|EC-CouncilNetworkSecurityAdministrator
TM
How to Out-beat, Outsell and Out-market your competition in selling
the
E|NSA
|EC-CouncilNetworkSecurityAdministrator
TM
1. Understand the demand and supply of Network Administration jobs
2. Leverage industry reports on state of the Network Security
3. Understand Network Security issues
4. Why is Network Security Required?
5. Product knowledge is KEY, Testing Know everything about EC-Council and its certifications
6. Understand the value of the CNSS approval
Agenda: 10 Powerful and Proven Points on Selling E|NSA
|EC-CouncilNetworkSecurityAdministrator
TM
7. Be able to sell how a successful class is delivered – “Did You Know”?
8. Selling with a one-stop shop approach
9. Ability to execute demos, free assessments, etc
10. Sell post class services – Members Portal and the ECE Scheme, ECCUNI credits
Agenda: 10 Powerful and Proven Points on Selling E|NSA
|EC-CouncilNetworkSecurityAdministrator
TM
1. Understand the Demand and Supply of Network Administration Jobs
|EC-CouncilNetworkSecurityAdministrator
TM
PAYSCALE.COM: Median Salary by Years Experience - Job: Network Administrator, IT (United States)
|EC-CouncilNetworkSecurityAdministrator
TM
Network Security Demand Trend
Permanent IT Jobs Citing Network Security Within The UK
Source: http://www.itjobswatch.co.uk/
|EC-CouncilNetworkSecurityAdministrator
TM
Network Security Salary Histogram
Source: http://www.itjobswatch.co.uk/
Salary Histogram For IT Jobs Citing Network Security Over The 3 Months To 8 May 2009 Within The UK
|EC-CouncilNetworkSecurityAdministrator
TM
Network World , 03/04/2009
CIOs continue to seek network, desktop and Windows skills and some might pay top dollar for specific high-tech talents, despite the ongoing economic downturn.
Desktop support ranked as the most wanted skill sets for 76% of CIOs, with network and Windows administration taking the second and third slots with 65% and 64%, respectively. Database management is considered hot for 55% of respondents, and telecommunications support and wireless network management was selected by 47% and 46% of CIOs polled, respectively. Rounding out those skills seen as in demand are Web development/Web site design (39%), virtualization (35%) and business intelligence (31%).
"Help desk/technical support and networking tied as the job areas experiencing the most growth, each cited by 15% of CIOs," according to Robert Half Technology.
Separately Bluewolf projected that salaries for those with networking expertise will spike in the coming months. The staffing firm's IT Salary Guide 2009 revealed that network managers could experience salary increases of as much as 14%, with pay ranging between $70,000 and $110,000 -- which is up from the high end of $95,000 in 2008.
"Investments in several key areas, including network administration and security, business intelligence, wireless communications and Web applications have and will continue to drive aggressive hiring," according to Bluewolf.
The data in Bluewolf's salary study is based on data gathered from roughly 300 clients (with $200 million or more in revenue) for many different job openings, amounting to an estimated 4,000 positions. The staffing firm primarily operates in the New York tri-state area and specifies pay in such areas generally tends to run up to 50% higher than the national average.
Network Skills in Demand, Pay Well in Down Economy
Despite hiring freezes and budget cutting, several high-tech talents remain in demand.
|EC-CouncilNetworkSecurityAdministrator
TM
Networ
k Adm
inistr
ation
Windo
ws Adm
inist
ratio
n
Deskto
p Sup
port
Databa
se M
anag
emen
t
Wireles
s Netw
ork M
anag
emen
t
Telec
ommun
icatio
n Sup
port
Web D
evelo
pmen
t
Busin
ess I
ntelli
genc
e
Virtua
lizatio
n
Micros
oft .N
et Dev
elope
r
XML Dev
elop
ment
0
10
20
30
40
50
60
70
80
Q. “Which of following IT skill sets are most in demand within your IT department?”
IT Skills in Demand Q2-2009
Source: Robert Half Technology survey for 1,400 CIOs from companies with more than 100 employees
|EC-CouncilNetworkSecurityAdministrator
TM
NetworkSecurity
JobsStill in Demand!
|EC-CouncilNetworkSecurityAdministrator
TM
|EC-CouncilNetworkSecurityAdministrator
TM
|EC-CouncilNetworkSecurityAdministrator
TM
|EC-CouncilNetworkSecurityAdministrator
TM
|EC-CouncilNetworkSecurityAdministrator
TM
|EC-CouncilNetworkSecurityAdministrator
TM
2. Leverage industry reports on state of the Network Security
|EC-CouncilNetworkSecurityAdministrator
TM
The most expensive computer security incidents were those involving financial fraud with an average reported cost of close to $500,000
Virus incidents occurred most frequently, occurring at almost half (49 percent) of the respondents’ organizations
Almost one in ten organizations reported they’d had a Domain Name System incident
Twenty-seven percent of those responding to a question regarding “targeted attacks” said they had detected at least one such attackThe vast majority of respondents said their organizations either had (68 percent) or were developing (18 percent) a formal information security policy
Key Findings of CSI Computer Crime and Security Survey - 2008
|EC-CouncilNetworkSecurityAdministrator
TM
"Our initial security reviews and investigations indicate that no account information was altered or removed in any way," Twitter co-founder Biz Stone wrote in a blog post last week. "Personal information that may have been viewed on these 10 individual accounts includes e-mail address, mobile phone number (if one was associated with the account), and the list of accounts blocked by that user," the posting said. "Password information was not revealed or altered, nor were personal messages (direct messages) viewed."Stone did not respond to an e-mail seeking comment. Someone using the alias "Hacker Croll" claims to have gotten access to a Twitter administrator's Twitter password by guessing the secret question to reset the administrator's password on a Yahoo e-mail account where the Twitter password was located, according to a post in the Warez Scene forum. The 13 screenshots posted on the Korben blog and another site include not only what looks like admin pages for the celebrities' accounts, but also a page of blacklisted users and other administrative-type pages. Sure enough, Twitter employee Jason Goldman tweeted on Monday 27 Apr. that his Yahoo e-mail account had gotten hacked, IDG News Service discovered. This isn't the first time Twitter's network has been breached In January, someone hacked into the Twitter internal network and gained access to the Twitter accounts of President Obama, CNN anchor Rick Sanchez, and 31 other high-profile Twitterers. Wired later revealed that the hacker used an automated password guesser to figure out the Twitter administrator's password, which was "happiness".
Twitter's Network Gets Breached Again
Twitter has confirmed that someone broke into its network and gained access to 10 accounts, which appear to include Britney Spears and Ashton Kutcher, according to screenshots posted on a French blog site
|EC-CouncilNetworkSecurityAdministrator
TM
SOMERSET, NJ--(Marketwire - May 6, 2009) - Demand for remote access capabilities has never been greater and the latest survey from AEP Networks shows that 92 percent of organizations questioned allow their employees to work remotely or on the move. This is despite the fact that network threats are on the increase and 44 percent of respondents believe that their networks are no more than "quite" secure. Interestingly, no one thought that unauthorized data access would have a minimal impact on their business, while 29 percent believe this would cause major, long-term damage. The rest ranged between these two poles with 61 percent taking the middle ground or tipping the balance towards more significant harm.
When asked about the likely impact of data loss on their organisation only three percent believed that jobs would be lost and the same number would expect no real impact at all. However, a massive 53 percent thought that data loss would result in a negative impact on their business reputation. Customer relationships would be damaged for 22 percent and 19 percent felt that the impact would be felt directly in the bottom line.
Perceived Threat of Unauthorized Data Access and Data Loss Still Weighs HeavySurvey Says -- 92 Percent of Corporates Enable Remote Access, Despite Fact That 44 Percent
Believe Their Data Networks Are No Better Than "Quite" Secure
|EC-CouncilNetworkSecurityAdministrator
TM
1 • Malicious Insiders
2 • Malware
3 • Exploited Vulnerabilities
4 • Social Engineering
5 • Careless Employee
6 • Reduced Budgets
7 • Remote Workers
8 • Unstable Third Party Providers
9 • Downloaded Software Including Open Source & P2P Files
Top 9 Network Security Threats in 2009
Source: www.csoonline.com
|EC-CouncilNetworkSecurityAdministrator
TM
The Security Landscape
Hacktivism Watch: Political Network Attacks Increase
Friday, March 13, 2009
When armed conflict flared up between Russia and Georgia last summer, the smaller country also found itself subject to a crippling, coordinated Internet attack. An army of PCs controlled by hackers with strong ties to Russian hacking groups flooded Georgian sites with dummy requests, making it near impossible for them to respond to legitimate traffic. The attacks came fast and furious, at times directing 800 megabits of data per second at a targeted website.
This type of politically motivated Internet attack is becoming increasingly common, says Jose Nazario, manager of security research for Arbor Networks. "The problem is sweeping and has changed over the years," Nazario said during a presentation at the security conference SOURCE Boston this week. He noted that the frequency of these attacks and the number of targets being hit have grown steadily over the past few years.
|EC-CouncilNetworkSecurityAdministrator
TM
The Security Landscape
Misconfigured networks create huge security risks
There's a perpetual buzz around software flaws and exploits researchers disclose daily, but security experts say it often distracts IT pros from a growing and more serious problem -- networks so sloppily configured and maintained that the bad guys can drive a virtual bulldozer through them without attracting attention.
The problem runs the gamut from mismatched applications and hardware, security systems that are put in place but not regularly maintained to wireless access points that are opened with no defences attached, according to IT consultants who have seen the problems first hand.
"One of the problems I've come across is the way IT infrastructure is patched together," said Lee Benjamin, principal at ExchangeGuy Consulting . "Look at Wi-Fi access points in a hotel as one example. There are often five or six access points going all the time. Pull into a parking lot and you can find access points.“
On top of that, Benjamin has come across IT infrastructures pieced together with devices that seem to work well but are not properly configured, which makes it a prime target for those who would go hunting for security holes to exploit.
|EC-CouncilNetworkSecurityAdministrator
TM
The Security Landscape
Governments accounted for 1 out of 5 breaches that exposed private data
The number of security breaches that exposed personal identifiable information in government systems in 2008 was far below what the private sector reported, according to a series of reports released by a consumer protection organization on Tuesday.
Of the 656 security breaches reported last year, 16.8 percent occurred in systems operated by state, local and federal governments, including military networks, according to a compilation of reports released by the Identity Theft Resource Center.
The number of breaches reported in 2008 increased 47 percent compared with 2007. But the percentage of incidents the government reported decreased in 2008, dropping from 24.5 percent of the total breaches reported.Companies in the financial and credit market accounted for 11.9 percent of the breaches while organizations in the health care sector were responsible for 14.8 percent. Businesses in general accounted for 36.6 percent of infiltrations, or 240 incidents, and educational institutions accounted for 20 percent.
|EC-CouncilNetworkSecurityAdministrator
TM
2008 – 4.2 million credit and debit card numbers were stolen during the creditcard authorization transmission from thesupermarket chain Hannaford Bros., resulting in 1,800 cases of fraud reported so far
2007 – HM Revenue & Customs in the UK reported the loss of personal data of nearly 25 million people, Gartner Research estimates the recovery costs to be about US$500 million
2007 – TJ stores (TJX) reported a breach which includes, as is estimated at this writing, the records of close to 100 million credit and debit card accounts, with a recovery cost estimated to be about US$216 million
2006 – Through one of AT&T’s vendors, computer hackers access the account data and personal information of nearly 19,000 AT&T credit card holders
Major Network Attacks
|EC-CouncilNetworkSecurityAdministrator
TM
Percentages of Key Types of Incident
Source: CSI Computer Crime & Security Survey, 2008
|EC-CouncilNetworkSecurityAdministrator
TM
3. Understand Network Security Issues
|EC-CouncilNetworkSecurityAdministrator
TM
Overview of Network Security
Network security consists of all the processes, policies, and techniques to detect and prevent unauthorized access of a network and other network resources
Key elements of network security:
• Identification• Authentication• Access control• Confidentiality• Integrity• Non-repudiation
|EC-CouncilNetworkSecurityAdministrator
TM
The Security, Functionality, and Ease of Use Triangle
The number of exploits is less when the number of vulnerabilities are reduced meaning greater security
Greater security translates to reduced functionality
Moving the ball towards security means moving away from functionality and ease of use.
Functionality
Ease of UseSecurity
|EC-CouncilNetworkSecurityAdministrator
TM
Functions of Network Security Administrator
|EC-CouncilNetworkSecurityAdministrator
TM
Types of Network Attacks
• Active attacks are the attacks that modify the target system or message by violating the integrity of that system.
Active attacks
• Passive attacks are those that violate the confidentiality without affecting the state of the system.
Passive attacks
• Attacks initiated by an authorized entity for misusing the resources inside the security perimeter.
Internal attacks
• Attacks initiated by an unauthorized or illegitimate user of the system outside the security perimeter.External attacks
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: Denial of Service (DoS) AttackDoS is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have.
DoS attacks disable the network by flooding network traffic.
Basic types of attacks:
• Resources consumption• Resources starvation• Disruption of physical network components
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: Distributed Denial of Service Attack (DDoS)Large numbers of compromised systems attack a single target
DDoS tools use client/server architecture to direct attacks
DDoS attacks tools:• Trinoo• Tribe Flood Net• TFN2K
Countermeasure:
• Filtering incoming and outgoing packets
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: SQL InjectionSQL injection is a type of security exploit in which the attacker "injects" Structured Query Language (SQL) code through a web form input box to gain access to resources or make changes to data
It is a technique of injecting SQL commands to exploit non-validated input vulnerabilities in a web application database back end
Programmers use sequential commands with user input, making it easier for attackers to inject commands
Attackers can execute arbitrary SQL commands through the web application
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: SpammingSpamming involves sending of unsolicited bulk email
Different forms of spam are:
• Email spam• Instant messaging spam• Usenet newsgroup spam• Web search engines spam• Weblogs spam• Mobile messaging spam
Countermeasures:
• Review email headers to identify the owner of the email• Configure the router to block incoming packets from the specified address• Augment the logging capabilities to detect or alert of such activity
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: Password CrackingIn this attack, attackers gain unauthorized access to systems and the resources by breaching their password protections.
The following tools are used to crack passwords:
• Cain and Abel• John the Ripper• THC Hydra• Air Crack• L0phtcrack• Airsnort• Solar Winds• Pwdump• RainbowCrack • Brutus
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: War Dialing
Process of dialing large number of telephone numbers to locate:
• Insecure modems and dial-in accounts• Inventory and lock down devices and band devices• Break-in attempts
War dialing tools:
• Toneloc• SecureLogix Telesweep Secure• Sandstorm PhoneSweep
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: War Driving, War Chalking, and War Flying
War driving:
• Uses either a laptop's or PC’s wireless NIC set in licentious mode for detecting unsecured wireless LAN signals
War flying:
• Activity of using an aero plane and a Wi-Fi-equipped computer, (Laptop, PDA etc) for detecting Wi-Fi wireless networks
War chalking:
• Marking series of distinct symbols on edifices for indicating access points in the vicinity• Symbols describe the settings to connect to wireless networks through the Internet
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: ScanningScanning is a process of identifying the systems, open ports, and services running in a network.
Objectives:
• Detects systems running on the network• Discovers active/running ports• Performs fingerprinting i.e. discovering operating
systems running on the target system• Identifies the services running/listening on the target
system
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: SniffingSniffing is a technique of capturing data packets from the network traffic as it flows through network.
The objective of sniffing is to steal:• Passwords (from email, the web, SMB, ftp, SQL, or telnet). • Email text. • Files in transfer (email files, ftp files, or SMB).
Sniffing countermeasures:
• Encrypting traffic containing confidential information• Using instrument software to locate sniffer position in the network
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: Man-in-the-Middle AttackA Man-in-the-Middle (MITM) attack is a type of attack in which attacker is able to read, insert, and modify the message in between two users without interfering them.
This attack is also called TCP hijacking.
|EC-CouncilNetworkSecurityAdministrator
TM
Network Attack Techniques: Social EngineeringSocial engineering is the human side of breaking into a corporate network.
