Hardening and Secure ConfigurationHardening and Secure Configuration

Hardening and Secure Configuration

This training focuses on the hardening and the secure configuration of Windows and Linux systems, of databases and of web and application servers.

 cirosec consultants

Duration: 3 days

The secure configuration and hardening of operating systems, application servers and databases provide an important basis for the protection from attacks. Particularly when it comes to attacks on applications, these measures are crucial. However, also for system-level vulnerabilities, relying solely on firewalls is usually not enough. 

After briefly introducing the respective threat scenarios and methods of attack, the course shows how to harden and securely configure operating systems, application servers, web applications and databases. In many practical examples and exercises, participants will learn how to identify and fix typical vulnerabilities, and which tools are available to help. 

In addition to current Windows and Linux versions, the course also deals with Apache and Tomcat as sample web and application servers, respectively, as well as with databases.

The training covers both the effective use of supporting tools like Security Compliance Manager (SCM) and the use of tools for identifying vulnerabilities, such as Nessus and database scanners.

Examples of topics covered for Windows operating systems

  • Hardening using security templates and group policies
  • Use of tools for security configuration and analysis (Security Configuration Wizard, Security Compliance Manager)
  • Hardening of services
  • Limitation of executable programs
  • Securing terminal servers
  • Securing file servers

Examples of topics covered for Unix operating systems

  • Measures for basic hardening
  • SE Linux
  • Difficulty of SUID and restriction of privileges
  • Password policies
  • Identification of vulnerabilities with Nessus Credential Scan

Examples of topics covered for web and application servers

  • Hardening of Apache
  • Hardening of Tomcat

Examples of topics covered at the database level

  • Basic measures for securing databases
  • Use of database scanners

Participants will use laptops in this intensive training course so they can apply the acquired knowledge in practical exercises. 

Target group:
Security managers and system administrators looking for effective ways to protect their systems and applications. Participants of our Hacking Extreme und Hacking Extreme Web Applications trainings who wish to learn about appropriate protection options.  

Basic knowledge in the fields of operating systems (Windows/Unix) and web servers. The exercises partly require using command-line tools on Linux. The trainers will be happy to assist in managing them in case help is needed.

Maximum number of participants: 
15 persons

By arrangement

The training is conducted in German by two experienced trainers. They work as consultants and can thus complement the course with comprehensive and recent practical experience. You will receive CPE Points for participating in the Hardening and Secure Configuration training. The training takes 24 hours. You will get a certificate after having completed the training.

By arrangement

Your trainers

Felix Keim