6 Incident Response courses in Cardiff

SECURITY+ TRAINING COURSE DESCRIPTION A hands on course aimed at getting delegates successfully through the CompTia Security+ examination. WHAT WILL YOU LEARN * Explain general security concepts. * Describe the security concepts in communications. * Describe how to secure an infrastructure. * Recognise the role of cryptography. * Describe operational/organisational security. SECURITY+ TRAINING COURSE DETAILS * Who will benefit: Those wishing to pass the Security+ exam. * Prerequisites: TCP/IP foundation for engineers * Duration 5 days SECURITY+ TRAINING COURSE CONTENTS * General security concepts Non-essential services and protocols. Access control: MAC, DAC, RBAC. Security attacks: DOS, DDOS, back doors, spoofing, man in the middle, replay, hijacking, weak keys, social engineering, mathematical, password guessing, brute force, dictionary, software exploitation. Authentication: Kerberos, CHAP, certificates, usernames/ passwords, tokens, biometrics. Malicious code: Viruses, trojan horses, logic bombs, worms. Auditing, logging, scanning. * Communication security Remote access: 802.1x, VPNs, L2TP, PPTP, IPsec, RADIUS, TACACS, SSH. Email: S/MIME, PGP, spam, hoaxes. Internet: SSL, TLS, HTTPS, IM, packet sniffing, privacy, Javascript, ActiveX, buffer overflows, cookies, signed applets, CGI, SMTP relay. LDAP. sftp, anon ftp, file sharing, sniffing, 8.3 names. Wireless: WTLS, 802.11, 802.11x, WEP/WAP. * Infrastructure security Firewalls, routers, switches, wireless, modems, RAS, PBX, VPN, IDS, networking monitoring, workstations, servers, mobile devices. Media security: Coax, UTP, STP, fibre. Removable media. Topologies: Security zones, DMZ, Intranet, Extranet, VLANs, NAT, Tunnelling. IDS: Active/ passive, network/host based, honey pots, incident response. Security baselines: Hardening OS/NOS, networks and applications. * Cryptography basics Integrity, confidentiality, access control, authentication, non-repudiation. Standards and protocols. Hashing, symmetric, asymmetric. PKI: Certificates, policies, practice statements, revocation, trust models. Key management and certificate lifecycles. Storage: h/w, s/w, private key protection. Escrow, expiration, revocation, suspension, recovery, destruction, key usage. * Operational/Organisation security Physical security: Access control, social engineering, environment. Disaster recovery: Backups, secure disaster recovery plans. Business continuity: Utilities, high availability, backups. Security policies: AU, due care, privacy, separation of duties, need to know, password management, SLAs, disposal, destruction, HR policies. Incident response policy. Privilege management: Users, groups, roles, single sign on, centralised/decentralised. Auditing. Forensics: Chain of custody, preserving and collecting evidence. Identifying risks: Assets, risks, threats, vulnerabilities. Role of education/training. Security documentation.

