traınıngs
Social Engineering
Education can be used to abuse mistakes or weaknesses in human behavior. Used to take over a system using the Social engineering concept and defense methods against attacks is to learn.
All information system users, especially system administrators.
No prerequisites
• The concept of "social engineering" Attack techniques
• Examples of social engineering attacks Social engineering tests Prevention methods Various social engineering applications
2 days
Participants may experience loss of common and confidential information and social engineering, which can even lead to an institution's reputation they will be familiar with their attacks. Participants, social engineering They will also have the capacity to provide training.
Cyber Incident Response
In this training, related to crimes committed in today’s information world Attack Detection and Record Management Training, Central Security Monitoring and Incident Management Training is provided.
SOME (Cyber Incident Response Team), Information Security Staff, Cyber
Security Professionals.
Must have experience in both business processes and information systems.
Introduction (History, computer event examples, SOME and security organization examples)
• Basic information about SOME Computer incident management process, event management service definition and functions • Operational components of SOME (software, hardware, policy and procedures) SOME project plan
2 days
The aim of the training is to determine the level of trainees in their institutions Emergency Response Team. to a position where they can install.
SIEM Training
Offering more advanced options than log analysis, SIEM’s most important with the help of established policies and rules. By making meaningful connections between events that appear to be independent It is the correlation technique that helps detect possible attacks.
IT Security Staff, Auditors, Cyber Security Specialists, Network Managers.
Familiarity with information system components.
Central daily management systems
• Requirement for event correlation systems Advantages of event correlation systems Event correlation steps OSSIM attack correlation systems OSSIM overview Basic components of OSSIM Tools used by OSSIM OSSIM setup OSSIM component configuration
• Policies Data fusion from separate components Attack correlation System maintenance and update
4 days
Participants learn about central attack correlation systems they will receive. Centralize logs collected in separate security components from an internal or external network how to monitor attacks carried out and They will learn to take the necessary steps against.
Penetration Test Training
Ethical hacker or white hat hacker; methods of cyber criminals knowing, by simulating malicious attacks to information systems They are people who try to prevent possible damages.
IT Security Center Staff, Auditors, Cyber Security Specialists, web Site or System Administrators.
Network security and basic knowledge of linux is a plus.
• Introduction (What is penetration test? Before, during and after the event? highlights that take place. Penetration testing methodologies)
• Discovery (Discovery categories. Applied nmap exercise; port scanning, service and operating system discovery etc.)
• Vulnerability exploration (Vulnerability concept. Nessus exercise; policy assignment, scanning and vulnerability analysis)
• Exploit (Exploit and payload concepts. Metasploit exercise; msfconsole, meterpreter, post-exploit and auxiliary modules, etc.) Network penetration tests and layer 2 attacks (Network sniffing, MAC table flooding, ARP poisoning, VLAN hopping, DHCP IP pool consumption attacks) External network tests and information gathering (Active and passive information collection, "Google hacking" etc.)
• Social engineering (Using e-mail and phone. Customized. payload and malware generation - macro, pdf and exe. "Relay" security bug. "Post-exploitation") Web application tests (Input-output detection, XSS and SQL-i attacks)
5 days
Participants will be able to participate and contribute to penetration tests.
Computer Forensics Basics
Systems that can be considered as the most important component of the information world and GSM working logic of their networks, internet of crime centers, GSM infrastructures using what methods, how they committed a crime, how This is the basis for collecting evidence about the crimes they deleted and committed. is one of the goals of the course.
IT Security Center Staff, Auditors, SOME members.
Basic information about Linux and Windows operating systems.
• Computer incident response
• Preliminary stages of computer analysis Information about NTFS, FAT32, ext2, ext3 file systems (this how files are opened, saved and deleted on systems)
• Different components of a computer (RAM, "Heap" space, fixed disks, etc.) The data is not temporary. undo
• Performing computer analysis on a Linux system and presentation of tools
• Creating an analysis environment in the applied part of the course and Analyzing a suspicious file with tools
• Performing computer analysis on a Windows system and presentation of tools
3 days
Participants will be able to do computer analysis on their own.
ISO 27001
Information security breaches and the increasing value of information resources, leads to an increase in companies’ information protection needs. Information security management system, to work to ensure information security It is a controlled approach towards. System personnel, processes and information includes security systems.
IT Security Center Staff, Auditors, Cyber Security Specialists, IT
People whose staff will be audited under ISO 27001.
Familiarity with quality management systems is helpful, but a requirement is not.
• What is ISMS and why is it needed?
• "Plan-Apply-Check-Take Action" process in ISO 27001 Risk assessment and treatment in information systems ISO 27001 control categories
- Information security policies
- Organization of information security
- Human resources security
- Asset Management
- Access control
– Cryptography
- Physical and environmental security
- Operational security
- Communication security
-System acquisition, development and maintenance
-Supplier relations
- Information security incident management
- Information security aspects of business continuity management
- Conformity
• ISO 27001 compliance audit
- Audit planning
- Audit checklists
- Nonconformities and reporting
Few applications
3 days
Participants will be able to establish ISMS in their institutions. Participants also will learn about the concepts of control.
