Home         
Membership  
Certification  
 Training &
 Education 
   Events   
Career Centre
 Newsletter 
 Feedback 
 Board Lists 
International
Members Only
   (Restricted)    
Board Only
   (Restricted)  
IPAM Member
  (Restricted)    
     IPAM     
  Steering  
Committee   (Restricted) 
ISACACdn Flag
ISACA 2006 Gold Website Award
ISACA 2005 Gold Website Award
ISACA 2004 Gold Website Award
ISACA 2003 Gold Website Award

How to Perform a Network
Vulnerability Assessment
Event 71

Monday and Tuesday

October 24 & 25, 2005

Royal Crown Conference Centre, 83 Garry Street (Winnipeg, Manitoba)

8:00 AM to 4:30 PM

Presented By:

For further information contact

John Graeb, Event Director - (204) 632-2194 John

Omena Babalola, Event Director - (204) 946-1451 Omena

Visit the ISACA Winnipeg Chapter web site at isaca-wpg.org

SCHEDULE
Registration.............08:00 AM to 08:15 AM (Continental Breakfast Provided)
Presentation............08:15 AM to 10:15 AM
Coffee Break............10:15 AM to 10:30 AM
Presentation............10:30 AM to 12:00 AM
Lunch Break.............12:00 AM to 01:00 PM (Lunch Provided)
Presentation.............01:00 PM to 02:45 PM
Coffee Break.............02:45 PM to 03:00 PM
Presentation.............03:00 PM to 04:30 PM

SPEAKER INFORMATION


John Tannahill, CA, CISM
John is a management consultant specializing in information security and audit services. His current work areas are focused on information security management and control in large information systems environments and networks. Specific areas of technical expertise include UNIX and Windows operating system security, network security, Oracle, and Microsoft SQL Server security.

John is a frequent speaker in Canada, the United States and Europe on the subject of Information Security.

SESSION DESCRIPTION (16 CPE Credits)
 The purpose of this seminar is to provide participants with a practical methodology and approach to performing network vulnerability assessments. The seminar will begin with an overview of common network security architectures. Based on a specific architecture, participants will be provided with information gathered using network discovery tools and techniques, which will be reviewed as part of class exercises. This information will be used as a base to identify the scope and methodology used to perform a detailed network vulnerability assessment.

There will be a detailed discussion and demonstration of the tools and techniques used that will allow the participant to evaluate the network vulnerabilities and identify key control recommendations that should be implemented. A sample report will also be reviewed and participants will be provided with references to other report examples.

The seminar will include:

  • Live network infrastructure environment used for demonstration and discussion purposes
  • Demonstration of audit tools and techniques
  • Detailed discussion of output obtained from each part of the assessment
  • Sample network vulnerability assessment report
  • Reference material for network vulnerability assessment methodologies, techniques & tools

     Areas of Coverage:
    Part I - Network Discovery and Footprint
  • Network Address Spaces (DNS, IP Address Blocks, Whois Information)
  • Ping Sweep Techniques
  • Information Gathering Tools (e.g. SNMP information)
  • Use of Google Search Engine
  • Building network architecture diagrams

    Part II - TCP/IP Service Identification and Enumeration
  • Port Scanning Techniques
  • Use of Nmap and other Port Scanning, Fingerprinting and Service identification Tools
  • Advanced scanning techniques & tools (including use of Hping & other packet crafting tools)

    Part III - Network Vulnerability Assessment
  • Network Vulnerability Testing Tools & Techniques (including configuration & use of Nessus)
  • Testing specific TCP/IP Services e.g. firewall services, web servers
  • Testing vulnerabilities in Unix and Windows operating systems

    WHO SHOULD ATTEND:
    Systems Administrators, IT Auditors and Information Security professionals.
    Learning Level:     Intermediate

    Registrants will receive a free IT Promotional gift (min. value $50).

    Event Costs (all prices include GST & are in Canadian Funds)

    • Member.........................$ 760.00 (ISACA or CGA Members only)
    • Group rate for 5 or more...$ 810.00 per person
    • Non-Member...................$ 860.00
    A $100.00 Early Registration Discount is available if you register on or before
    September 26, 2005 and payment is received by October 3, 2005

    Cancellation Deadline: October 7, 2005.  Refer to Polices below.

    Express Registration requires Member ID & PW.


    Event Policies

    Please refer to our Chapter Cancellation & Substitution Policy   and   Privacy Policy

    • Advance Registration and Payment is greatly appreciated and Substitutions are allowed. If we cancel a course for any reason, our liability is limited to the registration fee only.

    The speakers, topics and events are correct at the time of publishing and if unforeseen circumstances occur, ISACA reserves the right to alter or delete items from the program.  

    The presenters have prepared this material for the professional development of ISACA members and others.   Although they trust that it will be useful for this purpose, neither the presenters, nor ISACA can warrant the use of this material would be adequate to discharge the legal or professional liability of members in the conduct of their practices.

    For ISACA info contact the President - for Membership info the Membership Director

    _________________________________________________________________________

    For information about this website or to report a problem contact The Webmaster.

    © 2001-2008 ISACA Winnipeg Chapter, Inc. All rights reserved.
    ISACA®, CISA®, CISM®, COBIT®, ITGI® and KNET® are registered trademarks of the Information Systems Audit and Control Association®.

    Please read the Legal Disclaimer and our Privacy Policy