Network and
Application Security
5 Practical Workshops for Network Professionals
www.alc-group.com.au
Exclusive “roadmap” series of
workshops designed to provide
participants with hands-on practical
experience in the implementation
and testing of security in networks
and applications.
5 TARGETED ALC woRkshops
5 HAN
DS-O
N
WORKSHOPS
1
1
Wireless and Mobile Security
MEL > 11 MAR 2013 | SYD > 18 MAR 2013
2
2
Network Penetration Testing
MEL > 12 MAR 2013 | SYD > 19 MAR 2013
3
3
Practical Network Security
- Policy, Management,
Implementation and Testing
MEL > 13 MAR 2013 | SYD > 20 MAR 2013
4
4
Security Testing and Evaluation
in Web Services
MEL > 14 MAR 2013 | SYD > 21 MAR 2013
5
5
Identity and Access Management
Network and
Application Security
5 Practical Workshops
This series of workshops is designed to provide delegates with
hands-on practical experience in the implementation and testing
of security in modern-day networks and applications.
It is assumed that delegates are familiar with the basic principles of networks, applications and the requirement for security in modern day business. Although these workshops will be preceded by brief lecture presentations, the practical side of security design, implementation and testing is seen as essential practical experience for computer and networks specialists.
A wide range of tools are now available for network vulnerability testing, intrusion analysis, privilege escalation, fuzzing, operating system vulnerability testing - all of which use a variety of exploits. Fortunately Backtrack5 Rev 2 has over 800 exploits available and each new revision keeps these updated. The intention of these practical workshops is to work through a series of hands-on exercises which will give delegates experience in testing their networks and associated applications for vulnerabilities. There are many tests and evaluations that can be carried out on a network without necessarily having to resort to hiring an expert. Thus this series of workshops will illustrate many of the principles of network vulnerability tests and exploits that can be run on live networks and therefore give delegates insight and experience to be able to separate out those evaluations which can be done themselves and which may need a specialist.
All experiments will be run using tools which are either available with Backtrack5 or can be loaded on to a PC. In all cases these tools will be run using either VMWare Player or VMWare Workstation.
The following set of workshops thus provides a roadmap for those who are involved with any aspect of security in networks and for modern-day web-based applications.
Format
These workshops are designed to be “mixed and matched” according to requirements. Although each course is typically one day in duration, the depth can be increased according to requirements.
Requirements
All participants are expected to bring a laptop computer. We provide all the “extras” e.g. special devices, firewalls, androids, Bluetooth, access points.
WORKSHOP 1
Wireless and
Mobile Security
The last few years have seen a dramatic growth in the use of a vast variety of wireless and mobile network devices. Further, interconnectivity of these devices via Wireless Local Area Networks, Wireless Personal Area Networks, Broadband and Metropolitan Area Networks, a variety of 3G Network Infrastructures, the Internet and
Cloud Networks has led to a virtual seamless integration of communication which supports data, voice and other multimedia services.
This workshop will commence by examining the characteristics of the different wireless and mobile networks including Bluetooth and other WPANs, Android, and IEEE802.11 variants of WLANs. The manner in which these networks can be compromised by attacks such as, sniffing, spyware, spoofing, hijacking, man-in-the-middle, buffer overflow, injection, brute force, denial of service (as well as the usual range of viruses, worms and Trojans) will be discussed.
