Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Distributed firewall wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Wireless security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer security wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Service-oriented architecture implementation framework wikipedia , lookup
Masterclass: Windows Security and Infrastructure Management Duration: 5 days Paula Januszkiewicz is a word-renowned Security Expert. Paula loves to perform Penetration Tests, IT Security Audits, and after all she says: ‘harden’em all’! Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor. Top-speaker at world known conferences, including being No 1 speaker at Microsoft Ignite! This is a deep dive course on infrastructure services configuration, increasing their level of security and windows internals. It is a must-go for enterprise administrators, security officers and architects. Delivered by one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions. The secure infrastructure configuration should be the most important line of defense in every organization. Unfortunately, people, the most valuable resource, are not always aware of the level of security in their companies, possible points of entry, how operating systems are attacked, and how to protect the infrastructure from successful attacks which are sometimes caused by configuration mistakes. Understanding internal OS protection mechanisms and services/roles completely provides a huge impact on the whole infrastructure security level. Unfortunately, the problem is… rarely anyone has this impact! Advanced access rights, password mechanisms, windows internals, PowerShell usage for security purposes, gaining unauthorized access, advanced DNS configuration and common configuration mistakes, Active Directory security, IIS Security, debugging, advanced monitoring and troubleshooting and much more! Topics covered during this training will help you to walk in hackers’ shoes and evaluate your infrastructure from their point of view. All exercises are based on Windows Server 2012 R2, Windows 8.1 and Windows Server 2016, Windows 10. Paula says: Windows internals should be familiar to anyone who wants to know what works or… what does not! Prerequisites: To attend this training you should have a good hands-on experience in administering Windows infrastructure. At least 8 years in the field is recommended. Target audience Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security. Materials Author’s unique tools, over 300 pages of exercises, presentations slides with notes. Agenda Module 1: Windows Internals & System Architecture 1. Introduction to the Windows 10 and Windows Server 2016 Module 4: Debugging & Auditing 1. Available debuggers 2. Working with symbols 2. Architecture overview and terms 3. Windows Global Flags 3. Key System Components 4. Process debugging Processes, Threads and Jobs 5. Kernel-mode debugging b) Services, Functions and Routines 6. User-mode debugging c) 7. Setting up kernel debugging with a virtual machine as security concepts a) Sessions d) Objects and Handles e) 8. Debugging the boot process 4. Advanced Local Procedure Call 9. Crash dump analysis 5. Information gathering techniques 10. Direct Kernel Object Manipulation Windows Debugging 11. Finding hidden processes b) Performance Monitor 12. Rootkit Detection c) Module 5: Memory Analysis a) Registry the target Windows Driver Kit d) Other useful tools 1. Memory acquisition techniques 2. Finding data and activities in memory 1. Process and thread internals 3. Step-by-step memory analysis techniques 2. Protected processes 4. Tools and techniques to perform memory forensic 3. Process priority management Module 6: Storage Management Module 2: Process and Thread Management 4. Examining Thread Activity 5. Process and thread monitoring and troubleshooting techniques (advanced usage of Process Explorer, Process Monitor, and other tools) Module 3: System Security Mechanisms 1. Integrity Levels 1. Securing and monitoring Files and Folders 2. Protecting Shared Files and Folders by Using Shadow Copies 3. Implementing Storage Spaces 4. Implementing iSCSI 5. Implementing FSRM, managing Quotas, File Screens, and Storage Reports 2. Session Zero 3. Privileges, permissions and rights 6. Tasks, Dynamic Access Control 4. Passwords security (techniques for getting and cracking passwords) 7. 7. Driver signing (Windows Driver Foundation) 8. User Account Control Virtualization 9. System Accounts and their functions 10. Boot configuration 11. Services architecture 12. Access tokens 13. Biometric framework for user authentication Module 8: Infrastructure Security Solutions Configuring and troubleshooting Distributed File System 5. Registry Internals 6. Monitoring Registry Activity Implementing Classification and File Management Module 7: Startup and Shutdown 1. Boot Process overview 2. BIOS Boot Sector and Bootmgr vs. the UEFI Boot Process 3. Booting from iSCSI 4. Smss, Csrss, and Wininit 5. Last Known Good configuration 6. Safe Mode capabilities 7. Windows Recovery Environment (WinRE) 8. Troubleshooting Boot and Startup Problems 8. Remote Access 1. Windows Server Core Improvements in Windows Server 9. 2016 10. Wireless technology recognition 2. AppLocker implementation scenarios 3. Advanced BitLocker implementation Network Location Awareness 11. Wireless fingerprinting techniques 12. Wireless hacking ideas and demos (provisioning, Standard User Rights and Network Unlock﴿ 13. Optimizing wireless hacking 4. Advanced Security Configuration Wizard 14. Protecting wireless networks 5. IPSec 6. Advanced GPO Management Module 10: Monitoring and Event Tracing 7. Practicing Diagnostic and Recovery Toolkit 8. Tools Module 9: Layered Network Services 1. Windows Diagnostic Infrastructure 2. Building auditing 3. Expression‐based audit policies 4. Logging Activity for Accounts and processes 1. Network sniffing techniques 5. Auditing tools, techniques and improvements 2. Fingerprinting techniques 6. Auditing removable storage devices 3. Enumeration techniques 4. Networking Services Security (DNS, DHCP, SNMP, SMTP and other) 5. Direct Access 6. High Availability features: cluster improvements and SMB ﴾Scale – Out File Server) 7. Network Load Balancing Module 11: Points of Entry Analysis 1. Offline access 2. Linux BackTrack /other tools vs. Windows Security 3. Unpatched Windows and assigned attacks 4. Domain Controller attacks 5. Man‐in‐the Middle attacks 6. Services security