|
Revenue Assurance
Academy |
 |
|
Curriculum Details
Useful Links
|
|
|
|
|
TFO002: Techno Fraud, Cyber Crime and Phantom Phreaks : High Tech
Fraud for the High Tech Telecom
|
 "Telecommunications
is a high tech business, so it should come as no surprise that
it is in the technology area where many telcos are hit the hardest.
In this class we review the far reaching and technically
sophisticated world of techno fraud.”
Learn
about the many different technical vulnerabilities that telcos must
face, and the different ways to secure them.
The telco is a high technology engine, racing to
provide the latest services and technologies to consumers at an
ever-increasingly fast pace. However, this race to market brings
with it a significant amount of risk when it comes to fraud
potentialities. Whereas the “old, tried and true” network
technologies had layers and layers of physical, logical and
operational controls which made abuse of the network extremely
difficult, today’s converged, IP based, “do everything with the
internet” and make everything pervasive strategy opens hundreds of
new vulnerabilities every day.
While telcos are undeniably responsible for being the launching pad
for these many different technological innovations, they are equally
responsible for the fraudulent exposures that these innovations
generate.
This
one-day class takes the student on a focused, detailed and eye
opening journey into the diverse range of technologies and
vulnerabilities associated with the deliverance of “bleeding edge
technology” to the public.
In
this class you will learn about each of these different areas, how
they are being exploited by fraudsters, criminals and terrorists,
and how they can be better understood and protected.
Duration:
1 day
Who Should Attend?
 |
Experienced Telecoms Fraud Management personnel
|
|
People new to Telecoms Fraud Management |
|
Internal Auditors, CFOs, Security Specialists, Risk
Officers and related Managers |
|
Regulators, Law Enforcement Officers, Government
Security Officers and others |
|
Anyone interested in understanding the full depth and
breadth of fraud exposures that telcos and consumers are
vulnerable to and the ways that these exposures are
identified, protected and prosecuted |
|
Overview:
This
class provides an introduction to and detailed review of the
extensive area known as TECHNO-FRAUD vulnerabilities.
The
class begins by reviewing the many different domains and exploits
that make up the techno-fraud area. This includes intrusion to the
network and making use of network resources without permission
(hacking, tee-in, illegal access and other intrusion methods), as
well as the different ways that hackers and intruders are able to
accomplish their objectives (criminal, mischief, financial and
terrorist) through the manipulation of these vulnerabilities.
The
class then focuses on some of the specific standards and
methodologies already in place to help combat these kinds of
vulnerabilities including the COBIT, ISACA, SOX and other standards.
We then
review the 5 principle intrusion vulnerabilities in network/systems
environments (Authentication, Authorization, Accounting, Transaction
and Reference File – the AAATR Violations) and how they are
accomplished in the major domains, including physically and
logically.
Specific domains reviewed include circuit-based domains (SMSC, MMSC,
IN, WAP and others) and packet domains (Radius, Firewall, GPRS,
Gateway, Portal and others).
The
course spends focused time on the understanding of the processes of:
|
Hacking – How it is done and how to detect and prevent it
|
|
Phreaking – the process of hacking a network itself |
The
special vulnerabilities, exploits and liabilities associated with
fraudulent access to logically leased domains (email servers, web
servers, vmail servers etc) and customer premise environments (set
top boxes, routes, PBX, Leased line and other) will also be
discussed.
Students will also participate in a discussion of the Ethical
Hackers Movement and will participate in an ethical hacking
workshop/case study.
