Monday, August 01, 2005

More Notes for USENIX Security Students

I believe attendees of my Network Security Monitoring with Open Source Tools class at USENIX Security in Baltimore, MD enjoyed themselves yesterday. I hope those attening Network Incident Response like this new class as well. I have a few notes for you.

This slide provides an overview of the network-centric aspects of digital security, with the subjects discussed in today's class highlighted.

This slide shows the revised session plan, where the incident response case study is moved to the beginning of the class.

Please note the updated Tethereal syntax mentioned in my earlier post.

Finally, I got my copy of The Visible Ops Handbook from Tripwire. In order to make my slides line up with the four phases I see in the book, I recommend thinking of these four Visible Ops steps instead of those listed in my slides:

  1. Stablize the Patient and Modify First Response

  2. Catch and Release and Find Fragile Artifacts

  3. Create a Repeatable Build Library

  4. Continual Improvement


If you are not at USENIX but you want to attend the four day version of these classes -- augmented by hands-on exercises, a smaller class size, and an entire day on Network Forensics -- check out Network Security Operations. Seats are already filling for my first public class starting 27 September in Fairfax, VA. I am also available for private classes to your organization, and several of those are planned already.

No comments: