Highlights | What You Will Learn | About the Instructor | Other Courses

Information & Network Security
Outline

 

1. Information Security in Today’s Networked Enterprise

u Security breaches - the industry’s "dirty little secret"

u Types of threats to information security

u Case studies of intrusions

u Emerging trends in patterns of intrusions

u Why "Security through obscurity" fails

2. Key Concepts in Information Security

u Fundamental concepts

u Safety, security, and integrity from a software engineering standpoint

u Vulnerabilities, threats, and counter measures

u Operating systems, networks, files, permissions

u Overall security policies: the forgotten cornerstone of computer security.

3. Hacking - A Demonstration

u Where do hackers find the tools?

u Breaking in to your own system why YOU should do it!

u Why you must obtain written permission from the key executives BEFORE attempting any break-in?

u Establish the procedure you will follow WHEN you break in.

u Why "controlled hacking" is an essential part of a regular security audit?

4. Latest State-of-the-art Developments and Initiatives in IT Security

u Evaluation of New generation products

u Routers, Proxies, and Firewalls

u Even the best products will fail if they are not correctly configured.

u Can auto-configuration, or Dynamic Directories make the difference?

u Latest methodologies

5. Developing an Effective Security Policy for Your Organization

u Operational security & configuration management

u Protecting your PBX and telephone systems, avoiding financial disaster.

u The role of audit in developing and implementing your information security framework

u Responding to computer security incidents - a coordinated approach

6. Main Vulnerabilities of Operating Systems

u Password control

u "Set user-id root" programs

u FTP & TFTP

u The "r" commands

u Electronic mail

u ActiveX

u Java

u NFS

u Trusted hosts

u Inappropriate file permissions

u "Race conditions"

7. How Networks Are Being Subverted

u Packet sniffers

u IP spoofing

u Denial of service

u Dial-up connections

u CGI & WWW vulnerabilities

8. Effective System Administration Policies

u The KISS principle of security

u Physical assurance

u Backups, backups, backups

9. Firewalls and Information Security

u Basic firewall concepts

u Different architectural models for firewalls

u Examples of available firewall products

10. What Else You Should Be Doing

u Kerberos/Andrew File System

u Ubiquitous encryption of data

u One-Time Passwords

u Challenge-response systems & "smart cards"

u COPS, Tripwire, etc.

u "Sacrificial" machines

u Crack, SATAN and other self-evaluation tools

11. Ensuring Security for Electronic Commerce, Financial Networks, Intranets and Extranets

u Determining a policy

u Securing on-line transactions

u Security in EFT/POS and transaction services

u Challenge-response systems & "smart cards" - are they really what they claim to be

12. Combating Viruses

u Practising "safe computing"

u Virus delivery systems

u Disk viruses

u Network viruses

u Document or mail viruses

u Virus elimination

13. Security Across Different Operating Systems and Platforms

u Netware

u Windows NT 4.0 and 5.0

u Windows 95 and 98

u UNIX

14. Business Continuity and
Disaster Recovery Planning

u Establishing the cost of downtime

u Developing a policy for continuity and recovery

u Developing a disaster recovery plan

u Maintaining operational continuity

u Testing

15. Future Directions

u How to stay current

 

Highlights | What You Will Learn | About the Instructor | Other Courses