SUMMARY:   Every Internet and intranet connection carries with it the risk of a security breach. As we add new connections, the risk rises. Without security measures, the exposure quickly becomes unacceptable. This course is intended to help protect your valuable information and computing assets from unauthorized entry, denial of service attacks, data corruption and theft. At the global level, this course is designed to help you draw up and implement a workable, practical security policy. At the tactical level, the course illustrates and gives you hands-on contact with network and OS security tools. The result is a rounded, balanced, practical approach to security issues. For instance, every concept in this four-day workshop is paired with a practical laboratory session that shows how the concept works in real life using an active Internet connection. Uniquely, you will also be updated with the most current developments in network security, including the new Department of Homeland Security's role in preventing and blunting attacks to and via the Internet. By the end of class, you will know what goes into a practical security policy and how to develop one based on practical lab exercises. You will also be able to recognize, analyze and develop countermeasures against risks you have learned to identify. AUDIENCE:   Anyone who has a security responsibility within his or her organization will gain from this course. Typical attendees include managers, system and network administrators, support people and technical staff members. DURATION:   4 Days COURSE CONTENT:   Where do security threats come from? People: Hackers, crackers and "script kiddies" External threats: Commercial and industrial espionage Internal threats: Employees; visitors; accidents Recent security flaws Threatening tools: Eavesdropping; "sniffing"; wiretaps Spoofing Trojan horses Viruses "Bombs" Social engineering Fight Back with a Security Policy Build an effective security plan: Create a network security policy Develop an acceptable use policy Create an advisory council to keep policies pertinent and effective Form an Incident Response Team Sources of information Users IT staff Telecommunications staff Five forms of inquiry to use How to use working groups and task forces effectively The Product: Policies and Procedures Implementing Policies and Procedures "Security through obscurity" - does it still work? Security Awareness Why security plans fail and succeed - lessons learned through experience Preventing, Detecting and Dealing with Viruses What is a virus? Triggering a virus What makes a worm different from a virus? Recognizing a rogue program infection How viruses propagate General Antivirus Strategies Specific Antivirus Tactics Types of antivirus software LANs as virus vectors What to do in case of infection Common flaws in antivirus strategies Trends in virus program development and detection Illicit Access Strategies The Trojan horse Trap doors and back doors Security Organizations and Standards Security support organizations CERT NPIC Department of Homeland Security Symantec and McAfee An overview of security standards To help in product purchases To achieve standardization Who is making these standards? IEEE ANSI NIST IAB and the IETF De facto standards What do these standards do? Do standards reduce security? Authentication Methods What is authentication? Why authentication is different from encryption How authentication works in networked systems: PAP, CHAP, RADIUS, TACACS+ and Kerberos The RSA public key technique Public key as a digital signature Allocating public key signatures Verisign RSA The Public Key Infrastructure (PKI) What authentication can and cannot do The tools of authentication PINs, tokens, keys Smartcards, certificates and digital IDs Hashing algorithms Secure Hash Algorithm Digital signature encryption using RSA Network authentication via public key authentication PGP and MD5 hashing to protect transactions Network Authentication via advanced routing protocols: OSPF Encryption Methods Encryption primer The venerable Data Encryption Standard "Triple DES" or 3DES Secure Sockets Layer (SSL) Wide Area Network Techniques Local Area Network Techniques Encryption Key Management DES Single Key vs. RSA Public Security New and emerging encryption standards such as AES Intrusion Detection Methods The detection process Network-based Host-based Integration Centralization and placement IDS Issues False positives False negatives IDS compromise Legal Issues Transborder encryption issues Network Forensics Law enforcement involvement Investigation methods Computer Fraud and Abuse Act Due diligence and downstream liability Global jurisdictions Firewalls: TCP/IP and Internet Security A little background on TCP/IP TCP/IP and Internet Security The context problem What is a "firewall"? Intermediate networks as passive firewalls Packet filter advantages and disadvantages Application and Circuit-level (SOCKS) gateway firewalls General gateway notes Firewall buyer's checklist Firewall configurations: The packet-filtering firewall The dual-homed gateway The screened-host firewall The screened-subnet firewall Build your own firewall Existing firewall products PIX, FW-1, Sidewinder, Gauntlet, Raptor ZoneAlarm, BlackICE, Norton Internet Security Hybrid firewalls Small and personal firewalls Adaptive Network Security ANSA Using an Intrusion Detection System to update firewall rules TCP/IP Site Security Security flaws in TCP/IP Strengthening TCP/IP protocols: Secure Sockets Layer RSA, DSS public key exchange Transport layer security Secure MIME (S/MIME) Pretty Good Privacy (PGP) PAP, CHAP, MSCHAP From SNMP version 1 to SNMP version 3 Building Secure Networks Virtual Private Networks (VPNs) Internet/Intranet/Extranet Dialup Third-party VPNs IP Secure (IPSec) Kerberos Secure Shell (SSH) PGPnet Tunneling, encapsulation and labeling protocols PPP and PPTP Layer 2 forwarding (L2F) and Layer 2 Tunneling Protocol (L2TP) Multiprotocol Labeling System (MPLS) Sources of Leaks in LANs and WANs Interception: Shared hubs vs. switches and VLANs Radio-frequency systems, such as IEEE 802.11b, 802.11a and 802.11g Dial-in security using tokens Leased lines, e.g., T-1s Bridges, routers and gateways Backup media LAN Security LAN security Physical security Ethernet - IEEE 802.3 Protocol hub security features Building closed user groups with bridges or VLANs Inventory management: How is your LAN really configured? FS/03