NETWORK FORENSICS TRAINING COURSE DESCRIPTION This course studies network forensics-monitoring and analysis of network traffic for information gathering, intrusion detection and legal evidence. We focus on the technical aspects of network forensics rather than other skills such as incident response procedures etc.. Hands on sessions follow all the major sections. WHAT WILL YOU LEARN * Recognise network forensic data sources. * Perform network forensics using: Wireshark NetFlow Log analysis * Describe issues such as encryption. NETWORK FORENSICS TRAINING COURSE DETAILS * Who will benefit: Technical network and/or security staff. * Prerequisites: TCP/IP foundation for engineers. * Duration 3 days NETWORK FORENSICS TRAINING COURSE CONTENTS * What is network forensics? What it is, host vs network forensics, purposes, legal implications, network devices, network data sources, investigation tools. Hands on whois, DNS queries. * Host side network forensics Services, connections tools. Hands on Windows services, Linux daemons, netstat, ifoconfig/ipconfig, ps and Process explorer, ntop, arp, resource monitor. * Packet capture and analysis Network forensics with Wireshark, Taps, NetworkMiner. Hands on Performing Network Traffic Analysis using NetworkMiner and Wireshark. * Attacks DOS attacks, SYN floods, vulnerability exploits, ARP and DNS poisoning, application attacks, DNS ANY requests, buffer overflow attacks, SQL injection attack, attack evasion with fragmentation. Hands on Detecting scans, using nmap, identifying attack tools. * Calculating location Timezones, whois, traceroute, geolocation. Wifi positioning. Hands on Wireshark with GeoIP lookup. * Data collection NetFlow, sflow, logging, splunk, splunk patterns, GRR. HTTP proxies. Hands on NetFlow configuration, NetFlow analysis. * The role of IDS, firewalls and logs Host based vs network based, IDS detection styles, IDS architectures, alerting. Snort. syslog-ng. Microsoft log parser. Hands on syslog, Windows Event viewer. * Correlation Time synchronisation, capture times, log aggregation and management, timelines. Hands on Wireshark conversations. * Other considerations Tunnelling, encryption, cloud computing, TOR. Hands on TLS handshake in Wireshark.

CYBER SECURITY TRAINING COURSE DESCRIPTION The reliance of the world on the Internet and computer systems means the protection of information systems is vitally important. This is even more important smart devices and the Internet of Things increase the number of devices. This Cyber Security provides a concise overview on the threats and attacks that can happen along with the counter measures that can be taken. WHAT WILL YOU LEARN * Recognise the different types of attack. * Describe the attacks that can be made against information systems. * Describe the counter measures available. CYBER SECURITY TRAINING COURSE DETAILS * Who will benefit: Non-technical staff working with computers. * Prerequisites: None. * Duration 1 day CYBER SECURITY TRAINING COURSE CONTENTS * What is Cyber Security? Computer security, Policies, Types of security breach, denial of service, data manipulation, data theft, data destruction, security checklists, incident response. * Attacks Physical access, Social engineering, Privilege escalation, Malware, Trojans, worms, viruses, rootkits, Backdoors, Denial of Service (DOS), Distributed DOS, Eavesdropping, Spoofing, Man the middle tampering. * Countermeasures Prevention, detection, response. Physical, user accounts, Firewalls, IDS, AAA, authentication, cryptography, encryption, data integrity. * Cyber security standards ETSI, ISO 27001, 27002, NIST, ISA/IEC 62443.

IP SECURITY TRAINING COURSE DESCRIPTION Connection to the Internet is becoming an essential business tool. This course looks at firewalls, digital certificates, encryption and other essential topics for e-commerce sites. A generic course that looks at firewalls and VPNs. Hands on sessions include using hacking tools and configuring firewalls. WHAT WILL YOU LEARN * Describe: Basic security attacks RADIUS SSL IPSec VPNs * Implement digital certificates * Deploy firewalls to protect Web servers and users. * Secure Web servers and clients. IP SECURITY TRAINING COURSE DETAILS * Who will benefit: Network administrators. Network operators. Security auditors * Prerequisites: TCP/IP foundation for engineers * Duration 2 days IP SECURITY TRAINING COURSE CONTENTS * TCP/IP review Brief overview of the relevant headers. Hands on Download software for course, use analyser to capture passwords on the wire. * Security review Policies, Types of security breach, denial of service, data manipulation, data theft, data destruction, security checklists, incident response. * Security exploits The Internet worm, IP spoofing, SYN attack, hijacking, Ping o' Death… keeping up to date with new threats. Hands on Use a port scanning tool, use a 'hacking' tool. * Firewalls Products, Packet filtering, DMZ, content filtering, stateful packet inspection, Proxies, firewall architectures, Intrusion Detection Systems, Viruses. Hands on Set up a firewall and prevent attacks. * NAT NAT and PAT, Why use NAT, NAT-ALG, RSIP. * Encryption Encryption keys, Encryption strengths, Secret key vs Public key, algorithms, systems, SSL, SSH, Public Key Infrastructures. Hands on Run a password-cracking program. * Authentication Types of authentication, Securid, Biometrics, PGP, Digital certificates, X.509 v3, Certificate authorities, CRLs, PPP authentication, RADIUS. Hands on Using certificates. * Web client and server security Cookies, browser certificates, censorship, PICS. Operating system security, Web server user authentication, Restricting access, Logging, Securing CGI scripts. Hands on Browser security. * VPNs and IPSec What is a VPN, tunnelling, L2F, PPTP, L2TP, IPSec, AH, ESP, transport mode, tunnel mode.

