Advanced Network Defense



Hardening Perimeter Defenses

Course Description
Advanced Network Defense: This is a 3 days comprehensive and fast paced course that will take the perspective of the “hacker”, and use that as a foundation of defending against future attacks. It is certainly fun being on the offense executing the actual hacking and penetration testing, but when it comes to reality most of us have to play roles requiring a solid defense. This course provides an offensive mindset first in order to then create a robust and solid defense.

The course will cover how to develop a secure baseline and “harden” your enterprise architectures from the most advanced attacks. Once we have a strategy for a fortified perimeter the course moves on to defending against the sophisticated malware that is on the rise today and the importance of “live” memory analysis plus real time monitoring.

You will learn how to develop a robust ingress and egress architecture plan to mitigate and reduce the impact of sophisticated malware. The course covers the advanced security features that are inherent to Active Directory which allows an enterprise to carry out isolation of servers and domains. In this course you will experience the advanced configuration of a Windows Firewall that supports advanced security features such as IPsec. In the course you will configure, implement and deploy Network Access Protection utilising various enforcement mechanisms across a forest. You will learn about the Active Directory Rights Management Services (RMS) and the implementation of a Read Only Domain Controller which can be deployed at sites where maintaining physical security is impossible.

The course will cover configuring, implementing and deploying security compliance templates that establishes a “hardened” baseline for any machine joining the domain or forest.  You will also see how software created certificates which are configured to not allow the export of the private key are “jailbroken” and compromised, then you will be exposed to a countermeasure for the attack using hardware based certificate with the Trusted Platform Module (TPM) chip that protects the private key from exploitation. You will then be introduced to the concept of leveraging the TPM hardware security chip to establish automatic and transparent authentication of authorized network devices, users and self-encrypting hard drives to ensure unbreakable protection of data “in the wild.”

The Trainer
Kevin Cardwell spent 22 years in the U.S. Navy, during this time he tested and evaluated Surveillance and Weapon system software, some of this work was on projects like the Multi-Sensor Torpedo Alertment Processor (MSTRAP), Tactical Decision Support System (TDSS), Computer Aided Dead Reckoning Tracer (CADRT), Advanced Radar Periscope Discrimination and Detection (ARPDD), and the Remote Mine Hunting System (RMHS). He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations Center (NOC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOC for six years prior to retiring from the U.S. Navy. During this time he was the leader of a 5 person Red Team that had a 100% success rate at compromising systems and networks.

He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US and UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is technical editor of the Learning Tree Course Ethical Hacking and Countermeasures and Computer Forensics. He is author of the Controlling Network Access course. He has presented at the Blackhat USA Conferences. He is a contributing author to the Computer Hacking Forensics Investigator V3 Study Guide and The Best Damn Cybercrime and Digital Forensics Book Period. He is a Certified Ethical Hacker (CEH), Certified Security analyst (E|CSA), Qualified Penetration Tester (QPT), Certified in Handheld Forensics,  Computer Hacking Forensic Investigator (CHFI) and Live Computer Forensics Expert (LCFE), and holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. His current research projects are in Computer Forensic evidence collection on "live" systems, Professional Security Testing and Advanced Rootkit technologies. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman, he servers as a professional training consultant to the Oman Information Technology Authority, and is currently developing the team to man the first Commercial Security Operations Center in the country of Oman.
Who should attend:

This course is intended for:

Firewall administrators, system architects, system administrators, windows admin or those responsible for or interested in:
  • Identifying security weaknesses in computer systems or networks
  • Exposing weaknesses for system's owners to fix breaches before being targets of compromise
  • Applying hacking and pen testing constructively to defend against various possible attacks
  • Analysing best practices in developing secure system and network configurations
  • Establishing a secure baseline in deploying machines in a protected state
  • Appreciating popular attack methods applied by hackers in order to fortify their systems
From practically any organization that handles important data would find this course beneficial, examples are:
  • Government agencies
  • Universities
  • Hospitality
  • Retail
  • Banking and Financial institutions
  • Brokerage and Trading firms
  • Insurance
  • Scientific institutions & research agencies
  • Telecommunication
  • Computer design firms
  • Consulting firms
  • Science and Engineering firms
  • Those involved with online related businesses & transactions
  • Card related businesses
NOTE: This is definitely not a beginner’s course; participants will be expected to possess the knowledge of attempting attacks against a variety of platforms and architectures under the supervision of an expert. Ideally, the student will be CEH, ECSA or hold equivalent industry experience
Pre - requisites
  • Students must be familiar with IT Security best practices, and have a good understanding of programming logic and common web technologies as well as binary applications
  • Basic Windows administration for servers and workstations
  • Basic Linux/NIX system administration skill
  • Basic command line proficiency on both Windows and NIX systems
Benefits:

Upon completion of this program, student should be able to understand:
  • Executing a set of techniques that are critical to the protection of your entire enterprise against some of today’s most advanced threats
  • Reviewing methods of system deployments in as secure a state as possible while supporting your daily business requirements
  • Applying necessary techniques required for malware identification throughout the enterprise even in the case of the malware not being detectable by any of your security controls
  • Staging Advanced Attacks to appreciate methods of correctly eliminating or mitigating risk to an acceptable level

Course Outline

 Module 01: Firewalls
Module 02: Advancing Filtering
Module 03: Firewall Configuration
Module 04: Hardening:  Establishing a Secure Baseline
Module 05: Windows Server 2008 Security
Module 06: Windows Server 2008 Security part II
Module 07: Intrusion Detection and Prevention Why Intrusion Detection?
Module 08: Protecting Web Applications
 Module 09: Memory Analysis
Module 10: Endpoint Protection
 Module 11: Securing Wireless
Instructor
Kevin Cardwell

Dates
October 26 – 28, 2012

Pricing
Register and pay by May 31, 2012: $2799
Register and pay by August 31, 2012: $3199
Register and pay after September 1, 2012: $3399

Class Capacity
30
You will get this:
  1. Official CAST Courseware
  2. Complimentary Pass to Hacker Halted conference (Inclusive of Party entrance pass).
  3. Lunch and coffee breaks throughout the duration of the training.
  4. Certificate of Attendance



spacer
dummy