ECSA: Penetration Testing Communication Media Testing [azazredhat]

The Security Analyst Series from EC-Council | Press is comprised of five books covering a broad base of topics in advanced penetration testing training and information security analysis. The content of this program is designed to expose the reader to groundbreaking methodologies in conducting thorough information security analysis, as well as advanced penetration testing techniques. Armed with the knowledge from the Security Analyst series along with proper experience, readers will be able to perform the intensive assessments required to effectively identify and mitigate risks to the security of the organization's infrastructure.

Penetration Testing: Communication Media Testing covers Wireless Network Penetration Testing, Advanced Wireless Testing, VoIP Penetration Testing, VPN Penetration Testing, War Dialing, Blue Tooth and Hand held Device Penetration Testing, Telecommunication and Broadband Communication Penetration Testing.

Course Briefing :-

1.Wireless Network Penetration Testing
Module Brief:
This module explains security policies that need to be assessed after setting up the wireless network. This wireless assessment is necessary to check the security of the network. Wireless vulnerability testing and wireless penetration testing are important for the wireless network penetration testing. This module also familiarizes with various wireless penetration testing tools.


2.Advanced Wireless Testing
Module Brief:
In this module, we review advanced techniques for wireless penetration testing. It will provide a brief study of various wireless concepts such as wireless components, standards, Wired Equivalent Privacy (WEP), its issues, flaws, and security. A glance on various wireless security technologies such as WPA, EAP, TKIP and discussion on different attacks and tools such as War Driving, NetStumbler, and MITM attacks.


3.VoIP Penetration Testing
Module Brief:
The devices that are used for the VoIP are as vulnerable as the operating system on which they are running. The VoIP devices such as IP phones, Call Manager, Gateways, and Proxy servers take over the same vulnerabilities as that of the operating system. The module discusses VoIP risks and vulnerabilities, VoIP security threats, VoIP penetration testing steps, lists various VoIP security and sniffing tools.


4.VPN Penetration Testing
Module Brief:
VPN penetration testing is a process of testing VPN network to secure the VPN’s network and maintain the VPN’s security. Penetration testing of VPN is straightforward and it is performed with various tools. Penetration testing is slightly different for both IPsec and SSL VPNs.
The module discusses VPN penetration testing steps: scanning, fingerprinting, PSK Crack, testing for default user accounts, testing for SSL VPN.


5.Wardialing
Module Brief:
War Dialing is the exploitation of an organization's telephone, modem, and private branch exchange (PBX) system to infiltrate the internal network in order to abuse computing resources. A War Dialing attack to penetrate into a target network by attempting to bypass firewalls and intrusion detection systems (IDS) is considered illegal. It involves attempts to access a company’s internal resources such as modems and telephones using dial-in access.
The module discusses war dialing techniques, the reason for conducting war dialing penetration tests, gives guidelines for selecting software for war dialing, configuring the software, and various war dialing tools.


6.Bluetooth and Handheld Device Penetration Testing
Module Brief:
This module explains about Jailbreaking, a process to unlock the iPhone and iPod touch devices to permit the installation of third-party applications and iDemocracy, third-party application installation solution for the Windows platform. It explains about iPhoneSimFree and anySIM which are the tools to unlock the iPhone. The methods such as Blackjacking, ActiveSync, BlueSnarfing, Blueprinting, and BlueSpam are introduced.


7.Telecommunication and Broadband Communication Penetration Testing
Module Brief:
This module explains the Employees who are connected to the corporate and government networks via broadband communication may create vulnerability for attack and Internet connection involves risks such as unauthorized access, installation of malicious software thus launches denial of service attacks. In this module we learn to use additional encryption beyond WEP in order to secure the data and spyware stealthy computer monitoring software that allows to secretly recording all activities of a user over the network. We also learn how to disable SNMP on wireless base station and wireless client and see how file sharing can affect the system thereby an attacker can send any malicious files containing viruses which in turn affect the system over the network. Encrypting a file for transmission and storing the data safely can also be learnt.

About the Author:-

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker course, Computer Hacking Forensics Investigator program, License Penetration Tester program and various other programs offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS) certifying EC-Council Network Security Administrator (ENSA) program for meeting the 4011 training standard for information security professionals.

Product Details :-

Paperback: 160 pages
Publisher: Course Technology; 1 edition (June 23, 2010)
Language: English
ISBN-10: 1435483693
ISBN-13: 978-1435483699
Product Dimensions: 10.7 x 8.3 x 0.5 inches