1. Information Security in Todays Networked Enterprise
uSecurity breaches - the industrys "dirty little secret"
uTypes of threats to information security
uCase studies of intrusions
uEmerging trends in patterns of intrusions
uWhy "Security through obscurity" fails
2. Key Concepts in Information Security
uSafety, security, and integrity from a software engineering standpoint
uVulnerabilities, threats, and counter measures
uOperating systems, networks, files, permissions
uOverall security policies: the forgotten cornerstone of computer security.
3. Hacking - A Demonstration
uWhere do hackers find the tools?
uBreaking in to your own system why YOU should do it!
uWhy you must obtain written permission from the key executives BEFORE attempting any break-in?
uEstablish the procedure you will follow WHEN you break in.
uWhy "controlled hacking" is an essential part of a regular security audit?
4. Latest State-of-the-art Developments and Initiatives in IT Security
uEvaluation of New generation products
uRouters, Proxies, and Firewalls
uEven the best products will fail if they are not correctly configured.
uCan auto-configuration, or Dynamic Directories make the difference?
5. Developing an Effective Security Policy for Your Organization
uOperational security & configuration management
uProtecting your PBX and telephone systems, avoiding financial disaster.
uThe role of audit in developing and implementing your information security framework
uResponding to computer security incidents - a coordinated approach
6. Main Vulnerabilities of Operating Systems
u"Set user-id root" programs
uFTP & TFTP
uThe "r" commands
uInappropriate file permissions
7. How Networks Are Being Subverted
uDenial of service
uCGI & WWW vulnerabilities
8. Effective System Administration Policies
uThe KISS principle of security
uBackups, backups, backups
9. Firewalls and Information Security
uBasic firewall concepts
uDifferent architectural models for firewalls
uExamples of available firewall products
10. What Else You Should Be Doing
uKerberos/Andrew File System
uUbiquitous encryption of data
uChallenge-response systems & "smart cards"
uCOPS, Tripwire, etc.
uCrack, SATAN and other self-evaluation tools
11. Ensuring Security for Electronic Commerce, Financial Networks, Intranets and Extranets
uDetermining a policy
uSecuring on-line transactions
uSecurity in EFT/POS and transaction services
uChallenge-response systems & "smart cards" - are they really what they claim to be
12. Combating Viruses
uPractising "safe computing"
uVirus delivery systems
uDocument or mail viruses
13. Security Across Different Operating Systems and Platforms
uWindows NT 4.0 and 5.0
uWindows 95 and 98
14. Business Continuity and
uEstablishing the cost of downtime
uDeveloping a policy for continuity and recovery
uDeveloping a disaster recovery plan
uMaintaining operational continuity
15. Future Directions