You are here CoursesExam InformationECSS Exam
Friday, May 24, 2013
EC-Council Conference & Events

EC-Council Certified Security Specialist (ECSS) Exam
 
Credit towards Certification
  • Certified Security Specialist v3
Exam Details
  • Number of Questions: 50
  • Passing Score: 70%
  • Test Duration: 2 hours
  • Test Format: Multiple choice
  • Test Delivery: Prometric Online
Exam Code
  • The exam code varies when taken at different testing centers.
  • Prometric Prime: ECSS
Skills Measured
The exam ‘ECSS’ tests ECSS candidates on the following 32 domains:
  1. Information Security Fundamentals
  2. Addressing Threats
  3. Backdoors, Virus, and Worms
  4. Introduction to the Linux Operating System
  5. Password Cracking
  6. Cryptography
  7. Web Servers and Web Applications
  8. Wireless Networks
  9. Intrusion Detection System
  10. Firewalls and Honeypots
  11. Hacking Cycle
  12. Introduction Ethical Hacking
  13. Networking Revisited
  14. Secure Network Protocols
  15. Authentication
  16. Network Attacks
  17. Bastion Hosts and DMZ
  18. Proxy Servers
  19. Virtual Private Network
  20. Introduction to Wireless Network Security
  21. Voice over Internet Protocol
  22. Computer Forensics Fundamentals
  23. Trademark, Copyright, and Patents
  24. Network and Router Forensics Fundamentals
  25. Incident Response and Forensics
  26. Digital Evidence
  27. Understanding Windows, DOS, Linux, and Macintosh
  28. Steganography
  29. Analyzing Logs
  30. E-mail Crime and Computer Forensics
  31. Introduction to Writing Investigative Report
  32. Computer Forensics as a Profession

Test Objectives
 
Module 01: Information Security Fundamentals
  • Explain the information security and its need
  • Discuss the common terminologies used in the information security
  • Explain the statistics related to security
  • Discuss the information security laws and regulations, such as Computer Misuse Act, Data Protection Act 1998, and Gramm-Leach Bliley Act 
Module 02: Addressing Threats
  • Explain the threats and common terminologies used to address threats
  • Discuss what are external and internal threats
  • Describe the different types of external threats such as social engineering, denial of service attacks, Trojan and rootkit, and corporate espionage
  • Explain the working of employee monitoring tool
Module 03: Backdoors, Virus, and Worms
  • Explain the virus, worm, and backdoors
  • Discuss the characteristics and working of viruses
  • Explain the difference between worm and virus
  • Describe the stages of virus life and modes of virus infection
  • Describe anti-virus systems and different anti-virus software
Module 04: Introduction to the Linux Operating System
  • Discuss about the different distribution of Linux
  • Explain why attackers choose the Linux operating system for hacking
  • Describe how to apply patches to the vulnerable programs
  • Discuss different Linux Rootkits
  • Explain about different Linux hacking tools
Module 05: Password Cracking
  • Define authentication and authentication mechanism
  • Explain what a password cracker is
  • Describe how does a password cracker work
  • Explain password guessing and dictionary maker
  • Discuss password cracking tools
Module 06: Cryptography
  • Describe the basics of cryptography
  • Explain Public-key cryptography and working of encryption
  • Discuss about digital signature
  • Explain the SSH
  • Describe the RSA algorithm and RSA attacks
  • Explain different RSA challenges
  • Describe SHA and MD5
  • Discuss cryptography attacks
Module 07: Web Servers and Web Applications
  • Explain the analysis from the internet security threat report
  • Describe top web server developers
  • Discuss how web servers work, why web servers are compromised, and web application vulnerabilities categories
  • Explain web application architecture components, web application software components, web application setup, and web application threats
  • Discuss about Cross-Site Scripting/XSS Flaws, SQL Injection, Cookie/Session Poisoning, and countermeasures for that
Module 08: Wireless Networks
  • Explain what is wireless networking and effects of wireless attacks on business
  • Discuss Wireless Standards like Wireless Standard: 802.11a, Wireless Standard: 802.11b – “WiFi”, Wireless Standard: 802.11g, Wireless Standard: 802.11 and Wireless Standard: 802.11n etc
  • Describe different types of wireless network
  • Explain advantages and disadvantages of a wireless network
  • Discuss wireless security guidelines
Module 09: Intrusion Detection System
  • Describe intrusion detection systems
  • Explain the IDS placement
  • Discuss types of intrusion detection systems
  • Explain different ways to detect an intrusion
  • Describe indications of system intrusions, file system intrusions, and network intrusions
  • Explain about intrusion detection tools
Module 10: Firewalls and Honeypots
  • Discuss the importance of firewall
  • Illustrate the working of firewalls
  • Categorize the firewall types
  • Describe about firewalking
  • Explain about banner grabbing
  • Illustrate backdoor placing through firewalls
  • Describe honeypots
  • Categorize the types of honeypot
  • Discuss the advantages and disadvantages of honeypots
  • Illustrate how to setup a honeypot
  • Describe honeypots: KFsensor, SPECTER, and honeyd
  • List the steps to be performed when the system is attacked
