This track covers technical aspects that focus on implementing, managing and configuring networked and web-based systems. Participants will be introduced to software application and tools required to gather information, perform investigations and configurations, and monitor activities for their security infrastructure and information systems.

Network Security courses are designed to equip IT professionals and practitioners with the knowledge and skills required for implementing, designing, configuring, maintaining and reviewing a secure network system to prevent and manage network vulnerabilities. Participants will learn the skills needed to identify and analyse common internal and external security threats against a network so proactive security and audit strategies can be implemented to protect the organisation's information assets and systems from weaknesses. These weaknesses are often exploited by remote users using publicly and commercially available software tools and through manual techniques. Web-based applications need to be audited to ensure that vulnerabilities are discovered, where risks mitigated promptly and effectively. Policies, processes, management structures, equipment, and other requirements are also necessary to respond to any unforeseen network incidents.

Course Objective
In today's network dependent business environment, organisations link their systems across enterprise wide and virtual private networks, as well as connect remote users. In this course, participants learn to analyse risks to networks, and steps needed to select and deploy appropriate countermeasures to reduce the exposure to these threats.

Target Audience
Network Administrators, Network Support, System Support, Incident Handlers, Network Managers, IT Support.

Course Duration
The course duration is 3 days

Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.

Course Objective
This seminar will provide participants who have little or no experience with the knowledge and background required to formulate the policies, processes, management structure, equipment, and other requirements necessary to respond to network incidents. If an organisation has a Computer Incident Response Team (CIRT) or similar incident response capabilities. This course can provide information on refining the organisation’s current structure and capabilities.

Target Audience
CIRT Manager, CIRT Analyst, Incident Handler, Security Analyst

Course Duration
The course duration is 4 days

Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.

Course Objective
A security control system is effectively a critical component to securing Critical National Infrastructure. Many control systems have not been devised with security as the first priority, and the identification of vulnerabilities in control systems has caused substantial national and international concern. This course will cover the critical aspects of SCADA security, including security issues associated with the MODBUS, DNP3, and IEC 60870-5-104 protocols. Security vulnerabilities associated with connections between sensory devices, control devices, and administrative systems will be explored, as will wireless security, effective use of authentication systems and encryption, attack detection, SCADA vulnerability scanning. The goal of the course is to give SCADA engineers, SCADA administrators, control system engineers, penetration testers and CIRT or Computer Security Incident Response Team (CSIRT) personnel a working knowledge of SCADA security issues in order to create secure SCADA systems.

Target Audience
SCADA engineers, SCADA administrators, system and network administrators, control system engineers, penetration testers, and CERT/CSIRT personnel.

Course Duration
The course duration is 5 days

Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.

Course Objective
This course will cover ISP best practices developed over years of working with ISPs globally to better manage and secure their network systems. The course will be focused on methods of helping ISPs run cleaner and more cost-effective networks to help ISPs provide better service to their customers. Topics such as secure router configuration, routing best practices, BGP, DNS and DNSSEC, botnet discovery and mitigation, DDoS detection and mitigation, netflow analysis, spam detection, anti-phishing techniques will be covered in depth. This course is taught in a vendor neutral environment, and where possible multiple vendors’ techniques are covered to accomplish the same task.

Target Audience
ISP Network Administrators, System Administrators, ISP Managers, Computer Emergency Response Team / Computer Security Incident Response Team personnel.

Course Duration
The course duration is 5 days

Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.

Course Objective
Collecting malware is critical to understanding what threats exist on the Internet and what threats are targeting a network. Basic malware collection can be accomplished through simply deploying one of many pre-configured honeypots. However, in order to collect recent and sophisticated malware that uses newer spreading mechanisms, more advanced techniques are required. This course will focus on collection methods of the newest, and most interesting and possibly undetected malware, likely to be causing the most harm to a network. To collect this malware, this course will examine custom configurations for basic honeypots, such as nepenthses; configuration of a distributed Honeynet for use in a large-scale network environment; client-side honeypots; spam crawling; Darknets; and custom vulnerability simulation. Knowledge of basic honeypots or completion of the Network Forensics and Investigations Course is a pre-requisite for this course.

Target Audience
Incident Responders, Network and System Administrators, CERT/CSIRT Personnel, Malware Researchers, Malware Investigators, Anti-Virus Analysts.

Course Duration
The course duration is 5 days

Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.

The ability to preserve and analyse data found on digital storage media, computer systems and networks is essential for understanding and mitigating cyber attack against IT infrastructures. The ability to forensically analyse these devices and systems in a manner that preserves critical information is essential. The forensics professional must be highly competent in collecting, examining, analysing and reporting on digital evidence. They are also required to know the legal aspects associated with forensics investigation particularly for representation in a court of law. The use of real-world scenarios would enable the target audience not only to learn the required skills, but also gain experience in their practical application.

