1 / 23

Module 1 - Introduction

Module 1 - Introduction. About This Course Why Perform Penetration Tests? Security Certifications Types of Pentesting. About This Course. Presenter Information Video Access Course Disks Network Configuration Certificate of Course Completion Course Support. About This Course.

eyal
Download Presentation

Module 1 - Introduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 1 - Introduction • About This Course • Why Perform Penetration Tests? • Security Certifications • Types of Pentesting

  2. About This Course • Presenter Information • Video Access • Course Disks • Network Configuration • Certificate of Course Completion • Course Support

  3. About This Course • Presenter Information • Thomas Wilhelm • ISSMP / CISSP / SCSECA / SCNA / SCSA / IAM • IT Industry: 15+ years • Security Industry: 7+ years • U.S. Army • SIGINT Analyst / Cryptanalyst • Fortune 100 • Penetration Testing / Risk Assessments • Author • “Penetration Tester’s Open Source Toolkit, Vol.2”

  4. About This Course • Video Access • 30 days access to videos • Use login information provided when enrolled • 60 days to complete PenTest Document to ISSAF standards • http://heorot.net/instruction/PTF/

  5. About This Course • Course Disks • Disk 1.100 • Used in Video Instruction • Disk 1.101 • Used in Hands-On Exercises & “IndependentPenTest Effort” for Course Completion Certification • BackTrack • Used as Penetration Tester’s Toolkit

  6. About This Course • Network Configuration Configuration Issues: • http://de-ice.net/index.php?name=PNphpBB2&file=viewforum&f=17 • Can be used in a virtual machine

  7. About This Course • Certificate of Course Completion • Awarded upon receipt and acceptance of formal documentation of Independent PenTest Effort • Meet ISSAF standards • “Independent PenTest Effort” uses Disk 1.101 • Required material is covered in Module 4-8

  8. About This Course • Certificate of Course Completion - Grading • General Documentation – 250 • Management Summary • Scope of the project (and Out of Scope parts)‏ • Tools that have been used (including exploits)‏ • Dates & times of the actual tests on the systems • Identification of Weakness & Vulnerabilities – 650 • A list of all identified vulnerabilities • Output of tests performed (screenshots or “script” text file)‏ • Action Points – 100 • Recommendation of what to mitigate first • Recommended solution

  9. About This Course • Course Support • Email: training@heorot.net • Support 24x7 • Instructor: PTF@heorot.net • Online chat T,Th 9pm Eastern • Also available by appointment • Available via phone by appointment

  10. Why PerformPenetration Tests? • Black Hat vs. White Hat • Code of Ethics • Legal Responsibilities

  11. Why PerformPenetration Tests? • Code of Ethics • CISSP Code of Ethics Canons: • Protect society, the commonwealth, and the infrastructure. • Act honorably, honestly, justly, responsibly, and legally. • Provide diligent and competent service to principals. • Advance and protect the profession.

  12. Why PerformPenetration Tests? • Black Hat vs. White Hat • Black Hat: • “A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent” - Wikipedia • White Hat: • “A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems” - Wikipedia

  13. Why PerformPenetration Tests? • Legal Responsibilities • Federal Mandates • SOX • HIPPA • FISMA, etc. • State Mandates • California Senate Bill 1386 • Many other states are following California’s Example

  14. Security Certifications • Generalized Knowledge • Appliance-Specific • Methodology

  15. Security Certifications • Generalized Knowledge • (ISC)2 • ISSMP / ISSAP / ISSEP / CISSP / SSCP • Prosoft Learning • Certified Internet Web Professional Program • Designer / Administrator / Manager / Developer • SANS Institute • Global Information Assurance Certification • GISF / GSEC / GCFW / GCIA / GCUX… and more

  16. Security Certifications Appliance-Specific • CISCO • CCSP / CCIE • Check Point • CCSA / CCSE • RSA Security • CSA / CSE • TruSecure • TICSA / TICSE • Operating Systems • SCSECA • RHCSS • MCSE: Security

  17. Security Certifications • Methodology • National Security Agency • IAM / IEM • EC-Council • CEH

  18. Types of Penetration Testing • Network • Host • Application • Database

  19. Types of Penetration Testing Network • Password • Switches / Routers • Firewall • Intrusion Detection • VPN • Storage • WLAN Security • Internet User Security • AS400 • Lotus Notes

  20. Types of Penetration Testing • Host • Unix / Linux • Windows • Novell Netware • Web Server

  21. Types of Penetration Testing • Application • Web Application • Source Code Auditing • Binary Auditing

  22. Types of Penetration Testing • Database • Database Security • Social Engineering

  23. Module 1 - Conclusion • Why Perform Penetration Tests? • About This Course • Security Certifications • Types of Pentesting

More Related