Sunday, May 27, 2007

Bejtlich Teaching Network Security Operations in Chicago

I am happy to announce that I will be teaching a three day edition of my Network Security Operations training class in Chicago, IL on 27-29 August 2007. This is a public class, although I will be speaking at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 30 August meeting of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Chicago Electronic Crimes Task Force. Please register here. The early discount applies to registrations before midnight 27 July. ISSA members get an additional discount on top of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 early registration discount.

Network Security Operations addresses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 following topics:

  • Network Security Monitoring


    • NSM cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ory

    • Building and deploying NSM sensors

    • Accessing wired and wireless traffic

    • Full content tools: Tcpdump, Ecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real/Tecá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365real, Snort as packet logger, Daemonlogger

    • Additional data analysis tools: Tcpreplay, Tcpflow, Ngrep, Netdude

    • Session data tools: Cisco NetFlow, Fprobe, Flow-tools, Argus, SANCP

    • Statistical data tools: Ipcad, Trafshow, Tcpdstat, Cisco accounting records

    • Sguil (sguil.sf.net)

    • Case studies, personal war stories, and attendee participation


  • Network Incident Response


    • Simple steps to take now that make incident response easier later

    • Characteristics of intruders, such as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir motivation, skill levels, and
      techniques

    • Common ways intruders are detected, and reasons cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are often initially
      missed

    • Improved ways to detect intruders based on network security monitoring
      principles

    • First response actions and related best practices

    • Secure communications among IR team members, and consequences of negligence

    • Approaches to remediation when facing a high-end attacker

    • Short, medium, and long-term verification of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 remediation plan to keep cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
      intruder out


  • Network Forensics


    • Collecting network traffic as evidence

    • Protecting and preserving traffic from tampering, eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r by careless
      helpers or cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 intruder himself

    • Analyzing network evidence using a variety of open source tools, based
      on network security monitoring (NSM) principles

    • Presenting findings to lay persons, such as management, juries, or judges

    • Defending cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conclusions reached during an investigation, even in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365
      face of adversarial defense attorneys or skeptical business leaders



This is only one of two Network Security Operations courses left for 2007. Please consider attending this class if you want to understand how to detect, inspect, and eject network intruders.

2 comments:

Unknown said...

Hi Richard,
I´ve been in this course http://taosecurity.blogspot.com/2007/05/bejtlich-teaching-network-security_27.html in 2007. I lost my documentation, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is any place to download?

Thanks,

Richard Bejtlich said...

Sorry, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re is not.