HSC   Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Training courses > ISS basics
Go to: HSC main site
Download the training catalog
Search:  
Version française
   Training courses   
o Planning
o LSTI Training courses
o SANS Training courses
o Certifications
o Formations universitaires
   E-learning   
o E-learning HSC
o ISO 27001
o PHP security
   Contacts   
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
   HSC est certifié OPQF   
logo OPQF
|>|ISS basics  
Training courses
See also...
o Organization of the courses
o Training sessions planning
o Goals
o Duration
o Instructor(s)
o Pre-requisite for attendants
o Teaching method
o Related courses
o Material
o Agenda
o Methods of inscription

Dates of the coming sessions:
> 13-14 March 2017 (Paris)
> 7-08 September 2017 (Paris)
Dates subject to modification without prior notice. The sessions will only take place if the number of registered attendants is high enough.


Goals

Acquire complete mastery of the techniques of Security of Information Systems fundamental concepts. For non-technical people to get a first operational vision of the ISS.


Duration

2 days.


Instructor(s)

  • Danil Bazin (Danil.Bazin@hsc.fr)
    • certifié GIAC Penetration Tester (GPEN)
    • certifié GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) depuis 2012
  • Matthieu Schipman (Matthieu.Schipman@hsc.fr)
    • Certifié GIAC Penetration Tester (GPEN)
    • Certifié GIAC Certified Forensic Examiner (GCFE)
    • Certifié GIAC Certified Windows Security Administrator (GCWN)
    • Certifié GIAC Continuous Monitoring Certification (GMON)
    • Certifié CISSP Certified Information Systems Security Professional
    • Certifié PCI Qualified Security Assessor - QSA
  • Vincent Herbulot (Vincent.Herbulot@hsc.fr)
    • GIAC Penetration Tester (GPEN)
    • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
    • GIAC Network Forensic Analyst (GNFA)
    • GIAC Forensic Analyst (GCFA)


    Pre-requisite for attendants


    Teaching method

    Lecture, with numerous examples of practical applications.


    Related courses


    Material


    Agenda

    Day 1:

    • Introduction
    • Context, objectives
    • Risks and business impacts
      • Blackmail
      • Customer accounts hijacking
      • billing fraud
      • Information disclosure to competitors
      • Key personnel departure
      • Reputational
      • Defacement
      • legal risks
    • Security Solutions
      • technical reminders
      • network protocols (IP , TCP, UDP , ICMP, IPsec)
      • protocols "link" (Ethernet , ARP, 802.x , LAN, VPN , MPLS )
      • sample application protocol : HTTP (s)
      • authentication gateways
    Day 2:
    • Network security and firewalls
    • Partitioning and IP filtering
      • Objectives , issues and principles
      • HSC example of a successful attack (IP -spoofing on Windows domain controller )
    • Proxy
      • Objectives , issues and principles
      • Equipment and limits
      • HSC example of a successful attack ( bypass URL filtering )
    • secure architecture
      • Objectives , issues and principles
      • Equipment and limits
      • HSC example of a successful attack ( remote shell by a DNS flow from inside to outside)
    • DMZ : Best Practices
      • Specific examples of network flows : flow matrix schematic illustration
    • concrete applications
      • virtualization
      • datacenters
      • VoIP
    • Application Security
    • Conventional attacks and feedback HSC
      • Operation of conventional web attacks ( SQL injection , XSS , CSRF )
      • Web servers , SSO
      • Webservices and XML feed
        • Specific Attacks : Search WSDL and enumeration methods , denial of service
        • Encryption solutions (WS -Security )
        • Solutions filter (Firewall XML )
        • Browser Security (Flash , Adobe, ActiveX vulnerabilities)
    • Securing
      • Rights management and access , storage of passwords
        • HSC example of a successful attack
      • Identity Federation (SSO)
        • Benefits and dangers of SSO
        • Example attack SSO
      • Development best practices
      • Vulnerability watch
      • Management of technical vulnerabilities
    • Criteria for choosing a security solution
      • Market Overview and vocabulary marketing
        • Products and services
        • Intrusion tests and technical security audits
      • The safety management in the time
      • Managing third party (service providers , service providers, customers and partners)
      • Understand and use a test report or technical intrusive security audit
      • Security audits and compliance
      • Certification market in SSI (products, services and management systems )
    • Conclusion


    Methods of inscription

    For registering an HSC course, please contact our training department by phone : +33 141 409 704 or by email at formations@hsc.fr, with first and last name of every student, your postal address and your company VAT number. Thoses informations enable us to send your the training agreement. The training agreement must be return agreed with signature and company stamp with you purchase order, at least 6 days before the course. The purchase order should precise your billing address and our payment regulations : net 30 days from our invoice date. Registration is completed as soon as we received those two documents.

    Last modified on 29 June 2016 at 14:10:02 CET - webmaster@hsc.fr
    Mentions légales - Information on this server - © 1989-2013 Hervé Schauer Consultants