 |
|
| Courses |
|
| NetSecurity's Advantage : |
 |
 |
 |
 |
- No Theories...
- No Boot Camps...
- No Cramming...
- No Crash Courses...
- No Certifications...
|
|
 |
 |
 |
 |
|
|
|
|
|
- No Degrees...
- No Information Dumps...
- No (Web-based) Lectures...
- Real-World Hands-On Simulation
|
|
|
|
|
|
|
|
|
|
| Description of Hands-On How-To Courses : |
|
NetSecurity's Hands-On How-To courses are tailored to IT professionals and auditors who need to know the step-by-step and how-to process for securing and auditing or assessing various IT environments. Each course provides students with a simulation of real-world issues and offers the opportunity to "learn-by-doing." Topics are laden with Hands-On How-To Lab Exercises (HOHTLEs) of real-world security issues. HOHTLEs are performed by each student to demonstrate mastery of covered topics. In addition, we provide students with relevant tools, products, guides, resources, and references for accomplishing tasks efficiently. These take-aways are quick and easy references for use in the field.
|
|
|
| Hands-On How-To Introduction to Computers & Networking for IT Auditors : |
Often overlooked, a basic introductory computer and networking course exposes IT auditors and professionals to the building blocks of simple or complex information systems and networks. Tailored for IT auditors, this intensive, Hands-On How-To course is designed to introduce auditors to fundamental concepts in computers and networking, and provides the requisite knowledge needed to understand how computer systems work and interact with other systems in a networked environment.
The course examines the major components of a computer system and their roles, how they operate, and the key building blocks for connecting multiple computers together to create simple and complex networks. The course also explores network media specifications and functions, LAN/WAN protocols, topologies, capabilities, network operating systems, and an overview of security issues typically overlooked in most computer systems and how to detect them during an IT audit. The course further explores various concepts in a TCP/IP network and highlights how information flows in a computer through hardware devices and protocols.
Course HOHTLEs provide students the opportunity to assemble and configure a simple computer network and test its operations by using popular operating system platforms like Windows and Unix. Coverage includes installation and configuration of Windows systems.
HOHTLEs include:
- Setting up a LAN with a Windows server
- Setting up and sharing resources in a peer-to-peer/workgroup network
- Accessing other networks (example: Internet) from a LAN
- Connecting computers running different network operating systems (UNIX and Windows)
- Demonstrating the risks of networking computers
- Securing computer systems, resources, and network services
- Auditing transactions on a computer system
Upon course completion, students are able to configure and share network resources, perform peer-to-peer operations, understand how resources and users are secured through access rights and other routine security actions. Students also learn how to protect confidential information on desktops and laptops through Window XP's Encryption File System and other hardware-based controls.
|
|
|
| Hands-On How-To Introduction to Network Security : |
The exponential growth of the Internet has resulted in an explosive rise in network security threats, vulnerabilities, intrusions, and attacks against business assets. Seasoned security experts sometimes find it difficult to keep up with emerging security technologies, tools, terminologies, trends, and advanced techniques for protecting and auditing network systems.
This Hands-On How-To introductory course covers topics and HOHTLEs in:
- Emerging security threats and vulnerabilities
- Countermeasures for dealing with today's advanced security threats
- Tools and technologies for staying proactively protected
- Common security technologies, including:
- Authentication
- Access control (firewalls)
- Network Devices (routers, switches)
- Encryption (VPN)
- Intrusion protection, detection, and monitoring (IDS/IPS, Integrity monitoring)
- Network Computer forensics
- Incident response
- Content filtering technologies
- Defense-in-depth process
- User awareness training
- Security policies, standards, guidelines, procedures
- Risk assessment
- Weaknesses in common network protocols and applications (TCP/IP, Web, FTP, Email, IM, etc.) and how to secure them
- How to design and build a secure network using shoe-string solutions
|
|
|
| Hands-On How-To Secure & Audit Unix Systems : |
Whether you are a new or seasoned security or systems professional, this course teaches you to use native "out-of-the-box" operating system capabilities to secure and audit Unix environments - Solaris, xBSD, Linux, AIX, etc. The course is designed to help students ensure that Unix systems are adequately protected from unauthorized users and further teaches students how to conduct hackers' attacks and investigations to identify intrusion. Students also learn how to audit a Unix system to identify areas of security weakness and vulnerabilities.
