Get documents about "Hardening the Infrastructure Hardening the Infrastructure
Shared by: gyvwpsjkko
-
Stats
- views:
- 121
- posted:
- 3/22/2011
- language:
- English
- pages:
- 7
Document Sample
Hardening the Infrastructure
Course Specifications
Course number: 085545
Course length: 5 days
Software: N/A
Certification
Exam #: SC0–411
Maps to: Hardening the Infrastructure, Security Certified Program Level 1: Defense
Course: 1 of 2 for Security Certified Network Professional (SCNP)
Course Description
Hardening the Infrastructure is designed to provide Network Administrators with an awareness of
security-related issues and the essential skills they need to implement security in a given network. It is
the first course offered in the first level of the Security Certified Program.
Target Student: We designed Hardening the Infrastructure for Network Administrators who are
responsible for maintaining a wide range of network technologies, and who need to develop expertise in
securing their networks.
Prerequisites: To ensure your success, we recommend you first take the following Element K course or
have equivalent knowledge:
• Network+ Certification: Third Edition—2002 Objectives, A CompTIA Certification
• Security+ Certification: A CompTIA Certification
Delivery Method: Instructor-led, group-paced, classroom-delivery learning model with structured
minds-on and hands-on activities.
Benefits: Students will learn to work with various protocols, and create security in router-based
networks and across different platforms. They will also use some of the techniques that network
attackers commonly use to learn the best ways to prevent attacks.
What's Next: After completing this course, students who want to complete Level 1: Defense of the
Security Certified Program should take the next course in the series: Network Defense and
Countermeasures.
Hardware/Software Requirements
To run this course, you will need:
The hardware listed in the following table.
Hardware Type Quantity Minimum Specifications
Student machines 1 per student 500 MHz Pentium III processor
(700 MHz or higher
recommended) 128 MB RAM
(256 MB or more recommended) 8
GB hard disk 2 non-integrated
NICs (Intel or 3COM preferred—
for promiscuous mode support)
Video card (Nvidia TNT2
preferred—from the point of view
of driver availability for all OSs)
–1–
To find out more about all of the products and services from Masterskill, please visit www.masterskill.co.za
Course Outline
Instructor machines 1 Same as student machines.
Cisco routers 3 2500 Series preferred; IOS 12.2
or greater, with IPSec/SSH
support
Cisco console cables 1
Serial cables 2 DCE to DTE, for connecting
routers together
Switches or hubs 2 10/100 Mbps
Hardware keylogger 1
Null-modem and crossover cables 1 set for each pair of students CAT 5
• For class preparation and use, the following software:
o A bootable DOS floppy disk with common utilities such as FDISK, FORMAT,
MSCDEX, DELPART, and so forth, is sufficient for class purposes.
o The Windows 2000 Server operating system. The cost of an evaluation copy is $7.95,
and you can obtain the software from the Microsoft Training Kits, TechNet, or
http://microsoft.order-2.com/win2kast
o The Red Hat 8.0 Linux operating system. It does not matter if you use the Personal or
Professional Edition. The cost of this software is free, if you download it from
www.redhat.com (or any of the various mirror sites listed there). It is recommended
that you also download the installation guide. If you decide to download the OS from
the Internet, download the ISO files and create CDs from the images. Choosing the
Burn As Image option ensures that the CDs will be bootable.
o Hardware drivers for each OS and peripheral, especially NIC and video drivers. You
should always keep these handy. In addition to having them on a CD, it is generally
advisable to have a set of properly labeled floppy disks.
o Service Pack 2 for Windows 2000 Server. This Service Pack is free, and can be
downloaded from
http://download.microsoft.com/download/win2000platform/SP/SP2/NT5/EN-
US/W2KSP2.exe (save the file to disk).
o The Internet Explorer 6 upgrade. This upgrade is free, and can be downloaded from
http://www.microsoft.com/windows/ie/default.asp (you might need to be connected to
the Internet to do the actual upgrade).
o The sysprep utility, from the Windows 2000 Resource Kit.
o Disk-cloning tools. Norton Ghost is recommended.
o SID-changing utilities. Norton Ghostwalk is recommended.
