Header
 
Overview

Many of today’s cyberattacks are successful because companies think that they are secure, hope that they are secure enough, really do not understand many of the complex security issues or do not have people who adequately understand the technology risks.

Perhaps rather than complaining about the attackers, we need to look more closely at the limitations of our defences. Often we are attacked because our systems are complex and need experience and understanding of the security technologies that we are dealing with.

What can you expect from these training workshop?


These workshop are designed to provide practical experience with common cybersecurity vulnerabilities as well as methodologies for analysis and protection. These workshop provide no lectures nor PowerPoint slides. Delegates (in pairs and with assistance) will design, build, test, analyse and develop protection methodologies. Thus these workshop cover areas in penetration testing, intrusion analysis, wireless and mobile vulnerabilities, smartcard vulnerabilities, forensic analysis, cloud authentication and cryptography, identity and access management, IoT (IN)Security, authentication and authorisation.

All workshop will be hands-on – no lectures, no PowerPoint slides, no talks about security being a good idea.

Only 12 people will be able to take part each day - so register early to confirm your seat and don’t miss this opportunity to learn from a leading cybersecurity facilitator!
People attending should have some familiarity with handling Linux and Windows systems.
The workshop will be using commercial equipment – no models, no simulations, no-mockups.

The 3-day hands-on and practical workshop will address the following:

• Practical Network Security Policy Implementation and Testing
• Cybersecurity Penetration Testing and Intrusion Detection
• Authentication and Identity & Access Management for Cloud Services

Choose to add on the 1-day Option for US$995.00
• Practical IoT (IN) Security


About Your Training Facilitator - Dr Ray Hunt

Dr Ray Hunt operates applied cybersecurity workshop out of Singapore, Hong Kong, Australia (Sydney, Melbourne, Perth, Adelaide), UK (London), Thailand, Taiwan and New Zealand. In particular he has provided workshop in Singapore (NTU, NUS, Singapore Government – Ministry of Defence, OCBC Bank, Cloud Security Alliance, Fujitsu, Vodafone), Hong Kong (CUHK, Hong Kong Government - IT Infrastructure, AT&T Global Network Services, Reuters, HK Computer Society), Australia (IoT Alliance, Australian Information Security Association, British Aerospace, National Broadband Network).

Current Positions:
Visiting Associate Professor, Royal Holloway College, University of London, Adjunct Associate Professor, University of South Australia, Adelaide, Australia, Visiting Professor, Advanced Informatics School, Technical University of Malaysia, Honorary Associate Professor, Deakin University, Melbourne, Australia, Adjunct Associate Professor, Edith Cowan University, Perth, Australia, Adjunct Associate Professor, University of Canterbury, New Zealand

TOP

Workshop Program Outline

Pre-Training Workshop Evening Drinks & Dinner
6-8:30 This social event will give participants the opportunity to get to know each other and the training workshop facilitator. An unequalled opportunity to meet and network.
Day 1 - 21 October 2019 | 28 October 2019 | 4 November 2019 | 11 November 2019
Practical Network Security Policy Implementation and Testing
08:00 Registration & Morning Coffee
09:00 Start of Day 1

This workshop will address cybersecurity topics and provide practical experience in how to configure protection mechanisms such as: stateful packet inspection, cryptographic tools, multifactor authentication systems, Public Key Infrastructure, VPNs (OpenVPN, SSL, IPSec, IKEv2) including tunnel design implementation and testing.

We will use a set of firewalls, routers, switches and access points. Clients (mostly Windows 10) and servers (Windows and Apache) will be configured to connect to these firewalls and other network devices and you will implement a range of packet filter and proxy services including FTP, HTTP, HTTPS, NAT and others and test their operations as if this was a commercial company or Government organisation. You will experiment with firewall configuration options which can remove undesirable content from HTTP/HTTPS connections – e.g. java scripts (even when the end- to-end session is encrypted!)

During these configuration exercises you will see why companies failed to be protected against significant cyberattacks such as WannaCry and Petya because of misconfiguration and/or misunderstanding. Further, you will gain practical experience on how to build secure VPN and multifactor authentication systems.

Some of the tools and techniques used in this workshop include:
  • Packet filters, proxies, stateful packet inspection
  • Cryptographic tool suites incorporating AES/MD5/SHA and NAT
  • Public Key Infrastructure including SSL/TLS and X.509 digital certificates
  • VPNs (OpenVPN, SSL-VPN, IPSec, IKEv2) for secure tunnel design and implementation
  • Interworking with the RSA authentication engine with SecurID tokens
It will be assumed that you have basic familiarity with IP addressing and subnetting and will be comfortable with configuring networks like 204.137.98.128/27 (Trusted), 204.137.98.160/28 (DMZ) and 204.137.98.176/28 (Untrusted) and routing between these subnets.

We will set up a SSL cybersecurity operation through the firewall and demonstrate data leakage out of the seven vulnerable versions of SSL demonstrating typical cybersecurity attacks on secure servers.

