Transcript Slide 1
|
EC-Council
TM
Network
Security
Administrator
How to Out-beat, Outsell and Outmarket your competition in selling
the
E|NSA
|
EC-Council
TM
Network
Security
Administrator
Agenda: 10 Powerful and Proven Points on
Selling E|NSA
1.
Understand the demand and supply of Network Administration jobs
2.
Leverage industry reports on state of the Network Security
3.
Understand Network Security issues
4.
Why is Network Security Required?
5.
Product knowledge is KEY, Testing Know everything about EC-Council
and its certifications
6.
Understand the value of the CNSS approval
|
EC-Council
TM
Network
Security
Administrator
Agenda: 10 Powerful and Proven Points on
Selling E|NSA
7.
Be able to sell how a successful class is delivered – “Did You
Know”?
8.
Selling with a one-stop shop approach
9.
Ability to execute demos, free assessments, etc
10.
Sell post class services – Members Portal and the ECE Scheme,
ECCUNI credits
|
EC-Council
TM
Network
Security
Administrator
1. Understand the Demand and Supply
of Network Administration Jobs
|
EC-Council
TM
Network
Security
Administrator
PAYSCALE.COM:
Median Salary by Years Experience - Job: Network Administrator, IT (United
States)
|
EC-Council
TM
Network
Security
Administrator
Network Security Demand Trend
Permanent IT Jobs Citing Network Security Within The UK
Source: http://www.itjobswatch.co.uk/
|
EC-Council
TM
Network
Security
Administrator
Network Security Salary Histogram
Salary Histogram For IT Jobs Citing Network Security Over The 3 Months To 8 May 2009 Within The UK
Source: http://www.itjobswatch.co.uk/
|
EC-Council
TM
Network
Security
Administrator
Network Skills in Demand, Pay Well in Down
Economy
Despite hiring freezes and budget cutting, several high-tech talents remain in demand.
Network World , 03/04/2009
CIOs continue to seek network, desktop and Windows skills and some might pay top dollar for specific high-tech talents, despite the
ongoing economic downturn.
Desktop support ranked as the most wanted skill sets for 76% of CIOs, with network and Windows administration taking the second
and third slots with 65% and 64%, respectively. Database management is considered hot for 55% of respondents, and
telecommunications support and wireless network management was selected by 47% and 46% of CIOs polled, respectively. Rounding
out those skills seen as in demand are Web development/Web site design (39%), virtualization (35%) and business intelligence (31%).
"Help desk/technical support and networking tied as the job areas experiencing the most growth, each cited by 15% of CIOs," according
to Robert Half Technology.
Separately Bluewolf projected that salaries for those with networking expertise will spike in the coming months. The staffing firm's IT
Salary Guide 2009 revealed that network managers could experience salary increases of as much as 14%, with pay ranging between
$70,000 and $110,000 -- which is up from the high end of $95,000 in 2008.
"Investments in several key areas, including network administration and security, business intelligence, wireless communications and
Web applications have and will continue to drive aggressive hiring," according to Bluewolf.
The data in Bluewolf's salary study is based on data gathered from roughly 300 clients (with $200 million or more in revenue) for many
different job openings, amounting to an estimated 4,000 positions. The staffing firm primarily operates in the New York tri-state area
and specifies pay in such areas generally tends to run up to 50% higher than the national average.
|
EC-Council
TM
Network
Security
Administrator
IT Skills in Demand Q2-2009
Q. “Which of following IT skill sets are most in demand within your IT department?”
80
70
60
50
40
30
20
10
0
Source: Robert Half Technology survey for 1,400 CIOs from companies with more than 100 employees
|
EC-Council
Network
Security
Jobs
Still in Demand!
TM
Network
Security
Administrator
|
EC-Council
TM
Network
Security
Administrator
|
EC-Council
TM
Network
Security
Administrator
|
EC-Council
TM
Network
Security
Administrator
|
EC-Council
TM
Network
Security
Administrator
|
EC-Council
TM
Network
Security
Administrator
|
EC-Council
TM
Network
Security
Administrator
2. Leverage industry reports on state of the
Network Security
|
EC-Council
TM
Network
Security
Administrator
Key Findings of CSI Computer Crime
and Security Survey - 2008
The most expensive computer security incidents were those involving financial fraud with
an average reported cost of close to $500,000
Virus incidents occurred most frequently, occurring at almost half (49 percent) of the
respondents’ organizations
Almost one in ten organizations reported they’d had a Domain Name System incident
Twenty-seven percent of those responding to a question regarding “targeted attacks” said
they had detected at least one such attack
The vast majority of respondents said their organizations either had (68 percent) or were
developing (18 percent) a formal information security policy
|
EC-Council
TM
Network
Security
Administrator
Twitter's Network Gets Breached Again
Twitter has confirmed that someone broke into its network and gained access to 10 accounts, which appear to include
Britney Spears and Ashton Kutcher, according to screenshots posted on a French blog site
"Our initial security reviews and investigations indicate that no account information was altered or removed in any way," Twitter
co-founder Biz Stone wrote in a blog post last week.
"Personal information that may have been viewed on these 10 individual accounts includes e-mail address, mobile phone number
(if one was associated with the account), and the list of accounts blocked by that user," the posting said. "Password information
was not revealed or altered, nor were personal messages (direct messages) viewed."
Stone did not respond to an e-mail seeking comment.
Someone using the alias "Hacker Croll" claims to have gotten access to a Twitter administrator's Twitter password by guessing the
secret question to reset the administrator's password on a Yahoo e-mail account where the Twitter password was located,
according to a post in the Warez Scene forum.
The 13 screenshots posted on the Korben blog and another site include not only what looks like admin pages for the celebrities'
accounts, but also a page of blacklisted users and other administrative-type pages.
