About this training
This course gives a complete overview of protecting an organization’s network and effectively managing security. Participants learn the very basics of networking and understand how attackers can exploit the vulnerabilities in their systems. Then participants understand how to protect your network from such attacks using various technologies. Security tools detect, report and respond to most of the attacks; however you need to have skills to analyze the logs generated from such tools and a preparedness for handling incidents. Participants are taught incident handling methodologies and how to handle post-incident forensic analysis.
Course Outline
Networking and TCP/IP
This will be a refresher session on the basic networking technologies and the TCP/IP protocol.
Types of Attacks
In this session we will be covering security fundamentals where we will describe the vulnerabilities in systems and the various types of attacks which exploit those vulnerabilities. There will also be a demonstration of a few attacks. Some of the attacks discussed are:
- Buffer Overflows
- SQL Injection
- DoS and DDoS attacks
- Worms and Trojans
Security Technologies
Here we will cover the various technologies available to prevent / detect the attacks. We will see how each technology can help securing an organization’s network. There will be a demonstration of the following:
- Firewalls
- Intrusion Detection Systems
- Authentication
- Malicious Code Control
- Encryption Technologies
Analyzing Security Logs
All security and network devices installed, will generate tons of logs which needs to be analyzed by the administrator. Log analysis is the art of extracting meaningful information and drawing conclusions about security posture from records generated by the devices. We will see how to analyze the logs generated by the devices. We will see how to analyze the logs generated by firewalls and IDS.
Preparing for Incident Response
An incident is a situation, real or perceived, in which an entity’s information is at risk, for e.g. web site hacked, virus spread etc. These situations are serious incidents that could easily result in significant impact to a company if not handled properly. Incident response is the discipline of handling situations in a manner that is cost effective and efficient. An organizations Incident Response Team, whether dedicated team or responsibility of security administrators or other IT personnel, must be fully prepared to handle an incident. Here we touch upon the steps for incident handling and preparing for it.
Computer And Network Forensics
Computer Forensics is the science of busting cyber criminals. It is most commonly used after a suspected hack attempt, in order to analyze a computer or network for evidence of intrusion. This will be an introduction to the vast field of computer forensics followed by a demonstration of extracting hidden information from a computer.
Investigating Attacks
One of the steps in handling an incident is to determine the who, what, when, where, and how surrounding an incident. This investigation can be conducted by analyzing the logs generated by a network monitor or a security device or by doing forensic analysis of the affecting system. We will be demonstrating an investigation process. |
