Security Assessment and Audit

Overview:
This program provides a technological perspective and exposure to several audit and evaluation parts and products to fit the best in the organization, the main target is to provide candidates with the abilities necessary to carry out independent evaluations and audits of systems and networks.

Program Objective:
This Program is planned and trained with the following objectives for security experts

1. Briefing on security problems and concerns
2. Understand the safety demands
3. Acquire knowledge of methods of evaluation and audit
4. Carrying out large-scale network
5. Footprinting, enumerate and attacks on system
6. Gain Vulnerability and exploit knowledge
7. Understand about Web, routers, firewalls assessments
8. Understand Database Hacking
9. Reports and excellent practices

Who can attend this program?

* Security consultants and Experts
* Security Experts
* Auditors
* Whoever desires to being network security! Ideal for beginners who want to know about the safety in action.

Requirements:
Candidates should have the following prerequisite knowledge before attend this program:

* Participants should have basic familiarity with Windows and Unix systems
* Participants should have elementary knowledge of networking

Topics Covered:
In this three days training program candidates will learn about:

Schedule: Day-1

Module-1 Understand Security Fundamentals and Concepts
* Security industry landscape and trends
* Know about Security position and evolution
* Goals corporate security
* Threats framework and models
* Attack vectors and its impact
* Popular points of attack and severity
* Q & A

Module-2 Understand Assessment and Audit - approaches and methodologies
* Methods of evaluating and fundamentals
* The goals and targets of the evaluation
* The role of tools and credibility
* Fields of evaluation and value
* Fundamentals of Audit and objectives
* The compliance and standards
* Q & A

Module-3 Understand Network Assessment - Footprinting and Asset Identifications
* Fundamentals of footprinting and objectives
* Methods and approaches
* Queries the public domain
* WHOIS - Query all
* Searches ARIS
* DNS queries and zone transfers
* Draw routes and maps
* Network Awareness
* Windows footprinting
* Reporting and targets designs
* Laboratory

Module- 4 Discovery and Posture Mapping
* Learn about fundamentals of TCP
* Understand Ping sweeps
* Network scanning (TCP and UDP)
* Operating System identification and stack fingerprinting
* Understand Banner grabbing
* Identification Protocol
* Network mapping
* Reports and targets designs
* Laboratory

Schedule: Day-2
Module-5 Information Collecting and Enumeration - Windows
* Introduction to Windows security
* Learn basics of Enumerating
* Understand Security issues with enumeration
* Understand Windows enumeration - NetBIOS over TCP
* Domain Name System Enumeration
* Simple Network Management Protocol (SNMP) query
* LDAP Enumeration
* Laboratory

Module-6 The data collection and enumeration - Linux and Unix
* Linux and Unix security overview
* Linux and Unix systems enumeration fundamentals
* Enumerating NFS
* Remote Procedure call (RPC) query
* Snmpwalk and enumeration
* Users and groups enumeration
* SAMBA information collection
* Finger, rwho and rusers
* Laboratory

Module-7 Understanding of Hacking and Attacks
* Password-guessing
* Password-cracking
* Password-sniffing
* Privilege Escalation
* Introduction to Netcat shell
* Other attack vectors
* Laboratory

Module-8 Understand Assessment of Vulnerability and Exploitation
* Fundamentals of Vulnerabilities
* Detecting vulnerabilities
* Scan vulnerability applying nessus and other tools
* Development exploits
* Exploit frameworks - Metasploit
* Countermeasures and Security
* Laboratory

Schedule: Day-3
Module-9 Learn about Web Hacking
* Fundamentals of Hypertext Transfer Protocol
* Learn about Web Application Components
* Web server assessment
* Web Application Profiling
* Web application hacking
* Development web application
* Tools and technology
* Laboratory

Module-10 Hacking network devices
* Network Maps and entry points
* Router Identification
* Compromising routers
* Firewall Identification
* Firewall banner grabbing
* Loop holes Firewall
* Compromising ACLs
* Virtual Private Network and other tools
* Laboratory

Module-11 Understand SQL (Structured Query Language) Hacking
* Structured Query Language Identification
* Structured Query Language banner grabbing
* Microsoft SQL cracks
* Microsoft SQL hacking
* ORACLE cracks
* ORACLE security problems
* Tools and technology
* Laboratory