Course:  First Level Security for Computers and Networks (With one day Computer Lab)

On-line registration has closed. Please contact the office at 781-229-1530 Ext 2 for more information.

Handouts: Copies of the course outline slides will be provided along with relevant handouts when appropriate.

Prerequisite: General IT background, familiarity with operating systems  and networks. Linux, Unix and/or Windows-NT/2000/XP  System and Network Administration working knowledge helpful. The class will proceed at an accelerated pace that  will allow most individuals, with the willingness to  learn this material, to keep up with the class.

Course Benefits: Organizations today are linking their systems to the Internet  across enterprise-wide networks and VPNs. As the bandwidth  and number of network services made available to the outside  world increases, so does the company’s vulnerability to attack.  By the use of lectures, demonstrations and lab exercises, this mini course will provides you with the fundamental  knowledge you need to analyze risks to your networks and host  systems, and explain the steps that should be taken to reduce  your vulnerability to attacks.

Targeted for: IT professionals interested in understanding the basic principles of computer and network security, and standard defenses against common attacks.

A Subset of What You Will Learn:

Understanding the Risks

Evaluating the Strength of User Passwords

Understanding Networks and TCP/IP

Examine All Aspects of Network Security

Examine Network Vulnerabilities, how hackers hack them, and ways you can prevent their attack.

Understanding and Using Firewalls and Proxy Servers

Standard Defenses Against Common Attacks

Protecting Your Transmissions with Encryption

Protect Network Users from Hostile Scripts, Applications and Viruses

Securing Windows NT/2000 Family Against Attacks

Using Audit Trails to Track and Repel Intruders

Using Kerberos Key Exchange on Distributed Systems

Analyze Your Exposure to Security Threats

Learn to Probe your Systems To Discover Vulnerabilities

Verifying Information Sources Using Digital Signatures

Using HTTPS and Secure Socket Layer for Secure Internet Transmissions

Identifying and Defending Against Some Common Hacker Attacks

Unix, X and RPC Windows Security

Using the Internet and Web Browser Security Issues

Security Issues in the Java Applets and JavaScript

Reduce Your susceptibility to an Attack by Deploying Firewalls

Putting it All Together: Creating a Network Security Policy.

COURSE OUTLINE:

Session 1 - Introduction to Security Fundamentals

Real threats that impact security

Understanding the Risks- Common Attacks:

Insecure accounts, file-system, programs.

Hostile applications, scripts, email, web pages.

Sniffing, spoofing, hijacking, masquerading.

Backdoors, denial-of-service, spam, viruses, worms.

Security Layers, Terminology and Methods of Implementation

Understanding the Possible Defenses:

NAT, TCP wrappering, firewalls, filters, and proxies.

Virtual Private Networks (VPN).

VNC secure remote administration.

Virus protection software, disaster recovery planning.

Password and access security, biometrics.

CERT and software updates.

Security policy in place.

Bugs in security model with shell escapes.

Buffer overflows.

Trivial File Transfer Program (TFTP)

Anonymous FTP

Samba and Network Neighborhood

Unsecured NFS, Sendmail,IIS and Apache/Tomcat

Implanting commands:

IIS, insecure CGI/PHP/ASP/JSP, known problems with NIS, Sendmail, RPC, DNS/BIND, FTP, SSH, SAMBA

Planted listeneners.

Remote administration service of windows platforms.

Recommands for trusted hosts.

Holding your defensive line and countering the eavesdropper:

Limit access to control files, directories and registry.

Disabling or limiting most network services.

Placing insecure network services inside a “sandbox”.

Restricting which hosts can access machines on your network.

Implementing packet filters.

Authenticating users and hosts with public key encryption.

Protecting your transmissions with encryption.

Using Secure Sockets Layer to maintain Communications and Web confidentiality

Session 2 - Platform Particulars and Lab Exercises

Subset of Demonstrations and Lab Exercises from the following list:

TCP Wrappering demonstration.

Network Address Translation (NAT & IP-Masquerading).

VNC Secure Remote Administration.

Real-time logging to VTY.

3rd Party Security Assessment Tools (Cops/Snort/Tripwire/Nmap).

Virtual Private Networks (VPN) & Secure Tunnel Connection setup.

MS Windows Baseline Analysis Tool.

SSH & SFTP Tools for Linux.

Remote Shutdown of Unix and Window Services.

Specifics applied to a Linux/Unix Installation:

Determine the security needs

Physically secure the computer.

Define partitions.

Select packages to install.

Configure the system security and account policies.