Course Objective
Participants will gain real world knowledge and skills to analyse network traffic, improve network security and reliability, and protect networks from malicious and criminal attacks. Participants will learn techniques to identify suspect traffic pattern, identify a breached host, identify signs of bots running in a network and the techniques to deal with and manage compromised machines.

Target Audience
IT Security Practitioner, Forensics Analyst, Incident Handlers, Network Administrators and Support.

Course Duration
The course duration is 5 days

Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.

Course Objective
Investigating what happened on a computer system after a suspected intrusion is critical to quantifying losses from a security breach. This course will teach network and system administrators, incident response personnel, and CIRT personnel on identifying the particular consequences of a break-in to a system after an intrusion has been identified. The primary focus of the course is to help administrators identify what data has been compromised through the application of host forensics techniques and log analysis. Instructors will teach open source forensics tools, as these are the most common, widely available, and free tools for incident responders. Special focus will be given to the discovery of data hiding techniques, rootkits, malware functionality, and time-based analytics. Analysis of the FAT, NTFS, and EXT2 file systems will additionally be covered. This course serves as a good foundation for further instruction on commercial tools or as a stand-alone for effectively using open source forensics tools.

Target Audience
Incident Responders, Network Administrators, System Administrators, CIRT/CSIRT Personnel.

Course Duration
The course duration is 5 days

Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.

Course Objective
Determining the functionality of malware is critical both during the incident response process and to better understand where threats on the Internet originate from. The course will examine malware in both static and runtime environments, and from several perspectives. It will take into account the viewpoint of an incident responder attempting to determine what malicious activities the malware has conducted in order to mitigate further malicious activity and remove the malware from an infected system. The course will also consider the perspective of a CSIRT or security team that is investigating malware to identify where it is calling back to and who is controlling it, perhaps as part of a post-mortem investigation. Finally, it will account for a network defender who is attempting to create signatures that will allow for identification of the malware on other compromised systems. Both static and runtime malware analysis techniques will be covered, and reverse engineering tools such as IDA Pro and Ollydbg will be covered.

Target Audience
Incident Responders, Network and System Administrators, CIRT/CSIRT Personnel, Malware Researchers, Malware Investigators, Anti-Virus Analysts.

Course Duration
The course duration is 5 days

Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.

Business applications and processes increasingly moving towards the web services and adopting the software-as-a-service model, many organisations today are exposing data and critical business services to untested or insecure web-based applications. These applications with inadequate or non-existent security offer opportunity for malicious hackers to access your critical database containing customer information, credit card data, proprietary data or classified information. You will gain skills on how to assess applications from a hacker’s perspective, understand application security vulnerabilities and learn how to mitigate these security holes so they are never exploited by a hacker.

Course Objective
Understanding web application attack vectors is critical for web application developers or professionals responsible for securing an organisation’s systems, to maintain a secure network system. Web application vulnerabilities have been the cause of some of the most serious computer security breaches on the Internet, and an organisations’ or it customers’ private information is often the target of web application attacks. This course will cover common methods for attacking web applications, such as SQL Injection, Cross-Site Scripting, command injection, data leakage attacks, session hijacking and PHP/Javascript/ASP vulnerabilities. Basic vulnerability discovery in web applications will be covered, as will secure coding techniques and the OWASP. Some understanding of programming is required, preferably PHP, Javascript, or ASP.

Target Audience
Web Application Developers, Penetration Testers, Web Application Testers.

Course Duration
The course duration is 5 days

Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.

Cyber criminals today are targeting organisations with the intent of gaining confidential and financial information unlawfully to commit crime. Traditionally this is illegal but with the internet platform this is highly possible due to unsecured application, systems and networks. When these cyber criminal falls in the hand of law enforcement, the officer must be well versed in conducting investigation, analysis and reporting using tools and techniques and also understand the motive behind these attacks.

Course Objective
This network investigations course is tailored specifically to the needs of law enforcement officers who are investigating cyber crimes. The course will begin by reviewing the common types of cyber crimes, how criminal activities are conducted on the Internet, and the tools and motivations driving the Internet as a medium for criminal activity. The course will investigate how Internet crime is conducted using tools such as Botnets, DDoS attacks, illicit file hosting, underground economy marketplaces, spam, phishing, extortion, and more. The course will also demonstrate how common hacking activity takes place through web application exploits, remote operating system and application exploits, social engineering, and web drive by attacks. The core of the course will be focused on how law enforcement officers can conduct effective investigations using the Internet. The course does not assume prior knowledge of network investigations, and will cover basic topics from email tracing to advanced topics such as network wiretapping and investigation of suspects who mask their identity using multiple proxies. The objective of the course is to give law enforcement officers a full set of tools and knowledge for use in conducting effective network investigations.

Target Audience
Law Enforcement Officers and Law Enforcement Support staff.

Course Duration
The course duration is 5 days

Delivery Mode
Lecture with presentation slides, course materials and learning activities, inclusive of case study and review questions.