Security and Audit-Related Speaking Topics
-
Strategies for Auditing Web Servers and Web Sites -
IDS: Your Cyber Burglar Alarm
-
Best Practices for an IIS Configuration
-
Security Tools for the NT-Based Internet Server
-
Understanding TCP/IP Security and Audit
-
Protecting Your Privacy on the Internet
-
Windows 2000 Server Security
-
Audit and Security of Cisco Routers: An Introduction
-
Information Security for IT Managers
-
Selling Information Security to Your Organization
-
Countermeasures to Network Security Attacks
-
How to Secure Your Networks for E-Business
-
Understanding PKI
-
Securing Wireless Local Area Networks: Shooting in the Air?
Strategies for Auditing Web Servers and Web Sites
If your organization is running a public web site, this session is for you. You will discover the key control points associated with a web server. Also, you will learn how to use commercial and publicly available tools to audit a web server configuration and uncover weaknesses in the underlying operating system and TCP/IP configuration. You will learn about:
Web site
auditing
Web server
configuration
Auditing Web
content
Web and server
logs
Network
security
IDS: Your Cyber Burglar Alarm
You do not create a good security program by buying a point product such as a firewall. You build a good security program by developing administrative and management processes. Tools provide the data to the process, but you must analyze the data to gather information about your security. In this timely session, you will learn about an effective tool to help manage your security processes—intrusion detection systems. At the end of this session, you will understand the who, what, where, how and why of IDS.
IDS defined
Types of IDS
Deploying IDS
Reacting to alerts
Best Practices for an IIS Configuration
Microsoft's Internet Information Server, coming as it does free with Windows NT, is the default for many Web servers. An understanding of the parameters to set in IIS and Windows NT is key to securing your system. In this session, you will learn about:
Installing server software and adjusting file and directory access
Fixing file system and Registry permissions
Disabling unneeded network services
Disabling unnecessary Web server features, CGI scripts and extensions
Setting up Secure Sockets Layer for IIS
Remote administration
Monitoring Web server and Event logs
Security Tools for the NT-Based Internet Server
Maintaining and monitoring Windows NT and IIS security is a full time job, especially in large organizations. Automating these processes will help you in your effort to remain vigilant. In this session, you will learn about administrative tools as well as security and audit tools to help you. You will learn about:
Windows NT auditing programs
NT software assistants
Security scanners
Event log analyzers
Web log analyzers
Understanding TCP/IP Security and Audit
If you need to understand TCP/IP this session is for you. You will discover the TCP/IP and OSI models. Also, you will learn how to use commercially and publicly available tools to audit a host running TCP/IP and uncover weaknesses in the underlying protocols. You will learn about:
TCP/IP protocols
log
Network layer protocols and their risks
Transport layer protocols and their
risks
Application layer protocols and their
risks
Protecting Your Privacy on the Internet
With its myriad resources, the Internet has become a valuable tool. However, using the Internet is fraught with dangers. One such danger is the compromise of your privacy. Anytime you visit a site you give up information about yourself you might want to protect. In addition, many sites write information to your system that compromises your privacy. Attend this session and learn how to find a middle course between protecting yourself and using Net resources. This session will cover:
Identifying key threats to your privacy on the Internet
Defending against packet sniffers
Evaluating the security
and privacy issues associated with the use of cookies in web
applications
Using anonymizers, proxy servers, and
other countermeasures to mask your identity in e-mail and web
applications
Sources of information on privacy
advocacy
Windows 2000 Server Security
With its power, scalability, compatibility, and networking features, it was no wonder that Windows NT was widely used by organizations. Now, Microsoft has improved it and has entered the new century touting Windows 2000 as the operating system of the next century. W2K is richer in security features then Windows NT. In this timely session you will learn how to safeguard your data using the security features of Windows 2000 Server. This session will cover:
New security features
Active Directory security
Domain security
policies
MMC
Leveraging built-in security features
and tools
Selecting tools for auditing Windows
2000
Audit and Security of Cisco Routers: An Introduction
