Facebook Pixel
Microsoft Certification Training
Search classes by keyword:
Search classes by category:
Microsoft Certification and Microsoft Training, Cisco Certification and MCSE Certification

CISSP and CEH/ECSA Certification Training


Course Number: #CED-1509
Course Length: 19 days
Number of Exams: 2
Certifications: CISSP
EC-Council CEH
EC-Council ECSA

Grants (discounts) are available for multiple students for the same or different courses.

Guaranteed to Run Guaranteed to Run

Upcoming Dates Class Times Class Format Quote
1/27 - 2/14, 2020Guaranteed to Run 8:00 AM - 5:00 PM Instructor-Led Quote
5/4 - 5/22, 2020Guaranteed to Run 8:00 AM - 5:00 PM Instructor-Led Quote


  • Hands-on instruction by a certified instructor
  • Includes all course materials
  • Practice Exam
  • Certification Exam

EC-Council Cyber Security Programs Guide

This resource is provided by EC-Council as a guide to help you navigate the various certifications available as you structure your own Cyber Security career path or the constructs of your Cyber Security Team. The document is broken down into 6 Primary tracks including:

  • Cyber Security Foundations
  • Vulnerability Assessment and Penetration Testing
  • Cyber Forensics
  • Network Defense and Operations
  • Software Security
  • Governance

This guide will help you understand what Cyber Security certifications are available by Security Focus Area, Job Role, Intended Audience, as well as some example companies who currently build capability in their Cyber Security teams with EC-Council certifications.

Can't travel or you want to stay with your family or business. No problem! Stay in your own city and save the additional expenses of roundtrip airfare, lodging, transportation, and meals and receive the same great instruction live from our instructors in our Live Instructor-Led Remote Classroom Training.

Remote Classroom Training

Our Remote Classroom Training is a live class with students observing the instructor and listening through your computer speakers. You will see the instructor's computer, slides, notes, etc., just like in the classroom. You will be following along, doing work, labs, and individual assignments.

Like us on Facebook and SAVE $100 on your next course

"I would highly recommend any new or seasoned IT security professional looking for a complete CISSP prep."

-Jason Lee, Alpharetta, GA

CISSP training is an advanced course designed to meet the high demands of the information security industry by preparing students for the Certified Information Systems Security Professional (CISSP) exam. This course reveals the necessary tools and techniques used by system administrators to defeat attacks and hack-proof their networks.

Ethical Hacking and Countermeasures will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems.

EC-Council's Certified Security Analyst program is a highly interactive security class designed to teach Security Professionals the advanced uses of the methodologies, tools and techniques required to perform comprehensive information security tests. Students will learn how to design, secure and test networks to protect your organization from the threats hackers and crackers pose. By teaching the tools and ground breaking techniques for security and penetration testing, this class will help you perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure. As students learn to identify security problems, they also learn how to avoid and eliminate them, with the class providing complete coverage of analysis and network security-testing topics.

To qualify for a re-sit of the Official ISC2 CISSP course, a student must have attempted the exam and failed before a free re-sit is permitted.


A foundational knowledge of computers Operating Systems and Networking protocols.


Reimbursement of the CISSP exam scheduled through ISC2.

CISSP training is an advanced course designed to meet the high demands of the information security industry by preparing students for the Certified Information Systems Security Professional (CISSP) exam.

Led by an authorized instructor, this training course provides a comprehensive review of information security concepts and industry best practices, covering the 8 domains of the CISSP CBK:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

Who should attend?

This training course is intended for professionals who have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training seminar is ideal for those working in positions such as, but not limited to:

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect
The CISSP Helps You:
  • Validate your proven competence gained through years of experience in information security
  • Demonstrate your technical knowledge, skills, and abilities to effectively develop a holistic security program set against globally accepted standards
  • Differentiate yourself from other candidates for desirable job openings in the fast-growing information security market
  • Affirm your commitment to the field and ongoing relevancy through continuing professional education and understanding of the most current best practices
  • Gain access to valuable career resources, such as networking and ideas exchange with peers
The CISSP Helps Employers:
  • Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure business environment
  • Ensure professionals stay current on emerging threats, technologies, regulations, standards, and practices through the continuing professional education requirements
  • Increase confidence that candidates are qualified and committed to information security
  • Ensure employees use a universal language, circumventing ambiguity with industry-accepted terms and practices
  • Increase organizations' credibility when working with clients and vendors

Learning Objectives

  • Understand and apply the concepts of risk assessment, risk analysis, data classification, and security awareness and Implement risk management and the principles used to support it (Risk avoidance, Risk acceptance, Risk mitigation, Risk transference)
  • Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and address the frameworks and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets, as well as to assess the effectiveness of that protection and establish the foundation of a comprehensive and proactive security program to ensure the protection of an organization's information assets
  • Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and examine the principles, means, and methods of applying mathematical algorithms and data transformations to information to ensure its integrity, confidentiality, and authenticity
  • Understand the structures, transmission methods, transport formats, and security measures used to provide confidentiality, integrity, and availability for transmissions over private and public communications networks and media and identify risks that can be quantitatively and qualitatively measured to support the building of business cases to drive proactive security in the enterprise.
  • Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture.
  • Plan for technology development, including risk, and evaluate the system design against mission requirements, and identify where competitive prototyping and other evaluation techniques fit in the process
  • Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently.
  • Understand the Software Development Life Cycle (SDLC) and how to apply security to it, and identify which security control(s) are appropriate for the development environment, and assess the effectiveness of software security

To qualify for a re-sit of the Official CISSP course, a student must have attempted the exam and failed before a free re-sit is permitted.


Candidates must have a minimum of five (5) years of cumulative paid full-time professional security work experience in two or more of the 8 domains of the CISSP CBK.

Candidates may receive a one year experience waiver with a four-year college degree, or regional equivalent OR additional credential from the approved list, thus requiring four (4) years of direct full-time professional security work experience in two or more of the ten domains of the CISSP CBK.

Candidates who have not completed the 5 years of experience to take the CISSP, can take an Associate CISSP exam. This will give them a credential showing their knowledge until they are able to meet the experience requirements for the CISSP.

How to Get Your CISSP® Certification

Course Outline

Security and Risk Management
  • Security governance principles
  • Compliance
  • Legal and regulatory issues
  • Professional ethic
  • Security policies, standards, procedures and guidelines
Asset Security
  • Information and asset classification
  • Ownership (e.g. data owners, system owners)
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements (e.g. markings, labels, storage)
Security Engineering
  • Engineering processes using secure design principles
  • Security models fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and cyber-physical systems vulnerabilities
  • Cryptography
  • Site and facility design secure principles
  • Physical security
Communication and Network Security
  • Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
  • Secure network components
  • Secure communication channels
  • Network attacks
Identity and Access Management
  • Physical and logical assets control
  • Identification and authentication of people and devices
  • Identity as a service (e.g. cloud identity)
  • Third-party identity services (e.g. on-premise)
  • Access control attacks
  • Identity and access provisioning lifecycle (e.g. provisioning review)
Security Assessment and Testing
  • Assessment and test strategies
  • Security process data (e.g. management and operational controls)
  • Security control testing
  • Test outputs (e.g. automated, manual)
  • Security architectures vulnerabilities
Security Operations
  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures
  • Patch and vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes and plans
  • Business continuity planning and exercises
  • Physical security
  • Personnel safety concerns
Software Development Security
  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact

[ back to top ]

Ethical Hacking

This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive class they will have hands on understanding and experience in Ethical Hacking.

This course prepares you for EC-Council Certified Ethical Hacker (Exam 312-50)

Who Should Attend

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.


The Certified Ethical Hacker certification (Exam 312-50) will be conducted on the last day of training. Students need to pass the online Prometric exam to receive CEH certification.


A foundational knowledge of computers Operating Systems and Networking protocols.

Course Outline

Ethics and Legality
  • What is an Exploit?
  • The security functionality triangle
  • The attacker's process
  • Passive reconnaissance
  • Active reconnaissance
  • Types of attacks
  • Categories of exploits
  • Goals attackers try to achieve
  • Ethical hackers and crackers - who are they
  • Self proclaimed ethical hacking
  • Hacking for a cause (Hacktivism)
  • Skills required for ethical hacking
  • Categories of Ethical Hackers
  • What do Ethical Hackers do?
  • Security evaluation plan
  • Types of Ethical Hacks
  • Testing Types
  • Ethical Hacking Report
  • Cyber Security Enhancement Act of 2002
  • Computer Crimes
  • Overview of US Federal Laws
  • Section 1029
  • Section 1030
  • Hacking Punishment
  • What is Footprinting
  • Steps for gathering information
  • Whois
  • http://tucows.com
  • Hacking Tool: Sam Spade
  • Analyzing Whois output
  • NSLookup
  • Finding the address range of the network
  • ARIN
  • Traceroute
  • Hacking Tool: NeoTrace
  • Visual Route
  • Visual Lookout
  • Hacking Tool: Smart Whois
  • Hacking Tool: eMailTracking Pro
  • Hacking Tool: MailTracking.com
  • Determining if the system is alive?
  • Active stack fingerprinting
  • Passive stack fingerprinting
  • Hacking Tool: Pinger
  • Hacking Tool: Friendly Pinger
  • Hacking Tool: WS_Ping_Pro
  • Hacking Tool: Netscan Tools Pro 2000
  • Hacking Tool: Hping2
  • Hacking Tool: KingPing
  • Hacking Tool: icmpenum
  • Hacking Tool: SNMP Scanner
  • Detecting Ping sweeps
  • ICMP Queries
  • Hacking Tool: netcraft.com
  • Port Scanning
  • TCPs 3-way handshake
  • TCP Scan types
  • Hacking Tool: IPEye
  • Hacking Tool: IPSECSCAN
  • Hacking Tool: nmap
  • Port Scan countermeasures
  • Hacking Tool: HTTrack Web Copier
  • Network Management Tools
  • SolarWinds Toolset
  • NeoWatch
  • War Dialing
  • Hacking Tool: THC-Scan
  • Hacking Tool: PhoneSweep War Dialer
  • Hacking Tool: Telesweep
  • Hacking Tool: Queso
  • Hacking Tool: Cheops
  • Proxy Servers
  • Hacking Tool: SocksChain
  • Surf the web anonymously
  • TCP/IP through HTTP Tunneling
  • Hacking Tool: HTTPort
  • Hacking Tool: Tunneld
  • Hacking Tool: BackStealth
  • What is Enumeration
  • NetBios Null Sessions
  • Null Session Countermeasures
  • NetBIOS Enumeration
  • Hacking Tool: DumpSec
  • Hacking Tool: Hyena
  • Hacking Tool: NAT
  • SNMP Enumertion
  • SNMPUtil
  • Hacking Tool: IP Network Browser
  • SNMP Enumeration Countermeasures
  • Windows 2000 DNS Zone transfer
  • Identifying Win2000 Accounts
  • Hacking Tool: User2SID
  • Hacking Tool: SID2User
  • Hacking Tool: Enum
  • Hacking Tool: UserInfo
  • Hacking Tool: GetAcct
  • Hacking Tool: smbbf
  • SMB Auditing Tools
  • Active Directory Enumeration
  • W2K Active Directory attack
System Hacking
  • Administrator Password Guessing
  • Performing Automated Password Guessing
  • Legion
  • NTInfoScan
  • Defending Against Password Guessing
  • Monitoring Event Viewer Logs
  • VisualLast
  • Eavesdroppin on Network Password Exchange
  • Hacking Tool: L0phtCrack
  • Hacking Tool: KerbCrack
  • Privilege Escalation
  • Hacking Tool: GetAdmin
  • Hacking Tool: hk
  • Manual Password Cracking Algorithm
  • Automatic Password Cracking Algorithm
  • Password Types
  • Types of Password Attacks
  • Dictionary Attack
  • Brute Force Attack
  • Distributed Brute Force Attack
  • Password Change Interval
  • Hybrid Attack
  • Cracking Windows 2000 Passwords
  • Retrieving the SAM file
  • Redirecting SMB Logon to the Attacker
  • SMB Redirection
  • Hacking Tool: SMBRelay
  • Hacking Tool: SMBRelay2
  • Hacking Tool: pwdump2
  • Hacking Tool: SAMdump
  • Hacking Tool: C2MYAZZ
  • Win32 Create Local Admin User
  • Offline NT Password Resetter
  • Hacking Tool: psexec
  • Hacking Tool: remoxec
  • SMBRelay Man-in-the-Middle (MITM)
  • SMBRelay MITM Countermeasures
  • Hacking Tool: SMBGrinder
  • Hacking Tool: SMBDie
  • Hacking Tool: NBTDeputy
  • NetBIOS DoS Attack
  • Hacking Tool: nbname
  • Hacking Tool: John the Ripper
  • LanManager Hash
  • Password Cracking Countermeasures
  • Keystroke Logger
  • Hacking Tool: Spector
  • AntiSpector
  • Hacking Tool: eBlaster
  • Hacking Tool: SpyAnywhere
  • Hacking Tool: IKS Software Logger
  • Hacking Tool: Fearless Key Logger
  • Hacking Tool: E-mail Keylogger
  • Hardware Tool: Hardware Key Logger
  • Hacking Tool: Rootkit
  • Planting Rootkit on Windows 2000 Machine
  • _rootkit_ embedded TCP/IP Stack
  • Rootkit Countermeasures
  • MD5 Checksum utility
  • Tripwire
  • Covering Tracks
  • Disabling Auditing
  • Auditpol
  • Clearing the Event Log
  • Hacking Tool: Elslave
  • Hacking Tool: Winzapper
  • Hacking Tool: Evidence Eliminator
  • Hidding Files
  • NTFS File Streaming
  • Hacking Tool: makestrm
  • NTFS Streams Countermeasures
  • LNS
  • Steganography
  • Hacking Tool: ImageHide
  • Hacking Tool: BlindSide
  • Hacking Tool: MP3Stego
  • Hacking Tool: Snow
  • Hacking Tool: Camera/Shy
  • Steganography Detection
  • StegDetect
  • Hacking Tool: Stealth Files
  • Encrypted File System
  • Hacking Tool: dskprobe
  • Hacking Tool: EFSView
  • Buffer Overflows
  • Creating Buffer Overflow Exploit
  • Outlook Buffer Overflow
  • Hacking Tool: Outoutlook
Trojans and Backdoors
  • What is a Trojan Horse?
  • Overt and Covert
  • Hacking Tool: QAZ
  • Hacking Tool: Tini
  • Hacking Tool: Netcat
  • Hacking Tool: Donald Dick
  • Hacking Tool: SubSeven
  • Hacking Tool: BackOrifice 2000
  • Back Oriffice Plug-ins
  • BoSniffer
  • Hacking Tool: NetBus
  • ComputerSpy Key Logger
  • Hacking Tool: Beast Trojan
  • Hacking Tool: CyberSpy Telnet Trojan
  • Hacking Tool: SubRoot Telnet Trojan
  • Hacking Tool: LetMeRule
  • Wrappers
  • Hacking Tool: Graffiti
  • Hacking Tool: Silk Rope 2000
  • Hacking Tool: EliteWrap
  • Hacking Tool: IconPlus
  • Packaging Tool: Microsoft WordPad
  • Hacking Tool: Whack a Mole
  • Trojan Construction Kit
  • Writing Trojans in Java
  • Hacking Tool: FireKiller 2000
  • Covert Channels
  • ICMP Tunneling
  • Hacking Tool: Loki
  • Reverse WWW Shell
  • Backdoor Countermeasures
  • BO Startup and Registry Entries
  • NetBus Startup and Registry Keys
  • Port Monitoring Tools
  • fPort
  • TCPView
  • Process Viewer
  • Inzider - Tracks Processes and Ports
  • Trojan Maker
  • Hacking Tool: Hard Disk Killer
  • Man-in-the-Middle Attack
  • Hacking Tool: dsniff
  • System File Verification
  • TripWire
  • What is a Sniffer?
  • Hacking Tool: Ethereal
  • Hacking Tool: Snort
  • Hacking Tool: WinDump
  • Hacking Tool: EtherPeek
  • Passive Sniffing
  • Active Sniffing
  • Hacking Tool: EtherFlood
  • How ARP Works?
  • Hacking Tool: ArpSpoof
  • Hacking Tool: DSniff
  • Hacking Tool: Macof
  • Hacking Tool: mailsnarf
  • Hacking Tool: URLsnarf
  • Hacking Tool: Webspy
  • Hacking Tool: Ettercap
  • Hacking Tool: WebMiTM
  • IP Restrictions Scanner
  • Hacking Tool: sTerm
  • Hacking Tool: Cain and Abel
  • Hacking Tool: Packet Crafter
  • Hacking Tool: SMAC
  • MAC Changer
  • ARP Spoofing Countermeasures
  • Hacking Tool: WinDNSSpoof
  • Hacking Tool: Distributed DNS Flooder
  • Hacking Tool: WinSniffer
  • Network Tool: IRIS
  • Network Tool: NetInterceptor
  • SniffDet
  • Hacking Tool: WinTCPKill
Denial of Service
  • What is Denial of Service Attack?
  • Types of DoS Attacks
  • How DoS Work?
  • What is DDoS?
  • Hacking Tool: Ping of Death
  • Hacking Tool: SSPing
  • Hacking Tool: Land
  • Hacking Tool: Smurf
  • Hacking Tool: SYN Flood
  • Hacking Tool: CPU Hog
  • Hacking Tool: Win Nuke
  • Hacking Tool: RPC Locator
  • Hacking Tool: Jolt2
  • Hacking Tool: Bubonic
  • Hacking Tool: Targa
  • Tools for Running DDoS Attacks
  • Hacking Tool: Trinoo
  • Hacking Tool: WinTrinoo
  • Hacking Tool: TFN
  • Hacking Tool: TFN2K
  • Hacking Tool: Stacheldraht
  • Hacking Tool: Shaft
  • Hacking Tool: mstream
  • DDoS Attack Sequence
  • Preventing DoS Attack
  • DoS Scanning Tools
  • Find_ddos
  • SARA
  • DDoSPing
  • RID
  • Zombie Zapper
Social Engineering
  • What is Social Engineering?
  • Art of Manipulation
  • Human Weakness
  • Common Types of Social Engineering
  • Human Based Impersonation
  • Important User
  • Tech Support
  • Third Party Authorization
  • In Person
  • Dumpster Diving
  • Shoulder Surfing
  • Computer Impersonation
  • Mail Attachments
  • Popup Windows
  • Website Faking
  • Reverse Social Engineering
  • Policies and Procedures
  • Social Engineering Security Policies
  • The Importance of Employee Education
Session Hijacking
  • What is Session Hijacking?
  • Session Hijacking Steps
  • Spoofing Vs Hijacking
  • Active Session Hijacking
  • Passive Session Hijacking
  • TCP Concepts - 3 way Handshake
  • Sequence Numbers
  • Sequence Number Example
  • Guessing the Sequence Numbers
  • Hacking Tool: Juggernaut
  • Hacking Tool: Hunt
  • Hacking Tool: TTYWatcher
  • Hacking Tool: IP Watcher
  • Hacking Tool: T-Sight
  • Remote TCP Session Reset Utility
  • Dangers Posed by Session Hijacking
  • Protection against Session Hijacking
Hacking Web Servers
  • Apache Vulnerability
  • Attacks against IIS
  • IIS Components
  • ISAPI DLL Buffer Overflows
  • IPP Printer Overflow
  • msw3prt.dll
  • Oversized Print Requests
  • Hacking Tool: Jill32
  • Hacking Tool: IIS5-Koei
  • Hacking Tool: IIS5Hack
  • IPP Buffer Overflow Countermeasures
  • ISAPI DLL Source Disclosure
  • ISAPI.DLL Exploit
  • Defacing Web Pages
  • IIS Directory Traversal
  • Unicode
  • Directory Listing
  • Clearing IIS Logs
  • Network Tool: LogAnalyzer
  • Attack Signature
  • Creating Internet Explorer (IE) Trojan
  • Hacking Tool: IISExploit
  • Hacking Tool: UnicodeUploader.pl
  • Hacking Tool: cmdasp.asp
  • Escalating Privilages on IIS
  • Hacking Tool: IISCrack.dll
  • Hacking Tool: ispc.exe
  • IIS WebDav Vulnerability
  • Hacking Tool: WB
  • RPC Exploit-GUI