Sure enough, Twitter employee Jason Goldman tweeted on Monday 27 Apr. that his Yahoo e-mail account had gotten hacked, IDG
News Service discovered.
This isn't the first time Twitter's network has been breached In January, someone hacked into the Twitter
internal network and gained access to the Twitter accounts of President Obama, CNN anchor Rick Sanchez, and
31 other high-profile Twitterers. Wired later revealed that the hacker used an automated password guesser to figure out the
Twitter administrator's password, which was "happiness".
|
EC-Council
TM
Network
Security
Administrator
Perceived Threat of Unauthorized Data
Access and Data Loss Still Weighs Heavy
Survey Says -- 92 Percent of Corporates Enable Remote Access, Despite Fact That 44 Percent Believe
Their Data Networks Are No Better Than "Quite" Secure
SOMERSET, NJ--(Marketwire - May 6, 2009) - Demand for remote access capabilities has never been greater and the
latest survey from AEP Networks shows that 92 percent of organizations questioned allow their employees to work
remotely or on the move. This is despite the fact that network threats are on the increase and 44 percent of
respondents believe that their networks are no more than "quite" secure. Interestingly, no one thought that
unauthorized data access would have a minimal impact on their business, while 29 percent believe this would cause
major, long-term damage. The rest ranged between these two poles with 61 percent taking the middle ground or tipping
the balance towards more significant harm.
When asked about the likely impact of data loss on their organisation only three percent believed that jobs would be lost
and the same number would expect no real impact at all. However, a massive 53 percent thought that data loss
would result in a negative impact on their business reputation. Customer relationships would be damaged for
22 percent and 19 percent felt that the impact would be felt directly in the bottom line.
|
EC-Council
TM
Network
Security
Administrator
Top 9 Network Security Threats in 2009
1
• Malicious Insiders
2 • Malware
3 • Exploited Vulnerabilities
4 • Social Engineering
5
• Careless Employee
6 • Reduced Budgets
7
• Remote Workers
8 • Unstable Third Party Providers
9 • Downloaded Software Including Open Source & P2P Files
Source: www.csoonline.com
|
EC-Council
TM
Network
Security
Administrator
The Security Landscape
Hacktivism Watch: Political Network Attacks Increase
Friday, March 13, 2009
When armed conflict flared up between Russia and Georgia last summer, the smaller country also found itself subject
to a crippling, coordinated Internet attack. An army of PCs controlled by hackers with strong ties to Russian
hacking groups flooded Georgian sites with dummy requests, making it near impossible for them to
respond to legitimate traffic. The attacks came fast and furious, at times directing 800 megabits of data per
second at a targeted website.
This type of politically motivated Internet attack is becoming increasingly common, says Jose Nazario,
manager of security research for Arbor Networks. "The problem is sweeping and has changed over the years," Nazario
said during a presentation at the security conference SOURCE Boston this week. He noted that the frequency of these
attacks and the number of targets being hit have grown steadily over the past few years.
|
EC-Council
TM
Network
Security
Administrator
The Security Landscape
Misconfigured networks create huge security risks
There's a perpetual buzz around software flaws and exploits researchers disclose daily, but security
experts say it often distracts IT pros from a growing and more serious problem -- networks so sloppily
configured and maintained that the bad guys can drive a virtual bulldozer through them without
attracting attention.
The problem runs the gamut from mismatched applications and hardware, security systems that are put in place but not
regularly maintained to wireless access points that are opened with no defences attached, according to IT consultants
who have seen the problems first hand.
"One of the problems I've come across is the way IT infrastructure is patched together," said Lee Benjamin, principal at
ExchangeGuy Consulting . "Look at Wi-Fi access points in a hotel as one example. There are often five or six access
points going all the time. Pull into a parking lot and you can find access points.“
On top of that, Benjamin has come across IT infrastructures pieced together with devices that seem to work
well but are not properly configured, which makes it a prime target for those who would go hunting for
security holes to exploit.
|
EC-Council
TM
Network
Security
Administrator
The Security Landscape
Governments accounted for 1 out of 5 breaches that exposed private data
The number of security breaches that exposed personal identifiable information in government systems in 2008 was
far below what the private sector reported, according to a series of reports released by a consumer protection
organization on Tuesday.
Of the 656 security breaches reported last year, 16.8 percent occurred in systems operated by state, local and federal
governments, including military networks, according to a compilation of reports released by the Identity Theft
Resource Center.
The number of breaches reported in 2008 increased 47 percent compared with 2007. But the percentage of incidents
the government reported decreased in 2008, dropping from 24.5 percent of the total breaches reported.
Companies in the financial and credit market accounted for 11.9 percent of the breaches while organizations in the
health care sector were responsible for 14.8 percent. Businesses in general accounted for 36.6 percent of infiltrations,
or 240 incidents, and educational institutions accounted for 20 percent.
|
EC-Council
TM
Network
Security
Administrator
Major Network Attacks
2008 – 4.2 million credit and debit card numbers were stolen during the creditcard authorization
transmission from thesupermarket chain Hannaford Bros., resulting in 1,800 cases of fraud
reported so far
2007 – HM Revenue & Customs in the UK reported the loss of personal data of nearly 25 million
people, Gartner Research estimates the recovery costs to be about US$500 million
2007 – TJ stores (TJX) reported a breach which includes, as is estimated at this writing, the records
of close to 100 million credit and debit card accounts, with a recovery cost estimated to be about
US$216 million
2006 – Through one of AT&T’s vendors, computer hackers access the account data and personal
information of nearly 19,000 AT&T credit card holders
|
EC-Council
TM
Network
Security
Administrator
Percentages of Key Types of Incident
Source: CSI Computer Crime & Security Survey, 2008
|
EC-Council
TM
Network
Security
Administrator
3. Understand Network Security
Issues
|
EC-Council
TM
Network
Security
Administrator
Overview of Network Security
Network security consists of all the processes, policies, and techniques to detect and
prevent unauthorized access of a network and other network resources
Key elements of network security:
• Identification
• Authentication
• Access control
• Confidentiality
• Integrity
• Non-repudiation
|
EC-Council
TM
Network
Security
Administrator
The Security, Functionality, and Ease of
Use Triangle
The number of exploits is less when the number of vulnerabilities are reduced meaning
greater security
Greater security translates to reduced functionality
Functionality
Moving the ball towards security
means moving away from
functionality and ease of use.
