Limes Academy · 2020. 3. 26. · ICS.223 Incident Handling Essentials Page 16 ... BYOD)-Handling...

Limes AcademyList of Courses 2018/2019

2

The Limes Academy offer

As part of Limes Academy, we offer training packages in the following areas Awareness, Industrial Security and Security Engineering.

All training sessions are held by our experienced industrial security expert who bring more than a de-cade of security consulting experience to the table. You benefit not only from excellent training content, but also from a wealth of experience. In addition to the

theoretical content, all training courses also include practical exercises in order to make the respective topics as tangible and descriptive as possible for the participants.

+ Interactive Training Because you only retain 10% of what you hear during the course. In our training courses you apply what you have heard directly and increase your knowledge transfer to 90%.

+ Professional Competence All training courses are conducted by our experienced security experts.

+ Practice Lab Practical exercises are used to attack and defend.

+ Training Documents Are available in printed form. The test environment facilitates practicing and experimenting.

+ In-house Training Courses We hold individually adapted courses for your employees.

+ International Security Training Institutes Limes Security provides security trainers for the renowned SANS-Institut.

+ Certificate At the end of the training you will receive a certificate of participation.

Awareness Training Industrial Security Training Security Engineering Training

Starting from page 5 Starting from page 9 Starting from page 18

Why Limes Security?

3

Training overview

100 Security Awareness TrainingAWT.101 IT Security Awareness Page 06AWT.102 IT Security Awareness Page 07AWT.103 Zero Downtime: Blackout Edition Page 08

200 Industrial Security TrainingIndustrial Security FoundationICS.201 Foundation Page 10ICS.202 Updater Page 11Industrial Security AdvancedICS.211 Technical OT Security Page 12ICS.212 OT Security Management Page 13Industrial Security AdditionsICS.221 Assessing OT Page 14ICS.222 Applying Security Technology in OT Page 15ICS.223 Incident Handling Essentials Page 16ICS.224 Industrial Security with IEC 62443 Page 17

300 Security Engineering TrainingSecure CodingSEC.301 Secure Coding Java Page 19SEC.302 Secure Coding .NET Page 20SEC.303 Secure Coding Web Page 21Secure Development LifecycleSEC.311 Secure Product Development with IEC 62443-4-1 Page 22Security TestingSEC.321 Security Testing Foundation Page 23System HardeningSEC.331 System Hardening Windows Page 24SEC.332 System Hardening Linux Page 25

4

Our speakers

Our trainers are all experienced security experts with many years of consulting work in industry and in soft-ware development.

The added value for you as a customer: In addition to excellent training content, you will also receive a broad wealth of experience and direct knowledge - from practical experience for practical use.

Unsurpassed professional competence

Speaker profiles

is our broad-spectrum antibiot-ic against security ignorance. As a Stuxnet Incident Handler and former head of Siemens Product-CERT, he knows industrial securi-ty from all life cycle phases. He is Professor of IT and Cyber Security, and is certified for CISSP, GSEC, GICSP and GRID.

brings profound technical security expertise to training courses and penetration tests through his many years of experience in industrial security research in the production and energy sectors. He is also a lecturer for IT security at the Univer-sity of Applied Sciences St. Pölten.

is an Offensive Security Certified Professional and trainer for Indus-trial Security. As an experienced project manager, she supports industrial companies and ener-gy suppliers with a great deal of technical knowledge. She likes to incorporate this experience into her classes as war stories and anec-dotes.

is an IT/OT Specialist and has been professionally involved with IT and OT for twelve years now. Apart from his work as an IEC-62443 special-ist, he also supports companies in carrying out risk analyses and in introducing and implementing OT management systems.

is an Oracle Certified Associate and Trainer for Secure Coding and Security Testing. He loves solving tricky problems - whether creat-ing secure applications or trying to hack them. During training ses-sions he shares his experiences and likes to challenge participants with complex exercises.

is a certified ISO -27001 auditor, member of the OVE working group on IEC 62443, hacker and for over ten years trainer for secure coding. He loves to give the participants tricky tasks and to assist them with the right security tips.

