Certified Security Specialist (ECSS)
Classroom Schulung | Deutsch | Anspruch
Schulungsdauer: 5 Tage Durchführung gesichert
Ziele
EC-Council Certified Security Specialist (ECSS) ist ein Security-Programm für Einsteiger, das die grundlegenden Konzepte der Informationssicherheit, Computerforensik und Netzwerksicherheit abdeckt. Es vermittelt den Teilnehmern die Fähigkeit, Bedrohungen der Informationssicherheit zu erkennen, die sich auf die Sicherheitslage des Unternehmens auswirken. Außerdem wird Wissen für die Implementierung allgemeiner Sicherheitskontrollen vermittelt. Dieses Programm gibt einen ganzheitlichen Überblick über die Schlüsselkomponenten der Informationssicherheit, Computerforensik und Netzwerksicherheit.
Der EC-Council Certified Security Specialist (ECSS) wird von einem zertifizierten und erfahrenen EC-Council Trainer durchgeführt. Die Prüfungsgebühr ist im Preis enthalten.
Zielgruppe
ECSS ist für alle gedacht, die ihre Fähigkeiten erweitern und ihre Fähigkeiten verbessern möchten um eine Karriere in den Bereichen der Informationssicherheit,
Netzwerksicherheit und Computerforensik machen wollen.
Voraussetzungen
Mindestalter für die Teilnahme an der Schulung und Prüfung ist 18 Jahre
Agenda
Module 01: Information Security Fundamentals
- Data Breach Statistics
- Data Loss Statistics
- The Global State of Information Security Survey 2016
- Information Security
- Need for Security
- Elements of Information Security
- The Security, Functionality, and Usability Triangle
- Security Challenges
- Information Security Attack Vectors
- Information Security Threat Categories
- Types of Attacks on a System
- Trends in Security
- Information Security Laws and Regulations
Module 02: Networking Fundamentals
- Introduction
- Types of Networks
- OSI (Open Systems Interconnection) Reference Model
- OSI Layers and Device Mapping
- Protocols
- TCP/IP Model
- Comparing OSI and TCP/IP
- Network Security
- Essentials of Network Security
- Data Security Threats over a Network
- Basic Network Security Procedures
- Network Security Policies
- Types of Network Security Policies
Module 03: Secure Network Protocols
- Introduction
- Terminology
- Secure Network Protocols
- Public Key Infrastructure (PKI)
- Access Control List (ACL)
- Authentication, Authorization, and Accounting (AAA)
- RADIUS
- Kerberos
- Internet Key Exchange Protocol (IKE)
Module 04: Information Security Threats and Attacks
- The Global State of Information Security Survey 2016
- Understanding Threat, Vulnerability and Exploit
- Internal Threats
- External Threats
Module 05: Social Engineering
- What is Social Engineering?
- Behaviors Vulnerable to Attacks
- Why is Social Engineering Effective?
- Impact on the Organization
- Common Targets of Social Engineering
- Types of Social Engineering
- Social Engineering Countermeasures
- How to Detect Phishing Emails?
- Identity Theft Countermeasures
Module 06: Hacking Cycle
- What is Hacking?
- Who is a Hacker?
- Hacker Classes
- Hacktivism
- Stages of Hacking Cycle
Module 07: Identification, Authentication, and Authorization
- Identification, Authentication and Authorization
- Need for Identification, Authentication and Authorization
- Types of Authentication
Module 08: Cryptography
- Terminology
- Cryptography
- Types of Cryptography
- Ciphers
- Advanced Encryption Standard (AES)
- Data Encryption Standard (DES)
- RC4, RC5, RC6 Algorithms
- The DSA and Related Signature Schemes
- RSA (Rivest Shamir Adleman)
- Message Digest Function: MD5
- Secure Hashing Algorithm (SHA)
- Public Key Infrastructure (PKI)
- Certification Authorities
- Digital Signature
- SSL (Secure Sockets Layer)
- Transport Layer Security (TLS)
- Disk Encryption
Module 09: Firewalls
- Firewall
- Firewall Technologies
- Bypassing Firewalls
Module 10: Intrusion Detection System
- Terminologies
- Intrusion Detection System (IDS)
- Types of IDS
- IDS for an Organization
- Limitations of Intrusion Detection System
- System Integrity Verifiers (SIV)
- Intrusion Detection Tools
- Evading IDS
Module 11: Data Backup
- Introduction to Data Backup
- Identifying Critical Business Data
- Selecting Backup Media
- Backup Media
- Storage Area Network (SAN)
- Network Attached Storage (NAS)
- Selecting Appropriate Backup Method
- Choosing the Right Location for Backup
- Backup Types
- Choosing Right Backup Solution
Module 12: Virtual Private Network
- What is a VPN?