Security
Ease of Use
|
EC-Council
TM
Network
Security
Administrator
Functions of Network Security
Administrator
Develop, maintain, and implement IT security
Maintain and implement firewalls
Monitor and secure network and servers
Monitor critical files
Backup files
|
EC-Council
TM
Network
Security
Administrator
Types of Network Attacks
Active attacks
• Active attacks are the attacks that modify the target system or
message by violating the integrity of that system.
Passive attacks
• Passive attacks are those that violate the confidentiality without
affecting the state of the system.
Internal attacks
• Attacks initiated by an authorized entity for misusing the resources
inside the security perimeter.
External attacks
• Attacks initiated by an unauthorized or illegitimate user of the
system outside the security perimeter.
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: Denial of
Service (DoS) Attack
DoS is an incident in which a user or organization is deprived of the services of a
resource they would normally expect to have.
DoS attacks disable the network by flooding network traffic.
Basic types of attacks:
• Resources consumption
• Resources starvation
• Disruption of physical network components
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: Distributed
Denial of Service Attack (DDoS)
Large numbers of compromised systems attack a single target
DDoS tools use client/server architecture to direct attacks
DDoS attacks tools:
• Trinoo
• Tribe Flood Net
• TFN2K
Countermeasure:
• Filtering incoming and outgoing packets
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: SQL
Injection
SQL injection is a type of security exploit in which the attacker "injects" Structured Query
Language (SQL) code through a web form input box to gain access to resources or make
changes to data
It is a technique of injecting SQL commands to exploit non-validated input
vulnerabilities in a web application database back end
Programmers use sequential commands with user input, making it easier for attackers to
inject commands
Attackers can execute arbitrary SQL commands through the web application
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: Spamming
Spamming involves sending of unsolicited bulk email
Different forms of spam are:
•
•
•
•
•
•
Email spam
Instant messaging spam
Usenet newsgroup spam
Web search engines spam
Weblogs spam
Mobile messaging spam
Countermeasures:
• Review email headers to identify the owner of the email
• Configure the router to block incoming packets from the specified
address
• Augment the logging capabilities to detect or alert of such activity
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: Password
Cracking
In this attack, attackers gain unauthorized access to systems and the resources by
breaching their password protections.
The following tools are used to crack passwords:
• Cain and Abel
• John the Ripper
• THC Hydra
• Air Crack
• L0phtcrack
• Airsnort
• Solar Winds
• Pwdump
• RainbowCrack
• Brutus
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: War
Dialing
Process of dialing large number of telephone
numbers to locate:
• Insecure modems and dial-in accounts
• Inventory and lock down devices and band devices
• Break-in attempts
War dialing tools:
• Toneloc
• SecureLogix Telesweep Secure
• Sandstorm PhoneSweep
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: War
Driving, War Chalking, and War Flying
War driving:
• Uses either a laptop's or PC’s wireless NIC set in licentious mode for detecting unsecured
wireless LAN signals
War flying:
• Activity of using an aero plane and a Wi-Fi-equipped computer, (Laptop, PDA etc) for
detecting Wi-Fi wireless networks
War chalking:
• Marking series of distinct symbols on edifices for indicating access points in the vicinity
• Symbols describe the settings to connect to wireless networks through the Internet
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: Scanning
Scanning is a process of identifying the systems, open ports, and services
running in a network.
Objectives:
• Detects systems running on the network
• Discovers active/running ports
• Performs fingerprinting i.e. discovering operating
systems running on the target system
• Identifies the services running/listening on the target
system
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: Sniffing
Sniffing is a technique of capturing data packets from the network traffic as it
flows through network.
The objective of sniffing is to steal:
• Passwords (from email, the web, SMB, ftp, SQL, or telnet).
• Email text.
• Files in transfer (email files, ftp files, or SMB).
Sniffing countermeasures:
• Encrypting traffic containing confidential information
• Using instrument software to locate sniffer position in the network
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: Man-inthe-Middle Attack
A Man-in-the-Middle (MITM) attack is a type of attack in which attacker is able to read,
insert, and modify the message in between two users without interfering them.
This attack is also called TCP hijacking.
|
EC-Council
TM
Network
Security
Administrator
Network Attack Techniques: Social
Engineering
Social engineering is the human side of breaking into a corporate network.
Companies with authentication processes, firewalls, virtual private networks, and network
monitoring software are still open to attacks.
Social engineering is a non-technical kind of intrusion that relies heavily on human
interaction.
It involves tricking other people to break normal security procedures.
Attacks at two levels:
• Physical
• Psychological
|
EC-Council
TM
Network
Security
Administrator
Network Security Threat: Trojan
Malicious program that is masqueraded as legitimate software
Has spying capabilities that facilitate computers to be controlled remotely
Configures the network of zombie computers for launching DDoS attacks
Trojan resides mainly at:
• Server system
• Attacker’s system
|
EC-Council
TM
Network
Security
Administrator
Network Security Threat: Virus
Malicious program that replicates itself and infects
systems with or without human intervention
Major virus types:
• Boot sector infectors:
• Attacks the susceptible boot program on the bootable floppy disk
• File infectors:
• Attack and modify .EXE and .COM program files
• Macro viruses:
• Use built-in programming languages of popular applications for creating malicious
macros
|
EC-Council
TM
Network
Security
Administrator
Network Security Threat: IRC Bot
An IRC bot is a type of virus that infects the Windows operating system of a computer
that is connected to the network.
