Topics Covered
Basics of Security, Basic of Security - Appin's Ethical Hacking College, Operating System, DBMS, Data Communication, Computer Networking, Cyber Threats, ethical hacking, Types of Hackers, Hackers Vs Crackers, Desktop & Server Security, Windows Security, Registries, Ports and Services, Vulnerabilities in Windows, Deleted file recovery, Malwares, VIRUS, Worm, Spy ware, Trojan, Bots, Logic Bombs, Ant viruses, Anti Spyware, LAN Security, Setting up a LAN Network, Threats of LAN, Hacking MAC Address, Network Scanners , Introduction to Wi-Fi LAN Security, Firewall Security, Working of a Firewall, Types of Firewall, Packet Filter, Proxy Gateways , Firewall Application, Network Address Translation, Intrusion Detection, Logging, Port Filtering, Internet Security, Finding an IP Address, Anonymous Surfing, Proxies Servers, Transparent Proxies, Anonymous Proxies, Distorting Proxies, Elite Proxies, Free Proxy servers, Email Hacking, How does Email work?, Analysis of Email Headers, Email Tracking, IP Tracking using Email, Microsoft Outlook Security, Spam, Spamming? Methods of Prevention, Email Forging, Detecting Forged Emails, Scanning, Fingerprinting, Information Gathering, Daemon-Banner grabbing, Port Scanning, ICMP Scanning, Active Fingerprinting, Passive Fingerprinting, Attacking the System, Types of attacks, Non Technical Attack (Social engineering Attack), Pretexting Techniques, Phishing Techniques, DOS Attacks, Ping of Death, Land attack, Smurf attack, Tear drop attack, Flood Attack, DOS Vs DDOS Attack, Input Validation Attack, SQL injection Attack, XSS Attack, Buffer Overflow Attack, Key logger Attack, Sniffing Attack, High Level Attack, Password Cracking/ Enumeration, Default password, Dictionary based attack, Brute force Attack, Art of Googling, Terminologies, Basic Search Techniques, Basic Keyword searching, Phrase search, Operator search, Range search, Advanced Search Techniques, Data Backup, Various Data Backup Strategies, Penetration Testing, Catching Criminals, Cyber Terrorism, Forms of Cyber Terrorism, Honey Pots, Research Honey Pots, Production Honey Pots, Cryptography, Types Of Cryptography, SKCS, DES, PKCS, RSA, Hash Function, MD-5, Digital Signature, Digital Certificate, Kerberos, Steganography, Cyber Forensics, Digital Evidence, Security Audting And Cyber Laws, Audit Objectives, Risk Analysis, Auditing Steps, Previous Check, Planning & Organization, Network Control - Policies , Network Ctrl - Hardware / Software, Network Data Standards and Data Access, Hardware and Software Backup and Recovery, Software Communications, Access to Network Operating Systems Software and Facilities, Data Encryption and Filtering, Internet Applications, Password Protection, Security Trends, Latest Security trends, Mobile Security, VoIP Security Scenario, How do we secure VoIP? Secure The Devices, N/W Segregation, Encrypt The Traffic, Intrusion Detection, Virtual Private Network Security, VPN Step by Step Security Framework, VPN Security Issues, VPN Tools and related threats, Other VPN Threats, Wireless LAN, Wired Equivalent Privacy, Detection of MAC Spoofing, Man in the Middle Attack. (MITM), Scanning Tools, Sniffing Tools, Multiuse Tool, WinPcap Tool, Auditing Tools, Wireless Intrusion Detection System, Securing Wireless Network, Router Security, Tracing a Message, Denial of Service Attacks, Configuration of Router, RFC1483, Handshake Protocols, Services Provided by Router, Different types of NAT, Full Cone NAT, Restricted cone NAT, Port Restricted cone NAT, Symmetric NAT, NAPT Services, ADSL Details, Trouble Shooting, Securing the Routers, Intrusion Detection System(IDS) , Need, Components, Types of Intrusion Detection Systems, Network Based & Host Based Intrusion Detection Systems, Detection Methodologies, Signature-based Detection, Anomaly-based Detection, Stateful protocol analysis based, Intrusion Prevention System, Need, Types of IPS, Packet Filtering & Packet Scrubbing, IP Blocking & Deception, Risks Involved, Access Control System, Access Control in Physical Security & in Information Security, Essential Services provided by Access Control Systems, Access Control Polices, Discretionary Access Control(DAC), Non-Discretionary Access Control, Mandatory Access Control(MAC), Role-based Access Control, Temporal