Securing Windows Infrastructure Make The Difference CAST 616: Securing Windows Infrastructure is...
Transcript of Securing Windows Infrastructure Make The Difference CAST 616: Securing Windows Infrastructure is...
CAST EC-Council
EC-Council
CAST CENTER FOR ADVANCEDSECURITY TRAINING
Make The Difference
CAST 616Securing Windows Infrastructure
CAST EC-Council CAST EC-CouncilCAST EC-Council
The rapidly evolving information security landscape now requires professionals to stay up to date on the latest security technologies, threats and remediation strategies. CAST was created to address the need for quality advanced technical training for information security professionals who aspire to acquire the skill sets required for their job functions. CAST courses are advanced and highly technical training programs co-developed by EC-Council and well-respected industry practitioners or subject matter experts. CAST aims to provide specialized training programs that will cover key information security domains, at an advanced level.
About EC-CouncilCenter of AdvancedSecurity Training(CAST)
CAST EC-Council CAST EC-CouncilCAST EC-Council
Windows Infrastructure Hardening has become a mandatory step performed on a regular basis by any organization that sees security as a priority. Businesses nowadays are almost fully dependent on IT services, making the hardening and securing processes even more intense. The number of possible attack surfaces has emerged exponentially in direct relation to the increasingly competitive �eld of current technology we are witnessing where developers try to achieve more and more functionality from implemented solutions and applications.
The CAST 616: Securing Windows Infrastructure is designed with the single purpose of providing Info-Sec professionals with complete knowledge and practical skills necessary to secure their network infrastructure which is fast becoming if already not a top priority plus a major tech challenge for most security conscious organizations.
This 3 day training deep dives into the key aspects of solving infrastructure-related problems by appreciating the key elements of how Windows Internal Security mechanisms actually work and how it can be further optimized without jeopardizing or easing an organization’s IT Environment con�guration settings which becomes common as time passes. Some of the highlights of this course are techniques used in Kernel Debugging, Malware hunting, deep diving into BitLocker and the automation of the whole hardening process.
Securing Windows InfrastructureCourse Description
CAST EC-Council CAST EC-CouncilCAST EC-Council
Why You Should Attend?
There’s a lot more to Windows Security than just applying patches and changing passwords:
01
02
03
04
05
06
07
08
09
10
11
Gain knowledge on how to apply Windows Server 2008 R2 and Windows Server 2012 features to secure your infrastructure
Learn how to setup the appropriate rights, privileges and permissions to operating system objects
Learn the key functionalities of IPSec (domain isolation, securing network tra�c)
Learn now to con�gure, monitor and troubleshoot Microsoft infrastructure services
Gain knowledge how to implement Network Access Protection
Learn how Windows operating systems work
Learn how to implement BitLocker
Learn how to deal with insecure or incompatible drivers
Gain knowledge how to investigate Blue Screens
Learn how to build the failover cluster and NLB used in the Web Server scenario
Learn how to use Public Key Infrastructure in the everyday task
CAST EC-Council CAST EC-CouncilCAST EC-Council
Who Should Attend?
• InformationSecurityProfessionals
• GovernmentAgents
• ITAdministrators
• ITArchitects
• RiskAssessmentProfessionals
• PenetrationTesters
• Anunderstandingofinfrastructuremanagement
• It’srecommendedthatstudentshaveMCTScertificationonserverorclienttechnologies
Passionate IT Professionals, including:
PRE-requisites:
CAST EC-Council CAST EC-CouncilCAST EC-Council
Course Outline
Thismodulecoversadetaileddeep-diveintoWindowsinternalsecuritymechanismsandtheirpracticalusageandadjustment.
