Introduction Open Source Security Tools for Information Technology Professionals

Similar documents

Open Source Security Tools for Information Technology Professionals

Open Source Security Tools

Introduction to Firewalls Open Source Security Tools for Information Technology Professionals

By Jascha Wanger

Open Source Security Tool Overview

NETWORK SECURITY HACKS *

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Linux Network Security

Network Security and Firewall 1

Course Title: Penetration Testing: Security Analysis

Build Your Own Security Lab

CNA 432/532 OSI Layers Security

Managing Security in a Free/Open Source Environment

INFORMATION SECURITY TRAINING CATALOG (2015)

3 Days Course on Linux Firewall & Security Administration

Network Attacks and Defenses

Topics in Network Security

Network & Information Security Policy

SCP - Strategic Infrastructure Security

Linux Operating System Security

Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction

information security and its Describe what drives the need for information security.

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

Description: Objective: Attending students will learn:

CompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill

Chapter 1 The Principles of Auditing 1

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

NETWORK SECURITY (W/LAB) Course Syllabus

CRYPTUS DIPLOMA IN IT SECURITY

Some Tools for Computer Security Incident Response Team (CSIRT)

Certified Ethical Hacker (CEH)

Interdisciplinary Program in Information Security and Assurance. By Kossi Edoh NC A&T State University Greensboro

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

Network Security Policy

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

Firewalls (IPTABLES)

"Charting the Course... Enterprise Linux Networking Services Course Summary

Securing Data on Microsoft SQL Server 2012

Network Security: A Practical Approach. Jan L. Harrington

Ethical Hacking Course Layout

8. Firewall Design & Implementation

Introduction to Cyber Security / Information Security

GL254 - RED HAT ENTERPRISE LINUX SYSTEMS ADMINISTRATION III

Medical Device Security Health Group Digital Output

Vulnerability Testing of Industrial Network Devices

MS-55096: Securing Data on Microsoft SQL Server 2012

NETWORK SECURITY HACKS

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

F-SECURE MESSAGING SECURITY GATEWAY

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Network Defense Tools

IDS / IPS. James E. Thiel S.W.A.T.

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Network Security Foundations

Chapter 9 Firewalls and Intrusion Prevention Systems

Eleventh Hour Security+

External Supplier Control Requirements

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

Open Source Security: Opportunity or Oxymoron?

Computer Security: Principles and Practice

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

MODULES FOR TRAINING PROGRAMMES ON CYBER SECURITY

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Intrusion Detection Systems (IDS)

Computer Security DD2395

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Cisco IPS Tuning Overview

Tim Bovles WILEY. Wiley Publishing, Inc.

2016 TÜBİTAK BİLGEM Cyber Security Institute

INFORMATION SECURITY TRAINING CATALOG (2016)

How To Pass A Credit Course At Florida State College At Jacksonville

Network Security Administrator

Table of Contents. Introduction. Audience. At Course Completion

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

CTS2134 Introduction to Networking. Module Network Security

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, p i.

How To Connect To Ecs.Org From A Pc Or Mac Or Ipad (For A Laptop) With A Network Connection (For Mac) With The Ipad Or Ipa (For Pc Or Ipac) With An Ipa Or Ip

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Transcription:

Introduction Open Source Security Tools for Information Technology Professionals School of Professional Studies (SPS) The City University of New York (CUNY) Aron Trauring Adjunct Professor CEO, Zoteca Class 1 September 12th, 2005 Aron Trauring Adj. Professor/ Zoteca

What This Course Is Not Advanced course in networking Advanced course in security Certification Prep Aron Trauring Adj. Professor/ Zoteca 1

Protecting our organization matters Saves Time Save Money Save Lives Aron Trauring Adj. Professor/ Zoteca 2

Course Biases Triage protection commensurate with threat Security is an inconvenience SysAdmins serve the customers not LUs3rs Security from a SysAdmin perspective Aron Trauring Adj. Professor/ Zoteca 3

Course Outline Aron Trauring Adj. Professor/ Zoteca 4

Session I - Introductory Welcome Overview of course Introduction to Free and Open Source Software (FOSS) Introduction to the Internet / TCP/IP Infrastructure Lab: Introduction to Linux Principles and Networking Overview Aron Trauring Adj. Professor/ Zoteca 5

Session II - Hardening the Security Tool System Introduction to Information Security Trusted Computing Base Lab: Bastille Linux and Basic Network tools Keeping informed about security Aron Trauring Adj. Professor/ Zoteca 6

Session III - Firewalls How Does a Firewall work? Adding rules Choosing filtering criteria iptables Creating a basic firewall Advanced concepts Lab: iptables, SmoothWall Aron Trauring Adj. Professor/ Zoteca 7

Session IV - Port Scanners TCP/UDP ports TCP fingerprinting How port scanning works Port scanning configuration Port Scanning Techniques Lab: Nmap, Nlog Aron Trauring Adj. Professor/ Zoteca 8

Session V - Vulnerability Scanners Typical application-level vulnerabilities Vulnerability scanning setup and configuration How to do safe and ethical vulnerability scanning Sample scan configurations What vulnerability scanning doesn t do Lab: Nessus Aron Trauring Adj. Professor/ Zoteca 9

Session VI - Network Sniffers Network sniffer fundamentals Ethernet history and operation How to do safe and ethical network sniffing Sample sniffer configurations Network sniffer applications Lab: TcpDump, Ethereal Aron Trauring Adj. Professor/ Zoteca 10

Session VII - Intrusion Detection Systems Types of intrusion detection systems Signatures for network intrusion detection systems False positives in network intrusion detection systems Proper intrusion detection system placement Tuning an intrusion detection system File integrity checking Lab: Snort, Tripwire Aron Trauring Adj. Professor/ Zoteca 11

Session VIII - Analysis and Management Tools Managing server log files Using databases and web servers for security data Analyzing IDS data Managing vulnerability scan data Running a vulnerability scan management systemlab: ACID, NPI, NCC Aron Trauring Adj. Professor/ Zoteca 12

Session IX - Encryption Tools Symmetric and asymmetric encryption Different encryption algorithms Encryption applications Certificate authority security model Web of trust security model Lab: PGP,GnuPG,Certificates Aron Trauring Adj. Professor/ Zoteca 13

Session X - Secure Connections and Remote Administration Encryption Protocols SSH VPN Lab: OpenSSH, FreeS/Wan Aron Trauring Adj. Professor/ Zoteca 14

Session XI - Wireless Tools Wireless LAN concepts 802.11 protocols Weaknesses of wireless LANs Wireless assessment equipment Lab: NetStumbler, Kismet, AirSnort Aron Trauring Adj. Professor/ Zoteca 15

Session XII - Forensic Tools Uses for forensic tools Incident response concepts Preparing for forensic investigation Tenets of good forensic investigation Lab: Sleuth Kit, Autopsy Forensic Browser, The Forensic Toolkit Aron Trauring Adj. Professor/ Zoteca 16

Session XIII - Securing Email Mail server options Protecting mail servers securing SMTP server Relaying, Spam and Viruses Authenticating email Lab: Postfix, Cyrus, Spamassassin, Amavis Aron Trauring Adj. Professor/ Zoteca 17