You will experiment with authentication methods for VPN operation (OpenVPN, SSL VPNs and IPSec and IKEv2 VPNs) and for this we will use RADIUS in the RSA SecurID token authentication engine.

We will also set up secure client server connections through the firewall using HTTPS – thus linking the user with the bank. We will then show how it is possible to intercept – and modify – the apparently secure end-to-end HTTPS connection.

This workshop is designed to provide you with good cybersecurity applied skills that you can use in the workplace. We also use this workshop to demonstrate how some apparently secure connections using AES encryption are not necessarily secure and why not.
05:00 Close of Day 1
(The workshop will break for coffee, lunch and afternoon tea)
Day 2 - 22 October 2019 | 29 October 2019 | 5 November 2019 | 12 November 2019
Cybersecurity Penetration Testing and Intrusion Detection
08:30 Morning Coffee
09:00 In this workshop we examine a number techniques used to assess cybersecurity vulnerabilities in computer networks. This is primarily the work of Penetration Testers and includes topics such as: Penetration Testing using Zenmap, Nessus, SNORT and the Snorby Graphical User Interface Intrusion Detection Engine, SSL Data Leakage and Interception demonstrating Man-In-The-Middle Vulnerabilities.

This is an important workshop if you are likely to end up assessing the security of a system – or work with a Penetration Testing company as a contractor to assess security vulnerability as it an area of growing demand in the face of cybersecurity attacks.

We will work with a platform of routing, firewall and switching equipment including a variety of software tools. There will be a trusted internal server (a bank which you will attempt to penetrate) connected to the outside world through the firewall. Thus on the external machine you will run a range of penetration testing tools including Nmap, Zenmap and Nessus.

On the trusted side you will run Intrusion Detection engines including both the SNORT command line engine as well as the full graphical SNORBY engine and thus you will be able to track intrusions in order to evaluate the state of security of your system.

We will run a bank server – very much equivalent to a small banking operation with clients, accounts etc – and you will be tasked with exactly the same job as a penetration tester. You will need to find what services are running on this bank (such as Port 1433 Microsoft SQL Server, Port 3306 MYSQL database server, Port 5432 Postgres SQL database, Port 1521 Oracle database default listener service for SQL) and then you will attempt to connect to such ports from your Penetration Testing tool set running via the external interface on the firewall. This is essentially a sample of real life penetration testing.

Next you will setup a client connection to a bank over a secure (https) connection. Then you will use interception tools to see how you can leak private data out of the secure SSL/TLS connection – thus demonstrating Man-In-The-Middle vulnerabilities. Clearly we will not do this on a real bank but use a pseudo-bank for the exercises above. The objective is not to break in but to understand how and why (apparently) secure services running good crypto can be compromised in practice.

Some of the tools and techniques used in this workshop include:
  • Penetration testing tools used for the monitoring and performance of traffic and analysis
  • Nmap, Zenmap and Nessus vulnerability, port and fingerprinting scanners
  • SNORT intrusion detection engine and the Snorby graphical interface engine
  • Engines which can be used for SSL interception and data leakage
MITM (Man-In-The-Middle) Capture using Switches, Ettercap and Wireshark

This is a preliminary experiment which demonstrates simple interception with switches, use of tools such as Ettercap out of Backtrack/Kali and how private information can be leaked. This then sets the scene for the two sections to follow:

SSL Data Leakage - Heartbleed

The recently discovered SSL data leakage vulnerability (Heartbleed) has been incorporated into a workshop and configured in exactly the same way in which a client, firewall and a bank’s configuration occurs in practice. The tools and techniques used to extract critical personal information will be experimented with in this workshop – not so much from the point of view of just breaking in but to gain understanding as to why and how such vulnerabilities can exist in modern current business and Government systems.

SSL Interception - Man-In-The-Middle Vulnerabilities

Such a practical implementation requires the use of a variety of firewall and routing equipment. In this workshop we will build the network, implement and test the security policy and gain experience in the practical implementation of client-server application processes such as those commonly used in mobile Internet banking. Thus the firewall and interconnected network configurations will closely represent those found in practice. The Internet banking scenario will be constructed with the use of mobiles which will interact with a bank server. Man-in-the-Middle cybersecurity attacks will then be configured to access SSL connections and subsequent extraction of user identification credentials.
05:00 Close of Day 2
(The workshop will break for coffee, lunch and afternoon tea)
Day 3 - 23 October 2019 | 30 October 2019 | 6 November 2019 | 13 November 2019
Authentication and Identity & Access Management for Cloud Services
08:30 Morning Coffee
09:00 The main components of this workshop involve authentication and identity control techniques – primarily for use in Cloud Services and you will build and operate: Active Directory, RSA multifactor authentication system using hardware, software and mobile phone devices, smartcard identity, Gallagher cloud services and physical security. The smartcard work will involve the use of both 1K and 4K Mifare smartcards.

