Overview

Information security and privacy on the Internet are critical issues in our society. In recent years a large number of people have started to regularly use the Internet at home, at colleges, schools, cyber cafes, corporate offices, community centers. With this proliferation of use, information and computer security are becoming important issues.

Cyber forensics enables the systematic and careful identification of evidence in computer related crime & abuse cases. This may range from tracing the tracks of a hacker through a client's systems, to tracing the originator of defamatory emails, to recovering signs of fraud.
With the increasing success of mobile banking & payments, Mobile phone vulnerabilities are on the rise & are expected to spread rapidly.

Ethical Hacking

Security Brigade's Ethical hacking training goes in-depth into the techniques used by malicious, black hat hackers with attention getting lectures and hands-on lab exercises. While these hacking skills can be used for malicious purposes, this class teaches you how to use the same hacking techniques to perform a white-hat, ethical hack, on your organisation. You leave with the ability to quantitatively assess and measure threats to information assets; and discover where your organisation is most vulnerable to hacking in this network security training course.

This ethical security training course has a significant return on investment, you walk out the door with hacking skills that are highly in demand. The course is ideal for network administrators, security officers & crime prevention / protection officers and is designed to educate for the purpose of properly defending systems from hacking attacks.

Cyber Forensics

Cyber forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. Cyber Forensics investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information.

Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud.

The Course on Forensics Investigation will provide participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute in the court of law.

Some of the benefits from having an IT Security Aware staff are as follows:

• Hands-on training in implementation of the best security techniques currently available.
• Standardized training in the latest security software.
• Designing an incident response strategy, defining proper evidence handling procedures, and learning how to work with law enforcement.
• Full range of computer forensics skills.
• Get specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
• You will able to secure your corporate network infrastructure from crackers.
• Prepare yourself today for threats that you may face tomorrow.
• Discovering proven investigative strategies, developing the skills to track an offender on the Internet.
• Become your organisation's best resource for security issues and decisions.
• Increased company-wide awareness of the importance of best security practices.
• Employees can and should be the "last line of defense."

Statistics

Some statistics of concern that can be reduced significantly with End-User Security Training programs.

Insider Threat Statistics

• 67% percent of the attacks in 2007 were "for profit" motivated.
• Over 44% percent of incidents were tied to non-commercial sites such as Government and Education.
• 75% of companies cited employees as a likely source of hacking attacks.
• Losses reported by victims totaled $54 million, versus $17 million the year before, and complaints referred to law enforcement totaled 48,252, compared to 16,755 in 2001.
• ID theft costs banks $1 billion a year. Nearly 10,000 victims had home loans - totaling about $300 million - taken out in their name in 2002 and another 68,000 had new credit cards issued in their name.
• Two thirds (62%) admitted they have a very limited knowledge of IT Security.
• Although 99% of companies use antivirus software, 82% of them were hit by viruses and worms.
• 45% of businesses had reported unauthorized access by insiders.
• Five percent say they have accessed areas of their IT system they shouldn't have.

Course Content

Security Brigade's Training Programs are tailored to the exact needs of the audience. However a general course list for Ethical Hacking and Cyber Forensics Training can be seen below.

Methodology : Conceptually oriented followed by 100% hands on Practical.

Security Brigade's Training Program is divided into two levels.

Level 1

• Basic Networking Concepts
  • Introduction to Networks
  • Types of networks : LAN, WAN & MAN
  • Client-Server Technology
  • The realm of IP’s and domains
  • Ports
  • Structure of the Internet
  • Evolution of the Internet
• Introduction to Ethical Hacking
  • Terminology
  • A brief history of hacking
  • Various types of hackers
  • Hackers Vs Crackers
  • Approach to hacking
  • The 5 phases of hacking
  • An overview of Indian IT Act laws
• Footprinting
  • Information Gathering & Reconnaissance
  • Dnsstuff
  • Netcraft
  • Neotrace
  • CentralOps
  • Sam Spade
• Enumeration
  • NETBIOS Null sessions
  • User2sid
• Scanning
  • Nmap
  • LookAtLan
  • SuperScan
• System Hacking
  • Introduction
  • Password types
  • Various types of password attacks (Brute force, Dictionary, etc.)
  • Keyloggers
  • Trojans & Rootkits
  • Hiding files via Steganography techniques
  • Clearing logs and covering tracks
• Sniffers
  • Active & Passive
  • Wireshark
  • Cain & Abel
• Social engineering
• Denial of service & Distributed Denial of Services attacks
  • Ping of Death
  • Freak88
• Google Hacking Methodologies
• Penetration Testing

