Certified Security Specialist (ECSS)


Seminar - Ziel

EC-Council Certified Security Specialist (ECSS) is an entry level security program covering the fundamental concepts of information security, computer forensics, and network security. It enables students to identify information security threats which reflect on the security posture of the organization and implement general security controls. This program will give a holistic overview of the key components of information security, computer forensics, and network security. This program provides a solid fundamental knowledge required for a career in information security.

Teilnehmer - Zielgruppe

ECSS is designed for anyone who want to enhance their skills and make career in information security, network security, and computer forensics fields.

Kurs - Voraussetzungen

Minimum age for participation in the training and examination is 18 years.


  • 5 Tage
  • 09:00 Uhr bis 17:00 Uhr


  • nach Absprache

Seminar-Inhalt / Agenda

Module 01: Information Security Fundamentals

  • Data Breach Statistics
  • Data Loss Statistics
  • The Global State of Information Security Survey 2016
  • Information Security
  • Need for Security
  • Elements of Information Security
  • The Security, Functionality, and Usability Triangle
  • Security Challenges
  • Information Security Attack Vectors
  • Information Security Threat Categories
  • Types of Attacks on a System
  • Trends in Security
  • Information Security Laws and Regulations

Module 02: Networking Fundamentals

  • Introduction
  • Types of Networks
  • OSI (Open Systems Interconnection) Reference Model
  • OSI Layers and Device Mapping
  • Protocols
  • TCP/IP Model
  • Comparing OSI and TCP/IP
  • Network Security
  • Essentials of Network Security
  • Data Security Threats over a Network
  • Basic Network Security Procedures
  • Network Security Policies
  • Types of Network Security Policies

Module 03: Secure Network Protocols

  • Introduction
  • Terminology
  • Secure Network Protocols
  • Steps to Establish Connection Between Browser and Web server using SSL
  • Public Key Infrastructure (PKI)
  • Access Control List (ACL)
  • Authentication, Authorization, and Accounting (AAA)
  • Kerberos
  • Internet Key Exchange Protocol (IKE)

Module 04: Information Security Threats and Attacks

  • The Global State of Information Security Survey 2016
  • Understanding Threat, Vulnerability and Exploit
  • Internal Threats
  • Sniffing Countermeasures
  • ARP Spoofing Diagram
  • ARP Spoofing Countermeasures
  • External Threats
  • Virus
  • Introduction to Viruses
  • Virus History
  • Stages of Virus Life
  • Indications of Virus Attack
  • How does a Computer Get Infected by Viruses?
  • Computer Worms
  • How is a Worm Different from a Virus?
  • Virus Detection Methods
  • Virus and Worms Countermeasures
  • Anti-Virus Tools
  • Trojan
  • What is a Trojan?
  • Purpose of Trojans
  • Indications of a Trojan Attack
  • Different Ways a Trojan Can Get into a System
  • How to Detect Trojans?
  • Trojan Countermeasures
  • Anti-Trojan Softwares
  • Eavesdropping Countermeasures
  • Password Complexity
  • Password Cracking Techniques
  • Wire Sniffing
  • Password Sniffing
  • Man-in-the-Middle and Replay Attack
  • Password Guessing
  • Trojan/Spyware/Keylogger
  • Non-Electronic Attacks
  • Default Passwords
  • Password Cracker
  • L0phtCrack
  • Ophcrack
  • Cain & Abel
  • RainbowCrack
  • How to Defend against Password Cracking?
  • Scanning Countermeasures
  • DoS Countermeasures
  • Distributed DoS Diagram
  • IP Spoofing
  • IP Spoofing Diagram and Countermeasures
  • Man-in-the-Middle Attack (MITM)
  • Session Hijacking Countermeasures

Module 05: Social Engineering

  • What is Social Engineering?
  • Behaviors Vulnerable to Attacks
  • Why is Social Engineering Effective?
  • Impact on the Organization
  • Common Targets of Social Engineering
  • Types of Social Engineering
  • Eavesdropping
  • Shoulder Surfing
  • Dumpster Diving
  • Tailgating
  • In Person
  • Third-Party Authorization
  • Reverse Social Engineering
  • Piggybacking
  • Computer-based Social Engineering: Phishing
  • How to Steal an Identity?
  • Social Engineering Countermeasures
  • How to Detect Phishing Emails?
  • Identity Theft Countermeasures

Module 06: Hacking Cycle

  • What is Hacking?
  • Who is a Hacker?
  • Hacker Classes
  • Hacktivism
  • Stages of Hacking Cycle

