course (ENSA) was certified for meeting the 4011 training standard for information security professionals. Candidates who complete the EC-Council Network Security Administrator (ENSA) program will also have that extra credential meeting the requirements of the CNSS 4011 Federal Security Certification and Training Standards

E|NSA v4 is Federal Security Certification and Training Standard NSTISSI-4011 Certified


TM

NSTISSI-4011 establishes the minimum training standard for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications and automated information systems (AIS) security

It defines training requirement for INFOSEC professionals with federal departments and agencies involved with National Security as mandated by Telecommunications and Information Systems Security Directive No. 501

NSTISSI-4011 is applicable to all departments and agencies of the U.S. Government, their employees, and contractors who are responsible for the security oversight or management of national security systems during each phase of the life cycle

What is NSTISSI-4011?


TM

It ensures that professionals meet minimum INFOSEC training requirement

It ensures that professionals have a higher awareness and sensitivity to the threats and vulnerabilities of national security information systems

It recognizes the understanding of the need to protect data, information and the means of processing them; and builds a working knowledge of principles and practices in INFOSEC

Benefits of NSTISSI-4011 Certification


TM

NSTISSI-4011 certification ensures the employees that the professionals possess the skill or ability to design, execute, or evaluate agency INFOSEC security procedures and practices

It ensures the employees that certified professionals will be able to apply security concepts while performing their tasks

It ensures employees that professionals are aware and proficient in handling Federal Telecommunications and Information Systems Security Directives and other legal compliance issues

How NSTISSI-4011 Certification Will Help in Career Advancement


TM

E|NSA v4 is an extensive training program and covers a wide supporting field of knowledge along with the recommendation of NSTISSI-4011

Professionals will get an additional certificate along with E|NSA v4 that certifies that they have met a minimum criteria for an INFOSEC professionals as required by NSTISSI-4011

Advantages of NSTISSI-4011

Approved E|NSA v4


TM

7. “Did You Know ? ”


TM

Did you know if a person breach physical security, he can steal servers and networking equipment, resulting in financial and data losses

1 . Did You Know?


TM

Hardening Physical Security

Did you realize that unguarded buildings can bring heavy financial and data losses, thus making many network security equipments useless.

A top Chicago based data center was using unguarded old-fashioned fire escape

Robbers used a clip of the fire escape to gain access to the data center

The robbers accosted one of the employee, swiped his badge through a scanner and entered his security PIN code

The robbers then forced the lonely employee to give his fingerprints to the security system


TM

Come to the ENSA class and let us show you how to make sure these type of physical security breaches are kept out of your organization


TM

You may have known that the purpose of network security is to prevent unauthorized access to the network that is a potential threat to the network and its resources.

2 . Did You Know?


TM

A top medical company’s Prescription Monitoring Program website was compromised that helps pharmacists track prescription drug abuse, and which holds records of nearly 8 million state residents

A hacker group hacked the company’s database using SQL injection attacks and threatened to sell the stolen confidential information such as Social Security numbers, personal medical information, and financial information to spammers and people involved with credit fraud, or hold the information for ransom

Data Theft

Can you imagine what consequences company might have to face if the confidential data is made public?


TM

Come to the ENSA class and we will show you how to minimize various network security breaches that result in data losses


TM

Did you know, that insider threats are threats posed by an malicious insiders who may corrupt, modify, leak or delete important data. Disgruntled employees or ex-employees who have an opinion that the organization has "done them wrong" are major insider threats.

3 . Did You Know?


TM

Insider Threats

Jason was disappointed, the raise he thought he was in for has been turned down. During lunch, he surveyed the area for other employees, but the area was deserted as most people were out enjoying lunch. Sitting back down, he turned to his computer console, goes to the command line and ran network scanning tool Nmap against the company’s accounting systems. The console displayed accounting department’s SQL server. A few keystrokes later, he was able to edit a few columns in the database, giving himself the raise he had longed for.

Did you realize that Jason could have erased entire database or manipulated other records as well?


TM

Come to the ENSA class and let us show you how to prevents, detects, and responds to insider attacks


TM

Did you know that the emails are major carriers of malicious codes over Internet?

4 . Did You Know?