• Physical• Psychological
Companies with authentication processes, firewalls, virtual private networks, and network monitoring software are still open to attacks.
Social engineering is a non-technical kind of intrusion that relies heavily on human interaction.
It involves tricking other people to break normal security procedures.
Attacks at two levels:
|EC-CouncilNetworkSecurityAdministrator
TM
Network Security Threat: Trojan
Malicious program that is masqueraded as legitimate software
Has spying capabilities that facilitate computers to be controlled remotely
Configures the network of zombie computers for launching DDoS attacks
Trojan resides mainly at:
• Server system• Attacker’s system
|EC-CouncilNetworkSecurityAdministrator
TM
Network Security Threat: Virus
Malicious program that replicates itself and infects systems with or without human intervention
Major virus types:• Boot sector infectors:
• Attacks the susceptible boot program on the bootable floppy disk• File infectors:
• Attack and modify .EXE and .COM program files• Macro viruses:
• Use built-in programming languages of popular applications for creating malicious macros
|EC-CouncilNetworkSecurityAdministrator
TM
Network Security Threat: IRC Bot
An IRC bot is a type of virus that infects the Windows operating system of a computer that is connected to the network. • Send spam mails.• Collect private data like passwords, bank account information, and credit account
information.• Create a denial-of-service attack on your computer.
An infected IRC bot system or computer will:
• Installing anti-virus software.• Reinstalling operating systems.
Countermeasures:
|EC-CouncilNetworkSecurityAdministrator
TM
Network Security Threat: Worm
Categories of Worms:
Email worms: Spread through infected emails
Instant messaging worms: Spread through instant messaging applications
Internet worms: Scan the Internet for vulnerable machines and try gaining access
File-sharing network worms: Copy themselves to a shared folder with a harmless name
Malicious program that replicates and distribute itself to other systems without human intervention
|EC-CouncilNetworkSecurityAdministrator
TM
Network Security Threat: Logic BombA logic bomb resides in a device inactively and can destroy data when it is triggered by an event.
It is a type of program that is activated on a particular date or time.
It is not a virus, but works in a similar pattern.
Its main intent is to delete the data in hard drive or delete the files that are important for a specific event.
|EC-CouncilNetworkSecurityAdministrator
TM
Network Security Threat: Rootkit
A rootkit is a set of programs to control a compromised computer in a network
Rootkit hides running processes, files, or system data enabling attacker to access a system without the knowledge of the user
Two different types of rootkits are:
Kernel level rootkit:• Appends additional code and/or replaces a portion of kernel code with modified code for hiding a backdoor on a
computer
Application level rootkit:
• Modifies the behavior of existing applications using hooks, patches, and injected code
|EC-CouncilNetworkSecurityAdministrator
TM
4. Why is Network Security Required?
|EC-CouncilNetworkSecurityAdministrator
TM
To prevent unauthorized access to the network that is of potential threat to the network and its resources
To ensure that the authentic users can effectively access the network and its services
To ensure that the applications to protect the network from unauthorized access are in place
The Need for Network Security
|EC-CouncilNetworkSecurityAdministrator
TM
|EC-CouncilNetworkSecurityAdministrator
TM
What is E|NSA?
The ENSA program is designed to provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information
Students will learn how to evaluate network and Internet security issues and design, and how to implement successful security policies and firewall strategies
|EC-CouncilNetworkSecurityAdministrator
TM
|EC-CouncilNetworkSecurityAdministrator
TM
To achieve EC-Council Network Security Administrator (ENSA), EC-Council Network Security Administrator (ENSA) certification 312-38 exam
Candidates who complete the EC-Council Network Security Administrator (ENSA) program will also have that extra credential meeting the requirements of the CNSS 4011 Federal Security Certification and Training Standards
How to become an E|NSA ?
|EC-CouncilNetworkSecurityAdministrator
TM
ENSA is for experienced hands in the industry and is backed by a curriculum designed by the best in the field
Greater industry acceptance as seasoned Network Security professional
Learn to configure firewalls, intrusion detection systems and AV systems
Develop effective security policy in the company
What are the benefits of being an E|NSA?
|EC-CouncilNetworkSecurityAdministrator
TM
Course Duration & Exam Details
Duration:• 5 days (9:00 – 5:00)
Exam Details• The ENSA 312-38 exam will be
conducted on the last day of training. Students need to pass the online Prometric exam to receive the ENSA certification. The exam will be 2 hours with 50 questions. The passing score is 70%.
|EC-CouncilNetworkSecurityAdministrator
TM
System administrators, Network administrators and anyone who is interested in network security technologies
Who Should Attend ?
|EC-CouncilNetworkSecurityAdministrator
TM
Preview of Program
1. Fundamentals of Network
2. Network Protocols
3. Protocol Analysis
4. IEEE standards
5. Network Security
6. Security Standards Organizations
7. Security Standards
8. Security Policy
9. Hardening Physical Security
10. Network Security Threats
11. Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS)
12. Firewalls
13. Packet Filtering and Proxy Servers
14. Bastion Host and Honeypots
|EC-CouncilNetworkSecurityAdministrator
TM
Preview of Program (cont’d)
15. Securing Modems
16. Troubleshooting Network
17. Hardening Routers
18. Hardening Operating Systems
19. Patch Management
20. Log Analysis
21. Application Security
22. Web Security
23. E-mail Security
24. Authentication: Encryption, Cryptography and Digital Signatures
25. Virtual Private Networks
26. Wireless Network Security
27. Creating Fault Tolerance
28. Incident Response
29. Disaster Recovery and Planning
30. Network Vulnerability Assessment
|EC-CouncilNetworkSecurityAdministrator
TM
Covers the fundamentals of Network Security and all that needs to ensure that the basic functionality of networks is proper. Covers Protocol Analysis in-depth
Discusses on various standards to ensure Network security including IEEE standards, including Security Policies, which play a major role in Network Security
Covers how to Harden Physical Security, Operating System Security, Routers and Networks. Discusses on what type of threats a Network might encounter including threats against various Network elements such as modems and how to minimize such risks
Covers deployment of security measures such as Firewalls, Proxy Servers and Packet Filters, Bastion hosts and honeypots
What Makes E|NSA v4 Different?
