Bejtlich Teaching Network Security Operations in Cincinnati
I am happy to announce that I will be teaching a three day edition of my Network Security Operations training class in Cincinnati, OH on 21-23 August 2007. The Cincinnati ISSA chapter is hosting the class. Please register here. The early discount applies to registrations before 20 July. ISSA members get an additional discount on top of the early registration discount.
Network Security Operations addresses the following topics:
This is only one of two Network Security Operations courses left for 2007. Please consider attending this class if you want to understand how to detect, inspect, and eject network intruders.
Network Security Operations addresses the following topics:
- Network Security Monitoring
- NSM theory
- Building and deploying NSM sensors
- Accessing wired and wireless traffic
- Full content tools: Tcpdump, Ethereal/Tethereal, Snort as packet logger, Daemonlogger
- Additional data analysis tools: Tcpreplay, Tcpflow, Ngrep, Netdude
- Session data tools: Cisco NetFlow, Fprobe, Flow-tools, Argus, SANCP
- Statistical data tools: Ipcad, Trafshow, Tcpdstat, Cisco accounting records
- Sguil (sguil.sf.net)
- Case studies, personal war stories, and attendee participation
- Network Incident Response
- Simple steps to take now that make incident response easier later
- Characteristics of intruders, such as their motivation, skill levels, and
techniques - Common ways intruders are detected, and reasons they are often initially
missed - Improved ways to detect intruders based on network security monitoring
principles - First response actions and related best practices
- Secure communications among IR team members, and consequences of negligence
- Approaches to remediation when facing a high-end attacker
- Short, medium, and long-term verification of the remediation plan to keep the
intruder out - Network Forensics
- Collecting network traffic as evidence
- Protecting and preserving traffic from tampering, either by careless
helpers or the intruder himself - Analyzing network evidence using a variety of open source tools, based
on network security monitoring (NSM) principles - Presenting findings to lay persons, such as management, juries, or judges
- Defending the conclusions reached during an investigation, even in the
face of adversarial defense attorneys or skeptical business leaders
This is only one of two Network Security Operations courses left for 2007. Please consider attending this class if you want to understand how to detect, inspect, and eject network intruders.
Comments