Security Fundamentals

• Overview
• The Growth of
• Environments and Security
• Our Motivation
• The Goal: Protecting Information!
• CIA Triad in Detail
• Approach Security Holistically
• Security Definitions
• Definitions Relationships
• Method: Ping
• The TCP/IP Stack
• Which Services Use Which Ports
• TCP 3-Way Handshake
• TCP Flags
• Malware
• Types of Malware
• Types of Malware Cont...
• Types of Viruses
• More Malware: Spyware
• Trojan Horses
• Back Doors
• DoS
• DDoS
• Packet Sniffers
• Passive Sniffing
• Active Sniffing
• Firewalls, IDS and IPS
• Firewall First
• Line of Defense
• IDS Second Line of Defense
• IPS Last Line of Defense
• Firewalls
• Firewall Types:
• (1) Packet Filtering
• Firewall Types:
• (2) Proxy Firewalls
• Firewall Types
• Circuit-Level Proxy Firewall
• Type of Circuit-
• Level Proxy SOCKS
• Firewall Types
• Application-Layer Proxy
• Firewall Types: (3) Stateful
• Firewall Types:
• (4) Dynamic Packet-Filtering
• Firewall Types:
• (5) Kernel Proxies
• Firewall Placement
• Firewall Architecture
• Types Screened Host
• Multi- or Dual-Homed
• Screened Subnet
• Wi-Fi Network Types
• Wi-Fi Network Types
• Widely Deployed Standards
• Standards Comparison
• 802.11n - MIMO
• Overview of Database Server
• Review

Access Controls

• Overview
• Role of Access Control
• Definitions
• More Definitions
• Categories of Access Controls
• Physical Controls
• Logical Controls
• Soft Controls
• Security Roles
• Steps to Granting Access
• Access Criteria
• Physical Access
• Control Mechanisms
• Biometric System Types
• Synchronous Token
• Asynchronous Token Device
• Memory Cards
• Smart Card
• Cryptographic Keys
• Logical Access Controls
• OS Access Controls
• Linux Access Controls
• Accounts and Groups
• Password &
• Shadow File Formats
• Accounts and Groups
• Linux and UNIX Permissions
• Set UID Programs
• Trust Relationships
• Review

Protocols

• Protocols Overview
• OSI Application Layer
• OSI Presentation Layer
• OSI Session Layer
• Transport Layer
• OSI Network Layer
• OSI Data Link
• OSI Physical Layer
• Protocols at
• Each OSI Model Layer
• TCP/IP Suite
• Port and Protocol Relationship
• Conceptual Use of Ports
• UDP versus TCP
• Protocols ARP
• Protocols ICMP
• Network Service DNS
• SSH Security Protocol
• SSH
• Protocols SNMP
• Protocols SMTP
• Packet Sniffers
• Example Packet Sniffers
• Review

Cryptography

• Overview
• Introduction
• Encryption
• Cryptographic Definitions
• Encryption Algorithm
• Implementation
• Symmetric Encryption
• Symmetric Downfalls
• Symmetric Algorithms
• Crack Times
• Asymmetric Encryption
• Public Key
• Cryptography Advantages
• Asymmetric
• Algorithm Disadvantages
• Asymmetric
• Algorithm Examples
• Key Exchange
• Symmetric versus Asymmetric
• Using the
• Algorithm Types Together
• Instructor Demonstration
• Hashing
• Common Hash Algorithms
• Birthday Attack
• Example of a Birthday Attack
• Generic Hash Demo
• Instructor Demonstration
• Security Issues in Hashing
• Hash Collisions
• MD5 Collision Creates
• Rogue Certificate Authority
• Hybrid Encryption
• Digital Signatures
• SSL/TLS
• SSL Connection Setup
• SSL Hybrid Encryption
• SSH
• IPSec - Network Layer Protection
• IPSec
• IPSec
• Public Key Infrastructure
• Quantum Cryptography
• Attack Vectors
• Network Attacks
• More Attacks (Cryptanalysis)
• Review