CYBER SECURITY TRAINING COURSE DESCRIPTION This cyber security course focusses on the network side of security. Technologies rather than specific products are studied focussing around the protection of networks using firewalls and VPNs. WHAT WILL YOU LEARN * Describe: - Basic security attacks - RADIUS - SSL - VPNs * Deploy firewalls and secure networks * Explain how the various technologies involved in an IP VPN work. * Describe and implement: - L2TP - IPsec - SSL - MPLS, L3, VPNs. CYBER SECURITY TRAINING COURSE DETAILS * Who will benefit: Anyone working in the security field. * Prerequisites: TCP/IP foundation for engineers * Duration 5 days CYBER SECURITY TRAINING COURSE CONTENTS * Security review Denial of service, DDOS, data manipulation, data theft, data destruction, security checklists, incident response. * Security exploits IP spoofing, SYN attacks, hijacking, reflectors and amplification, keeping up to date with new threats. Hands on port scanning, use a 'hacking' tool. * Client and Server security Windows, Linux, Log files, syslogd, accounts, data security. Hands on Server hardening. * Firewall introduction What is a firewall? Firewall benefits, concepts. HAnds on launching various attacks on a target. * Firewall types Packet filtering, SPI, Proxy, Personal. Software firewalls, hardware firewalls. Firewall products. Hands on Simple personal firewall configuration. * Packet filtering firewalls Things to filter in the IP header, stateless vs. stateful filtering. ACLs. Advantages of packet filtering. Hands on Configuring packet filtering firewalls. * Stateful packet filtering Stateful algorithms, packet-by-packet inspection, application content filtering, tracks, special handling (fragments, IP options), sessions with TCP and UDP. Firewall hacking detection: SYN attacks, SSL, SSH interception. Hands on SPI firewalls. * Proxy firewalls Circuit level, application level, SOCKS. Proxy firewall plusses and minuses. Hands on Proxy firewalls. * Firewall architectures Small office, enterprise, service provider, what is a DMZ? DMZ architectures, bastion hosts, multi DMZ. Virtual firewalls, transparent firewalls. Dual firewall design, high availability, load balancing, VRRP. Hands on Resilient firewall architecture. * Testing firewalls Configuration checklist, testing procedure, monitoring firewalls, logging, syslog. Hands on Testing firewalls. * Encryption Encryption keys, Encryption strengths, Secret key vs Public key, algorithms, systems, SSL, SSH, Public Key Infrastructures. Hands on Password cracking. * Authentication Types of authentication, Securid, Biometrics, PGP, Digital certificates, X.509 v3, Certificate authorities, CRLs, RADIUS. Hands on Using certificates. * VPN overview What is a VPN? What is an IP VPN? VPNs vs. Private Data Networks, Internet VPNs, Intranet VPNs, Remote access VPNs, Site to site VPNs, VPN benefits and disadvantages. * VPN Tunnelling VPN components, VPN tunnels, tunnel sources, tunnel end points, tunnelling topologies, tunnelling protocols, which tunnelling protocol? Requirements of tunnels. * L2TP Overview, components, how it works, security, packet authentication, L2TP/IPsec, L2TP/PPP, L2 vs L3 tunnelling. Hands on Implementing a L2TP tunnel. * IPsec AH, HMAC, ESP, transport and tunnel modes, Security Association, encryption and authentication algorithms, manual vs automated key exchange, NAT and other issues. Hands on Implementing an IPsec VPN. * SSL VPNs Layer 4 VPNs, advantages, disadvantages. SSL. TLS. TLS negotiation, TLS authentication. TLS and certificates. Hands on Implementing a SSL VPN. * MPLS VPNs Introduction to MPLS, why use MPLS, Headers, architecture, label switching, LDP, MPLS VPNs, L2 versus L3 VPNs. Point to point versus multipoint MPLS VPNs. MBGP and VRFs and their use in MPLS VPNs. Hands on Implementing a MPLS L3 VPN. * Penetration testing Hacking webservers, web applications, Wireless networks and mobile platforms. Concepts, threats, methodology. Hands on Hacking tools and countermeasures.