Module 07: Identification, Authentication, and Authorization

  • Identification, Authentication and Authorization
  • Need for Identification, Authentication and Authorization
  • Types of Authentication
  • Face Recognition
  • Retina Scanning
  • Fingerprint-based Identification
  • Identification Based on Hand Geometry

Module 08: Cryptography

  • Terminology
  • Cryptography
  • Types of Cryptography
  • Ciphers
  • Advanced Encryption Standard (AES)
  • Data Encryption Standard (DES)
  • RC4, RC5, RC6 Algorithms
  • The DSA and Related Signature Schemes
  • RSA (Rivest Shamir Adleman)
  • Message Digest Function: MD5
  • Secure Hashing Algorithm (SHA)
  • Public Key Infrastructure (PKI)
  • Certification Authorities
  • Digital Signature
  • SSL (Secure Sockets Layer)
  • Transport Layer Security (TLS)
  • Disk Encryption

Module 09: Firewalls

  • Firewall
  • Packet Filtering Firewall
  • Circuit-Level Gateway Firewall
  • Application-Level Firewall
  • Stateful Multilayer Inspection Firewall
  • Firewall Technologies
  • Need for Bastion Host
  • Positioning the Bastion Host
  • Types of Bastion Hosts
  • Basic Principles for Building a Bastion Host
  • Setting Up Bastion Hosts
  • Hardware Requirements for the Bastion Host
  • Selecting the Operating System for the Bastion Host
  • Auditing the Bastion Host
  • Tool: IPSentry
  • IPSentry: Automated Output Statistics HTML
  • What is DMZ?
  • Different Ways to Create a DMZ
  • What are Proxy Servers?
  • Benefits of Proxy Server
  • Functioning of a Proxy Server
  • Proxy Server-to-Proxy Server Linking
  • Proxy Servers vs Packet Filters
  • Types of Proxy Servers
  • Transparent Proxies
  • Non-transparent Proxy
  • Application Proxy
  • SOCKS Proxy
  • Anonymous Proxy
  • Reverse Proxy
  • How to Configure Proxy Server
  • Steps to Configure Proxy Server on IE
  • Ultrasurf
  • Proxifier
  • Limitations of Proxy Server
  • List of Proxy Sites
  • Types of Honeypots
  • Honeypot Tool: KFSensor
  • Honeypot Tool: SPECTER
  • Bypassing Firewalls
  • Port Scanning
  • Firewalking
  • Banner Grabbing

Module 10: Intrusion Detection System

  • Terminologies
  • Intrusion Detection System (IDS)
  • Types of IDS
  • IDS for an Organization
  • Limitations of Intrusion Detection System
  • System Integrity Verifiers (SIV)
  • Intrusion Detection Tools
  • Snort for Windows
  • Running Snort on Windows
  • Testing Snort
  • Configuring Snort (snort.conf)
  • Snort Rules
  • Evading IDS

Module 11: Data Backup

  • Introduction to Data Backup
  • Identifying Critical Business Data
  • Selecting Backup Media
  • Backup Media
  • Storage Area Network (SAN)
  • Network Attached Storage (NAS)
  • Selecting Appropriate Backup Method
  • Choosing the Right Location for Backup
  • Backup Types
  • Choosing Right Backup Solution

Module 12: Virtual Private Network

  • What is a VPN?
  • VPN Deployment
  • Tunneling
  • VPN Security
  • Introduction to IPSec
  • Combining VPN and Firewalls
  • VPN Vulnerabilities

Module 13: Wireless Network Security

  • Wireless Networks
  • Wireless Terminologies
  • Types of Wireless Networks
  • Wireless Standards
  • Wireless Network Topology
  • Antennas
  • Service Set Identifier (SSID)
  • Types of Wireless Encryption
  • How WEP Works?
  • Limitations of WEP Security
  • Temporal Key Integration Protocol (TKIP) and Advanced Encryption Standard (AES)
  • How WPA Works?
  • How WPA2 Works?
  • Wireless Threats
  • Wi-Fi Discovery Tools
  • Wireless Security
  • How to Defend Against Wireless Attacks?

Module 14: Web Security

  • Introduction to Web Applications
  • Web Application Components
  • How Web Applications Work?
  • Website Defacement
  • Why Web Servers are Compromised?
  • Impact of Webserver Attacks
  • Web Application Threats
  • Web Application Countermeasures
  • How to Defend Against Web Server Attacks?

Module 15: Ethical Hacking and Pen Testing

  • What is Ethical Hacking?
  • What is Penetration Testing?

