IS Auditors; Operational Auditors with a technical background; Network Administrators; Technical Support personnel; Consultants; and others responsible for security and controls associated with wired and wireless connections.

What You Will Learn

Instructor

Peter T. Davis

• WLAN modes: Ad Hoc, Infrastructure
• infrastructure: core, distribution, access
• service sets: independent basic service set (IBSS), basic service set (BSS), extended service set (ESS)
• clients and access points
• antennas: omni-directional, semi-directional, highly-directional
• location a WLAN
• carrier sense multiple access/collision detection (CSMA/CD) versus carrier sense multiple access/collision avoidance (CSMA/CA)
• request-to-send/clear-to-send (RTS/CTS)
• fragmentation
• power management: power save polling
• roaming
• point coordination function (PCF) versus distributed coordination function (DCF)
• distribution services
• authentication and association
• authentication methods
• RADIUS

• identifying the Top 10 Wireless Security Vulnerabilities
• theft
• interference
• passive attacks: packet sniffing
• active attacks: MAC spoofing
• man-in-the-middle
• message replay
• RF jamming
• co-location
• co-channel
• multipath
• throughput
• configuration problems: SSID, default passwords, shared keys/open system authentication, encryption
• WEP weaknesses: WEP cracking
• war driving, war chalking, war flying, war walking

7.  Developing a Security Action Plan        

[Back to top] [To schedule course]

Auditing Internet Security

Seminar Focus and Features

In this unique and timely seminar you will learn a systematic approach to auditing the major pressure points associated with your organization's connection to and use of the Internet. The audit tools and techniques you master here will equip you with the know-how you need to detect internal and external vulnerabilities in the Internet interface, ranging from improperly configured Unix and non-Unix TCP/IP hosts to weaknesses in flawed firewall configurations. You will examine the pros and cons of different Internet connections and learn proven techniques for bolstering their security. Organizations that view firewalls as their last line of Internet defense may still remain vulnerable to hacker attacks. You will leave this make-a-difference session with a tested game plan for identifying those vulnerabilities and for ensuring your organization's Internet connections are safe. Because of the technical nature of this course, attendees should have attended, The Security and Audit Practitioner's Guide to Cruising the Internet Securely or have equivalent Internet and TCP/IP knowledge.

Who Should Attend

IS Auditors; Operational Auditors with a technical background; Network Administrators; Technical Support personnel; Consultants; and others responsible for security and controls associated with Internet connections.

What You Will Learn

1.  Measuring the Effectiveness of Your Organization's Internet Policies

• validating the business case for an Internet connection
• pros and cons of different types of Internet connections
• legal implications of the Internet connection
• proper organizational involvement in Internet policy setting
• accountability for Internet security
• defining approved Internet connection methods
• network perimeter access control policies
• audit logging and review requirements
• E-mail and news group participation
• practical downloading restrictions and safeguards
• policy differences for external and internal users
• audit/penetration testing responsibilities
• security incident reporting and handling
• responsibility for use of CERT, CIAC, and other early warning services

2.  Testing Your Network Security Through Penetration Audits and Other Hacker Simulations

• identifying TCP/IP security vulnerabilities
• using CERT bulletins and white papers as an aid to developing your
• audit plan
• using common network utility programs to perform TCP/IP network
• information 'discovery' probes
• simulated host, router, and firewall penetration attacks
• testing WWW server security
• evaluating risks in network configurations associated with Internet
• connections
• backdoor dial-up network access behind the firewalls
• using network sweep programs to automate the penetration testing
• process

3. Auditing Network Perimeter Security

• physical security
• auditing router-based firewalls
• auditing application gateway security configurations

4. Auditing Multi-User Network Unix Host Security

• taking advantage of built-in utility software to facilitate the audit
• process
• testing the controls for user accounts
• password cracking tools
• auditing protection levels for key directories and files
• auditing the protection of file transfer systems
• determining the effectiveness of software protection, change control,
• and monitoring
• finding exposures created by improper control of privileged users and
• programs
• holes in E-mail configurations
• testing the configuration of TCP Wrappers and other host add-on
• systems
• reviewing audit log utilization and protection
• obtaining, installing, and using expert security auditing tools

5. Auditing Non-Unix Servers and PC Desktop Workstations in a TCP/IP Network

• identifying control points on non-Unix hosts
• comparing the security-relevant TCP/IP components between Unix
• and non-Unix systems
• exposures created by default security settings for TCP/IP workstation
• products
• selecting and applying utility software to facilitate the non-Unix 'host'
• review
• testing the TCP/IP security configurations in non-Unix systems

Instructor

Peter T. Davis

[Back to top] [To schedule course]

Building an Information Security Awareness Program

Seminar Focus and Features

In this two-day seminar you will go step-by-step through the design and implementation of a security awareness plan geared specifically to the new distributed computing environment. You will learn how to conduct a self-audit of your current security awareness program to determine if it is keeping pace with the new technologies in your organization. You will master proven techniques for raising the organization's collective consciousness about security and controls, and learn how to implement motivational strategies that make awareness effective.

