INFORMATICS AND INFORMATION SECURITY
RESEARCH CENTER
CYBER SECURITY INSTITUTE
INFORMATION SECURITY
TRAINING CATALOG
(2015)
Information Security Trainings
Basic Trainings ... 3
1. Information Security Awareness for End Users ... 4
2. Information Security Awareness for Managers ... 5
3. Social Engineering: Attack and Defense Methods ... 6
Intermediate Level Trainings ... 7
4. ISO 27001 Information Security Management System Implementation ... 8
5. Cyber Incident Response Team ... 9
6. Business Continuity / Disaster Recovery Planning ... 10
7. Windows Security ... 11
8. Microsoft Systems Security ... 12
9. Linux Security ... 13
10. TCP/IP Network Security ... 14
11. Active Network Device Security ... 15
12. System Security Audit ... 16
13. Basic Security Audit ... 17
14. Wireless Network Security ... 18
15. Log Management ... 19
Advanced Trainings ... 20
16. Oracle Database Security ... 21
17. MS SQL Server Database Security ... 22
18. Web Applications Security ... 23
19. Security Information and Event Management Systems ... 24
20. Penetration Testing and Ethical Hacking ... 25
21. Log Analysis ... 26
Master Level Trainings ... 27
22. Information Systems Forensics ... 28
23. Computer Network Forensics ... 29
24. Windows Malware Analysis ... 30
1. Information Security Awareness for End Users
a. Who Should Attend
Users of information systems.
b.
Prerequisites
Basic knowledge to use information systems as a regular user.
c.
Course Syllabus
Role of user in information security
Contribution of user to corporate Information Security Management System (ISMS)
Access to computers
Password security
E-mail security
Security while accessing the Internet
Virus protection
Setup, use and disposal of storage media
File access and sharing
Information backup
Social engineering
User responsibilities in computer incidents
d. Duration
3 hours
e. Benefits
2. Information Security Awareness for Managers
a. Who Should Attend
Managers who wish to improve their understanding in the field of information security. Staff who has a general understanding about information systems wish to obtain further information about information security.
b. Prerequisites
General information about information systems.
c. Course Syllabus
Basic concepts of information security
Security policy
Organizational security
Human resource security
Risk assessment and risk mitigation
Business continuity
Information security incident management
Operating system security
Network security
Web security
Digital certificates and certificate distribution systems
Password management
Antivirus systems
d. Duration
2 days
3. Social Engineering: Attack and Defense Methods
a. Who Should Attend
All information system users, whereas the attendance of system administrators is critical.
b.
Prerequisites
Classroom should be equipped with one personal computer per attendee since the training includes hands-on exercises.
c.
Course Syllabus
“Social engineering” concept
Attack techniques
Examples of social engineering attacks
Social engineering tests
Prevention methods
Several social engineering applications
d. Duration
2 days
e. Benefits
Attendees will become familiar with the social engineering attacks, which is quite common and may lead to loss of confidential information, or even the reputation of an institution.
4. ISO 27001 Information Security Management
System Implementation
a. Who Should Attend
Staff obliged to establish and maintain an ISO 27001 based ISMS as well as staff responsible for processes that will be subject to an ISO 27001 audit.
b. Prerequisites
Familiarity with quality management systems is helpful but not indispensable.
c. Course Syllabus
What is an ISMS and why is it needed?
“Plan-Do-Check-Act” process in ISO 27001
Risk assessment and treatment in information systems
ISO 27001 control categories
o Security Policy
o Organization of Information Security o Asset management
o Human resource security
o Physical and environmental security
o Communications and operations management o Access control
o Information systems acquisition, development and maintenance o Information security incident management
o Business continuity management o Conformance
ISO 27001 conformance audit
o Audit planning o Audit checklists
o Non-conformances and reporting
Several applications
d. Duration
3 days
e. Benefits
Attendees wil be able to establish ISMS in their institutions. Attendees will also be acquainted with audit concepts.
5. Cyber Incident Response Team
a. Who Should Attend
Staff obliged to establish or manage CERT (Computer Emergency Response Team) in their institutions. Staff working in the information security department of their institutions.
b. Prerequisites
Some experience is required about both the business processes and the information system infrastructure of the institution.
c. Course Syllabus
Introduction (History, computer incident examples, CERT and security organization examples)
Basic questions and titles about CERT (What is CERT? What is the scope of operational framework of CERT?)
