Information Security Philippines

presents

Network Vulnerability Assessment Workshop

March 26, 27 and 28 2008

In today’s world, it is getting more and more important for businesses to be connected and be accessible through the Internet. Businesses now put more stock into the viability of the net in increasing their profit margin and in large extent their public exposure. Thus, more financial value gets imbued into the data that goes around the wires.

That’s where the value of information security comes into play; assessing one’s readiness in defending information assets comes as a direct result of proper Vulnerability Assessment and to a larger scale of risk management. Getting one’s feet wet on VA will benefit not only the company’s security stance but also the individual’s appreciation of what could possibly lie ahead in terms of threats and risks, realization would also set on the extent of knowledge, time and investment to fully prepare one’s company in facing the growing challenges of today and tomorrow’s Internet.

Course Objectives:

At the end of the training, you should be able to:

• Determine the boundary of analysis and schedule of assessment
• Perform threat and impact analysis
• Define and verify policies of target assets for VA
• Execute active and passive information gathering techniques
• Utilize vulnerability scanning tools
• Generate technical and managerial VA reports

Who Should Attend:

• Network Managers
• System Administrators
• IT Managers
• IT Auditors
• Security Professionals

Course Outline:

 

DAY 1

 

• • Information Security Concepts
  • The Need for Information Security
  • Vulnerability Assessment Overview
  • The Security Process
  • Information Security Life Cycle
  • Threats to Computer and Network Systems
  • What is Ethical Hacking?
  • Types of Ethical Hacking
  • Responsibilities of an Ethical Hacker
  • Skills Requirements
  • Customer Expectations
  • Relevant Laws

• Introduction
  
• Foundations

DAY 2

 

• • Formal Methodologies
  • Methodology Overview
  • Open Source and Commercial Tools
  • The Live CD Approach
     

  • • Passive Information Gathering
    • Active Information Gathering
    • Social Engineering

    • Tools and Online Resources
    • Google Hacking

  • Project Start-Up
  • Information Gathering
  • Threat and Impact Analysis
  • Reconnaissance and Enumeration

• Getting Started
• Vulnerability Assessment

DAY 3

 

• • • Technical Report
    • Managerial Report

  • Vulnerability Scanning
  • Report Generation
  • Web Application Securit
     

  • Summary
  • Information Security Policies
  • Introduction to Penetration Testing

• Vulnerability Assessment
• Synopsis

Miscellaneous

Reports

Checklists

Technical Reports

Managerial Reports

Please bring your laptop.

Trainer’s Profile:

Ariel Ben T. Senga, CISSP

Ariel is the President and CEO of SeQure Technologies, which he cofounded in 2005. He is also a Certified Information Systems Security Professional. Ariel has intensive experience in various information systems management and development in IT, communications, manufacturing, government, and engineering industries. He has conducted various engagements related to IT internal control reviews, standards compliances, and internal audit reviews.

Currently, he has been managing all of SeQure Technologies’ security services such as vulnerability assessments, penetration testing, security assessments and audits, policy controls, and network infrastructure deployments.

Ariel has developed training courses in security awareness, network vulnerability assessment and penetration testing. As with course development, Ariel has presented in Universities and Colleges in the Philippines as an information security advocate.

Training Schedule: March 26, 27 and 28, 2008 (3 Days w/ Lunch + Refreshment Snacks)

Course Fee: PhP 17,500.00 (Exclusive of 12% VAT)

Includes: Student Manual, Live CD, and Certificate of Completion

Venue: CEO Suite, 37th Flr. LKG Tower 6801 Ayala Ave. 1226 Makati City

For more details, please call or text Pamela Chua at +63 922 8742757 or email pam@poshmarketingservices.com.

Cancellation of registration should be made seven working-days before the training date. Otherwise, 50% of the training fee shall be charged. No show during the training shall be charged 100% of the training fee.

presents

Malcode Analysis and Response: Proficiency vs. Complexity

by Matt Allen and Russ McRee

Thursday, March 20, 2008 at 1:00 PM EDT (1700 UTC/GMT)

The threat landscape changes constantly, driven in part by the “bot economy” and changing malcode techniques. In response, incident handler techniques must keep pace. This presentation will cover the use of RAPIER, a security tool built to facilitate first response procedures for incident handling. It is designed to acquire commonly requested information and samples during an information security event, incident, or investigation. RAPIER automates the entire process of data collection and delivers the results directly to the hands of a skilled security analyst. From detection and discovery, capture and containment, count on a useful discussion meant to further your incident response practices.