Who Should Attend

Newly appointed Information Security Managers; other Information Security professionals who want to evaluate or update their current programs; System and Network Administrators; and others responsible for promoting security awareness.

What You Will Learn

1. A Self-Audit of Your Awareness Plan

• understanding the existing environment and anticipating change
• what should be included in a security awareness program geared for the '90s and beyond
• conducting a technology inventory

2. Getting Management's Attention... and Commitment

• determining management's needs
• building your case
• "marketing" your program

3. Awareness Program Goals

• developing awareness objectives and criteria
• developing a business case
• developing a charter
• influencing and motivating employees
• communicating your ideas

4. Getting Started

• working with your customers
• staffing for awareness
• who is responsible for what
• identifying your target audience
• developing organization-wide programs
• implementing pilot projects

5. Identifying the Awareness Tools That Work Best for Your Organization

6. Monitoring the Success of Your Program

Instructor

Peter T. Davis

[Back to top] [To schedule course]

Security and Audit of UNIX

Seminar Focus and Features

UNIX developers never designed it as a secure system, this is evidenced by the very fact that UNIX frequently comes with its security features off by default.  Since your vendor does not automatically enable all the security features at installation, you may find yourself vulnerable to a wide variety of threats.

In this hands-on, three-day seminar you will go through the steps you need to take to analyze the security of an existing UNIX server. You will identify the weaknesses in UNIX-based operating systems and find out how to detect and prevent unauthorized access.  You will learn how to evaluate user controls, examine standard system logs, analyze the effect of file and directory permissions, search for special files that allow users extended capabilities, and evaluate the risks of system processes.  Finally, you will discover how to review UNIX network control files and evaluate the risks of selected common network services.

Throughout this three-day interactive seminar you will participate in hands-on exercises that will reinforce what you learn with actual evidence you can evaluate to determine risk. You will return to your office with the know-how to set up, manage, and maintain an enforceable UNIX security policy, and with an audit approach for securing UNIX-based operating systems.

Who Should Attend

Newly appointed Information Security Managers; other Information Security professionals who want to evaluate or update their current programs; System and Network Administrators; and others responsible for promoting security awareness.

What You Will Learn

1.         UNIX Basics

• UNIX profile
• UNIX components and processes
• logging in

2.         UNIX Security Features

• Security model
• UNIX identification and authentication
• Password file
• Users
• Superuser
• Groups
• Lab: Reviewing user access controls and group memberships

3.         UNIX File Systems

• File system structure
• Types of files
• Access permissions
• Listing and searching commands
• SUID/SGID files
• Changing access permissions and ownership
• Lab: Listing and checking system file and directory permissions

4.         Monitoring Access and Use

7.         File Transfer Services

• ftp
• Anonymous ftp
• tftp
• smtp (sendmail)
• Lab: Controlling file transfer services

• finger
• NIS
• NFS
• Lab: Reviewing File Sharing Controls

10.       UNIX Audit and Security Techniques

• Types of logon

• Access token
• Global logon and password controls
• User-specific logon and password controls
• Lab: Creating users; Account Policy; setting up manually configured security  features

You will learn how to:

• Identify methods hackers use to break into network systems

• Detect and respond to network- and host-based intruder attacks

• Integrate intrusion detection systems (IDSs) into your current network topology

• Analyze network traffic and detect attacks using the latest tools and techniques

• Deploy and manage an IDS

• Create an effective response strategy based on your organizational needs

• Make a business case for IDS

• setting  up a "contract"
• rules of engagement
• researching the hack
• testing rules
• reporting
• hacking preparation: getting the Jolt, the gear and music
• using an anonymizer
• changing your MAC address
• IP address spoofing
• using tools: SMAC, Packet Crafter

• What is Social Engineering?
• type of social engineering
• classic social engineering attacks

• steps for gathering information
• using the registrars: whois, Sam Spade, nslookup
• analyzing the output
• finding the address
• using tools: Traceroute, Visual Route, Smart Whois, eMailTracking Pro
• finding out the OS
• using tools: Telnet, nmap, Queso

6.  TCP Background

• scan types
• using tools: SuperScan, IPEye, nmap

Instructor