|EC-CouncilNetworkSecurityAdministrator
TM
Covers the concept of Patch Management in-depth. Discusses on how to secure various Applications such as E-mail security, web security and so on from threats on the Web
Covers the concept of Authentication, Encryption, Cryptography and Digital Signatures
Covers the concept of Virtual Private Networks to ensure security of a Corporate Network. Discusses on how to secure Wireless Networks from external threats
Covers how to create Fault-tolerant Systems and how to handle disasters including Incident Response procedures, Disaster recovery Plans, Risk Assessment and Network Vulnerability Assessment
What Makes E|NSA v4 Different?
|EC-CouncilNetworkSecurityAdministrator
TM
What is New in E|NSA v4? EC-Council’s ENSA courseware is certified to have met the CNSS 4011 Training Standards
Exercise questions at the end of each Module
Activities for every Topic
The lab exercise is a complete revamp
New demos of tools are added
Focus on up-to-date hacking tools and techniques
More concepts are covered
More and latest hacking and security tools are showcased
The flow of topics in each module helps the student in preparing for the ENSA v4 Exam
• Protocol Analysis• IEEE standards• Network Security• Security Standards Organizations• Security Standards• Securing Modems• Troubleshooting Network• Log Analysis
8 new modules are introduced:
|EC-CouncilNetworkSecurityAdministrator
TM
Comparison between E|NSA v3 and E|NSA v4
ENSA v3 ENSA v4Total Modules 22 30Total Number of Pages 1296* 1609*Average Number of Pages per module 59* 53* (without slides)
Total Number of Slides 662* 1000*Average Number of Slides per module 30* 33*
Latest Security News No YESReal Life Case Studies N0 YESComputer Cartoons in Slides YES YES
|EC-CouncilNetworkSecurityAdministrator
TM
Comparison between E|NSA v4and COMPTIA’S Sec+
Topics CoveredNetwork Security
Administrator (ENSA)
CompTIA Security+
Fundamentals of Networks Yes YesNetwork Protocols Yes Yes
Protocol Analysis Yes NoHardening Physical Security Yes Yes (Very Few)Network Security Yes Yes (Very Few)Security Standards Organizations Yes NoSecurity Standards Yes NoSecurity Policy Yes YesIEEE Standards Yes Yes (very Few)Network Security Threats Yes Yes (very Few)Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) Yes Yes (very Few)
|EC-CouncilNetworkSecurityAdministrator
TM
Comparison between E|NSA v4and COMPTIA’S Sec+ (cont’d)
Topics Covered Network Security Administrator (ENSA) CompTIA Security+
Firewalls Yes Yes (very Few)Packet Filtering and Proxy Servers Yes NoBastion Host and Honeypots Yes Yes (very Few)
Securing Modems Yes No
Troubleshooting Network Yes No
Hardening Routers Yes Yes (very Few)Hardening Operating Systems Yes Yes
Patch Management Yes No
Log Analysis Yes No
|EC-CouncilNetworkSecurityAdministrator
TM
Comparison between E|NSA v4and COMPTIA’S Sec+ (cont’d)
Topics CoveredNetwork Security
Administrator (ENSA)
CompTIA Security+
Application Security Yes No
Web Security Yes Yes
E-Mail Security Yes YesAuthentication: Encryption, Cryptography and Digital Signatures Yes Yes
Virtual Private Networks Yes Yes (very Few)Wireless Network Security Yes YesCreating Fault Tolerance Yes Yes (very Few)Incidence Response Yes Yes (very Few)Disaster Recovery and Planning Yes YesNetwork Vulnerability Assessment Yes No
|EC-CouncilNetworkSecurityAdministrator
TM
Difference between E|NSA and C|EH
E|NSA C|EH
ENSA certification looks at the network security in defensive view
CEH certification program looks at the security in offensive mode
Provide fundamental skills needed to analyze the internal and external security threats against a network, and to develop security policies that will protect an organization’s information
The goal of the ethical hacker is to help the organization take preemptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits.
