| —Why
Take a Computer Security Course?
—How
to Enroll
—Course Descriptions
|
The
LBNL Computer Protection Program offers a set of security
training and awareness courses. This curriculum covers
virtually all major areas of computer protection that
are relevant to the needs of the LBNL user community,
system administrators, and management. Courses
range in length from 1½ hours to full days. This catalog
lists the courses, the content of each, and their length.
|
____________
Why?
Attacks
on systems connected to the Internet, as well as on networks
themselves, are continually becoming both more frequent and
more sophisticated. You are the first line of defense
for the system(s) you use! You have the choice of whether
to inadvertently expose your system(s) to a high degree of
security risk, thereby increasing the likelihood that someone
will gain access to your information without your authorization,
damage or crash your system, or change data on your system;
or whether to use proven measures that substantially reduce
security risks. By taking courses described in this catalog,
you will learn about and be able to deploy the right security-related
measures.
Additionally,
the RPM includes a requirement for yearly computer protection
training. You can complete this requirement by taking one
or more courses every year.
How?
As
each course is announced, it is added to the LBNL ISS-HRIS
database. You can then register at the Employee Self Service
Web site:
https://hris.lbl.gov/.
Your
record is updated with course attendance data when you complete
each course. Listings of training completed will then be
prepared, enabling division managers, division liaisons, and
the Computer Protection Program Manager to determine the degree
of compliance with the RPM’s computer protection training
requirements.
Course
Descriptions
The LBNL
computer protection training and awareness curriculum includes
courses mainly for LBNL users, courses mainly for system administrators,
and courses on advanced topics that may be of interest to
a wide range of people. The courses for users are not as
technically sophisticated as the other types of courses.
Additionally, they are not sequenced, nor do they require
prerequisites. Some courses for system administrators are
sequenced (e.g., Unix/Linux Security I and Unix/Linux Security
II), and all are between intermediate to advanced in terms
of the sophistication of technical information covered. All
courses for system administrators and advanced topics courses
have prerequisites.
The
following courses are available:
Courses
for Users:
Security
Basics
Description:
Computer security (more commonly known in professional circles
as "information security" and in government circles
as "information assurance") has grown substantially
in importance over the years. System administrators, users,
and managers are often forced to make changes because of security
considerations without genuinely understanding why. This
course presents the "why's and wherefore's" of computer
security with the goal of helping you understand why things
are done the way they are in the computer security arena.
Topics include an introduction to computer security, risks
and threats, vulnerabilities and exposures, types of security
measures, and how decisions are made. This course includes
a wide range of both high-level and technical information
in addressing these issues.
Length:
3 hours
Windows
Desktop Security
Description:
More security-related incidents involve Windows desktop computers
(95/98/NT/2000/XP) than any other type of system. Why? What
can you do about it? This course will teach you specifically
what you need to do to protect your desktop system from worms,
viruses, hackers, and other threats. Topics include the importance
of joining a domain, running and updating anti-virus software,
protecting share access, running only necessary services,
and other safe computing practices.
Length:
2 hours
Windows
2000 Desktop Security
Description:
This course is similar to the Windows Desktop Security Course,
except that it focuses exclusively on Windows 2000 Professional
systems. Topics include the importance of joining a domain,
running and updating anti-virus software, protecting share
access, running only necessary services, privilege control,
setting appropriate access permissions, enabling logging,
installing service packs and hot fixes, and other measures.
Length:
3 hours
Windows
XP Security Hands-On
Description:
This course is designed to help Windows XP users understand
the kinds of security measures that are necessary in securing
XP systems by actually doing what is needed. Attendees will
follow step-by-step procedures for tightening the security
of a Windows XP Professional system and will verify each implemented
measure to ensure that it is correct and works as intended.
Length:
5 hours
How
to Install and Upgrade Anti-Virus Software
Description:
Of all the things you can do to protect your Windows or Macintosh
system(s), none is more important that installing and upgrading
anti-virus software. This course explains how to do this—how
to obtain the software in the first place, how to determine
whether it is running, how to ensure that it is being upgraded,
and how to read and, if necessary, react to the log entries
and messages that it produces.
Length:
1 ½ hours
Courses
for System Administrators
Unix
Security I
Making Unix systems secure is a task that
requires not only an accurate understanding of exactly what
the security-related risks are, but also what options are
available and the costs and benefits of each. This Solaris-centric
course is the first of a two-day series designed to help Unix
system administrators and programmers understand how to improve
the security of their systems. Topics covered include major
types of security-related vulnerabilities, physical security,
file protection, system and network configuration, account
security, logging, making backups, special security features
available in different flavors of Unix, and useful tools such
as ssh, sudo, tcpdump, Tripwire, John the Ripper, and Fix-Modes).
