Module 1 - Introduction

About This Course Why Perform Penetration Tests? Security Certifications Types of Pentesting

About This Course

Presenter Information Video Access Course Disks Network Configuration Certificate of Course Completion Course Support

About This Course

Presenter InformationThomas Wilhelm

○ ISSMP / CISSP / SCSECA / SCNA / SCSA / IAM○ IT Industry: 15+ years○ Security Industry: 7+ years○ U.S. Army

SIGINT Analyst / Cryptanalyst

○ Fortune 100Penetration Testing / Risk Assessments

○ Author “Penetration Tester’s Open Source Toolkit, Vol.2”

About This Course

Video Access30 days access to videos

○ Use login information provided when enrolled60 days to complete PenTest Document to

ISSAF standardshttp://heorot.net/instruction/PTF/

About This Course

Course DisksDisk 1.100

○ Used in Video Instruction

Disk 1.101○ Used in Hands-On Exercises & “Independent

PenTest Effort” for Course Completion Certification

BackTrack○ Used as Penetration Tester’s Toolkit

About This Course

Network Configuration

Configuration Issues:•http://de-ice.net/index.php?name=PNphpBB2&file=viewforum&f=17•Can be used in a virtual machine

About This Course

Certificate of Course CompletionAwarded upon receipt and acceptance of

formal documentation of Independent PenTest Effort○ Meet ISSAF standards○ “Independent PenTest Effort” uses Disk 1.101○ Required material is covered in Module 4-8

About This Course

Certificate of Course Completion - GradingGeneral Documentation – 250

Management Summary Scope of the project (and Out of Scope parts) Tools that have been used (including exploits) Dates & times of the actual tests on the systems

Identification of Weakness & Vulnerabilities – 650 A list of all identified vulnerabilities Output of tests performed (screenshots or “script” text file)

Action Points – 100 Recommendation of what to mitigate first Recommended solution

About This Course

Course SupportEmail: training@heorot.net

○ Support 24x7Instructor: PTF@heorot.net

○ Online chat T,Th 9pm EasternAlso available by appointment

○ Available via phone by appointment

Why PerformPenetration Tests?

Black Hat vs. White Hat Code of Ethics Legal Responsibilities

Code of EthicsCISSP Code of Ethics Canons:

○ Protect society, the commonwealth, and the infrastructure.

○ Act honorably, honestly, justly, responsibly, and legally.

○ Provide diligent and competent service to principals.

○ Advance and protect the profession.

Black Hat vs. White HatBlack Hat:

“A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent”

- Wikipedia

White Hat:“A white hat hacker, also rendered as ethical hacker, is,

in the realm of information technology, a person who is ethically opposed to the abuse of computer systems”

- Wikipedia

Legal ResponsibilitiesFederal Mandates

○ SOX○ HIPPA○ FISMA, etc.

State Mandates○ California Senate Bill 1386○ Many other states are following California’s

Example

Security Certifications

Generalized Knowledge Appliance-Specific Methodology

Generalized Knowledge(ISC)2

ISSMP / ISSAP / ISSEP / CISSP / SSCP

Prosoft LearningCertified Internet Web Professional ProgramDesigner / Administrator / Manager / Developer

SANS InstituteGlobal Information Assurance CertificationGISF / GSEC / GCFW / GCIA / GCUX… and more

Appliance-Specific

CISCO CCSP / CCIE

Check Point CCSA / CCSE

RSA Security CSA / CSE

TruSecure TICSA / TICSE

Operating Systems SCSECA RHCSS MCSE: Security

MethodologyNational Security Agency

○ IAM / IEMEC-Council

○ CEH

Types of Penetration Testing

Network Host Application Database

Network

PasswordSwitches / RoutersFirewallIntrusion DetectionVPNStorage

WLAN Security Internet User SecurityAS400Lotus Notes

HostUnix / LinuxWindowsNovell NetwareWeb Server

ApplicationWeb ApplicationSource Code AuditingBinary Auditing

DatabaseDatabase SecuritySocial Engineering

Module 1 - Conclusion

Why Perform Penetration Tests? About This Course Security Certifications Types of Pentesting

Module 1 - Introduction

Documents

1. 1. Module Introduction

Module 1: Introduction

Module 1 Introduction to Effective Communication - …nptel.ac.in/courses/109104030/Module1/Lecture1.pdf · Module 1 . Lecture 1 . Introduction to Effective Communication . ... Module

TD - Module 1 - Introduction

MODULE 1: Introduction - LSHTM

Module 1 Introduction - cs.uwaterloo.ca

BIO494 Module 1 Introduction

MODULE 1 INTRODUCTION - Weebly · 2018. 9. 10. · MODULE 1 INTRODUCTION ... MODULE 1 INTRODUCTION 1 Buildings). Health and safety requirements are addressed in another ... Industrial

Module 1 : Introduction Lecture 1 Introduction - NPTELnptel.ac.in/courses/102103044/pdf/mod1.pdf · Module 1 : Introduction . Lecture 1 Introduction . ... roles in metabolism and

Introduction Module: What is Systems Engineering?athena.ecs.csus.edu/~grandajj/ME296J/1. Lectures/2. Introduction...Space Systems Engineering: Introduction Module Introduction Module:

Module 1 Introduction to the Green Economy Approach · 2017-05-17 · 9 | P a g e Module 1: Introduction to the Green Economy Approach Overview of Module 1 Module 1 presents an introduction

Module 1: Program Introduction

Module 1 - Introduction (T1)

Module 1: Introduction to Wastewater Treatmentfiles.dep.state.pa.us/water/.../TrainingModules/...ww_treatment_wb.pdfWastewater Operator Certification Training . Module 1: Introduction

SCM Module 1 Introduction

ME- Introduction Module 1

Module 1 - Introduction

Module 1 Branding Introduction

Module 1: Introduction to global supply chains · Module 1: Introduction to global supply chains ... MODULE 5 MODULE 6 MODULE 7 ... tasks including cutting and stitching textiles,

Activity 1: Module Introduction