Thomas BrandstetterLukas Brandstätter

Phillipp KreimelGandalf Denk

Kerstin ReisingerPeter Panholzer

5

100 Security Awareness Training

The majority of successful attacks exploit the human vulnerability to invade internal networks. Your employ-ees must learn to understand where in their daily work

security risks lurk - regardless of whether they are in management, production, or marketing.

In our tried and tested Security Awareness Training we impart the requisite self-competence the employ-ees need to immediately identify risks and avoid neg-ligent behavior. Limes Security takes advantage of experiences from attack campaigns, demonstrations

and exciting war stories to accomplish that. We use entertaining explanations of the most essential secu-rity rules that every employee of a modern company should know in order not to be a security risk for their own company.

The employee as the target

Training contents

AWT.101IT SecurityAwareness

AWT.102OT SecurityAwareness

AWT.103Zero Downtime:Blackout Edition

Awareness

6

AWT.101 IT Security Awareness

€ DEEN

4 hours All employees No Notebooknecessary

400.- euros German or English

No prior knowledgenecessary

The IT Security Awareness Training serves as a basis for every employee in the company to impart a basic

understanding of security or to refresh existing secu-rity knowledge.

Registration You will find an overview of all current dates as well as the registration for the AWT.101 IT Security Aware-ness Training under the adjacent link or by scanning the QR code.

# What is information security?# Who are the attackers?# Recent attacks, incidents and hacking demo# Secure rules of conduct - Dealing with programs, software and emails - Dealing with passwords and password policies - Handling USB sticks and other external media - Handling your own equipment in the company (Bring your own Device – BYOD) - Handling information - Physical security# Recognize attacks and report suspicious cases# Security in the private environment

IT Security Awareness

Training contents# Imparting a basic understanding of security for all employees# Creating security awareness in the participants for an increased security level in their own company # Refreshing already known rules of conduct for secure actions in the company

Your benefits

www.limessecurity.com/de/academy/termine/

Training documents and certificates

Available in publicor in-house

7

AWT.102 OT Security Awareness

€ DEEN

4 hours All employees No Notebook required


No prior knowledge necessary

The OT Security Awareness training serves as a basis for every employee in the OT area to impart a basic understanding of security or to refresh existing secu-rity knowledge. In contrast to the AWT.101-IT Security

Awareness training, concrete examples and rules of conduct specifically for the OT area are considered here.

Registration You will find an overview of all current dates as well as the registration for the AWT.102 OT Security Aware-ness Training under the adjacent link or by scanning the QR code.

# What is included in Operational Technology (OT)?# Who are the attackers?# Recent attacks, incidents and hacking demo# Secure rules of conduct - Dealing with programs, software and emails - Dealing with passwords and password policies - Handling USB sticks and other external media - Handling your own equipment in the company (Bring your own Device – BYOD) - Handling information - Physical security# Recognizing attacks and reporting suspicious cases# Security in the private environment

OT Security Awareness

Training contents# Imparting a basic understanding of security for all employees in the OT sector.# Creating security awareness in the participants for an increased security level in their own company # Refreshing already known rules of conduct for secure actions in the company

Your benefitsYour benefits



Available in public or in-house

8

AWT.103 Zero Downtime: Blackout Edition

€ DEEN

2 hours All employees No Notebook required

On request German or English


As a contestant, transform yourself from a person af-fected to a participant: In the ICS cyber security sim-ulation game, you become the defender of your cor-porate values. Several teams compete against each other and learn to simulate reality.

The simulation game is based on a serious consid-eration: The students learn about current IT threat scenarios and adequate security concepts as countermeasures at the forefront. Through the direct involvement of each individual, the learning content

anchors itself strongly and sustainably; at the same time, teamwork is essential. In the end, the company that has best mastered the challenges is chosen as the winner.

