IT Systems & Networking and Security

Date: 7th June – 16th July 2010

Duration: 6 Weeks
Mbabane, Swaziland

You will learn how to

• Analyse your exposure to information assurance threats and
protect your organisation’s system and data
• Reduce your susceptibility to an attack by deploying
firewalls, data encryption and decryption, and other
countermeasures
• Manage risks emanating from inside the organization and
from the internet
• Protect network users from hostile applications and viruses
• Identify the security risks that need to be addressed within
your organization

Course Benefits
Organizations today are linking their systems across enterprise-
wide networks and virtual private network (VPNs), as well as
increasing their exposure to customers, competitors, browser and
hackers on the Internet. Each connection magnifies the
vulnerability to attack.

This course provides the fundamentals knowledge you need to

analyse risks to your network and systems. You learn the steps to
take in order to select and deploy the appropriate
countermeasures to reduce your exposure to network threats.

Who should attend?

This course is valuable for those who require skills to develop and
implement security schemes designed to protect their
organization’s information from threats.

Course Content
Building a Secure Organisation

Real threats that impact security

• Hackers inside and out
• Eavesdropping
• Spoofing, Sniffing
 • Trojan horses
• Viruses, Wiretaps
A security policy: the foundation of your protection
• Defining your information assurance objectives
• Maximising threat reduction
• Assessing your exposure

A Cryptography Primer

Securing data with symmetric encryption

• Choosing your algorithm: DES, AES, RC4 and others
• Assessing key length and key distribution

Solving key distribution issue with asymmetric encryption

• Generating keys
• Encrypting with RSA
• Working with PGP and GnuPG
• Evaluating Web of Trust and PKI

Ensuring integrity with hashes

• Hashing with MD5 and SHA
• Protecting data in Transit
• Building the digital Signature

Verifying User and Host Identity

Assessing traditional static password schemes
• Creating a good quality password policy to prevent password
guessing and cracking
• Protecting against social engineering attacks
• Encrypting password vs. replay attacks

Evaluating strong authentication methods kmnj

• Using challenge response too prevent man-in-the-middle
attacks
• Preventing Password replay using one-time and tokenized
password
• Employing biometrics as part of two-factor authentication

Authenticating hosts
• Shortcomings of IP addresses
• Address-spoofing issues and countermeasures
 • Solutions for wireless networks

Preventing System Intrusions

Discovering systems vulnerabilities

• Searching for operating system holes
• Discovering file permission issues
• Limiting Access via physical security

Encrypting files for confidentiality

• Encryption with application specific tools
• Recovering encrypted data

Hardening the operating system

• Locking down user accounts
• Securing administrator’s permission
• Importance of logging
• Protecting against viruses

Guarding Against Network Intrusions

Scanning for vulnerabilities

• Restricting access to critical services
• Preventing buffer overflows

Reducing denial of service (DoS) attacks

• Securing DNS
• Limiting the impact of common attacks

Deploying firewalls to control network traffic

• Analyzing shortcomings of stateless packet filters
• Contrasting stateful packet filters with application proxies
• Preventing intrusions with filters

Building network firewalls

• Evaluating firewall features
• Selecting an architecture and a personal firewall
Ensuring Network Confidentiality

Threats from the LAN

• Sniffing the network
• Mitigating threats from connected hosts
• Partitioning the network to prevent data leakage
• Identifying wireless LAN vulnerabilities

Confidentiality on external connections

• Ensuring confidentiality with encryption
• Securing data-link layer with PPTP and L2TP
• Middleware information assurance with SSL and TLS
• Deploying SSH (the Secure Shell)

Protecting data with IPsec

• Authenticating remote locations
• Tunnelling traffic between sites
• Exchanging Keys

Managing Your Organisation’s Security

Developing a security plan

• Necessity of a workable plan
• Defining features of a good plan
• Responding to incidents
• Enumerating the six critical steps

Final Project
Action Planning

***** ***** ***** ******

NOTE
Course participants are invited to highlight topics of interest
before the detailed course schedule is prepared for
commencement. This will usually be on the orientation day
Every effort will be made to accommodate participants training
needs within the general scope of the course.
Approach to training

Practical participant – centred activities are fundamental to all Dti

courses. In line adult learning principles, Maximum use is made
of syndicate exercises, case studies, field trip1s, role-playing,
management games, plenary sessions and training videos.
Participants are encouraged to be directly involved in analysing
and solving managerial problems. Although participants will
usually work in groups, there will be an expectation for each
person to develop an individual action plan for implementation
on return to their working environment.

Course Information
Course Date Course Course Venue Course Fee
Duration (US$)

7th June – 16th

Mbabane -
July 2010 6 Weeks 5,950.00
Swaziland

TOTAL 5,950.00
(Course fee & study materials only)

Funding and Scholarship

Prospective participants seeking a place on Dti programmes
should make early applications in writing to one or more donor

1
agencies in their respective countries to secure funding
possibilities.

NOTE: All delegates participating in this

programme will each receive a personal
take-home Laptop Computer, Colour Printer
and Flash Drive!!!