An infected IRC bot system or computer will:
• Send spam mails.
• Collect private data like passwords, bank account information, and credit account information.
• Create a denial-of-service attack on your computer.
Countermeasures:
• Installing anti-virus software.
• Reinstalling operating systems.
|
EC-Council
TM
Network
Security
Administrator
Network Security Threat: Worm
Malicious program that replicates and distribute itself to other systems without
human intervention
Categories of Worms:
Email worms: Spread through infected emails
Instant messaging worms: Spread through instant messaging applications
Internet worms: Scan the Internet for vulnerable machines and try gaining
access
File-sharing network worms: Copy themselves to a shared folder with a
harmless name
|
EC-Council
TM
Network
Security
Administrator
Network Security Threat: Logic Bomb
A logic bomb resides in a device inactively and can destroy data when it is
triggered by an event.
It is a type of program that is activated on a particular date or time.
It is not a virus, but works in a similar pattern.
Its main intent is to delete the data in hard drive or delete the files that are
important for a specific event.
|
EC-Council
TM
Network
Security
Administrator
Network Security Threat: Rootkit
A rootkit is a set of programs to control a compromised computer in a network
Rootkit hides running processes, files, or system data enabling attacker to access a system without the
knowledge of the user
Two different types of rootkits are:
Kernel level rootkit:
• Appends additional code and/or replaces a portion of kernel code with modified code for
hiding a backdoor on a computer
Application level rootkit:
• Modifies the behavior of existing applications using hooks, patches, and injected code
|
EC-Council
TM
Network
Security
Administrator
4. Why is Network Security
Required?
|
EC-Council
TM
Network
Security
Administrator
The Need for Network Security
To prevent unauthorized access to the network that is of potential threat to the
network and its resources
To ensure that the authentic users can effectively access the network and its
services
To ensure that the applications to protect the network from unauthorized
access are in place
|
EC-Council
TM
Network
Security
Administrator
|
EC-Council
TM
Network
Security
Administrator
What is E|NSA?
The ENSA program is designed to provide
fundamental skills needed to analyze the internal and
external security threats against a network, and to
develop security policies that will protect an
organization’s information
Students will learn how to evaluate network and
Internet security issues and design, and how to
implement successful security policies and firewall
strategies
|
EC-Council
TM
Network
Security
Administrator
|
EC-Council
TM
Network
Security
Administrator
How to become an E|NSA ?
To achieve EC-Council Network Security
Administrator (ENSA), EC-Council Network Security
Administrator (ENSA) certification 312-38 exam
Candidates who complete the EC-Council Network
Security Administrator (ENSA) program will also have
that extra credential meeting the requirements of the
CNSS 4011 Federal Security Certification and Training
Standards
|
EC-Council
TM
Network
Security
Administrator
What are the benefits of being an E|NSA?
ENSA is for experienced hands in the industry and is backed by a curriculum
designed by the best in the field
Greater industry acceptance as seasoned Network Security professional
Learn to configure firewalls, intrusion detection systems and AV systems
Develop effective security policy in the company
|
EC-Council
TM
Network
Security
Administrator
Course Duration & Exam Details
Duration:
• 5 days (9:00 – 5:00)
Exam Details
• The ENSA 312-38 exam will be conducted
on the last day of training. Students need
to pass the online Prometric exam to
receive the ENSA certification. The exam
will be 2 hours with 50 questions. The
passing score is 70%.
|
EC-Council
TM
Network
Security
Administrator
Who Should Attend ?
System administrators, Network
administrators and anyone who is
interested in network security technologies
|
EC-Council
TM
Network
Security
Administrator
Preview of Program
1. Fundamentals of Network
8. Security Policy
2. Network Protocols
9. Hardening Physical Security
3. Protocol Analysis
10. Network Security Threats
4. IEEE standards
11. Intrusion Detection System (IDS) and
Intrusion Prevention Systems (IPS)
5. Network Security
12. Firewalls
6. Security Standards Organizations
13. Packet Filtering and Proxy Servers
7. Security Standards
14. Bastion Host and Honeypots
|
EC-Council
TM
Network
Security
Administrator
Preview of Program (cont’d)
15. Securing Modems
23. E-mail Security
16. Troubleshooting Network
24. Authentication: Encryption, Cryptography
and Digital Signatures
17. Hardening Routers
25. Virtual Private Networks
18. Hardening Operating Systems
26. Wireless Network Security
19. Patch Management
27. Creating Fault Tolerance
20. Log Analysis
28. Incident Response
21. Application Security
29. Disaster Recovery and Planning
22. Web Security
30. Network Vulnerability Assessment
|
EC-Council
TM
Network
Security
Administrator
What Makes E|NSA v4 Different?
Covers the fundamentals of Network Security and all that needs to ensure that the basic functionality
of networks is proper. Covers Protocol Analysis in-depth
Discusses on various standards to ensure Network security including IEEE standards, including
Security Policies, which play a major role in Network Security
Covers how to Harden Physical Security, Operating System Security, Routers and Networks. Discusses
on what type of threats a Network might encounter including threats against various Network
elements such as modems and how to minimize such risks
Covers deployment of security measures such as Firewalls, Proxy Servers and Packet Filters, Bastion
hosts and honeypots
|
EC-Council
TM
Network
Security
Administrator
What Makes E|NSA v4 Different?
