SE-100
SECURITY INCIDENT RESPONSE FOR DESKTOP TECHNICIANS

2 Days

Tuition: $990

Overview of Common Threats

·         Viruses

·         Worms

·         Trojans

·         Spyware

·         Rootkits

·         User error/ignorance/malice

·         Distribution of malware

·         Auto start methods


Virus Behavior, Detection, and Removal

·         Instructor demo of live virus

·         How a virus spreads

·         Detection techniques

·         Removal techniques

·         Student Lab: Virus detection tools and removal

 

Worm Behavior, Detection, and Removal

·         Instructor demo of live worm

·         How a worm spreads

·         Unplugging from the network

·         Detection Techniques

·         Removal Techniques

·         Student Lab: Worm detection tools and removal

 

Trojan Behavior, Detection, and Removal

·         Instructor demo of spyware

·         Detection techniques

·         Removal techniques

·         Student Lab: Trojan detection tools and removal

 

Spyware Behavior, Detection, and Removal

·         Instructor demo of Spyware

·         Detection techniques

·         Removal techniques

·         Student Lab: Spyware detection tools and removal

 

Rootkit Behavior, Detection, and Removal

·         Instructor demo of Windows XP or FU rootkits

·         Detection techniques

·         Removal techniques

·         Student Lab: Rootkit detection tools and removal

Threats Due to User Errors/ Ignorance/ Malice

·         User ignorance of

    • Email attachments
    • Phishing
    • Untrusted certificates
    • Running untrusted downloads
    • Running files from untrusted media (CDs, USB drive, etc.)

·         User errors

    • Saving data to the wrong location
    • Incorrectly setting permissions
    • Other

·         User Malice

    • Probing the network (what can they get access to?)
    • Installing software on their own
    • Sniffing network data/passwords

 

System Evaluation – Is there an incident?

·         Symptoms

    • Unusual processes
    • Open ports
    • New user accounts
    • Registry entries for startup
    • System file modification
    • Escalation procedure

 

Incident Response and Recovery

·         Disconnect from network?

·         A/V Scans

·         Malware scans

·         Rootkit scans

·         Bootable CD Antivirus

·         Manual tools (fport, hijackthis, pslist)

·         Worst-case scenarios


Comprehensive Labs

·         Students will determine which machines are having security incidents and then use the procedures explained in class to remove the malicious software.

 

*Students will receive a CD containing malware detection and removal tools. They will not receive copies of the actual malware.


 

Home
Solaris Programming Microsoft Desktop Linux Cisco Security
About SYSTEMS Computer Training
Contact Us


© 2003-2004  SYSTEMS Computer Training, A Testmasters Company

Solaris and Java are registered trademarks of Sun Microsystems.