Network Security & DNSSEC Workshop Agenda

	MN timezone
Session 1	09:00 - 10:30
Break	10:30 - 11:00
Session 2	11:00 - 12:30
Lunch	12:30 - 14:00
Session 3	14:00 - 15:30
Break	15:30 - 16:00
Session 4	16:00 - 17:30

Review local time here: https://www.timeanddate.com/worldclock/personal.html?cities=47,720

Trainers

FL	Name	Organization	Country	Contact
SH	Sheryl Hermoso (Shane)	APNIC	AU	https://twitter.com/irrashai shane[at]apnic[dot]net
WF	Warren Finch	APNIC	AU	warren[at]apnic[dot]net
NB	Nyamkhand Buluukhuu	mnNOG	MN
NB	Ankhzaya.Ts	mnNOG	MN

NOTE: Please create an account on the APNIC academy before attending https://academy.apnic.net/en/virtual-labs/

mnNOG4 Conference Attendance Survey

mnNOG Workshop Survey

APNIC Workshop Survey

Day 5	Topic	Trainer	Presentations	Exercises	Additional Resources
Day 1	Topic	Trainer	Presentations	Exercises	Additional Resources
Session 1	Agenda & Introductions	all	Agenda
	Device and Infrastructure Security	WF	Security Fundamentals - Infrastructure and Device Security	Bruteforce SSH Bruteforce SSH Lab	osi.jpg Shodan Search - Devices in Ulaanbaatar Shodan Search - List by Organisation Shodan Search - Products Security text file https://www.google.com/alerts https://seclists.org/fulldisclosure/ https://github.com/centic9/generate-and-send-ssh-key
Session 2	Introduction to Cryptography	WF	Cryptography Basics	https://www.dcode.fr/caesar-cipher CyberChef - enigma machine Hashing Lab PKI Demo	https://www.garykessler.net/library/crypto.html http://www.crypto-it.net/eng/theory/index.html https://gchq.github.io/CyberChef/ X.800 Security architecture for Open Systems Interconnection Guidelines for Cryptography NIST sp800-175b NIST Crypto Standards and Guidelines OWASP User Privacy Protection Cheat Sheet Key Management Fundamentals Diffie-Hellman Key Exchange - Youtube Youtube - Science of Secrecy
Session 3	Introduction to Access Control	WF	Access Control	SSH LAB Two Factor Authentication	https://portswigger.net/web-security/access-control Password Requirements Access Control
Session 4	Vulnerability Assessment and Penetration Testing	WF	Overview of PenTesting	Vuln Assessment and PenTest VM Lab	Penetration testing report template https://github.com/redcanaryco/atomic-red-team https://www.purplesharp.com/en/latest/ https://itmasters.edu.au/free-short-course-ransomware-techniques/
Day 2	Topic	Trainer	Presentations	Exercises	Additional Resources
Session 1 & 2	DNS Technical Overview	SH	DNS Concepts		https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml https://messwithdns.net/ Introduction to DNS and BIND 9
	Root Servers		Root Servers		https://root-servers.org
	DNS Resolvers		DNS Resolvers		https://www.dnsperf.com/#!dns-resolvers https://openresolver.com/ Measurement-Factory:Open Resolvers Open Resolver Project (archive) https://www.grc.com/dns/benchmark.htm DNS-Fender Shodan Search - Open Resolvers
Session 3 & 4	DNS Operations Recursive DNS (Lab)	SH	DNS Operations	Lab Topology BIND Installation	Virtual Lab: DNS https://bind9.readthedocs.io/en/v9_18_8/ Linux commands Academy - Linux lab Learning VIM https://www.openvim.com https://vim-adventures.com VIM cheatsheet
Day 3	Topic	Trainer	Presentations	Exercises	Additional Resources
Session 1	Forward DNS Reverse DNS for IPv4	SH	Forward DNS Reverse DNS	Lab: Forward DNS Reverse DNS IPv4	BIND 9 Significant Features Matrix
Session 2	DNS Troubleshooting	WF	DNS Troubleshooting
Session 3 & 4	Review: IPv6 Addresses Reverse DNS for IPv6	WF		Reverse DNS IPv6
Day 4	Topic	Trainer	Presentations	Exercises	Additional Resources
Session 1 & 2	Review: Reverse DNS for IPv6 DNS Security	SH	DNS Security		MassDNS BIND 9 Security Vulnerability Matrix BIND Logging - some basic recommendations
Session 3 & 4	DNS Transactions TSIG Lab		DNS Transactions		TSIG (Transaction SIGnatures)
	DNS Privacy		DNS Privacy
Session 1	DNSSEC Technical Overview	SH	DNSSEC	DNSSEC Lab	DNSSEC packet capture http://www.dnssec-or-not.com/ https://stats.labs.apnic.net/dnssec DNS Cache Poisoning Paper Key Signing Ceremony
Session 2	DNSSEC Validation (Lab)			DNSSEC Validation	Trusted keys
Session 3	DNSSEC Zone Signing				ICANN TLD Report Alternative location * Wayback machine - ICANN TLD Report https://dnsviz.net/d/apnic.net/dnssec/ DNSSEC Analyzer BIND9 Docs - DNSSEC ISOC DNSSEC Deployment Maps DNSSEC-Tools Stats
	Manual DNSSEC Signing (Lab) Automatic DNSSEC Signing (Lab)			Forward DNS with DNSSEC Reverse DNS IPv4 with DNSSEC Reverse DNS IPv6 with DNSSEC
Session 4	DNSSEC Key Management and Rollover Final Discussion and Closing				Revision