Covers the concept of Patch Management in-depth. Discusses on how to secure various
Applications such as E-mail security, web security and so on from threats on the Web
Covers the concept of Authentication, Encryption, Cryptography and Digital Signatures
Covers the concept of Virtual Private Networks to ensure security of a Corporate Network.
Discusses on how to secure Wireless Networks from external threats
Covers how to create Fault-tolerant Systems and how to handle disasters including Incident
Response procedures, Disaster recovery Plans, Risk Assessment and Network Vulnerability
Assessment
|
EC-Council
TM
Network
Security
Administrator
What is New in E|NSA v4?
EC-Council’s ENSA courseware is certified to have met the
CNSS 4011 Training Standards
The flow of topics in each module helps the
student in preparing for the ENSA v4 Exam
Exercise questions at the end of each Module
8 new modules are introduced:
Activities for every Topic
The lab exercise is a complete revamp
New demos of tools are added
Focus on up-to-date hacking tools and techniques
More concepts are covered
More and latest hacking and security tools are showcased
•Protocol Analysis
•IEEE standards
•Network Security
•Security Standards Organizations
•Security Standards
•Securing Modems
•Troubleshooting Network
•Log Analysis
|
EC-Council
TM
Network
Security
Administrator
Comparison between E|NSA v3 and E|NSA v4
ENSA v3
ENSA v4
Total Modules
22
30
Total Number of Pages
1296*
1609*
Average Number of Pages per module
59*
53* (without slides)
Total Number of Slides
662*
1000*
Average Number of Slides per module
30*
33*
Latest Security News
No
YES
Real Life Case Studies
N0
YES
Computer Cartoons in Slides
YES
YES
|
EC-Council
TM
Network
Security
Administrator
Comparison between E|NSA v4and
COMPTIA’S Sec+
Topics Covered
Fundamentals of Networks
Network Security
Administrator
(ENSA)
Yes
CompTIA Security+
Yes
Network Protocols
Yes
Yes
Protocol Analysis
Yes
No
Hardening Physical Security
Yes
Yes (Very Few)
Network Security
Yes
Yes (Very Few)
Security Standards Organizations
Security Standards
Security Policy
Yes
Yes
Yes
No
No
Yes
IEEE Standards
Yes
Yes (very Few)
Network Security Threats
Intrusion Detection System (IDS) and Intrusion
Prevention System (IPS)
Yes
Yes (very Few)
Yes
Yes (very Few)
|
EC-Council
TM
Network
Security
Administrator
Comparison between E|NSA v4and
COMPTIA’S Sec+ (cont’d)
Network Security
Administrator (ENSA)
CompTIA Security+
Firewalls
Yes
Yes (very Few)
Packet Filtering and Proxy Servers
Yes
No
Bastion Host and Honeypots
Yes
Yes (very Few)
Securing Modems
Yes
No
Troubleshooting Network
Yes
No
Hardening Routers
Yes
Yes (very Few)
Hardening Operating Systems
Yes
Yes
Patch Management
Yes
No
Log Analysis
Yes
No
Topics Covered
|
EC-Council
TM
Network
Security
Administrator
Comparison between E|NSA v4and
COMPTIA’S Sec+ (cont’d)
Network Security
Administrator (ENSA)
CompTIA Security+
Application Security
Yes
No
Web Security
Yes
Yes
E-Mail Security
Yes
Yes
Authentication: Encryption, Cryptography and Digital
Signatures
Yes
Yes
Virtual Private Networks
Yes
Yes (very Few)
Wireless Network Security
Yes
Yes
Creating Fault Tolerance
Yes
Yes (very Few)
Incidence Response
Yes
Yes (very Few)
Disaster Recovery and Planning
Yes
Yes
Network Vulnerability Assessment
Yes
No
Topics Covered
|
EC-Council
TM
Network
Security
Administrator
Difference between E|NSA and C|EH
|
C EH
ENSA certification looks at the network security
in defensive view
CEH certification program looks at the security in
offensive mode
Provide fundamental skills needed to analyze the
internal and external security threats against a
network, and to develop security policies that will
protect an organization’s information
The goal of the ethical hacker is to help the
organization take preemptive measures against
malicious attacks by attacking the system himself;
all the while staying within legal limits.
ENSA certifies professionals in evaluating
network and Internet security issues and design,
and implementing successful security policies and
firewall strategies
CEH Program certifies individuals in the specific
network security discipline of Ethical Hacking
from a vendor-neutral perspective
E NSA
|
|
EC-Council
TM
Network
Security
Administrator
E|NSA as a Precursor to C|EH
ENSA equips professionals with knowledge of different network architectures,
communication protocols, and vulnerabilities in networks that help ethical
hackers as a primary tool in their profession
ENSA provides fundamental skills to analyze and respond to internal and
external network threats which are basic prerequisites for a successful CEH
professionals
Knowledge of how to configure network security devices and application is
mandatory for exploiting the vulnerabilities
|
EC-Council
TM
Network
Security
Administrator
E|NSA : Key Selling Points
1.
2.
3.
4.
5.
