FROM IPS, FIREWALLS & SPYWARE, TO TROJANS & VIRUSES. HomeLand Security asks you to protect your networks from Cyberspace.. this 5 day class teaches you how.
Daily intense hands on labs teach how to manage edge protection. Get the real grip on IPS firewalls and spyware devices that can stop viruses, trojans and malware, so they don't manage you.
You will leave with a complete understanding of your level of spyware and malware risk. You will see trojaned machines sending data outside your company, identify what PCs are infected with spyware, ranked by infection severity. You build a template for Best Practices for removing active spyware from pages and build a process to rank what to clean by spyware and virus severity.
In class you'll use current IPS techniques and technologies to stop cold
keyloggers, remote access terminals (RATs), and phone-homes with tools like Mi5. You'll uncover the strengths and weaknesses of current spyware, anti-virus and anti-trojan software, and become an expert at separating false alarms and website spoofing and phishing from actual incidents and identity theft.
Live penetration testing details bad processes, bad patching and bad software. In short, you'll learn everything you need to know to evaluate, create, and implement safe edge authentication, spyware, virus & trojan incident management program to protect your edge.
Key topics:
• 15 + Hands on spyware, viruses, trojan and phising labs
• Mitigate site spoofing & phishing
• False alarms vs. real threats from spyware, virus & trojans
• IPS Filtering as effective containment technique
• Discover the best practices for edge protection unlike anything your ever seen
• Pros and cons of current anti-virus & anti-trojan software and techniques
• Define a recovery strategy
• Establish measurable goals for spyware risk.
Who should attend:
Information Security Officers, Information Systems Managers, Auditors
Telecommunications and Network Administrators, Consultants, Systems and Data Security Analysts, and others seeking to enhance their information security knowledge.
Highly qualified instructor with
CEH, ECSA,
EXAM Vouchers incl
Download the 2007 SU Computer Security Class Roadmap.
What you will learn:
Step 1 — Preparation
Laying the groundwork for effective spyware & malware incident management with a look at the current state of spyware & malware threats and their evolution.
• Real-time traffic scanning blocks spyware on-the-fly
• Malware defined
• Environments where spyware & malware thrive
• Viruses & Trojan risks
• Strengths and weaknesses of current anti-virus and anti-trojan products
• Install Confidence on-line, SOPHOS, NORTON, MCAFEE and other virus & anti-trojan software in Hands-On labs
Step 2 — Detection
In a recent study, less than a third of the participants realized they'd experienced a spyware or malware attack. How to detect and analyze spyware or malware incident quickly and accurately.
• Pinpoints how employees are getting infected.
• Detect and block“phone-home” attempts by spyware installed on your computers
• Advanced diagnosis and identification
• False alarms vs. actual incidents
• My Doom, Blaster, NIMDA, CODE RED and others - learn what they do
• Dissecting audit records
• Was it internal or external?
• Determining source and scope of infection
Step 3 — Containment
A look at the two essential containment techniques — stopping the spyware & malware spread and halting the side affects.
• Inspects True file types
• Filtering inbound and outbound network traffic
• The importance of public relations
• Limiting exposure by secure application coding
Step 4 — Eradication
If a virus or other malware does attack, how to remove it completely in the most effective and permanent manner.
• Blocks spyware websites & file downloads
• Reviewing system configuration and initialization items
• Removing modifications to courses and data files
• Benefits and challenges of current removal techniques
Step 5 — Recovery & patching your network
Returning the network and any other affected systems to full operation, with minimal impact. Special emphasis on systems and data backup recovery techniques.
• Returning the network systems to full operation
• What was the impact
• systems and data backup recovery techniques
• Benefits and challenges of current patching techniques
• A review of Core Security Impact vulnerability exploit tool to ensure patch updates
Step 6 — Response and follow-Up
How and why did the attack happen, how was it removed, and what lessons can be applied to possible future attacks? The final and most crucial step in a successful incident management program.
• Establishing a incident response team based on the type of incident
• Documenting lessons learned
• Metric collection and trend analysis
• Establishing measurable goals
1. Review of Internet Attacks • hacker trends and motives
• denial-of-service attacks: SYN floods, smurf, Trinoo and others
• network probes and scans
• IP spoofing
• Trojan horses
• application-level attacks
2. Characteristics of the Firewall Environment • objectives of firewalls
• creating security domains
• perimeter and internal firewalls
• firewall rule sets - default deny vs.default allow
• firewall platforms - common commercial firewalls
• host-based firewalls, firewall appliances, firewall configurations
• demilitarized zones (DMZs)
• dual & multi-homed configurations & screened sub-networks
• HA - high availability firewalls
• access policy for internal applications
4. Standard (Stateless) Packet Filters
• ingress and egress filtering
• packet filter control points & parameters
• TCP flags & ICMP message types
• configuring packet filters to control access to HTTP, SMTP, DNS
• addressing denial-of-service attacks: LAND, ping floods, SYN floods
• dynamic access controls
• authentication, authorization and accounting (AAA)
• handling difficult protocols: FTP, multimedia applications
5. Stateful Inspection Firewalls • stateful inspection firewall design
• configuring the TCP/IP protocol stack
• IP forwarding issues
• application data
• Web content: ActiveX controls, Java applets
• connection tables and performance
• connections for UDP
• handling FTP and streaming protocols
6. Proxy-Based Firewalls
• address hiding
• circuit-level & application-layer proxies
• strengths of proxy firewalls
• configuring & hardening the TCP/IP protocol stack
• IP forwarding issues
• configuring application proxies to support SMTP, FTP, HTTP
7. Proxy Servers for Internal to External Access
• SOCKS proxy servers
• Web proxy servers
• port redirectors on proxy server gateways
8. Personal Firewalls
• Trojan horse problems
9. Content Filtering and Prevention Tools • Deploying content filters
• SMTP filters
• Anti-virus
• Blocking Trojans and Worms at the SMTP server
• Spam filtering
• Anti-relaying
• Web site filtering blockers
• Recommended policies and actions
• Filtering mobile code: ActiveX, Java, JavaScript
• Intrusion prevention tools
• Integrating firewalls & Prevention Tools
• Firewall penetration-testing tools
11. Firewall Management
• Creating a bastion host
• Creating system baselines
• Monitoring the firewall
• Managing firewall alerts
• Best practices for incident handling
• Log file management
• keeping up to date: key e-mail lists and Web sites
