cyber security training courses penetra- tion …how to harden your own environment within microsoft...
TRANSCRIPT
Page
Penetra- tion Testing Re-
port <Client Name>
•
Cyber Security Training Courses
Version 1.0 - April 2017
Page 2
Table of contents
About us ............................................................................................................................................. ........................ 3 Courses overview ....................................................................................................................... ........................ 4 Windows - security hardening ........................................................................................ ........................ 6 Linux - security hardening .................................................................................................. ........................ 7 Networking - security hardening .................................................................................. ........................ 8 Vulnerability testing - how to conduct vulnerability assessments ... ........................ 9 Azure cloud - security hardening ................................................................................. ...................... 10 Management - cyber security risks for management staff ..................... ....................... 11 Web applications - testing for developers & test teams........................... ...................... 12 Mobile security - introduction to mobile security & hardening ........... ...................... 13 End user devices - security hardening ..................................................................... ...................... 14 Custom cyber security training courses .................................................................. ...................... 15
Page 3
About us
What we do
We are a family owned and run company with many years’ experience in the I.T and security industry. As our client you will deal directly with the lead consultants of the project from start to finish. We pride ourselves on working closely with our clients to understand your requirements fully and tailor services to your individual needs.
Who we are
We want to share our knowledge with our clients and ensure you and your staff are armed to defend your environment against attack. We offer scheduled and bespoke training courses tailored to your needs.
Page 4
Courses overview We offer a range of pre-made cyber security courses, or we can create fully customised courses for security testing products, particular devices or operating systems to suit your requirements.
Course Ref Description
ARMT-WIN Windows - security hardening How to harden the Windows operating system to improve it’s system security and prevent cyber attacks. Identify common risks and how to remediate and harden the Windows operating system for servers, desktops and laptops.
ARMT-NIX Linux - security hardening How to harden the Linux operating system to improve it’s system security and prevent cyber attacks. Identify common risks and how to remediate and harden the Linux operating system.
ARMT-NW Networking - security hardening How to harden the configuration of network devices to improve system secu-rity and prevent cyber attacks. Identify common risks and how to remediate and harden the device security.
ARMT-VA Vulnerability testing - how to conduct vulnerability assessments How to conduct basic vulnerability assessments within your own company’s network, to help with on-going security management and to assist with preparation and remediation of third-party penetration testing.
ARMT-AZURE Azure cloud - security hardening How to harden your own environment within Microsoft Azure cloud hosting. Identify and understand common miss-configuration issues and how to reduce your risk exposure.
ARMT-MGT Management - cyber security risks for management staff Understand common cyber security risks and what they mean, such as; cloud security, lost or stolen devices, application and infrastructure risks, the importance of security testing, remediation and benchmarking.
Page 5
Courses Continued..
Course Ref Description
ARMT-WEB Web applications - testing for developers & test teams Identify and understand common web application risks and what they mean. Detailed overview of application testing tools, intercepting requests, manual and automatic application testing and basic report generation.
ARMT-MOB Mobile security - introduction to mobile security & hardening Understand common application and physical risks with mobile phone and tablet devices such as; security hardening methods, MDM, Jailbreaking, lost and stolen device data risks.
ARMT-END End user devices - security hardening Identify and understand common risks with end user laptops and desktops and how to securely harden the operating system, media and peripheral ports and encryption to prevent attacks and data loss if the device is lost or stolen.
ARMT-BSPK Bespoke courses - custom cyber security training courses We can create fully custom cyber security training for your staff to cover products, testing, testing tools and specific systems you use or intend to use.
Page 6
Course Details
Windows - security hardening
Reference: ARMT-WIN
Overview:
How to harden the Windows operating system to improve it’s system security and prevent cyber attacks. Identify common risks and how to remediate and harden the Windows operating system for servers, desktops and laptops.
