Bejtlich Teaching Network Security Operations in Chicago
I am happy to announce that I will be teaching a three day edition of my Network Security Operations training class in Chicago, IL on 27-29 August 2007. This is a public class, although I will be speaking at the 30 August meeting of the Chicago Electronic Crimes Task Force. Please register here. The early discount applies to registrations before midnight 27 July. ISSA members get an additional discount on top of the early registration discount.
Network Security Operations addresses the following topics:
This is only one of two Network Security Operations courses left for 2007. Please consider attending this class if you want to understand how to detect, inspect, and eject network intruders.
Network Security Operations addresses the following topics:
- Network Security Monitoring
- NSM theory
- Building and deploying NSM sensors
- Accessing wired and wireless traffic
- Full content tools: Tcpdump, Ethereal/Tethereal, Snort as packet logger, Daemonlogger
- Additional data analysis tools: Tcpreplay, Tcpflow, Ngrep, Netdude
- Session data tools: Cisco NetFlow, Fprobe, Flow-tools, Argus, SANCP
- Statistical data tools: Ipcad, Trafshow, Tcpdstat, Cisco accounting records
- Sguil (sguil.sf.net)
- Case studies, personal war stories, and attendee participation
- Network Incident Response
- Simple steps to take now that make incident response easier later
- Characteristics of intruders, such as their motivation, skill levels, and
techniques - Common ways intruders are detected, and reasons they are often initially
missed - Improved ways to detect intruders based on network security monitoring
principles - First response actions and related best practices
- Secure communications among IR team members, and consequences of negligence
- Approaches to remediation when facing a high-end attacker
- Short, medium, and long-term verification of the remediation plan to keep the
intruder out - Network Forensics
- Collecting network traffic as evidence
- Protecting and preserving traffic from tampering, either by careless
helpers or the intruder himself - Analyzing network evidence using a variety of open source tools, based
on network security monitoring (NSM) principles - Presenting findings to lay persons, such as management, juries, or judges
- Defending the conclusions reached during an investigation, even in the
face of adversarial defense attorneys or skeptical business leaders
This is only one of two Network Security Operations courses left for 2007. Please consider attending this class if you want to understand how to detect, inspect, and eject network intruders.
Comments
I´ve been in this course http://taosecurity.blogspot.com/2007/05/bejtlich-teaching-network-security_27.html in 2007. I lost my documentation, there is any place to download?
Thanks,