TaoSecurity

Network Security Operations in Chicago, IL

Class: Network Security Operations
Venue: Public class
Location: ITA Headquarters / 200 S. Wacker Drive, 15th Floor / Chicago, IL 60600 / 312.435.2805
Dates: 0900-1700 27-29 August 2007
Fee:

NSM theory
Building and deploying NSM sensors
Accessing wired and wireless traffic
Full content tools: Tcpdump, Ethereal/Tethereal, Snort as packet logger, Daemonlogger
Additional data analysis tools: Tcpreplay, Tcpflow, Ngrep, Netdude
Session data tools: Cisco NetFlow, Fprobe, Flow-tools, Argus, SANCP
Statistical data tools: Ipcad, Trafshow, Tcpdstat, Cisco accounting records
Sguil (sguil.sf.net)
Case studies, personal war stories, and attendee participation

Simple steps to take now that make incident response easier later
Characteristics of intruders, such as their motivation, skill levels, and techniques
Common ways intruders are detected, and reasons they are often initially missed
Improved ways to detect intruders based on network security monitoring principles
First response actions and related best practices
Secure communications among IR team members, and consequences of negligence
Approaches to remediation when facing a high-end attacker
Short, medium, and long-term verification of the remediation plan to keep the intruder out

Collecting network traffic as evidence
Protecting and preserving traffic from tampering, either by careless helpers or the intruder himself
Analyzing network evidence using a variety of open source tools, based on network security monitoring (NSM) principles
Presenting findings to lay persons, such as management, juries, or judges
Defending the conclusions reached during an investigation, even in the face of adversarial defense attorneys or skeptical business leaders

Registration: Download and complete the registration form (.pdf) and return to TaoSecurity using one of three methods:

Questions: Please email training [at] taosecurity [dot] com or call 202.409.8045.