Home Sitemap

• Development
  • Development home
  • Prisma IT Projects
  • products
• Consultancy
  • Consultancy home
  • Web Analytics
  • Application Troubleshooting
  • Prisma IT Projects
• Training
  • Training home
  • Coursedates and Register
  • Training information
  • Training overview
  • Training promotions
  • Get certified
  • Training facilities
  • Projects & References
  • Training Quotes
• Hosting
  • Hosting home
  • Shared hosting
  • Managed hosting
  • WebTrends hosting (iMetrix)
  • Hosting SLA
• Support
  • Support home
  • login clients
• News
  • News home
  • Overzicht
• Company
  • Company home
  • Contact
  • Alliances
  • Jobs
  • Events
  • Disclaimer

Securing ColdFusion servers on Windows
1 day - € 495

This one-day "RealWorld ColdFusion" seminar covers building secure ColdFusion application servers on the Windows platform, and keeping them secure. You'll learn how to secure the Windows OS, IIS and CF Server, find and eliminate security holes in your application code, and maintain security on your servers. See how attacks work, and how you can defend against them in depth.
There are other security courses out there, but none that cover general Windows Internet server security as well as ColdFusion-specific security: from securing the ColdFusion server itself to securing ColdFusion applications and their dependencies.

Not only will you learn the steps to security, you'll also learn how to perform those steps efficiently and quickly, and leave with ready-to-use tools and methodologies you can apply immediately. Lower your TCO and your stress with "Securing ColdFusion Servers on Windows"!

This is a lecture course - not hands on.

Course Prerequisites

There are no course prerequisites.

Course Outline

Unit 1 – Course Overview
This unit, following the Allaire precedent, provides a general description of the course. It includes an overview of the security “process”, and the layering approach to security. It ends with a description of the lab materials.

Unit 2 – The Threat
This unit describes – and demonstrates - the array of potential attacks and their severity.

• Purposes of attacks

• Types of attacks

Denial of service
Impersonation
Buffer overflows

• Targets of attacks

Operating system
IIS
CGI applications (CF)
Databases
Other network devices

• Attack patterns and processes

Information gathering
Exploits
“Island-hopping”

Unit 3 – Networking and Security Overview
This unit discusses the larger network infrastructure that will surround the web server, and examines different ways the server may be configured to work within that infrastructure.

• Public vs private access
• Security vs convenience
• Microsoft Networking
• DMZs and bastion hosts

Unit 4 – A Layered Approach to Security
This unit describes in detail the general concepts to securing resources.

• Multiple redundant layers
• Minimizing privileges to the least possible
• Removing unnecessary options

Unit 5– Securing the Operating System

• Overview of Windows NT security
• Server installation checklist
• Building a bastion host

Unit 6 – Securing IIS

• IIS installation checklist

Unit 7 – Securing CF Applications

• CF Server configuration

Changing the service account
Disabling RDS
Securing the CF Administrator

• Filtering input within applications

• Code auditing

Unit 8 – Maintaining Security

• Auditing and monitoring
• Remote console access
• Applying patches and updates
• Monitoring security issues – public resources
• Dealing with a successful attack