Qualified Edge Protector - FW's, IPS, VPN's, Trojans, Viruses, Patch Mgt & Response This 5-day, hands-on class focuses on creating firewall implementations that protect your information resources. You will implement numerous commercial and freeware firewalls, examine best practices for protecting DNS services, HTTP, and SMTP. You will explore proven strategies for defending your networks against unauthorized access and denial-of-service attacks with the new leading edge prevention tools. You will examine the weaknesses of firewall architectures and how good security processes strengthen user- and host-based authentication, warning banners, address translation and masquerade, remote management, alerts, content filtering, spoofing, complex protocols and other advanced issues. Hands-on labs are designed for impact – providing you essential features of various firewall architectures including packet filters, stateful packet filting and proxy firewalls. Session size is limited for maximum hands-on experience.
In the second part of this class you will learn how to manage viruses so they do not manage you.
SU labs are designed to give you a chance to apply techniques learned in the class by actually using Windows-based trojan key loggers, worms and viruses while learning solutions for protecting internal and external users from the trojan and virus invasion.
Key topics:
• 10 + Hands on viruse and trojan labs
• Mitigate site spoofing & phishing
• False alarms vs. real threats from virus & trojans
• Filtering as effective containment technique
• Discover the best tools and techniques for patching and testing patches
• Pros and cons of current anti-virus & anti-trojan software and techniques
• Define a recovery strategy
• Establish measurable goals for patch management
Who should attend:
Information Security Officers, Information Systems Managers, Auditors
Telecommunications and Network Administrators, Consultants, Systems and Data Security Analysts, and others seeking to enhance their information security knowledge.
Course agenda: Step 1 — Preparation
Laying the groundwork for effective malware incident management with a look at the current state of malware threats and their evolution.
• Malware defined
• Environments where malware thrive
• Viruses & Trojan risks
• Strengths and weaknesses of current anti-virus and anti-trojan products
• Install Confidence on-line, SOPHOS, NORTON, MCAFEE and other virus & anti-trojan software in Hands-On labs
Step 2 — Detection
In a recent study, less than a third of the participants realized they'd experienced a malware attack. How to detect and analyze a malware incident quickly and accurately.
• Advanced diagnosis and identification
• False alarms vs. actual incidents
• My Doom, Blaster, NIMDA, CODE RED and others - learn what they do
• Dissecting audit records
• Was it internal or external?
• Determining source and scope of infection
Step 3 — Containment & secure application coding review
A look at the two essential containment techniques — stopping the malware spread and halting the side affects.
• Filtering inbound and outbound network traffic
• The importance of public relations
• Limiting exposure by secure application coding
Step 4 — Eradication
If a virus or other malware does attack, how to remove it completely in the most effective and permanent manner.
• Reviewing system configuration and initialization items
• Removing modifications to courses and data files
• Benefits and challenges of current removal techniques
Step 5 — Recovery & patching your network
Returning the network and any other affected systems to full operation, with minimal impact. Special emphasis on systems and data backup recovery techniques.
• Returning the network systems to full operation
• What was the impact
• systems and data backup recovery techniques
• Benefits and challenges of current patching techniques
• A review of Core Security Impact vulnerability exploit tool to ensure patch updates
Step 6 — Response and follow-Up
How and why did the attack happen, how was it removed, and what lessons can be applied to possible future attacks? The final and most crucial step in a successful incident management program.
• Establishing a incident response team based on the type of incident
• Documenting lessons learned
• Metric collection and trend analysis
• Establishing measurable goals
Class Exercises
• Anti-virus and anti-trojan product strengths and weaknesses
• Determining a detection treatment
• Removing infections and residual affects
• Selecting effective containment and patching techniques
• Defining patch management goals and compliance metrics
• Defining a recovery strategy and restoring a system
• Defining incident management goals and metrics