- VPN Deployment
- Tunneling
- VPN Security
- Introduction to IPSec
- Combining VPN and Firewalls
- VPN Vulnerabilities
Module 13: Wireless Network Security
- Wireless Networks
- Wireless Terminologies
- Types of Wireless Networks
- Wireless Standards
- Wireless Network Topology
- Antennas
- Service Set Identifier (SSID)
- Types of Wireless Encryption
- Wireless Threats
- Wi-Fi Discovery Tools
- Wireless Security
- How to Defend Against Wireless Attacks?
Module 14: Web Security
- Introduction to Web Applications
- Web Application Components
- How Web Applications Work?
- Website Defacement
- Why Web Servers are Compromised?
- Impact of Webserver Attacks
- Web Application Threats
- Web Application Countermeasures
- How to Defend Against Web Server Attacks?
Module 15: Ethical Hacking and Pen Testing
- What is Ethical Hacking?
- What is Penetration Testing?
Module 16: Incident Response
- Common Terminologies
- Data Classification
- Information as Business Asset
- Computer Security Incident
- Incident Handling and Response Process
- CSIRT Overview
- CERT
- GFIRST
- FIRST
Module 17: Computer Forensics Fundamentals
- Cyber Crime
- Computer Forensics
- Forensics Laws
- Why you Should Report Cybercrime?
- Who to Contact at the Law Enforcement?
- Federal Local Agents Contact
- More Contacts
Module 18: Digital Evidence
- Definition of Digital Evidence
- Electronic Devices: Types and Collecting Potential Evidence
- Digital Evidence Examination Process
- Evidence Examiner Report
Module 19: Understanding File Systems
- Understanding File Systems
- Types of File Systems
- Understanding System Boot Sequence
- Windows File Systems
- Linux File Systems
- Mac OS X File Systems
- CD-ROM / DVD File Systems
- Comparison of File Systems (Limits)
- Comparison of File Systems (Features)
Module 20: Windows Forensics
- Volatile Information
- Non-Volatile Information
- Message Digest Function: MD5
- Recycle Bin
- Metadata
- Understanding Events
- Windows Forensics Tool: OS Forensics
- Windows Forensics Tool: X-Ways Forensics
- Windows Forensics Tools
Module 21: Network Forensics and Investigating Network Traffic
- Network Forensics
- Network Forensics Analysis Mechanism
- Network Addressing Schemes
- Overview of OSI Reference Model and Network Protocols
- TCP/IP Model
- Network Vulnerabilities
- Types of Network Attacks
- Why Investigate Network Traffic?
- Evidence Gathering via Sniffing
- Capturing Live Data Packets Using Wireshark
Module 22: Steganography
- What is Steganography?
- Steganography Vs. Cryptography
- How Steganography Works?
- Legal Use of Steganography
- Unethical Use of Steganography
- Steganography Techniques
- Application of Steganography
- Classification of Steganography
- Types of Steganography based on Cover Medium
- Issues in Information Hiding
Module 23: Analyzing Logs
- Importance of Logs in Forensics
- Computer Security Logs
- Operating System Logs
- Application Logs
- Security Software Logs
- Examining Intrusion and Security Events
- Syslog
- Windows Log File
- Configuring Windows Logging
- Why Synchronize Computer Times?
