Insights on DNS Security

Thumbnail for post.

It is common knowledge that DNS is a critical Internet infrastructure that requires security enhancements. DNS servers can be abused to leverage malicious attacks and DNS information can be spoofed. That is why over the years, many protocols and standards were introduced around DNS data validation and privacy. 

This course will explore different insights on DNS security in the Asia-Pacific region, how we’re progressing with deploying DNSSEC, DNS privacy and other security protocols this year, as well as new efforts and initiatives on collectively promoting good DNS practices.

Course outline

This course will cover the following topics:

  • DNS Security Overview
  • DNSSEC across the region
  • DNS Best Practice

Course Materials

Slides: Insights on DNS Security

Anthony Vaccaro

Thumbnail for post.

Anthony has worked in IT for a decade, first at the University of Queensland and AusCERT before joining APNIC in 2019. He has experience working with variousUNIX-based server operating systems, although his expertise lies with Linux, and he enjoys understanding the internals of operating systems and finding the cause of bottlenecks, performance issues and other problems.

Anthony has had a background in security from an early age, being interested in hacking since he was a teenager. These days, he works as a defender and blue-teamer, but he has experience with web application pen testing and network-based attacks as well.

Defend Your Web Apps for Free with ModSecurity

Thumbnail for post.

Overview

Everyone uses web apps these days. They’re so easy to access, you can use them on your phone! But their openness and accessibility also means they’re constantly being probed for vulnerabilities by web scanners. In order to avoid being the next company to go through an expensive data breach, you need a WAF!

This course will go through the process of protecting a generic web application using the free, open source WAF called mod_security. We’ll demonstrate how to run mod_security on a Linux host running the Apache web server and give an outline of the types of common attacks that are prevented with just an hour or two of work.

Course Outline

This course will cover the following topics:

  • Intro – Web applications & WAFs
  • mod_security – introduction & features
  • Demonstration of mod_security on a Linux server
  • Advanced usage & customisation

Course Materials

Slides: Defend Your Web Apps for Free with ModSecurityDownload

Breach and Attack Simulation Tools

Thumbnail for post.

Overview

Information and Network Security is a broad topic, and as such this webinar will look at a variety of topics covering theory, technical controls, and organisational best practices.

The focus of the webinar is to introduce Breach and Attack Simulation (BAS) concepts by explaining various tools and strategies to test defenses to determine the overall security posture of the organisation.

Outline

This course will cover the following topics:

  • What is Breach and Attack Simulation (BAS)
  • Why Use BAS tools
  • Overview of the MITRE ATT&CK Matrix
  • List of Open Source tools
  • Overview of the various tools
  • Setting up a simulation

Course Materials

Slides: Breach and Attack Simulation ToolsDownload

Corporate Device Management – Securing your employees devices

Thumbnail for post.

Overview

Networks are no longer the boundaries for security for end user devices. With more users now working from home, this webinar will show why even for small organisations, corporate Device Management is a must. It will cover the processes we did to deploy device management and the challenges we saw.

Outline

This course will cover the following topics:

  • Why Device Management is important to your security framework for your workforce
  • What type of device management software is out there?
  • Getting the stakeholders involved
  • Device agnostic organisation, is MDM possible?
  • Scoping Device Management
  • Communication
  • Scoping device management
  • Deploying the solution

Course Materials

Slides: Corporate Device ManagementDownload

APNIC’s Vulnerability Reporting Program

Thumbnail for post.

Overview

APNIC has been running a public Vulnerability Reporting Program (VRP) for just over a year now, where we have been inviting security researchers worldwide to responsibly report to us any vulnerabilities they find in our networks, servers, and services.

This webinar will follow the VRP from its first concept, through creation and the first year of operations.  We’ll look at when went well, and what improvements were made along the way. We’ll also review the vulnerabilities reported, and examine them based on when they were reported, their severity, and who reported the issues to us. We’ll then cover some lessons learned from this project, and what APNIC is doing next to improve external vulnerability management.


Outline

This course will cover the following topics:

  1. What is a Vulnerability Reporting/Disclosure Program? (VRP/VDP)
  2. Why APNIC started a VRP
  3. Process of creating a VRP
  4. Review of vulnerabilities reported (count, severity, who reported them)
  5. Lessons learned
  6. What are the next steps after the VD

Course Materials

Slides: APNIC’s Vulnerability Reporting ProgramDownload


Mohammad Fakrul Alam

Thumbnail for post.

Mohammad Fakrul Alam is Senior Systems Engineer at NTT Limited.

Fakrul worked for several organizations which includes MSP, RIR, IXP, ISP, Financial Institutes. He has strong knowledge of, and operational experience in building and deploying scalable, reliable network infrastructure.

Fakrul is a founding member of bdCERT (Bangladesh Computer Emergency Response Team) and bdNOG (Bangladesh Network Operators Group). Active speaker in different international conferences which includes APRICOT, SANOG, PACNOG, IDNOG and other regional NOG’s and security conferences. Fakrul volunteers his time as an APNIC Community Trainer.

Praneet Kaur

Thumbnail for post.

Praneet Kaur has been working as a developer in the IoT domain for the last 4 years. Her interests are primarily industrial IoT technologies such as 6LowPAN, LoraWAN, SigFox, and NBIoT. She has been involved in various technical communities such as IETF, IIESoc, INNOG, APNIC and IEEE.

Praneet shares her knowledge as a volunteer community trainer for APNIC.

Etuate Cocker

Thumbnail for post.

Etuate Cocker is passionate about improving connectivity for remote islands in the Pacific. He has been a Technical Instructor, a Network Engineer, a Technical Specialist, a Researcher, lead a team of Network and Security Engineers at Spark NZ Ltd, Technical Engineer/Trainer and currently works as a Security and Networks Consultant Manager for Exclusive Networks Australia and New Zealand.

‘Etuate is well versed in Internet Routing and IPv6 deployment. 

‘Etuate shares his knowledge as a volunteer community trainer.

Azhar Khuwaja

Thumbnail for post.

Azhar has over 20 years experience as an IT / Telecom Trainer. His areas of expertise are Network Security, Software-Defined Networking, ITIL, Optical Transmission (SDH/DWDM) and Access Networks (GPON-FTTX). He also designs & develops courseware, lab manuals and blogs for international training organizations.

Azhar has delivered trainings in over 30 countries. He has served as Senior Technical Trainer at ZTE Corp. China, Networking Instructor at Xintra College Ottawa, Technical Trainer at TELOS in Vancouver and Online Instructor at QuickStart. His industry roles include working as ATM / IP Network Support Specialist at Siemens Canada, NOC Support at Bell Canada, & Field Applications Engineer at Nu Horizons USA.

Azhar has obtained a Master of Engineering in Telecommunication from Australia.  He has taught at MAJ University, SZABIST, KIET, Mehran University and Xintra College. He has acquired certifications from CompTIA, Alcatel, Microsoft, EC-Council, AXELOS, MEF, Cisco, & Algonquin College.

Azhar shares his knowledge and experience as a volunteer community trainer for APNIC.