 |
2009 Dates
November 16-19, 2009 (SEI Pittsburgh, PA)
Course Registration
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Phone: 412 / 268-7388
FAX: 412 / 268-7401
Questions: courseregistration@sei.cmu.edu
To Register: 2009 Click Here
This course
may also be
offered by arrangement at customer sites. E-mail
training-info@cert.org or call +1 412-268-9564 for details.
*Course dates and fees are subject to change.
|
U.S.
Course Fee:
Industry: $2900
Government: $2325
Academic: $2325
Lab Fee:
$300 per person
International
Course Fee:
$5800
Lab Fee:
$300 per person
Register for
2009 Dates
|
| |
This four-day course is designed to increase the depth of knowledge and skills of technical staff charged with administering and securing information systems and networks. Developed around a scenario in which a production network has failed an information security audit, students will implement numerous technical security solutions to bring the network into compliance. Participants will work in teams to integrate these solutions throughout the enterprise. Each student will have the use of a laptop for the duration of the course, as well as direct administrative access to a wide variety of networked systems.
The first two days of the course will cover host system hardening, system availability monitoring, network access control and applied encryption technologies, intrusion detection systems, as well as logging, forensics, and incident analysis and response techniques. Instructors will utilize lecture/presentations, demonstrations and hands-on exercises to teach these topic areas.
During the next one and a half days, instructors will facilitate participants through the implementation of the network's get-well plan and compliance task list. Students will use various software tools and operating system specific technologies to accomplish these tasks. Following are some examples of the required tasks:
- implement a new segmented network topology and IP addressing scheme
- install, configure and test an enterprise class, Unix-based firewall and create a DMZ to isolate public services
- setup, configure routing, access controls, and other critical services on an enterprise class Cisco router
- configure an email forwarder and spam-filtering server
- configure network-time synchronization services
- implement an isolated administrative/management network
- install, configure a centralized syslog server and configure hosts to send encrypted log information to this system
- implement Split-DNS name resolution services
- install, configure an HTTP application proxy server and implement content filtering
- install, configure several Snort based intrusion detection sensors
- utilize Windows group policy, security templates, and numerous other technologies and techniques to harden Windows hosts
- utilize Bastille, Tripwire, and numerous other technologies and techniques to harden Linux systems
- install, configure system availability monitoring tools and configure alerts
- configure numerous network monitoring services and analyze data for suspicious events
- inspect and systematically analyze log and IDS data for malicious activity
On the final day, students will participate in several Technical Response Exercises during which they will have the opportunity to utilize the recently configured network security tools to analyze and troubleshoot various scenarios. Students will be required to classify the network activity as good or malicious using web proxy logs, firewall logs, application and security logs, IDS alerts, service availability tools, packet capture tools, and other configured network monitoring systems. They will be required to identify the type and source of various network-based attacks and recommend the appropriate remediation strategies.
|
| |
AUDIENCE
Technical staff members who manage or support networked information systems and have (recommended)
- one year of practical experience with networked systems or equivalent training/education
- six months of security administration experience
- background in data networking with entry-level Unix or Windows system administration experience
PREREQUISITES
Before registering for this course, participants must complete the Information Security for Technical Staff course or have equivalent training or experience.
TOPICS
- Windows and Unix host system hardening
- system availability monitoring
- network access control techniques and applied encryption
- secure network architectures and topologies
- intrusion detection systems
- secure implementation of logging and network monitoring
- forensic analysis and incident response
OBJECTIVES
- evaluate and integrate information security technologies
- install/configure network access control technologies
- install/configure intrusion detection sensors
- implement technology to ensure confidentially of network traffic
- implement techniques for hardening host systems and services
- implement technology for monitoring the status/availability of network services
- implement system logging and network monitoring
- analyze and respond to network and system events
LOGISTICS
Class Schedule
This four-day course meets at the following times:
Days 1-4, 9:00 a.m.-5:00 p.m.
Hotel and Travel Information
Information about traveling to the SEI offices is available on our Travel and Lodging Web pages.
Questions about this course?
Please see our
Frequently Asked Questions
Web page for answers to some of the more common inquiries about SEI Education and Training.
If you need more information, contact us via e-mail at training-info@cert.org or telephone at +1 412-268-9564.
|