TM

John, working with a reputed MNC , was eagerly waiting for Christmas holidays. Just a few days ahead, he received a mail with a subject line ‘ Merry Christmas’. The mail had an attached greeting card seemingly a .swf file.

He download the card and played the flash greeting. He was overjoyed with message in the card and forwarded the card immediately to all his friends and colleagues.

As soon as he logged in to his system next morning, he was bombarded with bizarre messages all over his screen. He complained it to system administrator but to his dismay he discovered that all of his colleagues whom he sent the message have had the same problem.

Malicious Code Attack

Did you realize that the seemingly innocent file that John played was embedded with malicious codes?


TM

Come to the ENSA class and let us demonstrate you different email attacks and how to secure your network from such attacks


TM

Did you know, according to a recent survey of 2008 security breaches by Verizon Business' Response Intelligence Solutions Knowledge (RISK) team some of the 90 victims studied had deployed intrusion detection systems (IDS) but had not activated them. Others had IDS deployed, but the IDS was not monitoring the area affected by the breach.

5 . Did You Know?


TM

Come to the ENSA class and let us show you how to configure, monitor, and manage IDS/IPS devices and applications from a security perspective


TM

A few carefully constructed emails can knock out any email server. The trick involves sending forged emails that contain thousands of incorrect addresses in the "copy to" fields that are normally used to send duplicate messages.

The exploit depends on finding a server configured to return an email plus its attachments to each incorrect address. This can be tested by sending just a single message.

The next step is to forge an email so it appears to come from the mail server that is to be the target of the attack. This is also relatively simple trick. Finally, the forged email, complete with the thousands of incorrect addresses is sent. The resulting avalanche of "bounced" messages sent to the target server would almost certainly cause it to crash, and leave its users without access to their mail.

6 . Did You Know?

Did you know the researchers at NGSSoftware tested the email servers of all Fortune 500 companies and found that 30 per cent could be used to launch this type of attack?


TM

Come to the ENSA class and let us show you how to protect your server infrastructure from these type of email attacks


TM

According to a report released by security vendor McAfee, cybercriminals have hijacked 12 million new computers since January with an array of new malware. This represents a 50 percent increase in the number of "zombie" computers over 2008.

According to a cyber security awareness group, the Conficker worm has incurred losses amounting to more than $9.1 billion

Even though being small compared with other growing number of botnets, viruses, and worms infecting cyberspace, has infected 18 percent PCs in United States

7 . Did You Know?


TM

Come to the ENSA class and let us show you how to protect your network from Botnets and Zombies


TM

Did you know, U.S. Department of Transportation with the help of auditors from KPMG, determined that the U.S. air traffic control systems are at high risk of attack due to misconfigurations, insecure web applications, and poor patch management policies

8 . Did You Know?


TM

The Air Traffic Control (ATC) systems used by the U.S. Federal Aviation Administration (FAA) was found vulnerable with 763 high-risk vulnerabilities in 70 Web applications

These applications are used to distribute communications frequencies for pilots and controllers to the public

These vulnerabilities can allow an attacker access information stored on the web servers

Patch Management


TM

Come to the ENSA class and let us show you how to design a deployment plan to distribute patch on a timely basis.


TM

Did you know Signature-based scanners miss 58% of malware. In its Global Threat Report, ScanSafe reported that at its highest peak in Q109, 58% of Web malware blocks were zero day threats. ScanSafe noted that the rate of Web-delivered malware increased sharply in the first quarter of 2009 – another 19% from 4Q08.

9. Did You Know?


TM

Malware Attacks

Source: Global Threat Report, ScanSafe


TM

Come to the ENSA class and let us show you how to stop malware and protect your network from these attacks.


TM

According a report by Gartner, misconfiguration will account for 70% of successful WLAN attacks through 2009. Hackers can easily exploit a poorly configured and maintained wireless network. Improperly configured client VPNs can be easily compromised, thus letting the hacker access through the VPN.

10. Did You Know?


TM

Come to the ENSA class and let us demonstrate you how to configure WLAN devices and application in your network


TM

Documents

| EC-Council Network Security Administrator TM E | NSA How to Out-beat, Outsell and Out- market your competition in selling the E | NSA