Information Security Awareness Training
Unconscious and problematic use of technology, information security reasons such as the diversification of threats to ensure information security makes it difficult. Therefore, at national and international level Ensuring personal and corporate information security and information increasing awareness about safety is coming.
Information systems users.
No prerequisites
- User's role in information security
- User's contribution to the corporate Information Security Management System (ISMS)
- Access to computers
- Password security
- Email security
- Security while accessing the Internet
- Virus protection
- Installation, use and disposal of storage media
- File access and sharing
- Information backup
- Social engineering
- User responsibilities in computer events
3 hours
Participants will learn about the basics of information security and their awareness of the importance of corporate information security they will take it to the next level. The task that contributes to an institution and they will learn their responsibilities.
Network Forensic Analysis Training
Gathering evidence over the network about crimes committed with this training of active network devices and mobile devices the ways in which evidence can be collected over the network. It is aimed to teach.
Security Center Staff, Auditors, SOME members, Network and System Managers.
Basic knowledge of TCP / IP, networks, Linux and Windows operating systems.
- Basics of traffic analysis
- Network packet capture technologies: Hardware, software and tools
- Basic network protocols and components security component log analysis: Firewalls
- logs, intrusion detection and prevention systems, etc.
- Analysis of network protocols (HTTP, SMTP, DNS etc.)
- Deep packet inspection
- Detection of malicious network traffic: "Man in the middle attack", "DNS cache poisoning ”etc. Attacks
- Detection of network traffic tunneling techniques: DNS, ICMP, SSH tunneling, etc.
- Analysis of encrypted network traffic: "listening for SSL traffic" technique
- Network traffic reconstruction to obtain original data
- Network flow analysis
4 days
Network traffic analysis without participants accessing storage components will be able to realize and collect evidence. Also, from the ingredients detecting malicious network traffic and security incidents caused by they will be able to.
Information Security Training for Managers
Social Engineering that can be organized against corporate executives with training or many scenarios in information security training for other attacks By giving an example, it is aimed to increase the awareness of Information Security.
Managers and staff who want to learn a lot about information security.
Basic information systems knowledge.
- Basic concepts of information security
- Security Policy
- Corporate security
- Human resources security
- Risk assessment and risk reduction
- Business continuity
- Information security incident management
- Operating system security
- Network security
- Web security
- Digital certificates and certificate distribution systems
- Password management
- Antivirus systems
2 days
Participants learn about the basic concepts of information security. basic technical concepts of receivables and general operation of the ISMS Entry will be made by taking.
System Security Training
Authentication and basic SQL Server database security concepts how to manage access to objects through authorization configuration and how to maintain you will learn.
Database administrators, database security auditors.
Database management fundamentals.
SQL Server, general topics
Operating system configuration
Network configuration
SQL Server installation and maintenance
SQL Server configuration
Access control and authorization
• Audit and log management
Backup and disaster recovery procedures
• Replication
• Software application development
"Surface Area Configuration" tool
SQL Server testing and monitoring tools
3 days
At the end of the course, participants will learn SQL Server database security They will learn the mechanisms and factors that affect security. A SQL Ability to perform a security audit of the server database they will win. By the way, database administrators can also They will learn how to manage safely.
SQL Server Training
Principles to be taken as basis in the management of systems, determined information security procedures, audit methods, compliance processes and Necessary to meet corporate information security needs sharing of information, what needs to be done for an effective audit It is aimed to transfer the processes.
Information technology auditors, system security auditing capabilities information security professionals, system and network administrators who want to improve.
Basic network and operating system (Windows and Unix) information, environmental protection familiarity with systems.
Vulnerability and threat definitions
Open source vulnerability scanners and how to use them
• Exploring the topology of a network
Environmental protection systems audit
Windows control
• Auditing of Unix / Linux systems
4 days
Participants learn how to use vulnerability scanners they will learn. Participants also include operating systems, environmental protection How to audit systems and web applications?
Oracle Training
Oracle, one of the largest manufacturers of database management software is someone. In this course, you will learn how to use Oracle database security efficiently. how to manage your Oracle network environment and you will learn how to perform database maintenance.
Database administrators, database security auditors.
Database management fundamentals.
- Database basics
- Identity check
- Access control lists
- Database security audits
- Network security
- Database backup
- Control of access tools
- Advanced security measures
3 days
At the end of the course, participants will have to do a security audit of databases. secure management of databases and administrators
Microsoft System Security Training
Security of Windows, the most used operating system in the world configuration, systems tools necessary to protect data, and training that teaches techniques. Microsoft Operating System to install, use and make necessary security configurations is the main purpose of the course.
