Course Description

Information Security in the finance sector whether it is banking, insurance or accounting has never been as crucial as it is now with the industry seeing many technology advances in a short time. Technologies such as Internet Banking, Two Factor Authentication, encryption and smart card technology have changed the way Security Administrators protect their environment from external and internal threats.

CFSVS has been designed by leading Financial Security Experts to prepare Security Administrators and Management best protect their organizations from vulnerabilities and threats. This course is designed solely for the Financial Sector and thus ensures that only the areas of knowledge required are included and explained in great detail.

This course is a hands-on course, but also covers areas such as governance and vulnerability report writing. Students learn how to penetrate Web Servers, Operating Systems, Wireless Networks and Routers. From this knowledge they will then learn to design and protect their infrastructure against attacks. Each Module is designed to not only show the exploits but also how to protect them using industry best practice and current regulations to ensure financial client data confidentiality.

Social Engineering and Identity Theft are current global issues affecting security; the course contains modules on how to commit Identity Theft and Social Engineering whereby students are knowledgeable and hence prepared to prevent this hacking technique.

Prerequisites:

• A minimum of 12 months experience in networking technologies
• Sound knowledge of TCP/IP
• Computer hardware knowledge
• Knowledge of Microsoft packages
• Network+, Microsoft Security+ or equivalent knowledge
• Knowledge of Linux would be beneficial but not essential.

Follow-on Classes:

• CPTS - Certified Penetration Testing Specialist - 5 Days
• CPTE - Certified Penetration Testing Expert - 5 Days
• CFED - Computer Forensics & Electronic Discovery - 3 Days
• ACFT - Advanced Computer Forensics Techniques - 3 Days
• CFED/ACFT Computer Forensics Boot camp - 5 Days
• CPPT - Certified Perimeter Protection Tactician - 5 Days
• CWNA - Wireless Network Administration - 3 Days
• DR&BCP - Disaster Recovery and Business Continuity Planning - 3 Days

Module 1: Governance This module is designed to show the CFSVS how to protect the environment from the beginning, including the following: Policies Standards (NSA, CIS) Procedures Staff Training and Awareness Sarbanes Oxley / Graham Leech Bliley Regulations

Module 2: Hardening Servers

This module is designed for protecting operating systems from internal and external attacks. The standards from Module 1 will be applied to the following:

• Securing Microsoft Servers
• Securing Sun Solaris Servers
• Securing Linux Servers
• Penetration Tools and Techniques
• Antivirus and Anti Spam
• Patch Management

Module 3: Securing Databases

This module is designed to show the CFSVS techniques to penetrate databases and also how to protect them using Financial Industry Best Practice.

• SQL Server
• Oracle
• Encryption
• Penetration Tools and Techniques

Module 4: Wireless Hacking and Design

This module is designed to show the CFSVS correct wireless architecture designs to protect confidential information and shows penetration techniques relating to cracking MAC Filtering designs, WEP and WPA encryption.

• MAC Filtering
• WEP
• WPA / TKIP
• Wireless Design Architecture
• Wireless leakage

Module 5: Web Servers

This module is designed to show the CFSVS how to harden Web servers, whether it is IIS or Apache for Internal Web Servers or External DMZ servers. It also shows correct server design placement and hacking techniques.

• Microsoft IIS Hardening
• Apache / Tomcat Hardening
• Design Architecture
• Hacking Tools and Techniques

Module 6: Network Infrastructure

This module is designed to show the CFSVS hardening of Network Infrastructure including Switches, Routers, Firewalls and VLANS. It also shows design and firewall placement, hacking techniques and vulnerability management.

• Cisco, Net screen, Checkpoint Firewalls
• Cisco PIX
• Routers
• Switches
• VLAN
• ACL Design
• Hacking Techniques

Module 7: Social Engineering

This module shows the CFSVS how hackers use social engineering to gain access to their environment. It shows the CFSVS how to reduce social engineering from being successful in an organization. It also shows real world examples on how Social Engineering is used to gain access.

• Social Engineering Techniques
• How to use the techniques using real world example
• How to train staff to watch out for it
• Testing staff to audit their responses

Module 8: Forensics

This module shows the CFSVS how to approach a crime scene within an organization., besides capturing, preserving and transporting the evidence to court.

• Encase
• FTP Tools
• Steganography
• Collection of Evidence
• Witness and Offender Questioning
• Cryptography

Module 9: Identity Theft

Identity Theft is a growing problem in the world today and The Financial Sector is one of the largest affected groups. This module is designed to show the CFSVS how to commit Identity Theft. Once the CFSVS knows how to commit identity theft he will also be able to use techniques on uncovering it.

• Stealing Someone’s Identity
• Cheque Fraud
• Money Laundering
• Internet Banking / Western Union Money Transfer
• Prevention Techniques

Module 10: TCP/IP Protocols and Hacking Techniques

TCP/IP protocols are the backbone of telecommunications for the Internet and Financial Transactions. This module shows the weakness in the protocols and how to prevent the weaknesses from leaving an organization. vulnerable.

• TCP/IP, FTP, TELNET, SSL, HTTP
• Man in the Middle Techniques
• Arp Poisoning / Spoofing
• DNS Poisoning
• SQL Injections
• Ethereal

Module 11: Encryption in the Workplace

This module shows the CFSVS how to correctly design implement and take control of encryption in the workplace. This includes the following technologies and products:

• PKI
• Microsoft EFS
• Password SAFE
• PGP
• RSA
• Two Factor Authentication
• Smart Card Technology
• Biometrics

Module 12: Tools of the Trade

This module shows the CFSVS how to build tool kits to find vulnerabilities in workplaces. The tool kits include Microsoft and Linux tools as well as wireless antennas and specialty software.

• Which equipment to purchase (Laptops, PCMCIA Cards)
• Which tools to use and how to use them
• Wireless tools and software
• Windows tools and techniques
• Linux Tools and techniques

Module 13: Report Writing

Report writing is essential to communicate findings to management or system owners for fixing vulnerabilities. This module is designed to show the CFSVS how to correctly report findings in clear laymen’s terms.

• Report Styles
• Showing Findings
• Recommendations
• Qualitative Analysis
• Industry Benchmark Techniques
• Appendices

Lab Information:

1. Most lessons have hands on labs.
2. Labs will change continuously adapting to changes in the security industry.
3. Mile2 consultants working in the security field will be dynamically implementing new scenarios that are over and above the base labs used in student workbooks.
4. Please note that this is not a class that will explain the very intricacies of each and every tool. The software is mostly open source and underground software which leaves us with no guarantee of compatibility.
5. Mile2 consultants constantly test most of the tools used in this class, however we may use a tool that is not tested in the environment we have at our partner’s site.
6. We will be using a large array of Operating Systems that are set-up to be used in different ways, perhaps to attack or to use as a hacker box.

Definition: "Ethical Hackers"

Definition: Vulnerability Assessment and Penetration Test

© Copyright – 2005, Mile2 – CFSVS & Mile2 are trademarks of Mile2 mki, Inc. All Rights Reserved.

Important Intellectual Property Acknowledgments:
Certified Financial Sector Vulnerability Specialist, CFSVS, Certified Pen Tester, Certified Penetration Tester, Certified Penetration Testing Specialist, Certified Penetration Testing Expert, Mile2, CPT and CPTS are trademarks of Mile2 mki, Inc. © 2004 All rights reserved