The simulation game is moderated by a Limes securi-ty expert and the results are briefly summarized after each round. The contestants play in groups at a table with a board in combination with a tablet. No special previous knowledge is necessary for participation and the simulation game is even well suited for beginners.

Registration An overview of all current dates and the registration for AWT.103 Zero Downtime: Blackout Edition can be found under the link on the right or by scanning the QR code.

ICS Cyber Security Simulation Game Zero Downtime


# Get to know important security measures and concepts in a playful manner. # Apply effective countermeasures to security threats as a contestant.

# Learn about the effects and consequences of certain security measures and concepts.

Your benefits


Only in-house possible

9

200 Industrial Security TrainingAWT.103 Zero Downtime: Blackout Edition

In addition to increased security requirements for manufacturers, system integrators and operators of industrial plants, technical changes in the area of in-dustrial security have become a new challenge. The rapid change includes the fact that industrial security

today functions completely differently than the familiar world of automation of the past decades. Limes Security provides clarity and generates guide-lines for action and competence for the correct han-dling of security issues in an industrial environment.

The training contents have been selected based on the experience gained from many industrial projects and are aimed at the challenges facing the industry in practice. Our training courses impart the securi-ty basics (foundation) urgently needed by industrial personnel as well as advanced knowledge for deci-

sion-makers and technicians and special topics (ad-ditions). Through practical examples and war stories from our trainers, you develop all the skills required for secure digitization in industry.

Secure digitalization for technicians and decision makers

Training contents

ICS. 211 Technical OT Security

Foundation Level

Advanced Level

Additions

ICS.212 OT Security Management

ICS. 221Assessing

OT

ICS.222Applying SecurityTechnology in OT

ICS.223Incident Handling

Essentials

ICS.224Industrial Security

with IEC 62443

ICS. 201 Industrial Security Foundation

10

ICS.201 Foundation

€ DEEN

2 days Own Notebookrequired

1,500.- euros German or English


Everyone involved in a modern industrial system needs basic security knowledge in order to recognize security problems and avoid endangering industri-al operations through their own behavior. Within the framework of the Foundation training, the participants are taught those security competencies through up-

to-date specialist content, practical exercises and entertaining experiences from industrial security con-sulting activities, which are not only essential for their work in the changed environment of increasing digita-lization, but also decisive.

Registration You will find an overview of all current dates as well as the registration for the ICS.201 Foundation Training under the adjacent link or by scanning the QR code.

# Introduction to Industrial Control Systems/Operational Technology (OT)# IT vs. OT Security# Security Essentials (protocols, cryptography, network security)# Security threats and attack vectors# Social Engineering 101: Phishing & Co.# IEC 62443: Introduction and application# System Hardening and Defense in Depth

Industrial Security Foundation

Training contents# Acquisition of self-competence to protect your industrial operations in the best possible way and to ensure secure digitalization.# Creating basic security knowledge to be able to build comprehension for further security topics.# Detecting security threats and security problem areas# Learning concepts for hardening your system topography# An insight into the IEC-62443 standard and its applications

Your benefits


Technicians anddecision makers



11

ICS.202 Updater

€ DEEN

4 hours No Notebooknecessary



The ICS Security Updater training course serves as a refresher and update course for the participants to

inform them about organizational and technical inno-vations and progress in the field of security.

Registration You will find an overview of all current dates as well as the registration for the ICS.202 Updater Training under the adjacent link or by scanning the QR code.

# New security features in ICS protocols# Innovations in the area of compliance and regulations# News about IEC 62443# ICS vulnerabilities and attack campaigns# Innovations in security technologies

Industrial Security Updater

Training contents# Efficiently refresh the knowledge you've already acquired in just four hours.# Learn about the most important innovations from the technical as well as from the organizational world of security.# Stay one step ahead of attackers with information about current ICS vulnerabilities and attack campaigns.

