 | |
Security: Intrusion Detection & Incident Response: Security University's Best Practices for Virus, Patch Mgt & Incident Response
| Previous Next | | | Average Rating: 0.00/10
(# Rating Votes: 0 | Rate This Course | Contribute a Review )
Short Description:
This class is where you will work with live viruses & worms without the risk of infecting your network.
Full Description:
From Klez to SQLSnake Worms. This 3-day class is the only Hands-On class where you will work with live viruses & worms without the risk of infecting your network. NIMDA, CODE RED and others, learn what they do, work with the best in the industry. Use SOPHOS, NORTON, MCAFEE and other virus software in Hands-On labs. You will create a patch program roadmap that works to contain and mitigate risk from these pesky incidents. You will learn how to set up an inexpensive and flexible laboratory environment required for understanding the inner workings of malware, and demonstrate the process by analyzing a real-world trojan. SU Hands-On labs are designed to give you a chance to apply techniques learned in the class by actually using a few Windows-based malware specimens. We will supply you with a malicious executable captured in the wild, and help you analyze it. Get in the driver's seat protecting your network from Worms, Viruses and Trojans from terrorists and the unknown. You’ll examine attacks from both the enterprise and hacker points of view. You’ll review the best tools and techniques for eradication and recovery. You’ll uncover the strengths and weaknesses of current anti-virus software, and become an expert at separating false alarms from actual incidents. You’ll integrate new knowledge with past malware experience to define your organization’s recovery strategy.
In short, you’ll learn everything you need to know to evaluate, create, and implement the malware incident management program that will keep your organization up and running.
Key topics:
• Evolution of malware and incident management
• False alarms vs. real threats
• Filtering as effective containment technique
• Discover the best tools and techniques for eradication and recovery
• Pros and cons of current anti-virus software and techniques
• Define a recovery strategy
• Establishb measurable goals
Who should attend:
Information Security Officers, Information Systems Managers, Auditors
Telecommunications and Network Administrators, Consultants, Systems and Data Security Analysts, and others seeking to enhance their information security knowledge.
Course Fee: $1,995
Time: 8:30am - 4pm
Location: Click here to view the course schedule
Learning Level: Basic to Intermediate
CPE Credits: 24
Prerequisites: Knowledge of TCP/IP
Course agenda:
Step 1 — Preparation
Laying the groundwork for effective malware incident management with a look at the current state of malware threats and their evolution.
• Malware defined
• Environments where malware thrive
• Malware risks
• Strengths and weaknesses of current anti-virus products
• Install SOPHOS, NORTON, MCAFEE and other virus software in Hands-On labs
Step 2 — Detection
In a recent study, less than a third of the participants realized they’d experienced a malware attack. How to detect and analyze a malware incident quickly and accurately.
• Advanced diagnosis and identification
• False alarms vs. actual incidents
• NIMDA, CODE RED and others - learn what they do
• Dissecting audit records
• Determining source and scope of infection
Step 3 — Containment
A look at the two essential containment techniques — stopping the malware spread and halting the side affects.
• Filtering inbound and outbound network traffic
• The importance of public relations
• Limiting exposure and potential liability
Step 4 — Eradication
If a virus or other malware does attack, how to remove it completely in the most effective and permanent manner.
• Reviewing system configuration and initialization items
• Removing modifications to courses and data files
• Benefits and challenges of current removal techniques
Step 5 — Recovery
Returning the network and any other affected systems to full operation, with minimal impact. Special emphasis on systems and data backup recovery techniques.
Step 6 — Follow-Up
How and why did the attack happen, how was it removed, and what lessons can be applied to possible future attacks? The final and most crucial step in a successful incident management program.
• Metric collection and trend analysis
• Documenting lessons learned
• Establishing measurable goals
Class Exercises
• Anti-virus product strengths and weaknesses
• Determining a detection treatment
• Selecting effective containment techniques
• Removing infections and residual affects
• Defining a recovery strategy and restoring a system
• Defining incident management goals and metrics
Duration:
3 Days
Price:
$1,995
Submitted by: admin
Hits: 0
Security University's Best Practices for Virus, Patch Mgt & Incident Response Course Web Page
| | | |
