Course Number: 6016
Length: 2 Days
This course teaches you how to recognize the various stages of attacks and intrusions: scanning, exploits, elevation of privilege, trojans and backdoors. Every attack is different. The source of an attack might be an automated tool, a script kiddy, or a security expert working for a foreign government, and the source strongly effects the style and timing of the attack.
Who Should Attend
Intermediate to advanced, UNIX and NT system and network administrators, incident handling team members, information security and audit professionals, IP network managers.
Objectives
- Identify vulnerable targets on your system
- Mitigate your security risks
- Recognize common and unusual attack patterns
- Create effective filters, honeypots, and firewalls
- Know and disable your enemies
- Recognize real detects versus false alarms, and know when to report them
- Set up your system to avoid false detects
- Evaluate ID systems and third-party tools
- Learn about automated response and manualresponse in relation to real-time analysis
- Propose and justify ID expenditures to management
Outline
What Is Security?
- Defining Security
Applied Encryption
- Symmetric-Key Encryption
- Asymmetric-Key Encryption
Types of Attacks
- Specific Attacks
General Security Principles
- Be Suspicious of All Network Activity
- You Must Have a Security Policy
Firewalls Roles and Types
- The Role of a Firewall
- Firewall Terminology
- Firewall Configuration Defaults
Firewall Topologies and Virtual Private Networks
- Design Principles
- Types of Bastion Hosts
- Common Firewall Designs
- ICMP and Firewalls
- Remote Access and Virtual Private Networks (VPNs)
- Public-Key Infrastructure (PKI)
Detecting and Distracting Hackers
- Proactive Detection
- Distracting the Hacker
- Punishing the Hacker
- Creating an Attack-Response Plan
Operating System Security
- Windows 2000 Security Components
- Linux Security Architecture
- Account Security in Windows 2000 and Linux
- Removing Accounts
- Renaming Default Accounts
File System Security
- Windows 2000 File System Security
- Remote File Access Control
- Combined Local and Remote Permissions
- Linux File System Security
Assessing and Reducing Risk
- Reducing Risks in Windows 2000
- Reducing Risks in Unix Systems
The Auditing Process
- What Is an Auditor?
- Auditing Steps and Stages
- Discovery Tools and Methods
- Vulnerability Scanners
- Additional Auditing Strategies
Auditing Penetration and Control Strategies.
- Compromising Network Elements
- Control Phase
- Auditing and the Control Phase
Intrusion Detection
- Understanding Intrusion Detection
- Intrusion-Detection Architectures
- Creating Rules for an IDS Application
- IDS Concerns
- Purchasing an IDS
Auditing and Log Analysis
- Baseline Creation
- Analyzing Log Files
- Filtering Information
- Securing Log Files
- Third-Party Logging
Recommending Solutions and Generating Reports
- Recommending Solutions
- Generating Reports