ENSA certifies professionals in evaluating network and Internet security issues and design, and implementing successful security policies and firewall strategies
CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective
|EC-CouncilNetworkSecurityAdministrator
TM
ENSA equips professionals with knowledge of different network architectures, communication protocols, and vulnerabilities in networks that help ethical hackers as a primary tool in their profession
ENSA provides fundamental skills to analyze and respond to internal and external network threats which are basic prerequisites for a successful CEH professionals
Knowledge of how to configure network security devices and application is mandatory for exploiting the vulnerabilities
E|NSA as a Precursor to C|EH
|EC-CouncilNetworkSecurityAdministrator
TM
1. • ENSA is NSTISSI-4011 Approved
2.• More than 600 MB of network security
assessment and protection tools
3.• A large number of whitepapers for
additional reading
4.• More than 200 minutes of video
demonstration for tools and techniques
5.• Labs for all major network security tools
and techniques
E|NSA : Key Selling Points
|EC-CouncilNetworkSecurityAdministrator
TM
Major Topics Covered in E|NSA
|EC-CouncilNetworkSecurityAdministrator
TM
If an attacker breach physical security, he can steal servers and networking equipment, bypassing all network security measures such as IDS and firewalls
In this class students will be sensitized with the need for physical security, different factors affecting physical security and challenges in ensuring physical security
Students will learn personnel security best practices and procedures
They will also learn different access control and facility protection techniques
Hardening Physical Security: What Students will Learn
|EC-CouncilNetworkSecurityAdministrator
TM
In this class students will get a hands-on experience of security awareness programs
They will acquire the skills to create and implement organizational security policies
This class will emphasize on the importance of policies in ensuring network security
Security Policy: What Students will Learn
|EC-CouncilNetworkSecurityAdministrator
TM
This class will make students familiar with the different types of network attacks such as malware attacks and DoS attacks
This class will emphasize on classification of hackers and their techniques, Common Vulnerabilities and Exposures (CVE), attacks, hiding evidence of an attack, and problems detecting network attacks
They will also be familiarized with different network vulnerability scanning tools
Network Security Threat: What Students will Learn
|EC-CouncilNetworkSecurityAdministrator
TM
This class will familiarize students with IDS and Intrusion Detection Concepts
Students will learn about different characteristics and types of IDS and IPS
They will learn to properly install, configure and monitor various IDS and IPS devices and applications
Intrusion Detection System (IDS) and Intrusion Prevention Systems (IPS): What Students will Learn
|EC-CouncilNetworkSecurityAdministrator
TM
This class will emphasize on firewall operations, software firewall, hardware firewall, and different types of firewalls
Student will learn different firewall deployment strategies
This class will also familiarize with various advance firewall concepts such as Specialty Firewalls and Reverse Firewalls
This class will also provide demonstrations of different firewall testing tools used for testing robustness of firewalls
Firewalls: What Students will Learn
|EC-CouncilNetworkSecurityAdministrator
TM
This class will emphasize on the need of bastion host
Students will learn how to build and configure a bastion host to achieve a minimum level of network security assurance
Students will get hands-on experience in deploying honeypots and different types of attacks targeted at honeypots
They will also be equipped with knowledge of different techniques and tools for protecting honeypots from attacks
Bastion Hosts & Honeypots: What Students will Learn
|EC-CouncilNetworkSecurityAdministrator
TM
Students will hands-on experience on creating and implementing Access Control List
This class will familiarize students with various router commands and type of routing and routing protocols
Students will also learn about multiple routing mechanism, types of routers, routing algorithms, Internet work Operating Systems (IOS) and its features, and Routing Table Maintenance Protocol (RTMP)
Students will learn to configure Windows services, Discretionary Access Control List (DACL), NTFS file system permissions, Kerberos Authentication And Domain Security, IP security, desktop and file management, and different OS related security issues
Hardening Routers and Operating Systems: What Students will Learn
|EC-CouncilNetworkSecurityAdministrator
TM
In this class students will learn about VPN security, the process of setting-up VPN, implementing the DHCP service, creating an enterprise certificate authority, installing and configuring an IAS, creating a remote access policy, configuring a VPN server, associating a VPN server with the DHCP server, configuring a remote Client, and testing the client connection
The students will also learn different risks associated with use of VPN and how to secure VPNs from these risks
Virtual Private Network: What Students will Learn
|EC-CouncilNetworkSecurityAdministrator
TM
In this class students will be familiarized with the various types and components of a wireless network
They will get hands-on experience in using different wireless network attack tools such as Kismet, WEPCrack, Airsnort, and Aircrack
Students will learn about various wireless network attacks and different techniques used to defend against these attacks
Students will also be familiarized with different wireless networking standards
Wireless Network Security: What Students will Learn
|EC-CouncilNetworkSecurityAdministrator
TM
Major Tools Covered in E|NSA
|EC-CouncilNetworkSecurityAdministrator
TM
Wireshark is a foremost network protocol analyzer, and is the de facto standard across many industries and educational institutions
Wireshark
Wireshark has a rich feature set which includes the following:
• Deep inspection of hundreds of protocols• Live capture and offline analysis • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, • Capture files compressed with gzip can be decompressed on the fly • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB,
Token Ring, Frame Relay, FDDI, and others (depending on your platfrom) • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3,
SSL/TLS, WEP, and WPA/WPA2
|EC-CouncilNetworkSecurityAdministrator
TM
The Nessus® vulnerability scanner features high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture
Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks
Nessus
|EC-CouncilNetworkSecurityAdministrator
TM
Nmap ("Network Mapper") is a free and open source utility for network exploration or security auditing
It can also be used for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics
Nmap
|EC-CouncilNetworkSecurityAdministrator
TM
Retina Network Security Scanner, the industry and government standard for multi-platform vulnerability management, identifies known and zero day vulnerabilities plus provides security risk assessment, enabling security best practices, policy enforcement, and regulatory audits
Retina Security Management Appliance provides centralized vulnerability and security incident management
Retina
|EC-CouncilNetworkSecurityAdministrator
TM
Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol
It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts
It is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities
Netcat
|EC-CouncilNetworkSecurityAdministrator
TM
SuperScan tool is a TCP port scanner, pinger, and hostname resolver
This tool can perform ping scans, port scans using any IP range, and scan any port range from a built-in list or specified range
SuperScan
|EC-CouncilNetworkSecurityAdministrator
TM
It is a network security and vulnerability scanner that allows auditing and monitoring network computers for possible vulnerabilities, checking network for all potential methods that a hacker might use to attack it and create a report of potential problems that were found
Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning, and network connections monitoring
NSAuditor
|EC-CouncilNetworkSecurityAdministrator
TM
OpManager is a complete, end-to-end Network & IT infrastructure monitoring platform that offers advanced fault and performance management across WAN, VoIP services, network devices, servers, applications, databases and other IT infrastructure such as printers, UPS etc.
