Software Engineering Institute Carnegie Mellon

Course Offerings
Prices
Locations, Travel, and Lodging
Courses FAQ
Privacy Information (FERPA)
Registration
Contact Information
Credentials Program
SEI Certification

Information Security for Technical Staff

Dates

2008* Prices (USD)

2008 Dates
March 3-7, 2008 (SEI Arlington, VA)
June 2-6, 2008 (CMU/CIC Bldg. Pittsburgh, PA)
September 22-26, 2008 (CMU/CIC Bldg. Pittsburgh, PA)
December 1-5, 2008 (CMU/CIC Bldg. Pittsburgh, PA)

Course Registration
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Phone: 412 / 268-7388
FAX: 412 / 268-7401
Questions: courseregistration@sei.cmu.edu

To Register: 2008 Click Here

This course may also be offered by arrangement at customer sites. E-mail training-info@cert.org or call +1 412-268-9564 for details.

*Course dates and fees are subject to change.

U.S.
Course Fee:
Industry: $2750
Government: $2200
Academic: $2200
Lab Fee:
$260 per person

International
Course Fee:
$5500
Lab Fee:
$260 per person


   Register for
2008 Dates

Course Description

 

This five-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations.

The courses focus on understanding and applying the concept of survivability through the effective management of risk, threats, policy, system configuration, availability, and personnel. The course also addresses incident response and provides a technical foundation for working with TCP/IP security and cryptography. The final section of the course helps participants learn to design a secure network architecture managing host systems, securing network services and infrastructure, working with firewalls, and understanding intrusion detection and prevention.

The principles, strategies, and practices covered are applicable to most system platforms and network environments. To illustrate important concepts and security technologies, demonstrations and exercises will include implementations applicable to Linux and Windows systems as well as Cisco Internetworking equipment.

The course involves extensive hands-on laboratories utilizing heterogeneous network environment, scenario-based exercises, lecture/briefings, and open discussion to help participants develop their understanding of the problems and strategies for securing information systems and networks.

Hands-on labs and demonstrations include subjects such as: Scanning and enumeration; Enigmail and Mozilla Thunderbird email client use of the OpenPGP standard; Windows Group Policy and Security templates; securing remote access with IPSec; assessing networks with Nessus; intrusion detection and prevention with Snort; as well as information on personal and enterprise firewalls, password cracking, and extensive hacking/hardening of Linux, Windows, and Cisco platforms in both wireless and cabled networks. Each student will have the use of a laptop for the duration of the course, as well as access to a wide variety of networked systems. This course is part of the curriculum for the CERT-Certified Incident Handler Program.

Audience   ·    Prerequisites    ·    Objectives   ·    Logistics

 

AUDIENCE
Technical staff members who manage or support networked information systems and have

  • two years of practical experience with networked systems or equivalent training/education
  • some degree of specific familiarity with the ISO/OSI 7-layered reference model as well as Ethernet, TCP/IP, and major network operating systems such as Windows NT/2000/XP and Unix

PREREQUISITES
There are no prerequisites for this course.

TOPICS

  • the challenge of survivability
  • asset and risk management
  • policy formulation and implementation
  • Security Knowledge in Practice
  • TCP/IP security
  • cryptography
  • prelude to a hack (information gathering)
  • threats, vulnerabilities, and attacks
  • host system hardening
  • securing network infrastructure
  • deploying firewalls
  • securing remote access
  • intrusion detection systems

OBJECTIVES
This course will help participants to

  • describe the components of survivability
  • identify and define the components of an information security (IS) model
  • describe the components of risk and asset management as applied to networked systems
  • identify the benefits of invoking sound security policies and methods for implementing them
  • describe the steps of the Security Knowledge in Practice(SKiP) methodology
  • summarize key security concerns of the TCP/IP protocol suite
  • describe the benefits of cryptography when applied to IS properties of confidentiality, integrity, and availability
  • describe common methods of gathering information on networked systems
  • describe the types of current vulnerabilities and threats to which an organization's information assets may be exposed
  • identify common attack methods perpetrated against network systems
  • describe best practices for hardening and actively defending host and networked systems from intrusions
  • develop an approach for staying current with trends and requisite skills in information security

Course Materials
Participants will receive a course notebook and a CD containing the course materials.

LOGISTICS

Class Schedule
This five-day course meets at the following times:
Days 1-4, 9:00 a.m.-5:00 p.m.
Day 5, 9:00 a.m.-2:30 p.m.

Hotel and Travel Information
Information about traveling to the SEI offices is available on our
Travel and Lodging Web pages.

Questions about this course?
Please see our Frequently Asked Questions Web page for answers to some of the more common inquiries about SEI Education and Training.

If you need more information, contact us via e-mail at training-info@cert.org or telephone at +1 412-268-9564.



 

 

Related Products and Services

 

Courses
Advanced Information Security for Technical Staff

Other Related Information
CERT Web site
CERT-Certified Incident Handler Program
CERT's Virtual Training Environment (VTE)
Defense in Depth: Foundations for Secure and Resilient IT Enterprises (pdf)
First Responders Guide to Computer Forensics (pdf)
First Responders Guide to Computer Forensics - Advanced Topics (pdf)

Course Registration

 

  Register for 2008 Dates
 

^
TOP