• WindowsKernelrole
• Kernelfunctionality
• Kerneldebugging(usefultechniques)
• Kernelsecuritymechanismsandtheirpracticalimplementation
• Lab: Kerneldigging
Unit 1: Windows 7 & 8 Hardening • Securingoperatingsystemobjects
• Influencingthesecurityofprocesses&threads
• Useraccountsecurity(elevationofprivileges,permissions,functionality,passwords,hardening)
• Functionalityandhardeningofrights,permissions,privileges
• Servicessecurity
• Registrysettingsandactivity
• Lab: Securingsystemobjects
• Lab: Improvingservicessecurity
• Lab:Verifyingthemeaningofrights,permissionsandprivileges
• Lab:Systemsecuritybypasstechniquesandcountermeasures
CAST EC-Council CAST EC-CouncilCAST EC-Council
• Modernmalwareandthreats
• Sensitiveoperatingsystemareas
• Techniquesusedbymodernmalware
• Casesoftherealattacksonsensitiveareas(withthepracticalexamples)
• Protectionmechanismsandcountermeasures
• Lab: Malwarehunting
• Lab: Stuxnet/othermalwarecases
• DeviceDrivers
• Typesofdriversandtheirsecurityconsiderations
• Managingdevicedrivers
• Lab: Monitoringdrivers
• Lab:DriverIsolation
• Lab: Signingdrivers
• GroupPolicySettings
• UsefulGPOSettingsforhardening
• CustomizedGPOTemplates
• AGPM
• Lab: AdvancedGPOfeatures
• Lab: ImplementingAGPM
• PracticalCryptography
• EFS
• Deep-divetoBitLocker
• 3rdpartysolutions
• Lab: ImplementingandmanagingBitLocker
Aftercompletingthismodule,studentswillbefamiliarwith:
• Threatsandtheireffects
• Pointsofentrytotheclientoperatingsystem
• Secureconfigurationoftheclientoperatingsystem
• Securitymanagementintheclientoperatingsystem
CAST EC-Council CAST EC-CouncilCAST EC-Council
Thismodulefocusesonserverarchitecture,securityissuesandhardening
• SecuringServerFeatures
• PublicKeyInfrastructures
• Designconsiderations
• Hardeningtechniques
• Lab:PKIimplementation
• ActiveDirectory
• DesignconsiderationsforWindowsServer2008R2andWindowsServer8
• SecuringDomainServices
• Schemaconfiguration
• NewsecurityfeaturesinWindowsServer8
• Lab: ActiveDirectorysecurityinthesingledomainenvironment
• Lab: ActiveDirectorysecurityinthemultipledomainsenvironment
• MicrosoftSQLServerhardening
• Installationconsiderations
• Configuringcrucialsecurityfeatures
• Lab: HardeningMicrosoftSQLServer
Aftercompletingthismodule,studentswillbefamiliarwith:
• Threatsforserversandcountermeasures
• Pointsofentrytotheserveroperatingsystem
• Solutionsforserversecurity
• HardeningoftheWindowsrelatedroles
Unit 2: Windows Server2008 R2 / Windows Server 8 Hardening
CAST EC-Council CAST EC-CouncilCAST EC-Council
• Hardeningminornetworkroles
• DNSHardening
• ImprovingDNSfunctionality
• HardeninganddesigningDNSRole
• Lab:HardeningDNSrole
• Lab: TestingtheDNSconfiguration
• InternetInformationSecurity7.5/8
• Implementingsecurewebserver
• Implementingwebsitesecurity
• Monitoringsecurityandperformance
• Lab:IISServerHardening
• Lab:Websitesecuritysettings
• Lab:MonitoringIISunderattack
• IPSec
• ImplementingIPSec
• SecuritypolicesinIPSec
• Lab: ImplementingDomainIsolation
• Lab:NetworkAccessProtectionwithIPSec
• DirectAccess
• ImplementationConsiderations
• DirectAccessSecurityandHardening
• Lab: DirectAccesssecureconfigurationdemo
• RemoteAccess
• VPNProtocols
• RDPGateway
• UnifiedAccessGateway
• NetworkAccessProtection
• Lab:ConfiguringsecuritysettingsinNetworkPolicyServer
• Lab:ConfiguringsecuritysettingsinRDPGateway
• Lab:SecuringUAGConfigurationforapplications
• Lab:NetworkAccessProtectionimplementationscenario
• Firewall
• Customizingtherules
• HardeningClientandServerforRule-Specificscenario
• Lab:ManagingWindowsFirewallwithAdvancedSecurity
Aftercompletingthismodule,studentswillbefamiliarwith:
• Configuringsecureremoteaccess
• ImplementingNetworkAccessProtection
• Protocolmisusagetechniquesandpreventionactions
• DNSadvancedconfiguration
• HardeningtheWindowsnetworkingrolesandservices–indetails
• Buildingthesecurewebserver
Unit 3: Hardening Microsoft Network Roles
Thismodulefocusesonhardeningandtestingnetworkrelatedroles.Veryintensive!
