cyber security training courses penetra- tion …how to harden your own environment within microsoft...

Page

Penetra- tion Testing Re-

port <Client Name>

•

Cyber Security Training Courses

Version 1.0 - April 2017

Table of contents

About us ............................................................................................................................................. ........................ 3 Courses overview ....................................................................................................................... ........................ 4 Windows - security hardening ........................................................................................ ........................ 6 Linux - security hardening .................................................................................................. ........................ 7 Networking - security hardening .................................................................................. ........................ 8 Vulnerability testing - how to conduct vulnerability assessments ... ........................ 9 Azure cloud - security hardening ................................................................................. ...................... 10 Management - cyber security risks for management staff ..................... ....................... 11 Web applications - testing for developers & test teams........................... ...................... 12 Mobile security - introduction to mobile security & hardening ........... ...................... 13 End user devices - security hardening ..................................................................... ...................... 14 Custom cyber security training courses .................................................................. ...................... 15

About us

What we do

We are a family owned and run company with many years’ experience in the I.T and security industry. As our client you will deal directly with the lead consultants of the project from start to finish. We pride ourselves on working closely with our clients to understand your requirements fully and tailor services to your individual needs.

Who we are

We want to share our knowledge with our clients and ensure you and your staff are armed to defend your environment against attack. We offer scheduled and bespoke training courses tailored to your needs.

Courses overview We offer a range of pre-made cyber security courses, or we can create fully customised courses for security testing products, particular devices or operating systems to suit your requirements.

Course Ref Description

ARMT-WIN Windows - security hardening How to harden the Windows operating system to improve it’s system security and prevent cyber attacks. Identify common risks and how to remediate and harden the Windows operating system for servers, desktops and laptops.

ARMT-NIX Linux - security hardening How to harden the Linux operating system to improve it’s system security and prevent cyber attacks. Identify common risks and how to remediate and harden the Linux operating system.

ARMT-NW Networking - security hardening How to harden the configuration of network devices to improve system secu-rity and prevent cyber attacks. Identify common risks and how to remediate and harden the device security.

ARMT-VA Vulnerability testing - how to conduct vulnerability assessments How to conduct basic vulnerability assessments within your own company’s network, to help with on-going security management and to assist with preparation and remediation of third-party penetration testing.

ARMT-AZURE Azure cloud - security hardening How to harden your own environment within Microsoft Azure cloud hosting. Identify and understand common miss-configuration issues and how to reduce your risk exposure.

ARMT-MGT Management - cyber security risks for management staff Understand common cyber security risks and what they mean, such as; cloud security, lost or stolen devices, application and infrastructure risks, the importance of security testing, remediation and benchmarking.

Courses Continued..

Course Ref Description

ARMT-WEB Web applications - testing for developers & test teams Identify and understand common web application risks and what they mean. Detailed overview of application testing tools, intercepting requests, manual and automatic application testing and basic report generation.

ARMT-MOB Mobile security - introduction to mobile security & hardening Understand common application and physical risks with mobile phone and tablet devices such as; security hardening methods, MDM, Jailbreaking, lost and stolen device data risks.

ARMT-END End user devices - security hardening Identify and understand common risks with end user laptops and desktops and how to securely harden the operating system, media and peripheral ports and encryption to prevent attacks and data loss if the device is lost or stolen.

ARMT-BSPK Bespoke courses - custom cyber security training courses We can create fully custom cyber security training for your staff to cover products, testing, testing tools and specific systems you use or intend to use.

Course Details

Windows - security hardening

Reference: ARMT-WIN

Overview:

How to harden the Windows operating system to improve it’s system security and prevent cyber attacks. Identify common risks and how to remediate and harden the Windows operating system for servers, desktops and laptops.

Suitable For: Windows support and configuration staff, netops, sysadmins and wintel engineers

Course Format:

Instructor lead Presentations Live demos

English language

This is not a hands on course with student labs

Requirements: Windows O/S configuration experience

Duration: 1 Day

Included: Drinks, snacks, refreshments and lunch

Contents: Windows security benchmarks Hardening of Windows operating systems Manual and automatic checking of Windows settings Windows password hash types and weaknesses Windows password extraction and hash cracking Common vulnerabilities and attack methods Vulnerability scanning with Nessus Checking for missing patches Third party software risks Service permissions and weaknesses Remediation

Course Details

Linux - security hardening

Reference: ARMT-NIX

Overview: How to harden the Linux operating system to improve it’s system security and prevent cyber attacks. Identify common risks and how to remediate and harden the Linux operating system.

Suitable For: Linux support and configuration staff, netops and sysadmins

Course Format:


English language


Requirements: Linux O/S configuration experience

Duration: 1 Day


Contents: Linux security benchmarks Hardening of the Linux operating systems Manual and automatic checking Linux settings Linux password hash types and weaknesses Linux password extraction and hash cracking Common vulnerabilities and attack methods Vulnerability scanning with Nessus Checking for missing patches Third party software risks Clear-text services and weaknesses File permissions and cron weaknesses Remediation

Course Details

Networking - security hardening

Reference: ARMT-NW

Overview: How to harden the configuration of network devices to improve system security and prevent cyber attacks. Identify common risks and how to remediate and harden the device security.

Suitable For: Network support and configuration staff, netops and sysadmins

Course Format:


English language


Requirements: Network device configuration experience, Cisco CLI

Duration: 1 Day


Contents: Hardening of routers, switches and firewalls VLAN hopping SNMP configuration and weaknesses Network protocol risks Manual and automatic configuration reviews Firewall rule set reviews Access control lists Management interfaces Clear-text services and weaknesses Port security Password hash storage weaknesses and cracking Remediation

Course Details

Vulnerability testing - how to conduct vulnerability assessments

Reference: ARMT-VA

Overview:

How to conduct basic vulnerability assessments within your own company’s network, to help with on-going security management and to assist with preparation and remediation of third-party penetration testing.

