2011.5.30 ~ 6.4 CERT Training Course, Dar es Salaam, Tanzania
Coordinator: Kilnam Chon
Part 1: 5.30 CERT Introduction (CERT Training Course for Manager and Policy Maker)
Part 2: 5.31~6.2 CERT Training Course for Technical Staff
Part 3: 6.3~6.4 CERT Training Course on Web Security
========= Part 1: CERT Introduction (CERT Training Course for Manager and Policy Maker) ==================
Date: 2011.5.30
Place: Dar es Salaam
Chief Editor: Mohamed Ibrahim
Co-Chief Editor: Vincent Ngundi
Course Overview
The course targets policy makers and CSIRT managers and is aimed at giving this target group
an overview of global information security threats, the role of CSIRTs in cybersecurity(/information security)
management and the key role of Trust Networks in handling cyber incidents.
Session 1: (90 minutes)
Introduction - Cyber Security: an overview, by Marcus Adomey
Overview of Global Information Security. Definition, clarification on concept.
This session will give a general overview of global cybersecurity threats
and will introduce the areas of cybersecurity and CSIRTs.
Section 2: (90 minutes)
Setup and Role of CSIRT, by Jean Robert Hountomey with Vincent Ngundy
This session will give an overview of the role of CSIRTs, authority, stakeholders, constituents, among others.
What are the responsibilities of CSIRT, services they offer, what are the steps to go through for creating CSIRT.
Section 3: (90 minutes)
CSIRT Services, by Jacques Houngbo
This session will explain the different roles of CSIRTs. Practical continuation of Session 2.
Section 4: (90 minutes)
CERT - NETWORKS... what networks?, by Mohamed Ibrahim
Building Trusted Networks. Concept of computer networks, focusing on security issue. Idea of trusted network.
This session will discuss ways that CSIRTs can build trust collaboration networks
and the value of these networks in cybersecurity management. The session will also
introduce some of the existing CSIRT regional and international organizations, forums and conferences .
Additional Presentation Material: CSIRT Philosophy and Culture, Adel Marzouq Riyad
============== Part 2. CERT Training Course for Technical Staff =========================
Date: 2011.5.31~6.2
Place: Dar es Salaam
Chief Editor: Marcus Adomey
Deputy Chief Editor: Jacques Houngbo
First Day (5.31 Tuesday)
Session 1: (30 minutes)
Marcus Adomey
Introduction - CSIRT Philosophy and Culture
Session 2: (90 minutes)
Marcus Adomey
Technical Overview of Security
Session 3: (180 minutes)
Jacques Houngbo
Hands on PGP
Second Day (6.1 Wednesday)
Session 4: (360 minutes - 60 minutes each)
Jacques Houngbo
Incident Handling
- Preparation - limit the number of incidents that will occur
- Detection and analysis: security breaches, incident classification, sign of incidents
- Containment, eradication, recovery: limit the spread, gather evidences, eliminate components, restore system
- Post incident activities: lessons learned, data collected
- Hands on: PGP, risk assessment, failure mdoe and effects analysis(FMEA)
Session 5: (30 minutes)
Marcus Adomey
Internet Protocols and Security
Third Day (6.2 Thursday)
Session 6: (90 minutes)
Jean-Robert Hourtomey
Information Gathering and Analysis
- forensic matters, implication with law information
Session 7: (60 minutes)
Marcus Adomey
CSIRT Tools
Session 8: (120 minutes)
Mohamed Ibrahim
Preparing Participants ro be Trainer
================== Part 3. CERT Training Course on Web Security =================================
Date: 2011.6.3 ~ 4
Place: Dar es Salaam
Instructors: Koichiro "Sparky" Komiyama and Suguru Yamaguchi, JPCERT/CC
Abstract:
Web services have become the vital information sharing and processing platform for the Internet today.
With wider extensions of functions provided by the web services, the web platform is now working
very tightly with the other information systems around the world.
However, even with several standardization efforts of protocols and data structures,
the web service servers are including more complicated components such as JavaScript,
flash and pdf handlers for sophisticated services expected by their customers.
This trend to including more complicated components to the web servers also gives us
difficulties on operations and management of information security of the web services.
In this two days course, we learn intentionally on what are the modern web service and
its protocols, what security issues in the web service platform are, and how we can deal
with them as operators and managers. This course requires the participant to have the
basic knowledge about TCP/IP protocol suites, operating system architecture in the modern
information systems, and digital presentations of wide variety of data handled in the internet.
The components we learn here in this class are:
- - Web servers and HTTP protocol details
- - Basics for using web access analyzer
- - Integral components for web service such as contents encoding schemes, java script, and HTTP session managers
- - Web Application Firewalls (WAF)
- - Authentication and access control to the web servers
- - Modern attack techniques to the web servers including spoofing using web cookies, cross-site scripting, and tapping etc.
- - Basic techniques of Java script validations and tricks to bypass its validation procedures at the web servers.
- - Using SOAP
This class also provides you opportunities to learn more through hands-on sessions.
Goal:
After completing this course, participants will...
- - Understand why web app are so easily attacked
- - Be able to use security testing tools (like fiddler)
- - Know how to identify and avoid common vulnerability
- - Start to think like a hacker
- - Know how to conduct web app security hands-on
Schedule:
First Day(6.3)
Session 1: (180 minutes)
Lecture: HTTP Protocol, Web Server and Web Applications
Session 2: (60 minutes)
Lecture: Setup Exercise Tools
Session 3: (90 minutes)
Exercise 1: Web application security exercise
Second Day(6.4)
Session 4: (240 minutes)
Exercise 2: Web application security exercise
Session 5: (90 minutes)
Exercise 3: Web application security exercise
Session 6: (90 minutes)
Lecture: Tools for Trainers
Appendix: List of Exercises
- HTTP basics
- Basic authentication
- Spoof an authentication cookie
- Bypass client side JavaScript validation
- Bypass a path based access control
- Stored XSS attacks
- Reflected XSS attcks
- Fail open authentication scheme
- Discover clues in HTML
- Create a SOAP request
=================================================================================
Remark 1: If you would like to participate only Part 3 training course, please contact Suguru
Yamaguchi, or Koichiro Sparky Komiyama.
Remark 2: We may plan "African CERT Forum" in November 2011.
Remark 3: We are looking for 1~2 instructor candidates for Advanced CERT Course to be
given in November 2011 and beyond.
Remark 4: Please make the reservation of the above 6-day course at www.AfNOG.org.
Back to the AAF Homepage