Level 2

• Hacking Web Servers
  • Methodology
  • Practical Exploitation
  • Countermeasures
• Email Hacking/Phishing attacks
  • Live Hacking
  • Gmail, Yahoo, Hotmail, Rediff
  • Preventive measures
• Yahoo Messenger Hacking
  • Live Hacking
  • Countermeasures
• Advanced Keylogger Technology
  • Antivirus Bypassing
  • Firewall Bypassing
  • Preventive Measures
• Web Hacking
  • SQL Injections
  • Cross Site Scripting
  • Live Hacking
• Computer Forensics Investigation
  • Various Forensic Software
  • Live Cyber Crime Case Studies
• Gray Box Testing
  • Spy software
  • Live Hacking
  • Hands-on Training
• Mobile Hacking & Virus
  • Preventive Methods

Bonus Module
This module will include aspects related to security issues connected to daily internet browsing:

• How emails get hacked in real time
• How do hackers gain access to terminals
• How not to get hacked, safe internet practices and much more.

Benefits

For Students
In our time information is power and network is the medium. Hence, the ethical hacking course offers great prospects in terms of building a corporate career and/or maintaining security in one's own business.

For Professors/Teachers
Professors/teachers interested in pursuing a career in teaching ethical hacking will be greatly benefited, because this course is up and going. It is going to be a full-fledged discipline.

For Professionals
The Ethical Hacking and Cyber Forensics Course will open avenues for professionals and tech-savvy individuals by giving them hands on training and internationally recognized certificates.

The Ethical Hacking and Cyber Forensics course and training delves deep into the techniques used by malicious, black hat hackers with hands-on lab exercises. While these hacking skills can be used for malicious purposes, the course imparts ethics to perform a white hat technique, all for general well-being. Upon successful completion you are able to assess the network security threats quantitatively and discover where your organisation is most vulnerable. Then you plan to strengthen your security and/or reveal the malicious techniques of a cracker.

• Solid understanding of the security weaknesses of and threats.
• Hands-on training in implementation of the best security techniques currently available.
• Standardized training in the latest security software.
• Significantly benefits security officers, auditors, security professionals, site administrators, and those concerned about the integrity of the network infrastructure.
• Designing an incident response strategy, defining proper evidence handling procedures, and learning how to work with law enforcement.
• Full range of computer forensics skills.
• Get specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
• You will able to secure your corporate network infrastructure from crackers.
• Prepare yourself today for threats that you may face tomorrow.
• Learn tools used by hackers in exposing common vulnerabilities and those used by security professionals for implementing countermeasures.
• Discovering proven investigative strategies, developing the skills to track an offender on the Internet.
• Become your organisation's best resource for security issues and decisions.
• Increased company-wide awareness of the importance of best security practices.
• Reduced risk of intentional or accidental information and IT asset misuse by your employees.
• Employees can and should be the "last line of defense."

Compliance

Security Brigade's End-User Awareness Training can meet the requirements of many standards and guidelines in relation to information security. Our Training team has working knowledge of the following standards and attempt to exceedingly meet thier requirements during the training program.

• PCI
  The Payment Card Industry (PCI) Data Security Requirements were established in December 2004, and apply to all Members, merchants, and service providers that store, process or transmit cardholder data. As well as a requirement to comply with this standard, there is a requirement to independently prove verification.

• ISACA
  ISACA was established in 1967 and has become a pace-setting global organisation for information governance, control, security and audit professionals. Its IS Auditing and IS Control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACA's cornerstone certification. Since 1978, the CISA exam has measured excellence in the area of IS auditing, control and security and has grown to be globally recognized and adopted worldwide as a symbol of achievement.

• CHECK
  The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. In the absence of other standards, CHECK has become the de-facto standard for penetration testing in the UK. This is mainly on account of its rigorous certification process. Whilst good it only concentrates on infrastructure testing and not application. However, open source methodologies such as the following are providing viable and comprehensive alternatives, without UK Government association. It must also be noted that CHECK consultants are only required when the assessment is for HMG or related parties, and meets the requirements above. If you want a CHECK test you will need to surrender your penetration testing results to CESG.

• BS7799
  BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995. It was written by the United Kingdom Government's Department of Trade and Industry (DTI), and after several revisions, was eventually adopted by ISO as ISO/IEC 17799. ISO/IEC 17799 was most recently revised in June 2005 and was renamed to ISO/IEC 27002 in July 2007. The BS 7799-2 focused on how to implement an Information security management system (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became ISO/IEC 27001. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming quality assurance model), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005. BS7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.
  

• HIPPA
  The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. Administrative Simplification (AS) provisions of HIPPA, require the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The AS provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the US health care system.