News & Events

Share        

News Details

​​​​Cybersecurity Practical Workshops, NTU (26-28 September) ​​​​

Published on: 26-Sep-2017

The details of the workshop are as follows:

Date : 26 to 28 Sept 2017 (Tuesday to Thursday)​
Time : 9 am
Venue : NTU, 50 Nanyang Avenue, Singapore 639798, Block N4-B2B-05
            School of CSE, Hardware & Embedded Systems Lab (HESL)
            Location - HESL Lab​

Abstract:

Every graduate is faced with the task of presenting a CV prior to interviews and the associated concern as to whether the skills being offered meet those required by the industry or Government employer. 

Over recent years, discussion with employers in Asia, Australia and the UK repeatedly tell me that graduates – whether Bachelors, Master or PhD – often have excellent theoretical skills but often have limitations with respect to applied areas. 

More specifically I am told by employers that ​​graduates applying for jobs might never have done a proper forensic analysis of captured traffic, have little idea on how to implement and test a two factor authentication system, have little idea on how to run IoT security tests in practice, have limited ability on how to test smartcards for key security, have limited practical skills in assessing Android and Bluetooth security in everyday devices, have little idea on how to test data leakage or use interception techniques, have never built and tested an inter-firewall VPN operation, have never conducted a formal pen test in practice or used a GUI IDS engine. 

Of course many of you will have skills in some of these areas. However the intention of these workshops is to give you practical skills and experience to add to your CV and to be able to discuss your practical experience in a job interview. 

These workshops have evolved over recent years and run in Asia, Australia, New Zealand and the UK. They have been moulded to focus on the needs that employers say are lacking during interview processes. The difficulty these days is that employers want people to hit the ground running and they often don't want to have to spend a year teaching such skills. 

From the nine or so workshops that I run you have selected three for the days of Tuesday 26th – Thursday 28th September. Numbers 1, 5 and 8 – see below. Soon I would like to send you specific details on each of these three workshops and talk to you about any areas of specific interest relative to these three so that by the time we start you have an excellent idea of what we are trying to achieve.​


Biography of Speaker:

Ray Hunt is an Associate Professor specialising teaching and research in the areas of networks and security. He conducts applied cyber security workshops in a number of Australia, Asian and UK Universities. He has supervised many post graduate projects over the last 20 years in areas such as Firewalls and Security Architectures, Intrusion Detection Systems, Networking Protocols including Routing and Switching, Quality of Service in IP Networks, Wireless and Mobile Networks, Broadband Wireless technologies, Wireless LAN Performance and Security, Voice over IP Security and Policy-based Management Security in Heterogeneous Mobile Networks.

1.       Wireless and Mobile Security:  Wireless LANs, Wireless Enterprise Architecture using Windows Server 2016, Android, Bluetooth and NFC/RFID Smartcard security analysis

2.       Practical Network Security Policy Implementation and Testing:  Stateful packet inspection, cryptographic tools, Public Key Infrastructure, VPNs (SSL & IPSec) tunnel design, implementation and testing

3.       Penetration Testing and Intrusion Detection:  SSL Data Leakage - Heartbleed, SSL Interception - Man-In-The-Middle Vulnerabilities, Penetration Testing using Zenmap, Nessus and Snorby Graphical User Interface Intrusion Detection

4.       Authentication Services:  Biometrics and facial recognition with Windows Hello, Domain Controller and Kerberos, RADIUS Authentication, SSO (Single Sign On) using Federation Services Authentication

5.       Multifactor Authentication and Cloud Security:  Active Directory, RSA multifactor authentication using hardware, software and mobile phone devices, smartcard identity, Gallagher cloud services and physical security

 6.       Application Forensics: TCP/IP, VoIP (Voice over IP) and Video – attacks, exploits and forensic analysis. Forensic analysis of voice, image and video traffic.

7.       Web Server Security and Fuzzing:  Asynchronous JavaScript and XML Security, Cross-Site Scripting, Injection Flaws, Privilege Escalation, Web Services Fuzzing

8.       IoT (Internet of Things) Security: An analysis of techniques (or lack thereof) to secure IoT devices. This applied workshop will make use of commonly used devices such as Wifi switches, Wifi lights, Wifi thermostats, music players and similar devices.

9.       New Developments in Authentication and Authorisation:
SSO (Single Sign On) using Shibboleth/Federation Services Authentication. This will operate with an IdP (Identity Provider) and two SPs (Service Providers) and will demonstrate the operation of OpenID. The New OAuth 2 Authorisation Framework.  Delegates will now use the new OAUTH2 framework which builds upon SSO and demonstrates new approaches to authentication and authorisation for access to Cloud Services. This workshop will allow delegates to experiment with new ideas which both obsolete conventional ID/password authentication and complement biometric facial recognition.

​Windows Hello and Windows Server 2016 – Biometric Authentication. Full backend (Windows Server 2016) is now becoming available. This has also required new hardware developed by Intel which will be used by the delegates in this workshop.

Back to listing