INFOSEK DELAVNICA: Oracle Incident Response and Forensics Security Course

28.11.2018, 9.00-17.00,
Nova Gorica, Hotel Perla

DELAVNICO VODI PETE FINNIGAN (ORACLE EXPERT) IN POTEKA V ANGLEŠKEM JEZIKU! 

Cena za zgodnjo prijavo (do 1.9.2018) znaša 597 € + DDV. 
Redna cena znaša 697 € + DDV. 

 

Course Description

This course is a one day seminar that gives the delegates an appreciation of what is involved in responding to a serious security incident in their Oracle database.

The class starts the day with the basics; what is a threat, what is an incident, what are forensics. 
We go on to discuss how to gather artefacts from an Oracle database; we discuss and lay out a suitable incident response approach. 
The class then introduces a compromised application and Oracle database and we work through live incident response and data gathering against this sample system. 
This is followed by a detailed forensic analysis to investigate what happened and answer the who, what, where and how questions. 
The investigation is then confirmed by comparing with exactly what the hacker did do. The day ends with a look at what to do next to secure and audit your databases and to make them ready for any incident and response.

 

Course Goals

The aim of the class is for students to get an appreciation of what to do if one of their Oracle databases is breached. The goal is to lay out all of the major areas of issue and also possible solutions. The students will cover:

  • How to formulate an incident response plan?
  • How to gather data and investigate a breached database?
  • How to focus the analysis to understand what the hacker did and why?
  • How to plan to avoid an incident in the first place?

 

Course Duration

The class is One Day, 9.00 a.m. to 5.00 p.m. and is instructor lead with some demonstrations. 

 

Course Location

Nova Gorica, Hotel Perla.

 

Course Pre-Requisites

The class is intended for DBA’s, Developers, security professionals, IT management and anyone involved in deploying, developing and maintaining Oracle databases. No detailed technical knowledge of Oracle databases is necessary in advance.

 

Course Material

The student will receive a URL to download a zip file that includes:

  • The course notes as PDF files    
  • Free PL/SQL tools and scripts
  • All of the examples used as SQL and PL/SQL scripts

 

Course Outline

1. Introduction

  • Types of attack
  • What is an incident?
  • What is database forensics?
  • Chain of custody    

2. Gathering Artefacts

  • Heisenbergs uncertainty principal of Oracle
  • Audit or no audit trail?
  • Detecting READ actions
  • Identity and accountability
  • Time
  • Database artefacts
  • Non-Database artefacts
  • Deleted data

3. Incident Response Approach

  • Create an incident response approach
  • Create an incident coordinator
  • Create an incident response team
  • Create an incident response toolkit    

4. Reacting to an Incident

  • Sample attack system
  • What not to do
  • Incident verification
  • Collecting artefacts
  • Disconnect or shutdown
  • Live response    

5. Forensic Analysis

  • Example analysis
  • Post analysis
  • How did he get in?
  • What rights?; what did he see?; what did he change?;What could be have done?

6. What did the Hacker do?

  • Lets show what the hacker actually did
  • Compare the forensic analysis to the actual attack    

7. Finishing Up

  • Planning
  • Think about database security
  • Enable sophisticated audit trails

 

About the author

This course is fast paced and very interesting and is delivered by one of the most well known experts in database security. Pete Finnigan created the SANS Oracle security step-by-step guide and the CIS Oracle benchmark used by NIST, USA DoD and more is a reference to secure Oracle databases. Pete worked out the mechanisms that Oracle used to protect PL/SQL and showed how they can be easily defeated at the Black Hat conference in Las Vegas in 2006. Pete has published multiple books on databases security and speaks and publishes papers regularly. His company also produces the tool PFCLScan used to protect Oracle databases.

2.-4.6.2021
Nova Gorica

Izkoristite 30% popust, ki velja samo še do

1 dan
424€
297€
2 dni
600€
420€
3 dni
900€
630€
PRIJAVI SE

Cena velja za konference INFOSEK, GDPR (ZVOP-2) in CIO FORUM. Za NLP konferenco in delavnice so cene fiksne.

Izkoristite 30% popust, ki velja samo še do

1 konferenčni dan
424€
297€

Cena velja za konference INFOSEK, GDPR (ZVOP-2) in CIO FORUM. Za NLP konferenco in delavnice so cene fiksne.

2 konferenčna dneva
600€
420€

Cena velja za konference INFOSEK, GDPR (ZVOP-2) in CIO FORUM. Za NLP konferenco in delavnice so cene fiksne.

3 konferenčni dnevi
900€
630€

Cena velja za konference INFOSEK, GDPR (ZVOP-2) in CIO FORUM. Za NLP konferenco in delavnice so cene fiksne.

Platinasti sponzorji

Zlati partnerji

Zlati sponzorji

Bronasti sponzorji

Sodelujoči

Sponzorji tehnologije

Medijski sponzorji

14 varnostnih ukrepov (COVID-19) za zaščito zdravja

Palsit ekipa in osebje Hotela Perla bomo poskrbeli za dosledno izvajanje varnostnih ukrepov za zaščito zdravja in varnosti vseh udeležencev in sodelujočih, kot v svojih priporočilih narekuje Nacionalni inštitut za javno zdravje.
PREBERI VEČ

Obveščamo vas, da so bili naši pogoji poslovanja posodobljeni.
Sprememba se nanaša na člen »Odpoved ali sprememba dogodka s strani organizatorja«. Zaradi nepredvidenih dogodkov, kot je tudi trenutna epidemija koronavirusa, si pridržujemo pravico, da posamezna izobraževanja odpovemo ali spremenimo termin oz. način izvedbe (online izvedba).

Odpoved ali sprememba dogodka s strani organizatorja
Organizator si pridržuje pravico do odpovedi posameznega izobraževanja, delavnice, dogodka, seminarja ali spremembe terminov oz. načina izvedbe (namesto osebne izvedbe dogodka, izvedba dogodka preko spleta ali na drug način, pri čemer se ključna vsebina in obseg dogodka ne spreminjata oziroma se prilagodita glede na spremembo, npr. zamenjava predavatelja, prilagoditev urnika ipd., vendar se ohrani enakovredna kakovost izvedenega dogodka). Zavezuje se k obvestilu prijavljenim najkasneje en delovni dan pred predvidenim pričetkom izobraževanja oz. takoj, ko prejme novico o morebitnih izrednih dogodkih, ki so razlog za spremembo/odpoved. V primeru odpovedi izobraževanja s strani organizatorja, organizator, morebitno že vplačano kotizacijo, brezobrestno povrne v roku štirinajstih dni od obvestila o odpovedi ali pa omogoči stranki, da kotizacijo porabi za druge izdelke ali storitve. V primeru spremembe načina izvedbe ostanejo plačila v veljavi, v primeru spremembe termina pa ima udeleženec možnost odpovedati udeležbo iz utemeljenih razlogov po določbi Odpoved s strani udeleženca ali pa se odjaviti na način v rokih, ki jih predvideva določba Odjava udeleženca. 

Celotni pogoji poslovanja so dostopni tukaj: https://poslovanje.pogoji.si/tos/29xyi0o

Ta spletna stran uporablja piškotke. Z obiskom in uporabo spletne strani soglašate s piškotki.  DOVOLIM Več informacij o piškotkih najdete in nastavitve tukaj.