This workshop will use Backtrack5 in conjunction with networking equipment such as a variety of access points, wireless interface devices, Bluetooth and Android equipment etc and a selection of these attacks will be created, tested and verified. Delegates will be guided through the process of carrying out a range of penetration attacks to which WPANs, WLANs and handheld mobile computers are particularly vulnerable.
www.alc-group.com.au
© ALC Education & Consulting Pty Ltd. All rights reserved. Vers. 12065 HAN
DS-O
N
WORKSHOPS
WORKSHOP 2
Network
Penetration Testing
Penetration testing in general and vulnerability scanning in particular is the process of assessing computer systems, networks and applications for vulnerabilities (weaknesses). It is a part of the overall process required to secure a computer system, network or application. Vulnerability Exploitation is commonly carried out after a computer system, network or application has been found to be vulnerable and is thus part of the audit process to secure a computer system, network or application. This workshop involves three key aspects of penetration testing: • Vulnerability Scanning using Zenmap and Nessus • Vulnerability Exploitation using Metaslpoit in Backtrack5 • Intrusion Detection System using SNORT
These tools provide an insight into penetration testing commencing at the network layer leading to the application layer.
WORKSHOP 3
Practical Network
Security – Policy
Management
Implementation
and Testing
The design of a security policy for an organisation as well as its implementation and testing is crucial for the satisfactory operation of an organisation. Frequently security equipment such as firewalls become configured without reference to the overall policy. In this workshop a security policy for an organisation will be designed and this policy will be implemented on firewalls and all aspects of the policy will be tested and evaluated for safe and secure operations. In particular this workshop will involve carrying out the following: • Design of a security policy and
implementation and testing of this security policy using a firewall • Implementation of packet
filters, proxies, stateful packet inspection, IPSec tunnels for VPNs incorporating a variety of encryption and authentication crypto tools such as AES, MD5, SHA-1 and others • Provide experience in configuring
NAT (Network Address Translation), SSL/TLS and X.509 digital certificates • Penetration testing of the security policy implementation
WORKSHOP 4
Security Testing
and Evaluation in
Web Services and
Applications
This workshop examines the common vulnerabilities that can occur in the design and implementation of web-based applications and services. The laboratory tool kit is based upon the OWASP (Open Web Application Security Project) project and incorporates use of WebGoat, WebScarab and various web services. The key topics include:
• AJAX (Asynchronous JavaScript and XML) Security / DOM Injection • Authentication flaws • Cross-Site Scripting (XSS) • Cross-Site Request Forgery (CSRF) • Injection flaws and Web Service JavaScript Injection • Parameter tampering, log spoofing, silent attacks and others
WORKSHOP 5
Identity and Access
Management
No system – however secure in its internal design – can be considered to operate safely unless an authentication front-end is implemented. Thus this workshop examines the components of the design of IAM (Identity and Access Management) systems. As such it incorporates design and configuration of Active Directory (including
Kerberos), RADIUS, and the RSA token authentication engine as well as the use of multi-factor authentication components.
Firstly the access policy is designed and this is the implemented in the Active Directory Server, Following this, an authentication front end is added (RSA engine in this workshop). This involves the construction of a network of client and back end servers (Domain Controller and Authentication Engine) along with policy implementation testing as well as configuration of the security functionality.
•
Workshops are designed to be “mix and match”.
Choose according to your requirements.
•
All workshops can be conducted in-house and
can be fully customised to your requirements.
•
All participants receive the
ALC Certificate of Attendance.
Contact Dennis Pigram
[email protected]
for more information
5 TARGETED ALC RoADmAp woRkshops
www.alc-group.com.au
© ALC Education & Consulting Pty Ltd. All rights reserved. Vers. 1206
5 HAN
DS-O
N
WORKSHOPS
COURSE PRESENTER
Dr Ray Hunt
HOW TO REGISTER
Fax the Enrolment Form below to:
(02) 9299 5455
Any queries please call Customer Service
Tel: 1300 767 592
or +61 2 9299 5400
Post the completed Enrolment Form to:
ALC Education & Consulting Pty Ltd
GPO Box 598, Sydney NSW 2001 Send your details by email
[email protected]
Register Onlinewww.alc-group.com.au
1.
2.
3.
4.
5.