CAST EC-Council CAST EC-CouncilCAST EC-Council
06. Protecting Web Applications
• NetworkLoadBalancingdesignconsiderationsandbestpractices
• iSCSIconfiguration
• FailoverClusteringinternalsandsecurity
• Lab: BuildingIISClusterwithNLB
• Lab: Buildingthefailovercluster
Aftercompletingthismodule,studentswillbefamiliarwith:
• HighAvailabilitytechnologies
Unit 4: Windows High Availability
Thismodulecoversbusinesscontinuitysupporttechnologies
CAST EC-Council CAST EC-CouncilCAST EC-Council
• FileClassificationInfrastructure
• DesigningsecurityforFileServer
• ActiveDirectoryRightsManagementServices
• AppLockerandSoftwareRestrictionPolicy
• Lab: BuildingsecuresolutionwithFCIandADRMS
• Lab: SecuringandauditingaFileServer
• Lab:RestrictingaccesstoapplicationswithApplockerandSRP
• Lab: SoftwareRestrictionPolicy(in)security
Aftercompletingthismodule,studentswillbefamiliarwith:
• Informationanddataprotectionsolutions
• Bestpracticesofimplementingdatasecuritysolutions
• Techniquesforrestrictingaccesstodata
• Techniquesofavoidingmisusageofapplications
Unit 5: Data and Application SecurityThismodulecoverssolutionsthatgreatlysupportinformationanddatasecurity
CAST EC-Council CAST EC-CouncilCAST EC-Council
Thismodulecoversallbestpracticesregardingtomonitoring,troubleshootingandauditingWindows.ItisaprefectmoduleforWindowsinvestigators
• Advancedloggingandsubscriptions
• Analyzingandtroubleshootingthebootprocess
• Crashdumpanalysis
• Auditingtoolsandtechniques
• Monitoringtoolsandtechniques
• Professionaltroubleshootingtools
• Lab: Eventloggingandsubscriptions
• Lab: Monitoringthebootprocess
• Lab: BlueScreenscenario
Aftercompletingthismodule,studentswillbefamiliarwith:
• Troubleshootingmethodologies
• Collectingdatamethodologies
• MonitoringWindowsafter/duringthattackandduringsituationspecificevents
• Windowsforensics
Unit 6: Monitoring, Troubleshooting and Auditing Windows
CAST EC-Council CAST EC-CouncilCAST EC-Council
Thismodulecoversallbestpracticesregardingtomonitoring,troubleshootingandauditingWindows.ItisaprefectmoduleforWindowsinvestigators
• Advancedloggingandsubscriptions
• Analyzingandtroubleshootingthebootprocess
• Crashdumpanalysis
• Auditingtoolsandtechniques
• Monitoringtoolsandtechniques
• Professionaltroubleshootingtools
• Lab:Eventloggingandsubscriptions
• Lab:Monitoringthebootprocess
• Lab:BlueScreenscenario
Aftercompletingthismodule,studentswillbefamiliarwith:
• Troubleshootingmethodologies
• Collectingdatamethodologies
• MonitoringWindowsafter/duringtheattackandduringsituationspecificevents
• Windowsforensics
Unit 7: Automating Windows hardening
CAST EC-Council CAST EC-CouncilCAST EC-Council
Master Trainer:
Paula Januszkiewicz
Paula Januszkiewicz is an IT Security Auditor and Penetration Tester, Enterprise Security Most Valuable Professional, Microsoft Certi�ed Trainer and Microsoft Security Trusted Advisor. She is a familiar face at international events and conferences such as TechEd North America, TechEd Middle East and TechEd Europe, RSA worldwide, CyberCrime and others worldwide. Her passion for Windows & IT Security allows her to spread her expertise via her trainings and consulting services focusing on areas such as Infrastructure Security & Design, Penetration Testing, IT Security Audits, Networking Security, Windows Internals and Forensics and through her writing regarding Windows Security. Her distinct specialization is de�nitely on Microsoft security solutions in which she holds multiple Microsoft certi�cations (MCITP, MCTS, MCSE, MCDBA etc.) besides being familiar and possessing certi�cations with other related technologies. She proudly holds the role of the Security Architect in iDESIGN and has conducted hundreds IT security audits and penetration tests. When she’s not driving her own company CQURE, she enjoys researching new related technologies, which she converts to authored trainings and describes them on her blog. She is also a co-author of the Microsoft Forefront Threat Management Gateway 2010 book and is currently working on her new book under the same subject.