• ENSA is NSTISSI-4011 Approved
• More than 600 MB of network security assessment and protection tools
• A large number of whitepapers for additional reading
• More than 200 minutes of video demonstration for tools and techniques
• Labs for all major network security tools and techniques
|
EC-Council
TM
Network
Security
Administrator
Major Topics Covered in E|NSA
|
EC-Council
TM
Network
Security
Administrator
Hardening Physical Security:
What Students will Learn
If an attacker breach physical security, he can steal servers and networking equipment,
bypassing all network security measures such as IDS and firewalls
In this class students will be sensitized with the need for physical security, different
factors affecting physical security and challenges in ensuring physical security
Students will learn personnel security best practices and procedures
They will also learn different access control and facility protection techniques
|
EC-Council
TM
Network
Security
Administrator
Security Policy:
What Students will Learn
In this class students will get a hands-on experience of security awareness
programs
They will acquire the skills to create and implement organizational security
policies
This class will emphasize on the importance of policies in ensuring network
security
|
EC-Council
TM
Network
Security
Administrator
Network Security Threat:
What Students will Learn
This class will make students familiar with the different types of network
attacks such as malware attacks and DoS attacks
This class will emphasize on classification of hackers and their techniques,
Common Vulnerabilities and Exposures (CVE), attacks, hiding evidence of an
attack, and problems detecting network attacks
They will also be familiarized with different network vulnerability scanning
tools
|
EC-Council
TM
Network
Security
Administrator
Intrusion Detection System (IDS) and
Intrusion Prevention Systems (IPS):
What Students will Learn
This class will familiarize students with IDS and Intrusion Detection
Concepts
Students will learn about different characteristics and types of IDS and
IPS
They will learn to properly install, configure and monitor various IDS
and IPS devices and applications
|
EC-Council
TM
Network
Security
Administrator
Firewalls:
What Students will Learn
This class will emphasize on firewall operations, software firewall, hardware firewall, and
different types of firewalls
Student will learn different firewall deployment strategies
This class will also familiarize with various advance firewall concepts such as Specialty
Firewalls and Reverse Firewalls
This class will also provide demonstrations of different firewall testing tools used for
testing robustness of firewalls
|
EC-Council
TM
Network
Security
Administrator
Bastion Hosts & Honeypots:
What Students will Learn
This class will emphasize on the need of bastion host
Students will learn how to build and configure a bastion host to achieve a minimum level of network
security assurance
Students will get hands-on experience in deploying honeypots and different types of attacks targeted
at honeypots
They will also be equipped with knowledge of different techniques and tools for protecting honeypots
from attacks
|
EC-Council
TM
Network
Security
Administrator
Hardening Routers and Operating Systems:
What Students will Learn
Students will hands-on experience on creating and implementing Access Control List
This class will familiarize students with various router commands and type of routing and routing
protocols
Students will also learn about multiple routing mechanism, types of routers, routing algorithms,
Internet work Operating Systems (IOS) and its features, and Routing Table Maintenance Protocol
(RTMP)
Students will learn to configure Windows services, Discretionary Access Control List (DACL), NTFS
file system permissions, Kerberos Authentication And Domain Security, IP security, desktop and file
management, and different OS related security issues
|
EC-Council
TM
Network
Security
Administrator
Virtual Private Network:
What Students will Learn
In this class students will learn about VPN security, the process of setting-up
VPN, implementing the DHCP service, creating an enterprise certificate
authority, installing and configuring an IAS, creating a remote access policy,
configuring a VPN server, associating a VPN server with the DHCP server,
configuring a remote Client, and testing the client connection
The students will also learn different risks associated with use of VPN and how
to secure VPNs from these risks
|
EC-Council
TM
Network
Security
Administrator
Wireless Network Security:
What Students will Learn
In this class students will be familiarized with the various types and components of a
wireless network
They will get hands-on experience in using different wireless network attack tools such as
Kismet, WEPCrack, Airsnort, and Aircrack
Students will learn about various wireless network attacks and different techniques used
to defend against these attacks
Students will also be familiarized with different wireless networking standards
|
EC-Council
TM
Network
Security
Administrator
Major Tools Covered in E|NSA
|
EC-Council
TM
Network
Security
Administrator
Wireshark
Wireshark is a foremost network protocol analyzer, and is the de facto standard across
many industries and educational institutions
Wireshark has a rich feature set which includes the
following:
• Deep inspection of hundreds of protocols
• Live capture and offline analysis
• Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
• Read/write many different capture file formats: tcpdump (libpcap), Pcap NG,
• Capture files compressed with gzip can be decompressed on the fly
• Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB,
Token Ring, Frame Relay, FDDI, and others (depending on your platfrom)
• Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3,
SSL/TLS, WEP, and WPA/WPA2
|
EC-Council
TM
Network
Security
Administrator
Nessus
The Nessus® vulnerability scanner features high speed discovery,
configuration auditing, asset profiling, sensitive data discovery and
vulnerability analysis of your security posture
Nessus scanners can be distributed throughout an entire enterprise, inside
DMZs, and across physically separate networks
|
EC-Council
TM
Network
Security
Administrator
Nmap
Nmap ("Network Mapper") is a free and open source utility for network exploration or security
auditing
It can also be used for tasks such as network inventory, managing service upgrade schedules,
and monitoring host or service uptime
Nmap uses raw IP packets in novel ways to determine what hosts are available on the network,
what services (application name and version) those hosts are offering, what operating systems
(and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens
of other characteristics
|
EC-Council
TM
Network
Security
Administrator
Retina
Retina Network Security Scanner, the industry and government standard
for multi-platform vulnerability management, identifies known and zero
day vulnerabilities plus provides security risk assessment, enabling
security best practices, policy enforcement, and regulatory audits
Retina Security Management Appliance provides centralized vulnerability
and security incident management
|
EC-Council
TM
Network
Security
Administrator
Netcat
Netcat is a featured networking utility which reads and writes data across network
connections, using the TCP/IP protocol
It is designed to be a reliable "back-end" tool that can be used directly or easily driven by
other programs and scripts
It is a feature-rich network debugging and exploration tool, since it can create almost any
kind of connection you would need and has several interesting built-in capabilities
|
EC-Council
TM
Network
Security
Administrator
SuperScan
SuperScan tool is a TCP port scanner, pinger, and hostname resolver
This tool can perform ping scans, port scans using any IP range, and scan any
port range from a built-in list or specified range
|
EC-Council
TM
Network
Security
Administrator
NSAuditor
It is a network security and vulnerability scanner that allows auditing and
monitoring network computers for possible vulnerabilities, checking network
for all potential methods that a hacker might use to attack it and create a
report of potential problems that were found
Nsauditor is a complete networking utilities package that includes more than
45 network tools and utilities for network auditing, scanning, and network
connections monitoring
|
EC-Council
TM
Network
Security
Administrator
Opmanager
OpManager is a complete, end-to-end Network & IT infrastructure
monitoring platform that offers advanced fault and performance
management across WAN, VoIP services, network devices, servers,
applications, databases and other IT infrastructure such as printers,
UPS etc.