Set system access security policies.

Configure logging, and central syslog host.

Disable most Internet daemon services.

Use TCP wrappers to control access to remaining inetd services.

Install secure shell for remote access.

Enable Domain name service / bind version 8 only if necessary.

Secure Electronic mail, printing service, Network file system.

Disable unless necessary (SMB) samba server and NIS.

Secure File transfer protocol (FTP) server.

Hypertext transfer protocol (HTTP) server.

Session 3 - Second Level Network Attacks: Forgeries and Denial attacks

The forger’s arsenal: Hacking e-mail messages.

Specially crafted packets

IP spoofing, session hijacking, masquerading

Scrambling the routing tables; X-window security holes.

Censoring system logs; Denial-of-service attacks:

Viruses/Worms; Delivering viruses via the Web.

Data flooding; Spam email.

Thwarting attacks to avoid disruption of service:

Inoculating your systems against viruses with

Virus protection software; Disaster Recovery Planning

Protecting logs with immutable files

Adopting advanced routing protocols

Smart message user agent

Imposing quotas on processes, files and accounts

Using a packet filter to shield against bombardment

Hiding behind firewalls.

CERT - An overview of the work of Computer Emergency Response Teams and how they can help sites.

Demonstrate: IPChains, Procmail

Session 4 - Understanding and using Firewall and Advanced Techniques

Using Firewalls (in conjunction with

Packet Filters & Application-Level Proxies)

Types of firewalls and how firewalls work.

Application proxy servers and gateways.

Network configurations:

Setting up the “demilitarized zone”.

Externally accessible servers (web).

Add Wireless Network concerns.

Remainder of Linux Security Install:

Tuning and packet firewalls.

IPCHAINS ruleset.

Tripwire: host-based monitoring and intrusion detection.

Summary statement about developing a security policy:

Immediate action:

Conduct a threat reduction analysis

Determine a plan of action

Determine the appropriate countermeasures

Choose the right tools

In response to an attack:

Assigning responsibilities

Limiting damage

Choosing the appropriate response

Keeping up with new vulnerabilities.

Frequent patches and updates.

Lecturer’s biography:

Jeffrey M. Goldberg, of Qualware Instructional Services. Jeffrey Goldberg is a long time innovative user of UNIX and Internet services. Mr. Goldberg currently develops and teaches courses on Unix Fundamentals, Linux, Shell and Perl Programming, Unix System Administration and Security, TCP/IP Network Administration in a Multi-Platform Environment, Introduction to Programming, Advanced Visual Basic Programming incorporating SQL Database Access, Web Technologies such as VB Script, Java Script, Java, Visual ‘C’ and ‘C++’ for Worcester Polytechnic Institute and Boston University. Mr. Goldberg is continually adding new cutting-edge technology to his curriculum, and accepts requests for customized on-site corporate training classes. New course available this fall: Oracle Database Fundamentals using SQL, Advanced Perl, Wireless Web, and Development of Dynamic Web Pages Using Apache, SQL and PHP on a Unix Server. If you have specific training needs, contact Mr. Goldberg or visit www.consultme.com/training (backup server: www.qualware.com/~qualware) for more info on courses offered. Besides operating Qualware Instructional Services, Mr. Goldberg is also a principal of Qualware Consulting Group, which designs electronics for fault  tolerant networks, specialized network adapter hardware and embedded customized controller cards. Mr. Goldberg has recently form a new company called Qualware Internet Services specializing in Internet/Intranet security, application  servers, web hosting, and dynamic web applications. For more information,  e-mail to training@qualware.com or contact Mr. Goldberg at 781-229-1530 (Qualware MBox) or j.goldberg@ieee.org or www.consultme.com/qualware 

copy-write 2003 Qualware Instructional Services and Jeffrey Goldberg.

Course Fee Schedule:

On-line Registration and Payment

On-line registration has closed. Please contact the office at 781-229-1530 Ext 2 for more information.

[ Home ] [ Accounting ] [ Amplifier Design ] [ Dynamic Web ] [ Engenomics ] [ First Level Security ] [ JAVA ] [ LINUX ] [ Models ] [ OWL ] [ Perl ] [ Quality Assurance ] [ Radar ] [ RDF ] [ Root Cause ] [ Schedules ] [ SQL ] [ SW Med Device ] [ Software V & V ] [ Wireless LAN ] [ Writing SW Req ] [ XML ] [ Nanotechnology ]

Copyright © 2003 IEEE Boston Section. All rights reserved.
Maintained by R M Stelting