EduMaster, s.r.o., skoleni solaris/security/ SC-375

Školení: SC-375

Enterprise Intrusion Analysis

Nejbližší termíny:

Kurz není v nejbližší době naplánován. Kontaktujte nás a pokusíme se Vám vyjít vstříc.

Podrobnosti:

The Enterprise Intrusion Analysis course provides students with the skills needed to discover and analyze enterprise intrusions in a UNIX environment. Students who can benefit from this course:Systems Administrators and Security Administrators who are responsible for detecting and analyzing enterprise system intrusionsThis course counts towards the Hands-on course requirement for the Oracle Solaris 10 Security Administrator Certification. Only instructor-led inclass or instructor-led online formats of this course will meet the Certification Hands-on Requirement. Self Study CD-Rom and Knowledge Center courses DO NOT meet the Hands-on Requirement.

Prerequisites:

  • System Administration for the Solaris 10 Operating System Part 2 (SA-202-S10)
  • Demonstrate basic UNIX system and network administration skills
  • Demonstrate a basic understanding of Transmission Control Protocol/Internet Protocol (TCP/IP) networking
  • Demonstrate an intermediate understanding of network services: DNS, DHCP, SMTP, HTTP, and firewalls

Objectives:

  • Detect an enterprise system intrusion
  • Analyze a compromised system for crucial information: attack time, attacker location, attacker modifications to the system
  • Correlate multiple log files from different parts of the enterprise to determine attacker usage
  • Conduct an audit of file systems to determine attacker modifications
  • Describe modern attacker methodology with proof of concept examples

Topics:

Enterprise Footprinting

  • Describe the principals of least privilege and disclosure
  • Describe how attackers use active fingerprinting using port scans, DNS and ICMP
  • Describe how attackers use passive fingerprinting using search engines
  • Describe how attackers enumerate services by collecting banner messages and protocol information
  • Describe how attackers use social engineering methods to gather information about an enterprise

Unauthorized System Access

  • Describe how attackers gain unauthorized access through user accounts
  • Describe how attackers gain unauthorized access through software flaws
  • Explain the attacker methodology for locating vulnerable enterprise services and creating exploits
  • Describe a buffer overflow
  • Describe privilege escalation
  • Describe a Trojan horse as a means to escalate privileges

Securing root Access

  • Describe how attackers secure root access through backdoors on a system
  • Describe the following back doors: SUID shell, bound shell, and trusted hosts
  • Describe a file system root kit
  • Demonstrate how a file system root kit hides files, processes, and connections
  • Describe a kernel root kit
  • Demonstrate how a kernel rootkit captures all system activity

Encrypting and Hiding Data on a System

  • Review encryption technology
  • Describe how attackers use cryptography to encrypt files
  • Demonstrate encryption using GnuPGP and OpenSSL
  • Describe digital steganography
  • Demonstrate how attackers hide files within files using digital steganography
  • Describe how attackers hide data within unexpected parts of the file system
  • Demonstrate how attackers hide a file in file system metadata
  • Demonstrate how attackers use the loopback file system and extended attributes to hide data

Enterprise Log Analysis

  • Identify the different types of enterprise services: like DNS, DHCP, SMTP, HTTP, and Firewalls
  • Identify available log files for enterprise services
  • Describe the relevant intrusion information in each log file
  • Examine enterprise log files to locate suspicious activity
  • Correlate information from multiple log files to determine an intrusion

Unauthorized System Access Intrusion Analysis

  • Identify default system access log files in the /var directory structure
  • Identify optional Basic Security Module (BSM) and system accounting log files
  • Describe log file formats and tools available to read the formats
  • Describe the relevant information in each log file
  • Correlate information from multiple log files to determine unauthorized system access
  • Demonstrate how attackers modify log files to hide their presence on a system

File System Intrusion Analysis

  • Define systems and utility trust
  • Locate backdoors on a UNIX System: alternate root accounts, bound shells, SUID shells, trusted host files
  • Locate file system root kits on a UNIX System
  • Discover hidden directories, replaced system commands, remote command utilities, and network sniffers
  • Describe automated file system analysis tools
  • Implement the rkhunter, chkrootkit, and Solaris Fingerprint Database to locate root kits

System Memory Analysis

  • Describe the important types of intrusion data that resides in memory
  • Describe techniques to capture volatile memory data to a file system
  • Introduce memory analysis tools mdb and gdb
  • Demonstrate how to recovery data from memory using the mdb and gdb tools

Incident Investigation Methodologies

  • Identify different types of intrusion scenarios
  • Apply a methodology based on an intrusion scenario
  • Collect the appropriate data (log files, file systems, and memory images) based on the intrusion scenario
Získané autorizace:



Ostatní partnerské organizace: