module 1 - introduction
DESCRIPTION
Module 1 - Introduction. About This Course Why Perform Penetration Tests? Security Certifications Types of Pentesting. About This Course. Presenter Information Video Access Course Disks Network Configuration Certificate of Course Completion Course Support. About This Course. - PowerPoint PPT PresentationTRANSCRIPT
Module 1 - Introduction
About This Course Why Perform Penetration Tests? Security Certifications Types of Pentesting
About This Course
Presenter Information Video Access Course Disks Network Configuration Certificate of Course Completion Course Support
About This Course
Presenter InformationThomas Wilhelm
○ ISSMP / CISSP / SCSECA / SCNA / SCSA / IAM○ IT Industry: 15+ years○ Security Industry: 7+ years○ U.S. Army
SIGINT Analyst / Cryptanalyst
○ Fortune 100Penetration Testing / Risk Assessments
○ Author “Penetration Tester’s Open Source Toolkit, Vol.2”
About This Course
Video Access30 days access to videos
○ Use login information provided when enrolled60 days to complete PenTest Document to
ISSAF standardshttp://heorot.net/instruction/PTF/
About This Course
Course DisksDisk 1.100
○ Used in Video Instruction
Disk 1.101○ Used in Hands-On Exercises & “Independent
PenTest Effort” for Course Completion Certification
BackTrack○ Used as Penetration Tester’s Toolkit
About This Course
Network Configuration
Configuration Issues:•http://de-ice.net/index.php?name=PNphpBB2&file=viewforum&f=17•Can be used in a virtual machine
About This Course
Certificate of Course CompletionAwarded upon receipt and acceptance of
formal documentation of Independent PenTest Effort○ Meet ISSAF standards○ “Independent PenTest Effort” uses Disk 1.101○ Required material is covered in Module 4-8
About This Course
Certificate of Course Completion - GradingGeneral Documentation – 250
Management Summary Scope of the project (and Out of Scope parts) Tools that have been used (including exploits) Dates & times of the actual tests on the systems
Identification of Weakness & Vulnerabilities – 650 A list of all identified vulnerabilities Output of tests performed (screenshots or “script” text file)
Action Points – 100 Recommendation of what to mitigate first Recommended solution
About This Course
Course SupportEmail: [email protected]
○ Support 24x7Instructor: [email protected]
○ Online chat T,Th 9pm EasternAlso available by appointment
○ Available via phone by appointment
Why PerformPenetration Tests?
Black Hat vs. White Hat Code of Ethics Legal Responsibilities
Why PerformPenetration Tests?
Code of EthicsCISSP Code of Ethics Canons:
○ Protect society, the commonwealth, and the infrastructure.
○ Act honorably, honestly, justly, responsibly, and legally.
○ Provide diligent and competent service to principals.
○ Advance and protect the profession.
Why PerformPenetration Tests?
Black Hat vs. White HatBlack Hat:
“A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent”
- Wikipedia
White Hat:“A white hat hacker, also rendered as ethical hacker, is,
in the realm of information technology, a person who is ethically opposed to the abuse of computer systems”
- Wikipedia
Why PerformPenetration Tests?
Legal ResponsibilitiesFederal Mandates
○ SOX○ HIPPA○ FISMA, etc.
State Mandates○ California Senate Bill 1386○ Many other states are following California’s
Example
Security Certifications
Generalized Knowledge Appliance-Specific Methodology
Security Certifications
Generalized Knowledge(ISC)2
ISSMP / ISSAP / ISSEP / CISSP / SSCP
Prosoft LearningCertified Internet Web Professional ProgramDesigner / Administrator / Manager / Developer
SANS InstituteGlobal Information Assurance CertificationGISF / GSEC / GCFW / GCIA / GCUX… and more
Security Certifications
Appliance-Specific
CISCO CCSP / CCIE
Check Point CCSA / CCSE
RSA Security CSA / CSE
TruSecure TICSA / TICSE
Operating Systems SCSECA RHCSS MCSE: Security
Security Certifications
MethodologyNational Security Agency
○ IAM / IEMEC-Council
○ CEH
Types of Penetration Testing
Network Host Application Database
Types of Penetration Testing
Network
PasswordSwitches / RoutersFirewallIntrusion DetectionVPNStorage
WLAN Security Internet User SecurityAS400Lotus Notes
Types of Penetration Testing
HostUnix / LinuxWindowsNovell NetwareWeb Server
Types of Penetration Testing
ApplicationWeb ApplicationSource Code AuditingBinary Auditing
Types of Penetration Testing
DatabaseDatabase SecuritySocial Engineering
Module 1 - Conclusion
Why Perform Penetration Tests? About This Course Security Certifications Types of Pentesting