Suitable For: Windows support and configuration staff, netops, sysadmins and wintel engineers
Course Format:
Instructor lead Presentations Live demos
English language
This is not a hands on course with student labs
Requirements: Windows O/S configuration experience
Duration: 1 Day
Included: Drinks, snacks, refreshments and lunch
Contents: Windows security benchmarks Hardening of Windows operating systems Manual and automatic checking of Windows settings Windows password hash types and weaknesses Windows password extraction and hash cracking Common vulnerabilities and attack methods Vulnerability scanning with Nessus Checking for missing patches Third party software risks Service permissions and weaknesses Remediation
Page 7
Course Details
Linux - security hardening
Reference: ARMT-NIX
Overview: How to harden the Linux operating system to improve it’s system security and prevent cyber attacks. Identify common risks and how to remediate and harden the Linux operating system.
Suitable For: Linux support and configuration staff, netops and sysadmins
Course Format:
Instructor lead Presentations Live demos
English language
This is not a hands on course with student labs
Requirements: Linux O/S configuration experience
Duration: 1 Day
Included: Drinks, snacks, refreshments and lunch
Contents: Linux security benchmarks Hardening of the Linux operating systems Manual and automatic checking Linux settings Linux password hash types and weaknesses Linux password extraction and hash cracking Common vulnerabilities and attack methods Vulnerability scanning with Nessus Checking for missing patches Third party software risks Clear-text services and weaknesses File permissions and cron weaknesses Remediation
Page 8
Course Details
Networking - security hardening
Reference: ARMT-NW
Overview: How to harden the configuration of network devices to improve system security and prevent cyber attacks. Identify common risks and how to remediate and harden the device security.
Suitable For: Network support and configuration staff, netops and sysadmins
Course Format:
Instructor lead Presentations Live demos
English language
This is not a hands on course with student labs
Requirements: Network device configuration experience, Cisco CLI
Duration: 1 Day
Included: Drinks, snacks, refreshments and lunch
Contents: Hardening of routers, switches and firewalls VLAN hopping SNMP configuration and weaknesses Network protocol risks Manual and automatic configuration reviews Firewall rule set reviews Access control lists Management interfaces Clear-text services and weaknesses Port security Password hash storage weaknesses and cracking Remediation
Page 9
Course Details
Vulnerability testing - how to conduct vulnerability assessments
Reference: ARMT-VA
Overview:
How to conduct basic vulnerability assessments within your own company’s network, to help with on-going security management and to assist with preparation and remediation of third-party penetration testing.
Suitable For: Network support and configuration staff, netops, sysadmins, cyber security managers and I.T compliance officers
Course Format:
Instructor lead Presentations Live demos
Hands on labs
English language
Parts of this course are hands on for students wanting to scan
for vulnerabilities, although not compulsory
Requirements:
Operating systems, networking, TCP/IP Students may bring their own laptops with VMWare/
VirtualBox, although a desktop student PC will be provided for use
Duration: 2 Days
Included: Drinks, snacks, refreshments and lunch
Contents: Port scanning and common port weaknesses Vulnerability scanning with Nessus Pro Clear-text protocols and weaknesses SSL scanning and weaknesses False positives Common operating system weaknesses (Win/Linux) Security benchmarks Pentesting process and example report walkthrough Remediation
Page 10
Course Details
Azure cloud - security hardening
Reference: ARMT-AZURE
Overview: How to harden your own environment within Microsoft Azure cloud hosting. Identify and understand common miss-configuration issues and how to reduce your risk exposure.
Suitable For: Windows and Linux server support and build engineers already using Azure cloud based hosting or wanting to migrate to Azure cloud hosting
Course Format:
Instructor lead Presentations Live demos
English language
This is not a hands on course with student labs
Requirements: Operating systems, networking, TCP/IP, basic virtualisation
Duration: 1 Day
Included: Drinks, snacks, refreshments and lunch
Contents: Azure cloud overview NSG (Network Security Groups) Default VM configuration weaknesses Azure portal configuration Azure security agents Security event alerting Virtualised network devices Azure security testing authorisation process Vulnerability testing within Azure using Nessus Pro Remediation
Page 11
Course Details
Management- cyber security risks for management staff
Reference: ARMT-MGT
Overview:
Understand common cyber security risks and what they mean, such as; cloud security, lost or stolen devices, application and infrastructure risks, the importance of security testing, remedia-tion and benchmarking.
