Network Defense Specialist

NDS204

Course Title:
Network Defense Specialist: Perimeter Defense Mechanisms

Page 1 of 9

Perimeter Defense Mechanisms Copyright by EC-Council | Press All Rights Reserved. Reproduction is Strictly Prohibited.

Network Defense Specialist

NDS204

Course Description
The Network Defense Series from EC-Council | Press is comprised of 5 books designed to educate learners from a vendor-neutral standpoint on how to defend the networks they manage. This series covers the fundamental skills in evaluating the internal and external threats to network security and design, how to enforce network level security policies, and how to ultimately protect an organization's information. The books in the series cover a broad range of topics from secure network fundamentals, protocols & analysis, standards and policy, hardening infrastructure, to configuring IPS, IDS, firewalls, bastion host, and honeypots. Learners completing this series will have a full understanding of defensive measures taken to secure their organization's information, and along with the proper experience these books will prepare readers for the EC-Council Network Security Administrator (E|NSA) certification. An organization is only as strong as its weakest link. The same is true in network security. Misconfigurations, outdated software, and technical glitches are often the easiest point of entry for a hacker. This book, the third in the series, is designed to teach the potential security practitioner how to harden the network infrastructure, evaluate hardware, and software configurations and introduce log analysis, creating a strong foundation for Network Security Troubleshooting, response, and repair.

Certification Info
Network Defense Specialist: Perimeter Defense Mechanisms

Who Should Attend This course will significantly benefit System Administrators, System Engineers, Firewall Administrators, Network Managers, IT Managers, IT Professionals and anyone who is interested in network security technologies.

Course Duration 2 days (9:00 5:00) CPE/ECE Qualification 16 ECE Credits awarded for attendance (1 for each classroom hour) Suggested Retail: $799 USD

Page 2 of 9

Perimeter Defense Mechanisms Copyright by EC-Council | Press All Rights Reserved. Reproduction is Strictly Prohibited.

Network Defense Specialist

NDS204

Required Courseware:

Visit www.cengage.com/community/eccouncil and click on Training Workshops for ordering details.

Whats included? Physical Courseware 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate Course + Supplement Cost: See the Training Workshops section at www.cengage.com/community/eccouncil for current pricing information. Related Certificates: Network Defense Specialist: Fundamentals & Protocols Network Defense Specialist: Security Policy & Threats Network Defense Specialist: Securing and Troubleshooting Network Operating Systems Network Defense Specialist: Security & Vulnerability Assessment

Page 3 of 9

Perimeter Defense Mechanisms Copyright by EC-Council | Press All Rights Reserved. Reproduction is Strictly Prohibited.

Network Defense Specialist

NDS204

Course Briefing
1. Hardening Physical Security Chapter Brief: Physical security has to be in place to secure the hardware or the software from the intruders. Security is enabled to safeguard the organizations information from the attackers. This chapter describes about the need for physical security, factors that affect the network security, implementing premise security, threats to networks, and the physical security breach incidents. It discusses the various methods used to physically secure networks and their elements. This chapter also describes the challenges in ensuring physical security. It provides a checklist for developing the physical security. 2. Firewalls Chapter Brief: Firewall is a program which is placed at the network gateway server. It is responsible for the traffic to be allowed to pass, block, or refuse. This chapter describes the multiple components of a firewall, its operations, and types. This chapter explains the rules and restrictions for establishing your Firewall. It also describes the firewall configuration strategies, architecture, multi-layer firewall protection, and deployment strategies. This chapter also discusses the advantages and disadvantages of using firewalls and lists the limitations of firewall. 3. Packet Filtering and Proxy Servers Chapter Brief: Packet filtering is the process of blocking or allowing the packets at a network interface based on the source and destination addresses, ports, or protocols, and a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. This chapter describes approaches to packet filtering, sequencing, prioritization, and fragmentation. It explains the types, advantages, and disadvantages of filtering and explains the types of TCP flags. This chapter also describes the role of proxy server and explains the authentication process and firewalls in Proxy Server. 4. Bastion Hosts and Honeypots Chapter Brief: A bastion host acts as a gateway between the organizational internal private network and outside public network. It is placed on the unrestricted side of the demilitarized zone (DMZ) whereas a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. This chapter describes the need, the basic principles and steps for building, and the requirements to setup and configure a Bastion Host. It discusses the special consideration for Unix systems and explains the Bastion Host Security Policy. This chapter also describes how to build and deploy Honeypots. It also explains how to create a Homemade Honeypot.

Page 4 of 9

Perimeter Defense Mechanisms Copyright by EC-Council | Press All Rights Reserved. Reproduction is Strictly Prohibited.

Network Defense Specialist

NDS204

5. Wireless Network Security Chapter Brief: Wireless Network allows connecting computer to a network using radio waves instead of wires/cables. This network can allow access to other wired networks through a device called an Access Point. This chapter describes the types of wireless networks based on connections and geography. It discusses the components of a wireless network, access points, wireless technologies, types of wireless threats and attacks, wireless standards such as IEEE 802.11a (Wi-Fi), IEEE 802.11b (Wi-Fi), and IEEE 802.11g (Wi-Fi). This chapter also discusses about securing wireless communication, authentication, WLAN security policy development issues and provides a wireless network security checklist.

Page 5 of 9

Perimeter Defense Mechanisms Copyright by EC-Council | Press All Rights Reserved. Reproduction is Strictly Prohibited.