Learn how to:
|
Define the principle technical vulnerabilities of a telco across
the different technological domains |
|
Understand how intrusion and violation occur in each of the
major technology domains (Circuit, Packet, Logical, Physical,
Internal, External) |
|
Understand each of the major categories of exploit suffered by
telecoms in the major technology domains |
|
Detect, deter, prosecute and protect the telco from these
vulnerabilities |
|
Apply the COBIT, ISACA, SOX and other security and audit
standards to a telco environment in order to maximize protection
and minimize the risk of loss due to fraud |
|
Identify and secure the major POI (Point of Intrusion) for
technology-based products and services |
|
Identify, secure and protect the AAA (Authentication,
Authorization and Accounting), Transaction Data and Reference
Data vulnerabilities for each major line of business and
technical solution. |
|
Develop a plan for the protection and security of physical
network assets |
|
Develop a plan for the protection and security of logical
network assets |
|
Develop a plan for the protection of BSS (I/T) internal
accounting and administrative systems |
|
Develop a plan for the protection of internal LAN and PC Based
working files in the company |
|
Explain, identify and protect against the major forms of hacking
of both internal and external (customer provided) services |
|
Explain, identify and protect against the major forms of
phreaking of customer provided service domains |
|
Identify the fraud liabilities associated with Customer Premise
Equipment and Logical Lease Domains |
|
Understand the process of ethical hacking and how to utilize it
|
|
Understand and secure network components including SMSC, MMSC,
WAP server, Content Server, Firewalls, Gateways, Radius Servers
and others. |
Key Concepts:
The
Principle Domains, Exploits and Characteristics of Techno-Fraud,
Cyber-Terrorism and Phreaking, I/T Security, COBIT, ISACA, SOX, IFRS,
GAAP, AAA, Authentication, Authorization, Accounting, Reference File
Protection, Transaction File Protection, Network Topology,
Principles of Circuit Technology, Principles of Packet technology,
Major Techno-Exploits and Methods of Intrusion, Hacking, Credential
Falsification, Identity Falsification, IN Hacks, SMSC Hacks, MMSC
Hacks, Firewall Hacks, Gateway Hacks, Portal Hacks, WAP Server
Hacks, Content Server Hacks, Radius Server Hacks, Customer Premise
Equipment Hacks, IP-PBX Hacks, Email Server Hacks, VMail Server
Hacks, Bugging, Radio Intercept, GPS Intercept, Blackmail,
Extortion, Ethical Hacking
GRAPA
Fraud Officer Certification Credit
Successful completion
of this
course, testing and experience verification will result in the
student being awarded GRAPA Fraud Officer Competency Credit for the
following areas from the GRAPA Fraud Officer "Body of Knowledge":
|
□ |
Network Intrusion Fraud Domain and Method of Address (MOA) |
|
□ |
Revenue Stream Fraud Domain and MOA |
|
□ |
Security and Audit Standards and Organizations (ISACA, COBIT,
SOX, IFRS, GAAP) |
|
□ |
I/T – Network Audit Methodologies |
|
□ |
Circuit Technology – Intrusion Portals (AAA, Transaction
/Reference Data Violation) |
|
□ |
Packet Technology – Intrusion Portals (AAA, Transaction/Reference
Data Violation) |
|
□ |
Physical Network Security/Violation – Domains, Exploits, MOA
|
|
□ |
Logical Network Security/Violation – Domains, Exploits, MOA
|
|
□ |
BSS (I/T Systems) Network Security/Violation – Domains, Exploits,
MOA |
|
□ |
Hacking – Techniques, MOA |
|
□ |
Phreaking – Techniques, MOA |
|
□ |
Customer Premise Equipment Violation – Domains, Exploits, MOA
|
|
□ |
Logical Lease Domain Violation – Domains, Exploits, MOA
|
|
□ |
Domain Review – Circuit Components: IN, MMSC, SMSC, WAP Server |
Prerequisite:
Students must attend and successfully complete Day 1: TFO01 – Telco
Fraud Officer training class to be able to attend this class.
(See
TFO01 for more information about prerequisites)
Successful completion of the entire sequence of classes TFO01-TFO05
is required to qualify for certification.
Please click here for the Telco Fraud
Officer Program Home Page
Please
Click Here for Upcoming Events
|
|
 |
|