The second part of this webcast will discuss how malicious code authors are persistently introducing new hurdles to complicate reverse engineering. At Norman, we combine observations from our labs with feedback from SandBox customers to identify complexities responsible for wearing down efficient analysis of new threats. The impact of new SandBox capabilities for addressing these complexities will be introduced, followed by a short discussion of top priorities in the SandBox product roadmap.

Matt Allen: With backgrounds in computer and information sciences as well as business, Matt Allen has worked in a number of different roles at Norman over the past 5 years, varying from incident response to web and software development. Matt is currently working with the SandBox team on various projects ranging from development to marketing.

Russ McRee: Russ McRee, GCIH, GCFA, CISSP is a security analyst working in the Seattle area. He’s the author of ISSA Journal’s monthly column Toolsmith, and has written for Information Security, Linux Pro, SysAdmin and others, including an OWASP whitepaper. Prior speaking engagements include SecureWorld Expo, ISSA Northwest Regional, WSA SIG, RAID 2005, and Linuxfest Northwest. Russ has been a board member of ISSA Puget Sound, and is a member of PACCISO, InfraGard and CCSA. Russ maintains holisticinfosec.org.

Register for this free webseminar.

presents

Security Insights with Dr. Eric Cole

Wednesday, March 19, 2008 at 1:00 PM EDT (1700 UTC/GMT)

Most people think that encryption protects attackers from accessing sensitive information, but it is important to remember that encryption stops anyone from reading information. Therefore if it is not properly deployed, encryption can actually decrease security if it blinds critical security components from analyzing traffic. In addition, many companies are deploying full disk encryption but if it is not configured correctly, it might be providing a false sense of security.

Based on first-hand experience, this talk will look at areas where encryption should be used and how to avoid common mistakes. Dr. Cole will also identify areas where encryption should not be deployed. Overall, this talk will provide expert knowledge of the landscape of encryption, proper uses and common pitfalls.

Dr. Eric Cole is an industry recognized security expert, with over 15 year’s hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker. Eric is also a senior scientist with Lockheed Martin Information Technology (LMIT) and Lockheed Martin (LM) fellow. Dr. Cole is actively involved with The SANS Technology Institute (STI) and SANS actively working with students, teaching, maintaining and developing courseware.

Register now for this free webcast!

presents

What Works: PaulDotCom’s Penetration Testing Dojo: Core IMPACT Style

by Alan Paller and Paul Asadoorian

Tuesday, March 18 at 1:00 PM EDT (1700 UTC/GMT)

When beginning a security process at a consortium of non-profits, senior network security engineer, Paul Asadoorian of Pauldotcom began looking for a penetration testing tool that did network, web application and social engineering tests. The tool he purchased is low on manpower use, mostly self-maintaining and reliably proves the existence of network vulnerabilities. Please attend this webcast to find out why Paul selected CORE IMPACT and learn how it can help you safely perform network, web application and end-user penetration testing.

About the Speakers:

Alan Paller:

Alan is the Director of Research for the SANS Institute, responsible for overseeing all research projects ranging from the SANS Step-by-Step guides to the SANS digests to the Top Twenty Internet Security Threats. He the founder of the CIO Institute, and earned his degrees in Computer Science and Engineering from Cornell and MIT. Alan is the author of the EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life. In 2001 the President named Alan as one of the original members of the National Infrastructure Advisory Council. The Federal CIO Council chose him as its 2005 Azimuth Award winner recognizing his vision and outstanding service to federal information technology.In 2007, CIO Decisions, eWeek , and Baseline magazines jointly selected Alan as one of the 100 most influential people in the Information technology field.

Paul Asadoorian:

Paul Asadoorian GCIA, GCIH, Founder & Chief Executive Officer Paul Asadoorian has over 5 years experience working in the information security field. His work experience covers both major corporations and academic institutions. He currently holds two GIAC (Global Information Assurance Certification) certifications in intrusion detection (GCIA, GIAC Certified Intrusion Analyst) and incident response (GCIH, GIAC Certified Incident Handler). Paul also sits on the GCIA advisory board, has spent one year as a GCIA authorized grader, and continues to stay involved in the SANS (SysAdmin, Audit, Network, Security) Institute. His research has appeared in the book Network Intrusion Detection, 3rd edition, and also in the SANS Reading Room web site. Paul has presented for numerous organizations and conferences, including MIT Security Camp, and ISACA (Information Systems Audit and Control Association). Paul graduated from Bryant College with a bachelor of science in Computer Information Systems.

Sign-up to attend the free webcast.