Length:
1 day
Prerequisite:
Some system administration experience with Unix and/or Linux
systems.
Unix
Security II (Advanced)
Description: This
is the second of a two-part series of courses to enable Unix
system administrators to improve the security of their systems.
This Solaris-centric course covers more advanced issues, advanced
OS installation steps, advanced kernel tweeks, issues related
to patch installation, special file access controls, and Apache
Web server security.
Length:
1 day
Prerequisite:
Completion of Unix/Linux Security I
Unix/Linux
Security Hands-on
Description: This course is designed to
help technical staff understand in as concrete a manner as
possible the kinds of security measures that are needed in
securing Unix and Linux systems. Attendees will go through
step-by-step procedures for tightening the security of a Red
Hat Linux system and will test each implemented measure to
ensure that it works.
Length: 1 day
Prerequisite: Completion of Unix/Linux Security I
Windows
2000 Security I
Description:
This course is the first in a two-day series designed to teach
you how to minimize security-related risks in a Windows 2000
server environment. It begins with an overview of this operating
system to provide a high-level picture, then progresses to
an overview of the security-related mechanisms built into
this operating system, and then delves into several important
issues that need to be addressed in order to achieve adequate
security. Topics include an overview of Security, Active
Directory and security, group policy, authentication, privilege
and access security, network security, and auditing.
Length:
1 day
Prerequisite:
Some system administration experience with Windows 2000 systems
or equivalent.
Windows
2000 Security II
Description:
This course covers more advanced issues not covered in the
first of this two-day series. Included are more complex issues,
such as securing individual Active Directory objects and attributes,
protecting the Active Directory replication process, securing
DNS, using certificate services, configuring Routing and Remote
Access Service capabilities and parameters, dealing with network
services, using Resource Kit tools to improve security, and
how to benchmark security in Windows 2000 servers.
Length:
1 day
Prerequisite:
Windows 2000 Security I
Windows
2000 Security Hands-on
Description:
As with the Unix/Linux Security Hands-on Course, this course
is geared to help technical staff understand as specifically
as possible the common kinds of attacks that are launched
against Windows 2000 servers and the types of measures needed
to keep these systems from succumbing to these attacks. During
the first half of this course, you will play the role of a
hacker. During the second half, you will harden your system’s
security measures according to what you discovered during
the first half of this course.
Length:
1 day
Prerequisites:
Windows 2000 Security I
Windows
Server 2003 Security
Description: Windows Server 2003 (WS2003)
is the latest version of the Microsoft server operating system.
WS2003 incorporates many security-related improvements and
represents the most secure version of an operating system
that Microsoft has ever produced. This course is designed
to help attendees understand these improvements and to learn
the specific configuations that are necessary to ensure reasonable
levels of security. Topics include an introduction to WS2003,
vulnerabilities and vulnerability management, WS2003 Active
Directory, authentication, authorization, auditing, and networking.
Length: 1 day
Prerequisite: Some system administration experience with
Windows 2003 systems or equivalent.
Incident
Response
Description:
No matter what type of and how many security countermeasures
are deployed, security-related incidents occur. Trends over
the last few years in fact indicate that not only are more
incidents occurring, but also their impact and severity is
greater. This course will teach you about the major aspects
of responding to incidents, starting with planning, and going
on to the types of analyses, remedial measures, and precautions
needed. Topics include an introduction to incident response,
detecting an incident, what to do if an incident occurs, and
basic forensics procedures.
Length:
One-half day
Prerequisite:
A working technical knowledge about security mechanisms and
vulnerabilities in systems and networks
Network
Security
Description:
Today's computer networks have capabilities far beyond those
envisioned by experts years ago. With increased networking
capabilities have come new, difficult challenges for achieving
control and security. This course provides a comprehensive
view of networking—its mechanisms and protocols—but with a
security slant. It begins with a broad overview of networking
and then proceeds to cover security-related threats and control
mechanisms. The course also delves into specific network-related
issues that users and organizations typically face, and how
to address them. Topics include networking basics, major
types of network security exposures and control measures,
firewalling and packet screening, securing network services,
securing Web servers, network encryption, and secure e-mail.
Length:
1 day
Prerequisite:
Basic technical knowledge about security mechanisms and vulnerabilities
in systems and networks
Internet
Information Server (IIS) Security
Securing Web servers is in and of itself
a difficult challenge, but securing IIS Web servers is even
more challenging. More successful attacks (including Web page
defacements, denial of service attacks, and many other types)
against IIS Web servers are reported on sites such as attrition.org
and antionline.org
than against any other type of Web server. An out-of-the-box
deployment spells catastrophe; IIS is, for example, by default
installed on the system drive! Unless Web developers and Webmasters
know specifically what threats exist and how to counter them,
IIS Web servers are easy prey for attackers.