Your benefits

Your benefits


Technicians anddecision makers



12

ICS.211 Technical OT Security

€ DEEN



ICS.201 Foundation Training recommended

Technicians and engineers in particular are increas-ingly required in industrial operations to make or pre-pare the right decisions concerning appropriate tech-nical security measures and security technologies.

This requires deeper security knowledge and a good understanding - be it of threats, current attack cam-paigns or the use of technical protection measures.

Registration You will find an overview of all current dates as well as the registration for the ICS.211 Technical OT Secu-rity Training under the adjacent link or by scanning the QR code.

# Security aspects of industrial protocols# Advanced ICS Network Security - Network segmentation - ICS-specific firewall topics - Network-based attacks - Honeypots# ICS security standards and their fields of application # Social Engineering In-Depth

Industrial Security Advanced: Technical OT Security

Training contents# Understanding secure usage of industry-specific protocols# Security threat detection# Knowledge to secure the plant networks# Use of techniques and methods to detect and defend against hacking attacks

Your benefits


Technician Training documents and certificates


13

ICS.212 OT Security Management

€ DEEN




OT security management training provides those responsible for operations, project and production managers and decision-makers in general with the knowledge they need to implement security in indus-trial operations. Participants learn all necessary skills to recognize dangers early on, to increase the secu-

rity level and to lastingly avoid security vulnerabilities. The focus is on organizational topics and process management, in addition technical influencing factors are also discussed, which prepare the participants better for future security decisions.

Registration You will find an overview of all current dates as well as the registration for the ICS.212 OT Security Manage-ment Training under the adjacent link or by scanning the QR code.

# Security standards and application areas - Procurement: BDEW Whitepaper, INL Procurement Language - Cyber Security Frameworks: NIST 800-82, NIST CSF, NERC CIP, IEC 62443 - ISO 27000 and ISO 27019 - Comparison of ISO 27001/27002 and IEC 62443-2-1# Risk analysis methodology and execution according to IEC 62443-3-2# Industrial Security Program Development according to IEC 62443-2-4# Social Engineering In-Depth

Industrial Security Advanced: OT Security Management

Training contents# Security threat detection# Knowledge of security standards in the industrial environment# Handling security problem areas# Organizational measures and security processes for secure plant operation

Your benefitsYour benefits


Project/Production Manager,Operations Manager



14

ICS.221 Assessing OT

€ DEEN

1 day Own Notebookrequired



ICS.211 Technical OT Security Training

Assessing OT Training provides participants with the basics to be able to professionally conduct security tests in industrial plants. Which tools should be used for which application? Which test cases are intrusive and therefore less suitable for OT? What information

is relevant in the context of an OT security audit? In this course, participants benefit in particular from the Limes experts' many years of experience in conduct-ing security assessments in an industrial environment.

Registration You will find an overview of all current dates as well as the registration for the ICS.221 Assessing OT Train-ing under the adjacent link or by scanning the QR code.

# Underground Economy# Security test requirements from IEC 62443 and ISO 27001# ICS Asset Discovery# Checking users and authorizations# Configuration review of ICS systems# Verification of patch and software versions# Checking the perimeter protection# Procedure for an ICS security test# Testing the BSI ICS Top 10

Industrial Security Additions: Assessing OT

Training contents# Viewing networks and systems through the eyes of an attacker and identifying potential attack vectors and security issues.# Knowledge of what has to be considered during a security check in an industrial environment.# How the results of a security audit can lead to an increased level of security.

Your benefits


Technician


15

ICS.222 Applying Security Technology in OT

€ DEEN




The Applying Security Technology in OT Addition training provides the participants with the knowledge for the targeted use of protection technologies ac-cording to IEC 62443-3-1. During the course, the par-

ticipants learn about the strengths and weaknesses of different security technologies and for which tasks they are suitable.

Registration You will find an overview of all current dates as well as the registration for the ICS.222 Applying Security Technology in OT Training under the adjacent link or by scanning the QR code.

