Network Security I: Policy, Administration, and Firewalls [formerly Network Security and Firewall Administration]

Real-world, hands-on attack methods and firewalls.

High-profile security breaches have made network access control one of the most important concerns for corporate and government network managers. Intruders attack companies like yours every day.

It is your job to reduce the chance of security breaches. Do you know what attacks intruders use and how to counter them? As hackers become more sophisticated, so must you. This course will give you the foundation knowledge to protect your network from attack.

Hands-On Labs reinforce vital security concepts and provide real-world practice using routers and firewalls to protect your network. You will use tools such as ISS SAFEsuiteTM and RealSecure, Check Point FireWall-1, and Funk Software's Steel-Belted Radius.

To register, call  916-852-2570
This course can be delivered by the methods below:
Classroom Learning $1795 USD

You Learn...
Design security plans to protect your network access points and services
Work with the latest screening routers and firewall hardware and software
Design firewalls using router packet filtering and application level gateways
Use port scanners, Telnet, TFTP, FTP, and other hacker tools
Use a protocol analyzer to identify hacker attacks
Test your classroom network's security and secure a host
Use PGP to encrypt files and E-mail
Study system logs and audit files to pinpoint security breaches

Who Would Benefit

Anyone responsible for designing or implementing security policy in an enterprise network.
Network engineers and managers
Security administrators
IS and data center managers
System administrators
Security analysts

 

Course Outline

Please choose below for specific Outline information.


Classroom and Virtual Classroom e-Learning Outline
Self Paced e-Learning Details

Classroom and Virtual Classroom e-Learning Outline

1. Attacks

How attackers think
Looking for holes
Thinking "outside the box"
Information gathering
Social engineering
Scanning and sniffing
Unauthorized success
Misadministration
User accounts and passwords
Defaults
Session hijacking
Software bugs
Buffer overflows
Stupid vendor tricks
Places where security never existed
Non-authenticated services
Protocol anomalies
Malicious code
Viruses
Denial of service
Resource overload
Latest attacks in the news

2. Security Assessment

Risks
Assess threats
Implement safeguards
What to protect?
Trade secrets
Customer data
Employee information
Who are the attackers?
White and black hat hackers
Script kiddies
Corporate or government spies
Money
Anger/revenge
Legal issues
Computer Fraud and Abuse Act
Due diligence and downstream liability
Global jurisdictions

3. Security Implementation Policy

Characteristics
Implementable
Enforceable
Access, accountability, and authentication
Architecture
Separation of services
Deny all vs. allow all
Services and access
Surveys
Physical security
Vulnerability detection and audit
Intrusion detection
Incident response team
Network forensics
Investigation methods
Law enforcement involvement

4. Firewall Architecture

Perimeter definition
Trusted vs. untrusted
Depth of defense
Single-layer protection
Double-layer protection
DMZ
Triple-layer
Belt and suspenders

5. Firewall Components

Bastion host
Host-based network security
Packet filters
IP addresses
Port numbers
Protocol
Proxy servers
Application-level filtering
Stateful inspection
Dynamic filtering
Hybrid firewalls
Features and advantages
Small/personal firewalls
Single host protection
Firewall products
PIX, FW-1, Gauntlet, Raptor, Sidewinder
ZoneAlarm, BlackICE, Norton Internet Security
Content filtering
Screening bad information
CCIAPI
Adaptive Network Security
ANSA
IDS updates firewall rules

6. Authentication

Reasons to authenticate
Access control
Audit and accountability
Authenticators
Something you know
Something you have
Something you are
Passwords
PINS
Tokens and keys
Smartcards
Certificates and digital IDs
Biometrics
Fingerprints
Retinal and iris scanning
Voiceprints
Body geometry
Authentication placement
Where does trust occur?
Issues
Trust and granting authorization
False positives and negatives
Randomness and entropy
Scalability
Cost keys and revocation
Enhancements
Two-factor authentication
One-time passwords
Single sign-on
Remote authentication
Centralized authentication methods
TACACS+
RADIUS
Kerberos

7. Intrusion Detection

Detection methods
Detection process
Network-based
Host-based
Integration
Centralization and placement
IDS Issues
False positives
False negatives
IDS compromise

8. Vulnerability Detection and Audit

Break in before the hackers do
Types of vulnerability scanners
Network-based
Host-based
Database
Web server
Firewall
Issues
Network impact
Scan frequency
Updates

9. Futures

Secure communications
Cryptography and VPNs
Security management

Hands-On Lab 1: Network Configuration

An essential element of network security is having knowledge of your network configuration. Become familiar with the classroom network configuration by setting up the equipment you will use for the remainder of the course. Test network connectivity to ensure proper operation before taking actions in subsequent labs.

