[fwd] Consiglio evento di sicurezza

Ovviamente i consigli inviateli in privato a Manuel, che poi provvedera' a
farci sapere qualcosa del come/quando/dove/perche'.

thnx
Koba (moderatore)

--- Enclosed, please find the posted message.
Subject: Consiglio evento di sicurezza
From: Manuel Minzoni <mminzoni<at>imolinfo.it>
Date: 13 Jun 2002 10:41:42 +0200

Ciao a tutti, 
un cliente per cui ho lavorato mi ha detto di voler organizzare un
evento di sicurezza cos? fatto:

Speaker: Justin Peltier, CISSP (per info andate al sito www.gocsi.com )
Titolo : How to perform a technical vulnerability assessment
Dove : Milano e/o Roma
Quando: circa met? ottobre ( sicuramente prima di SMAU)

DAY ONE
Tool Selection: Selecting the appropriate tools
- During this session discussion will focus on
how to select the correct tools for your organiza-
tion. Because you most likely will have limited
funds with which to obtain tools, we will direct
you to the Internet sites that offer the best tools
on, what they search for and where to go to get
for the lowest cost.
Tools will range from shareware to freeware and
will also include commercial products that run
on a variety of popular platforms and hardware
architectures. We will also look at using different
tools in tandem, in order to provide a more
complete picture of all the network vulnerabilities.
Hints and Pitfalls - We will discuss how to 
approach known hacker sites to gain the tools
needed to conduct a vulnerability assessment.
We will review the requirements for establishing
a quarantined environment to test freeware and
shareware before placing it into the network

Day Two
Technical demonstrations - During this
session there will be a demonstration of
common tools used in network vulnerability
assessments. The focus will be freely available
tools such as Nmap, Sam Spade, and Nessus.
We will discuss how to install the products and
what things to look for to ensure the installation
has gone correctly.  Discussion will follow
covering technical advantages to running the
tools on different operating systems.
Next, we'll examine outputs from each of the
products and discuss what they mean to your
enterprise.  We'll  show how to modify
parameters to obtain additional information
and how to fine-tune the search capabilities.
Finally, we'll take a look at commercially
available products and examine the outputs
from their reports.  We will discuss the pros and
cons of each product, what platforms they run
on, what they search for and where to go to get
additional information.

Cosa ne dite ? Vi interesserebbe ? Mi parlava di un costo attorno ai 600
Euro , troppo ? Due giorni sono troppi ? E' in inglese,ritenete
necessaria la traduzione ?

Qualsiasi consiglio e/o domande sono ben accette.

Grazie,
Manuel



----- End forwarded message -----

-- 

Igor Falcomata'
IT Security Manager & Consultant
Infosec srl - http://www.infosec.it
Network Security and Data Defense
 --
free advertising: www.sikurezza.org - Italian Security Mailing List

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List