# Detection of cyber-attacks on OT systems# Technology for authentication and authorization# Network security technologies# Encryption technologies and data validation # Management, Audit, Measurement, Monitoring and Detection Tools# Remote access technologies

Industrial Security Additions: Applying Security Technology in OT

Training contents# Identify strengths and weaknesses of different security technologies# Knowledge about the appropriate placement of protection systems in your own network# Understanding which technology can be used for which tasks.

Your benefits Your benefits




Technicians andDecision makers

16

ICS.223 Incident Handling Essentials

€ DEEN





The Incident Handling Essentials training provides participants with the necessary basics to prepare for security incidents in an industrial environment. The most important technical and organizational prepa-rations will be discussed along with the "DO’s and

DON'Ts". This course is particularly interesting for plant operators, integrators and service providers who want to prepare for an emergency to be able to more easily prevent damage caused by virus attacks, ransomware or hacking.

Registration You will find an overview of all current dates as well as the registration for the ICS.223 Incident Handling Essentials Training under the adjacent link or by scanning the QR code.

# Introduction to Security Incident Handling: Basics and terms# The lifecycle of an incident in six steps# Technical and organizational prerequisites: How do I prepare for incident handling?# Asset Identification and Network Security Monitoring: What role do tools play in detection?# Rules of conduct in case of an incident “DO’s and DON’Ts”# Case Study: CrashOverride and TRISIS# CERTs & Co.: Where can I get information about threats and external assistance?

Industrial Security Additions: Incident Handling Essentials

Training contents# Use of techniques and methods for maintenance of industrial operation# Best practice during a potential ICS security incident# Dealing with the topic of weak points and incident handling in your own company

Your benefits




17

ICS.224 Industrial Security with IEC 62443

€ DEEN

1 day Own Notebooknecessary



The Industrial Security with IEC-62443 training pro-vides the participants with knowledge in the area of the IEC 62443 industrial standard in order to be able to use it for the procurement as well as for the secure operation of industrial plants.

Within the scope of the training, the application of the standard based on the phases of plant construction will be demonstrated.

Registration You will find an overview of all current dates as well as the registration for the ICS.224 OT Security with IEC 62443 Training under the adjacent link or by scan-ning the QR code.

# Support through standards# Introduction to IEC 62443# Phase 1: Award# Phase 2: Implementation# Phase 3: Operation# Phase 4: Disposal and reuse# Certification

Industrial Security Additions: Industrial Security with IEC 62443

Training contents# Learning to apply the standard in all phases of a plant lifecycle# Knowledge about the structure and the contents of the various standard parts # Concrete procedure, everything which should be considered during the plant construction.# Certification information

Your benefits Your benefits





18

300 Security Engineering Training

How can security vulnerabilities be avoided right from the start? Only through appropriate training and im-provement of the security expertise of developers and project members. We teach the "DO’s and DON'Ts" in theory and in practical exercises.

In the security engineering training courses, experi-enced trainers from Limes Security impart the knowl-edge of how attackers proceed and which measures best protect against them.

The Secure Coding training provides the partici-pants with the knowledge and understanding for the development of secure products so that they can be implemented in their own projects. The Security Testing training teaches the participants to take the perspective of an attacker, allowing them to efficiently identify vulnerabilities in their products. System Hard-

ening training gives system administrators the tools they need to protect a digital infrastructure against both internal and external attacks. All courses are accompanied by practical exercises that illuminate both the attacker and the defender's side, imparting a multi-layered picture.

Secure products through superior know-how

Training contents

SEC.331 System Hardening Windows

Secure Coding

Secure Development Lifecycle

Security Testing

System Hardening SEC.332 System Hardening Linux

SEC.301Secure Coding Java

SEC.302Secure Coding .NET

SEC.303Secure Coding Web

SEC.321 Security Testing Foundation

SEC.311 Secure Product Development with IEC 62443-4-1

19

SEC.301 Secure Coding Java

€ DEEN



Experience in web technologies and Java

The Secure Coding training for Java teaches the cor-rect usage of exception handling, multi-threading and other Java-specific methods that are necessary as a basis for developing robust code. In addition, various cryptographic technologies will be discussed, includ-ing encryption, hashing and digital signatures. Clas-sical web attacks such as cross-site scripting, SQL injection and cross-site request forgery will be ex-

plained as well as how applications can be protected against them. Practical exercises are used to create a deep understanding of the different subject areas. In order to further increase the code quality, the correct handling of code reviews is demonstrated as well as how the learned techniques can be integrated into the Secure Development Lifecycle.