Module 16: Incident Response

  • Common Terminologies
  • Data Classification
  • Information as Business Asset
  • Computer Security Incident
  • Incident Handling and Response Process
  • CSIRT Overview
  • CERT

Module 17: Computer Forensics Fundamentals

  • Cyber Crime
  • Computer Forensics
  • Benefits of Forensics Readiness
  • Forensics Laws
  • Why you Should Report Cybercrime?
  • Who to Contact at the Law Enforcement?
  • Federal Local Agents Contact
  • More Contacts

Module 18: Digital Evidence

  • Definition of Digital Evidence
  • Electronic Devices: Types and Collecting Potential Evidence
  • Digital Evidence Examination Process
  • Evidence Examiner Report

Module 19: Understanding File Systems

  • Understanding File Systems
  • Types of File Systems
  • Understanding System Boot Sequence
  • Windows File Systems
  • FAT Structure
  • NTFS Architecture
  • Components of EFS
  • Gathering Volatile Evidence on Windows
  • Example: Checking Current Processes with Forensic Tool PsList
  • Example: Checking Open Ports With Forensic Tool Fport
  • Checking Registry Entries
  • Forensic Tool: Registrar Registry Manager
  • Linux File Systems
  • Mac OS X File Systems
  • CD-ROM / DVD File Systems
  • Comparison of File Systems (Limits)
  • Comparison of File Systems (Features)

Module 20: Windows Forensics

  • Volatile Information
  • Non-Volatile Information
  • Message Digest Function: MD5
  • Recycle Bin
  • Metadata
  • Understanding Events
  • Windows Forensics Tool: OS Forensics
  • Windows Forensics Tool: X-Ways Forensics
  • Windows Forensics Tools

Module 21: Network Forensics and Investigating Network Traffic

  • Network Forensics
  • Network Forensics Analysis Mechanism
  • Network Addressing Schemes
  • Overview of OSI Reference Model and Network Protocols
  • TCP/IP Model
  • Network Vulnerabilities
  • Types of Network Attacks
  • Why Investigate Network Traffic?
  • Evidence Gathering via Sniffing
  • Capturing Live Data Packets Using Wireshark

Module 22: Steganography

  • What is Steganography?
  • Steganography Vs. Cryptography
  • How Steganography Works?
  • Legal Use of Steganography
  • Unethical Use of Steganography
  • Steganography Techniques
  • Application of Steganography
  • Classification of Steganography
  • Types of Steganography based on Cover Medium
  • Image Steganography Tool: QuickStego
  • Audio Steganography Tool: DeepSound
  • Video SteganographyTool : OmniHide PRO
  • Issues in Information Hiding

Module 23: Analyzing Logs

  • Importance of Logs in Forensics
  • Computer Security Logs
  • Operating System Logs
  • Application Logs
  • Security Software Logs
  • Examining Intrusion and Security Events
  • Syslog
  • Windows Log File
  • Configuring Windows Logging
  • Why Synchronize Computer Times?
  • Event Correlation

Module 24: E-mail Crime and Computer Forensics

  • Email Terminology
  • Email System
  • SMTP Server
  • POP3 and IMAP Servers
  • Importance of Electronic Records Management
  • Email Crime
  • Example of Email Header
  • List of Common Headers
  • Why to Investigate Emails
  • Investigating Email Crime and Violation
  • Viewing Email Headers in Microsoft Outlook
  • Viewing Email Headers in AOL
  • Viewing Email Headers in Gmail
  • Viewing Email Headers in Yahoo Mail
  • Forging Headers
  • Email Header Fields
  • Received Headers
  • E-mail Forensics Tools

Module 25: Writing Investigation Report

  • Computer Forensics Report
  • Best Practices for Investigators
  • Sample Forensics Report

Weitere Schulungen zu Thema EC-Council

Certified Incident Handler (ECIH)

- u.a. in Nürnberg, Berlin, Stuttgart, München, Köln

This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe. It is a comprehensive specialist-level program that imparts ...

Certified Network Defender (CND)

- u.a. in Nürnberg, Berlin, Stuttgart, München, Köln

Certified Network Defender (CND) is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program. It is a skills-based, lab intensive program based on the security education framework and work role task analysis presented by the ...

Certified Threat Intelligence Analyst (CTIA)

- u.a. in Stuttgart, Leipzig, Paderborn, Wien, Virtual Classroom

Certified Threat Intelligence Analyst (C|TIA) is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known ...

Certified Secure Computer User (CSCU)

- u.a. in Frankfurt am Main, Stuttgart, München, Paderborn, Heidelberg

The CSCU training program aims at equipping the students with the necessary knowledge and skills to protect their information assets. The program is designed to interactively teach the students about the whole gamut of information security threats they face ranging from ...