The course discusses particular security measures that incorporate HOHTLEs to show how these security measures can be implemented. Additionally, students learn how to use the Unix shell to capture auditable evidence, control the environment, and generally examine system logs for critical information. Upon course completion, participants go home with hundreds of security tips and ready-to-use scripts - invaluable resources for securing and auditing Unix systems.
|
|
|
| Hands-On How-To Secure & Audit Windows 2003 Servers : |
This Hands-On How-To course provides students with an in-depth knowledge and tools needed to secure Windows 2003 servers and network clients. The course covers actual implementation of concrete steps to ensure long-term security of Windows 2003 network environments. The course further provides the students with the skills needed to implement security for Domain Controllers, DNS, DHCP, certificate servers, and secure Active Directory objects, attributes, and use Group Policy to manage user accounts, passwords, etc.
The course is designed to ensure that participants know the practical step-by-step process for hardening Windows 2003 enterprise systems from the top down, focusing on authentication, access controls, borders, logical security boundaries, communications, storage, and administrative authority. The course addresses how to protect servers, desktops, and laptops through permissions, security templates, TCP/IP settings, and application-level security. HOHTLE covers secure configuration and products and tools for auditing Windows 2003 server.
Upon course completion, participants are able to plan and implement a comprehensive security management strategy that includes identifying risks and configuring security technologies, applying security best practices, and monitoring and responding to security incidents within Windows environments.
|
|
|
| Hands-On How-To Secure & Audit Windows Active Directory : |
Windows Active Directory (AD) is the database in Windows 2003 network environments that stores information about users, computers, groups, replication connectors, Kerberos keys, IPSEC policies, passwords, DNS records, and much more. Active Directory provides the security infrastructure upon which the rest of Windows security depends. Virtually all concepts new to Windows presuppose an understanding of Active Directory.
Many organizations currently run at least some, if not all, Windows computers. The vast majority use Active Directory to control different aspects of the network environment, including security and access control to network resources. This course provides students with the skills needed to manage and securely configure an Active Directory environment - mastering the techniques for assessing and auditing administrative authority in Active Directory. An understanding of how Group Policy is utilized in controlling server security settings organization-wide is also explored.
The course allows students to expand their knowledge of audit programs as related to Windows 2003 Active Directory. Furthermore, the course provides students the opportunity to thoroughly understand issues with security control points within Active Directory, the functions of Group Policy Objects (GPOs), and target goals. Students also acquire the terminology needed to gather more information, perform better interviews, and make security audits of AD more efficient. Course HOHTLEs enable participants to pinpoint where each server control point resides and lay out a detailed audit plan that allows for implementation in the field.
|
|
|
| Hands-On How-To Secure & Audit Network Systems, Devices, and Services : |
Sophistication in computer technology has resulted in a proportionate advancement in security threats and attack techniques. Audit methodologies that unveil the latest network vulnerabilities must be in place to proactively discover security weaknesses. NetSecurity's Hands-On How-To Secure and Audit Network Systems course is designed to provide students the knowledge and skills needed to secure network infrastructures against today's diverse and emerging security threats and vulnerabilities. This course provides students a step-by-step, cost-effective process for securing and assessing or auditing network systems.
This course is intended for IT professionals who are responsible for maintaining systems security and procedures for organizations as well as those responsible for reviewing these systems to ensure the security measures in place are working to prevent network vulnerabilities. This course offers the skills needed to analyze common internal and external security threats against a network so that participants can develop proactive security and audit strategies that protect their organization's information and data.
HOHTLEs for this course include network security technologies (Firewalls, VPN, content filtering, encryption technologies, IDS/IPS), their weaknesses, common configuration flaws, and techniques for auditing these devices. Additional exercises cover common network protocols (TCP/IP, Telnet, HTTP, SMTP, FTP, DNS, etc.), how to securely configure them, and tools used to discover vulnerabilities associated with these and other network services.
|
|
|
| Hands-On How-To Secure & Audit WiFi Networks : |
Wireless technology can be a significant business enabler that provides a flexible means of physical network management. The availability of wireless networks in virtually every business network environment has made it possible for war drivers to gain a great deal of media attention by wreaking havoc in companies with permeable wireless security defenses. While discovering wireless access points from outside a network cannot be easily prevented, students of our Hands-On How-To course learn how to lower the risk of using wireless LAN technology and monitor its use and abuse effectively.