Registration You will find an overview of all current dates as well as the registration for the SEC.301 Secure Coding Java Training under the adjacent link or by scanning the QR code.

# Attacker map# Cryptography (Basics, Java Cryptography Architecture (JCA), Java Secure Sockets Extensions)# Access Control (Session Management, access control, existing security features of frameworks)# Injection attacks# Java Lang security# Web Service security# Revision (code reviews, analysis tools, Secure Development Life Cycle)

Secure Coding Java

Training contents# Understand how attacks work and start thinking like an attacker.# Understand what steps are necessary to develop secure software.# Learn how to integrate secure coding into your own programming.

Your benefits




Java developers

20

€ DEEN



Experience with .NET- or C# development

During the Secure Coding for .NET training, differ-ent C# language features will be introduced that can contribute to the stability of the code and are neces-sary as a basis for the development of robust code. In addition, cryptographic concepts such as encryp-tion, hashing or digital signatures are discussed. You will learn how to achieve robust session management

using meaningful access controls. Classic web at-tacks such as cross-site scripting and SQL injection are explained and how to protect against them is demonstrated. Finally, we discuss how code reviews and static analyses are performed to achieve optimal code quality. For a better understanding, the topics are explained using practical exercises.

Registration You will find an overview of all current dates as well as the registration for the SEC.302 Secure Coding .NET Training under the adjacent link or by scanning the QR code.

# Attacker map# Cryptography (Basics, System.Security. Cryptography, SslStream Class)# Access Control (Session Management, access control, existing security features of frameworks)# Classic Web attacks# Secure Multi-Threading# C# Language Security# Windows Communication Foundation# Secure Development Life Cycle

Secure Coding for .NET

Training contents# Understand how attacks work and start thinking like an attacker.# Understand what steps are necessary to develop secure software.# Learn how to integrate secure coding into your own programming.

Your benefits




.Net-/C#-Developers

SEC.302 Secure Coding .NET

21

€ DEEN



Experience in webtechnologies

As part of the Secure Coding Web training, securi-ty concepts on the Web will be discussed, including Transport Layer Security (TLS) and Cross-origin Re-source Sharing (CORS). How Session Management can be securely implemented will be explained. Then the anatomy of the most common web attacks such as Cross-site Scripting, Cross-site Request Forgery and SQL Injections is discussed together with how to

avoid them. In addition, more complex web attacks such as XML External Entities, Broken Authentica-tion, and Security Misconfiguration are explained. It concludes with an explanation of how code reviews can lead to improved code quality and how a secure development lifecycle can be implemented in your or-ganization. For a better understanding practical exer-cises are built into the topics.

Registration You will find an overview of all current dates as well as the registration for the SEC.303 Secure Coding Web Training under the adjacent link or by scanning the QR code.

# Attacker map# Encryption and Transport Layer Security# Session Management# Attack vectors (cross-site scripting, SQL Injections, Cross-site Request Forgery)# Complex web attacks# Code Reviews# Secure Development Life Cycle

Secure Coding Web

Training contents# Understand how web attacks work and start thinking like an attacker.# Understand what steps are necessary to develop secure web applications.# Learn how to integrate secure software development processes into your own programming jobs.