- Event Correlation
Module 24: E-mail Crime and Computer Forensics
- Email Terminology
- Email System
- Importance of Electronic Records Management
- Email Crime
- Example of Email Header
- List of Common Headers
- Why to Investigate Emails
- Investigating Email Crime and Violation
- E-mail Forensics Tools
Module 25: Writing Investigation Report
- Computer Forensics Report
- Best Practices for Investigators
- Sample Forensics Report
Ziele
EC-Council Certified Security Specialist (ECSS) ist ein Security-Programm für Einsteiger, das die grundlegenden Konzepte der Informationssicherheit, Computerforensik und Netzwerksicherheit abdeckt. Es vermittelt den Teilnehmern die Fähigkeit, Bedrohungen der Informationssicherheit zu erkennen, die sich auf die Sicherheitslage des Unternehmens auswirken. Außerdem wird Wissen für die Implementierung allgemeiner Sicherheitskontrollen vermittelt. Dieses Programm gibt einen ganzheitlichen Überblick über die Schlüsselkomponenten der Informationssicherheit, Computerforensik und Netzwerksicherheit.
Der EC-Council Certified Security Specialist (ECSS) wird von einem zertifizierten und erfahrenen EC-Council Trainer durchgeführt. Die Prüfungsgebühr ist im Preis enthalten.
Zielgruppe
ECSS ist für alle gedacht, die ihre Fähigkeiten erweitern und ihre Fähigkeiten verbessern möchten um eine Karriere in den Bereichen der Informationssicherheit,
Netzwerksicherheit und Computerforensik machen wollen.
Voraussetzungen
Mindestalter für die Teilnahme an der Schulung und Prüfung ist 18 Jahre
Agenda
Module 01: Information Security Fundamentals
- Data Breach Statistics
- Data Loss Statistics
- The Global State of Information Security Survey 2016
- Information Security
- Need for Security
- Elements of Information Security
- The Security, Functionality, and Usability Triangle
- Security Challenges
- Information Security Attack Vectors
- Information Security Threat Categories
- Types of Attacks on a System
- Trends in Security
- Information Security Laws and Regulations
Module 02: Networking Fundamentals
- Introduction
- Types of Networks
- OSI (Open Systems Interconnection) Reference Model
- OSI Layers and Device Mapping
- Protocols
- TCP/IP Model
- Comparing OSI and TCP/IP
- Network Security
- Essentials of Network Security
- Data Security Threats over a Network
- Basic Network Security Procedures
- Network Security Policies
- Types of Network Security Policies
Module 03: Secure Network Protocols
- Introduction
- Terminology
- Secure Network Protocols
- Public Key Infrastructure (PKI)
- Access Control List (ACL)
- Authentication, Authorization, and Accounting (AAA)
- RADIUS
- Kerberos
- Internet Key Exchange Protocol (IKE)
Module 04: Information Security Threats and Attacks
- The Global State of Information Security Survey 2016
- Understanding Threat, Vulnerability and Exploit
- Internal Threats
- External Threats
Module 05: Social Engineering
- What is Social Engineering?
- Behaviors Vulnerable to Attacks
- Why is Social Engineering Effective?
- Impact on the Organization
- Common Targets of Social Engineering
- Types of Social Engineering
- Social Engineering Countermeasures
- How to Detect Phishing Emails?
- Identity Theft Countermeasures
Module 06: Hacking Cycle
- What is Hacking?
- Who is a Hacker?
- Hacker Classes
- Hacktivism
- Stages of Hacking Cycle
Module 07: Identification, Authentication, and Authorization
- Identification, Authentication and Authorization
- Need for Identification, Authentication and Authorization
- Types of Authentication
Module 08: Cryptography
- Terminology
- Cryptography
- Types of Cryptography
- Ciphers
- Advanced Encryption Standard (AES)
- Data Encryption Standard (DES)
- RC4, RC5, RC6 Algorithms
- The DSA and Related Signature Schemes
- RSA (Rivest Shamir Adleman)
- Message Digest Function: MD5
- Secure Hashing Algorithm (SHA)
- Public Key Infrastructure (PKI)
- Certification Authorities
- Digital Signature
- SSL (Secure Sockets Layer)
- Transport Layer Security (TLS)
- Disk Encryption
Module 09: Firewalls
- Firewall
- Firewall Technologies
- Bypassing Firewalls
Module 10: Intrusion Detection System
- Terminologies
- Intrusion Detection System (IDS)
- Types of IDS
- IDS for an Organization
- Limitations of Intrusion Detection System
- System Integrity Verifiers (SIV)
- Intrusion Detection Tools
- Evading IDS
Module 11: Data Backup
- Introduction to Data Backup
- Identifying Critical Business Data
- Selecting Backup Media
- Backup Media
- Storage Area Network (SAN)
- Network Attached Storage (NAS)
- Selecting Appropriate Backup Method
- Choosing the Right Location for Backup
- Backup Types
- Choosing Right Backup Solution
Module 12: Virtual Private Network
- What is a VPN?
