Tech100: A Systematic Approach to Vulnerability Testing
Description: This full-day workshop will provide a slightly different focus than some of the other network penetration seminars.It will introduce a step by step approach to test a network for vulnerabilities. Using a checklist approach, the seminar guides the attendee though the necessary steps in performing this type of testing. This checklist details all the steps needed to complete an extensive technical review of the environment and includes a list of tools used including a number of web sites for obtaining additional information.
Audience: This seminar is intended for internal and external audit professionals, consultants and individuals who wish to learn more about performing attack and penetration testing.
Prerequisites: There is no prerequisite for this seminar.
Objectives: After completing this seminar, participants will be able to:
·Recognize what the key steps are in performing this type of testing
·Describe the latest threats faced by networks and operating systems
·Explain the countermeasures used to protect organizations against the various attacks
·Understand the many tools and techniques used to perform this work
·Conduct an assessment and technical review of their organization's network and operating systems
Course Outline:
Network Security Fundamentals
·Understanding TCP/IP
·Reviewing routers, hubs and switches
Outlining an attack and penetration process using a checklist
Demonstrating possible attacks:
·On web servers,
·On the network and routers,
·Though network packet sniffing
·With denial of service attacks
Demonstrate how to test for workstation vulnerabilities using keystroke grabbers
Protecting Operating Systems and testing them with proven penetration attacks
·UNIX,
·Windows 2000
·Windows 2003
·Windows XP
Mr. Lewis’ seminar will draw upon his almost 30 years of experience in the areas of IT operations and information security in both industry and consulting and with his expertise in leading seminars around the world for over 20 years.
Tech200: Auditing and Securing Windows 2000/2003
Description: This one or two day workshop will examine the major components of Windows 2000/2003 and will provide an understanding of what needs to be done in order to secure and audit these critical systems.It shows how to audit the basic architecture, including considerations for using trees, forests and domains and looks at how to evaluate the controls over users and groups.Finally, the session progresses through file and folder controls, audit settings and the myriad of other settings in this important operating system.
Audience: This seminar is intended for internal and external audit professionals, security analysts and administrators and security consultants who wish to learn more about securing and auditing the Windows platforms.
Prerequisites: There is no prerequisite for this seminar.
Objectives: After completing this seminar, participants will be able to:
·Recognize the key elements of the Windows system
·Describe the structure of Windows and how all the elements relate to provide security
·Explain the steps taken to properly audit and secure a Windows system
·Understand how the Windows Group Policy can be used
·Conduct an assessment and technical review of their organization's Windows’ systems
Course Outline:
Overview
·Understanding what’s new in Windows 2003
·General overview of Windows security
·Understanding the "Out of Box" configurations
·Determining each servers role
Understanding the architecture
·Domains and Trusts
·Organizational Units
·Group Policy
Dealing with users and groups
Managing file and folder security
Ensuring administrative controls
Configuring auditing and logging
Ensuring Backups
Securing the Different Roles
·Configuring a Secure Baseline for Domain Controllers
·Configuring a Secure Baseline for Mission Critical Servers
·Configuring a Secure Baseline for Member Servers
Mr. Lewis’ seminar will draw upon his almost 30 years of experience in the areas of IT operations and information security in both industry and consulting and with his expertise in leading seminars around the world for over 20 years.
Tech300: Understanding and Securing the Network
Description: This one or two day workshop starts with a quick review of key terms and technologies to ensure an understanding of what is involved in a network.Attendees then explore TCP/IP basics such as ports, CIDR addressing, TCP Headers and the IP Datagram to ensure knowledge of key network aspects. An introduction to IPv6 with its improved addressing and security completes the overview.
The seminar then focuses on examining the components of a strong password and the use of biometrics and challenge response tokens to learn how they can work to provide enhanced security. From firewalls and VPNs to Metaframe, participants learn the key aspects of each technology, how they are used and more importantly, how they are properly audited. Included is a review of wireless technologies and their authentication, risks and need for controls. Finally, participants learn techniques in network vulnerability testing, to discover weaknesses and test controls.
Audience: This seminar is intended for internal and external audit professionals, security analysts and administrators and security consultants who wish to learn more about securing and auditing the network.
Prerequisites: There is no prerequisite for this seminar.
Objectives: After completing this seminar, participants will be able to:
·Recognize the key elements of a network
·Describe how each part of the network works to enhance or reduce security
·Know what good password techniques are and how to enhance them with biometrics or challenge response
·Understand how the implementation of IPV6 might help secure your network
·Conduct an assessment and technical review of their organization's network
Course Outline:
Review of TCP/IP fundamentals
IPV6, Status, Controls and Issues
Authentication – passwords, biometrics and tokens
Firewalls
Router authentication & controls
Using Virtual Private Networks
Implementing IPSEC
Understanding & Using SSH
Making use of PPTP or other VPNs
Implementing Two-Factor Authentication (Securid, others)
Using Metaframe
Understanding Wireless authentication
Vulnerability assessment and testing techniques
Mr. Lewis’ seminar will draw upon his almost 30 years of experience in the areas of IT operations and information security in both industry and consulting and with his expertise in leading seminars around the world for over 20 years.
Tech400: Understanding and Securing the Wireless Network
Description: This one or two day workshop starts with a quick review of key terms and technologies to ensure an understanding of what is involved in today’s wireless network.It provides the attendee with not only a detailed understanding, but with techniques and tools to use for verifying the security and controls within their wireless network, including valuable demonstrations. Attendees will learn key concepts and how to ensure the security, audit and control of this environment.
Audience: This seminar is intended for internal and external audit professionals, security analysts and administrators and security consultants who wish to learn more about securing a wireless network.
Prerequisites: There is no prerequisite for this seminar. Some familiarity with wired network terminology is useful.
Objectives: After completing this seminar, participants will be able to:
·Recognize the key elements of a wireless network
·Describe how each part of a wireless network works
·Understand best practices in network connectivityand what not to do when implementing a wireless network
·Understand how the implementation of inappropriate security might leave you exposed
·Understand the different techniques for securing wireless
·Conduct an assessment and technical review of their organization's network
Course Outline:
Types of Wireless Networks
Best practices for the wireless architecture
Risks of using Wep
Understanding WPA and WPA2
802.11 Security Architecure
What’s new in WiMax
Security tools and techniques
Using Encryption to protect the network
Implementing IPSEC and VPN technology.
Understanding and Implementing Best Practices
The audit process, step by step
Mr. Lewis’ seminar will draw upon the experience gained writing his book, Wireless Networks for Dummies and his almost 30 years of experience in the areas of IT operations and information security in both industry and consulting.
Tech500: Using ISO 27002 to Audit Mobile Technology
Description: This one day workshop starts with a quick review of the ISO series and why 27002 replaces ISO 17799-2005.We include a short discussion on why such an approach is beneficial and how it can be used to ensure management buy-in and acceptance. The seminar provides a methodology for ensuring an effective audit of mobile technologies. Attendees follow a clearly documented and internationally based security standard which helps you stay abreast of current legislative requirements. This entertaining seminar guides you through the ISO standard in a detailed manner ensuring that all risks are reviewed and assessed with key explanations of how each area relates to mobile security. Essentially, you will be performing an audit during the seminar, providing the experience to launch your own detailed review when you return to the office.
Audience: This seminar is intended for internal and external audit professionals, security staff as well as security consultants who wish to learn more about performing an audit on Mobile technology.
Prerequisites: There is no prerequisite for this seminar.
Objectives: After completing this seminar, participants will be able to:
·Recognize how the ISO standard can be used to enhance their audit
·Describe how the approach improves audit acceptability
·Understand best practices in mobile technology
·Understand which steps within the standard are critical and which might be optional
·Conduct an assessment and technical review of their organization's mobile technology
Course Outline:
Types of standards available
Why ISO 27002?
How does it differ from the older ISO 17799-2005?
Software tools and techniques for ensuring security
Understanding and Implementing Best Practices
Which parts of the Standard apply to Mobile Technology?
Performing the audit process, step by step
Mr. Lewis’ seminar will draw upon the experience gained in his almost 30 years of experience in the areas of IT operations and information security in both industry and consulting.
Tech600: Audit and Control of Mobile TechnologyDescription: This one or two day workshop starts with review of the various business uses of mobile devices and wireless standards in use today. The numerous device types are then looked at in more detail while determining the specific risks involved when these are used within the business environment. Attendees learn that each type of business use adds risk and increases the need for key controls to help mitigate and manage that risk. The session ensures that for every risk mentioned, a corresponding control is discussed to ensure that all attendees leave with a clear understanding of how they can mitigate the risks. From access to inventory to automated tools we analyze best practices and effective implementation. A large portion of the seminar concerns reviewing key controls for each type of device and how you might use those controls in your organization. Finally, we review how you might use the ISO 27002 standard to perform an effective review of your mobile security, ensuring that all key areas are effectively and appropriately managed and controlled.
Audience: This seminar is intended for IT Management, internal and external audit professionals, security staff as well as security consultants who wish to learn more about audit and control over Mobile technology.
Prerequisites: There is no prerequisite for this seminar.
Objectives: After completing this seminar, participants will be able to:
·Recognize the myriad of devices swarming our businesses
·Describe how devices are used in business and understand how to assess that use
·Recognize the risks involved in mobile technology
·Understand the numerous controls that can mitigate the risks
·Recognize the various types of software that offer mobile control capabilities
·Understand the technical controls available for those without the benefit of commercial solutions
·Conduct a technical assessment of their organization's mobile technology
Course Outline:
Understanding the different technologies in use
Key risks in business use of mobile technology
An epidemic of lost data
Laws and legal controls
Software tools and techniques for ensuring security
Understanding and Implementing Best Practices
Implementing appropriate controls
·Phones
·Laptops
·USB and Firewire
·Bluetooth
·RFID
·Operating Systems (Windows Mobile5/6, Symbian etc)
·SIM cards
Using ISO 27002 as an audit process
Mr. Lewis’ seminar will draw upon the experience gained over his almost 30 years of experience in the areas of IT operations and information security in both industry and consulting.
