Home | Course Search | Catalog | Career Tracks | Request Info | Contact Us | Site Map | 1-800-482-2233 | Locations | Student Referral

About Us
Training
Lodging Info
BootCamps
Career Tracks
Microsoft®
Authorized Cisco®
CompTIA
EC-Council
Overview
CEH: Ethical Hacker
CHFI: Computer Forensic
ECSA/LPT
Project Management Professional
Workforce Job Training
Testing
Financing
Professional Services
Staffing & Recruitment Services
Employment
News
Request Info
Career Center
Pictures
Investor Corner
International Students
Veterans
Evaluations
Testimonials
Military-FISMA & DOD Directive 8570.1
SCP CERTIFICATIONS
FIU
Online Test
ROC

 

Course Description

ECSA/LPT is a security class like no other! Providing real world hands on experience, it is the only in-depth Advanced Hacking and Penetration Testing class available that covers testing in all modern infrastructures, operating systems and application environments.

EC-Council’s Certified Security Analyst/LPT program is a highly interactive 5-day security class designed to teach Security Professionals the advanced uses of the LPT methodologies, tools and techniques required to perform comprehensive information security tests. Students will learn how to design, secure and test networks to protect your organization from the threats hackers and crackers pose. By teaching the tools and ground breaking techniques for security and penetration testing, this class will help you perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure. As students learn to identify security problems, they also learn how to avoid and eliminate them, with the class providing complete coverage of analysis and network security-testing topics.

Who Should Attend
Network server administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment professionals.

Duration:
5 days (9:00 – 5:00) Certification

Exam
The ECSA certification exam will be conducted on the last day of training. Students need to pass the online Prometric exam 412-79 to receive the ECSA certification. The Student also will be prepared for the LPT certification.

Course Outline v4

Module 1: The Need for Security Analysis

  • What Are We Concerned About?

  • So What Are You Trying To Protect?

  • Why Are Intrusions So Often Successful?

  • What Are The Greatest Challenges?

  • Environmental Complexity

  • New Technologies

  • New Threats, New Exploits

  • Limited Focus

  • Limited Expertise

  • Authentication

  • Authorization

  • Confidentiality

  • Integrity

  • Availability

  • Nonrepudiation

  • We Must Be Diligento:p>

  • Threat Agents

  • Assessment Questions

  • How Much Security is Enough?

  • Risk

  • Simplifying Risk

  • Risk Analysis

  • Risk Assessment Answers Seven Questions

  • Steps of Risk Assessment

  • Risk Assessment Values

  • Information Security Awareness

  • Security policies

  • Types of Policies

  • Promiscuous Policy

  • Permissive Policy

  • Prudent Policy

  • Paranoid Policy

  • Acceptable-Use Policy

  • User-Account Policy

  • Remote-Access Policy

  • Information-Protection Policy

  • Firewall-Management Policy

  • Special-Access Policy

  • Network-Connection Policy

  • Business-Partner Policy

  • Other Important Policies

  • Policy Statements

  • Basic Document Set of Information Security Policies

  • ISO 17799

  • Domains of ISO 17799

  • No Simple Solutions

  • U.S. Legislation

  • California SB 1386

  • Sarbanes-Oxley 2002

  • Gramm-Leach-Bliley Act (GLBA)

  • Health Insurance Portability and Accountability Act (HIPAA)

  • USA Patriot Act 2001

  • U.K. Legislation

  • How Does This Law Affect a Security Officer?

  • The Data Protection Act 1998

  • The Human Rights Act 1998

  • Interception of Communications

  • The Freedom of Information Act 2000

  • The Audit Investigation and Community Enterprise Act 2005

Module 2: Advanced Googling

  • Site Operator

  • intitle:index.of

  • error | warning

  • login | logon

  • username | userid | employee.ID | “your username is”

  • password | passcode | “your password is”

  • admin | administrator

  • admin login

  • –ext:html –ext:htm –ext:shtml –ext:asp –ext:php

  • inurl:temp | inurl:tmp | inurl:backup | inurl:bak

  • intranet | help.desk

  • Locating Public Exploit Sites

  • Locating Exploits Via Common Code Strings

  • Searching for Exploit Code with Nonstandard Extensions

  • Locating Source Code with Common Strings

  • Locating Vulnerable Targets

  • Locating Targets Via Demonstration Pages

  • “Powered by” Tags Are Common Query Fodder for Finding Web Applications

  • Locating Targets Via Source Code

  • Vulnerable Web Application Examples

  • Locating Targets Via CGI Scanning

  • A Single CGI Scan-Style Query

  • Directory Listings

  • Finding IIS 5.0 Servers

  • Web Server Software Error Messages

  • IIS HTTP/1.1 Error Page Titles

  • “Object Not Found” Error Message Used to Find IIS 5.0

  • Apache Web Server

  • Apache 2.0 Error Pages

  • Application Software Error Messages

  • ASP Dumps Provide Dangerous Details

  • Many Errors Reveal Pathnames and Filenames

  • CGI Environment Listings Reveal Lots of Information

  • Default Pages

  • A Typical Apache Default Web Page

  • Locating Default Installations of IIS 4.0 on Windows NT 4.0/OP

  • Default Pages Query for Web Server

  • Outlook Web Access Default Portal

  • Searching for Passwords

  • Windows Registry Entries Can Reveal Passwords

  • Usernames, Cleartext Passwords, and Hostnames!

For complete course outline please click here
Student Logon | Legal Terms | Request Information
Powered By Veplan