Who should take this course:

  • System and Network Administrators

  • Security Experts and Consultants

  • IT Professionals responsible for the security of computer networks

Prerequisites:

  • Experience with Windows NT/2000, Linux, TCP/IP, Networks, and multi-vendor solutions.

  • Knowledge of standard security protocols and procedures

  • Familiarity with solutions including product basis, installation procedures and running reports.

Duration: 5.0 Day(s)

Description:

This course provides students with in-depth knowledge and skills necessary to secure networks and systems in an enterprise environment using tools commonly found in the corporate environment.

Complex social aspects of good security practice are discussed, followed by refining policies, and progress through the development, implementation, and electronic enforcement of solid security procedures.  Students learn to establish good baseline security within their organization and/or for their clients.

Instruction includes “Real World” examples so the students gain the practical and technical expertise needed to implement enterprise security.  The “Defense in Depth” model is used, typical 'hacker' intrusion techniques are presented, and the development of a business case for enterprise security is covered.

Students will learn how to develop cost effective monitoring of security events.  The tools include freeware andsource intrusion detection services, as well as other resources. 

Students experience the difficulty of incidence response, as well as how to minimize those difficulties.  Example procedures for incident management are provided and explained to assist participants in real-world security management.

Course Overview

Day 1

Module 1 – Human Factors of Security

Covers the human factors that make implementing security difficult, along with primary personality types encountered, their motivations for (or against) security initiatives, and how social awareness can help corporate security efforts succeed.

Module 2 – Objectives of Security

Covers the Active Defense approach to security.  This “Defense in Depth” model encompasses the interaction between written and electronic policies – as well as the layered approach to security including Perimeter Security, Network Security, Host Based Security, and Human Awareness.

Module 3 – What The Hackers Know

The main objectives of this module are to inform the security professional on some of the quick and easy tools available for finding information that can be used in a more coordinated attack by hackers.  The lab guides you through some common tools that will allow you to quickly and professionally identify network assets and show both technical and business managers the amount of information that is available via the networks.

Lab - What the Hackers Know

After completing this lab, you will be able to:

  • Use Site TeleportPro to map out a web site for sensitive content

  • Use Cheops to get a graphical representation of a network

  • Use nmapfe  and kmap (front end to nmap) to port scan a network for systems

  • Understand how to use NTOP to track internal network usage

Module 4 – Enemies and Their Motivation

Each organization is different and will have different threats and enemies.  This module covers the most common hacker personality types, the reasons they participate in these activities, and common targets for these individuals.

Day 2

Module 5 – Assessing Vulnerabilities

The objective of this module is not to provide a formal assessment model, but to discuss practical application of risk assessment to an organization.  This involves a basic understanding of vulnerability categories, conducting an assessment, explaining some of the commonly found weak links in an assessment, and reviewing how ‘breaking’ into your own network can be a practical way to get accurate assessment of your risk.

Lab – Finding the Vulnerabilities Before the Enemy Does

  • After completing the lab you will be able to:

  • Conduct a proactive vulnerability scan using Retina 3.02 to identify security vulnerabilities

  • Exploit the weakness of using share points on non-Win2K servers to view sensitive data

  • Exploit a known vulnerability in MS IIS server to create a root level user account on critical servers

  • Show that ‘password’ protected files may not be as protected as management believes

Module 6 – Objectives of Risk Management

The primary objective of risk management is to identify specific areas where safeguards are needed to prevent deliberate or inadvertent unauthorized disclosure, modification, or unauthorized use of information, and denial of service.  In other words, risk management helps determine:

(1)     how much protection is required, (2)  how much exists, and (3) the most economical way of providing the needed protection.  Countermeasures can then be applied to those areas to reduce the identified risk to an acceptable level.

Lab – Risk Assessment and Costs

At the end of this lab you will be able to:

Use results of the Retina scans and Cheops to help identify critical resources and assets

  • Use a simple worksheet to help communicate with management, users, and technical support personnel to identify criticality and value of each asset.

  • Estimate the cost of annual loss of assets (Tangible, Intangible, Physical, and Logical)

  • Identify risk reduction (mitigation) cost options

  • Present a recommended risk analysis for management decision.

Module 7 – Defining Security Policy

This module serves as a guide to developing computer security policies and procedures for Corporations that have systems connected to the Internet. The purpose is to provide practical guidance to administrators trying to secure their information and services.

Module 8 – Developing Electronic Policy

Security tools by and large require that you create electronic policies from the written security policy in order to enforce compliance on the network. In this section we will examine e-policies, often referred to as electronic or enforceable policies, and how they are used.

