Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Cyber-attacks are becoming an everyday occurrence. Information security specialists are having to manage their incident response and intrusion analysis to protect the organization and provide digital evidence where appropriate.

This course will provide you with an understanding of the various attack characteristics, an analysis of lessons learned from recent attacks, and allow you to create your own processes for responding to attacks of your enterprise network.

In the 1 day version, Using lecture and workshops, you will have the opportunity to explore and experience documented incidents.

In the 2 day version, you will learn from “live” events and scenarios from actual computer incidents. Each “live” exercise will have a series of events from firewall Logs to users calling the help desk, and your task will be to review the information, then using the defined incident response plan, determine what is required to be recorded, reported in the required steps, to move forward. The incidents will increase in scope and become more challenging as the workshop progresses.

Learning Objectives

  • Learn the fundamentals of intrusions
  • Examine network traffic for intrusions
  • Develop a systematic process for intrusion analysis
  • Explore the artifacts of emerging threat attacks
  • Establish an incident response lifecycle
  • Create a response template for handling basic to advanced attacks
  • Process “live” monitored alerts and assess the enterprise threat*
  • Extract sophisticated malware information from the latest types of attacks*

Course Outline

Introduction to Forensics

  • Computer Forensics defines
  • Traditional forensics
  • “Live” system forensics
  • Establishing a Forensic Methodology
  • Repeatable process
  • LAB ONE : Forensic Analysis: What we are up against

Intrusion Analysis of Network Traffic on Windows and Linux

  • Identifying normal vs abnormal traffic
  • Determining cause of abnormal traffic: Error vs. Malicious
  • Recognizing common patterns of network attacks
  • Identifying the OS from the network traffic
    • Passive fingerprinting characteristics
    • Nuances of the TCP/IP stack
  • LAB TWO: Analyzing basic attacks
  • Components of a sophisticated attack
    • Deception techniques
    • Protocol camouflage
    • Encryption and tunnels
  • LAB THREE: Analyzing a sophisticated attack
  • Components of advanced attacks
    • Protocol encapsulation—More than one layer 7
    • Web attacks - Services, SQL, XSS, Access controls
  • LAB FOUR: Analysis of Web Attacks

Introduction to Incident Response

  • Security Policy and its role in incident response
  • Introduction and overview of computer forensics and incident response
  • Planning for incident response: Developing a plan of action
  • Incident response life cycle explained
  • Incident Response Workshop One

Planning a Response to a potential incident

  • Search and seizure laws
  • What can and cannot you take
  • Laws of digital evidence
    • Hearsay
    • Exceptions to the hearsay law
    • Digital evidence references

Processing Windows “LIVE” Forensics information to discover malware

  • Analyzing volatile data
  • Analyzing non-volatile data
  • LAB: Windows “LIVE” Incident Response Workshop Two

Malware Incident Response

  • Advanced Windows Forensics: Performing low-level internal analysis to identify advanced memory corruptions
  • Windows internals
  • Windows rootkits
    • Traditional
    • Hooking
    • DKOM
  • LAB: Malware Analysis
  • Client side exploitation
  • Binary payloads
  • Malicious files
  • Bypassing anti-virus and other protections
  • Obfuscation and encoding
  • Powershell
  • LAB: Client Side Attack Vectors

NOTE: *Refers to 2-day seminar

Additional Information

Who Should Attend
  • IT Auditors
  • Information Security Managers, Analysts, and Architects
  • IT Management
  • IT Architects
  • Consultants
Learning Level

Advanced

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

A strong background in networking, TCP/IP, Linux, and Windows

Session Duration

Online: N/A

On Site: 1 or 2 days

CPE Credits: 8 or 16