Tech700: Understanding and Auditing Windows Active Directory
Description: This full-day workshop will provide attendees with a solid understanding of Active Directory, the core of Windows based security and the driving force behind many of the weaknesses seen in corporate implementations. You will gain a clear understanding of the Active Directory architecture and its Domains, Forests and Trees and how these elements are tied together to customize your implementation of Windows. You’ll learn how Trusts work and the weaknesses in this system that can negatively impact your security. In addition, you will discover what FSMO roles are and how to audit them and how an effective Organizational Unit deployment can help vastly improve security and control or weaken it! Attendees will also learn all about Administrative rights and how to ensure that an accurate assessment of where they reside within Active Directory is made during your audit. You will complete this course with a full understanding of this critical component of Windows and ensure that your own implementation of it is accurate, secure and effective.
Audience: This seminar is intended for internal and external audit professionals, security analysts and administrators, consultants and individuals who wish to learn more about Active Directory.
Prerequisites: There is no prerequisite for this seminar.
Objectives: After completing this seminar, participants will be able to:
·Recognize the importance of Active Directory to security and control of Windows systems
·Learn to organize and structure AD to facilitate improved controls
·Understand critical areas that are often ignored
·Describe the threats involved in inaccurate or inappropriate implementation decisions
·Understand the tools and techniques available to analyze Active Directory
·Know the key steps in auditing
·Conduct an assessment and technical review
Course Outline:
The key elements of Active Directory
·The Logging in process
·Forests and Trees
·Trusts
·Domains
·Sites
·The Schema
·FSMO Roles
·Organizational Units
·Users and Groups
·Files and Folders
·Audit and logging
Learn what is new in each version of the Windows Operating System
·Windows 2000
·Windows 2003
·Windows 2008
Tools and techniques for auditing Active Directory
A step by step audit process
Lewis’ seminar will draw upon his numerous Windows books including Teach Yourself Windows 2000 in 21 Days and his almost 30 years of experience in the areas of IT operations and information security in both industry and consulting and with his expertise in leading seminars around the world for over 20 years.
Tech800: Corporate Cyber Forensics 101 –Hands-on
Description: In this introductory two day session attendees learn the basic approach to Windows based forensics, what is involved, how to approach evidence and how to use readily available tools to assist in evidence gathering. Attendees will learn proper forensic approaches, evidence gathering and legal ramifications, although emphasis will be on internal corporate investigations and not court cases.
Typical reasons for internal forensics include employee internet abuse, misuse of resources and fraud or deception. This session will guide you through the various techniques needed to create forensically sound copies, ensure proper initial response, manage chain of custody, find and secure evidence, analyze and interpret data and write forensic reports. All work will focus on the Windows operating system, ensuring you will be able to return to your office and manage a forensic investigation of your corporate servers and workstations. The techniques you learn will apply to all operating systems enabling you to further your knowledge at a later date by learning the formats and structures of those environments should it be necessary. The course includes a step by step procedure for performing a full forensic investigation in the materials.
Audience: This seminar is intended for internal and external audit professionals, security analysts and administrators and security consultants who wish to learn the foundations of cyber forensics in the windows based business world.
Prerequisites: To fully benefit, a Windows based laptop with Administrative rights is necessary. Classes will be broken into study groups where attendees may choose to share a laptop. At least one laptop per study group will be necessary along with rights and ability to install and run forensic software. Participants should be aware that contents of their machine may be become known to the group.
Objectives: In addition to lecture and demonstrations, you will spend about 40% or more of the time in lab based group exercises including the following:
·Learn how MD5 hashes work by using a hashing program to verify copies of evidence
·Use a physical write blocker to image a disk (will be shared among participants)
·Participate in evidence seizure following proper protocols
·Create a clean drive using special disk wipe software
·Search for deleted files on a disk
·Recover deleted files from Recycler and elsewhere
·Create a forensically sound drive image (optional)
·Perform a memory dump to collect evidence
·Create an Alternate Data Stream to hide a file
·Search for and find an Alternate Data Stream
·Change Windows to show Hidden files
·Analyze cookies and temporary files
·View Explorer cache files using Cache View
·Analyze password recovery tools
·Review demo based commercial forensic products
Course Outline: This seminar will provide you with inside forensic knowledge allowing you to understand how to properly perform an investigation, document all commands and steps, ensure that rules of use and chain of custody is understood and adhered to, use the processes and tools in each lab, learn about swap space and how data may reside there, find specific files or folders in your investigation, learn how to create a forensic lab and learn about the many commercial tools your company can purchase to make your cyber forensics even easier.
Relevant knowledge and real skills in:
Requisite forensics technology
Proven investigation processes
Evidence acquisition and duplication
Finding hidden or deleted data