• For use in class, you will also need to acquire the tools and utilities described in the following
tables. Tables are arranged by function, such as network scanning, firewalls, and so forth. Links
are provided to enable you to download files from the Web, via an HTML version of these setup
instructions on the course CD. Create a Tools share (or a CD) for use in class. Download and
organize the tools in an appropriate folder structure, such as in folders named Linux Tools,
Windows Tools, and Miscellaneous. The Miscellaneous folder can include utilities like MS
Office file viewers, file unzippers, Adobe Acrobat Reader, and so forth. The capture and
signature files required for some of the tasks in the course, as well as all the RFCs, are included
with each course manual.
Network Scanning Tools
Tool OS/Cost Used Download From
in
Tasks
SuperScan Windows/Eval Yes www.foundstone.com/knowledge/scanning.html
is Free
Nmap Linux/Built-in Yes Included in Red Hat 8.0
NmapFE Linux/Built-in Yes Included in Red Hat 8.0
–2–
To find out more about all of the products and services from Masterskill, please visit www.masterskill.co.za
Course Outline
NmapNT Windows/Free No www.eeye.com/html/Research/Tools/nmapnt/nmapNTsp1.zip
Pinger Windows/Free No http://visualsoftru.com/ping/pinger.exe
Strobe Linux, No For Linux, www.luyer.net/software/strobe-classb/
Windows/Free
Nessus Linux/Free Yes ftp://ftp.nessus.org/pub/nessus/nessus-2.0.3/nessus-
installer/nessus-installer.sh
udpflood.exe Windows/Free Yes www.foundstone.com/knowledge/stress_testing.html
NetScan Windows/Eval No ftp://ftp.netscantools.com/pub/nst430a.zip
Tools Pro is Free
Netcat Linux, Yes For Linux, included with Red Hat 8.0. For Windows,
Windows/Free www.atstake.com/research/tools/nc11nt.zip
Routing Tools
Tool OS/Cost Used in Download From
Tasks
Visual Route Windows/Eval is Yes www.visualroute.com/
free
NeoTrace Windows/Eval is Yes www.tucows.com/preview/194046.html
free
Network Sniffer Tools
Tool OS/Cost Used in Download From
Tasks
Network Windows/Built-in Yes Included in Windows 2000 Server
Monitor
Ethereal Windows, Yes For Linux, included with Red Hat 8.0. For
0.9.11 Linux/Free Windows, www.ethereal.com/distribution/Win32
Tcpdump Linux/Free No www.tcpdump.org/
Windump Windows/Free No http://windump.polito.it/install/default.htm
WinPcap 2.3 Windows/Free Yes http://windump.polito.it/install/default.htm
Password Tools
Tool OS/Cost Used in Download From
Tasks
L0pht Windows/Eval No www.32bit.bhs.com/downloads/file.asp?id=4519
Crack 2.5 is Free
L0pht Windows/Eval Yes www.atstake.com/research/lc/application/lc4setup.exe
Crack LC4 is Free
Crack 5.0 Linux/Free No ftp://ftp.openbsd.org/pub/OpenBSD/2.7/packages/i386/crack-
5.0.tgz
John the Windows, Yes For Linux, www.openwall.com/john/john-1.6.tar.gz For
Ripper Linux, (Linux Windows, www.openwall.com/john/john-1.6w.zip
DOS/Free version
only)
Snadboy's Windows/Free Yes www.snadboy.com/RevelationV2.zip
Revelation
Trojan Horses and Exploit Tools
Tool OS/Cost Used in Download From
Tasks
Netbus Windows/Free No http://nttoolbox.com/public/tools/NetBus170.zip
–3–
To find out more about all of the products and services from Masterskill, please visit www.masterskill.co.za
Course Outline
NetBus Pro Windows/Free Yes http://home.t-
online.de/home/TschiTschi/netbus_pro_eng.htm
SubSeven Windows/Free No www.subseven.ws/
GetAdmin Windows No http://packetstormsecurity.org
NT/Free
Forensics and Keyboard Logging Tools
Tool OS/Cost Used in Download or Order From
Tasks
NTFSDOS Linux/Free, Yes For DOS, www.sysinternals.com/files/ntfs30r.zip (The
DOS/Eval is free Read-only version will do.) For Linux, linux-
ntfs.sourceforge.net/info/redhat.html#how
