Dates: September 20 and 21

Time: 8:30am to 4:30pm (Thursday and Frinday)

Location: HCA Bldg 2 Conference Center - Parthenon I & II

Cost: $399 for ISACA members and $549 for non-members

CPE: 16 hours

Meals: Lunch will be provided each day

Parking: Attendees should park in the Charlotte Avenue parking lot (i.e., across the railroad tracks behind HCA). Shuttles will be available from 8:00am to 8:30am and 4:30pm to 5:00pm.

Cancellations/Substitutions: Cancellations will be refunded less a $20 processing fee. Cancellations must be made via email to webmaster@isacanashville.org by the close of business September 18th. Substitutions are welcome. See the Chapter website for complete details on the Chapter's event policies.

Instructor: Jeff Conner, Senior Consultant, Canaudit

Seminar Description:

The UNIX operating system is common in many organizations. As with most operating systems, UNIX can be well secured as long as the available features are properly installed and maintained. This seminar will walk participants through the UNIX operating system, its functions and control features. Many hardware suppliers have their own proprietary versions of UNIX. As these versions are based on System V or BSD UNIX, this seminar provides in-depth coverage of both versions. In order to identify security weaknesses in UNIX, participants will be provided with a step-by-step audit approach, detailed audit programs, control checklists and an audit script. The instructor will demonstrate the audit script in the classroom to reinforce the concepts learned and show how easy it is to penetrate poorly secured UNIX platforms.

Who Should Attend:

This seminar is intended for Internal Auditors, UNIX Administrators, and Security Officers. Participants should be familiar with information security concepts, logical security and access controls.

Seminar Outline:

I) Introduction

- Fundamentals

- UNIX history

- High-level review

II) Systems Overview

- Physical security

- Users, passwords and authentication

- Users, groups and the super-user

- File system and security

- Daemons and processes

- Encryption

III) Network and Internet

- Modem and dial-up security

- Local area networking

- Securing network services

- Network-based authentication

- Network file sharing

IV) Securing Your Systems

- Patching

- Backups

- Accounts and access

- Integrity management

- System auditing, logging and forensics

V) Types of Attacks and Incident Procedures

- Gaining remote access

- Local privilege escalation

- Denial-of-service attacks

- Trust relationships

VI) The Audit

- Audit preparation

- Audit scope and objectives

- Using the checklists

- Modifying the Canaudit Audit Programs

Instructor Biography:

Jeff Conner is a Senior Consultant at Canaudit and has been with the company for the past ten years. He specializes in performing computer forensics, Intranet, Internet, and Extranet penetration audits, along with providing network and system security consulting. As a nationally and internationally experienced instructor and conference speaker, Jeff uses his vast experience with system and network security in the corporate world along with the many penetration audits he has conducted to help students understand the sometimes complicated and technical security issues.

Jeff spent 22 years with Southwestern Bell (SBC Communications), one of the Nation's largest Regional Bell Operating Companies. He has over 17 years of diverse experience within the Audit and Security realm. Specifically, he has involved himself with Data Center User Administration, UNIX technical support, Network and Computer Security, Security Awareness Development and Training, TCP/IP Training, and Intranet/Internet Security Counseling and Implementation. He was a key figure in the installation of the company's Internet Firewall, FTP server, and World Wide Web Server. Jeff has also performed multiple hacker investigations and interrogations and has an extensive background in computer forensics. He has taught Internet Security and Penetration Testing classes at Washington University in St. Louis, MO.