Training Course
Locations | Schools | Online Courses | MBA | Submit Course | Post Request | Students | Jobs | House Rental


Jobs & Resumes

House Rental

Back | Home
Training Course:

Enterprise Intrusion Analysis

School/Trainer:

QA Ltd.
Aberdeen, Birmingham, Bristol, Edinburgh, Exeter, Glasgow, Leeds, London, Manchester, Slough, United Kingdom

Course Format: Classroom | E-learning | Virtual Class | Online | On-site | Blended | Self-paced

Course Description:

'' The Enterprise Intrusion Analysis course provides students with the skills needed to discover and analyze enterprise intrusions in a UNIX environment.

Who Can Benefit
Students who can benefit from this course are systems administrators and security administrators who are responsible for detecting and analyzing enterprise system intrusions.

Prerequisites
To succeed fully in this course, students should be able to:

Demonstrate basic UNIX system and network administration skills
Demonstrate a basic understanding of Transmission Control Protocol/Internet Protocol (TCP/IP) networking
Demonstrate an intermediate understanding of network services: DNS, DHCP, SMTP, HTTP, and firewalls
Prequisite courses include:

System Administration for the Solaris 10 Operating System Part 1 (SA-200-S10)
Network Administration for the Solaris 10 Operating System (SA-300-S10)
Administering Security on the Solaris Operating System (SC-300)
Solaris Operating System Network Intrusion Detection (SC-345)
Delegates will learn how to
Detect an enterprise system intrusion
Analyze a compromised system for crucial information: attack time, attacker location, attcker modifications to the system
Corrolate multiple log files from different parts of the enterprise to determine attacker usage
Conduct an audit of file systems to determine attacker modifications
Describe modern attacker methodology with proof of concept examples

Course outline


Module 1 �Enterprise Footprinting

Describe the principals of least privilege and disclosure
Describe how attackers use active fingerprinting using port scans, DNS and ICMP
Describe how attackers use passive fingerprinting using search engines
Describe how attackers enumerate services by collecting banner messages and protocol information
Describe how attackers use social engineering methods to gather information about an enterprise
Module 2 �Unauthorized System Access

Describe how attackers gain unauthorized access through user accounts
Describe how attackers gain unauthorized access through software flaws
Explain the attacker methodology for locating vulnerable enterprise services and creating exploits
Describe a buffer overflow
Descirbe privilege escalation
Describe a Trojan horse as a means to escalate priviliges
Module 3 �Securing root Access

Describe how attackers secure root access through backdoors on a system
Describe the following back doors: SUID shell, bound shell, and trusted hosts
Describe a file system root kit
Demonstrate how a file system root kit hides files, processes, and connections
Describe a kernel root kit
Demonstrate how a kernel rootkit captures all system activity
Module 4 �Encrypting and Hiding Data on a System

Review encryption technology
Describe how attackers use cryptography to encrypt files
Demonstrate encryption using GnuPGP and OpenSSL
Describe digital steganography
Demonstrate how attackers hide files within files using digital steganography
Describe how attackers hide data withing unexpected parts of the file system
Demonstrate how attackers hide a file in file system metadata
Demonstrate how attackers use the loopback file system and extended attributes to hide data
Module 5 �Enterprise Log Analysis

Identify the different types of enterprise services: like DNS, DHCP, SMTP, HTTP, and Firewalls
Identify available log files for enterprise services
Describe the relevant intrusion information in each log file
Examine enterprise log files to locate suspicious activity
Corrolate information from multiple log files to determine an intrusion
Module 6 �Unauthorized System Access Intrusion Analysis

Identify default system access log files in the /var directory structure
Identify optional Basic Security Module (BSM) and system accounting log files
Describe log file formats and tools available to read the formats
Describe the relevant information in each log file
Corrolate information from multiple log files to determine unauthorized system access
Demonstrate how attackers modify log files to hide their presence on a system
Module 7 �File System Intrusion Analysis

Define systems and utility trust
Locate backdoors on a UNIX System: alternate root accounts, bound shells, SUID shells, trusted host files
Locate file system root kits on a UNIX System
Discover hidden directories, replaced system commands, remote command utilities, and network sniffers
Describe automated file system analysis tools
Implement the rkhunter, chkrootkit, and Solaris Fingerprint Database to locate root kits
Module 8 �System Memory Analysis

Describe the important types of intrusion data that resides in memory
Describe techniques to capture volatile memory data to a file system
Introduce memory analysis tools mdb and gdb
Demonstrate how to recovery data from memory using the mdb and gdb tools
Module 9 �Incident Investigation Methodologies

Identify different types of intrusion scenarios
Apply a methodology based on an intrusion scenario
Collect the appropriate data (log files, file systems, and memory images) based on the intrusion scenario ...''

Elements of this syllabus are subject to change.

Please go to the school's official website for training price and schedule:
http://www.qa.com/

Phone:0844 871 2080

School Address:

TEL: 0844 871 2080
E-mail us: info@qa.com

Jobs & Resumes: Aberdeen, Birmingham, Bristol, Edinburgh, Exeter, Glasgow, Leeds, London, Manchester, Slough
Houses & Roommates: Aberdeen, Birmingham, Bristol, Edinburgh, Exeter, Glasgow, Leeds, London, Manchester, Slough
Travel Agencies: Birmingham, Bristol, Edinburgh, Leeds, London, Manchester,

Search other schools for Enterprise Intrusion Analysis training resources.



Other training courses offered by QA Ltd.:

sun fire high-end server administration
Sun Fire Midrange Server Administration
Sun Fire Tx000 Basic Tuning
Sun SPARC Desktop Systems
Sun SPARC Enterprise MX000 Server
sun management center 3.6
Sun SeeBeyond eGate Integrator 4.5.x
sun java caps 6
Solaris 9 Operating System
Dynamic Performance Tuning and Troubleshooting with DTrace
crash dump analysis and the sunos kernel
Personalising Security on the Solaris Operating System
Solaris 10 Containers
solaris 10 operating systems internals
Solaris 10 ZFS
solaris volume manager
Sun StorEdge Enterprise Backup 7.x
Sun Systems Fault Analysis


Notice: The course description on this page was captured from the Internet as historical reference or submitted by visitors. It was archived statically and not updated from day to day.
 


Tips:
Our combined search function does not only provide you with the training courses and students, but also talent resumes and jobs, or shared apartments nearby for rent.



Finding any course, anywhere to learn...
Worldwide training course directory, linking for free
United States - United Kingdom - Australia - Canada - India - SpanishASKEDU.net  © 2003-2009