Qualified Edge Protector - FW's, IPS, VPN's, Trojans, Viruses, Patch Mgt & Response This 5-day, hands-on class focuses on creating firewall implementations that protect your information resources. You will implement numerous commercial and freeware firewalls, examine best practices for protecting DNS services, HTTP, and SMTP. You will explore proven strategies for defending your networks against unauthorized access and denial-of-service attacks with the new leading edge prevention tools. You will examine the weaknesses of firewall architectures and how good security processes strengthen user- and host-based authentication, warning banners, address translation and masquerade, remote management, alerts, content filtering, spoofing, complex protocols and other advanced issues. Hands-on labs are designed for impact – providing you essential features of various firewall architectures including packet filters, stateful packet filting and proxy firewalls. Session size is limited for maximum hands-on experience.
In the second part of this class you will learn how to manage viruses so they do not manage you.
SU labs are designed to give you a chance to apply techniques learned in the class by actually using Windows-based trojan key loggers, worms and viruses while learning solutions for protecting internal and external users from the trojan and virus invasion.
10 + Hands on viruse and trojan labs
Mitigate site spoofing & phishing
False alarms vs. real threats from virus & trojans
Filtering as effective containment technique
Discover the best tools and techniques for patching and testing patches
Pros and cons of current anti-virus & anti-trojan software and techniques
Define a recovery strategy
Establish measurable goals for patch management
Who should attend:
Information Security Officers, Information Systems Managers, Auditors
Telecommunications and Network Administrators, Consultants, Systems and Data Security Analysts, and others seeking to enhance their information security knowledge.
Course agenda: Step 1 Preparation
Laying the groundwork for effective malware incident management with a look at the current state of malware threats and their evolution.
Environments where malware thrive
Viruses & Trojan risks
Strengths and weaknesses of current anti-virus and anti-trojan products
Install Confidence on-line, SOPHOS, NORTON, MCAFEE and other virus & anti-trojan software in Hands-On labs
Step 2 Detection
In a recent study, less than a third of the participants realized they'd experienced a malware attack. How to detect and analyze a malware incident quickly and accurately.
Advanced diagnosis and identification
False alarms vs. actual incidents
My Doom, Blaster, NIMDA, CODE RED and others - learn what they do
Dissecting audit records
Was it internal or external?
Determining source and scope of infection
Step 3 Containment & secure application coding review
A look at the two essential containment techniques stopping the malware spread and halting the side affects.
Filtering inbound and outbound network traffic
The importance of public relations
Limiting exposure by secure application coding
Step 4 Eradication
If a virus or other malware does attack, how to remove it completely in the most effective and permanent manner.
Reviewing system configuration and initialization items
Removing modifications to courses and data files
Benefits and challenges of current removal techniques
Step 5 Recovery & patching your network
Returning the network and any other affected systems to full operation, with minimal impact. Special emphasis on systems and data backup recovery techniques.
Returning the network systems to full operation
What was the impact
systems and data backup recovery techniques
Benefits and challenges of current patching techniques
A review of Core Security Impact vulnerability exploit tool to ensure patch updates
Step 6 Response and follow-Up
How and why did the attack happen, how was it removed, and what lessons can be applied to possible future attacks? The final and most crucial step in a successful incident management program.
Establishing a incident response team based on the type of incident
Documenting lessons learned
Metric collection and trend analysis
Establishing measurable goals
Anti-virus and anti-trojan product strengths and weaknesses
Determining a detection treatment
Removing infections and residual affects
Selecting effective containment and patching techniques
Defining patch management goals and compliance metrics
Defining a recovery strategy and restoring a system
Defining incident management goals and metrics