Module 11: Hacking Cycle
  • Showcase the hacking history
  • Explain who the attacker is
  • Discuss the various types of attackers
  • Illustrate the steps performed by the attacker while attacking the user
  • Discuss various types of attacks on a system
  • Discuss the computer crimes and their implications
Module 12: Introduction Ethical Hacking
  • Describe the attacks carried out using hacked PC
  • Define hacker classes
  • Explain about hacktivism
  • Discuss the necessity of ethical hacking
  • Discuss the roles of ethical hackers
  • Describe how to become an ethical hacker
  • Discuss the skills of an ethical hacker
  • Discuss the classification of an ethical hacker
  • Distinguish between penetration testing and ethical hacking
  • Demonstrate how to simulate an attack on the network
  • Highlight testing approaches and general prevention
Module 13: Networking Revisited
  • Discuss various OSI layers: network layer, application layer, transport layer, Internet layer, network interface layer, and physical layer
  • Differentiate protocols and services
  • Describe the mapping Internet protocol to OSI
  • Discuss OSI layers and device mapping
  • Discuss the essentials of the network security
  • List the data security threats over a network
  • Describe the network security policies
  • Determine what defines a good security policy
  • Explain various types of the network security policies
Module 14: Secure Network Protocols
  • Discuss how to secure the network protocols
  • Describe in details about Public Key Infrastructure (PKI)
  • Discuss about Access Control Lists (ACL)
  • Define Authentication, Authorization, and Accounting (AAA)
  • Discuss RADIUS, TACACS+, and Kerberos
  • Explain Internet Key Exchange protocol (IKE)
Module 15: Authentication
  • Define authentication
  • Explain authentication mechanisms
  • Discuss HTTP authentication types such as basic authentication, digest authentication, certificate-based authentication, and forms-based authentication
  • Familiarize with RSA SecurID Token
  • Explain in details about biometrics authentication and its types which includes face recognition, retina scanning, fingerprint-based identification, and hand geometry-based identification
  • Discuss about digital certificates
  • List the attacks on the password authentication
Module 16: Network Attacks
  • Discuss in details, various network attacks such as denial of service, scanning, packet sniffing, IP spoofing, ARP spoofing, session hijacking, spamming, and eavesdropping and their countermeasures
Module 17: Bastion Hosts and DMZ
  • Discuss the need of Bastion Host
  • Categorize the types of Bastion Hosts
  • Familiarize with the basic principles for building a Bastion Host
  • List the general requirements to setup a Bastion Host
  • Describe how to position, audit, and connect the Bastion Host
  • Discuss the IPSentry tool
  • Discuss about DMZ and explain different ways to create a DMZ
  • Determine where to place Bastion Host in the DMZ
Module 18: Proxy Servers
  • Explain about proxy servers and list its various benefits
  • Illustrate the working of a proxy server
  • Describe the functions of a proxy server
  • Explain the communication via a proxy server
  • Familiarize with proxy server-to-proxy server linking
  • Distinguish between proxy servers and packet filters
  • Explain the networking protocols for proxy servers
  • Discuss various types of proxy servers such as transparent proxies, non-transparent proxy, and SOCKS
  • Explain proxy server-based firewalls: Wingate and Symantec Enterprise firewall
  • Familiarize with Microsoft Internet Security & Acceleration Server (ISA)  
  • Define ISA Server 2006 components
  • Discuss the steps involved in configuring proxy server on IE
  • State the limitations of a proxy server
Module 19: Virtual Private Network
  • Discuss briefly about VPN and its deployment
  • Explain tunneling and its types
  • Discuss the popular VPN tunneling protocols
  • Discuss VPN security
  • Describe about VPN registration and passwords
  • Explain about IPSec and its services
  • Discuss combining VPN and firewalls
  • List various VPN vulnerabilities
Module 20: Introduction to Wireless Network Security
  • Discuss about wireless networking and its types: WLANs, WPANs, WMANs, and WWANs
  • Describe what are antennas, SSIDs, and rogue access points
  • Showcase the tool to detect rogue access points: NetStumbler
  • Explain what is Wired Equivalent Privacy (WEP) and familiarizes with its tool: AirSnort
  • Determine 802.11 wireless LAN security
  • List the limitations of WEP security
  • Discuss about Wireless Transportation Layer Security (WTLS) and Extensible Authentication Protocol (EAP) methods
  • Discuss about 802.11i
  • Explain briefly about Wi-Fi Protected Access (WPA)
  • Discuss about TKIP and AES
  • Discuss Denial of Service (DoS) attacks and Man-in-the-Middle attack (MITM)
  • Explain about WIDZ, Wireless Intrusion Detection System
  • Discuss how to secure the wireless networks
Module 21: Voice over Internet Protocol
  • Discuss about VoIP, its benefits, and basic architecture
  • Explain the VoIP layers and its standards
  • Describe what is wireless VoIP
  • Discuss various VoIP threats and vulnerabilities and how to achieve security
  • Explain the Skype’s International Long Distance Share Grows, Fast.