Keylogger Any (This is Yes www.keyghost.com
hardware.)/$89 to
$199 (one per class
only)
Forensics and Keyboard Logging Tools
Security Any (This is Yes www.keyghost.com
keyboard hardware.)/$129 to
$299 (one per class
only)
Keystroke Any (This is Yes www.electronickits.com/spy/finish/computer/key.htm
logger hardware.)/$54.95
(one per class
only)
Klogger Windows/Free Yes http://ntsecurity.nu/cgi-bin/download/klogger.exe.pl
Intrusion Detection Tools
Tool OS/Cost Used in Download From
Tasks
ISS Internet Windows/Free No Included with the Windows 2000 Server
Scanner 6 Resource Kit, or you can visit:
www.iss.net/download/
ISS System Windows/Free No Included with the Windows 2000 Server
Scanner 6 Resource Kit, or you can visit:
www.iss.net/download/
Snort Linux, No www.snort.org/dl/binaries
Windows/Free
IDSCenter Windows/Free No www.snort.org/dl/contrib/front_ends
Firewalls
Tool OS/Cost Used in Download From
Tasks
CheckPoint Windows No www.checkpoint.com. Part number is CPFW-FM-25-NG
NG 2000 Server
with
SP2/$2000
approx. (one
per class
only)
–4–
To find out more about all of the products and services from Masterskill, please visit www.masterskill.co.za
Course Outline
ISA Windows No www.microsoft.com/isaserver/evaluation/trial/default.asp
Server2000 2000 with
SP1
min./Eval is
Free
Network and Security Administration Tools
Tool OS/Cost Used Download From
in
Tasks
IPv6 Windows/Free Yes http://msdn.microsoft.com/downloads/sdks/platform/tpipv6/
Technology download.asp
Preview
Webmin Any (browser-based Yes www.webmin.com. Download either the rpm or the tarball.
management.)/Free
Tripwire Linux/Built-in Yes Included with Red Hat 8.0
Network and Security Administration Tools
Bastille Linux/Free Yes http://osdn.dl.sourceforge.net/sourceforge/bastille-linux/
Bastille-2.0.4-1.0.i386.rpm
pwlib-1.3.3- Linux/Free Yes www.bastille-linux.org/pwlib-1.3.3-5.i386.rpm
5.i386.rpm
perl-Tk- Linux/Free Yes www.bastille-linux.org/perl-Tk-800.023-9mdk.i586.rpm
800.023-
9mdk.i586.rpm
Windows 2000 Windows/Free Yes www.cisecurity.org
Gold Standard
PuTTY.exe Windows/Free Yes http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
HiSecWeb Windows/Free Yes http://download.microsoft.com/download/win2000srv/SCM/
security 1.0/NT5/EN-US/hisecweb.exe
template
IIS Lockdown Windows/Free Yes http:/download.microsoft.com/download/iis50/Utility/2.1/
tool NT45XP/EN-US/iislockd.exe
HFNetChk tool Windows/Free Yes http://download.microsoft.com/download/win2000platform/
Utility/3.3/NT45/EN-US/Nshc332.exe
(For the original command-line tool, go to
hfnetchk.shavlik.com/hfnetchk_3.86.0.1.exe. Or, for the new
Microsoft Baseline Security Analyzer, go to
download.microsoft.com/download/e/5/7/e57f498f-2468-
4905-aa5f-369252f8b15c/mbsasetup.msi.)
Miscellaneous Tools
Tool OS/Cost Used in Download From
Tasks
File Windows, Yes www.winzip.com, www.pkware.com, or
Unzippers DOS/Free www.rarlab.com
PDF Viewer Windows/Free No www.adobe.com/products/acrobat/readstep2.html
MS Office Windows/Free No http://office.microsoft.com/downloads/default.aspx
Viewers
–5–
To find out more about all of the products and services from Masterskill, please visit www.masterskill.co.za
Course Outline
For use in class, students will need the following:
• A bootable DOS floppy disk, similar to the one used for class preparation.
• Tools and utilities as described previously. These tools need to be
downloaded from the Web and can be burned onto a CD-ROM,
placed in a shared folder on the classroom network, or copied onto
the student machines. If you decide to create a Tools CD-ROM for
use in class, make sure that the instructor collects the CD-ROMs
from the students at the end of the course.