Your benefits




Developersand testers

SEC.303 Secure Coding Web SEC.302 Secure Coding .NET

22

SEC.311 Secure Product Developmentwith IEC 62443-4-1

€ DEEN



If you don't want to leave the security and the qual-ity of your products to chance, you have to choose a proactive approach. Only by integrating security into the development processes and by having an organization that knows how to deal with the topic professionally can high-quality products that meet the

needs of the market be created. The Secure Product Development with IEC-62443-4-1 training teaches the participants how security can be integrated into soft-ware development with the help of the IEC-62443-4-1 standard section Security in order to make their prod-ucts lastingly secure.

Registration You will find an overview of all current dates as well as the registration for the SEC.311 Secure Product Development with IEC 62443-4-1 Training under the adjacent link or by scanning the QR code.

# Introduction to IEC 62443-4-1 (Principles and Requirements)# Security Management (product classification, security organization, security training, integrity protection, protection of the development environment, selection of secure components)# Specification of security requirements# Secure by Design and Secure Implementation# Security Verification and Validation Testing# PSIRT and Security Update Management# Security Guidelines

Secure Product Development with IEC 62443-4-1

Training contents# Learn suitable methods and get familiar with the measures to integrate security into your development processes.# Learn how to use useful tools to review and improve your product security.# Overcome constant challenges such as legacy code, updates from third-party vendors or communication of vulnerabilities.

Your benefits




Developers and project managers


23

SEC.321 Security Testing Foundation

€ DEEN



Experience in webtechnologies

Security Testing Foundation training teaches the basic concepts of security testing. A structured procedure is presented along with how security tests for an ap-plication can be organized. Subsequently, cross-site scripting and SQL injection attacks will be discussed with a focus on web applications and their anatomy

will be explained and practiced using real-world ex-amples. During the training, well-known hacking tools will be used again and again to give the participants a tangible picture of reality. Finally, tools are presented with which automated security scans can be carried out and how their results are to be dealt with.

Registration You will find an overview of all current dates as well as the registration for the SEC.321 Security Testing Foundation Training under the adjacent link or by scanning the QR code.

# Basic Risk Assessment# Definition of scope and (non-)test cases# Classic and complex web attacks (Cross-site Scripting, SQL Injection, Cross-site Request Forgery, Cookie Stealing etc.)# Procedure and implementation of automated scans # Configuration tests# Reporting and vulnerability documentation

Security Testing Foundation

Training contents# Understand how attacks work and start thinking like an attacker.# Learn how to use automated testing tools to efficiently cover recurring test cases.# Acquire the knowledge of how to document identified vulnerabilities in a meaningful way to facilitate traceability and re-testing.

Your benefits




Testers

24

SEC.331 System Hardening Windows

€ DEEN



The System Hardening Windows training teaches system administrators how to operate a secure Win-dows-based system. The theoretical concepts of server hardening will be discussed, as well as con-

crete practical measures in the areas of user and network configuration, installation of updates, firewall configuration and the secure configuration of daemon services.

Registration You will find an overview of all current dates as well as the registration for the SEC.331 System Hardening Training under the adjacent link or by scanning the QR code.

# Attacker map# Hardware and Software Inventory# Secure configurations# Controlled access, Malware Defense and Boundary Defense# Data Recovery and Data Protection, Incident Response and Audit Readiness# User Configuration, Features, and Role Configuration, Network Configuration, and NTP Configuration# Update Installation# Firewall configuration and configuration of remote access# Service configuration# Additional hardening measures# Logging and Monitoring

System Hardening Windows

Training contents# Find out how to improve your Inventory and monitor the system landscape.# Understand how access management systems work and how to use them effectively.# Deepen your knowledge about hardening measures for Windows-based systems.# Gain the knowledge you need to lastingly reduce the attack area on your Windows systems and increase your company's security level.

Your benefits




Systemadministrators


25

SEC.332 System Hardening Linux

€ DEEN



System Hardening Linux training teaches system ad-ministrators how to run a secure Linux-based system. The theoretical concepts of server hardening will be discussed, as well as concrete practical measures in

the areas of user and network configuration, installa-tion of updates, firewall configuration and the secure configuration of daemon services.