|
EC-Council
TM
Network
Security
Administrator
E|NSA Labs include video demonstration of
installation, configuration and use of these
and many more network security tools
|
EC-Council
TM
Network
Security
Administrator
6. Understand The Value Of The CNSS’
NSTISSI-4011 Approval
|
EC-Council
TM
Network
Security
Administrator
E|NSA v4 is Federal Security Certification and
Training Standard NSTISSI-4011 Certified
EC-Council was honored at the 12th Colloquium for Information
Systems Security Education (CISSE) by the United States
Government National Security Agency (NSA) and the Committee on
National Security Systems (CNSS) when its Network Security
Administrator course (ENSA) was certified for meeting the 4011
training standard for information security professionals. Candidates
who complete the EC-Council Network Security Administrator
(ENSA) program will also have that extra credential meeting the
requirements of the CNSS 4011 Federal Security Certification and
Training Standards
|
EC-Council
TM
Network
Security
Administrator
What is NSTISSI-4011?
NSTISSI-4011 establishes the minimum training standard for the training of
information systems security (INFOSEC) professionals in the disciplines of
telecommunications and automated information systems (AIS) security
It defines training requirement for INFOSEC professionals with federal
departments and agencies involved with National Security as mandated by
Telecommunications and Information Systems Security Directive No. 501
NSTISSI-4011 is applicable to all departments and agencies of the U.S.
Government, their employees, and contractors who are responsible for the security
oversight or management of national security systems during each phase of the life
cycle
|
EC-Council
TM
Network
Security
Administrator
Benefits of NSTISSI-4011 Certification
It ensures that professionals meet minimum INFOSEC training requirement
It ensures that professionals have a higher awareness and sensitivity to the
threats and vulnerabilities of national security information systems
It recognizes the understanding of the need to protect data, information and
the means of processing them; and builds a working knowledge of principles
and practices in INFOSEC
|
EC-Council
TM
Network
Security
Administrator
How NSTISSI-4011 Certification Will
Help in Career Advancement
NSTISSI-4011 certification ensures the employees that the professionals
possess the skill or ability to design, execute, or evaluate agency INFOSEC
security procedures and practices
It ensures the employees that certified professionals will be able to apply
security concepts while performing their tasks
It ensures employees that professionals are aware and proficient in handling
Federal Telecommunications and Information Systems Security Directives and
other legal compliance issues
|
EC-Council
TM
Network
Security
Administrator
Advantages of NSTISSI-4011 Approved
E|NSA v4
E|NSA v4 is an extensive training program and covers a wide supporting field
of knowledge along with the recommendation of NSTISSI-4011
Professionals will get an additional certificate along with E|NSA v4 that
certifies that they have met a minimum criteria for an INFOSEC professionals
as required by NSTISSI-4011
|
EC-Council
TM
Network
Security
Administrator
7. “Did You Know ? ”
|
EC-Council
1.
TM
Network
Security
Administrator
Did You Know?
Did you know if a person breach physical
security, he can steal servers and networking
equipment, resulting in financial and data losses
|
EC-Council
TM
Network
Security
Administrator
Hardening Physical Security
A top Chicago based data center was using unguarded old-fashioned fire escape
Robbers used a clip of the fire escape to gain access to the data center
The robbers accosted one of the employee, swiped his badge through a scanner
and entered his security PIN code
The robbers then forced the lonely employee to give his fingerprints to the
security system
Did you realize that unguarded buildings can bring heavy financial and data
losses, thus making many network security equipments useless.
|
EC-Council
TM
Network
Security
Administrator
Come to the ENSA class and let us show
you how to make sure these type of
physical security breaches are kept out of
your organization
|
EC-Council
TM
Network
Security
Administrator
2 . Did You Know?
You may have known that the purpose of
network security is to prevent unauthorized
access to the network that is a potential
threat to the network and its resources.
|
EC-Council
TM
Network
Security
Administrator
Data Theft
A top medical company’s Prescription Monitoring Program website was
compromised that helps pharmacists track prescription drug abuse, and which
holds records of nearly 8 million state residents
A hacker group hacked the company’s database using SQL injection attacks
and threatened to sell the stolen confidential information such as Social
Security numbers, personal medical information, and financial information to
spammers and people involved with credit fraud, or hold the information for
ransom
Can you imagine what consequences company might have to face if the
confidential data is made public?
|
EC-Council
TM
Network
Security
Administrator
Come to the ENSA class and we will show
you how to minimize various network
security breaches that result in data losses
|
EC-Council
TM
Network
Security
Administrator
3 . Did You Know?
Did you know, that insider threats are threats
posed by an malicious insiders who may corrupt,
modify, leak or delete important data.