Lab – E-Policy Procedures and Development

At the end of the lab you will be able to:

  • Read small excerpts of actual security policy and identify which product(s) will best implement the policy.

  • Look at the technical policy of the products and select a corresponding written policy
    that management can use in their overall network security

Day 3

Module 9 – Policy Enforcement with Technology

There needs to be an easy way to keep the organization in compliance with their policies.  Training and awareness programs help, but there are times that the enforcement using technical tools will be the best solution.  This module will discuss the ability to check compliance and enforce policy where possible.

Lab – Responding to CERT Alerts

At the end of this lab you will be able to:

  • Check for vulnerabilities utilizing the command prompt and a simple text editor such as NotePad.

Module 10 – Electronic Policy Baselines for Systems

This module presents information to meet the following objectives:

  • What methods can be used to develop good security through system baselines
  • How to use of scripts to automate baseline implementation
  • How to use tools for detecting changes to systems

Lab – Windows 2000 Security with Security Configuration Manager

After completing this lab you will be able to:

  •  Apply the appropriate security template using Security Configuration Manager

Module 11 – Structured Monitoring

This module provides a logical approach to:

  • Identifying policy and procedures
  • Log procedures using the Defense in Depth model
  • Log  procedures used to identify Critical and Weak link systems
  • Centralized , Remote, and  Decentralized Monitoring
  • Hardening the Monitoring Stations
  • Minimizing Management Consoles

Day 4

Module 12 – Intrusion Detection and Objectives of Centralized Monitoring

Addresses the following objectives:

  • Setup of a centralized monitoring system for a corporation
  • Identify cost effective placement of monitoring devices
  • Explain some solutions for Remote administration of Monitoring systems

Lab – Installing SNORT

At the end of this lab you will be able to:

  • Install SNORT on Win2K and Linux to identify host and network based attacks

  • Configure Snort2html to run and view reports

  • Run Retina Scan to trigger Snort

Lab – Centralized Monitoring using SNORT and DEMARC

At the end of this lab you will be able to:

  • Setup DEMARC to monitor multiple sensors

  • Setup SNORT Policy Manager to centrally mange policies

Module 13 – Difficulty in Monitoring

This module covers the various aspects of Intrusion Detection, the challenges they present, and methods of minimizing these challenges by the differentiation of what is relevant to the intrusion sequence, what is not relevant, and what is not part of the sequence.

Lab – Dealing with Difficulties in Monitoring

In the lab you will analyze a short snippet of an actual attack and give the factors discussed in Module 13 that apply to the detection of this attack.

Module 14 – Identifying Attack Signatures

 Objectives of this module are to assist the student with:

  • Identifying signature by category of attack
  • Identifying normal hacker flow
  • Identifying inspection and evasion of IDS
  • Identifying potential false positives of IDS
  • Identifying limitations in IDS monitorin

Lab – Knowing the Signatures

At the end of this lab you will be able to:

  • Identify some of the daily operational events that may be triggered in security products

  • Install LANguard SELM to centralize Win2k event logs

  • Install Tripwire for Servers 2.4.2, and Tripwire Manager 2.4.2

  • Investigate Event logs to trace down source for Tripwire events

  • Investigate Unix log files for signs of intrusion or unauthorized use

  • Use additional tools (windump/tcpdump)

Day 5

Module 15 – Justifying the Cost of Security

                A business case is made for Return on Security Investment by showing some areas where security saves money on labor and other items. 

Module 16 – Incident Investigation Methods

                This module covers the process, tools, and methods that deal with incident investigation.  Including methods to avoid “contaminating” evidence as it’s collected.  Students will gain knowledge and insight in:

  • Definitions of common response terms
  • Identification of business and legal considerations
  • Understanding of the  time sensitivity of response and (not) waiting

Module 17 – Understanding the Logs

                Tools and methods for identifying critical information contained in the log files.  The lab reviews actual IIS logs for the purpose of identifying the source of access violations or hacks.

Lab – IIS Log Analysis

At the end of this lab you will be able to:

  • Analyze an ISS Even Log and identify common attacks.

Module 18 – Security Planning for Electronic Business

This module is a thorough overview of the considerations necessary to securely and successfully implement electronic business over the Internet.  Areas covered include identifying the business structure required for conducting electronic business, identifying and minimizing the threats to electronic commerce, including threats that may electronic commerce ‘partners’.

Home | Business Software Solutions | Data Quality Solutions | Enterprise Network Solutions |Printing & Mailing Solutions | Software Training Solutions

© Copyright 2002 Summit Technical Solutions, Inc.  All Rights Reserved.
Welcome to Summit Technical Solutions, Inc. Sites

cms-summit.com v 4_3