Computer incident management process (incident management service definition and functions)
Operational components of CERT (software, hardware, policy and procedures)
CERT project plan
d. Duration
2 days
e. Benefits
6. Business Continuity / Disaster Recovery Planning
a. Who Should Attend
Staff responsible for the management of business continuity / disaster recovery process, managers of institutions where business continuity / disaster recovery plan does not exist, developers of business continuity / disaster recovery plans, staff that has a role in the business continuity / disaster recovery plan, emergency team members and security auditors.
b. Prerequisites
None
c. Course Syllabus
Principles associated with the management of business continuity project
Threats that may target all institutions
Risk assessment and designation of security controls
How to conduct the business impact analysis
Developing the business continuity strategy
Design of emergency response and related activities, how to improve readiness
How to construct the disaster recovery teams
In case of disaster
o How to minimize the impact
o How to execute recovery in designated duration o Emergency communication requirements
Development and application of the business continuity plan
Training and awareness activities for quick and correct response
Testing and updating the business cotinuity plan
d. Duration
2 days
e. Benefits
7. Windows Security
a. Who Should Attend
Windows network administrators, Microsoft Active Directory administrators, staff from institutions which are planning safe migration to Microsoft systems, staff interested in Microsoft systems security.
b. Prerequisites
Basic knowledge of Windows and computer networks.
c. Course Syllabus
Windows operating system security (XP/2003/Windows 7/2008-R2)
IPSec, PKI (“Public Key Infrastructure”) and EFS (“Encrypting File System”)
“Powershell” development for Windows environment
d.
Duration
3 days
e. Benefits
8. Microsoft Systems Security
a. Who Should Attend
Windows network administrators, Microsoft Active Directory administrators, staff from institutions which are planning safe migration to Microsoft systems, IIS and Exchange administrators, staff interested in Microsoft systems security.
b. Prerequisites
Basic knowledge of Windows, Exchange, Active Directory and networks.
c. Course Syllabus
Microsoft Web Services Security (IIS 7.5)
Microsoft “PowerShell”
Active Directory and Network Services Security (Group policy, DNS, DHCP)
Patch management in Microsoft systems
d. Duration
4 days
e. Benefits
9. Linux Security
a. Who Should Attend
Experts responsible for the security of Linux based systems, system administrators studying how to secure Linux based Internet applications, system administrators eager to learn about security tests and system hardening tools.
b. Prerequisites
Experience as Linux system administrator.
c. Course Syllabus
Secure setup
Configuration of startup services
Secure configuration of kernel
File system access control
User access control
Management of system logs
Security audit tools
Security hardening tools
Security script programming
d. Duration
3 days
e. Benefits
10. TCP/IP Network Security
a. Who Should Attend
System and network administrators, security and penetration test experts, staff of IT security department, IT security auditors.
b. Prerequisites
Basic knowledge of networks.
c. Course Syllabus
Protocols of the TCP/IP protocol stack
Operation principles of different layers of the TCP/IP stack and threats targeting these layers
Security vulnerabilities of TCP/IP protocols and mitigation techniques
Techniques, protocols and devices that are used to assure network security
Packet capturing software such as Wireshark, analysis of packets and protocols
Concepts such as SSL, IPSec, VPN and digital certificates
Network components such as Firewall, IDS/IPS and Proxy
d. Duration
2 days
e. Benefits
11. Active Network Device Security
a. Who Should Attend
System and network administrators, security and penetration test experts, staff of IT security department, IT security auditors.
b. Prerequisites
Basic knowledge of networks
c. Course Syllabus
Within the scope of (hardening of) active devices, network design and assuring the security of networks, the following topics will be studied theoretically with hands-on exercises.
Steps toward hardening of active devices that are commonly used today in the internal networks and they are also used to connect networks to the outside world, such as
o Backbone switch, o Router,
o Firewall, o Content filter
Security controls applicable to active devices, such as
o Physical security, o Equipment security, o Identity authentication,
o Authorization and monitoring, o Patch management,
o Access control lists,
o Remote management conrtrol, etc.
12. System Security Audit
a. Who Should Attend
Information technology auditors, information security experts eager to enhance their system security audit abilities, system and network administrators willing to understand the security audit approach and prepare their systems to security audits.
b. Prerequisites
Basic network and operating system (Windows and Unix) information, familiarity with peripheral protection systems.
c. Course Syllabus
Vulnerability and threat definitions
Open source security vulnerability scanners and how to use them
Discovering the topology of a network
Peripheral protection systems audit
Windows audit
Audit of Unix/Linux systems
d. Duration
4 days
e. Benefits
13. Basic Security Audit
a. Who Should Attend
Information technology auditors, information security experts eager to enhance their system security audit abilities, system and network administrators willing to understand the security audit approach and prepare their systems to security audits.
b.