Registration You will find an overview of all current dates as well as the registration for the SEC.332 System Hardening Linux Training under the adjacent link or by scan-ning the QR code.

# Attacker map# Hardware and Software Inventory# Secure configurations# Controlled access, Malware Defense and Boundary Defense# Data Recovery and Data Protection, Incident Response and Audit Readiness# User configuration, network configuration and NTP configuration# Package Management and Update Installation# Firewall configuration and iptables# Daemon configuration and protection of SSH# SELinux and other hardening measures# Logging and Monitoring

System Hardening Linux

Training contents# Learn about ways to improve your inventory and monitor the system landscape. # Understand how access management systems work and how to use them effectively.# Deepen your knowledge about hardening measures for Windows-based systems.# Gain the knowledge you need to lastingly reduce the attack area on your Linux systems and increase your company's security level.

Your benefits




Systemadministrators


26

General training information

The structure and content of the training courses are deliberately chosen to encourage discussion among the participants. After all, the contents are much bet-ter memorized by making your own considerations and by exchanging ideas with other participants.

During the training sessions, questions, deliberations, or comments on known situations and solutions in your own company are expressly welcome.

To book one of our courses, please go to www.limes-security.com/academy/termine and find out about the next public training dates on your topic.

You can then easily register for our public courses on the website.

# Coordination of training contents The client selects the training content which is adapted to the respective needs.# Adaptation of the training course Limes Security adapts the exercises and documents to the individually selected content. # Selection of a date The client sets a date for the training in coordination with Limes Security.

# Implementation of the training course The client determines the location of the training as well as the time frame.# Provision of the training material provides the participants with documents that are individually adapted to the customer's needs.# Certificate At the end of the training the participants will receive a certificate of participation.

Room for Discussion

Book a public course

Procedure for in-house training

27

About Limes Security

Limes Security is a highly professional consulting firm that has achieved a strong market position within just a few years through consistently good work. Limes Security stands for professionalism and methodologi-cal expertise at the highest level. The goal of the com-pany is the highest possible security, specialized in manufacturer-independent, customized security solu-tions in the areas of secure software development and industrial security. Limes Security GmbH is an own-er-managed company and purely in Austrian hands.

The Limes Security team comprises top experts with years of experience in challenging projects. Without exception, Limes Security consultants are profes-sionals trained at the best universities and technical colleges in Germany and abroad and intensively net-worked with the black and white hats of the interna-tional security community. Many years of experience in cyber security in industrial environments are serv-ing Limes Security clients.

Regardless of whether you are a world market leader in wind energy, a software development company or an Internet of Things pioneer, global player in industri-al plant construction or urban infrastructure operation - Limes Security has just the right service for every business:

# Security Tests and risk analyses Proactively identify and address security vulnerabilities in systems and organizations before they become a problem.

# IEC-62443 support Preparation of a technical security concept and support in setting up and implementing a complete security program.

# Security Training Courses Implementation of security training for employees to successfully address cyber risks in product development and day-to-day operations.

These companies and many others rely on the security competence of Limes Security.

Our services

References

28

Publisher: Limes Security GmbH, Softwarepark 26, 4232 Hagenberg Tel: +43 720 510251, Email: [email protected] register number 390566 m, Linz Regional Court, VAT ID number: ATU 676 527 29Responsible for the content: Limes Security GmbHDesign: Contentschmiede, Kremsmünster, V1_10_2018 Typesetting and printing errors excepted.

Imprint

This list of courses is valid from 1 October 2018; previous offers lose their validity. The stated prices are valid for registration or order until December 2019. In the event of deviations in content, the information on the website applies.

Validity of the course book

www.limessecurity.com

Limes Academy · 2020. 3. 26. · ICS.223 Incident Handling Essentials Page 16 ... BYOD)-Handling...

Documents

Transcript of Limes Academy · 2020. 3. 26. · ICS.223 Incident Handling Essentials Page 16 ... BYOD)-Handling...