A flexible, modular-based, programme to heighten participants' awareness of ways in which their operations can affect the environment, the principles of environmental management and the practical steps they need to take as individuals and as an organisation to improve environmental performance. Depending on the course modules selected, this programme will give participants: * Increased awareness of relevant environmental issues * A greater understanding of, and commitment to, the organisation's environmental management programme * Preparation for any responsibilities they may have under an Environmental Management System * Further benefits according to options chosen 1 ENVIRONMENTAL AWARENESS * Definition of 'the environment' * Key environmental issues * Global warming * Ozone depletion * Acid rain * Air quality * Water pollution * Contaminated land * Land take and green belt shrinkage * Resource usage * Habitat destruction and species extinctions. * Option: This module can be used to explain the key environmental issues related to the activities of your own organisation. Diagrams, photos, pictures, examples and statistics relevant to your own organisation are used where possible to illustrate the points being made. 2 ENVIRONMENTAL LEGISLATION * Key elements of environmental legislation affecting the activities of your organisation - including international, European and UK legislation. * Legislation of particular relevance to your organisation - how it affects the operations of your organisation * Option: Legislation can be dealt with according to which aspect of the environment it protects (eg, air, water, waste) or which part of your organisation's activities it affects * Consequences of breaching legislation 3 ENVIRONMENTAL MANAGEMENT SYSTEMS * Overview of what an environmental management system is * How is an Environmental Management System (EMS) designed and put together? * Key elements (emphasising Plan - Do - Check - Review cycle) * The need to continually improve * Pros and cons * Reasons for having an EMS * Benefits of an EMS * Consequences of not managing the environment * Costs of installing an EMS * Explanation of ISO 14001 and EMAS standards and guidance as applicable to the EMSs of your organisation * Overview of your organisation's EMS * How it was set up / is being developed / operates * Who is responsible for it * Key parts of system (eg, environmental policy, objectives and targets) identified and discussed * EMS documentation - what and where it is. * Workshop option: Brainstorm 'Pros and cons' with the participants, come up with all their ideas for good and bad things about EMS and demonstrate that the 'good' list is longer than the 'bad' 4 ENVIRONMENTAL CONSEQUENCES * Define what an environmental impact is and discuss how they are determined, with reference to the EMS * Identify why we want to determine the environmental consequences of operations and activities; how they are used in the EMS for planning, and reducing the impact on the environment * Establish key environmental consequences of construction and operational activities on the site; discuss significance ranking and the control measures in place in your organisation. * Workshop option: In small groups, participants are asked to identify the impact on the environment of your organisation's activities or a part of their activities. They are then asked to rank these impacts in terms of their significance, using guidelines provided to help them be aware of the contributing factors (eg, frequency, severity). For a selected number of the impacts, the participants are asked to identify what control measures there are and which of these they play a part in. All stages can be discussed with trainers as a whole group at various stages during the workshop. 5 PROTECTED SPECIES, NATURE CONSERVATION AND INVASIVE WEEDS * Nature conservation, landscape and visual issues in the planning process - overview of key nature UK wildlife legislation, EIA, appropriate timing of surveys, Hedgerow regulations and landscape and visual impact issues * Ecological issues - ecological legislation, significant species, hedgerows * Archaeology in the development process - why archaeology is important, organisation in the UK, legislation and planning guidance * Construction phase issues and consents - major environmental issues during construction, including water resources and land drainage consents, discharges to land or water, water abstraction, public rights of way, tree protection, waste management, Special waste, noise, good practice pollution control and Environmental Audits * Identification and management of invasive weeds - including legal position regarding management 6 CHEMICALS AND FUELS HANDLING AND STORAGE * How health and safety management is closely linked to environmental management of materials * Planning - what mechanisms are in place for planning materials use; legislation, guidance