Prerequisites
Basic network and Windows operating system information.
c.
Course Syllabus
Vulnerability and threat definitions
Open source security vulnerability scanners and how to use them o Nessus, Nmap, MBSA
Windows audit
o Security templates
o Security Configuration and Analysis
d. Duration
1 day
e. Benefits
Attendees will learn how to use security vulnerability scanners and how to conduct security audit of Windows operating system.
14. Wireless Network Security
a. Who Should Attend
Wireless network administrators, system or network administrators who wish to install and setup wireless networks, IT experts who wish to obtain information about wireless network security.
b. Prerequisites
Basic knowledge of networks.
c. Course Syllabus
Security risks in wireless local area networks
Secure wireless communication architecture
Software tools that are used for securing or attacking wireless networks
d. Duration
2 days
e. Benefits
Attendees will obtain information about the risks of wireless communication and techniques to mitigate these risks. Additional information will be supplied about wireless network audit tools.
15. Log Management
a. Who Should Attend
System and network administrators
Information systems experts
b.
Information security managers and expertsPrerequisites
Basic knowledge of operating systems and information systems.
c. Course Syllabus
Basic concepts about log management,
Configuration settings needed in order to collect logs,
Log analysis techniques,
Crucial points in log management system setup,
Analysis of large log files,
Instant tracking of log files,
Log files to be investigated during a security breach,
Log files to be collected due to legal or institutional policies,
Common mistakes and problems of log collection process,
Log collection standards.
d. Duration
2 days
e. Benefits
16. Oracle Database Security
a. Who Should Attend
Database administrators, database security auditors.
b. Prerequisites
General information about databases and basic database management.
c. Course Syllabus
Database basics
Identity control
Access control lists
Database security audits
Network security
Database backup
Audit of access tools
Advanced security measures
d. Duration
3 days
e.
Benefits
At the end of the course, auditors will be able to conduct security audit of databases whereas managers will be able to implement secure management of databases.
17. MS SQL Server Database Security
a. Who Should Attend
Database administrators, database security auditors.
b. Prerequisites
General information about databases and basic knowledge of database management.
c. Course Syllabus
SQL Server 2005/2008, general topics
Operating system configuration
Network configuration
SQL Server 2005/2008 setup and maintenance
SQL Server 2005/2008 configuration
Access control and authorization
Audit and log management
Backup and disaster recovery procedures
Replication
Software application development
“Surface Area Configuration” tool
SQL Server 2005/2008 test and monitoring tools
d. Duration
3 days
e.
Benefits
18. Web Applications Security
a. Who Should Attend
HTTP based application developers and auditors.
b. Prerequisites
Basic knowledge of Web technologies (HTTP, HTML, web servers, internet browsers) and at least one of the programming languages used in web applications (PHP, Java, ASP.NET, Perl, etc.).
c. Course Syllabus
Information gathering
Configuration management
User authentication
Input / output validation
Session management
Authorization
Application logic
Log management
Failure management
Secure application management
d. Duration
2 days
e. Benefits
19. Security Information and Event Management
Systems
a. Who Should Attend
Information system administrators, information system security administrators, IT auditors.
b.
Prerequisites
Familiarity with information system components and security components of IT systems.
c.
Course Syllabus
Centralized log management systems
Requirement for event correlation systems
Advantages of event correlation systems
Event correlation steps
OSSIM attack correlation systems
OSSIM overview
Basic components of OSSIM
Tools utilized by OSSIM
OSSIM setup
OSSIM component configuration
Policies
Data fusion from separate components
Attack correlation
System maintenance and update
d. Duration
4 days
e. Benefits
20. Penetration Testing and Ethical Hacking
a. Who Should Attend
Staff who are supposed to conduct penetration tests and security audits in their institutions, staff working in information security departments of their institutions.
b. Prerequisites
Experience and awareness of security issues, intermediate level of knowledge about Linux, Windows and TCP/IP, intermediate level of experience about information system infrastructure.
c. Course Syllabus
Introduction (What is “Penetration test”? Crucial points before, during and after penetration tests and penetration test methodologies)
Discovery (Discovery categories. Applied nmap exercise; port scanning, service and operating system discovery, etc.)
Vulnerability discovery (Vulnerability concept. Nessus exercise; policy designation, scanning and vulnerability analysis)
Exploit (Exploit and payload concepts. Metasploit exercise; msfconsole, meterpreter, post-exploit and auxiliary modules, etc.)