  • Showcase various VoIP sniffing tools such as AuthTool, VoIPong, Vomit, PSIPDump, and Web Interface for SIP Trace (WIST)
  • Familiarize with various VoIP scanning and enumeration tools: SNScan, Netcat, and SiVus
  • Discuss different VoIP packet creation and flooding tools which include SipBomber, Spitter, and Scapy
  • Describe the VoIP fuzzing tools such as Ohrwurm, Asteroid, and SIP Forum Test Framework
  • Showcase the VoIP signaling manipulation tools such as RTP tools
  • Familiarize with other VoIP tools which includes Tcpdump, Wireshark, Softperfect Network Sniffer, HTTP Sniffer, and SmartSniff
  • Discuss different VoIP troubleshooting tools: P.862 and RTCP XR – RFC3611
Module 22: Computer Forensics Fundamentals
  • Discuss about forensic science
  • Explain about computer forensics, its evolution, needs, and objectives
  • Discuss about cyber crime, its types, and examples
  • Explain how serious can the different types of incidents be
  • Discuss the disruptive incidents to the business
  • Explain the cost expenditure and time spent in responding to the security incident
  • Illustrate the cyber crime investigation process
  • Describe the challenges in cyber crime investigation
  • Discuss the rules of forensic investigation
  • Discuss the role of forensics investigator and law enforcement agencies in the forensics investigation
  • Familiarize with the cyber laws and important federal statutes
Module 23: Trademark, Copyright, and Patents
  • Discuss about trademark and trademark infringement
  • Discuss the trademark eligibility and benefits of registering it
  • Explain about service marks and trade dress
  • Familiarize with the key considerations before investigating the trademark infringements
  • Discuss the steps involved in investigating the trademark infringements
  • Explain about copyright and copyright notice
  • Explain investigating copyright status of a particular work
  • Discuss how long does a copyright last
  • Explain in details about Doctrine of “Fair Use”
  • Discuss how copyrights are enforced
  • Discuss about plagiarism and its types
  • Describe the steps involved in plagiarism prevention
  • Discuss the plagiarism detection factors
  • Familiarize with different plagiarism detection tools such as iParadigm’s plagiarism detection tool, iThenticate, Turnitin, EVE2, Jplag, Dupli checker, etc.
