CPE Credits: 7
Description:
This seminar will introduce the attendee to the technologies, terms and processes related to Web security from the perspective of the internal/external Infosec auditor's point-of-view. Covered during the seminar will be concepts and techniques related to general Web security, network security, operating system security and methods for evaluating overall and general network environment security. Additionally, the concepts and technologies behind such security measures as intrusion detection, firewall design and deployment, DMZs, router, and virtual private networks and overall network security are addressed.This seminar will introduce the attendee to the technologies, terms and processes related to Web security from the perspective of the internal/external Infosec auditor's point-of-view. Covered during the seminar will be concepts and techniques related to general Web security, network security, operating system security and methods for evaluating overall and general network environment security. Additionally, the concepts and technologies behind such security measures as intrusion detection, firewall design and deployment, DMZs, router, and virtual private networks and overall network security are addressed.
Audience:
This seminar is intended for Chief Technology Officers, Chief Information Officers, Chief Security Officers, Controllers, internal and external audit professionals, and individuals who wish to learn more about securing and controlling their organization's Web environment. This seminar is intended for Chief Technology Officers, Chief Information Officers, Chief Security Officers, Controllers, internal and external audit professionals, and individuals who wish to learn more about securing and controlling their organization's Web environment.
Prerequisites: There is no prerequisite for this seminar.
Objectives:
After completing this seminar, participants will be able to:
- Recognize how easy it is for perpetrators to mount an Internet attack
- Describe the latest threats when connecting internal systems to the Internet
- Explain the countermeasures used to protect organizations against attack
- Describe the latest risks involved when providing Internet services to staff
- Conduct an assessment and technical review of their organization's Internet and Web-based systems
Course Outline:
Network Security Fundamentals
· The Web client/server architecture
· What does the Web server do?
Goals of Network Security
· Availability
· Authentication
· Privacy
· Integrity
Network Security Threats
· Client information leakage
· How cookies work
· Assessing the threats from Java, JavaScript, VBScript and ActiveX
· Hostile applets and viruses
Web Security
· Disabling Java applets
· Turning off cookies
· Using an online virus checker
· Obtaining browser certificates
· Enabling and disabling signing authorities
Vulnerabilities of Web Tools
Creating a Secure Network Strategy
· Authenticating users
· File permissions and document roots
· Operating privileges for the server
· Audit tools
Common Web Attacks and Their Defenses
Intrusion Detection
Security Baselines
· Components of a firewall
· What firewalls can and cannot do
· Comparing firewall types
· Using application proxies
Auditing & Compliance
· Responding to security violations
· Real-time monitoring
· Limiting damage
· Keeping up to date on new threats
Security Assessment
Establishing Network Defenses
Dr. Marcella’s seminar will draw upon his 29 years of field experience in the areas of corporate, data, IT and physical security and his roll as a Board of Director member for the Saint Louis community InfraGard project, a Board of Governor member for the Saint Louis Institute of Internal Auditors and as a member of the Saint Louis Cyber-Terrorism Task Force.