Certified Security Specialist

#text-block-10 { margin-bottom:0px; text-align:left; }

Module 01: Information Security Fundamentals

* 2009 Data Breach Investigations Report
* Security Threat Report 2009: SOPHOS
* Data Breach Investigations Report
* Internet Crime Report: IC3
* Top Internet Security Threats of 2008
* Emerging Cyber Threats Report for 2009
* The Most Prevalent Web Vulnerabilities
* Information Security
* Need for Security
* Cost of Computer Crime
* The Security, Functionality, and Ease of Use Triangle
* Common Terminologies
* Elements of Information Security: CIA
* Trends in Security
* 20-Year Trend: Stronger Attack Tools
* Information Security – More Than An IT Challenge For SME
* Statistics Related to Security
* Attack on Social Network Sites for Identity Theft
* The Top Ten List Of Malware-hosting Countries in 2009
* 2010 Threat Predictions
* Information Security Laws and Regulations
* Computer Misuse Act
* Data Protection Act 1998
* Gramm-Leach Bliley Act

Module 02: Addressing Threats

* What is a Threat
* Current Scenario
* Knowing Terms: Vulnerability, Exploit
* Internal Threat
* Sniffing
* External Threat
* Types of External Threats
* External Threats

Module 03: Backdoors, Virus, and Worms

* Introduction to Virus
* Characteristics of a Virus
* Working of Virus
* Worms
* Backdoors
* What is a Trojan
* Overt and Covert Channels
* How is a Worm Different from a Virus
* Virus History
* Stages of Virus Life
* Modes of Virus Infection
* Indications of Virus Attack
* Underground Writers
* Prevention is Better than Cure
* Anti-Virus Systems
* Anti-Virus Software
* AVG Antivirus
* Norton Antivirus
* McAfee Spam Killer
* McAfee VirusScan
* F-Secure Anti-Virus
* Kaspersky Anti-Virus
* How to Detect Trojans
* Tool: Netstat
* Tool: TCPView
* Delete Suspicious Device Drivers
* Check for Running Processes: What’s on My Computer
* Super System Helper Tool
* Tool: What’s Running
* Top 10 Latest Viruses

Module 04: Introduction to the Linux Operating System

* Linux
* Linux Distributions
* Linux – Basics
* Why Do Hackers Use Linux
* Why is Linux Hacked
* How to Apply Patches to Vulnerable Programs
* Linux Rootkits
* Linux Hacking Tools

Module 05: Password Cracking

* Authentication – Definition
* Authentication Mechanisms
* HTTP Authentication
* Microsoft Passport Authentication
* What is a Password Cracker
* Modus Operandi of an Attacker Using Password Cracker
* How does a Password Cracker Work
* Attacks – Classification
* Password Guessing
* Dictionary Maker
* Password Cracking Tools
* Security Tools

Module 06: Cryptography

* Basics of Cryptography
* Public-key Cryptography
* Working of Encryption
* Digital Signature
* What is SSH
* SSH (Secure Shell)
* RSA (Rivest Shamir Adleman)
* Example of RSA algorithm
* RSA Attacks
* RSA Challenge
* MD5
* SHA (Secure Hash Algorithm)
* Code Breaking: Methodologies
* Disk Encryption
* Cryptography Attacks
* Role of Cryptography in Data Security
* Magic Lantern
* Cleversafe Grid Builder
* Microsoft Cryptography Tools

Module 07: Web Servers and Web Applications

* Symantec Government Internet Security Threat Report, Published April 2009
* Symantec Government Internet Security Threat Report, Published April 2009
* Symantec Government Internet Security Threat Report, Published April 2009
* Report: Active Servers Across All Domains
* Top Web Server Developers
* Web Servers
* Web Applications

Module 08: Wireless Networks

* Wireless Networking
* Effects of Wireless Attacks on Business
* Wireless Standards
* Components of Wireless Network
* Types of Wireless Network
* Setting up WLAN
* Detecting a Wireless Network
* How to Access a WLAN
* Advantages and Disadvantages of a Wireless Network
* Antennas
* SSID
* Access Point Positioning
* Rogue Access Points
* Techniques to Detect Open Wireless Networks
* Wireless Security Guidelines
* Netstumbler Tool
* MiniStumbler Tool
* Kismet Tool