Hands-On Lab 2: Hacker Tricks

Explore the methods used by attackers to hack into networked computers. Use a port scanner to scan a host for available ports and services. Use SMTP primitives and TFTP commands to send spoofed E-mail or gain unauthorized information. Discuss ways to prevent them. Explore password-cracking tools used to brute force guess passwords. Examine tools used to flood systems and review ways to prevent them from taking your systems down.

Hands-On Lab 3: Security Policy

Using RFC 2196, the Site Security Handbook, develop a network security policy to use during the course. Discuss which services and types of access to allow into or out of your network. Establish procedures for educating users about the security policy you develop. Consider how to audit your policy and what special circumstances might affect your policy.

Hands-On Lab 4: Incident Response and Network Forensics

With guidelines from RFC 2196, develop an incident response plan and list the actions to take when an incident occurs. Plan the steps required for an incident response team to investigate an incident. Use network forensics tools to gather evidence that can be used in court. Establish the requirements for investigation that will meet legal requirements for law enforcement.

Hands-On Lab 5: Packet Filters

Set up a packet filter using a Cisco router. Examine how the packets traverse the network and determine whether your filter is working as designed. Write access lists and draft several samples to meet a variety of different security policies.

Hands-On Lab 6: Firewall Configuration

Configure and test Check Point FireWall-1. Develop the trusted and untrusted network configurations, administer proxying features, and examine logging features. Set up address translation features and verify their operation.

Hands-On Lab 7: Authentication

Administer a commercially available authentication product with centralized administration. Build user accounts and set access permissions for a token-based authentication system. Test the authentication system and examine logging features.

Hands-On Lab 8: Intrusion Detection

Explore real-time intrusion detection software and see how an automated intrusion detection system works. Configure tools like ISS RealSecure to protect network resources.

Hands-On Lab 9: Vulnerability Detection

Explore vulnerability detection tools to scan your network and demonstrate how they can improve an organization’s network security. Use a commercially available vulnerability detection tool to review and correct vulnerabilities.

Self-Paced e-Learning Details

Title 1: Attack Methods - 282097

You are under attack! Statistics show that if your organization has not yet been exposed to an attack, you will be in the near future. Learn who the attackers are, how they break into computer networks, how they gain information about their victims, and how they gain unauthorized access or cause denials of service.

Title 2: Security Policy Design and Implementation - 282098

Without a well thought out security policy firmly in place, you are at a greater risk of an attack (internal or external) than those companies that have established a policy. Understand what threats your organization should be concerned about, what assets to protect, how to implement safeguards, and the costs and benefits involved in establishing a security policy.

Title 3: Firewalls, Proxies and Packet Filters - 282099

Gain a complete understanding of what a firewall does, the various components of a firewall solution, the issues that affect firewall use, and advanced features that are being developed. Learn about packet filters, proxy servers, stateful inspection, and bastion hosts. Assess the advantages and disadvantages of different security architectures.

Title 4: Authentication, Detection and Auditing - 282100

Get an in-depth look at intrusion detection systems, vulnerability scanners, and auditing features. Learn about the various features of authentication: passwords, tokens, keys and biometrics.

Package Titles 1-4 - 282101

 

Suggested Prerequisites

A fundamental knowledge of TCP/IP is required. Our Internetworking With TCP/IP course provides an excellent foundation for this course.

Internetworking with TCP/IP

 

Suggested Follow-ons

Students followed up Network Security I: Policy, Administration, and Firewalls [formerly Network Security and Firewall Administration] by attending these popular classes:

Network Security II: Integration and Implementation [formerly Designing Security Architectures]
VPNs and Data Privacy