|
Enterprise Security Architecture and Assessment
Learn the essentials of Enterprise Security Design for security
engineering with this hands on information security course. This
course will bring you up to speed on the latest security-specific
architecture.
Most importantly, Enterprise Security Architecture and Design shows
you to implement the myriad of security technologies available on
the market today in an effective and cost efficient manner.
A detailed outline of this course follows:
Day
1:
Module 1—Human Factors of Security
The human factors that make implementing security difficult; Primary
personality types
encountered and their motivations for (or against) security initiatives;
how social awareness can help corporate security efforts succeed.
Module 2—Objectives of Security
The Active Defense approach to security; “Defense in Depth”
model; Interaction between written and electronic policy; Layered
approach to security including Perimeter Security, Network Security,
Host Based Security, and Human Awareness
Module 3—What The Hackers Know
Information on some of the quick and easy tools available for finding
information that can be used in a more coordinated attack by hackers;
Some common tools that identify network assets; How to show both
technical and business
managers the amount of information that is
exposed via the network
Lab—CHEOPS, Site TelePort Pro, NTOP, NmapFE, KMAP
Module 4—Enemies and Their Motivation
The most common hacker personality types; The reasons they participate
in these activities;
Common targets for these individuals
Day 2:
Module 5—Assessing Vulnerabilities
Practical application of risk assessment to an organization; Basic
understanding of vulnerability
categories; Conducting an assessment; Commonly found weak links
in an assessment; Reviewing how ‘breaking’ into your
own network can be a practical way to get an accurate assessment
of your risk
Lab—Vulnerability Assessment, exploit usage and windows password
weaknesses
Module 6—Objectives of Risk Management
Identifying specific areas where safeguards are needed to prevent
deliberate or inadvertent unauthorized disclosure, modification,
or unauthorized use of information, and denial of service
• How much protection is required
• How much exists
• The most economical way of providing it
• Reducing the identified risk to an acceptable level
Lab—Risk Assessment and Costs
Module 7—Defining Security Policy
Developing computer security policies and procedures for Corporations
that have systems connected to the Internet. Provide practical guidance
to administrators trying to secure their information and services.
Module 8—Developing Electronic Policy
Security tools by and large require that you create electronic policies
from the written security policy in order to enforce compliance
on the network we examine e-policies, often referred to as electronic
or enforceable policies, and how they are used.
Lab—Translate Written Policy into E-Policy
Module 14—Identifying Attack Signatures
• Identifying signature by category of attack
• Identifying normal attack flow
• Identifying inspection and evasion of IDS
• Identifying potential false positives of IDS
• Identifying limitations in IDS monitoring
Lab—Integrity verification and log monitoring
Day 3:
Module 9—Policy Enforcement with Technology
Keeping the organization in compliance with their policies; Training
and awareness programs;
Enforcement using technical tools, Checking compliance and enforcing
policy
Lab—Responding to CERT Alerts
Module 10—Electronic Policy Baselines
for Systems
Developing good security through system baselines; Using scripts
to automate baseline implementation; Tools for detecting system
changes
Lab-Security Configuration Manager
Module 11—Structured Monitoring
Identifying policy and procedures; Log procedures using the Defense
in Depth model; Identifying Critical and Weak link systems; Centralized,
Remote, and
Decentralized Monitoring; Hardening the Monitoring Stations; Minimizing
Management Consoles
Day 4:
Module 12—Intrusion Detection and
Centralized Monitoring
Setup of a centralized monitoring system for a corporation; Identify
cost effective placement of
monitoring devices; Remote administration of monitoring systems
Lab—Snort & Packet Analysis
Module 13— Overcoming Difficulty
in Monitoring
Intrusion Detection: Differentiation of what is relevant to the
Intrusion sequence, what is not relevant, and what is not part of
the sequence.
Lab—Analyzing Attacks
Day 5:
Module 15—Justifying the Cost of Security
A business case is made for Return of Security Investment by showing
some areas where security saves money on labor and other items.
Module 16—Incident Investigation
Methods
Incident investigation: the process, tools, and methods
• Avoiding “contaminating” evidence
• Definitions of common response terms
• Identification of business and legal considerations
• Understanding of the time sensitivity of response
Module 17—Understanding the Logs
Tools and methods for identifying critical information contained
in the log files
Lab—IIS Log Analysis
Module 18—Security Planning for Electronic
Business
Overview of the considerations necessary to securely and successfully
implement electronic business over the Internet. Identifying the
business structure required for conducting electronic business,
identifying and minimizing the threats to electronic commerce, including
threats that may involve electronic commerce ‘partners’.
Current Course List:
|
