| 08:30 |
WELCOME
and INTRODUCTIONS |
| 08:45 |
COURSE
INTRODUCTION AND OVERVIEW - NDI Faculty |
|
Establishing
Effective Security and Defining System Administrator Tasks |
|
|
Definitions
and terminology |
|
|
Understanding
the current environment |
|
|
Setting
program responsibilities |
|
|
Conducting
risk assessments |
|
|
Correcting
Vulnerabilities |
|
|
Conducting Audits |
|
|
Certifying Systems |
| 09:30 |
BREAK |
| 09:45 |
UNDERSTANDING
IT SECURITY AND DEVELOPING SECURITY POLICIES |
|
|
A security
policy: The foundation of your protection |
|
|
The four objectives:
availability, integrity, privacy and authenticity |
|
|
Assigning
responsibilities |
|
|
Conducting a
threat reduction analysis |
|
|
Determining appropriate
countermeasures |
|
|
Producing an
action plan |
|
|
Responding
to attacks and limiting damage |
|
|
Keeping up to date
with vulnerabilities |
| 10:15 |
WRITTEN EXERCISE |
| 10:30 |
TCP/IP AND FIREWALLS -
Randall Kizer, Chief IT Security, City of San Diego,
NDI Associate Faculty |
|
|
Overview of TCP/IP |
|
|
The importance
of firewalls |
|
|
Choosing
the right firewall |
|
|
Types of firewalls |
| 11:00 |
BREAK |
| 11:15 |
FIREWALL TOPOLOGIES |
|
|
Deploying Firewalls |
|
|
Using supportive
technologies to provide defense in depth |
|
|
Creating virtual
private networks (VPNs) using firewall to firewall encryption |
|
|
Setting up the DMZ |
|
|
Setting up externally
accessible servers |
| 12:00 |
LUNCH |
| 13:00 |
THWARTING COUNTERFEITERS
AND FORGERY TO RETAIN INTEGRITY |
|
|
Impersonating
Users |
|
|
Encrypting files
and messages |
|
|
Forging
e-mail addresses |
|
|
Kerberos |
|
|
PGP |
| 14:15 |
BREAK |
| 14:30 |
HANDS-ON EXERCISE |
|
How to spoof e-mail:
This is hands-on demonstration to allow students to understand how e-mail messages
are forged. If time permits, students will take the exercise to the next level -
create a shell script to send a mail bomb! |
| 15:30 |
A STUDY IN
SOCIAL ENGINEERING - NDI Faculty |
| 16:00 |
ADJOURN |
| 08:30 |
BRIEF
REVIEW AND INTRODUCTIONS - NDI Faculty |
| 08:45 |
NETWORK
INTERCONNECTIONS: A MAJOR POINT OF VULNERABILITY - Senior NDI Faculty |
|
|
Goals of a Secure
IT Infrastructure |
|
Security Challenges |
|
|
Regularly Scheduled Maintenance |
|
Common Security Mistakes |
|
|
What Needs To Be secured |
|
Component Capabilities |
|
|
IT Security Control Objectives |
|
Architectural Vulnerabilities |
|
|
Framework for Securing your Infrastructure |
|
Network
Vulnerabilities |
|
|
Physical Security
Concerns |
|
Operating System
Vulnerabilities |
|
|
Physical Security
Guidelines & Information |
|
Application
Vulnerabilities |
|
|
Policy Security
Guidelines & Information |
|
Process
Vulnerabilities |
| 09:45 |
BREAK |
| 10:00 |
AVOIDING DISRUPTION OF
SERVICE TO MAINTAIN AVAILABILITY |
|
|
Case Study -
Library of Congress Compromise |
|
Virus and Vandal Containment |
|
|
Security Goals |
|
Application
and Server Proxies |
|
|
Complete
Lockdown and Security Testing |
|
System Checksums |
|
|
Securing
Existing Systems |
|
Intrusion
Detection Systems |
|
|
Blueprint for a
Highly Secure Environment |
|
PKI
(Public Key Infrastructure) |
|
|
Best Practices |
|
Digital Signatures |
| 12:00 |
LUNCH |
| 13:00 |
AVOIDING
DISRUPTION OF SERVICE TO MAINTAIN AVAILABILITY |
|
|
Encryption |
|
SSH |
|
|
Authentication |
|
VPNs |
|
|
LDAP |
|
Industry Standards |
|
|
Web Page Signing |
|
Standard Evaluation |
|
|
SSL |
| 14:00 |
BREAK |
| 14:15 |
DETERRING
HACKERS AND INSURING AUTHENTICITY |
|
|
What Hacker's
Know That You Don't |
|
|
Hacker Activities |
|
|
Attack Statistics |
|
|
What an
Intruder Needs to Know |
| 15:00 |
HANDS-ON EXERCISES:
HACKER DEMONSTRATIONS - Attacking Systems by: |
|
|
Installing
packet sniffers |
|
Planting Trojan
horse programs |
|
|
Target Selection |
|
Expose
the weaknesses of common password-based authentication systems |
|
|
Host Penetration |
|
Reconnaissance |
|
|
Password Decoding |
|
Target Profiling |
|
|
Trojans |
|
Vulnerability Mapping |
|
|
Known Problems |
|
|
Denial of Service Attacks |
| 16:00 |
ADJOURN |