The use of access mechanisms and deployment of selected levels of privilege is critical in providing secure access to network and application processes - particularly for the provisioning of Cloud Services. This workshop will be run with three key architectures – Active Directory/Domain Controller with the RSA Authentication Engine incorporating the SecurID multifactor token system, as well as the Gallagher Physical Security System (see picture below). All of these involve the use of strong cryptography and digital certificates.

Active Directory will be configured for interconnection to (i) RSA Authentication Engine and (ii) Gallagher Physical Security System. You will also configure Active Directory Federation Services (ADFS) for Cloud Apps. The users and associated attributes configured in Active Directory are now used via interconnected secure channels to control access to doors, floors, buildings etc via the Gallagher engine and the following two diagrams show you the equipment that you will setup and operate. All of these architectures are widely used in industry and this workshop will involve the use of full commercial implementations, thus no artificial simulations will be used.



You will install and operate soft tokens from an Android Mobile using QR codes as well as Active Directory Federation Services (ADFS) for Cloud Apps. You can either use your own Androids or one of a set provided.




Summary of topics to be covered include:
Building the Active Directory
Configuring the RSA Engine to interface with Active Directory
Configuring crypto front-ends
Active Directory Federation Services (ADFS) for Cloud Apps
  • Cloud-based Security Systems
    Active Directory configuration for a cloud-based physical access system
    Mapping the corporate database into the cloud-based server
    Setting up the smartcard control system
    Live testing of access services
05:00 Close of Day 3 and Training Workshop
(The workshop will break for coffee, lunch and afternoon tea)

TOP
Who Should Attend:

This training and hands-on workshop will provide participants with an in-depth knowledge of cybersecurity and is for you if you are:
  • IT Executives, Software Engineers and Programmers who are responsible for implementation and testing security
  • IT Executives who want an overview of a typical range of Cybersecurity attacks which have been encountered over the last couple of years
  • Computer Executives who want to understand how to configure and test network and server devices for security
  • Executives who want to see a range of attacks underway and to understand how they can be recognised and prevented

Optional Day 4 - 24 October 2019 | 31 October 2019 | 7 November 2019 | 14 November 2019
1-Day Training Workshop
A Hands-on Workshop in Practical IoT (IN)Security
08:00 Registration & Morning Coffee
09:00 The Internet of Things (IoT) is a novel paradigm which is shaping the evolution of the future Internet. We are seeing increasing ubiquity of the Internet, by way of connecting people anytime and everywhere, as well as the connection of inanimate objects. By providing objects with embedded communication capabilities and a common addressing scheme, a highly distributed and ubiquitous network of seamlessly connected heterogeneous devices is formed, which can be integrated into the current Internet and mobile networks and indeed will form part of developing 5G networks, thus essentially allowing for the integration of new intelligent services available anytime, anywhere, by anyone and anything.

Unfortunately vulnerabilities can apply to all devices connected. An IoT device is not considered to be a network device as is a router, switch, firewall, server etc. Devices connected could be thermostats, lights, switches, locks, recorders, webcams etc which traditionally are not included in a security framework – but may need to become so as a result of being manipulated as IoT devices.

IoT consists of two key ideas: local control of devices - commonly industrial systems and remote control of devices, i.e. commonly consumer products which are manipulated by mobile devices. In the former case, security is essentially a component of the control network, and is no different from any industrial control system.

In the latter case (remote control of devices), one has an inherent requirement for the device to be exposed - in some way - to the external network. Typically this is done by it connecting home devices to the CSP (Cloud Service Provider), which can severely limit security.

So there are multiple avenues of vulnerability, depending on which resources one is trying to secure. The important thing is that beyond the network-level issues, there is also the user-level issue and all interaction with the IoT device is mediated by a (logging) third party: not a security issue from the network point of view, but certainly one from the system point of view.

Also the malware lays low at first - the main purpose is still for a DDoS botnet, and it is designed to spread rapidly to other IoT devices. Many antivirus solutions are still unable to detect such malware.

TOP
About this Workshop

Much has been discussed and many papers written on the (lack of) security and need for authentication in the IoT world. Unfortunately not a lot of people have had the opportunity to use IoT devices and see where and why the security vulnerabilities lie. Understanding the underlying network operation and configuration is paramount to knowing how to design IoT devices which are not susceptible to vulnerabilities such as malware and botnet attacks.

This workshop will introduce delegates to a range of tools which can be used to diagnose the lack of security systems and to assist in understand how protection techniques such as authentication – currently so lacking – can be applied. In this workshop delegates will be assisted to use these tools along with IoT devices such as switches, lights, thermostats, video cameras, door locks, music players and others and thus develop highly practical skills.

With most IoT devices and platforms missing even basic security hygiene and existing network security tools lacking the capability to properly manage an IoT network, implementing IoT devices can be a security nightmare.

We look at the current state of IoT in enterprises, the challenges of properly securing IoT devices, as well as ideas on how to resolve these issues and prepare for the age of automation.


     
  Email : enquiry@stratcoms.com | Telephone : Christina Logan, Mobile : +64 21 858 455  
  TOP  
   
   
© 2011 Strategic Communications. All Rights Reserved.
121 Meetings Site Visit