Windows Network Administrators, MS AD Administrators, IIS / Exchange Managers, IT Security Center Personnel.
Basic information about Microsoft systems.
Microsoft Web Services Security
• Microsoft "PowerShell"
Active Directory and Network Services Security (Group policy, DNS, DHCP)
Patch management in Microsoft systems
3 days
Participants, advanced knowledge within the scope of Microsoft system security they will get. Microsoft system security applications in their organizations They will have the ability to use it in the best way possible.
Linux Security Training
Practical aspects of safe configuration of inux and operating system Practical aspects of safe configuration of inux and operating system work environment, data protection and attack standard mechanisms, tools and training that teaches techniques.work environment, data protection and attack standard mechanisms, tools and training that teaches techniques.
Linux System Administrators, IT Security Center Staff.
Linux management knowledge.
- Safe installation
- Configuring startup services
- Safe configuration of the kernel
- File system access control
- User access control
- Management of system logs
- Security audit tools
- Security strengthening tools
- Security script programming
2 days
Participants can ensure the security of Linux-based operating systems. will be able to realize consolidation. Open source in their systems will gain the ability to use security software tools. Also, to help them discover security breaches in their systems they will also gain the ability to use or develop tools.
Active Network Device Security Training
Active Network Device Security courses will teach you about network technologies and general security problems of protocols, their specific operation in depth of its application in systems or network equipment It focuses on explaining by examining In this case, wireless networks and IP Certain areas such as telephones are treated separately.
System and network administrators, IT Security Personnel, Auditors, Cyber Security Professionals.
Basic knowledge of networks.
• Active devices (hardening), network design and network security Within the scope of providing, the following subjects are theoretically applied It will be studied with exercises. Widely used today in internal networks and also networks empowering active devices used to connect the outside world towards
Spine key,
- Router,
- The firewall,
- Content filter
• Safety controls applicable to active devices, for example
- Physical security,
- Equipment safety,
- Authentication,
- Authorization and monitoring,
- Patch management,
- Access control lists,
- Remote management control etc.
2 days
Participants are active through the theoretical and practical parts of the course. learn the security controls that can be applied to network devices expected. Participants also have these security checks in their institutions. applications are expected.
TCP / IP Network Security Training
Focusing on the practical work of network security issues, organizations A comprehensive guide for professionals responsible for the security of computer networks educational program.
IT Security Center Staff, Auditors, Cyber Security Specialists, web site or System Administrators, Network Administrators.
Basic knowledge of networks.
- TCP / IP protocol stack protocols
- Working principles of different layers of the TCP / IP stack and
- threats targeting layers
- Vulnerabilities and mitigation techniques of TCP / IP protocols
- Techniques, protocols and devices used to secure network
- Packet capture software, packet analysis and protocols such as Wireshark
- Concepts such as SSL, IPSec, VPN and digital certificates
- Network components such as Firewall, IDS / IPS and Proxy
2 days
Applied studies on security of TCP / IP networks, It will provide the participants with rich knowledge and skills. Security practices in the network of their institutions are the best they are expected to be implemented in the same way.
Web Applications Security Training
The aim of the course is to inform web application developers of vulnerabilities. to identify, assess the risks to the project and to teach to eradicate in various ways.
Web Application Developers, Website Administrators, IT Security Center Staff, Auditors, Cyber Security Specialists.
Basic information about web technologies.
- Collecting information
- Configuration management flaws
- Entry / exit manipulation
- Cross Site Scripting (XSS)
- Injection flaws: SQL Injection, OS command injection etc.
- User authentication flaws
- Authorization flaws
- Session management flaws
- Session fixing
- Playing session
- Cross-Site Request Forgery (CSRF)
- Application logic
- Log management
- Fault management
- Secure application management
2 days
Participants, important security components of HTTP-based applications, common mistakes, how to avoid them and keep them They will learn how to ensure application security.
Secure Software Development Training
In the modern world, in the software development process, a developer implementing protocols and using vulnerable frameworks Lots of security associated with the features of programming languages can accept the deficit.
Software developers / engineers, software project managers, software quality control staff.
Intermediate experience in programming.
- TCP / IP protocol stack protocols
- Working principles of different layers of the TCP / IP stack and
- threats targeting layers
- Vulnerabilities and mitigation techniques of TCP / IP protocols
- Techniques, protocols and devices used to secure network
- Packet capture software, packet analysis and protocols such as Wireshark
- Concepts such as SSL, IPSec, VPN and digital certificates
- Network components such as Firewall, IDS / IPS and Proxy
3 days
Participants learn basic secure coding principles, secure software design and policies for development, threat modeling and security testing they will learn.
DO YOU NEED MORE INFORMATION?
If you would like to learn more about our products and solutions, please send an e-mail to [email protected] or fill out the form!
Our team will be in contact shortly.