The training focuses on measures for the hardening and secure configuration of Windows client and server systems as well as their effect against hacker attacks.
Instructors: Christian Strache and Constantin Tschürtz
Duration: 2 days
The secure configuration and hardening of client and server systems provides an important basis for the protection from attacks. Especially client systems have repeatedly been the focus of targeted attacks and serve as a starting point for further attacks on internal systems and services. With Windows 10, Microsoft has introduced various security-relevant innovations to protect client systems. In the default configuration, however, Windows systems as well as the web, application and database servers running on them provide a large attack surface.
This training will show you what hardening measures can help complicate or prevent typical hacker attacks. We will clearly demonstrate what kinds of threats exist for the respective systems and what an attacker can achieve due to poorly protected systems. For each threat scenario, we will then introduce you to the possibilities available with system tools to harden or securely configure client and server systems, application and web servers as well as databases in the Windows environment. In many practical examples and exercises, participants will learn how and with which tools they can identify, reconstruct and fix typical vulnerabilities on their own. We will directly compare the way the individual hardening measures work with the specific threat scenarios such as pass the hash, privilege escalation or ransomware.
In addition to the hardening and secure configuration of the systems as such, the training will demonstrate administrative and organizational measures on how to secure client and server environments. For instance, this includes ideas on secure administration (e.g. use of layered administration and privileged access workstations) or on dealing with local administrative permissions on client systems.
The training will cover not only the useful application of supporting tools such as Security Compliance Manager (SCM) or Attack Surface Analyzer (ASA) but also the use of tools to detect vulnerabilities such as Nessus and database scanners.
Examples of topics covered for Windows client systems
- Basic hardening of Windows clients
- Security-relevant innovations in Windows 10
- Client hardware requirements for the use of relevant security features
- Windows 10 versions and update methods (e.g. LTSB, Enterprise, Professional)
- Virtualization-based security features in Windows 10 (e.g. Credential Guard, Device Guard)
- Securing the boot process (e.g. BitLocker, UEFI, Secure Boot, Trusted Boot)
- Application control (e.g. AppLocker, Device Guard)
- Manageability of Windows 10
- Data protection in Windows 10 in enterprise environments
Examples of topics covered for Windows server systems
- Basic hardening of Windows servers
- Use of hardening measures, e.g. via GPOs
- Use of tools for security configuration and analysis (e.g. Security Compliance Manager)
- Service hardening
- Restriction of executable programs
- Terminal server protection
- File server protection
Examples of topics covered for web and application servers
- Microsoft IIS hardening
- Apache/Tomcat hardening on Windows Server
Examples of topics covered on the database level
- Basic measures for the protection of MSSQL databases
- Use of database scanners
Participants will use laptops in this intensive training course, so they can apply the acquired knowledge in practical exercises.
Security managers and administrators looking for effective ways to protect their Windows systems and services.
Participants of our Hacking Extreme und Hacking Extreme Web Applications trainings who wish to learn about appropriate protection options in the Windows environment.
Basic knowledge in the Windows operating systems (clients, servers) and (IIS) web server fields. Some exercises require the use of command-line tools such as PowerShell. The trainers will be happy to assist in handling them in case you need help.
Maximum number of participants: 15 persons
Price: € 2,000
Date: January 29-30, 2018, the two days before the IT-Defense conference starts.
The training is conducted in German by two experienced trainers. They work as consultants and can thus complement the course with comprehensive and recent practical experience.
You will receive CPE Points for participating in the training. The training takes 16 hours. You will get a certificate after having completed the training.
Leonardo Royal Hotel Munich
Moosacher Strasse 90
Tel: +49 (89) 288 538 0
Fax: +49 (89) 288 538 100
Christian Strache was born in Berlin in 1986. He received his bachelor’s degree in information management, specializing in IT security and IT forensics, from the University of Koblenz before fully devoting himself to IT security in the master’s program at the University of Bochum. Having written his Bachelor‘s thesis on IT forensics tools, his Master’s thesis was about secure login methods for Android devices.
He had already gained experience in several consulting companies during his studies. The points of focus complemented his studies in a practical way and included mobile security and web security.
Christian Strache has been working as a consultant in the IT security field at cirosec GmbH since 2012. He is an expert in technical security of web applications and server systems and thus carries out security assessments and penetration tests of internal and external systems on a regular basis. In addition to looking for vulnerabilities in applications and systems, he advises our customers on questions regarding server hardening in Windows and Linux environments. Besides the hardening of web applications and servers, Christian Strache is a certified expert in web application firewalls of different manufacturers and supports our customers regularly in the evaluation, implementation and optimization of web application firewalls used in companies.
Constantin Tschürtz first studied Computer Science at Karlsruhe University of Applied Sciences. He completed his studies in 2013 with a Bachelor of Science degree. He gained first practical experience as a research assistant at the Laboratory for Automation Technology as well as within an internship for six months at a software developer for CRM systems. Toward the end of his studies, he took up a working student job at a large German Internet provider in the application security field, where he gained first practical experience in the web security field and later wrote his thesis.
Constantin Tschürtz then switched to TU Darmstadt, where he received a Master’s degree in IT Security in August 2015. At the same time, he resumed his work at the large German Internet provider in the application security field at the end of 2014 and gained more detailed experience in the web security and audits field. Moreover, he published a paper as a co-author, which was accepted at the RAID Symposium 2015.
After having finished his studies, he has been working as an IT security consultant at cirosec GmbH since September 2015.