What to bring:

Basic networking knowledge is required and a familiarization with database concepts would be beneficial. Experience or knowledge of specific database solutions is desirable, though not essential in order to complete the course satisfactorily.

Participants are requested to bring their own laptops installed with a either Microsoft® Windows® 2000 or Windows XP, fully patched.

This class provides an VMware attack image for students to use - although VMware workstation is *not* required, students are urged to have at least 512MB of RAM for best performances.

Black Hat USA 2008 Training

Caesars Palace Las Vegas • August 2-7

Advanced Database Security Assessment

Kev Dunn, NGS Software & Wade Alcorn, NGS Software

Overview

Computer networks are built to support business functionality and beyond communication the result of business is data. The data important to your business is your company’s digital assets—it needs organiziation, maintainenance and above all protection from malicious attackers. The modern corporate enterprise contains database solutions used to take care of data such as client credit card numbers, customer names and addresses—even the entire employee pay roll. Ensuring that this data can’t get into the hands of unauthorized employees, your competitors or punk kids trading card numbers on IRC means that you need to recognize and secure it from this threat. The evolution of security training has shown us that the most effective way to learn about security is by learning from the people that know how to attack your systems. By understanding the threat from the attacker’s perspective, you can develop effective assessment methodologies and ultimately secure what really matters from ever increasing threats.

NGSSoftware (http://www.ngssoftware.com) is offering the chance to benefit from the experience of its consultants and award-winning research team. This course teaches how to recognize the insecurities present within common database systems and how these flaws can leave you wide open to attack. It is tailored to teach security consultants, database administrators and IT professionals how hackers discover and exploit vulnerabilities to gain access to your data and further penetrate internal networks. By learning these techniques, we can discover the flaws for ourselves and effectively develop strategies to keep attackers out.

Trainer:

Stephen Dugan is currently an independent contract instructor and network engineer. He has been teaching Cisco networking for the last several years focusing on Router and Switch configuration, Voice/Data integration, and Network Security. His students come mostly from Fortune 500 companies, government/military and service providers. He also teaches private internal classes to Cisco Employees. As a Network Engineer he has worked on the design and implementation of large enterprise, government, and service provider networks. He is also working on a unique security book covering the aspects of hacking VoIP networks. Although the book has been delayed, it should be out in 2006.

Early: Ends	Regular: Ends	Onsite: Begins
USD	USD	USD