Module 1 – Introduction About This Course  Why Perform

Module 1 - Introduction About This Course Why Perform Penetration Tests? Security Certifications Types of Pentesting

About This Course Presenter Information Video Access Course Disks Network Configuration Certificate of Course Completion Course Support

About This Course Presenter Information Thomas Wilhelm ISSMP / CISSP / SCSECA / SCNA / SCSA / IAM IT Industry: 15 years Security Industry: 7 years U.S. Army SIGINT Analyst / Cryptanalyst Fortune 100 Penetration Testing / Risk Assessments Author “Penetration Tester’s Open Source Toolkit, Vol.2”

About This Course Video Access 30 days access to videos Use login information provided when enrolled 60 days to complete PenTest Document to ISSAF standards http://heorot.net/instruction/PTF/

About This Course Course Disks Disk 1.100 Used in Video Instruction Disk 1.101 Used in Hands-On Exercises & “Independent PenTest Effort” for Course Completion Certification BackTrack Used as Penetration Tester’s Toolkit

About This Course Network Configuration Configuration Issues: http://de-ice.net/index.php?name PNphpBB2&file viewforum&f 17 Can be used in a virtual machine

About This Course Certificate of Course Completion Awarded upon receipt and acceptance of formal documentation of Independent PenTest Effort Meet ISSAF standards “Independent PenTest Effort” uses Disk 1.101 Required material is covered in Module 4-8

About This Course Certificate of Course Completion - Grading General Documentation – 250 Management Summary Scope of the project (and Out of Scope parts) Tools that have been used (including exploits) Dates & times of the actual tests on the systems Identification of Weakness & Vulnerabilities – 650 A list of all identified vulnerabilities Output of tests performed (screenshots or “script” text file) Action Points – 100 Recommendation of what to mitigate first Recommended solution

About This Course Course Support Email: [email protected] Support 24x7 Instructor: [email protected] Online chat T,Th 9pm Eastern Also available by appointment Available via phone by appointment

Why Perform Penetration Tests? Black Hat vs. White Hat Code of Ethics Legal Responsibilities

Why Perform Penetration Tests? Code of Ethics CISSP Code of Ethics Canons: Protect society, the commonwealth, and the infrastructure. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principals. Advance and protect the profession.

Why Perform Penetration Tests? Black Hat vs. White Hat Black Hat: “A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent” - Wikipedia White Hat: “A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems” - Wikipedia

Why Perform Penetration Tests? Legal Responsibilities Federal Mandates SOX HIPPA FISMA, etc. State Mandates California Senate Bill 1386 Many other states are following California’s Example

Security Certifications Generalized Knowledge Appliance-Specific Methodology

Security Certifications Generalized Knowledge (ISC)2 ISSMP / ISSAP / ISSEP / CISSP / SSCP Prosoft Learning Certified Internet Web Professional Program Designer / Administrator / Manager / Developer SANS Institute Global Information Assurance Certification GISF / GSEC / GCFW / GCIA / GCUX and more

Security Certifications Appliance-Specific CISCO CCSP / CCIE Check Point CCSA / CCSE RSA Security CSA / CSE TruSecure TICSA / TICSE Operating Systems SCSECA RHCSS MCSE: Security

Security Certifications Methodology National Security Agency IAM / IEM EC-Council CEH

Types of Penetration Testing Network Host Application Database

Types of Penetration Testing Network Password Switches / Routers Firewall Intrusion Detection VPN Storage WLAN Security Internet User Security AS400 Lotus Notes

Types of Penetration Testing Host Unix / Linux Windows Novell Netware Web Server

Types of Penetration Testing Application Web Application Source Code Auditing Binary Auditing

Types of Penetration Testing Database Database Security Social Engineering

Module 1 - Conclusion Why Perform Penetration Tests? About This Course Security Certifications Types of Pentesting