Cisco routers are used to provide secure, reliable and efficient corporate-wide internetworking. To deploy a Cisco router successfully, audit, security and networking professionals require a thorough understanding of the security and audit features and functions. This important session provides an introduction to Cisco IOS network security. This session will cover:
Internetworking terminology
Setting up and administering the
router
Review of Routing Information
Protocol (RIP)
Authentication, Authorization and
Accounting (AAA)
Security Server Protocols
Building basic and advanced access
lists
Applying access lists to interfaces
Preventing Denial-of-Service attacks
Information Security for IT Managers
Is information security an important issue within your organization? Many CIOs don’t see security as an important issue in their organizations. Surprised? Well, management’s resistance to costs having uncertain payoffs, and paybacks difficult to quantify, is understandable; however, security has become an important performance parameter. This timely session will introduce you to the chief components of an information security program. This session will cover:
Defining business drivers and objectives for an enterprise information
security program
Defining the role of line managers,
IT managers, IT technicians, information security, internal audit, and
other employees in the security program
Defining a high-level architecture
for information security
Tips and techniques for performing
information security self-assessments
Selling Information Security to Your Organization
Computer criminals grow more cunning by the minute and no organization can afford to be without a sound information security program. In this practical session you will master proven tactics for raising the organization’s collective consciousness about security and controls, and learn how to implement motivational strategies that make awareness effective. This session will cover:
Identifying the key ingredients for a successful awareness program
Appealing to all parts of the
organization: tips and techniques
Tapping the people factor: the key to
security awareness
Keeping security awareness consistent
throughout the organization
Countermeasures to Network Security Attacks
In this session, you will learn about some common network and application attacks: IP spoofing, SMURF, DDoS, and spamming. You will discover controls for preventing or mitigating the effects of these attacks. This session will cover:
Evaluating recent security advisories and exploits
Sample network security attacks
Developing a Network Security Plan
Defining a network perimeter security
strategy
Authentication
Encryption
Firewalls
Intrusion detection
Testing your network
How to Secure Your Networks for E-Business
Companies are engaging in all types of e-business—from electronic publishing to e-commerce. This informative session will look at the basics of e-business. You will learn about:
Protecting transaction confidentiality
Types of encryption
Authentication schemes: digital
signatures, digital certificates, certification authorities, smart
cards, biometric identification
Enterprise infrastructure protection:
firewalls, virtual private networks
Understanding PKI
Encryption is an important part of a security architecture. Understanding the various types of encryption algorithms and how they are used is essential to your security program. This informative session will cover the following:
Introduction to cryptography: private key, public key, message digest
Public Key Infrastructure (PKI)
Certificates and signatures
Certification Authorities and
Directories
Securing Wireless Local Area Networks: Shooting in the Air?
Wireless LAN use is growing fast. Research company Dell’Oro Group predicts the worldwide market for all products based on the 802.11 standard by 2006 will grow to $3.1 USD billion in annual revenue, from $1.2 USD billion in 2001. These WLANs are popping up in the government and companies in a manner reminiscent of the first departmental LANs. WLAN technology makes setting up a network relatively simple. But securing them is another matter altogether. They are creating major security and configuration management headaches for IT infrastructure managers. In this state-of-the-art session, you will learn how to improve your control of wireless LANs as we highlight:
Security issues associated with the
different wireless LAN infrastructure devices and the potential for
undermining existing network infrastructure security
Evaluating
built-in and add-on safeguards for WLANs: wired equivalent privacy (WEP),
server set identifiers (SSIDs), authentication and association, cell
sizing, multi-pathing, hidden node, near/far, interference, WPA, and EAP
Security
threats and safeguards for wireless LANs
Defining
effective policies for the safe use of WLANs
To schedule
Phone
- 416-907-4041, Eastern Time, 9:00 a.m. to 5:00 p.m., Monday-Friday
Fax
- 416-907-4851