module 1 - introduction
DESCRIPTION
Module 1 - Introduction. About This Course Why Perform Penetration Tests? Security Certifications Types of Pentesting. About This Course. Presenter Information Video Access Course Disks Network Configuration Certificate of Course Completion Course Support. About This Course. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/1.jpg)
Module 1 - Introduction
About This Course Why Perform Penetration Tests? Security Certifications Types of Pentesting
![Page 2: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/2.jpg)
About This Course
Presenter Information Video Access Course Disks Network Configuration Certificate of Course Completion Course Support
![Page 3: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/3.jpg)
About This Course
Presenter InformationThomas Wilhelm
○ ISSMP / CISSP / SCSECA / SCNA / SCSA / IAM○ IT Industry: 15+ years○ Security Industry: 7+ years○ U.S. Army
SIGINT Analyst / Cryptanalyst
○ Fortune 100Penetration Testing / Risk Assessments
○ Author “Penetration Tester’s Open Source Toolkit, Vol.2”
![Page 4: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/4.jpg)
About This Course
Video Access30 days access to videos
○ Use login information provided when enrolled60 days to complete PenTest Document to
ISSAF standardshttp://heorot.net/instruction/PTF/
![Page 5: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/5.jpg)
About This Course
Course DisksDisk 1.100
○ Used in Video Instruction
Disk 1.101○ Used in Hands-On Exercises & “Independent
PenTest Effort” for Course Completion Certification
BackTrack○ Used as Penetration Tester’s Toolkit
![Page 6: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/6.jpg)
About This Course
Network Configuration
Configuration Issues:•http://de-ice.net/index.php?name=PNphpBB2&file=viewforum&f=17•Can be used in a virtual machine
![Page 7: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/7.jpg)
About This Course
Certificate of Course CompletionAwarded upon receipt and acceptance of
formal documentation of Independent PenTest Effort○ Meet ISSAF standards○ “Independent PenTest Effort” uses Disk 1.101○ Required material is covered in Module 4-8
![Page 8: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/8.jpg)
About This Course
Certificate of Course Completion - GradingGeneral Documentation – 250
Management Summary Scope of the project (and Out of Scope parts) Tools that have been used (including exploits) Dates & times of the actual tests on the systems
Identification of Weakness & Vulnerabilities – 650 A list of all identified vulnerabilities Output of tests performed (screenshots or “script” text file)
Action Points – 100 Recommendation of what to mitigate first Recommended solution
![Page 9: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/9.jpg)
About This Course
Course SupportEmail: [email protected]
○ Support 24x7Instructor: [email protected]
○ Online chat T,Th 9pm EasternAlso available by appointment
○ Available via phone by appointment
![Page 10: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/10.jpg)
Why PerformPenetration Tests?
Black Hat vs. White Hat Code of Ethics Legal Responsibilities
![Page 11: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/11.jpg)
Why PerformPenetration Tests?
Code of EthicsCISSP Code of Ethics Canons:
○ Protect society, the commonwealth, and the infrastructure.
○ Act honorably, honestly, justly, responsibly, and legally.
○ Provide diligent and competent service to principals.
○ Advance and protect the profession.
![Page 12: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/12.jpg)
Why PerformPenetration Tests?
Black Hat vs. White HatBlack Hat:
“A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent”
- Wikipedia
White Hat:“A white hat hacker, also rendered as ethical hacker, is,
in the realm of information technology, a person who is ethically opposed to the abuse of computer systems”
- Wikipedia
![Page 13: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/13.jpg)
Why PerformPenetration Tests?
Legal ResponsibilitiesFederal Mandates
○ SOX○ HIPPA○ FISMA, etc.
State Mandates○ California Senate Bill 1386○ Many other states are following California’s
Example
![Page 14: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/14.jpg)
Security Certifications
Generalized Knowledge Appliance-Specific Methodology
![Page 15: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/15.jpg)
Security Certifications
Generalized Knowledge(ISC)2
ISSMP / ISSAP / ISSEP / CISSP / SSCP
Prosoft LearningCertified Internet Web Professional ProgramDesigner / Administrator / Manager / Developer
SANS InstituteGlobal Information Assurance CertificationGISF / GSEC / GCFW / GCIA / GCUX… and more
![Page 16: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/16.jpg)
Security Certifications
Appliance-Specific
CISCO CCSP / CCIE
Check Point CCSA / CCSE
RSA Security CSA / CSE
TruSecure TICSA / TICSE
Operating Systems SCSECA RHCSS MCSE: Security
![Page 17: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/17.jpg)
Security Certifications
MethodologyNational Security Agency
○ IAM / IEMEC-Council
○ CEH
![Page 18: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/18.jpg)
Types of Penetration Testing
Network Host Application Database
![Page 19: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/19.jpg)
Types of Penetration Testing
Network
PasswordSwitches / RoutersFirewallIntrusion DetectionVPNStorage
WLAN Security Internet User SecurityAS400Lotus Notes
![Page 20: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/20.jpg)
Types of Penetration Testing
HostUnix / LinuxWindowsNovell NetwareWeb Server
![Page 21: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/21.jpg)
Types of Penetration Testing
ApplicationWeb ApplicationSource Code AuditingBinary Auditing
![Page 22: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/22.jpg)
Types of Penetration Testing
DatabaseDatabase SecuritySocial Engineering
![Page 23: Module 1 - Introduction](https://reader035.vdocuments.net/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/23.jpg)
Module 1 - Conclusion
Why Perform Penetration Tests? About This Course Security Certifications Types of Pentesting