and policies which define how to manage materials * Materials storage - what are the considerations for storing materials, covering: * Labels: what are the different types and what do they tell us? * Storage facilities: what are the requirements for safe storage of materials (eg, signs, secondary containment, access, segregation, lids/covers) * Handling: safe handling for protecting the environment, organisational procedures, high risk situations (eg, decanting, deliveries), how to reduce the risks (eg, use of funnels, proper supervision, training) * COSHH and MSDS: brief explanation of legislation and its role in environmental control of hazardous materials, how to use the information provided by COSHH assessments * Option: These sessions can be illustrated with photographs/pictures and examples of good and bad storage and handling practices * Workshop Options: Labelling Quiz - quick-fire quiz on what different labels tell us; Build a Storage Facility - participants are asked to consider all the environmental requirements for building a safe storage facility for their organisation 7 ON-SITE CONTROL MEASURES * Overview of the legislation associated with nuisance issues on site and mitigating problems when they arise * Examples of bad practice, including fuel storage tanks and mobile equipment - costs involved with prosecution of fuel spills, remediation costs, management costs, legal fees, bad PR coverage * Identification and management of contaminated land and relevant legislation * Workshop option: Participants are provided with a site plan containing information on site features, environmental conditions and indications of potential issues 8 WASTE MANAGEMENT * Why worry about waste? - a look at how waste disposal can impact on the environment, illustrated by examples of waste-related incidents, statistics on waste production on national, industry-wide and organisational levels, landfill site space, etc * Legislation - overview of the relevant legislation, what the main requirements of the regulations are, what penalties there are, and the associated documentation (waste transfer notes) * Waste classification - a more in-depth look at how waste is classified under legislation according to hazardous properties, referring to Environment Agency guidance * Handling and storage requirements - what are the requirements of the applicable waste legislation and how are they covered by organisational procedures? Examples of good and bad environmental practice associated with handling and storing waste. * Workshop option: 'Brown bag' exercise - participants pass round a bag containing tags each with a different waste printed on. They are asked to pick out a tag and identify the classification and the handling, storage and disposal requirements for the waste they select * Waste minimisation - overview of the waste minimisation 'ladder' and its different options (elimination, reduction, reuse and recycling), benefits of waste minimisation, examples of waste minimisation techniques * Workshop option: Participants are asked to identify opportunities that actually exist within the organisation for minimising production of waste that are not currently being taken advantage of 9 AUDITING * Requirements for environmental auditing of operations * Auditing the EMS * Types of internal and external audits * Requirements EMS standards (ISO 14001 and EMAS) * Carrying out internal audits and being prepared for external audits * Workshop options: * Mock audit 'Brown Bag' - can be used either for trainers to test participants as if they were in an audit situation, or for the participants to test each other and practice their auditing technique. The bag contains tags each with a different topic printed on (eg, waste skips); participants pass the bag round and select a tag; they are then questioned by the trainer or another participant about that topic as if they were in an audit situation. If the participants are auditing each other, they will be provided with a set of guidelines to keep in mind during the workshop. * Virtual auditing - a more practical workshop where participants review photographs of situations/activities relevant to the organisation's operations. They are asked to identify all the good and bad environmental practices that are occurring in the situations. 10 INCIDENT RESPONSE * What should you do when an incident does happen? * What should be in a spill kit? * When should you call in the experts? * When should you inform the Environment Agency or Environmental Health Officer? * Workshop option: The participants are provided with some incident scenarios and asked to develop a response to the incident 11 MONITORING AND REPORTING * Environmental monitoring programmes and procedures * Monitoring and reporting as control measures for environmental consequences * Monitoring and environmental 'STOP' card systems - personal and behavioural monitoring and reporting