WARREN KRUSE MARCH 24-26, 2003 MARCH 27-28, 2003 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

Transcription

1 TECHNOLOGY TRANSFER PRESENTS WARREN KRUSE ADVANCED NETWORK PENETRATION TESTING METHODOLOGY DIGITAL FORENSIC INVESTIGATIONS AND INCIDENT RESPONSE MARCH 24-26, 2003 MARCH 27-28, 2003 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it

2 ADVANCED NETWORK PENETRATION TESTING METHODOLOGY In this three-day course the most robust and indepth of its kind you'll gain a hacker's-eye-view of your Network and technology infrastructure. You'll uncover the hackers' favorite penetration techniques and how to protect against them. You'll learn how to gather viable data on your Network's vulnerabilities using like NMAP, Nessus, SOLAR- WINDS, SATAN and more. You'll analyze the results, prioritize the high-value targets and turn it all into a workable action plan in class. You will examine related vulnerabilities in the underlying operating system and connected TCP/IP application services. You will learn how to use commercial and freely available to test Web Server configurations and uncover weaknesses in Web Servers and browsers. You'll also learn how to build and maintain a target list, perform remote and host assessments. After all this, it's the hackers who will have to beware when it comes to your Network. Key topics: Pinpointing high-value targets Demo s using for detecting vulnerabilities Best Practice analysis techniques Protecting results confidentiality with PGP Reporting test findings for implementation ABOUT THIS SEMINAR DIGITAL FORENSIC INVESTIGATIONS AND INCIDENT RESPONSE The reported incidents of Computer Crime have dramatically increased in recent years, often doubling from one year to the next. In light of these startling statistics, your organization, regardless of its security strategy and practices, needs to gain a strong grasp of exactly how computer crimes are committed, how to assemble the evidence and to work with law enforcement for prosecution. In this state-of-the art five-day class, you will discover the different types of computer threats, crimes and crime prevention techniques. You will find out how to identify, investigate, capture, analyze, preserve and process evidence. Through a comprehensive series of demonstrations and hands-on exercises, you will gain the Knowledge, and techniques you need to create a corporate computer anti-crime crime policy. You will learn how to build the Management response, technical and tactical teams. You ll learn the laws regarding Computer Crime and how to tell if your company has been a victim. You ll examine Best Practices for incident response. You ll also learn how to coordinate your efforts with law enforcement and maintain evidence chain of custody. Upon completion of this challenging and insightful course, you ll know the ins and outs of Computer Crime, detection and analysis techniques and how to more effectively safeguard your organization s vital technology assets.

3 OUTLINE ADVANCED NETWORK PENETRATION TESTING METHODOLOGY Phase 1: Gather the Data A first look at a Network site, from the eyes of a potential hacker. The simple and often overlooked, things that tell hackers if a site is worth a penetration attempt Phase 2: Penetrate the Network How Hackers Get Past the Security and into the Data Non-intrusive target search Intrusive target search Data analysis Network discovery and techniques: hands-on exercises Discovery/profiling objectives Locating Internet connections Host-locating techniques: manual and automated Operating system footprinting Evaluating Windows and Unixbased Network discovery software Evaluating Windows and Unixbased application scanning software Review step-by-step process of each scanning and profiling tool Directory services: DNS, DHCP, BOOTP, NIS Look-up services: finger, whois, search engines Remote sessions: telnet, "r" commands, X-Windows File sharing and messaging: FTP, TFTP, World Wide Web Windows Server Message Block (SMB), Network File Systems (NFS) and Sample exploits using common TCP/IP and NetBIOS utility software Embezzlement Pornography Denial-of-service Web defacement Trojan Horse Phase 4: Write the Report How to combine methodology results How to prioritized results that generate Management attention and buy-in How to provides clear, workable action items In-class exercises Building and maintaining a target list Running PGP (Pretty Good Privacy) Conducting multiple non-intrusive and intrusive target searches Tools and techniques for testing for Web site vulnerabilities Probing and attacking Network firewalls Performing multiple remote target assessment Performing multiple host assessment Writing up the final report WHO SHOULD ATTEND System and Network Administrators Security Personnel Auditors Consultants concerned with Network Security Phase 3: Analyze the Results Tips and Techniques for Effective, Actionable Penetration Test Analysis. Identifying Network services Pinpointing vulnerabilities Demonstrating risks Reviewing reports and screens from prominent discovery/profiling Analyzing current configuration Real World Scenarios Abusive

