Новости Листа

<MASTERCLASS> System Forensics and Incident Handling

No.1 Security Expert, Paula Januszkiewicz

11 - 15 Јуни 2018

  • Траење: 5 дена
  • Локација: Семос Едукација, Скопје
  • Јазик: Англиски
  • Цена: 999 EUR
  • Пријавете се на следниот линк - пријава

За кого е наменет?

Администратори на претпријатија, инфраструктурни архитекти, професионалци од областа на  безбедноста, системи инженери, мрежни администратори, ИТ професионалци, безбедносни консултанти и други лица одговорни за спроведување мрежа и периметарска безбедност.


Материјали

Уникатни алатки на авторот, над 300 страници вежби, презентациски слајдови со белешки.


Предавач: Паула Јанушкиевич

Паула Јанушкиевич е ревизор на ИТ безбедност и тестирање на пенетрација, МВП и тренер за безбедност на претпријатија (MCT) и Microsoft Security Trusted Advisor. Таа е исто така врвен говорник на многу познати конференции, вклучувајќи Microsoft Ignite, TechEd Северна Америка, TechEd Европа, TechEd Middle East, RSA, TechDays, CyberCrime итн.

Паула има спроведено стотици ИТ безбедносни ревизии и пенетрациски тестови, вклучувајќи ги и оние за владините организации. Нејзината посебна специјализација се безбедносни решенија, за која има повеќе сертификати, а освен тоа блиски и се но и поседува други сертификаи во други сродни технологии. Паула поседува и страст за споделување на своето знаење со другите.


Содржина на курсот

  • Module 1: Introduction to Incident Response and Handling
    • Types of Computer Security Incidents
    • Examples of Computer Security Incidents
    • Signs of an Incident
    • Incident Prioritization
    • Incident Response
    • Incident Handling
  • Module 2: System and Network Security Mechanisms
    • Integrity Levels
    • Anti-malware & Firewalls
    • Application Whitelisting, Application Virtualization
    • Privileged Accounts, Authentication, Monitoring, and UAC
    • Whole Disk Encryption
    • Browser Security
    • EMET
    • Dangerous Endpoint Applications Session Zero
    • Privileges, permissions and rights
    • Passwords security (techniques for getting and cracking passwords
    • Registry Internals
    • Monitoring Registry Activity
    • Boot configuration
    • Services architecture
    • Access tokens
    • Web Application Firewall
    • HTTP Proxies, Web Content Filtering, and SSL Decryption
    • SIMs, NIDS, Packet Captures, and DLP
    • Honeypots/Honeynets
    • Network Infrastructure – Routers, Switches, DHCP, DNS
    • Wireless Access Points
  • Module 3: Incident Response and Handling Steps
    • How to Identify an Incident
    • Handling Incidents Techniques
    • Incident Response Team Services
    • Defining the Relationship between Incident Response, Incident Handling, and Incident Management
    • Incident Response Best Practices
    • Incident Response Policy
    • Incident Response Plan Checklist
  • Module 4: Handling Network Security Incidents
    • Denial-of-Service Incidents
    • Distributed Denial-of-Service Attack
    • Detecting DoS Attack
    • Incident Handling Preparation for DoS
    • DoS Response and Preventing Strategies
    • Following the Containment Strategy to Stop DoS
    • Detecting Unauthorized Access Incident
    • Incident Handling Preparation
    • Incident Prevention
    • Following the Containment Strategy to Stop Unauthorized Access
    • Eradication and Recovery
    • Detecting the Inappropriate Usage Incidents
    • Multiple Component Incidents
    • Containment Strategy to Stop Multiple Component Incidents
    • Network Traffic Monitoring Tools
  • Module 5: Handling Malicious Code Incidents
    • Count of Malware Samples
    • Virus, Worms, Trojans and Spywares
    • Incident Handling Preparation
    • Incident Prevention
    • Detection of Malicious Code
    • Containment Strategy
    • Evidence Gathering and Handling
    • Eradication and Recovery
  • Module 6: Securing Monitoring Operations
    • Industry Best Practices
    • Critical Security Controls
    • Host, Port and Service Discovery
    • Vulnerability Scanning
    • Monitoring Patching, Applications, Service Logs
    • Detecting Malware via DNS logs
    • Monitoring Change to Devices and Appliances
    • Leveraging Proxy and Firewall Data
    • Configuring Centralized Windows Event Log Collection
    • Monitoring Critical Windows Events
    • Detecting Malware via Windows Event Logs
    • Scripting and Automation
    • Importance of Automation
    • PowerShell
  • Module 7: Forensics Basics
    • Computer Forensics
    • Objectives of Forensics Analysis
    • Role of Forensics Analysis in Incident Response
    • Forensic Readiness And Business Continuity
    • Types of Computer Forensics
    • Computer Forensic Investigator
    • Computer Forensics Process
    • Collecting Electronic Evidence
    • Challenging Aspects of Digital Evidence
    • Forensics in the Information System Life Cycle
    • Forensic Analysis Guidelines
    • Forensics Analysis Tools
    • Memory acquisition techniques
    • Finding data and activities in memory
    • Tools and techniques to perform memory forensic