JCPenney Home Office (Map)
6501 Legacy Drive
Plano, TX 75024

Seminar_Reserve_120109.htm  Please contact Pamela Krakosky at pkrakosky@verizon.net if you have any questions.

The Windows Security Auditing course focuses on identifying the risks that are specific to a Windows environment. The Windows operating system is typically well known and utilized, but can be difficult to secure since there are a very large number of settings on the end system. This course provides the tools and techniques to effectively conduct a Windows audit. Hands-on exercises give students the opportunity to conduct an audit on their own Windows systems, as well as understand the different security options that Windows provides. Auditors are provided with tools, scripts and checklists they can take back and immediately use. Suggested security settings are provided.

I. Basics
   a. Identifying the system
   b. Types of Windows systems
   c. Features
   d. Registry
   e. Resources
   f . Windows Command Line Basics
   g. Windows Security Features
II. Active Directory
   a. LDAP
   b. Domain Controllers
      i. Functional levels
      ii. RODC
      iii. Scripts for querying data
  c. Global Catalog
  d. Flexible Single Master Operation (FSMO)
      i. FSMO Roles
   e. Trees and Forests
   f. Trusts
      i. External
      ii. Intra-Forest
      iii. Cross-Forest
      iv. Other trusts
       v. Reasons Forests/Domains should be created
   g. OUs and Group Policy
      i. GPOs
         1. Order of application
         2. ACLs
         3. Tools
   h. Delegation of Authority
      i. Server Roles
   j. DNS
III. Users and groups
   a. Permissions
   b. Local and Domain Users
   c. Default and Common accounts
   d. Controlling access
   e. Groups
      i. Universal, Global, Domain Local, Local
      ii. Distribution versus Security Groups
      iii. Groups important for auditors
   f. Privileges/Rights
      i. High Risk Rights
      ii. Medium Risk Rights
      iii. Low Risk Rights
   g. Permissions
      i. Inheritance
      ii. Deny versus allow
      iii. Types of permissions
   h. Administrator account recommendations
   i. Mandatory Integrity Control (MIC) on Vista and later
   j. User Account Control on Vista and later

IV. Passwords
   a. Policy
   b. Storage of passwords
   c. Kerberos
      i. Kerberos policies
   d. Syskey
   e. Password cracking
V. Patching
   a. Product Life Cycle
   b. Tools
VI. Ports and services
   a. Sevices MMC
      i. Typical Windows Services
   b. Identifying Ports
   c. Softer Restriction Policies on Windows XP and later
   d. AppLocker/Application Control Policies
   e. Specific services
      i. Windows DNS
      ii. SQL Server
      iii. Remote Desktop Services
      iv. IIS
      v. IE Security
   f. Security Configuration Wizard
   g. Server Manager
   h. Virus and Malware Protection
VII. Data Protection
   a. Shares
   b. Encryption
      i. BitLocker
   c. File integrity
   d. Security Options
      i. Which ones are important and what they should be set to
   e. Network Access Protection
VIII. Auditing and logging
   a. Event Viewer
   b. Syslog
   c. Audit Policy
   d. AD Auditing
   e. Auditing subcategories in Vista and later
   f. Recommended audit settings
IX. Windows specific tools and settings
   a. Power Shell
   b. SCA
   c. Security Templates
   d. WMIC
   e. Security Option Recommendation
   f. Computer and User Configuration Recommendations
   g. Audit scripts

Tanya Baccam, Baccam Consulting, LLC
Tanya has extensive experience performing audits and assessments, including application reviews, system audits, vulnerability and penetration tests, as well as providing training for various topics, including operating systems, applications, databases and software development risks. She is skilled in reviewing the security architecture for clients including assessing firewalls, applications, web sites, network infrastructure, operating systems, routers, and databases. She has conducted multiple network penetration engagements, vulnerability assessments and risk assessments using an arsenal of tools, including commercially available and open-source tools. She has developed and reviewed policies and procedures, as well as developing and provided security awareness training. Tanya has been responsible for conducting, scheduling and managing numerous security assessment engagements.

During her career in Information Technology, Tanya has become an expert in network and application security services. She has functioned in management, training and consulting roles. She has vast experience including support of Novell, UNIX, Windows, and Oracle platforms.  Tanya is a Senior Certified Instructor and courseware author for SANS (SysAdmin, Audit, Network, Security) where she has developed and delivered training related to PCI, security auditing, incident handling, hacker exploits, database security, web application security and perimeter protection, as well as being an authorized grader for some of the GIAC certifications. She is also as a member of ISACA (Information Systems Audit and Control Association).

A laptop in order to complete the hands-on exercises. The laptop should meet the following specifications to get the most from the exercises:
- CD-ROM drive
- A minimum of 3 gigabytes of free hard disk space
- A minimum of at least 1 gigabyte of RAM
- Windows XP Professional SP 3 or higher
- Administrator privileges or the capability to install and run tools

There is a $50 cancellation fee per registrant on cancellations between November 15 and November 20. Refunds will not be granted after November20, however, substitutions are permitted by notifying Pamela Krakosky.