EC-Council - CNDA - Certified Network Defense Architect (CNDA)
CLASS DATE(s):
6/8/2020 - 6/12/2020

COURSE LENGTH: 5 Days

COURSE COST: $2899.00

COURSE TIMES: 9 :00 - 5:00 pm

Printable version of this course
print
Register for this course
register

COURSE OVERVIEW

This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.


This course prepares you for Certified Network Defense Architect exam 312-99

AUDIENCE AND PREREQUISITES

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. This course was specially designed for Government Agencies

The CNDA certification is awarded to Government Employees. You will need to work for any Government Agency as full-time employee or as a contractor to apply for the CNDA certification.

Requirements: 1. You must have completed the CEH certification
2. You must work for any Government Agency

FOLLOW UP COURSES  

*Course Cost listed includes the cost of Courseware, exam and iLabs. Please refer to your Quote/ Invoice for the additional costs. If you have any questions, please contact us (learn@vtec.org or 207-775-0244). This course is subject to a minimum enrollment to run. This course may run as a Live Online if the minimum enrollment is not met. Optional: available Self-Paced.

Steps in achieving the CNDA certification
Complete the CNDA application form and attach the following documents:
1. CNDA application form
2. Attach a copy of the CEH certificate
3. Attach documents that proves you work for Government Agency
(ID cards, employment letters or any other non-classified documents)
4. Pay USD 200/- administrative fee at
https://store.eccouncil.org/product/cnda-certification-administrative-fees/ and attach a copy of the online order receipt

Email the above documents to cnda@eccouncil.org

COURSE TOPICS:


INTRODUCTION TO ETHICAL HACKING
Why Security?
The Security, functionality and ease of
Can Hacking be Ethical?
Essential Terminology, Elements of Security
What does a Malicious Hacker do?
Difference between Penetration Testing
Hacker Classes. What do Ethical Hackers do?
Skill Profile of an Ethical Hacker.
Modes of Ethical Hacking.
Security Testing., Deliverables.
Computer Crimes and Implications.
Legal Perspective (US Federal Laws).

FOOTPRINTING
Defining Footprinting.
Information Gathering Methodology.
Locate the Network Range.
Hacking Tools: Whois, Nslookup, ARIN, Traceroute, NeoTrace, VisualRoute Trace SmartWhois, Visual Lookout, VisualRoute Mail Tracker, eMailTrackerPro

SCANNING
Definition of Scanning.
Types of scanning
Objectives of Scanning
Scanning Methodology
Classification of Scanning
Hacking Tools; Nmap, XMAS Scan, FIN Scan, Null Scan, Windows Scan, Idle Scan, Nessus, Retina, Saint
HPing2, Firewalk, NIKTO, GFI Languard, ISS Security Scanner,
Netcraft, IPsec Scan, NetScan Tools pro 2003, Super Scan, Floppyscan
War Dialer
Hacking Tools: THC Scan, Friendly Pinger, Cheops, Security Administrator’s Tool for, Analyzing Network (SATAN), SAFEsuite Internet Scanner, IdentTCPScan, PortScan Plus, Strobe, Blaster Scan
OS Fingerprinting
Active Stack fingerprinting

.
Tool for Active Stack fingerprinting: XPROBE2
Passive Fingerprinting
Proxy Servers
Hacking Tools: Socks Chain, Anonymizers, HTTP Tunnel, HTTPort
Countermeasures

ENUMERATION
What is Enumeration?
NetBios Null Sessions
Hacking Tools: DumpSec, Winfo, NetBIOS Auditing Tool (NAT)
Null Session Countermeasures
NetBIOS Enumeration
Hacking Tool :NBTScan
Simple Network Management: Protocol (SNMP) Enumeration
Hacking Tools: Solarwinds, Enum
SNScan
SNMP Enumeration Countermeasures
Management Information Base (MIB
Windows 2000 DNS Zone Transfer

.
Blocking Win 2k DNS Zone Transfer
Enumerating User Accounts
Hacking Tools: User2sid and Sid2user, UserInfo, GetAcct, DumpReg, Trout, Winfingerprint, PsTools, (PSFile,PSLoggedOn,PSGetSid,PS, Info, ,PSService,P SList,PSKill, PSSuspend, PSLogList, PSExec, PS
Active Directory Enumeration and Countermeasures