  • Discuss about patent, patent infringement, and its types
  • Familiarize with patent search USPTO recommended seven-step strategy for patent search
  • Showcase different trademarks and copyright laws
Module 24: Network and Router Forensics Fundamentals
  • Discuss about network forensics and its challenges
  • Familiarize with the sources of evidence on a network
  • Discuss the various traffic capturing and analysis tools such as Wireshark, Tcpdump, NetIntercept, CommView, EtherSnoop, and eTrust Network Forensics
  • Describe the necessity of documenting the evidence gathered on a network
  • Discuss about router, its architecture, functions, and vulnerabilities
  • Explain about a router in an OSI model
  • Describe the routing table and its components
  • Discuss the types of router attacks and their implications
  • Discuss the router attack topology
  • Distinguish between router forensics  and traditional forensics
  • Explain the steps involved in investigating routers
  • Discuss about Link Logger  
  • Familiarize with Router Audit Tool (RAT)
Module 25: Incident Response and Forensics
  • Discuss about security incidents and their categories
  • Determine how to identify, report, and prevent an incident
  • Explain about incident management
  • Discuss the pointers to incident reporting process
  • Discuss how to report a privacy or security violation
  • Describe about incident response procedure and incident response policy
  • Showcase the incident response checklist
  • Discuss the procedure involved in handling incidents
  • Explain the post-incident activity
  • Discuss about CSIRT and its need
  • Discuss how CSIRT handles a case
  • Highlight the best practices for creating a CSIRT
Module 26: Digital Evidence
  • Discuss about digital evidence, its characteristics and challenging aspects
  • Define the role of digital evidence and describe the fragility of the digital evidence
  • Describe the different types of the digital data
  • Discuss the rules of evidence and explain the best evidence rule
  • Familiarize with the evidence life cycle
  • Discuss the digital evidence investigative process
  • Explain how to store the digital evidence, its retention and media storage requirements
  • Describe the forensics tools such as Dcode, WinHex, PDA Secure, and Device Seizure
Module 27: Understanding Windows, DOS, Linux, and Macintosh
  • Discuss about file systems and its types
  • Familiarize with system boot sequence
  • Describe the method to explore Microsoft file structures
  • Distinguish between FAT and NTFS Microsoft file structures
  • Explain in details about FAT, NTFS, EFS, and CDFS
  • Compare the various file systems
  • Discuss the process of gathering volatile and non-volatile evidence on Windows systems
  • Describe the features of forensics tool: Resplendent Registrar
  • Illustrate how to create a system state backup
  • Familiarize with the Windows forensics tool: Helix and Traces Viewer
  • Discuss about UNIX and Linux
  • Describe exploring Unix/Linux disk data structures
  • Discuss the Unix/Linux boot process and Linux loader
  • Familiarize with Linux forensics tools
  • Discuss about Mac OS X, its security architecture, and file system
  • Describe exploring Macintosh boot tasks
  • Familiarize with Mac forensics tool: MacLockPick and MacAnalysis
Module 28: Steganography
  • Discuss about steganography and its application
  • Describe the model of Stegosystem
  • Distinguish between steganography and cryptography
  • Discuss the classification of Steganography such as technical steganography, linguistic steganography, and digital steganography
  • Explain the process of hiding information through different forms of steganography such as text file steganography, image file steganography, audio file steganography, and video file steganography
  • Showcase practical applications of steganography
  • Discuss about Stego-forensics
  • Illustrate how to detect text, image, audio and video steganography
  • Showcase various steganography tools: Stegdetect, Stego Watch, Snow, Fort Knox, S- Tools, Steghide, Mp3Stego, and Invisible Secrets
Module 29: Analyzing Logs
  • Discuss about computer security logs and its types
  • Discuss the importance of logs in forensics
  • Explain in brief about security logging
  • Determine how to examine intrusion and security events
  • Familiarize with logon event in Windows
  • Explain about Windows log file
  • Describe the remote logging in Windows
  • Explain about Ntsyslog
  • Discuss about logs and legal issues associated with it
  • Explain about log management, its functions and challenges
  • Discuss about centralized logging and syslogs
  • Familiarize with various event gathering tools
  • Showcase various log capturing and analysis tools: Syslog-ng Logging System, WinSyslog Syslog Server, and Kiwi Syslog Server 
Module 30: E-mail Crime and Computer Forensics
  • Discuss about email system, Internet Protocols, email client, and email server
  • Familiarize with exploring the roles of the client and server in e-mail
  • Explain about phishing attack and list the reasons for successful phishing
  • Explain how to identify and investigate e-mail crimes and violations
  • Discuss about tracing back web based e-mail
  • Showcase the specialized e-mail forensic tools such as EnCase Forensic, FTK Imager, FINALeMAIL, Netcraft, eMailTrackerPro, E-mail Examiner, and LoPe
  • Familiarize with U.S. laws against e-mail crime: CAN-SPAM Act and email crime law in Washington: RCW 19.190.020
Module 31: Introduction to Writing Investigative Report
  • Discuss about computer forensics report and its significance
  • Explain the report specifications and classification
  • Define what to include in an investigative report
  • Familiarize with the layout of an investigative report
  • Discuss the guidelines for writing a report
  • Highlight the salient features of a good report and its important aspects
  • Explain about report and the expert opinion
  • Discuss the steps involved in writing report using FTK
Module 32: Computer Forensics as a Profession
  • Describe about computer forensics
  • Discuss the developing computer forensics resources
  • Define computer forensics experts
  • Familiarize with preparing for computing investigations
  • Discuss the enforcement agency investigations and corporate investigations
  • Explain how to maintain professional conduct
  • Discuss the legal issues involved in forensics investigations
Copyright 2013 by EC-CouncilPrivacy StatementTerms Of Use