To all, Over the years, as I've performed consulting work, or worked as a security manager, one of the very prevalent issues I've identified is that many NT/2K admins aren't able to properly deal with incidents. Look at the lists, for example. In the week prior to BlackHat, we all saw two posts on the SF lists in which a Unix admin had to respond to an incident. In both cases, the actions of the admin included port scanning the 'victim' system, and then comparing those results with a list of known, default trojan ports. Is this effective incident response? What should the response have been? What could have been done head of time to prevent the incident from happening? In order to help educate anyone who administers NT/2K/XP systems, I've created a Incident Response course. The course is 2 days long, and is very intensive, with hands-on labs, discussions, and scenarios. The whole spectrum of incident response is covered, from why policies and procedures are needed, to incident preparation, data hiding (very heavy on NTFS alternate data streams), and freeware tools that can be used in incident response activities. Specifics about the course can be seen here: http://patriot.net/~carvdawg/ir.html I've taught this course several times already, and presented a trimmed-down version at the recent BlackHat Windows Security conference. It's been very well received, and everyone (including myself) has learned a lot. This course is taught at your site. That means that instead of sending up to 16 people away to a remote site, and paying their course fees, travel and lodging, I come to your site and teach the course. Anyone interested in learning more about the course can contact me at keydet89at_private Thanks, Carv __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Feb 20 2002 - 16:27:43 PST