SYSTEM HACKING
Administrator Password Guessing
Manual Password Cracking Algorithm
Automated Password Cracking
Password Types
Types of Password Attacks
Performing Automated Password Guessing
Password Sniffing
Password Cracking Countermeasures
Syskey Utility
Cracking NT/2000 Passwords
SMBRelay Man-in-the-Middle Scenario
SMBRelay Weaknesses and Countermeasures

.
Keystroke Loggers
Hiding Files
Creating Alternate Data Streams
ADS creation and detection
LADS (List Alternate Data Streams)
NTFS Streams Countermeasures
Stealing Files Using Word Documents
Field Code Countermeasures
Steganography
Steganography Detection
Covering Tracks
Disabling Auditing and clearing Event Logs
Dump Event Log
RootKit
Planting the NT/2000 RootKit
Rootkit Countermeasures

TROJANS AND BACKDOORS
Effect on Business
What is a Trojan?
Overt and Covert Channels
Working of Trojans
Different Types of Trojans
What Trojan Creators look for?
Different ways a Trojan can get into a system
Indications of a Trojan Attack
Some famous Trojans and ports used by them
How to determine which ports are “Listening”?
Different Trojans found in the Wild
Wrappers

.
Packaging Tool : Wordpad
ICMP Tunneling
Loki Countermeasures
Reverse WWW Shell – Covert Channels using HTTP
Process Viewer
System File Verification
Anti-Trojan
Reverse Engineering Trojans
Backdoor Countermeasures

SNIFFERS
Definition of sniffing
How a Sniffer works?
Passive Sniffing
Active Sniffing
Man-in-the-Midle Attacks
Spoofing and Sniffing Attacks
ARP Poisoning and countermeasures
Network Probe
Sniffing Countermeasures

DENIAL OF SERVICE
What is Denial of Service?
Goal of DoS(Denial of Service)
Impact and Modes of Attack
DoS Attack Classification
Buffer Overflow Attacks
Distributed DOS Attacks and Characteristics
Agent Handler Model
IRC-Based DDoS Attack Model
DDoS Attack taxonomy
DDoS Tools
Reflected DOS Attacks
Reflection of the Exploit

.
Countermeasures for Reflected DoS
DDoS Countermeasures
Defensive Tool: Zombie Zapper
Worms: Slammer and MyDoom.B

SOCIAL ENGINEERING
What is Social Engineering?
Art of Manipulation
Human Weakness
Common Types of Social Engineering
Human Based Impersonation
Example of social engineering
Computer Based Social Engineering
Reverse Social Engineering
Policies and procedures
Security Policies-checklist

SESSION HIJACKING
Understanding Session Hijacking
Spoofing vs Hijacking
Steps in Session Hijacking
Types of Session Hijacking
TCP Concepts 3 Way Handshake
Sequence numbers
Remote TCP Session Reset Utility
Dangers Posed by Session Hijacking
Protection against Session Hijacking
Countermeasures: IP Security

HACKING WEB SERVERS
How Web Servers Work?
How are Web Servers Compromised?
Popular Web Servers and Common Security Threats
Apache Vulnerability
Attack against IIS
IIS Components
Sample Buffer Overflow Vulnerabilities
ISAPI.DLL Exploit, Code Red and ISAPI.DLL Exploit, Unicode, Unicode Directory Traversal Vulnerability
Msw 3prt IPP Vulnerability, IPP Buffer Overflow Countermeasures
Unspecified Executed Path Vulnerability
File System Traversal Countermeasures, WebDAV/ ntdll.dll Vulnerability
RPCDCOM Vulnerability, ASN Exploits, IIS Logs

.
Network Tool: Log Analyzer, Hacking Tool: Clean IISLog,
Escalating Privileges on IIS, Microsoft IIS 5.0 - 5.1 remote denial of service Exploit Tool
Microsoft Frontpage Server Extensions fp30reg.dll Exploit Tool
GDI+ JPEG Remote Exploit Tool
Windows Task Scheduler Exploit Tool
Microsoft Windows POSIX Subsystem Local Privilege Escalation Exploit Tool
Hot Fixes and Patches
Vulnerability Scanners
Network Tools
Countermeasures
Increasing Web Server Security

