Cehv6 Program Guide.Indd

Cehv6 Program Guide.Indd

Page 1 Ethical Hacking and Countermeasures http://www.eccouncil.orghttp://www.eccouncil.org EC-CouncilEC-Council TM Page 2 CEH Certified Ethical Hacker http://www.eccouncil.org EC-Council Table of Contents Page 3 What is New in CEHv6? .............................................. Page 4 CEHv6 Fact Sheet ........................................................ Page 5 CEH Training Program ................................................ Page 9 Course Outline ............................................................ Page 10 Classroom Lecture Hours ............................................ Page 159 CEHv6 Labs ............................................................... Page 162 Module Briefi ng .......................................................... Page 178 CEHv6 Exam Objectives ............................................ Page 193 http://www.eccouncil.org EC-Council Lets’ Stop the Hackers Menace. Master the Hacking Technologies. Become a CEH. Page 4 http://www.eccouncil.org EC-Council CEH v6 Fact Sheet Page 5 1. What is the nature of the course change? CEHv6 has been updated with tons of new hacking tools, new hacking techniques and methodologies. The fl ow of the content is the same except each module is refreshed with more content. There are advanced modules added to the curriculum like Writing Windows Exploits, Reverse Engineering, Covert Hacking and Advanced Virus Writing Skills. The slides are updated to make them more presentable. There are over 67 modules in CEHv6. 2. Are there accompanying certifi cation changes? The CEHv6 exam will be available at Prometric Prime, Prometric APTC and VUC Centers on November 5th 2008. The old CEHv5 exam will still be available until June 3rd 2009. 3. How much will the new exam cost? The updated CEH v6 will cost USD 250. 4. What is the duration of the exam? The exam will be 4 hours with 150 questions. The passing score is 70% 5. Will the users who are certifi ed for CEHv5 required to retake CEH v6 exam? No. For ECE credits, please visit http://www.eccouncil.org/ece.htm http://www.eccouncil.org EC-Council Hackers are here. Where are you? Computers around the world are systematically being victimized by rampant hacking. This hacking is not only widespread, but is being executed so fl awlessly that the attackers compromise a system, steal everything of value and completely erase their tracks within 20 minutes. The goal of the ethical hacker is to help the organization take preemptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits. This philosophy stems from the proven practice of trying to catch a thief, by thinking like a thief. As technology advances and organization depend on Page 6 technology increasingly, information assets have evolved into critical components of survival. If hacking involves creativity and thinking ‘out-of-the-box’, then vulnerability testing and security audits will not ensure the security proofi ng of an organization. To ensure that organizations have adequately protected their information assets, they must adopt the approach of ‘defense in depth’. In other words, they must penetrate their networks and assess the security posture for vulnerabilities and exposure. The defi nition of an Ethical Hacker is very similar to a Penetration Tester. The Ethical Hacker is an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods as a Hacker. Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an Ethical Hacker and an organization, it is legal. The most important point is that an Ethical Hacker has authorization to probe the target. The CEH Program certifi es individuals in the specifi c network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certifi ed Ethical Hacker certifi cation will fortify the application knowledge of security offi cers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certifi ed Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker. http://www.eccouncil.org EC-Council Ethical Hacking and Countermeasures Training Program Page 7 Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overfl ows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certifi ed Ethical Hacker exam 312-50 Who Should Attend This course will signifi cantly benefi t security offi cers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Duration: 5 days (9:00 – 5:00) Certifi cation: The Certifi ed Ethical Hacker certifi cation exam 312-50 will be conducted on the last day of training. Students need to pass the online Prometric exam to receive CEH certifi cation. Legal Agreement: Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent. Not anyone can be a student — the Accredited Training Centers (ATC) will make sure the applicants work for legitimate companies. http://www.eccouncil.org EC-Council Course Outline v6 Module 1: Introduction to Ethical Hacking Problem Defi nition -Why Security? Essential Terminologies Elements of Security The Security, Functionality and Ease of Use Triangle Case Study Page 8 What does a Malicious Hacker do? o Phase1-Reconnaissaance • Reconnaissance Types o Phase2-Scanning o Phase3-Gaining Access o Phase4-Maintaining Access o Phase5-Covering Tracks Types of Hacker Attacks o Operating System attacks o Application-level attacks o Shrink Wrap code attacks o Misconfi guration attacks Hacktivism Hacker Classes Security News: Suicide Hacker Ethical Hacker Classes http://www.eccouncil.org EC-Council What do Ethical Hackers do Can Hacking be Ethical Page 9 How to become an Ethical Hacker Skill Profi le of an Ethical Hacker What is Vulnerability Research o Why Hackers Need Vulnerability Research o Vulnerability Research Tools o Vulnerability Research Websites • National Vulnerability Database (nvd.nist.gov) • Securitytracker (www.securitytracker.com) • Securiteam (www.securiteam.com) • Secunia (www.secunia.com) • Hackerstorm Vulnerability Database Tool (www.hackerstrom.com) • HackerWatch (www.hackerwatch.org) • MILWORM How to Conduct Ethical Hacking How Do They Go About It Approaches to Ethical Hacking Ethical Hacking Testing Ethical Hacking Deliverables Computer Crimes and Implications Module 2: Hacking Laws U.S. Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) Legal Perspective (U.S. Federal Law) http://www.eccouncil.org EC-Council o 18 U.S.C. § 1029 • Penalties o 18 U.S.C. § 1030 • Penalties o 18 U.S.C. § 1362 o 18 U.S.C. § 2318 o 18 U.S.C. § 2320 o 18 U.S.C. § 1831 o 47 U.S.C. § 605, unauthorized publication or use of communications o Washington: • RCW 9A.52.110 Page 10 o Florida: • § 815.01 to 815.07 o Indiana: • IC 35-43 Federal Managers Financial Integrity Act of 1982 The Freedom of Information Act 5 U.S.C. § 552 Federal Information Security Management Act (FISMA) The Privacy Act Of 1974 5 U.S.C. § 552a USA Patriot Act of 2001 United Kingdom’s Cyber Laws United Kingdom: Police and Justice Act 2006 European Laws Japan’s Cyber Laws Australia : The Cybercrime Act 2001 Indian Law: THE INFORMTION TECHNOLOGY ACT Argentina Laws Germany’s Cyber Laws Singapore’s Cyber Laws Belgium Law http://www.eccouncil.org EC-Council Brazilian Laws Canadian Laws France Laws Page 11 German Laws Italian Laws MALAYSIA: THE COMPUTER CRIMES ACT 1997 HONGKONG: TELECOMMUNICATIONS Korea: Greece Laws Denmark Laws Netherlands Laws Norway ORDINANCE Mexico SWITZERLAND Module 3: Footprinting Revisiting Reconnaissance Defi ning Footprinting Why is Footprinting Necessary Areas and Information which Attackers Seek Information Gathering Methodology o Unearthing Initial Information • Finding Company’s URL • Internal URL • Extracting Archive of a Website www.archive.org • Google Search for Company’s Info http://www.eccouncil.org EC-Council • People Search Yahoo People Search Satellite Picture of a Residence Best PeopleSearch People-Search-America.com Switchboard Anacubis Google Finance

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    199 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us