This one-day course provides comprehensive coverage of IIS
Web security, teaching Web developers and Webmasters what
they need to know to secure IIS Web servers. Highly technical
in nature, the course starts with the basics of IIS Web deployment
and functionality, then moves on to standard security options
through advanced capabilities such as SSL/TLS encryption,
and then covers advanced security issues, such as certificate
issuance and handling.
Topics covered include:
- An introduction to IIS (what is present in each IIS version,
directory structures, virtual servers, virtual directories,
and so on)
- Types of security-related vulnerabilities
- Types of security options (authentication, authorization,
policies, users and groups, etc.) and how they work
- Configuring security options
- Network deployment options
- Security administration
- IIS Web application security
- Wrap-up
Length:
1 day
Prerequisite:
Basic familiarity with the IIS Web server
Advanced
Topics
Writing
Secure Applications
Description:
Securing applications is one of the most overlooked topics
in computer security, yet buffer overflow conditions and other
application-specific security problems are commonplace. This
course will teach you the many mistakes that application programmers
make and the things that need to be done to remedy them.
You’ll also get the opportunity to write secure routines to
ensure that you can put what you learn into practice.
Length:
1 day
Prerequisite:
Basic knowledge of programming.
Cryptography
Description:
Cryptography is an extremely interesting area within computer
security—one that demands a much more detailed examination
than a basic course can allow. This course is for those who
want to go beyond the basics of cryptography. Topics covered
include cryptographic algorithms and their implementations,
advanced cryptanalysis, public key infrastructure (PKI) design
and considerations, certificates and related data structures,
and advanced cryptographic methods and applications.
Length:
One day
Prerequisite:
Completion of encryption fundamentals course.
Protecting Sensitive
Information and Systems
Protecting Sensitive Information and Systems is a minicourse
designed to help those who store sensitive information, such
as personal medical information, personnel information, and
CRADA information, and have access to systems that, if down,
could cause considerable disruption and cost to the Lab. This
course will cover legal considerations, how to use file system
protection, encryption, and other techniques to protect sensitive
information, and the kind of system protections that need
to be in place to protect critical systems.
The Ins and
Outs of Bro
Description:
Bro is a rule-based intrusion detection system built at Berkeley
Lab. The Lab relies heavily upon Bro to discover cyberattacks
and possible break-ins. This 2/3 day course covers how Bro
works, how it should be configured, and how to interpret its
output so that when the Computer Protection Program sends
Bro output to someone, that person will be able to understand
and use the output in a meaningful manner.
Length:
2/3 day
Prerequisite:
Basic understanding of Unix.
Pix Firewall Security
The Pix firewall is one of the most widely used firewalls
today. This one-day course covers the basics of Pix functionality,
including how this firewall is designed and how it works.
You'll learn specific configurations and settings that maximize
security, how to recognize and close vulnerabilities in it,
how to administer it in a secure manner, and how to troubleshoot
it. This course is designed primarily for network administrators,
but system administrators and security and audit staff can
also benefit from this course, provided that they have some
knowledge of firewalls (particularly how access control lists
in firewalls and routers work) and network protocols, such
as TCP, UDP, ICMP, and IP.
Length: One day
Prerequisites: Basic understanding of firewalls and network
protocols.
Computer Forensics and Incident
Investigation Methods
A growing number of security-related incidents require handling
computer-related evidence in a manner that is admissible in
a court of law. This course teaches attendees generally accepted
computer forensics principles and methods, such as making
forensic-duplicate or qualified forensic-duplicate copies
of evidence in original media, avoiding modification of forensic
evidence, and establishing a "chain of custody."
Additionally, even if evidence obtained from computer systems
is not used for legal purposes, performing a thorough investigation
of suspicious system behavior and changes in systems that
have occurred as a result of security breaches has become
increasingly necessary. This course thus also covers detailed
incident investigation methods such as recovering deleted
data, identifying rootkits that have been installed, and finding
hidden files and processes in compromised and potentially
compromised systems. Although this course covers a few high
level legal and procedural considerations, the main focus
is definitely technical; attendees should have a thorough
understanding of the functionality of Windows, Linux and Unix
operating systems.
Topics covered include:
- Introduction to forensics
- Forensics methods in Windows systems
- Forensics methods in Unix systems
- Conclusion
Length: One day
Prerequisites:
- Completion of the LBNL incident response course or equivalent,
and
- Experience in system and/or network administration and/or
technical issues in information security.
|
