1. Operating system privacy and security (5 sessions)
Session 1: Operating System Telemetry – configuring protection in Windows 10
The session provides an insight into the telemetry mechanism Windows uses for data collection and how it can be configured to the needs of an organisation. It also explores additional ways to make Windows 10 more privacy friendly.
Session 2: Logging and Audit – Log management and Audit strategies
All IT users know about log files and many of them, and not only system administrators, even regularly look at application logs, syslog entries, or Windows Eventlogs. However, without sound processes in place for analysing these logs, their value is significantly reduced.
The session provides an insight into log management as well as audit strategies and some practical tips for configuring windows & Linux logging/audit settings and understanding the need for central log collection and examination.
Session 3: File Integrity Monitoring (FIM) for detecting security incidents
Detecting malicious changes to operating system files early and thoroughly is vital to the handling of security incidents. Programs to look out for such changes however are rarely used, although these have been around for a long time and their usefulness is unequivocally recognised. This seems rooted in the assumption that it is difficult and time-consuming to operate such programs properly.
The session introduces the concept of file integrity monitoring (FIM) and gives practical tips to participants on how to plan and start adopting FIM in their organisation. It also includes a live demonstration of one of the latest open source FIM solutions ‘Wazuh’.
Session 4: Network 1st Hop Security
Configuring end-user systems for accessing directly attached networks is being facilitated through use of automatic configuration protocols such as DHCP or IPv6 Router Discovery. Also, for operation on attached links, finding the corresponding link-layer address to an ip-address is done using protocols such as ARP or IPv6 Neighbor Discovery.
While these protocols are vital to the operation of the network, they inherit a number of security risks, which are also explored in this session, as well as ways to mitigate some security risks.
Session 5: Authentication methods – how to avoid common pitfalls
Authentication is the basis for any kind of secure system. Unfortunately, it is also easy to get wrong, and getting it wrong fundamentally breaches a system’s security.
The session provides an overview of authentication methods and outlined the most important and relevant approaches in more detail to help participants avoid the most common pitfalls in this area.
2. Client Privacy and Security (5 sessions)
Session 1: Browser Security & Privacy
Web-browsers have long been ubiquitous as providing a window onto the internet, with their versatility being a key factor in their success. But web browsers can also be (mis)used for tracking the activities of their users. Not surprisingly, the security of browsers and the privacy of those who use them have become one of the most important topics in information security.
For Firefox and Chromium-based browsers, the session gives an introduction on how to secure them and how to avoid providing unnecessary personal data to websites or browser vendors. Participants are also shown how to avoid being tracked on their personal trail across the internet.
Session 2: E-Mail Security and Privacy
One of the oldest practical uses of the Internet is email. Most of us use it on a daily basis, and e-mail has become one of the most important tools of business. Email has also become one of the most universal and persistent sources of privacy and security headaches.
The webinar gives an overview of the many challenges that email introduces and provides approaches of how to effectively deal with some of its more common issues.
Session 3: Instant Messaging Security and Privacy
From the Microsoft Messenger and Internet Relay Chat of the nineties to the more current WhatsApp and Discord, instant messengers pre-date the World Wide Web, and while the client programs have changed and gained functionality, their usage shows no sign of decline.
Session participants are shown how to secure instant messenger clients and how to avoid common privacy pitfalls.
Session 4: Videoconferencing Security and Privacy
Videoconferencing has been around for some time, but its use has increased manifold during the COVID-19 pandemic. With employees being locked down in their home offices, videoconferences have replaced business meetings and entire business trips, allowing the illusion of face-to-face interaction. This comes with the burden of an unknown impact on the privacy and confidentiality of the conversations, as well as the security of the client applications.
The webinar provides an overview of security and privacy issues with popular videoconferencing clients and services and shows how to address them.
Session 5: Office Security and Privacy
Many people regularly use programs such as MS Office. Having started as simple text-editing programs, modern Office suites have turned into highly complex applications. They are available on every operating system, including mobile OSs, and are quickly evolving into cloud-based applications, allowing for convenient collaboration. However, the growing complexity of these programs has introduced a number of problems related to both privacy and security.
The talk offers participants an insight into common privacy issues and security risks and provides some practical tips to address them.
3. Domain Name System (DNS) protection (4 sessions)
Session 1: Introduction to DNS and its Security Challenges – meet the challenges
The Domain Name System (DNS) is one of the core services of the Internet as we know it today. DNS was designed in 1983 and has been a critical part of the Internet infrastructure ever since.
This session gives an overview of how DNS works and, crucially, what the security implications of its design and operation are.
Session 2: DNS for Network Defence – Using DNS to protect and observe
DNS is not only used for the mapping of names to IP addresses and vice versa.
This module shows several use cases using information provided by DNS servers that can be used to protect the local network from malicious activities, such as SPAM or drive-by infections. This is followed by a block on monitoring DNS queries to collect information about ongoing intruder activity on an organisation's network.
Session 3: DNSSEC – Protecting the integrity of the Domain Naming System
Although hampered by slow adoption, DNSSEC has proven to deal effectively with the integrity problems of DNS.
This module introduces the general concepts of DNSSEC and provided a practical example by implementing DNSSEC in a local zone.
Session 4: DNS Privacy Protocols – Encrypted DNS queries for privacy protection
With the integrity of DNS taken care of by DNSSEC, inspection of DNS query data has been used by various actors on the internet for both good and bad purposes. "DNS over TLS" (DoT) and "DNS over HTTPS" (DoH) have been created as ways to mitigate the latter, while unfortunately also interfering with the former.
The module gives insights into the workings and configuration of DoT and DoH and explains the trade-offs organisations' network administrators have to make between security and privacy, as well as showing how some of these can be dealt with.
4. Distributed Denial of Service (DDoS) protection (4 sessions)
Session 1: Introduction to DDoS Attacks – An overview of motivation and modus operandi of attackers
DDoS attacks have been around for more than 20 years now, and over this time, they have gained in power, now reaching several terabits in bandwidth, enough to knock off ISPs. While the actual DDoS attacks have changed very little, the orchestration of the attacks, the deployment of their components and the motives of attackers have evolved.
The course gives participants an overview of the attacks, the attackers, and their motivation and modus operandi.
Session 2: Details of selected DDoS Attacks – How the attacks work from a technical perspective
While DDoS attacks have become more powerful and easier to start for attackers, the technical details of DDoS attacks have been remarkably consistent over the last 20 years.
This course provides participants with an in-depth view of the technical details of the most common DDoS mechanisms: amplification and reflection and the services being exploited for them.
Session 3: DDoS Detection – How to know if you are under attack or partake in an attack
DDoS Detection may in theory sound simple, i.e., when you can't access your systems, that means you're under attack. However, this may also happen due to technical problems or misconfigurations. And what if we want to detect attacks before falling victim to them?
The course shows participants the various ways in which DDoS attacks are detected on the internet.
Session 4: DDoS Mitigation – What you can do against them?
Mitigating a DDoS attack, especially a large-scale one, can seem like a daunting task, especially where there is a determined attacker and when several sites are affected. The course shows some simple but proven techniques to combat DDoS attacks as well as to avoid unintentionally partaking in one.