Advanced Information Security for Technical Staff
This five-day workshop is designed to increase the depth of
knowledge and skills of technical staff charged with administering and
securing information systems and networks. Developed around a scenario
in which a production network has failed an information security
audit, students will implement numerous technical security solutions
to bring the network into compliance. Participants will work in teams
to integrate these solutions throughout the enterprise. Each student
will have the use of a dual-boot laptop for the duration of the
workshop, as well as direct administrative access to a wide variety of
networked systems.
The first two days of the workshop will cover host system
hardening, system availability monitoring, network access control and
applied encryption technologies, intrusion detection systems, as well
as logging, forensics, and incident analysis and response
techniques. Instructors will utilize lecture/presentations,
demonstrations and hands-on exercises to teach these topic areas.
During the final three days, instructors will facilitate
participants through the implementation of the network's get-well plan
and compliance task list. Students will use various
freeware/open-source software and operating system specific
technologies to accomplish these tasks. Following are some examples of
the required tasks:
- implement a new segmented network topology and IP addressing
scheme
- install, configure and test 2 enterprise class, UNIX-based
firewalls and create a DMZ to isolate public services
- implement an isolated administrative/management network
- install, configure an email forwarder and spam-filtering
server
- install, configure a centralized syslog server and configure hosts
to send encrypted log information to this system
- install, configure network-time synchronization services
- implement Split-DNS name resolution services
- install, configure and test IPSEC VPN termination points and
implement secure remote access
- install, configure an HTTP application proxy server and implement
content filtering
- install, configure several intrusion detection sensors to include
Snort/ACID
- utilize Windows 2000 group policy, security templates, and
numerous other technologies and techniques to harden Windows
hosts
- utilize Bastille, Tripwire, and numerous other technologies and
techniques to harden Linux systems
- install, configure system availability monitoring tools and
configure alerts
- configure numerous network monitoring stations and analyze data
for suspicious events
- inspect and systematically analyze log and IDS data for malicious
activity
Audience
Technical staff members who manage or support networked information
systems and have
- two years of practical experience with networked systems or
equivalent training/education
- six months of security administration experience
- strong background in data networking with some specific degree of
UNIX or Windows system administration experience
Prerequisites
Before registering for this workshop, participants must complete
the Information Security for
Technical Staff workshop or have equivalent training or
experience.
Topics
- Windows and UNIX host system hardening
- system availability monitoring
- network access control techniques and applied encryption
- secure network architectures and topologies
- intrusion detection systems
- secure implementation of logging and network monitoring
- forensic analysis and incident response
Objectives
This workshop will help participants to
- evaluate and integrate information security technologies
- install/configure network access control technologies
- install/configure intrusion detection sensors
- implement technology to ensure confidentially of network
traffic
- implement techniques for hardening host systems and services
- implement technology for monitoring the status/availability of
network services
- implement system logging and network monitoring
- analyze and respond to network and system events
