social pharmacy d-pharm 1st year by Pragati K. Mahajan
ISACA T&T Training Week Course Outline
1. COURSE OUTLINE
Training Week 2012
May 7-11 2012
Hyatt Regency
Port of Spain, Trinidad, W.I.
2. FACILITATOR’S BIO
John Tannahill, CA, CISM, CGEIT, CRISC is a management
consultant specializing in information security and audit
services. His current focus is on information security
management and control in large information systems
environments and networks. His specific areas of technical
expertise inclu de UNIX and Windows operating system security,
include
network security, and Oracle and Microsoft SQL Server security.
John is a frequent speaker in Canada, Europe and the US on the subject of
information security and audit.
He is a member of the Toronto ISACA Cha pter and has spoken at many ISACA
Chapter
Conferences and Chapter Events including ISACA Training Weeks; North America
CACS; EuroCACS; Asia- Pacific CACS; International and Network and Information
Security Conferences.
John is the 2008 Recipient of the ISACA John KuyerBest Speaker/Best Conference
Best
Contributor Award.
Prior speaking engagements include:
ngagements
ISACA Chapter seminars (e.g. Toronto, Pittsburgh, Houston, Washington ,
Trinidad & Tobago)
ISACA Training Weeks (2001 present)
(2001-
ISACA NACACS, EuroCACS, Asia -Pacific CACS Conferences
ISACA Information Security Management Conferences
ISACA International Conferences
CSI Annual Computer Security Conference (2009)
Presented many in-house 1
house 1-day – 5-day seminars
2
Page
Training Week 2012. May 7-11 2012.Hyatt Regency Trinidad, W.I.
Regency.
3. SESSION ABSTRACTS
INTRODUCTION TO ETHICAL HACKING & FIREWALL SECURITY: 2 DAYS (HANDS-ON)
This session will provide participants with a practical methodology and approach to performing ethical
hacking assessments, and will include testing firewall security design and control. Detailed exercises and
demonstrations of tools and techniques used will allow the participant to evaluate network vulnerabilities
and identify key control recommendations that should be implemented to address the issues.
SESSION HIGHLIGHTS
Hands-on environment used for Sample assessment report outline
demonstration & discussion purposes Listing of reference material for ethical
Detailed discussion of output and results hacking assessment methodologies,
obtained from each part of the assessment techniques and tools
1. NETWORK DISCOVERY AND FOOTPRINT
Network Address Spaces (DNS, IP Address Information Gathering Tools (e.g. SNMP
Blocks) information)
Ping Sweep Techniques; Firewalking etc. Use of Search Engines such as Google and
other Web-based resources
2. TCP/IP SERVICE IDENTIFICATION AND ENUMERATION
Port Scanning Techniques (tcp; udp and Other Port Scanning, Fingerprinting and
icmp scanning) Service Identification Tools such as amap
(application fingerprinting) and netcat
Use of Nmap(including NSE – Nmap
Scripting Engine) Advanced scanning techniques and tools
(including use of Hping and other packet
crafting tools)
3. ETHICAL HACKING – IDENTIFY AND EXPLOITING VULNERABILITIES
Vulnerability identification tools and Testing web applications
techniques (including configuration and use
of network testing tools such as OpenVAS) Testing vulnerabilities in Unix and Windows
operating systems using tailored scripts and
Use of NIST National Vulnerability Database OS-specific tools
(NVD) and related resources
Using the Metasploit Framework
Testing firewalls including configuration and
rules assessments Effective reporting and risk-ranking of
assessment results
Testing specific TCP/IP Services e.g. web
3
servers
Page
Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.
4. UNDERSTANDING AND SECURING WINDOWS 2008: 2 DAYS (HANDS-ON)
This session will focus on the audit and security issues related to the use of the Windows 2008 Server
Operating System.
SESSION HIGHLIGHTS
Understand Windows 2008 architecture and Demonstration of Windows 2008 security
security components and audit tools
Use of Windows 2008 server operating Demonstration of Windows 2008 Server
systems to demonstrate key security security features, including default security
features settings, security hardening steps and use of
the Group Policy
1. WINDOWS 2008 CONCEPTS
Overview of Windows 2008 Build and Deployment Processes
Server Versions Configuration Management
Service Packs & Hotfixes Patch Management
2. UNDERSTANDING WINDOWS 2008 SECURITY COMPONENTS
Active Directory Services (ADS) Security Configuration
Group Policy Objects (GPO)
3. WINDOWS 2008 SECURITY AND CONTROL
Security Baselines Privilege Management
Active Directory Security Network Share Security
Windows 2008 Domains Directory & File Permissions
Trust Relationship Mechanisms Registry Security
Group Policy Objects (GPO) Security Event Logs
User Accounts Windows Services
Authentication Controls Network Security
User Rights Security Administration
Groups
4. AUDITING THE WINDOWS 2008 ENVIRONMENT
Audit Objectives Automated Tools/ Scripts for Audit Testing
Auditing Domain Controllers Approach to Windows 2008 Security Audit
Auditing Member Servers
5. SECURITY AND AUDIT TOOLS & TECHNIQUES
Windows 2008 Resource Kit
Demonstration of Windows 2008 Security &
Audit Tools
4
Page
Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.
5. UNDERSTANDING AND SECURING WIRELESS & MOBILE TECHNOLOGIES: 1 DAY(SEMINAR)
This seminar will focus on the audit and security issues related to the use of Wireless and Mobile
Technologies.
SESSION HIGHLIGHTS
Detailed discussion of Wireless Network Demonstration and discussion of security
Security Issues and audit tools and techniques
Live wireless LAN environment used in class
to demonstrate key concepts and
security/audit areas /steps
1. UNDERSTANDING WIRELE SS & MOBILE TECHNOLOGIES
Wireless LANs (WLAN) Bluetooth Technology and Security
(IEEE 802.15)
Wireless LAN standards and current
implementations - IEEE 802.11g; Other Wireless Technologies (e.g. Wi-
802.11n technologies and security Max – 802.16)
mechanisms
Mobile Technologies – Blackberry;
Wi-Fi Protected Access (WPA/WPA2) iPhone; iPAD; Android; USB and
removable media
2. UNDERSTANDING WIRELE SS & MOBILE TECHNOLOGY THREATS AND RISKS
WLAN Access Point Security Fake Access Points
War Driving Traffic Capture and Analysis
Unauthorized Network Access Bluetooth Threats
Rogue Access Points Theft / Loss of Client Devices
3. SECURING & AUDITING WIRELESS & MOBILE TE CHNOLOGIES
Authentication and Encryption
Wireless Security Policy and Standards VPN, Firewall and IDS measures
Mobile Technology Security Standards Wireless Security Assessment
Wireless & Mobile Technology Risk Auditing a WLAN environment
Assessment Wireless Client Security
Secure Wireless Architecture, Design Bluetooth Security Configuration
and Deployment Mobile Device Configuration Security
Access Point Security
4. SECURITY AND AUDIT TOOLS & TECHNIQUES
Demonstration of wireless security and audit tools and techniques, including Kismet, Aircrack;
Bluetooth Assessment tools etc
5
Useful reference material
Page
Training Week 2012.May 7-11 2012.Hyatt Regency. Trinidad, W.I.