This training focuses on the hardening and the secure configuration of Windows and Linux systems, of databases and of web and application servers.
Instructors: Stefan Middendorf and Christian Strache
Duration: 2 days
The secure configuration and hardening of operating systems, application servers and databases provide an important basis for the protection from attacks. Particularly when it comes to attacks on applications, these measures are crucial. However, also for system-level vulnerabilities, relying solely on firewalls is usually not enough.
After briefly introducing the respective threat scenarios and methods of attack, the course shows how to harden and securely configure operating systems, application servers, web applications and databases. In many practical examples and exercises, participants will learn how to identify and fix typical vulnerabilities, and which tools are available to help.
In addition to current Windows and Linux versions, the course also deals with Apache and Tomcat as sample web and application servers, respectively, as well as with databases.
The training covers both the effective use of supporting tools like Security Compliance Manager (SCM) and the use of tools for identifying vulnerabilities, such as Nessus and database scanners.
Examples of topics covered for Windows operating systems
- Hardening using security templates and group policies
- Use of tools for security configuration and analysis (Security Configuration Wizard, Security Compliance Manager)
- Hardening of services
- Limitation of executable programs
- Securing terminal servers
- Securing file servers
Examples of topics covered for Unix operating systems
- Measures for basic hardening
- SE Linux
- Difficulty of SUID and restriction of privileges
- Password policies
- Identification of vulnerabilities with Nessus Credential Scan
Examples of topics covered for web and application servers
- Hardening of Apache
- Hardening of Tomcat
Examples of topics covered at the database level
- Basic measures for securing databases
- Use of database scanners
Participants will use laptops in this intensive training course so they can apply the acquired knowledge in practical exercises.
Security managers and system administrators looking for effective ways to protect their systems and applications.
Basic knowledge in the fields of operating systems (Windows/Unix) and web servers. The exercises partly require using command-line tools on Linux. The trainers will be happy to assist in managing them in case help is needed.
Maximum number of participants: 15 persons
Price: € 2,000
Date: February 13-14, 2017 - the two days before the IT-Defense conference starts
The training is conducted in German by two experienced trainers. They work as consultants and can thus complement the course with comprehensive and recent practical experience. You will receive CPE Points for participating in the Hardening and Secure Configuration training. The training takes 16 hours. You will get a certificate after having completed the training.
andel's hotel Berlin
Landsberger Allee 106
Tel.: +49 30 453 053 0
Fax: +49 30 453 053 2099
Christian Strache was born in Berlin in 1986. He received his bachelor’s degree in information management, specializing in IT security and IT forensics, from the University of Koblenz before fully devoting himself to IT security in the master’s program at the University of Bochum. Having written his Bachelor‘s thesis on IT forensics tools, his Master’s thesis was about secure login methods for Android devices.
He had already gained experience in several consulting companies during his studies. The points of focus complemented his studies in a practical way and included mobile security and web security.
Christian Strache has been working as a consultant in the IT security field at cirosec GmbH since 2012. He is an expert in technical security of web applications and server systems and thus carries out security assessments and penetration tests of internal and external systems on a regular basis. In addition to looking for vulnerabilities in applications and systems, he advises our customers on questions regarding server hardening in Windows and Linux environments. Besides the hardening of web applications and servers, Christian Strache is a certified expert in web application firewalls of different manufacturers and supports our customers regularly in the evaluation, implementation and optimization of web application firewalls used in companies.
Managing Consultant, Co-Founder and Partner
Stefan Middendorf studied at Heidelberg University (Medical Informatics) and at the Swiss Federal Institute of Technology Zurich. In 1999, he graduated with a thesis on XML and Java.
Having completed his studies, he first worked as an IT security consultant. Later, he joined the Strategic Development team of Articon-Integralis AG and dealt with the evaluation and integration of IT security products with a focus on PKI.
In addition to numerous articles on PKI, Java and XML in various journals, Stefan Middendorf has published books on Linux und Java.
He has been working at cirosec GmbH since April 2002. Today, he is the head in the technical assessment field, and he is responsible for quality assurance. Moreover, the focus of his work is on:
- architecture and design reviews of complex e-business environments and of applications
- design guidelines and awareness measures for developers
- risk analysis
Stefan Middendorf has played a vital role in developing our trainings “Hardening and Secure Configuration” and “Hacking Extreme Web Applications”, and he is a regular instructor of these trainings.