• The CD-ROM included with the course manual.
For use in class, the instructor will need the following:
• A bootable DOS floppy disk, similar to the one used for class preparation.
• Tools and utilities as described previously. These tools need to be
downloaded from the Web, and can be burned onto a CD-ROM or
copied onto the instructor's machine.
• The CD-ROM included with the course manual.
• A hardware keylogger. During class, the instructor does not need to
have, but should have access to, the disks used for class preparation.
Performance-
Performance-Based Objectives
o Investigate advanced concepts and procedures related to the TCP/IP protocol.
o Work with the secure version of IP, IPSec.
o Secure Linux computers and networks.
o Secure Windows 2000 computers and test the effectiveness of various security measures.
o Secure routers by using Access Control Lists and logging options.
o Investigate measures that can help ensure business continuity in the event of a disaster, such as
contingency planning, and power and backup issues.
o Define common Internet components and identify techniques used in Web hacking and other
attacks.
o Examine and work with common techniques used to attack networks and specific operating
systems.
Course Content
Lesson 1: Advanced TCP/IP
Topic 1A: TCP/IP Concepts
Topic 1B: Analyzing the Three-Way Handshake
Topic 1C: Capturing and Identifying IP Datagrams
Topic 1D: Capturing and Identifying ICMP Messages
Topic 1E: Capturing and Identifying TCP Headers
Topic 1F: Capturing and Identifying UDP Headers
Topic 1G: Analyzing Packet Fragmentation
Topic 1H: Analyzing an Entire Session
Topic 1I: Fundamentals of IPv6
Lesson 2: Implementing IPSec
Topic 2A: Internet Protocol Security
Topic 2B: IPSec Policy Management
Topic 2C: IPSec AH Implementation
Topic 2D: IPSec ESP Implementation
Topic 2E: Combining AH and ESP in IPSec
Lesson 3: Hardening Linux Computers
Topic 3A: Introduction to Linux Administration
–6–
To find out more about all of the products and services from Masterskill, please visit www.masterskill.co.za
Course Outline
Topic 3B: Fundamental Linux Security
Topic 3C: Access Control
Topic 3D: Securing Network Services
Topic 3E: Final OS Hardening
Lesson 4: Hardening Windows Computers
Topic 4A: Windows 2000 Infrastructure Security
Topic 4B: Windows 2000 Authentication
Topic 4C: Windows 2000 Security Configuration Tools
Topic 4D: Windows 2000 Resource Security
Topic 4E: Windows 2000 Auditing and Logging
Topic 4F: Windows 2000 EFS
Topic 4G: Windows 2000 Network Security
Lesson 5: Routers and Access Control Lists
Topic 5A: Fundamental Cisco Security
Topic 5B: Routing Principles
Topic 5C: Removing Protocols and Services
Topic 5D: Creating Access Control Lists
Topic 5E: Implementing Access Control Lists
Topic 5F: Logging Concepts
Lesson 6: Contingency Planning
Topic 6A: Continuity and Recovery
Topic 6B: Developing the Plan
Topic 6C: The Technologies of Staying On
Topic 6D: Backing up the Operating Systems
Lesson 7: Security on the Internet and the WWW
Topic 7A: Describing the Components of the Internet
Topic 7B: Identifying the Weak Points of the Internet
Topic 7C: Describing Web-Hacking Techniques
Topic 7D: Describing Methods Used to Attack Users
Lesson 8: Attack Techniques
Topic 8A: Network Reconnaissance
Topic 8B: Mapping the Network
Topic 8C: Sweeping the Network
Topic 8D: Scanning the Network
Topic 8E: Viruses, Worms, and Trojan Horses
Topic 8F: Malicious Web sites
Topic 8G: Gaining Control over the System
Topic 8H: Recording Keystrokes
Topic 8I: Cracking Encrypted Passwords
Topic 8J: Revealing Hidden Passwords
Topic 8K: Social Engineering
Topic 8L: Case Study: Social Engineering
Topic 8M: Gaining Unauthorized Access
Topic 8N: Hiding Evidence of an Attack
Topic 8O: Performing a Denial of Service
–7–
To find out more about all of the products and services from Masterskill, please visit www.masterskill.co.za