Opmanager
|EC-CouncilNetworkSecurityAdministrator
TM
E|NSA Labs include video demonstration of installation, configuration and use of these and many more network security tools
|EC-CouncilNetworkSecurityAdministrator
TM
6. Understand The Value Of The CNSS’ NSTISSI-4011 Approval
|EC-CouncilNetworkSecurityAdministrator
TM
EC-Council was honored at the 12th Colloquium for Information Systems Security Education (CISSE) by the United States Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS) when its Network Security Administrator course (ENSA) was certified for meeting the 4011 training standard for information security professionals. Candidates who complete the EC-Council Network Security Administrator (ENSA) program will also have that extra credential meeting the requirements of the CNSS 4011 Federal Security Certification and Training Standards
E|NSA v4 is Federal Security Certification and Training Standard NSTISSI-4011 Certified
|EC-CouncilNetworkSecurityAdministrator
TM
NSTISSI-4011 establishes the minimum training standard for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications and automated information systems (AIS) security
It defines training requirement for INFOSEC professionals with federal departments and agencies involved with National Security as mandated by Telecommunications and Information Systems Security Directive No. 501
NSTISSI-4011 is applicable to all departments and agencies of the U.S. Government, their employees, and contractors who are responsible for the security oversight or management of national security systems during each phase of the life cycle
What is NSTISSI-4011?
|EC-CouncilNetworkSecurityAdministrator
TM
It ensures that professionals meet minimum INFOSEC training requirement
It ensures that professionals have a higher awareness and sensitivity to the threats and vulnerabilities of national security information systems
It recognizes the understanding of the need to protect data, information and the means of processing them; and builds a working knowledge of principles and practices in INFOSEC
Benefits of NSTISSI-4011 Certification
|EC-CouncilNetworkSecurityAdministrator
TM
NSTISSI-4011 certification ensures the employees that the professionals possess the skill or ability to design, execute, or evaluate agency INFOSEC security procedures and practices
It ensures the employees that certified professionals will be able to apply security concepts while performing their tasks
It ensures employees that professionals are aware and proficient in handling Federal Telecommunications and Information Systems Security Directives and other legal compliance issues
How NSTISSI-4011 Certification Will Help in Career Advancement
|EC-CouncilNetworkSecurityAdministrator
TM
E|NSA v4 is an extensive training program and covers a wide supporting field of knowledge along with the recommendation of NSTISSI-4011
Professionals will get an additional certificate along with E|NSA v4 that certifies that they have met a minimum criteria for an INFOSEC professionals as required by NSTISSI-4011
Advantages of NSTISSI-4011 Approved E|NSA v4
|EC-CouncilNetworkSecurityAdministrator
TM
7. “Did You Know ? ”
|EC-CouncilNetworkSecurityAdministrator
TM
Did you know if a person breach physical security, he can steal servers and networking equipment, resulting in financial and data losses
1 . Did You Know?
|EC-CouncilNetworkSecurityAdministrator
TM
Hardening Physical Security
Did you realize that unguarded buildings can bring heavy financial and data losses, thus making many network security equipments useless.
A top Chicago based data center was using unguarded old-fashioned fire escape
Robbers used a clip of the fire escape to gain access to the data center
The robbers accosted one of the employee, swiped his badge through a scanner and entered his security PIN code
The robbers then forced the lonely employee to give his fingerprints to the security system
|EC-CouncilNetworkSecurityAdministrator
TM
Come to the ENSA class and let us show you how to make sure these type of physical security breaches are kept out of your organization
|EC-CouncilNetworkSecurityAdministrator
TM
You may have known that the purpose of network security is to prevent unauthorized access to the network that is a potential threat to the network and its resources.
2 . Did You Know?
|EC-CouncilNetworkSecurityAdministrator
TM
A top medical company’s Prescription Monitoring Program website was compromised that helps pharmacists track prescription drug abuse, and which holds records of nearly 8 million state residents
A hacker group hacked the company’s database using SQL injection attacks and threatened to sell the stolen confidential information such as Social Security numbers, personal medical information, and financial information to spammers and people involved with credit fraud, or hold the information for ransom
Data Theft
Can you imagine what consequences company might have to face if the confidential data is made public?
|EC-CouncilNetworkSecurityAdministrator
TM
Come to the ENSA class and we will show you how to minimize various network security breaches that result in data losses
|EC-CouncilNetworkSecurityAdministrator
TM
Did you know, that insider threats are threats posed by an malicious insiders who may corrupt, modify, leak or delete important data. Disgruntled employees or ex-employees who have an opinion that the organization has "done them wrong" are major insider threats.
3 . Did You Know?
|EC-CouncilNetworkSecurityAdministrator
TM
Insider Threats
Jason was disappointed, the raise he thought he was in for has been turned down. During lunch, he surveyed the area for other employees, but the area was deserted as most people were out enjoying lunch. Sitting back down, he turned to his computer console, goes to the command line and ran network scanning tool Nmap against the company’s accounting systems. The console displayed accounting department’s SQL server. A few keystrokes later, he was able to edit a few columns in the database, giving himself the raise he had longed for.