This course is valuable for technical professionals, network engineers, security professionals, and auditors who manage, operate, audit or implement wireless networks. The student is provided an intensive, hands-on audit of the security risks associated with wireless infrastructure which enables them to make informed decisions on wireless security technologies best suited for various organizational needs. This course also reviews wireless security protocols - WEP, WPA, and WPA2.
HOHTLEs for this course emphasize configuring and securing wireless networks, using wireless and wired intrusion detection techniques, and identifying wireless access points and encryption technologies and their corresponding weaknesses. Exercises include passive monitoring of a wireless network to glean encryption keys and other critical data. Furthermore, the professional learns industry best practices on security and auditing wireless networks.
|
|
|
| Hands-On How-To Secure & Audit Voice Over IP (VoIP) Networks : |
The telecommunications industry is now experiencing the convergence of Voice over IP (VoIP) and IP telephony networks. VoIP is no longer tomorrow's technology since high-speed networks that support quality-of-service (QoS) technology have come a long way in mitigating performance and availability issues.
This Hands-On How-To in-depth training course provides participants with detailed technical perspectives on VoIP security with specifics on how to design and implement IP telephony that properly mitigates organizational security risk. The course highlights the architecture and security capabilities of VoIP protocols (H.323, SIP, and MGCP). Students are exposed to in-depth security implementation best practices and guidelines for securing and auditing VoIP networks. To mitigate risks, common VoIP attacks are documented and countermeasures discussed.
Designed for security managers, IT auditors, project managers, security/network engineers, security administrators, and other technical professionals working with or planning to work with IP telephony and VoIP, the course dissects the technical details and audit implications of carrying voice on a data network, the protocols used, and associated security issues in design and implementation. Security and technology issues examined from an audit perspective include:
- Strategies and design guidelines necessary to maintain QoS while ensuring IP telephony security
- Applying proper design and integration techniques to your VoIP application deployment to mitigate risks of attack
- VoIP management tools and best practices to support risk mitigation
- The design and implications of several security solutions for multiple voice network deployments
- Security and audit considerations in NAT and firewalls call setup, media streams, latency, and application level gateway
- Examination of how to overcome NAT issues using STUN, TURN, and ICE
- Building and managing VoIP solutions over a VPN
- Understanding the threats and security vulnerabilities with VoIP call control protocols - H.323, SIP, and MGCP
- Implementing IPSEC and RTP encryption to help secure MGCP call signaling
- Accurately auditing a VoIP network deployment to determine its security risks
- Administering security for LAN and WAN VoIP Traffic
- Impact of CALEA on ITSPs
- Voice markup Language (VoXML) and XML services and how to secure them
|
|
|
| Hands-On How-To Secure & Audit Database Servers : |
Database management systems have become important and indispensable assets to the operations of all organizations that use them to store mission-critical information. The ubiquity of databases has resulted in frequent reports and incidents of widespread hacking and malicious software exploits targeting these systems. Organizations that do not take the necessary security measures to properly configure and audit these systems proactively run the risk of data compromise and potential loss of critical business assets.
NetSecurity's Hands-On How-To Secure & Audit Database Servers course is designed to enable students to learn how to securely and properly configure database systems and protect the data they store. Further, the course provides how-to instruction on auditing database servers (MySQL, Oracle, MS SQL, etc.) in order to identify security weaknesses effectively and promptly.
Students also explore emerging database security vulnerabilities, hackers' exploits, and effective countermeasures that highlight common database configuration errors, flaws, and vulnerabilities. In addition, participants examine the differences in security implementation in various database platforms. Students perform exercises using sample audit scripts, audit/security checklists, and an impressive list of database vulnerability testing tools that are used in diverse database environments in the field.
|
|
|
| Hands-On How-To Secure & Audit Web-based Applications : |
Corporate applications are constantly Web-enabled for access from the Internet from any platform. An enormous number of applications services (e.g., electronic commerce, intranets, electronic data interchange, electronic banking and payment systems, email, remote logins, file transfer, etc.) are web-enabled through the auspices of TCP/IP networking, easily extending application accessibility to more and more users. Internet threats and attacks now target these Web-enabled systems to gain access to corporate jewels. This course explores web-based applications to discover known and unknown vulnerabilities, mechanisms and tools for auditing, and measures for protecting against these vulnerabilities to prevent proprietary data theft.