Suitable For: Network support and configuration staff, netops, sysadmins, cyber security managers and I.T compliance officers

Course Format:


Hands on labs

English language

Parts of this course are hands on for students wanting to scan

for vulnerabilities, although not compulsory

Requirements:

Operating systems, networking, TCP/IP Students may bring their own laptops with VMWare/

VirtualBox, although a desktop student PC will be provided for use

Duration: 2 Days


Contents: Port scanning and common port weaknesses Vulnerability scanning with Nessus Pro Clear-text protocols and weaknesses SSL scanning and weaknesses False positives Common operating system weaknesses (Win/Linux) Security benchmarks Pentesting process and example report walkthrough Remediation

Course Details

Azure cloud - security hardening

Reference: ARMT-AZURE

Overview: How to harden your own environment within Microsoft Azure cloud hosting. Identify and understand common miss-configuration issues and how to reduce your risk exposure.

Suitable For: Windows and Linux server support and build engineers already using Azure cloud based hosting or wanting to migrate to Azure cloud hosting

Course Format:


English language


Requirements: Operating systems, networking, TCP/IP, basic virtualisation

Duration: 1 Day


Contents: Azure cloud overview NSG (Network Security Groups) Default VM configuration weaknesses Azure portal configuration Azure security agents Security event alerting Virtualised network devices Azure security testing authorisation process Vulnerability testing within Azure using Nessus Pro Remediation

Course Details

Management- cyber security risks for management staff

Reference: ARMT-MGT

Overview:

Understand common cyber security risks and what they mean, such as; cloud security, lost or stolen devices, application and infrastructure risks, the importance of security testing, remedia-tion and benchmarking.

Suitable For: I.T Project Managers, CISO, CIO, Cyber Security Managers, I.T Security Officers, Compliance Managers or any staff wanting to learn about cyber risks

Course Format:


English language


Requirements: Basic I.T infrastructure and compliance awareness

Duration: 1 Day


Contents: Cyber security buzz words and what they mean Cloud security (Azure/Amazon AWS/VMware) Social engineering and phishing attacks Application security risks and common attacks Infrastructure security risks and common attacks External security threats and common attacks Internal security threats and staff risks Lost or stolen end user device risks Physical media risks Overview of penetration testing and the process/benefits Best practice/security benchmarking Vulnerability testing your own environment (internal/cloud)

Course Details

Web application - testing for developers & test teams

Reference: ARMT-WEB

Overview:

Identify and understand common web application risks and what they mean. Detailed overview of application testing tools, intercepting requests, manual and automatic application testing and basic report generation.

Suitable For: Application developers, testing team and any staff who wish to conduct basic application testing and automation of testing tasks

Course Format:


Hands on labs

English language

Parts of this course are hands on for students wanting to

perform basic application testing

Requirements:

I.T knowledge, application development or testing. Students may bring their own laptops with VMWare/

VirtualBox, although a desktop student PC will be provided for use

Duration: 2 Days


Contents: Common app risks (XSS, SQL Injection, cmd injection etc) Application testing tools Detailed look at Burp Suite Pro (features/installing/using) Manual and auto testing for app security vulnerabilities Intercepting, editing and replaying requests via proxy Testing function automation/scheduling Passive and active application testing Session strength testing Generation of application testing reports False positives

Course Details

Mobile security - introduction to mobile security & hardening

Reference: ARMT-MOB

Overview: Understand common application and physical risks with mobile phone and tablet devices such as; security hardening methods, MDM, Jailbreaking, lost and stolen device data risks.

Suitable For: Support, design and configuration staff, netops, sysadmins and I.T security compliance

Course Format:


English language


Requirements: Knowledge of Apple and/or Android devices and a basic knowledge of mobile application and security risks

Duration: 1 Day


Contents: Physical risks of mobile and tablet devices Jailbreaking risks Basic mobile application testing overview and tools Inspecting application files and data on devices Mobile security benchmarks MDM (Mobile Device Management) overview Lost or stolen device risks iOS jailbreak detection and prevention BYOD (Bring Your Own Device) risks and protection

Course Details

End user devices - security hardening

Reference: ARMT-END

Overview:

Identify and understand common risks with end user laptops and desktops and how to securely harden the operating system, media and peripheral ports and encryption to prevent attacks and data loss if the device is lost or stolen.

Suitable For: Support and desktop configuration staff, netops, helpdesk, build engineers and sysadmins

Course Format:


English language


Requirements: Knowledge of Windows operating systems and hardware peripherals

Duration: 1 Day


Contents: Windows operating system risks and hardening Third party software risks and client side exploitation risks Removable media risks and hardening Physical start-up and BIOS/UEFI risks and hardening Encryption Lost and stolen device risks Password extraction and cracking risks Peripheral port risks and hardening Security benchmarks Remediation

Course Details

Custom cyber security training courses

Reference: ARMT-BSPK

Overview: We can create fully custom cyber security training for your staff to cover products, testing, testing tools and specific systems you use or intend to use.

Contents: Specific security products such as Nessus & Burp Suite Pro Specific operating systems or SQL databases Specific network devices Testing against your own specific environment Master gold builds or template configuration Anything else security, process. product or policy related

cyber security training courses penetra- tion …how to harden your own environment within microsoft...

Documents