Constraints, Architecture of a Work Flow Management System(WFMS), Chinese wall, Access Control in Telecommunication, Access Policy, Classification of Access Policies, E-Mail Security, Social Engineering Vulnerability Assessment and Penetration Testing, Tools used for Vulnerability Tests, Network Based Vulnerability Assessment, Host Based Vulnerability Assessment, Application Level Vulnerability Assessment, Vulnerability Assessment Vs Risk Assessment, Information Gathering, Footprinting Fingerprinting, Network Surveying, Port Scanning and Services Identification, Evading Firewall Rules, Automated Vulnerability Scanning, Exploiting Services for Know Vulnerabilities, Password cracking or Brute Forcing, Denial of Service(DoS) Testing, Escalation of Privileges, Define: Backdoor, Protocols used by Backdoor, Files used by Backdoor, Developing a Rootkit, Listening and Handshaking, How to avoid a Trojan Infection, Buffer Overflow, Stack-Based Overflows, Exploitation, Advanced Level Registry and Code Security, Information Security Auditing, ISO 27001, Standards and International Organization for Standardization, BS7799 / ISO 1799, Improvement in ISO 27001 over BS 7799, Control Objective and Controls In ISO 27001, Selection and Implementation of Controls, Developing and Adopting Policies, Information Security Management System, Internal ISMS Audit, Management Review of the ISMS, ISMS Improvement, Managing Security Awareness, ISMS Implementation, Impact of a sound Security Management System, Security awareness usually fails, WHY? ISO 27001 Certification, Role of Auditors, Marketing ISO 27001 to Senior Management, Preparing for Certification, Compliance accreditation and certification, 6-step process for Certification, Return On Investment, Security Policies, Training and Awareness, System Administration, Establish Effective Security Configurations, Maintain Software, Detect Security Breaches, Respond intelligently to incidents, Security Evaluations, Business Continuity and Disaster, Risk Assessment, Kind of Risk, Stage of Risk Assessment, Approaches To Risk Assessment, Qualitative and Quantitative Risk Assessment, Popular methodologies for Risk Assessment, Business Continuity Planning, Types of Disasters, Local site disasters, Site disaster - encompass the whole building, Area disaster - cover the whole area/vicinity, On the basis of the cause of origin, Elements of a good Business Continuity Plan, Building a Business Continuity Plan, Assess Business Requirements, Identify the IT requirements, Building the Backup/recovery solution, Select products to match the design of the solution, Implement the solution, Keep the solution up-to-date, Security Management Practices, The Big Three : CIA, Identification of Assets, Determining Value of Assets, Threats on Assets, Principles of Risk Management, Safeguard Selection, Data Classification, Information Classification Procedure, Assets Protection & Approving Security Changes, Monitoring Security of the Networks, Security Frameworks, Adequate Security, Aspects of Security, Defense in Depth (DID), Secure Environment, OCTAVE, Security Risk Analysis, Threat Modeling, Stride, Dread, Mobile Threats, Spyware Protection, Types Of Spyware, Compliance Auditing, Identity Management, Biometrics, Application Level Protection, Physical Security, Protection From Facilities From Theft, Vandalism, Natural Disaster, Fire protection, Video Monitoring, Closed Circuit Television, Role of Security Guards, Latest Advancement, Cyber Forensics, Cyber crime, Evidence Collection And Prevention, Preliminary Response, Documentation, Crime scene Management and data recovery, Crime Profiling Crime Scene Management, Live System Data Gathering (Windows), Duplication, Malicious Code Analysis, Interpretation of Common Log Files, Electronic Fingerprint, Forensic Analysis of Unix Systems, Chain of custody - handling evidence, Analysis with standard Unix tools, Coroner's Toolkit, Production Honey pots, Research Honey pots, Low Interaction Honey pots (Honeyed), Appin's ethical hacking college, High interaction honey pots (Honey net), Cyber Laws, e-Governance Impediments in Implementing e-Governance Projects from Legal Perspective, Information Technology Act, 2000, Prosecution of Cyber Crimes under Indian Cyber Laws (IT Act, 2000)