  • Hacking Tool: DComExpl_UnixWin32
  • Hacking Tool: Plonk
  • Unspecified Executable Path Vulnerability
  • Hacking Tool: CleanIISLog
  • File System Traversal Countermeasures
  • Microsoft HotFix Problems
  • UpdateExpert
  • Cacls utility
  • Network Tool: Whisker
  • N-Stealth Scanner
  • Hacking Tool: WebInspect
  • Network Tool: Shadow Security Scanner
Web Application Vulnerabilities
  • Documenting the Application Structure
  • Manually Inspecting Applications
  • Using Google to Inspect Applications
  • Directory Structure
  • Hacking Tool: Instant Source
  • Java Classes and Applets
  • Hacking Tool: Jad
  • HTML Comments and Contents
  • Hacking Tool: Lynx
  • Hacking Tool: Wget
  • Hacking Tool: Black Widow
  • Hacking Tool: WebSleuth
  • Cross Side Scripting
  • Session Hijacking using XSS
  • Cookie Stealing
  • Hacking Tool: IEEN
  • Hacking Tool: IEflaw
  • Exposing Sensitive Data with Google
Web Based Password Cracking Techniques
  • Basic Authentication
  • Message Digest Authentication
  • NTLM Authentication
  • Certificate based Authentication
  • Digital Certificates
  • Microsoft Passport Authentication
  • Forms based Authentication
  • Creating Fake Certificates
  • Hacking Tool: WinSSLMiM
  • Password Guessing
  • Dfault Account Database
  • Hacking Tool: WebCracker
  • Hacking Tool: Brutus
  • Hacking Tool: ObiWan
  • Hacking Tool: Munga Bunga
  • Password dictionary Files
  • Attack Time
  • Hacking Tool: Variant
  • Hacking Tool: PassList
  • Query Strings
  • Post data
  • Hacking Tool: cURL
  • Stealing Cookies
  • Hacking Tool: CookieSpy
  • Hacking Tool: ReadCookies
  • Hacking Tool: SnadBoy
SQL Injection
  • What is SQL Injection Vulnerability?
  • SQL Insertion Discovery
  • Blank sa Password
  • Simple Input Validation
  • SQL Injection
  • OLE DB Errors
  • 1=1
  • blah' or 1=1
  • Preventing SQL Injection
  • Database Specific SQL Injection
  • Hacking Tool: SQLDict
  • Hacking Tool: SQLExec
  • Hacking Tool: SQLbf
  • Hacking Tool: SQLSmack
  • Hacking Tool: SQL2.exe
  • Hacking Tool: Oracle Password Buster
Hacking Wireless Networks
  • 802.11 Standards
  • What is WEP?
  • Finding WLANs
  • Cracking WEP keys
  • Sniffing Trafic
  • Wireless DoS Attacks
  • WLAN Scanners
  • WLAN Sniffers
  • MAC Sniffing
  • Access Point Spoofing
  • Securing Wireless Networks
  • Hacking Tool: NetTumbler
  • Hacking Tool: AirSnort
  • Hacking Tool: AiroPeek
  • Hacking Tool: WEP Cracker
  • Hacking Tool: Kismet
  • Hacking Tool: AirSnarf
  • WIDZ- Wireless IDS
Virus and Worms
  • Cherobyl
  • ExploreZip
  • I Love You
  • Melissa
  • Pretty Park
  • Code Red Worm
  • W32/Klez
  • BugBear
  • W32/Opaserv Worm
  • Nimda
  • Code Red
  • SQL Slammer
  • Batch File Virus Creator
  • How to write your own Virus?
  • Worm Construction Kits
Novell Hacking
  • Common accounts and passwords
  • Accessing password files
  • Password crackers
  • Netware Hacking Tools
  • Chknull
  • Bindery
  • BinCrack
  • Kock
  • userdump
  • Burglar
  • Getit
  • Spooflog
  • Gobbler
  • Novelffs
  • Pandora
Linux Hacking
  • Why Linux ?
  • Linux Basics
  • Compiling Programs in Linux
  • Scanning Networks
  • Mapping Networks
  • Password Cracking in Linux
  • Linux Vulnerabilities
  • SARA
  • TARA
  • Sniffing
  • A Pinger in Disguise
  • Session Hijacking
  • Linux Rootkits
  • Linux Security Countermeasures
  • IPChains and IPTables
IDS, Firewalls and Honeypots
  • Intrusion Detection System
  • System Integrity Verifiers
  • How are Intrusions Detected?
  • Anomaly Detection
  • Signature Recognition
  • How does IDS match Signatures with Incoming Traffic?
  • Protocol Stack Verification
  • Application Protocol Verification
  • What Happens after an IDS Detects an Attack?
  • IDS Software Vendors
  • Evading IDS (Techniques)
  • Complex IDS Evasion
  • Hacking Tool: fragrouter
  • Hacking Tool: TCPReplay
  • Hacking Tool: SideStep
  • Hacking Tool: NIDSbench
  • Hacking Tool: ADMutate
  • IDS Detection
  • Tools to Detect Packet Sniffers
  • Tools to inject strangely formatted packets onto the wire
  • Hacking Through Firewalls
  • Placing Backdoors through Firewalls
  • Hiding behind Covert Channels
  • Hacking Tool: Ncovert
  • What is a Honeypot?
  • Honeypots Evasion
  • Honeypots vendors
  • Hacking Tool: Honeyd
Buffer Overflows
  • What is a Buffer Overflow?
  • Exploitation
  • Assembly Language Basics
  • How to Detect Buffer Overflows in a Program?
  • Skills Required
  • CPU/OS Dependency
  • Understanding Stacks
  • Stack Based Buffer Overflows
  • Buffer Overflow Technical Implementation
  • Writing your own Buffer Overflow Exploit in C
  • Defense against Buffer Overflows
  • Type Checking Tools for Compiling Programs
  • StackGuard
  • Immunix
  • What is PKI?
  • Digital Certificates
  • RSA
  • MD-5
  • RC-5
  • SHA
  • SSL
  • PGP
  • SSH
  • Encryption Cracking Techniques
Penetration Testing Methodologies