4 OUTLINE DIGITAL FORENSIC INVESTIGATIONS AND INCIDENT RESPONSE 1. Detecting Computer Crime Factors affecting detection Intrusion indicators Detection methods Digital Forensics defined Data Hiding Text searching 2. Setting Up a Forensics Group Staffing recommendations Establishing policies Providing the right training Time-proven Best Practices Sample policies and reports 3. High-Tech Investigations Investigating Computer Crimes and incidents Objectives/basics of investigations Scoping the investigation Classifying the investigation Determining how the crime was committed Discerning which questions you are trying to answer Data capture, discovery and recovery Analyzing evidence Following accepted Forensics protocols Organizing the investigation Investigative challenges Performing the investigation Civil litigation and restitution Criminal prosecution: dealing with suspects Planning for an incident before it occurs Determining the ROI of an investigation Developing a computer incident flow chart 4. Advanced Computer Forensics Types of Forensics: field vs lab Forensics basics: acquire, authenticate, analyze Acquiring legally sufficient evidence Authenticating the evidence Analyzing the evidence Windows and UNIX/Linux Forensics Hardware and software recommendations 5. Tracking an Offender Locating the offending computer on the Network, on an Intranet and the Internet Determining civil, criminal and internal proof Processing a scene that includes digital evidence Proper seizure techniques 6. Using Digital Forensics Tools: Hands-on Exercises Misc. Software Traveling Computer Forensics kit Secure Forensics laboratory EnCase demo Access data demo Fastbloc Diskscrub from NTI SMART image program Nature of the media Quick preview of content Image acquisition 7. Proper Evidence Handling Rules of evidence Legal recovery Types/classification of evidence: direct, real, documentary, demonstrative, public, private, legal, proprietary, intrusive Processing and analyzing computer evidence Chain of custody and evidence life cycle Search and seizure Pulling the plug Removing the hardware Hardware check Role of image backups On-site backup On-site searches Executing search and seizure 8. Working with Law Enforcement Omnibus Act Privacy Protection Act and Electronic Communications Privacy Act Fourth amendment Privacy and other laws Search warrants What law enforcement can do to help When, how and why to contact law enforcement Pertinent laws and rules of evidence Statement of damages: actual and projected Jurisdictional issues 9. Investigative Case Studies and Hands-On Exercises Analysis of operating systems, hard drives and PDAs Locating, handling and processing digital evidence Tools and sources for updated learning WHO SHOULD ATTEND Computer Crime Investigators Information Security Officers and Managers Network and System Administrators Consultants Information Security Analysts Information Technology Auditors and others concerned with incident response and Technical Investigations of Information Security breaches.

5 SPEAKER Warren Kruse was a police officer with the Township of Ocean Police prior to joining Lucent Technologies Corporate Computer and Network Security as an Investigations Manager. Mr. Kruse is currently the Computer Forensics Course Manager for Lucent Technologies. Mr. Kruse is the President of the Northeast Chapter of the High-Tech Crime Investigative Association (HTCIA) and a CISSP. He also teaches Computer Forensics at the Union County and Monmouth County Police Academies. Mr. Kruse has also written several articles on computers and hightech crime for the magazine Law Enforcement Technology. Mr. Kruse is also a co-author of Computer Forensics for Addison-Wesley publishers. He teaches Computer Forensics for the Security Univerity and is Co-chair of the Departments of Justice s National Cybercrime Training Partnership (NCTP) where he is assisting in the development of Computer Forensic courses for federal, state and local law enforcement. PARTICIPATION FEE Advanced Network Penetration Testing Methodology 1400 Digital Forensic Investigations and Incident Response 1200 Special price for the delegates who attend both seminars: 2400 The fee includes all seminar documentation, luncheon and coffee breaks. HOW TO REGISTER You must send the registration form with the receipt of the payment to: TECHNOLOGY TRANSFER S.r.l. Piazza Cavour, Rome (Italy) Fax within March 10, 2003 PAYMENT Wire transfer to: Technology Transfer S.r.l. IntesaBci - Agenzia 3 di Roma Account number /01/10 - CAB 05039, ABI GENERAL CONDITIONS If anyone registered to participate is unable to attend, a substitute may participate in their place. A full refund is given for any cancellation received more than 15 days before the seminar starts. Cancellations less than 15 days prior the event are liable for 50% of the fee. Cancellations less than one week prior to the event are liable for the full fees as invoiced. In case of cancellation of the seminar, Technology Transfer s responsibility only applies to the refund of the participation fees which have already been forwarded. VENUE Residenza di Ripetta - Via di Ripetta, 231 Rome (Italy) SEMINAR TIMETABLE 9.30 am pm 2.30 am pm WARREN ADVANCED NETWORK PENETRATION TESTING METHODOLOGY DIGITAL FORENSIC INVESTIGATIONS AND INCIDENT RESPONSE BOTH SEMINARS Rome March 24-26, 2003 Residenza di Ripetta Via di Ripetta, 231 Registration fee: 1400 Rome March 27-28, 2003 Residenza di Ripetta Via di Ripetta, 231 Registration fee: 1200 Special price for the delegates who attend both seminars: 2400 If anyone registered is unable to attend, or in case of cancellation of the seminar, the general conditions mentioned before are applicable. first name... surname... WARREN KRUSE job title... organisation... address... postcode... city... country... telephone... fax Stamp and signature Send your registration form with the receipt of the payment to: Technology Transfer S.r.l. Piazza Cavour, Rome (Italy) Tel Fax info@technologytransfer.it