Advanced Information Security for Technical Staff

This four-day course is designed to increase the depth of knowledge and skills of technical staff charged with administering and securing information systems and networks. Developed around a scenario in which a production network has failed an information security audit, students will implement numerous technical security solutions to bring the network into compliance. Participants will work in teams to integrate these solutions throughout the enterprise. Each student will have the use of a laptop for the duration of the course, as well as direct administrative access to a wide variety of networked systems.

The first two days of the course will cover host system hardening, system availability monitoring, network access control and applied encryption technologies, intrusion detection systems, as well as logging, forensics, and incident analysis and response techniques. Instructors will utilize lecture/presentations, demonstrations and hands-on exercises to teach these topic areas.

During the next one and a half days, instructors will facilitate participants through the implementation of the network's get-well plan and compliance task list. Students will use various software tools and operating system specific technologies to accomplish these tasks. Following are some examples of the required tasks:

• implement a new segmented network topology and IP addressing scheme
• install, configure and test an enterprise class, Unix-based firewall and create a DMZ to isolate public services
• setup, configure routing, access controls, and other critical services on an enterprise class Cisco router
• configure an email forwarder and spam-filtering server
• configure network-time synchronization services
• implement an isolated administrative/management network
• install, configure a centralized syslog server and configure hosts to send encrypted log information to this system
• implement Split-DNS name resolution services
• install, configure an HTTP application proxy server and implement content filtering
• install, configure several Snort based intrusion detection sensors
• utilize Windows group policy, security templates, and numerous other technologies and techniques to harden Windows hosts
• utilize Bastille, Tripwire, and numerous other technologies and techniques to harden Linux systems
• install, configure system availability monitoring tools and configure alerts
• configure numerous network monitoring services and analyze data for suspicious events
• inspect and systematically analyze log and IDS data for malicious activity

On the final day, students will participate in several Technical Response Exercises during which they will have the opportunity to utilize the recently configured network security tools to analyze and troubleshoot various scenarios. Students will be required to classify the network activity as good or malicious using web proxy logs, firewall logs, application and security logs, IDS alerts, service availability tools, packet capture tools, and other configured network monitoring systems. They will be required to identify the type and source of various network-based attacks and recommend the appropriate remediation strategies.

Who should attend?

Technical staff members who manage or support networked information systems and have (recommended)

• one year of practical experience with networked systems or equivalent training/education
• six months of security administration experience
• background in data networking with entry-level Unix or Windows system administration experience

What will you learn?

• evaluate and integrate information security technologies
• install/configure network access control technologies
• install/configure intrusion detection sensors
• implement technology to ensure confidentially of network traffic
• implement techniques for hardening host systems and services
• implement technology for monitoring the status/availability of network services
• implement system logging and network monitoring
• analyze and respond to network and system events