Applied Cybersecurity, Incident Response and Forensics

This five-day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience. Each participant will have direct administrative access to a wide variety of networked systems (Windows, Linux and Cisco), which will be modified and instrumented throughout the course. Instruction will consist of individual labs and team-based exercises modeled from real-world threat scenarios.

The course will begin with a review of host and network system hardening concepts supported by several hands-on labs. There will be additional defense-in-depth lecture/lab topics including Intrusion Detection Systems (IDS), network monitoring, and centralized log collection.

On the second day, participants will be grouped into teams and begin implementing a network "get well" plan to correct several design and implementation flaws within a sample infrastructure. These activities will carry over into day three, in which participants will apply their newly acquired skills to detect, analyze, and respond to real-world threats.

Day four provides teams further incident response experience by competing in a scored exercise identifying vulnerabilities and prioritizing defensive measures. The experience is further amplified with the introduction of additional network topologies requiring participants and teams to adapt and apply their skills to a new environment.

The final day of the course addresses basic computer forensics topics. Having some previous forensics training will help, but is not required. Concepts will be reviewed in class before placing teams in a scenario in which volatile and non-volatile data analysis is required. Teams must identify the digital evidence remaining from the previous day's technical response and analysis challenge in another team-based graded exercise.

Who should attend?

Technical staff members who manage or support networked information systems and have (recommended)

  • one year of practical experience with networked systems or equivalent training/education
  • six months of security administration experience
  • background in data networking with entry-level Unix or Windows system administration experience
  • familiarity with the OSI model and the TCP/IP protocol stack

Topics

  • Windows and Unix host system hardening
  • system availability monitoring
  • network access control techniques
  • secure network architectures and topologies
  • intrusion detection systems
  • secure implementation of logging and network monitoring
  • forensic analysis and incident response

Objectives

  • install/configure network access control technologies
  • install/configure intrusion detection sensors
  • implement techniques for hardening host systems and services
  • implement technology for monitoring the status/availability of network services
  • implement system logging and networking monitoring
  • safely collect and secure sensitive incident response data
  • analyze and respond to network and system events

Prerequisites

Before registering for this course, participants must complete the Information Security for Technical Staff course or have equivalent training or experience.

Materials

Participants will receive a course notebook and a CD containing the course materials.

Schedule

This five-day course meets at the following times:
Days 1-5, 9:00 a.m.-5:00 p.m.

Course Details

Course Fees [USD]

U.S. Industry:

$2900

U.S. Government/Academic:

$2325

International:

$5800

Lab Fee $300 per person

Please select a course offering then click REGISTER.
 

Dates

October 13 - 17, 2014 (SEI, Arlington, VA)

 
This course may be offered by special arrangement at customer sites.

For More Information

E-mail: course-info@sei.cmu.edu
Phone: 412-268-7622


Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.