Module 09: Intrusion Detection System

* Intrusion Detection Systems
* IDS Placement
* Cybersecurity Plan to Boost IT Firms, But Doubts Persist
* Types of Intrusion Detection Systems
* Ways to Detect an Intrusion
* System Integrity Verifiers (SIV)
* General Indications of System Intrusions
* General Indications of File System Intrusions
* General Indications of Network Intrusions
* Intrusion Detection Tools
* IDS Testing Tool: Traffic IQ Professional
* IDS Software Vendors

Module 10: Firewalls and Honeypots

* Introduction
* Terminology
* Firewwall
* Honeypot

Module 11: Hacking Cycle

* Hacking History
* Who is a Hacker?
* Types of Hackers
* What Does a Hacker Do
* Types of Attacks on a System
* Computer Crimes and Implications
* Legal Perspective (US Federal Law)

Module 12: Introduction to Ethical Hacking

* Attacks Carried out Using Hacked PC
* Hacker Classes
* Hacktivism
* Why Ethical Hacking is Necessary
* Scope and Limitations of Ethical Hacking
* What Do Ethical Hackers Do
* How to Become an Ethical Hacker
* Skills of an Ethical Hacker
* Classification of Ethical Hacker
* Jobs for Ethical Hackers: Job Skills in Order of Popularity
* Jobs for Ethical Hacker
* Jobs for Ethical Hacker
* How Do They Go About It
* Penetration Testing vis-à-vis Ethical Hacking
* How to Simulate an Attack on the Network
* Testing Approaches
* General Prevention
* Vulnerability Research Websites
* Computer Crimes and Security Survey
* Computer Crimes and Security Survey

Module 13: Networking Revisited
* Network Layers
* Application Layer
* Transport Layer
* Internet Layer
* Network Interface Layer
* Physical Layer
* Differentiating Protocols and Services
* Mapping Internet Protocol to OSI
* OSI Layers and Device Mapping
* Network Security
* Ingress and Egress Traffic
* Data Security Threats over a Network
* Network Security Policies
* What Defines a Good Security Policy
* Types of Network Security Policies

Module 14: Secure Network Protocols

* Secure Network Protocols
* Public Key Infrastructure (PKI)
* Access Control Lists (ACL)
* Authentication, Authorization, Accounting (AAA)
* RADIUS
* TACACS+
* Kerberos
* Internet Key Exchange protocol (IKE)

Module 15: Authentication
* Authentication – Definition
* Authentication?Authorization
* Authentication Mechanisms
* HTTP Authentication
* RSA SecurID Token
* Biometrics Authentication
* Types of Biometrics Authentication
* Digital Certificates
* Attacks on Password Authentication

#text-block-11 { margin-bottom:0px; text-align:left; }

Module 16: Network Attacks

* Network Attacks

Module 17: Bastion Hosts and DMZ

* Bastion Host – Introduction
* Types of Bastion Hosts
* Need for a Bastion Host
* Basic Principles for Building a Bastion Host
* General Requirements to Setup a Bastion Host
* Hardware Requirements
* Selecting the Operating System for the Bastion Host
* Positioning the Bastion Host
* Auditing the Bastion Host
* Connecting the Bastion Host
* Tool: IPSentry
* What is DMZ
* Different Ways to Create a DMZ
* Where to Place Bastion Host in the DMZ
* Benefits of DMZ

Module 18: Proxy Servers

* What are Proxy Servers
* Benefits of a Proxy Server
* Other Benefits of a Proxy Server
* Working of a Proxy Server
* Functions of a Proxy Server
* Communication Via a Proxy Server
* Proxy Server-to-Proxy Server Linking
* Proxy Servers vs. Packet Filters
* Networking Protocols for Proxy Servers
* Types of Proxy Servers
* Proxy Server-based Firewalls
* Microsoft Internet Security & Acceleration Server (ISA)
* ISA Server 2006 components
* Steps to Configure Proxy Server on IE
* Limitations of a Proxy server
* List of Proxy Sites

Module 19: Virtual Private Network

* What is a VPN
* VPN Deployment
* Tunneling Described
* Types of Tunneling
* Popular VPN Tunneling Protocols
* VPN Security
* VPN via SSH and PPP
* VPN via SSL and PPP
* VPN via Concentrator
* Other Methods
* VPN Registration and Passwords
* Intro to IPSec
* IPSec Services
* Combining VPN and Firewalls
* VPN Vulnerabilities