© ALC Education & Consulting Pty Ltd. All rights reserved. A.B.N. 47 100 858 357 TRACK CODE: A B C D R
1
Mr/Mrs/Miss/Ms Email Mobile NAME POSITION Send Invoice To: Person Making Booking: Mr/Mrs/Miss/Ms Position Phone Email Mr/Mrs/Miss/Ms Position Phone Email COURSE Organisation: Address:Postcode: Phone: ( ) Fax: ( ) 1. Cheque payable to ALC Education & Consulting Pty Ltd 2. Purchase Order No.: 3. Charge to: Master Card Visa Amex Cardholder Name:
Card No.:
Exp Date:
/
Signature:✗
FEES: (per delegate) A$
Any Single Workshop $690 + gst Any Two Workshops $1,280 + gst Any Three Workshops $1,770 + gst Any Four Workshops $2,160 + gst All Five Workshops BEST VALUE $2,450 + gst
VENUE: The course will be held at a high quality centrally-located hotel. Full details will be on your confirmation email and can also be found on our web site.
COURSE INFORMATION: The course is held from 9.00am to 5.00pm and registration is from 8.30am. Fees include lunch, refreshments and all course materials.
TERMS and GUARANTEE: To ensure your admission to the course, fees are payable in advance. To guarantee your satisfaction we offer a money-back or full credit policy. Details will be on your confirmation email and our website. Cancellations with full refund will be accepted up to 10 working days before the course. After that time no refunds can be given, but substitutions may be sent at any time.
COURSE DETAILS
ENROLMENT FORM
ALC Education & Consulting Pty Ltd is an independent Australian company dedicated to the provision of top quality training and professional services for business and government. ALC has no affiliations with any vendor of hardware or software and is therefore able to provide totally unbiased education, advice and support.
CITY Dr Ray Hunt is an Associate Professor
specialising in Networks and Security. His areas of teaching and research are computer networks and network security. In addition he has provided numerous training courses on Networks and Security for the industry in Australia, New Zealand, Singapore, Hong Kong, Thailand, Malaysia and Taiwan. Further, he has addressed a variety of conferences in Australia, Singapore, China, Hong Kong, U.S.A, Canada and Europe.
He has acted as a telecommunications consultant for a number of telcos and other companies in the Asian-Pacific region and works as an adviser on aspects network architecture, security and design as well as advising industries on a wide range of telecommunication topics.
He is well known in Asia in particular where he has run training workshops over the last 15 years for companies such as Fujitsu, Reuters, AT&T, Vodafone and others. He has visited Asia over 70 times in the last 15 years providing a wide range of training and education workshops in areas of networks and security.
Prior to being with the University of Canterbury, Ray Hunt worked for the airline industry where he designed and built international telecommunication networks.
Early in 2011, Ray Hunt was appointed an adjunct Associate Professor at the University of South Australia (Adelaide) and Edith Cowan University (Perth) and early in 2012 he was appointed Honorary Associate Professor at Deakin University, Melbourne.
1. Wireless and Mobile Security 2. Network Penetration Testing 3. Practical Network Security 4. Security Testing and Evaluation in Web Services 5. Identity and Access
Management MEL 11 MAR 2013 SYD 18 MAR 2013 MEL 12 MAR 2013 SYD 19 MAR 2013 MEL 13 MAR 2013 SYD 20 MAR 2013 MEL 14 MAR 2013 SYD 21 MAR 2013 MEL 15 MAR 2013 SYD 22 MAR 2013
Information Security
Training from ALC
ALC offers the most comprehensive Information Security
training program in Asia-Pacific. In addition to our
exclusive range of technical workshops, we offer the
following leading courses.
SABSA Foundation
SABSA Advanced: Architecture & Design
SABSA Advanced: Risk Assurance & Governance
CISM Certified Information Security Manager
CISSP Certified Information System Security Professional
ISO 27001 – Lead Auditor
ISO 27001 – Lead Implementer
Security Awareness Program
Building a Successful Information Security Policy
7 Targeted Skill-Builder Workshops
www.alc-group.com.au
Offices in Sydney | Canberra | Brisbane | Wellington | Singapore | Kuala Lumpur