Network penetration tests and layer two attacks (Network sniffing, MAC table flooding, ARP poisoning, VLAN hopping, DHCP IP pool exhaustion attacks)
External network tests and information gathering (Active and passive information gathering, “Google hacking”, etc.)
Social engineering (Using e-mail and telephone. Customized payload and malware generation – macro, pdf and exe. “Relay” vulnerability. “Post-exploitation”)
21. Log Analysis
a. Who Should Attend
System and network administrators
Information systems experts
b.
Information security managers and expertsPrerequisites
Basic knowledge of operating systems, databases and computer networks.
c. Course Syllabus
Overview to log analysis,
Log analysis standards, rules and legal regulations,
Log collection and viewer tools,
Common mistakes in log analysis,
Incident response,
Log analysis in different stages of incident response,
Contribution of log analysis to incident response.
d. Duration
5 days
e. Benefits
22. Information Systems Forensics
a. Who Should Attend
Staff from IT department who are eager to conduct information systems forensic analysis.
b. Prerequisites
Basic knowledge of Linux and Windows operating systems.
c. Course Syllabus
Computer incident response
Preliminary stages of computer forensic analysis
Information about NTFS, FAT32, ext2, ext3 file systems such as, how files are opened, saved and deleted in these systems
Non-volatility of data in different components of a computer (RAM, “Stack” area, hard disks etc.) Data storage and retrieval from these components
Conducting computer incident forensic analysis on a Linux system and presentation of related tools
In the applied part of the course, setting up the forensic analysis environment and conducting, with tools, the analysis of a suspected file
Conducting computer incident forensic analysis on a Windows system and presentation of related tools
Legal framework about forensic analysis and storage of data in a format which is suitable for presenting to a court as an evidence
d. Duration
3 days
e. Benefits
23. Computer Network Forensics
a. Who Should Attend
Network, system and security administrators, IT staff eager to conduct computer network forensic analysis.
b. Prerequisites
Basic knowledge of TCP/IP, networks, Linux and Windows operating system.
c. Course Syllabus
The following topics will be covered in order to conduct incident analysis and to collect evidence in case of a cybercrime without refering to storage components such as hard disks and RAM. Another objective is to detect incidents and malicious network traffic exploiting incorrect configuration of network components.
Foundations of forensic analysis
Network packet capturing technologies: Hardware, software and tools
Basic network protocols and components
Network security component log analysis: Logs of firewalls, intrusion detection and prevention systems, etc.
Analysis of network protocols (HTTP, SMTP, DNS etc.)
Deep packet inspection
Detection of malicious network traffic: “Man in the middle attack”, “DNS cache poisoning” etc. attacks
Detection of network traffic tunneling techniques: DNS, ICMP, SSH tunnelling etc.
Analysis of encrypted network traffic: “SSL traffic listening” technique
Reconstruciton of network traffic to obtain original data
Network flow analysis
24. Windows Malware Analysis
a. Who Should Attend
IT staff eager to conduct Windows malware analysis.
b.
Prerequisites
Being familiar with high-level programming features such as parameters, loops and functions,
Being informed about basic concepts of Windows operating system (“process”, “thread”, “memory management”, “registry”, “handle” etc.),
Having basic information about IP, HTTP, TCP, UDP, etc. network protocols, Wireshark etc. packet capturing tools,
Having introductory level knowledge of assembly and x86 architecture is required.
c.
Course Syllabus
Windows operating system, basic concepts
Basic static analiysis
Behaviour analysis
Code analysis
Hidden execution methods
Static analiysis prevention methods
Dinamic analysis prevention methods
Memory dump analysis
Analysis of Web (browser) based malware
Analysis of malicious documents
d. Duration
5 days
e. Benefits
25. Secure Software Development
a. Who Should Attend
Software developers/engineers, software project managers, software quality control team and system architects.
b. Prerequisites
Intermediate experience with a programming language.
c. Course Syllabus
Security problems of software
Security problems of technology components where software is running
Basic elements of secure software development process
How to integrate a secure software development lifecycle to a software development process
Source code samples, demonstrating most common vulnerabilities and how to prevent them
Technology that maybe applied to assure secure operation of components such as application server and database, where software is running, since software depends on these systems.
d. Duration
3 days
e. Benefits
©2015 TÜBİTAK BİLGEM SGE
Siber Güvenlik Enstitüsü
P.K. 74, Gebze, 41470 Kocaeli, Türkiye Tel: +90 (262) 648 1000, Fax: +90 (262) 648 1100
http://www.bilgem.tubitak.gov.tr,