Disgruntled employees or ex-employees who
have an opinion that the organization has "done
them wrong" are major insider threats.
|
EC-Council
TM
Network
Security
Administrator
Insider Threats
Jason was disappointed, the raise he thought he was in for has been
turned down. During lunch, he surveyed the area for other
employees, but the area was deserted as most people were out
enjoying lunch. Sitting back down, he turned to his computer
console, goes to the command line and ran network scanning tool
Nmap against the company’s accounting systems. The console
displayed accounting department’s SQL server. A few keystrokes
later, he was able to edit a few columns in the database, giving
himself the raise he had longed for.
Did you realize that Jason could have erased entire database or manipulated
other records as well?
|
EC-Council
TM
Network
Security
Administrator
Come to the ENSA class and let us
show you how to prevents, detects, and
responds to insider attacks
|
EC-Council
TM
Network
Security
Administrator
4 . Did You Know?
Did you know that the emails are major
carriers of malicious codes over Internet?
|
EC-Council
TM
Network
Security
Administrator
Malicious Code Attack
John, working with a reputed MNC , was eagerly waiting for Christmas holidays. Just a
few days ahead, he received a mail with a subject line ‘ Merry Christmas’. The mail had an
attached greeting card seemingly a .swf file.
He download the card and played the flash greeting. He was overjoyed with message in
the card and forwarded the card immediately to all his friends and colleagues.
As soon as he logged in to his system next morning, he was bombarded with bizarre
messages all over his screen. He complained it to system administrator but to his dismay
he discovered that all of his colleagues whom he sent the message have had the same
problem.
Did you realize that the seemingly innocent file that John played was
embedded with malicious codes?
|
EC-Council
TM
Network
Security
Administrator
Come to the ENSA class and let us
demonstrate you different email attacks and
how to secure your network from such attacks
|
EC-Council
TM
Network
Security
Administrator
5 . Did You Know?
Did you know, according to a recent survey of 2008
security breaches by Verizon Business' Response
Intelligence Solutions Knowledge (RISK) team some of
the 90 victims studied had deployed intrusion
detection systems (IDS) but had not activated them.
Others had IDS deployed, but the IDS was not
monitoring the area affected by the breach.
|
EC-Council
TM
Network
Security
Administrator
Come to the ENSA class and let us show
you how to configure, monitor, and
manage IDS/IPS devices and applications
from a security perspective
|
EC-Council
TM
Network
Security
Administrator
6 . Did You Know?
A few carefully constructed emails can knock out any email server. The trick involves sending forged
emails that contain thousands of incorrect addresses in the "copy to" fields that are normally used to
send duplicate messages.
The exploit depends on finding a server configured to return an email plus its attachments to each
incorrect address. This can be tested by sending just a single message.
The next step is to forge an email so it appears to come from the mail server that is to be the target of
the attack. This is also relatively simple trick. Finally, the forged email, complete with the thousands of
incorrect addresses is sent. The resulting avalanche of "bounced" messages sent to the target server
would almost certainly cause it to crash, and leave its users without access to their mail.
Did you know the researchers at NGSSoftware tested the email servers of all Fortune 500
companies and found that 30 per cent could be used to launch this type of attack?
|
EC-Council
TM
Network
Security
Administrator
Come to the ENSA class and let us show
you how to protect your server
infrastructure from these type of email
attacks
|
EC-Council
TM
Network
Security
Administrator
7 . Did You Know?
According to a report released by security vendor McAfee, cybercriminals have
hijacked 12 million new computers since January with an array of new
malware. This represents a 50 percent increase in the number of "zombie"
computers over 2008.
According to a cyber security awareness group, the Conficker worm has
incurred losses amounting to more than $9.1 billion
Even though being small compared with other growing number of botnets,
viruses, and worms infecting cyberspace, has infected 18 percent PCs in United
States
|
EC-Council
TM
Network
Security
Administrator
Come to the ENSA class and let us show you
how to protect your network from Botnets
and Zombies
|
EC-Council
TM
Network
Security
Administrator
8 . Did You Know?
Did you know, U.S. Department of
Transportation with the help of auditors from
KPMG, determined that the U.S. air traffic
control systems are at high risk of attack due to
misconfigurations, insecure web applications,
and poor patch management policies
|
EC-Council
TM
Network
Security
Administrator
Patch Management
The Air Traffic Control (ATC) systems used by the U.S. Federal Aviation
Administration (FAA) was found vulnerable with 763 high-risk vulnerabilities
in 70 Web applications
These applications are used to distribute communications frequencies for
pilots and controllers to the public
These vulnerabilities can allow an attacker access information stored on the
web servers
|
EC-Council
TM
Network
Security
Administrator
Come to the ENSA class and let us show
you how to design a deployment plan to
distribute patch on a timely basis.
|
EC-Council
TM
Network
Security
Administrator
9. Did You Know?
Did you know Signature-based scanners miss 58% of
malware. In its Global Threat Report, ScanSafe reported
that at its highest peak in Q109, 58% of Web malware
blocks were zero day threats. ScanSafe noted that the rate
of Web-delivered malware increased sharply in the first
quarter of 2009 – another 19% from 4Q08.
|
EC-Council
TM
Network
Security
Administrator
Malware Attacks
Source: Global Threat Report, ScanSafe
|
EC-Council
TM
Network
Security
Administrator
Come to the ENSA class and let us show
you how to stop malware and protect
your network from these attacks.
|
EC-Council
TM
Network
Security
Administrator
10. Did You Know?
According a report by Gartner, misconfiguration will
account for 70% of successful WLAN attacks through
2009. Hackers can easily exploit a poorly configured
and maintained wireless network. Improperly
configured client VPNs can be easily compromised,
thus letting the hacker access through the VPN.
|
EC-Council
TM
Network
Security
Administrator
Come to the ENSA class and let us
demonstrate you how to configure WLAN
devices and application in your network
|
EC-Council
TM
Network
Security
Administrator