[ back to top ]


ECSA is a security class like no other! Providing real world hands on experience, it is the only in-depth Advanced Hacking and Penetration Testing class available that covers testing in all modern infrastructures, operating systems and application environments.

EC-Council's Certified Security Analyst program is a highly interactive 5-day security class designed to teach Security Professionals the advanced uses of the methodologies, tools and techniques required to perform comprehensive information security tests. Students will learn how to design, secure and test networks to protect your organization from the threats hackers and crackers pose. By teaching the tools and ground breaking techniques for security and penetration testing, this class will help you perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure. As students learn to identify security problems, they also learn how to avoid and eliminate them, with the class providing complete coverage of analysis and network security-testing topics.

This course prepares you for EC-Council's Certified Security Analyst Exam 412-79.

Who Should Attend

Network server administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment professionals.


The ECSA certification exam will be conducted on the last day of training. Students need to pass the online Prometric exam 412-79 to receive the ECSA certification.


A foundational knowledge of computers Operating Systems and Networking protocols & the CEH certification.

Course Outline

Module 1: The Need for Security Analysis
  • What Are We Concerned About?
  • So What Are You Trying To Protect?
  • Why Are Intrusions So Often Successful?
  • What Are The Greatest Challenges?
  • Environmental Complexity
  • New Technologies
  • New Threats, New Exploits
  • Limited Focus
  • Limited Expertise
  • Authentication
  • Authorization
  • Confidentiality
  • Integrity
  • Availability
  • Nonrepudiation
  • We Must Be Diligento:p>
  • Threat Agents
  • Assessment Questions
  • How Much Security is Enough?
  • Risk
  • Simplifying Risk
  • Risk Analysis
  • Risk Assessment Answers Seven Questions
  • Steps of Risk Assessment
  • Risk Assessment Values
  • Information Security Awareness
  • Security policies
  • Types of Policies
  • Promiscuous Policy
  • Permissive Policy
  • Prudent Policy
  • Paranoid Policy
  • Acceptable-Use Policy
  • User-Account Policy
  • Remote-Access Policy
  • Information-Protection Policy
  • Firewall-Management Policy
  • Special-Access Policy
  • Network-Connection Policy
  • Business-Partner Policy
  • Other Important Policies
  • Policy Statements
  • Basic Document Set of Information Security Policies
  • ISO 17799
  • Domains of ISO 17799
  • No Simple Solutions
  • U.S. Legislation
  • California SB 1386
  • Sarbanes-Oxley 2002
  • Gramm-Leach-Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • USA Patriot Act 2001
  • U.K. Legislation
  • How Does This Law Affect a Security Officer?
  • The Data Protection Act 1998
  • The Human Rights Act 1998
  • Interception of Communications
  • The Freedom of Information Act 2000
  • The Audit Investigation and Community Enterprise Act 2005
Module 2: Advanced Googling
  • Site Operator
  • intitle:index.of
  • error | warning
  • login | logon
  • username | userid | employee.ID | "your username is"
  • password | passcode | "your password is"
  • admin | administrator
  • admin login
  • -ext:html -ext:htm -ext:shtml -ext:asp -ext:php
  • inurl:temp | inurl:tmp | inurl:backup | inurl:bak
  • intranet | help.desk
  • Locating Public Exploit Sites
  • Locating Exploits Via Common Code Strings
  • Searching for Exploit Code with Nonstandard Extensions
  • Locating Source Code with Common Strings
  • Locating Vulnerable Targets
  • Locating Targets Via Demonstration Pages
  • "Powered by" Tags Are Common Query Fodder for Finding Web Applications
  • Locating Targets Via Source Code
  • Vulnerable Web Application Examples
  • Locating Targets Via CGI Scanning
  • A Single CGI Scan-Style Query
  • Directory Listings
  • Finding IIS 5.0 Servers
  • Web Server Software Error Messages
  • IIS HTTP/1.1 Error Page Titles
  • "Object Not Found" Error Message Used to Find IIS 5.0
  • Apache Web Server
  • Apache 2.0 Error Pages
  • Application Software Error Messages
  • ASP Dumps Provide Dangerous Details
  • Many Errors Reveal Pathnames and Filenames
  • CGI Environment Listings Reveal Lots of Information
  • Default Pages
  • A Typical Apache Default Web Page
  • Locating Default Installations of IIS 4.0 on Windows NT 4.0/OP
  • Default Pages Query for Web Server
  • Outlook Web Access Default Portal
  • Searching for Passwords
  • Windows Registry Entries Can Reveal Passwords
  • Usernames, Cleartext Passwords, and Hostnames!
Module 3: TCP/IP Packet Analysis
  • TCP/IP Model
  • Application Layer
  • Transport Layer
  • Internet Layer
  • Network Access Layer
  • Comparing OSI and TCP/IP
  • Addressing
  • IPv4 Addresses
  • IP Classes of Addresses
  • Reserved IP Addresses
  • Private Addresses
  • Subnetting
  • IPv4 and IPv6
  • Transport Layer
  • Flow Control
  • Three-Way Handshake
  • TCP/IP Protocols
  • TCP Header
  • IP Header
  • IP Header: Protocol Field
  • UDP
  • TCP and UDP Port Numbers
  • Port Numbers
  • TCP Operation
  • Synchronization or 3-way Handshake
  • Denial of Service (DoS) Attacks
  • DoS Syn Flooding Attack
  • Windowing
  • Acknowledgement
  • Windowing and Window Sizes
  • Simple Windowing
  • Sliding Windows
  • Sequencing Numbers
  • Positive Acknowledgment and Retransmission (PAR)
  • UDP Operation
  • Port Numbers Positioning between Transport and Application Layer (TCP and UDP)
  • Port Numbers
  • http://www.iana.org/assignments/port-numbers
  • What Makes Each Connection Unique?
  • Internet Control Message Protocol (ICMP)
  • Error Reporting and Error Correction
  • ICMP Message Delivery
  • Format of an ICMP Message
  • Unreachable Networks
  • Destination Unreachable Message
  • ICMP Echo (Request) and Echo Reply
  • Detecting Excessively Long Routes
  • IP Parameter Problem
  • ICMP Control Messages
  • ICMP Redirects
  • Clock Synchronization and Transit Time Estimation
  • Information Requests and Reply Message Formats
  • Address Masks
