Target Audience

Operators interested in deploying DNS Security as part of their security infrastructure and people with a general interest in DNSSEC, and those contemplating whether or not to deploy DNSSEC in their organisation.

Pre-requisites

Basic DNS, Public key encryption and basic knowledge about UNIX System Administration

Course Outline

This tutorial covers the following topics:

• Introduction/Review of DNSSEC
• Securing zone transfer (TSIG)
• Securing a zone
• Configuring a security-aware resolver
• Delegation of signing authority
• Rolling keys
• Troubleshooting
• DPS
• DNSSEC deployment plan
• OpenDNSSEC

Technologies Covered

DNS, TSIG, DNSSEC including NSEC3

AfricaCERT meetings provide a forum for collaboration and exchange for Computer Emergency response Teams and interested parties to sharing common practices, information, tools, techniques, and strategies that address problems related to cyber-security.

AfricaCERT Day builds on the experience from previous AfricaCERT events held in different African countries in collaboration with AfNOG and AFRINIC.

AfricaCERT V Day follows three days of Intensive training in collaboration with FIRST and JPCERT. 

AfricaCERT V theme is “Our Role in the African Internet Ecosystem”.

Le programme CSIRT s'adresse aux équipes techniques pour la surveillance avancée des réseaux.

Description

Un atelier d’une journée, axé sur la sécurisation avancée du web.

Cours

Surveillance des réseaux et analyse du trafic (niveau supérieur)

Résumé

La surveillance des réseaux est un moyen parmi d’autres pour comprendre ce qui se passe sur un réseau. Cette session a pour objet les connaissances de base que nous devons avoir concernant la surveillance des réseaux et leurs problèmes (exemple : problèmes légaux, vie privée, chiffrage, réseaux cachés, etc.). Le cours de formation offre des sessions pratiques aux participants pour les analyses du trafic généré par malware, botnet et d’autres outils malveillants.

Introduction 

The Computer Security Incident Response Team (CSIRT) training course aims to develop the knowledge and skills of staff members of a CSIRT or those interested in joining such a team, or involved in creating such a team.

Pre-requisites

Trainees are typically experienced system, network or IT managers (Interested persons from other backgrounds are welcome to contact the organisers to discuss the suitability of the course for them). They are expected to have an awareness of the security issues involved in connecting computers to the Internet. They must be committed to using their skills to improve the security of computers and networks. For the technical side of the course, familiarity with the normal operation of TCP/IP networks, addresses, port numbers and protocols will be assumed.

The following modules are covered: 

CSIRT Organization

Describes how CSIRTs fit into their organisations: planning the CSIRT, defining the constituency of the team and gaining management authority for it, deciding the services the team will offer, working with those outside the organisation, staffing the CSIRT, funding. Participants will discuss their own organisation and how their team fits into it.

Technical Introduction

A basic introduction to the main attack vectors that malicious parties use to attack systems: intruders and their motivations, botnets, network protocols and how they can be abused, operating systems and services, types of vulnerability, information gathering, breaking in, hiding traces, denial-of-service attacks.

CSIRT Operations

Describes the facilities, systems and tools needed by CSIRTs to operate successfully: housing the CSIRT, equipment, e-mail, remote access, information and contacts, servers and networks, incident response plans and procedures, tracking systems. As an exercise participants will discuss and develop incident response plans for their own teams.

Legal Issues

 A high level overview of the areas of legislation that are likely to affect CSIRTs in their work and that team members need to be aware of: origins of computer legislation, problems, data protection, computer misuse, working with law enforcement, monitoring, evidence, European developments.

This is the keystone foundation module for all our technical workshops. It gives the participants a solid understanding of IPv6's core concepts and is required for understanding all other IPv6 topics. On completion of this module you will be able to:

• Identify, write and shorten IPv6 addresses
• List the types of IPv6 addresses and their unique characteristics
• Create an IPv6 address plan for a network
• Identify and list the equivalent IPv4 key protocols in IPv6
• Describe how NDP is used to deliver key IPv6 functions
• Configure and verify basic IPv6 on hosts and routers

Target Audience
• Network engineers and architects
• Network technicians and support staff

Pre-requisites
• IPv4 Addressing and subnetting.
• The OSI model and the various protocols that operate at each layer.
• Intra-domain routing and OSPF.
• How to use the command line interfaces of key routing platforms (e.g Cisco IOS)

Module outline
• IPv4 address exhaustion - review, implications and consequences
• IPv6 address basics - notation and representation
• IPv6 addressing types
• IPv6 address planning
• IPv6 from an IPv4 perspective
• Understanding ND and key IPv6 mechanisms
• IPv6 address provisioning
o Stateless Automatic Address Configuration (SLAAC)
o Dynamic Host Configuration Protocol (DHCPv6)
• Basic IPv6 address configuration and verification on equipment
• Labs/Exercises
o Planning IPv6 address pace for a given network
o Configuring and verifying IPv6 on hosts (Windows, Mac OS X, Linux/Unix)
• Static Configuration
• Automatic Configuration
o Configuring and verifying IPv6 on routers
o Verifying IPv6 functioning using network packet captures (tcpdump, tshark etc)

More information on this workshop is available on the AFRINIC Training website.

This module aims to close the knowledge gap and give advice to business executives on how to evaluate IPv6 strategically as well as providing support to those deploying IPv6.

Target audience

• Executives and managers
• Government regulators 
• IT advisors to government officials

Pre-requisites

• An open mind
• A willingness to keep your organisation technologically relevant

More information on this workshop is available on the AFRINIC Training website

Introduction

This module introduces you how we work, what services we offer and how to interact and request resources from AFRINIC and how to interact with the AFRINIC whois database. After concluding this workshop, participant will be able to :

• Describe what services are available from AFRINIC
• Apply for IP number resources from AFRINIC
• Explain the importance of the policy development process and how to take part in it.
• Query the whois database

Target Audience

• Network engineers and architects
• Network technicians and support staff

More information on this workshop is available on the AFRINIC Training website.