WEB APPLICATION VULNERABILITIES
Web Application Set-up, Web Application Hacking, Anatomy of an Attack
Web Application Threats, Cross Site Scripting/XSS Flaws, Countermeasures, SQL Injection, Command Injection Flaws, Countermeasures
Cookie/Session Poisoning, Countermeasures, Parameter/Form Tampering, Buffer Overflow, Countermeasures
Directory Traversal/Forceful Browsing, Countermeasures, Cryptographic Interception, Authentication Hijacking, Countermeasures
Log Tampering, Error Message Interception, Attack Obfuscation, Platform Exploits
Internet Explorer Exploits, DMZ Protocol Attacks, DMZ, Countermeasures
Security Management Exploits, Web Services Attacks, Zero Day Attacks,
Network Access Attacks, TCP Fragmentation, Hacking Tools:, Burp: Positioning Payloads
Burp: Configuring Payloads and Content Enumeration, Burp, Burp Proxy: Intercepting HTTP/S Traffic
Burp Proxy: Hex-editing of Intercepted Traffic,
Burp Proxy: Browser Access to Request History, Carnivore, Google Hacking

WEB BASED PASSWORD CRACKING TECHNIQUESQ
Authentication- Definition, Authentication Mechanisms
HTTP Authentication, Basic Authentication
Digest Authentication, Integrated Windows (NTLM) Authentication
Negotiate Authentication, Certificate-based Authentication,
Forms-based Authentication, Microsoft Passport Authentication
What is a Password Cracker?
Modus Operandi of an Attacker using Password Cracker
How does a Password Cracker work?, Attacks- Classification, Password Guessing
Query String, Cookies, Dictionary Maker

SQL INJECTION
Attacking SQL Servers
SQL Server Resolution Service (SSRS)
Osql-L Probing, Port Scanning
Sniffing, Brute Forcing and finding Application Configuration Files
Database Scanner, Input Validation Attack
Login Guessing & Insertion, Shutting Down SQL Server
Extended Stored Procedures
SQL Server Talks
Preventive Measures

HACKING WIRELESS NETWORKS
Introduction to Wireless Networking, Business and Wireless Attacks
Wireless Basics, Components of Wireless Network, Types of Wireess Network, Setting up WLAN
Detecting a Wireless Network, How to access a WLAN,
Advantages and Disadvantages of Wireless Network, Antennas, SSIDs, Access Point Positioning
Rogue Access Points, What is Wireless Equivalent Privacy (WEP)?
WEP Tool:, Related Technology and Carrier Networks, MAC Sniffing and AP Spoofing, Terminology
Denial of Service Attacks, Man-in-the-Middle Attack (MITM), Multi Use Tool: THC-RUT,
Tool: WinPcap, Auditing Tool: bsd-airtools
WIDZ- Wireless Detection Intrusion System
Securing Wireless Networks, Out of the box Security,
Radius: Used as Additional layer in security
Maximum Security: Add VPN to Wireless LAN

VIRUS AND WORMS
Virus Characteristics, Symptoms of ‘virus-like’ attack,
What is a Virus Hoax?, Terminologies, How is a worm different from virus?
Indications of a Virus Attack, Virus History, Virus damage
Effect of Virus on Business, Access Methods of a Virus, Mode of Virus Infection
Life Cycle of a virus, What Virus Infect?, How virus infect?
Writing a simple virus program., Writing DDOS Zombie Virus
Virus Construction Kits, Virus Creation Scripts
Virus Detection Methods, Virus Incident Response, What is Sheep Dip?,
Prevention is better than Cure, Anti-Virus Software,
Popular Anti-Virus packages,
Virus Analyzers

PHYSICAL SECURITY
Security statistics, Physical Security breach incidents
Understanding Physical Security, What is the need of Physical Security?
Who is Accountable for Physical Security?, Factors affecting Physical Security
Physical Security checklist, Company surroundings,
Premises, Reception, Server,
Workstation Area, Wireless Access Points,
Other Equipments such as fax, removable media etc
Access Control, Computer Equipment Maintenance
Wiretapping, Remote access, Lock Picking Techniques
Spying Technologies

MODES
LINUX HACKING
EVADING FIREWALLS, IDS AND HONEYPOTS
BUFFER OVERFLOWS
CRYPTOGRAPHY
PENETRATION TESTING - PART 1
PENETRATION TESTING - PART 2