1.Wireless Network Penetration Testing
This module explains security policies that need to be assessed after setting up the wireless network. This wireless assessment is necessary to check the security of the network. Wireless vulnerability testing and wireless penetration testing are important for the wireless network penetration testing. This module also familiarizes with various wireless penetration testing tools.
2.Advanced Wireless Testing
In this module, we review advanced techniques for wireless penetration testing. It will provide a brief study of various wireless concepts such as wireless components, standards, Wired Equivalent Privacy (WEP), its issues, flaws, and security. A glance on various wireless security technologies such as WPA, EAP, TKIP and discussion on different attacks and tools such as War Driving, NetStumbler, and MITM attacks.
3.VoIP Penetration Testing
The devices that are used for the VoIP are as vulnerable as the operating system on which they are running. The VoIP devices such as IP phones, Call Manager, Gateways, and Proxy servers take over the same vulnerabilities as that of the operating system. The module discusses VoIP risks and vulnerabilities, VoIP security threats, VoIP penetration testing steps, lists various VoIP security and sniffing tools.
4.VPN Penetration Testing
VPN penetration testing is a process of testing VPN network to secure the VPN’s network and maintain the VPN’s security. Penetration testing of VPN is straightforward and it is performed with various tools. Penetration testing is slightly different for both IPsec and SSL VPNs.
The module discusses VPN penetration testing steps: scanning, fingerprinting, PSK Crack, testing for default user accounts, testing for SSL VPN.
War Dialing is the exploitation of an organization's telephone, modem, and private branch exchange (PBX) system to infiltrate the internal network in order to abuse computing resources. A War Dialing attack to penetrate into a target network by attempting to bypass firewalls and intrusion detection systems (IDS) is considered illegal. It involves attempts to access a company’s internal resources such as modems and telephones using dial-in access.
The module discusses war dialing techniques, the reason for conducting war dialing penetration tests, gives guidelines for selecting software for war dialing, configuring the software, and various war dialing tools.
6.Bluetooth and Handheld Device Penetration Testing
This module explains about Jailbreaking, a process to unlock the iPhone and iPod touch devices to permit the installation of third-party applications and iDemocracy, third-party application installation solution for the Windows platform. It explains about iPhoneSimFree and anySIM which are the tools to unlock the iPhone. The methods such as Blackjacking, ActiveSync, BlueSnarfing, Blueprinting, and BlueSpam are introduced.
7.Telecommunication and Broadband Communication Penetration Testing
This module explains the Employees who are connected to the corporate and government networks via broadband communication may create vulnerability for attack and Internet connection involves risks such as unauthorized access, installation of malicious software thus launches denial of service attacks. In this module we learn to use additional encryption beyond WEP in order to secure the data and spyware stealthy computer monitoring software that allows to secretly recording all activities of a user over the network. We also learn how to disable SNMP on wireless base station and wireless client and see how file sharing can affect the system thereby an attacker can send any malicious files containing viruses which in turn affect the system over the network. Encrypting a file for transmission and storing the data safely can also be learnt.