Network Defense Specialist

NDS204

Course Outline
Chapter 1: Hardening Physical Security Introduction to Hardening Physical Security Understanding the Need for Physical Security Understanding the Factors That Affect Network Security Physical Security Threats to Networks Implementing Premises Security o o o o Implementing Premises Security: Office Security Implementing Premises Security: Reception Area Implementing Premises Security: Authenticating Individuals Implementing Premises Security: Smart Cards

Physical Security Checklist: Proximity Card Applying Biometrics in Physical Security o o o o o o Applying Biometrics in Physical Security: Fingerprint Verification Applying Biometrics in Physical Security: Hand Geometric Applying Biometrics in Physical Security: Voice Recognition Applying Biometrics in Physical Security: Retina Scanning Applying Biometrics in Physical Security: Iris Scanning Applying Biometrics in Physical Security: Facial Recognition Implementing Workplace Security: Desktop Security Implementing Workplace Security: Laptop Security Laptop Tracker - XTool Computer Tracker Tools to Locate Stolen Laptops

Implementing Workplace Security o o

Securing Network Devices Understanding the Challenges in Ensuring Physical Security Physical Security Measures o o o o o o o o o o Locks and Keys TEMPEST TEMPEST Signals Shielding Grounding Cabling Zoning TEMPEST Separation Uninterruptible Power Supplies Mantrap
Perimeter Defense Mechanisms Copyright by EC-Council | Press All Rights Reserved. Reproduction is Strictly Prohibited.

Page 6 of 9

Network Defense Specialist

NDS204

Mantrap: Diagrammatical Representation

Developing a Physical Security Checklist

Chapter 2: Firewalls Introduction to Firewalls Firewall Features Firewall Configuration Strategies Scalability Firewall Architecture: Dual-Homed Host architecture Firewall Architecture: Screened Host Architecture Firewall Architecture: Screened Subnet Architecture Securing Against Hacking by Using a Firewall Multi-layer Firewall Protection Understanding the Concept of DMZs Understanding Firewall Limitations Firewall Log Analysis Firewall Tools

Chapter 3: Packet Filtering and Proxy Servers Introduction to Packet Filtering and Proxy Servers Understanding Packet Filtering Configuring Filtering and Types of Filtering Pros and Cons of Filtering Flags Used for Filtering Understanding Proxy Servers Authentication in a Proxy Server Understanding the Security and Benefits of a Proxy Server How Proxy Server Differ From Packet Filtering

Chapter 4: Bastion Hosts and Honeypots Introduction to Bastion Hosts and Honeypots Bastion Hosts Requirements to Setup a Bastion Host Selecting the Host Machine Selecting the Operating System Configuring Bastion Host Locating the Bastion Host
Perimeter Defense Mechanisms Copyright by EC-Council | Press All Rights Reserved. Reproduction is Strictly Prohibited.

Page 7 of 9

Network Defense Specialist

NDS204

Securing the Machine Selecting the Services Provided Disabling Accounts Handling Backups Special Consideration for Unix Systems Bastion Host Security Policy Honeypots Honeynets

Chapter 5: Wireless Network Security Introduction to Wireless Network Security Wired Networks Versus Wireless Networks Wireless Network Types o o Wireless Network Types: Based on Connection Wireless Network Types: Based on Connection WLAN (Wireless Local Area Network) WWAN (Wireless Wide Area Network) WPAN (Wireless Personal Area Network) WMAN (Wireless Metropolitan Area Network) Components of a Wireless Network: Antennas o o o o o o o o o o
Page 8 of 9

Wireless Network Types: Based on Geographical Area Covered o o o o

Components of a Wireless Network o Components of a Wireless Network: Types of Antennas Components of a Wireless Network: Directional/ Omnidirectional Antennas Components of a Wireless Network: Aperture Antennas/ Leaky-wave Antennas Components of a Wireless Network: Reflector Antennas Components of a Wireless Network: Antenna Functions

Components of a Wireless Network: Access points Components of a Wireless Network: Operating Modes of Access Points Components of a Wireless Network: PC Cards Components of a Wireless Network: Wireless Cards Components of a Wireless Network: Wireless Modem Components of a Wireless Network: Wireless Router Components of a Wireless Network: Wireless USB Components of a Wireless Network: Wireless Game Adapter Components of a Wireless Network: Wireless Game Adapter: WGE111- 54 Mbps Components of a Wireless Network: Wireless Print Server
Perimeter Defense Mechanisms Copyright by EC-Council | Press All Rights Reserved. Reproduction is Strictly Prohibited.

Network Defense Specialist

NDS204

o o o o o o o o

Components of a Wireless Network: Wireless Range Extender Components of a Wireless Network: Wireless Internet Video Cameras Components of a Wireless Network: GSM Network Devices Components of a Wireless Network: Mobile Station (MS) Components of a Wireless Network: Base Station Subsystem (BSS) Components of a Wireless Network: Base Station Controller (BSC) Components of a Wireless Network: Base Transceiver Station (BTS) Components of a Wireless Network: Network Subsystem (NS)

Understanding Wireless Technologies Devices using Wireless Communications Detecting Wireless Networks Understanding the Various Types of Wireless Threats and Attacks WEP Key Cracking Tool: WEPCrack WEP Decryption Tool: AirSnort AirCrack Wireless Standards Techniques and Tools for Securing Wireless Communications Developing a Wireless Security Policy Certificate Management Through Public Key Infrastructure (PKI) Troubleshooting Wireless Networks Multipath and Hidden Node Developing a Wireless Network Security Checklist

Page 9 of 9

Perimeter Defense Mechanisms Copyright by EC-Council | Press All Rights Reserved. Reproduction is Strictly Prohibited.