Did you realize that Jason could have erased entire database or manipulated other records as well?
|EC-CouncilNetworkSecurityAdministrator
TM
Come to the ENSA class and let us show you how to prevents, detects, and responds to insider attacks
|EC-CouncilNetworkSecurityAdministrator
TM
Did you know that the emails are major carriers of malicious codes over Internet?
4 . Did You Know?
|EC-CouncilNetworkSecurityAdministrator
TM
John, working with a reputed MNC , was eagerly waiting for Christmas holidays. Just a few days ahead, he received a mail with a subject line ‘ Merry Christmas’. The mail had an attached greeting card seemingly a .swf file.He download the card and played the flash greeting. He was overjoyed with message in the card and forwarded the card immediately to all his friends and colleagues. As soon as he logged in to his system next morning, he was bombarded with bizarre messages all over his screen. He complained it to system administrator but to his dismay he discovered that all of his colleagues whom he sent the message have had the same problem.
Malicious Code Attack
Did you realize that the seemingly innocent file that John played was embedded with malicious codes?
|EC-CouncilNetworkSecurityAdministrator
TM
Come to the ENSA class and let us demonstrate you different email attacks and how to secure your network from such attacks
|EC-CouncilNetworkSecurityAdministrator
TM
Did you know, according to a recent survey of 2008 security breaches by Verizon Business' Response Intelligence Solutions Knowledge (RISK) team some of the 90 victims studied had deployed intrusion detection systems (IDS) but had not activated them. Others had IDS deployed, but the IDS was not monitoring the area affected by the breach.
5 . Did You Know?
|EC-CouncilNetworkSecurityAdministrator
TM
Come to the ENSA class and let us show you how to configure, monitor, and manage IDS/IPS devices and applications from a security perspective
|EC-CouncilNetworkSecurityAdministrator
TM
A few carefully constructed emails can knock out any email server. The trick involves sending forged emails that contain thousands of incorrect addresses in the "copy to" fields that are normally used to send duplicate messages.
The exploit depends on finding a server configured to return an email plus its attachments to each incorrect address. This can be tested by sending just a single message.
The next step is to forge an email so it appears to come from the mail server that is to be the target of the attack. This is also relatively simple trick. Finally, the forged email, complete with the thousands of incorrect addresses is sent. The resulting avalanche of "bounced" messages sent to the target server would almost certainly cause it to crash, and leave its users without access to their mail.
6 . Did You Know?
Did you know the researchers at NGSSoftware tested the email servers of all Fortune 500 companies and found that 30 per cent could be used to launch this type of attack?
|EC-CouncilNetworkSecurityAdministrator
TM
Come to the ENSA class and let us show you how to protect your server infrastructure from these type of email attacks
|EC-CouncilNetworkSecurityAdministrator
TM
According to a report released by security vendor McAfee, cybercriminals have hijacked 12 million new computers since January with an array of new malware. This represents a 50 percent increase in the number of "zombie" computers over 2008.
According to a cyber security awareness group, the Conficker worm has incurred losses amounting to more than $9.1 billion
Even though being small compared with other growing number of botnets, viruses, and worms infecting cyberspace, has infected 18 percent PCs in United States
7 . Did You Know?
|EC-CouncilNetworkSecurityAdministrator
TM
Come to the ENSA class and let us show you how to protect your network from Botnets and Zombies
|EC-CouncilNetworkSecurityAdministrator
TM
Did you know, U.S. Department of Transportation with the help of auditors from KPMG, determined that the U.S. air traffic control systems are at high risk of attack due to misconfigurations, insecure web applications, and poor patch management policies
8 . Did You Know?
|EC-CouncilNetworkSecurityAdministrator
TM
The Air Traffic Control (ATC) systems used by the U.S. Federal Aviation Administration (FAA) was found vulnerable with 763 high-risk vulnerabilities in 70 Web applications
These applications are used to distribute communications frequencies for pilots and controllers to the public
These vulnerabilities can allow an attacker access information stored on the web servers
Patch Management
|EC-CouncilNetworkSecurityAdministrator
TM
Come to the ENSA class and let us show you how to design a deployment plan to distribute patch on a timely basis.
|EC-CouncilNetworkSecurityAdministrator
TM
Did you know Signature-based scanners miss 58% of malware. In its Global Threat Report, ScanSafe reported that at its highest peak in Q109, 58% of Web malware blocks were zero day threats. ScanSafe noted that the rate of Web-delivered malware increased sharply in the first quarter of 2009 – another 19% from 4Q08.
9. Did You Know?
|EC-CouncilNetworkSecurityAdministrator
TM
Malware Attacks
Source: Global Threat Report, ScanSafe
|EC-CouncilNetworkSecurityAdministrator
TM
Come to the ENSA class and let us show you how to stop malware and protect your network from these attacks.
|EC-CouncilNetworkSecurityAdministrator
TM
According a report by Gartner, misconfiguration will account for 70% of successful WLAN attacks through 2009. Hackers can easily exploit a poorly configured and maintained wireless network. Improperly configured client VPNs can be easily compromised, thus letting the hacker access through the VPN.
10. Did You Know?
|EC-CouncilNetworkSecurityAdministrator
TM
Come to the ENSA class and let us demonstrate you how to configure WLAN devices and application in your network
|EC-CouncilNetworkSecurityAdministrator
TM