This five-day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience. Each participant will have direct administrative access to a wide variety of networked systems (Windows, Linux and Cisco), which will be modified and instrumented throughout the course. Instruction will consist of individual labs and team-based exercises modeled from real-world threat scenarios.
The course will begin with a review of host and network system hardening concepts supported by several hands-on labs. There will be additional defense-in-depth lecture/lab topics including Intrusion Detection Systems (IDS), network monitoring, and centralized log collection.
On the second day, participants will be grouped into teams and begin implementing a network "get well" plan to correct several design and implementation flaws within a sample infrastructure. These activities will carry over into day three, in which participants will apply their newly acquired skills to detect, analyze, and respond to real-world threats.
Day four provides teams further incident response experience by competing in a scored exercise identifying vulnerabilities and prioritizing defensive measures. The experience is further amplified with the introduction of additional network topologies requiring participants and teams to adapt and apply their skills to a new environment.
The final day of the course addresses basic computer forensics topics. Having some previous forensics training will help, but is not required. Concepts will be reviewed in class before placing teams in a scenario in which volatile and non-volatile data analysis is required. Teams must identify the digital evidence remaining from the previous day's technical response and analysis challenge in another team-based graded exercise.
Technical staff members who manage or support networked information systems and have (recommended)
Before registering for this course, participants must complete the Information Security for Technical Staff course or have equivalent training or experience.
Participants will receive a course notebook and a CD containing the course materials.
This five-day course meets at the following times:
Days 1-5, 9:00 a.m.-5:00 p.m.
This course may be offered by special arrangement at customer sites.