Module 20: Introduction to Wireless Network Security
* Introduction to Wireless Networking
* Basics
* Types of Wireless Networks
* Antennas
* SSIDs
* Rogue Access Points
* Tools to Detect Rogue Access Points: NetStumbler
* Netstumbler
* What is Wired Equivalent Privacy (WEP)
* WEP Tool: AirSnort
* 802.11 Wireless LAN Security
* Limitations of WEP Security
* Wireless Transportation Layer Security (WTLS)
* Extensible Authentication Protocol (EAP) Methods
* 802.11i
* Wi-Fi Protected Access (WPA)
* TKIP and AES
* Denial of Service Attacks
* Man-in-the-Middle Attack (MITM)
* WIDZ, Wireless Intrusion Detection System
* Securing Wireless Networks
* Maximum Security: Add VPN to Wireless LAN

Module 21: Voice over Internet Protocol

* VoIP Introduction
* Benefits of VoIP
* Basic VoIP Architecture
* VoIP Layers
* VoIP Standards
* Wireless VoIP
* VoIP Threats
* VoIP Vulnerabilities
* VoIP Security
* Skype’s International Long Distance Share Grows, Fast.
* VoIP Services in Europe
* VoIP Sniffing Tools
* VoIP Scanning and Enumeration Tools
* VoIP Packet Creation and Flooding Tools
* VoIP Fuzzing Tools
* VoIP Signaling Manipulation Tools
* Other VoIP Tools
* VoIP Troubleshooting Tools

Module 22: Computer Forensics Fundamentals
* Forensic Science
* Computer Forensics
* Evolution of Computer Forensics
* Objectives of Computer Forensics
* Need for Computer Forensics
* Cyber Crime
* Modes of Attacks
* Examples of Cyber Crime
* Types of Computer Crimes
* How Serious Are Different Types of Incidents
* Disruptive Incidents to the Business
* Time Spent Responding to the Security Incident
* Cost Expenditure Responding to the Security Incident
* Cyber Crime Investigation Process
* Challenges in Cyber Crime Investigation
* Rules of Forensic Investigation
* Role of Forensics Investigator
* Investigative Agencies: FBI
* Investigative Agencies: National Infrastructure Protection Center
* Role of Law Enforcement Agencies in Forensics Investigation
* Reporting Security Breaches to Law Enforcement Agencies in the U.S.A
* Cyber Laws
* Approaches to Formulation of Cyber Laws
* Some Areas Addressed by Cyber Law
* Important Federal Statutes

Module 23: Trademark, Copyright, and Patents

* Trademark Infringement
* Copyright Infringement
* Plagiarism
* Plagiarism Detection Tools
* Patent Infringement
* Trademarks and Copyright Laws

Module 24: Network and Router Forensics Fundamentals

* Network Forensics
* Traffic Capturing and Analysis Tools
* Router Forensics

Module 25: Incident Response and Forensics

* Cyber Incident Statistics
* What is an Incident
* Security Incidents
* Category of Incidents
* How to Identify an Incident
* How to Prevent an Incident
* Incident Management
* Reporting an Incident
* Pointers to Incident Reporting Process
* Report a Privacy or Security Violation
* Preliminary Information Security Incident Reporting Form
* Incident Response Procedure
* Incident Response Policy
* Incident Response Checklist
* Handling Incidents
* Procedure for Handling Incidents
* Post-Incident Activity
* CSIRT
* CERT
* World CERTs
* GFIRST
* FIRST
* IRTs Around the World

Module 26: Digital Evidence

* Digital Evidence
* Challenging Aspects of Digital Evidence
* The Role of Digital Evidence
* Characteristics of Digital Evidence
* Fragility of Digital Evidence
* Types of Digital Data
* Rules of Evidence
* Best Evidence Rule
* Evidence Life Cycle
* Digital Evidence Investigative Process
* Where to Find Digital Evidence
* Securing Digital Evidence
* Documenting Evidence
* Evidence Examiner Report
* Handling Digital Evidence in a Forensics Lab
* Obtaining a Digital Signature and Analyzing it
* Processing Digital Evidence
* Storing Digital Evidence
* Evidence Retention and Media Storage Requirements
* Forensics Tool: Dcode
* Forensics Tool: WinHex
* Forensics Tool: PDA Secure
* Forensics Tool: Device Seizure