This course demonstrates how to identify security weaknesses of web-enabled services that are exploitable by remote users using publicly and commercially available software and manual techniques. The course is especially useful for those auditing, developing or managing the development of a web-based application. In addition, the course enables participants to identify the key building blocks in today's networks and advanced applications - understanding of critical threats and vulnerabilities, defining best practices for perimeter and web application security, and locating useful tools and techniques for auditing web applications.
Specific areas to be examined include OWASP top 10 vulnerabilities, how to secure systems and applications to protect against potential exploits, and how to audit these Web-based systems to ensure that applicable vulnerabilities are discovered and mitigated promptly and effectively.
|
|
|
| Hands-On How-To Perform Computer Forensics for IT Auditors : |
The threat of crime against a user or an organization's computer has grown significantly. Abuse, fraud, and criminal activities can occur internally or from outside sources. Every crime leaves behind clues and with the proper use of forensic techniques and tools, illicit activities can be uncovered and lost data recovered.
This Hands-On How-To course is designed to provide students with real-world experience in preserving and presenting computer evidence that can be used in a court of law. Students learn how to implement a computer forensics incident-response strategy that leads to a successful investigation from the initial response to completion. Furthermore, students learn to conduct disk-based analysis in order to recover deleted files as well as identify information-hiding techniques.
No one single forensic tool from one vendor is sufficient for a thorough forensic investigation. As a result, hands-on exercises cover software and hardware tools from multiple vendors giving students exposure to a breadth of commercial and freeware tools. Further, HOHTLEs cover data acquisition from a variety of digital storage media - hard disks, CD-ROM, PDAs, USB, and cell phones.
Course HOHTLEs cover real-world simulation of networked computers that have been involved in criminal or other illegal activities, the "crime scene." Students perform hands-on exercises to investigate the simulated scene and reconstruct the events that led to the "crime" by rebuilding user activities from e-mail, temporary Internet files and cached data, to assess the integrity of system memory and process architecture to reveal malicious code and other residual data. Students gain an understanding of how forensic tools work - an absolute requirement to testify in court - and how to analyze and interpret forensic results.
|
|
|
| Hands-On How-To Develop Security Policies : |
The proliferation and massive connectivity of systems and enterprise portals have led to an increase in information systems security threats. FBI research shows that internal users continue to breach security more often than external users.
Like other corporate documents, a poorly written security policy can result in non-compliance or policy violation. Our Hands-On How-To Develop Security Policies course is designed to empower IT professionals (with the responsibility for creating, assessing, approving, or implementing security policies) with the tools and techniques to develop concise, effective, implementable, and enforceable security policies and procedures. The course examines the recommended industry best practices and standards and shows how to customize them to address specific business and regulatory requirements. The course also focuses on checklists, sample policies, procedures, standards, guidelines, and synopses of the relevant BS 7799, ISO 17799, and ISO 27001 standards as well as COBIT framework.
As with all NetSecurity's HOHTLEs, students get real-world simulation of actual security policy design, development, review, and implementation through participation in hands-on projects writing policies, procedures, and standards.
|
|
|
| Hands-On How-To Perform Certification & Accreditation (C&A) : |
OMB Circular A-130, Appendix III, requires that agencies conduct certification and accreditation (C&A) of information systems. C&A provides a form of quality control and challenges agencies to implement the most effective security controls possible in an information system. This process ensures that all aspects of security are addressed throughout the life cycle of the system. Armed with the most complete, accurate, and trustworthy information possible on the security status of a system, an agency official can make risk-based decisions on whether to authorize operation of a system within the agency.
NetSecurity's Hands-On How-To C&A course teaches students the step-by-step process of performing certification and accreditation of complex and simple systems and applications. Course HOHTLEs incorporate significant documentation and processes that are necessary for developing C&A packages.
The course drills include real-world scenarios, including in-depth coverage of the following areas:
- Security Categorization
- Regulations and Guidance - NIST, FISMA, FIPS 199, OMB, etc. - and applicability to C&A
- Performing C&A tasks
- Developing C&A documentation
- Developing System Security Plan (SSP)
- Conducting a risk assessment
- Developing a Security Test and Evaluation (ST&E) plan and test procedures
- Conducting an ST&E and analysis of test results
- Developing a Continuity of Operations and Disaster Recovery Plans
- Developing the certification and accreditation package
- Developing Plan of Action and Milestones (POA&M)
|
|
|
|
 |
 |
|
 |
security certification training |
|
|
|
 |
|
 |
|
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
|