- VPN Deployment
- Tunneling
- VPN Security
- Introduction to IPSec
- Combining VPN and Firewalls
- VPN Vulnerabilities
Module 13: Wireless Network Security
- Wireless Networks
- Wireless Terminologies
- Types of Wireless Networks
- Wireless Standards
- Wireless Network Topology
- Antennas
- Service Set Identifier (SSID)
- Types of Wireless Encryption
- Wireless Threats
- Wi-Fi Discovery Tools
- Wireless Security
- How to Defend Against Wireless Attacks?
Module 14: Web Security
- Introduction to Web Applications
- Web Application Components
- How Web Applications Work?
- Website Defacement
- Why Web Servers are Compromised?
- Impact of Webserver Attacks
- Web Application Threats
- Web Application Countermeasures
- How to Defend Against Web Server Attacks?
Module 15: Ethical Hacking and Pen Testing
- What is Ethical Hacking?
- What is Penetration Testing?
Module 16: Incident Response
- Common Terminologies
- Data Classification
- Information as Business Asset
- Computer Security Incident
- Incident Handling and Response Process
- CSIRT Overview
- CERT
- GFIRST
- FIRST
Module 17: Computer Forensics Fundamentals
- Cyber Crime
- Computer Forensics
- Forensics Laws
- Why you Should Report Cybercrime?
- Who to Contact at the Law Enforcement?
- Federal Local Agents Contact
- More Contacts
Module 18: Digital Evidence
- Definition of Digital Evidence
- Electronic Devices: Types and Collecting Potential Evidence
- Digital Evidence Examination Process
- Evidence Examiner Report
Module 19: Understanding File Systems
- Understanding File Systems
- Types of File Systems
- Understanding System Boot Sequence
- Windows File Systems
- Linux File Systems
- Mac OS X File Systems
- CD-ROM / DVD File Systems
- Comparison of File Systems (Limits)
- Comparison of File Systems (Features)
Module 20: Windows Forensics
- Volatile Information
- Non-Volatile Information
- Message Digest Function: MD5
- Recycle Bin
- Metadata
- Understanding Events
- Windows Forensics Tool: OS Forensics
- Windows Forensics Tool: X-Ways Forensics
- Windows Forensics Tools
Module 21: Network Forensics and Investigating Network Traffic
- Network Forensics
- Network Forensics Analysis Mechanism
- Network Addressing Schemes
- Overview of OSI Reference Model and Network Protocols
- TCP/IP Model
- Network Vulnerabilities
- Types of Network Attacks
- Why Investigate Network Traffic?
- Evidence Gathering via Sniffing
- Capturing Live Data Packets Using Wireshark
Module 22: Steganography
- What is Steganography?
- Steganography Vs. Cryptography
- How Steganography Works?
- Legal Use of Steganography
- Unethical Use of Steganography
- Steganography Techniques
- Application of Steganography
- Classification of Steganography
- Types of Steganography based on Cover Medium
- Issues in Information Hiding
Module 23: Analyzing Logs
- Importance of Logs in Forensics
- Computer Security Logs
- Operating System Logs
- Application Logs
- Security Software Logs
- Examining Intrusion and Security Events
- Syslog
- Windows Log File
- Configuring Windows Logging
- Why Synchronize Computer Times?
- Event Correlation
Module 24: E-mail Crime and Computer Forensics
- Email Terminology
- Email System
- Importance of Electronic Records Management
- Email Crime
- Example of Email Header
- List of Common Headers
- Why to Investigate Emails
- Investigating Email Crime and Violation
- E-mail Forensics Tools
Module 25: Writing Investigation Report
- Computer Forensics Report
- Best Practices for Investigators
- Sample Forensics Report