  • Router Solicitation and Advertisement
Module 4: Advanced Sniffing Techniques
  • What is Wireshark?
  • Wireshark: Filters
  • IP Display Filters
  • Example
  • Wireshark: Tshark
  • Wireshark: Editcap
  • Wireshark: Mergecap
  • Wireshark: Text2pcap
  • Using Wireshark for Network Troubleshooting
  • Network Troubleshooting Methodology
  • Using Wireshark for System Administration
  • ARP Problems
  • ICMP Echo Request/Reply Header Layout
  • TCP Flags
  • TCP SYN Packet Flags Bit Field
  • Capture Filter Examples
  • Scenario 1: SYN no SYN+ACK
  • Scenario 2: SYN Immediate Response RST
  • Scenario 3: SYN SYN+ACK ACK
  • Using Wireshark for Security Administration
  • Detecting Internet Relay Chat Activity
  • Wireshark as a Detector for Proprietary Information Transmission
  • Sniffer Detection
  • Wireless Sniffing with Wireshark
  • AirPcap
  • Using Channel Hopping
  • Interference and Collisions
  • Recommendations for Sniffing Wireless
  • Analyzing Wireless Traffic
  • IEEE 802.11 Header
  • IEEE 802.11 Header Fields
  • Filters
  • Filtering on Source MAC Address and BSSID
  • Filtering on BSSID
  • Filter on SSID
  • Wireless Frame Types Filters
  • Unencrypted Data Traffic
  • Identifying Hidden SSIDs
  • Revealed SSID
  • Identifying EAP Authentication Failures
  • Identifying the EAP Type
  • Identifying Key Negotiation Properties
  • EAP Identity Disclosure
  • Identifying WEP
  • Identifying TKIP and CCMP
  • Identifying IPSec/VPN
  • Decrypting Traffic
  • Scanning
  • TCP Connect Scan
  • SYN Scan
  • XMAS Scan
  • Null Scan
  • Remote Access Trojans
  • NetBus Analysis
  • Trojan Analysis Example NetBus Analysis
Module 5: Vulnerability Analysis with Nessus
  • Nessus
  • Features of Nessus
  • Nessus Assessment Process
  • Nessus: Scanning
  • Nessus: Enumeration
  • Nessus: Vulnerability Detection
  • Configuring Nessus
  • Updating Nessus Plug-Ins
  • Using the Nessus Client
  • Starting a Nessus Scan
  • Generating Reports
  • Data Gathering
  • Host Identification
  • Port Scan
  • SYN scan
  • Timing
  • Port Scanning Rules of Thumb
  • Plug-in Selection
  • Dangerous plugins
  • Scanning Rules of Thumb
  • Report Generation
  • Reports: Result
  • Identifying False Positives
  • Suspicious Signs
  • False Positives
  • Examples of False Positives
  • Writing Nessus Plugins
  • Writing a Plugin
  • Installing and Running the Plugin
  • Nessus Report with output from our plugin
  • Security Center http://www.tenablesecurity.com
Module 6: Advanced Wireless Testing
  • Wireless Concepts
  • Wireless Concepts
  • 802.11 Types
  • Core Issues with 802.11
  • What's the Difference?
  • Other Types of Wireless
  • Spread Spectrum Background
  • Channels
  • Access Point
  • Service Set ID
  • Default SSIDs
  • Chipsets
  • Wi-Fi Equipment
  • Expedient Antennas
  • Vulnerabilities to 802.1x and RADIUS
  • Wired Equivalent Privacy
  • Security - WEP
  • Wired Equivalent Privacy
  • Exclusive OR
  • Encryption Process
  • Chipping Sequence
  • WEP Issues
  • WEP - Authentication Phase
  • WEP - Shared Key Authentication
  • WEP - Association Phase
  • WEP Flaws
  • WEP Attack
  • WEP: Solutions
  • WEP Solution - 802.11i
  • Wireless Security Technologies
  • WPA Interim 802.11 Security
  • WPA
  • 802.1X Authentication and EAP
  • EAP Types
  • Cisco LEAP
  • TKIP (Temporal Key Integrity Protocol)
  • Wireless Networks Testing
  • Wireless Communications Testing
  • Report Recommendations
  • Wireless Attack Countermeasures
  • Wireless Penetration Testing with Windows
  • Attacks And Tools
  • War Driving
  • The Jargon - WarChalking
  • WarPumpkin
  • Wireless: Tools of the Trade
  • Mapping with Kismet
  • WarDriving with NetStumbler
  • How NetStumbler Works?
  • "Active" versus "Passive" WLAN Detection
  • Disabling the Beacon
  • Running NetStumbler
  • Captured Data Using NetStumbler
  • Filtering by Channels
  • Airsnort
  • WEPCrack
  • Monkey-Jack
  • How Monkey-Jack Works
  • Before Monkey-Jack
  • After Monkey-Jack
  • AirCrack-ng
  • How Does It Work?
  • FMS and Korek Attacks
  • Crack WEP
  • Available Options
  • Usage Examples
  • Cracking WPA/WPA2 Passphrases
  • Notes
  • Determining Network Topology: Network View
  • WarDriving and Wireless Penetration Testing with OS X
  • What is the Difference between "Active" and "Passive" Sniffing?
  • Using a GPS
  • Attacking WEP Encryption with KisMAC
  • Deauthenticating Clients
  • Attacking WPA with KisMAC
  • Brute-force Attacks Against 40-bit WEP
  • Wordlist Attacks
  • Mapping WarDrives with StumbVerter
  • MITM Attack basics
  • MITM Attack Design
  • MITM Attack Variables
  • Hardware for the Attack Antennas, Amps, WiFi Cards
  • Wireless Network Cards
  • Choosing the Right Antenna
  • Amplifying the Wireless Signal
  • Identify and Compromise the Target Access Point
  • Compromising the Target
  • Crack the WEP key
  • Aircrack-ng Cracked the WEP Key
  • The MITM Attack Laptop Configuration
  • IP Forwarding and NAT Using Iptables
  • Installing Iptables and IP Forwarding
  • Establishing the NAT Rules
  • Dnsmasq
  • Configuring Dnsmasq
  • Apache Web Servers
  • Virtual Directories
  • Clone the Target Access Point and Begin the Attack
  • Start the Wireless Interface
  • Deauthenticate Clients Connected to the Target Access Point
  • Wait for the Client to Associate to Your Access Point
  • Spoof the Application
  • Modify the Page
  • Example Page
  • Login/php page
  • Redirect Web Traffic Using Dnsmasq
Module 7: Designing a DMZ
  • Introduction
  • DMZ Concepts
  • Multitiered Firewall With a DMZ Flow
  • DMZ Design Fundamentals
  • Advanced Design Strategies
  • Designing Windows DMZ
  • Designing Windows DMZ
  • Precautions for DMZ Setup
  • Security Analysis for the DMZ
  • Designing Sun Solaris DMZ
  • Placement of Servers
  • Advanced Implementation of a Solaris DMZ Server
  • Solaris DMZ Servers in a Conceptual Highly Available Configuration
  • Private and Public Network Firewall Ruleset
  • DMA Server Firewall Ruleset
  • Solaris DMZ System Design
  • Disk Layout and Considerations
  • Designing Wireless DMZ
  • Placement of Wireless Equipment
  • Access to DMZ and Authentication Considerations
  • Wireless DMZ Components
  • Wireless DMZ Using RADIUS to Authenticate Users
  • WLAN DMZ Security Best-Practices
  • DMZ Router Security Best-Practice
  • DMZ Switch Security Best-Practice
  • Six Ways to Stop Data Leaks
  • Reconnex
Module 8: Snort Analysis
  • Snort Overview
  • Modes of Operation
  • Features of Snort
  • Configuring Snort
  • Variables
  • Preprocessors
  • Output Plugins
  • Rules
  • Working of Snort
  • Initializing Snort
  • Signal Handlers
  • Parsing the Configuration File
  • Decoding
  • Possible Decoders
  • Preprocessing
  • Detection
  • Content Matching
  • Content-Matching Functions
  • The Stream4 Preprocessor
  • Inline Functionality
  • Writing Snort Rules
  • Snort Rule Header
  • Snort Rule Header: Actions
  • Snort Rule Header: Other Fields
  • IP Address Negation Rule
  • IP Address Filters
  • Port Numbers
  • Direction Operator
  • Rule Options
  • Activate/Dynamic Rules
  • Meta-Data Rule Options: msg
  • Reference Keyword
  • sid/rev Keyword
  • Classtype Keyword
  • Payload Detection Rule Options: content
  • Modifier Keywords
  • Offset/depth Keyword
  • Uricontent keyword
  • fragoffset keyword
  • ttl keyword
  • id keyword
  • flags keyword
  • itype keyword : icmp id
  • Writing Good Snort Rules
  • Sample Rule to Catch Metasploit Buffer Overflow Exploit
  • Tool for writing Snort rules: IDS Policy Manager
  • Subscribe to Snort Rules
  • Honeynet Security Console Tool
  • Key Features
Module 9: Log Analysis
  • Introduction to Logs
  • Types of Logs
  • Events that Need to be Logged
  • What to Look Out For in Logs
  • W3C Extended Log File Format
  • Automated Log Analysis Approaches
  • Log Shipping
  • Analyzing Syslog
  • Syslog
  • Setting up a Syslog
  • Syslog: Enabling Message Logging
  • Main Display Window
  • Configuring Kiwi Syslog to Log to a MS SQL Database
  • Configuring Ethereal to Capture Syslog Messages
  • Sending Log Files via email
  • Configuring Cisco Router for Syslog
  • Configuring DLink Router for Syslog
  • Configuring Cisco PIX for Syslog
  • Configuring an Intertex / Ingate/ PowerBit/ SurfinBird ADSL router
  • Configuring a LinkSys wireless VPN Router
  • Configuring a Netgear ADSL Firewall Router
  • Analyzing Web Server Logs
  • Apache Web Server Log
  • AWStats
  • Configuring AWStats for IIS
  • Log Processing in AWStats
  • Analyzing Router Logs
  • Router Logs
  • Analyzing Wireless Network Devices Logs
  • Wireless Traffic Log
  • Analyzing Windows Logs
  • Configuring Firewall Logs in Local Windows System
  • Viewing Local Windows Firewall Log
  • Viewing Windows Event Log
  • AAnalyzing Linux Logs
  • iptables
  • Log Prefixing with iptables
  • Firewall Log Analysis with grep
  • Analyzing SQL Server Logs
  • SQL Database Log
  • ApexSQL Log
  • Configuring ApexSQL Log
  • Analyzing VPN Server Logs
  • VPN Client Log
  • Analyzing Firewall Logs
  • Why Firewall Logs are Important
  • Firewall Log Sample
  • ManageEngine Firewall Analyzer
  • Installing Firewall Analyzer
  • Viewing Firewall Analyzer Reports
  • Firewall Analyzer Log Reports
  • Analyzing IDS Logs
  • SnortALog
  • IDS Log Sample
  • Analyzing DHCP Logs
  • DHCP Log
  • NTP Configuration
  • Time Synchronization and Logging
  • NTP Overview
  • NTP Client Configuration
  • Configuring an NTP client using the Client Manager
  • Configuring an NTP Server
  • NTP: Setting Local Date and Time
  • Log Analysis Tools
  • All-Seeing Eye Tool: Event Log Tracker
  • Network Sniffer Interface Test Tool
  • Syslog Manager 2.0.1
  • Sawmill
  • Log Alert Tools
  • Network Eagle Monitor
  • Network Eagle Monitor: Features
  • SQL Server Database Log Navigator
  • What Log Navigator does?
  • How Does Log Navigator Work?
  • Snortsnarf
  • Types of Snort Alarms
  • ACID (Analysis Console for Intrusion Databases)
Module 10: Advanced Exploits and Tools
  • Common Vulnerabilities
  • Buffer Overflows Revisited
  • Smashing the Stack for Fun and Profit
  • Smashing the Heap for Fun and Profit
  • Format Strings for Chaos and Mayhem
  • The Anatomy of an Exploit
  • Vulnerable code
  • Shellcoding
  • Shellcode Examples
  • Delivery Code
  • Delivery Code: Example
  • Linux Exploits Versus Windows
  • Windows Versus Linux
  • Tools of the Trade: Debuggers
  • Tools of the Trade: GDB
  • Tools of the Trade: Metasploit
  • Metasploit Frame work
  • User-Interface Modes
  • Metasploit: Environment
  • Environment: Global Environment
  • Environment: Temporary Environment
  • Metasploit: Options
  • Metasploit: Commands
  • Metasploit: Launching the Exploit
  • MetaSploit: Advanced Features
  • Tools of the Trade: Canvas
  • Tools of the Trade: CORE Impact
  • IMPACT Industrializes Penetration Testing
  • Ways to Use CORE IMPACT
  • Other IMPACT Benefits
  • Impact Demo Lab
Module 11: Penetration Testing Methodologies
Module 12: Customers and Legal Agreements
Module 13: Penetration Testing Planning and Scheduling
Module 14: Pre Penetration Testing Checklist
Module 15: Information Gathering
Module 16: Vulnerability Analysis
Module 17: External Penetration Testing
Module 18: Internal Network Penetration Testing
Module 19: Router Penetration Testing
Module 20: Firewall Penetration Testing
Module 21: IDS Penetration Testing
Module 22: Wireless Network Penetration Testing
Module 23: Denial of Service Penetration Testing
Module 24: Password Cracking Penetration Testing
Module 25: Social Engineering Penetration Testing
Module 26: Stolen Laptop Penetration Testing
Module 27: Application Penetration Testing
Module 28: Physical Security Penetration Testing
Module 29: Database Penetration Testing
Module 30: VoIP Penetration Testing
Module 31: VPN Penetration Testing
Module 32: Penetration Testing Report Analysis
Module 33: Penetration Testing Report and Documentation Writing
Module 34: Penetration Testing Deliverables and Conclusion
Module 35: Ethics of a Licensed Penetration Tester

[ back to top ]

CED Solutions is your best choice for CISSP CEH ECSA, CISSP CEH ECSA training, CISSP CEH ECSA certification, CISSP CEH ECSA boot camp, CISSP CEH ECSA certification training, CISSP CEH ECSA certification course, CISSP CEH ECSA course, CISSP CEH ECSA class.

Search classes by keyword:
Search classes by category:

Copyright © 2020 CED Solutions. CED Solutions Refund Policy. All Rights Reserved.