Module 27: Understanding Windows, DOS, Linux, and Macintosh

* File Systems
* Types of File Systems
* Understanding System Boot Sequence
* Exploring Microsoft File Structures
* Exploring Microsoft File Structures: FAT vs. NTFS
* FAT
* NTFS
* Encrypted File Systems (EFS)
* CDFS
* Comparison of File Systems
* Exploring Microsoft File Structures: Cluster
* Gathering Evidence on Windows Systems
* Gathering Volatile Evidence on Windows
* Example: Checking Current Processes With Forensic Tool pslist
* Example: Checking Open Ports With Forensic Tool fport
* Checking Registry Entries
* Features of Forensic Tool: Resplendent Registrar
* How to Create a System State Backup
* Windows Forensics Tool: Helix
* Tools Present in Helix CD for Windows Forensics
* Integrated Windows Forensics Software: X-Ways Forensics
* Windows Forensics Tool: Traces Viewer
* UNIX Overview
* Linux Overview
* Exploring Unix/Linux Disk Data Structures
* Understanding Unix/Linux Boot Process
* Understanding Linux Loader
* Popular Linux File Systems
* Use of Linux as a Forensics Tool
* Advantages of Linux in Forensics
* Popular Linux Forensics Tools
* Mac OS X
* Mac Security Architecture Overview
* Exploring Macintosh Boot Tasks
* Mac OS X File System
* Mac Forensic Tool: MacLockPick
* Mac Forensic Tool: MacAnalysis

Module 28: Steganography

* Introduction
* Definition of Steganography
* Model of Stegosystem
* Application of Steganography
* Steganography Vs. Cryptography
* Classification of Steganography
* Technical Steganography
* Linguistic Steganography
* Digital Steganography
* Strides in Steganography
* Different Forms of Steganography
* Hiding Information in DNA
* Steganographic File System
* Real World Applications of Steganography
* Practical Applications of Steganography
* Unethical Use of Steganography
* Introduction to Stego-Forensics
* Detecting Steganography
* Detecting Text, Image, Audio and Video Steganography
* Steganography Tools

Module 29: Analyzing Logs
* Computer Security Logs
* Importance of Logs in Forensics
* Security Logging
* Examining Intrusion and Security Events
* Logon Event in Window
* Windows Log File
* Logging in Windows
* Remote Logging in Windows
* Ntsyslog
* Logs and Legal Issues
* Log Management
* Centralized Logging and Syslogs
* Log Capturing and Analysis Tools

Module 30: E-mail Crime and Computer Forensics

* Email System
* Internet Protocols
* Email Client
* Email Server
* Exploring the Roles of the Client and Server in E-mail
* Phishing Attack
* Reasons for Successful Phishing
* Identifying E-mail Crimes and Violations
* Investigating Email Crime and Violation
* Obtain a Search Warrant and Seize the Computer and Email Account
* Obtain a Bit-by-Bit Image of Email Information
* Sending E-mail Using Telnet
* Viewing E-mail Headers
* Viewing Headers in Microsoft Outlook
* Viewing Headers in AOL
* Viewing Headers in Hotmail
* Viewing Headers in Gmail
* Gmail Header
* Examining an E-mail Header
* Tracing an E-mail Message
* Using Network Logs Related to E-mail
* Tracing Back
* Tracing Back Web Based E-mail
* Searching E-mail Addresses
* E-mail Search Site
* Using Specialized E-mail Forensic Tools
* U.S. Laws Against Email Crime: CAN-SPAM Act
* Email Crime Law in Washington: RCW 19.190.020

Module 31: Introduction to Writing Investigative Report

* Computer Forensic Report
* Significance of Investigative Reports
* Computer Forensics Report Template
* Report Specifications
* Report Classification
* What to Include in an Investigative Report
* Layout of an Investigative Report
* Writing a Report
* Guidelines for Writing a Report
* Salient Features of a Good Report
* Important Aspects of a Good Report
* Investigative Report Format
* Attachments and Appendices
* Report and Expert Opinion
* Use of Supporting Material
* Sample Forensic Report
* Sample Report
* Writing Report Using FTK

Module 32: Computer Forensics as a Profession

* Introduction
* Developing Computer Forensics Resources
* Computer Forensics Experts
* Preparing for Computing Investigations
* Enforcement Agency Investigations
* Corporate Investigations
* Maintaining Professional Conduct
* Legal Issues
* Approach to Forensic Investigation: A Case Study
* Email Infidelity in a Computer Forensics Investigation Case Study