SE-350
PENETRATION TESTING
 

3 Days

Tuition: $1785

Target Audience: System Administrators, Security Auditors, IT Managers

 Prerequisites:

  • Intermediate Network and Systems Admin experience
  • Network Intrusion Protection course

 As a result of completing this course, the student will be able to:

  • perform vulnerability assessments on their own networks using a methodological approach
  • follow a penetration tester’s code of ethics
  • write a summary report

 Student Materials:

  • Binder of printed overheads & labs
  • Reference Book: Nessus Network Auditing textbook (Syngress)
  • Printed bound copy of the OSSTMM

    Pen-Test Business Practices

    ·         Why a Pen-Test is Needed

    ·         Knowledge Levels During Testing

    ·         Vulnerability Scanning vs. Penetration Testing

    ·         Goals of a Pen-Test

    ·         Scope of Work

    ·         Written Authorization

    ·         Test Plan Checklist

    ·         Pen-Test Standards (OSSTMM, ISSAF)

    ·         Lab: Scope of Work Document

    ·         Lab: Ethics/Rules of Engagement document

    Vulnerability Scanning with Nessus

    ·         Choosing Pen-Test Tools

    ·         Manual vs. Automated Scanning Tools

    ·         Security Tools Checklist

    ·         The Vulnerability Assessment Process

    ·         Vulnerability Assessment Limitations

    ·         Nessus Strengths

    ·         Nessus Installation

    ·         Nessus Basic Operations

    ·         Lab: Nessus installation and configuration

    Advanced Nessus

    ·         Dealing with False Positives

    ·         NASL customization

    ·         Lab: False Positive Detection

    ·         Lab: NASL script writing & testing

     

    OSSTMM Document Review

    ·         Section A - Information Security

    ·         Section B - Process Security

    ·         Section C - Internet Technology Security

    ·         Section D - Communications Security

    ·         Section E - Wireless Security

    ·         Section F - Physical Security

    ISSAF Document Review

    ·         Part A- Rules of Engagement

    ·         Penetration Testing Methodology

    Deliverables & Report Writing

    ·         Summary of Results

    ·         Potential Impact of Vulnerabilities

    ·         Recommendations

    ·         Appendix of Detailed Results

    ·         Lab: Report for Previous Pen-Test

     

    Summary List of Lab Exercises/Tools:

    ·         Scope of Work document writing

    ·         Ethics quiz

    ·         Vulnerability scanning with Nessus

    ·         Black Box penetration test (using Network Intrusion Protection tools)

    ·         White Box penetration test (using Network Intrusion Protection tools)

    ·         Gray Box penetration test (using Network Intrusion Protection tools)

    ·         Report writing of Pen-Test results

Home
Solaris Programming Microsoft Desktop Linux Cisco Security
About SYSTEMS Computer Training
Contact Us


© 2003-2004  SYSTEMS Computer Training, A Testmasters Company

Solaris and Java are registered trademarks of Sun Microsystems.