IT Awarenes Training

Who should attend?

This course is an IT Security Training  awareness program  for those want to secure the  Environment , Server , Network , Website , Mobile App & Database from unwanted attacks.  

Introduction to Information Security For Business
  • Role of Information Security in Today’s Era
  • Importance of Information Security in Business
  • Basic Terminologies
  • Hack Value
  • Zero Day – Vulnerability / Attack
  • CIA Triad Corporate trade
  • Case Studies of Recent Hacks
Hacking Phases & Countermeasures
  • Phases of Hacking
  • Social Engineering & Techniques
  • Phishing
  • SMShing
  • Whaling
  • Dumpster Diving
  • Shoulder Surfing
  • Tailgating / Piggy-backing
  • Disgruntled Employees
  • Identity Theft
  • Unauthorised Access
  • Shadow IT
  • Credential harvesting / Password guessing
  • Preventive measures
Malware Essentials
  • Malware, Ransomware & Key-loggers
  • Types of malware
  • What is ransomware
  • What are key-loggers
  • Fly-by-downloaders
  • Droppers
  • Advance Persistent Threats
  • Preventive Measures
  • Patch management
  • AV updates
  • Back-up
Enterprise Procedural Security
  • Security Best Practices
  • Password guidelines
  • Internet usage
  • Email usage
  • Email etiquettes
  • Identifying phishing emails
  • Dealing with offensive emails
  • 2-Factor / Multi-factor authentication
  • Mobile device security threats & prevention
  • Portable device / media security threats & prevention
  • Clear desk
  • Handling / Disposal of sensitive data (print/digital)
  • Data classification & labelling
  • Storage – encryption / hashing
  • Disposal
  • Physical Security
  • Access controls
  • Visitor management
Windows & Active Directory Hardening &Auditing
  • Organization Infrastructure Security
  • Windows OS security
  • Architecture & security principles
  • Physical security
  • Secure installation / Patch management
  • Network services
  • Security Policies – Local Policies / Group Policies
  • User rights management
  • File systems & permissions
  • Active Directory
  • Sites, Domains, OU’s
  • Group Policy Objects
  • Windows Server hardening benchmarks
  • Audit trails & event logs
  • Tools – MBSA
Linux System & Server Security
  • Securing Linux
  • Boot loader security
  • Linux kernel security
  • Local user accounts & group accounts
  • Password security
  • Network services
  • Securing Root
  • Linux File System
  • Critical files & folders (/etc/shadow & /etc/passwd)
  • Knowing the Wheel Group & SecureTTY
  • File permissions & special permissions
  • Linux server hardening benchmarks
  • Securing Web Servers
  • IIS & Apache web server hardening
  • Securing IIS server
  • Securing Apache server
Infrastructure Security Best practices
  • Organization Infrastructure Security
  • Network security
  • Fundamental stacks
  • Ports & protocols & Services
  • Network scans & enumeration
  •  manual scanning & enumeration
  •  Understanding Nessus reports
  • Enumerating network ports, services & vulnerabilities
  • Network sniffing & troubleshooting 
  • Common security issues
  • Types & sources of network attacks
  • Denial of Service
  • SYN Flood
  • Smurf attack
  • DOS land attack
  • Unauthorized access
  • Password stealing / guessing / cracking
  • Remote code execution
  • MITM attacks
  • Wireless security
  • Insecurities in wireless networks
  • Security myths – Hidden SSID, MAC filtering
  • WEP / WPA / WPA2 security
  • Rogue access points
Database Security
  • Database Security
  • Database architecture – Oracle / MSSQL
  • Secure installation
  • Securing network services
  • Database links
  • Securing defaults – password & account parameters
  • Users, Profiles, Roles & Privileges
  • Stored procedures, Extended procedures & Views
  • Auditing
  • Statements
  • Privileges
  • Fine grained auditing
  • Database security assessment tools – Oscanner & Scuba
  • Database server hardening benchmarks
Web Applications Security
  • Introduction to web applications
  • Web application architecture
  • Application security risks
  • Global standard frameworks
  • SANS Top 25
  • WASC
  • NIST
  • OWASP Top 10 
  • Web Services security testing 
  • Counter-measures for web services attacks
  • Introduction to API & API Security
  • Attacks on API
  • API assessment approach
  • Counter-measures for API attacks
  • Application security assessment tools
  • Counter-measures for OWASP Top 10
Cloud , Android & IOS Security
  • Securing The Cloud
  • What is cloud computing
  • Cloud service models
  • Cloud deployment types
  • Virtualization concepts & security
  • Identity & access management
  • Cloud data security best practices
  • Mobile Application Security
  • Android application architecture
  • Android application components
  • Communicating with android devices using ADB
  • Exploiting android application vulnerabilities
  • Static using dex2jar, jdgui
  • Dynamic using Drozer
  • Mobile OWASP Top 10
  • IOS application architecture
  • IOS application architecture
  • ARM Processors
  • IOS security mechanisms
  • IOS security architecture
  • Secure boot chain 
  • Develop IOS security testing environment
  • IOS Applications Debugging
  • IOS Application Security Testing
  • Countermeasures & recommendations