Why Vulnerability Assessments

• Overview
• What is a
• Vulnerability Assessment
• Vulnerability Assessment
• Benefits of a
• Vulnerability Assessment
• What are Vulnerabilities
• Security Vulnerability Life Cycle
• Compliance and Project Scoping
• The Project
• Overview Statement
• Project Overview Statement
• Assessing Current
• Network Concerns
• Vulnerabilities in Networks
• More Concerns
• Network Vulnerability
• Assessment Methodology
• Network Vulnerability
• Assessment Methodology
• Phase I: Data Collection
• Phase II: Interviews, Information Reviews, and Hands-On Investigation
• Phase III: Analysis
• Analysis cont.
• Risk Management
• Why Is Risk
• Management Difficult
• Risk Analysis Objectives
• Putting Together
• the Team and Components
• What Is the Value of an Asset
• Examples of Some Vulnerabilities that Are Not Always Obvious
• Categorizing Risks
• Some Examples
• of Types of Losses
• Different Approaches
• to Analysis
• Who Uses What
• Qualitative Analysis Steps
• Quantitative Analysis
• ALE Values Uses
• ALE Example
• ARO Values and Their Meaning
• ALE Calculation
• Can a Purely Quantitative Analysis Be Accomplished
• Comparing Cost and Benefit
• Countermeasure Criteria
• Calculating Cost/Benefit
• Cost of a Countermeasure
• Can You Get Rid of All Risk
• Managements Response to Identified Risks
• Liability of Actions
• Policy Review
• (Top-Down) Methodology
• Definitions
• Policy Types
• Policies with Different Goals
• Industry Best
• Practice Standards
• Components that Support the Security Policy
• Policy Contents
• When Critiquing a Policy
• Technical (Bottom-Up)
• Methodology
• Review

Vulnerability Tools of the Trade

• Vulnerability Scanners
• Nessus
• SAINT Sample Report
• Tool: Retina
• Qualys Guard
• http://www.qualys.com/products/overview/
• Tool: LANguard
• Microsoft Baseline Analyzer
• MBSA Scan Report
• Dealing with Assessment Results
• Patch Management Options
• Review

Output Analysis and Reports

• Overview
• Staying Abreast: Security Alerts
• Vulnerability Research Sites
• Nessus
• SAINT
• SAINT Reports
• GFI Languard
• GFI Reports
• MBSA
• MBSA Reports
• Review

Reconnaissance, Enumeration & Scanning

• Reconnaissance Overview
• Step One in the
• Hacking Life-Cycle
• What Information is
• Gathered by the Hacker
• Passive vs. Active Reconnaissance
• Footprinting Defined
• Social Access
• Social Engineering Techniques
• Social Networking Sites
• People Search Engines
• Internet Archive:
• The WayBack Machine
• Footprinting Tools Overview
• Maltego GUI
• Johnny.Ihackstuff.com
• Google (cont.)
• Domain Name Registration
• WHOIS Output
• DNS Databases
• Using Nslookup
• Traceroute Operation
• Web Server Info Tool: Netcraft
• Introduction to Port Scanning
• Which Services
• use Which Ports
• Port Scan Tips
• Port Scans Shou

Additional course details:

Nexus Humans Certified Professional Ethical Hacker training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward.

This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts.

Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success.

While we feel this is the best course for the Certified Professional Ethical Hacker course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you.

Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

FAQ for the Certified Professional Ethical Hacker Course

Available Delivery Options for the Certified Professional Ethical Hacker training.

• Live Instructor Led Classroom Online (Live Online)
• Traditional Instructor Led Classroom (TILT/ILT)
• Delivery at your offices in London or anywhere in the UK
• Private dedicated course as works for your staff.

How many CPD hours does the Certified Professional Ethical Hacker training provide?

The 5 day. Certified Professional Ethical Hacker training course give you up to 30 CPD hours/structured learning hours. If you need a letter or certificate in a particular format for your association, organisation or professional body please just ask.

What is the correct audience for the Certified Professional Ethical Hacker training?

This course is targeted towards the information technology (IT) professional that has a minimum 1 year IT Security and Networking experience. This course would be ideal for Information System Owners, Security Officers, Ethical Hackers, Information Owners, Penetration Testers, System Owner and Managers as well as Cyber Security Engineers.

Do you provide training for the Certified Professional Ethical Hacker.

Yes we provide corporate training, dedicated training and closed classes for the Certified Professional Ethical Hacker. This can take place anywhere in UK including, England, Scotland, Cymru (Wales) or Northern Ireland or live online allowing you to have your teams from across UK or further afield to attend a single training event saving travel and delivery expenses.

What is the duration of the Certified Professional Ethical Hacker program.

The Certified Professional Ethical Hacker training takes place over 5 day(s), with each day lasting approximately 8 hours including small and lunch breaks to ensure that the delegates get the most out of the day.

Why are Nexus Human the best provider for the Certified Professional Ethical Hacker?

Nexus Human are recognised as one of the best training companies as they and their trainers have won and hold many awards and titles including having previously won the Small Firms Best Trainer award, national training partner of the year for UK on multiple occasions, having trainers in the global top 30 instructor awards in 2012, 2019 and 2021. Nexus Human has also been nominated for the Tech Excellence awards multiple times. Learning Performance institute (LPI) external training provider sponsor 2024.

Is there a discount code for the Certified Professional Ethical Hacker training.

Yes, the discount code PENPAL5 is currently available for the Certified Professional Ethical Hacker training. Other discount codes may also be available but only one discount code or special offer can be used for each booking. This discount code is available for companies and individuals.