Suitable For: I.T Project Managers, CISO, CIO, Cyber Security Managers, I.T Security Officers, Compliance Managers or any staff wanting to learn about cyber risks
Course Format:
Instructor lead Presentations Live demos
English language
This is not a hands on course with student labs
Requirements: Basic I.T infrastructure and compliance awareness
Duration: 1 Day
Included: Drinks, snacks, refreshments and lunch
Contents: Cyber security buzz words and what they mean Cloud security (Azure/Amazon AWS/VMware) Social engineering and phishing attacks Application security risks and common attacks Infrastructure security risks and common attacks External security threats and common attacks Internal security threats and staff risks Lost or stolen end user device risks Physical media risks Overview of penetration testing and the process/benefits Best practice/security benchmarking Vulnerability testing your own environment (internal/cloud)
Page 12
Course Details
Web application - testing for developers & test teams
Reference: ARMT-WEB
Overview:
Identify and understand common web application risks and what they mean. Detailed overview of application testing tools, intercepting requests, manual and automatic application testing and basic report generation.
Suitable For: Application developers, testing team and any staff who wish to conduct basic application testing and automation of testing tasks
Course Format:
Instructor lead Presentations Live demos
Hands on labs
English language
Parts of this course are hands on for students wanting to
perform basic application testing
Requirements:
I.T knowledge, application development or testing. Students may bring their own laptops with VMWare/
VirtualBox, although a desktop student PC will be provided for use
Duration: 2 Days
Included: Drinks, snacks, refreshments and lunch
Contents: Common app risks (XSS, SQL Injection, cmd injection etc) Application testing tools Detailed look at Burp Suite Pro (features/installing/using) Manual and auto testing for app security vulnerabilities Intercepting, editing and replaying requests via proxy Testing function automation/scheduling Passive and active application testing Session strength testing Generation of application testing reports False positives
Page 13
Course Details
Mobile security - introduction to mobile security & hardening
Reference: ARMT-MOB
Overview: Understand common application and physical risks with mobile phone and tablet devices such as; security hardening methods, MDM, Jailbreaking, lost and stolen device data risks.
Suitable For: Support, design and configuration staff, netops, sysadmins and I.T security compliance
Course Format:
Instructor lead Presentations Live demos
English language
This is not a hands on course with student labs
Requirements: Knowledge of Apple and/or Android devices and a basic knowledge of mobile application and security risks
Duration: 1 Day
Included: Drinks, snacks, refreshments and lunch
Contents: Physical risks of mobile and tablet devices Jailbreaking risks Basic mobile application testing overview and tools Inspecting application files and data on devices Mobile security benchmarks MDM (Mobile Device Management) overview Lost or stolen device risks iOS jailbreak detection and prevention BYOD (Bring Your Own Device) risks and protection
Page 14
Course Details
End user devices - security hardening
Reference: ARMT-END
Overview:
Identify and understand common risks with end user laptops and desktops and how to securely harden the operating system, media and peripheral ports and encryption to prevent attacks and data loss if the device is lost or stolen.
Suitable For: Support and desktop configuration staff, netops, helpdesk, build engineers and sysadmins
Course Format:
Instructor lead Presentations Live demos
English language
This is not a hands on course with student labs
Requirements: Knowledge of Windows operating systems and hardware peripherals
Duration: 1 Day
Included: Drinks, snacks, refreshments and lunch
Contents: Windows operating system risks and hardening Third party software risks and client side exploitation risks Removable media risks and hardening Physical start-up and BIOS/UEFI risks and hardening Encryption Lost and stolen device risks Password extraction and cracking risks Peripheral port risks and hardening Security benchmarks Remediation
Page 15
Course Details
Custom cyber security training courses
Reference: ARMT-BSPK
Overview: We can create fully custom cyber security training for your staff to cover products, testing, testing tools and specific systems you use or intend to use.
Contents: Specific security products such as Nessus & Burp Suite Pro Specific operating systems or SQL databases Specific network devices Testing against your own specific environment Master gold builds or template configuration Anything else security, process. product or policy related