NT/2K/XP Incident Response Training

From: H C (keydet89at_private)
Date: Wed Feb 20 2002 - 10:20:21 PST

Next message: tfmat_private: "Re: strange telnet behavior"

Previous message: Vladimir Ivaschenko: "Re: strange telnet behavior"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To all,

Over the years, as I've performed consulting work, or
worked as a security manager, one of the very
prevalent issues I've identified is that many NT/2K
admins aren't able to properly deal with incidents.  

Look at the lists, for example.  In the week prior to
BlackHat, we all saw two posts on the SF lists in
which a Unix admin had to respond to an incident.  In
both cases, the actions of the admin included port
scanning the 'victim' system, and then comparing those
results with a list of known, default trojan ports.  

Is this effective incident response?  What should the
response have been?  What could have been done head of
time to prevent the incident from happening?  

In order to help educate anyone who administers
NT/2K/XP systems, I've created a Incident Response
course.  The course is 2 days long, and is very
intensive, with hands-on labs, discussions, and
scenarios.  The whole spectrum of incident response is
covered, from why policies and procedures are needed,
to incident preparation, data hiding (very heavy on
NTFS alternate data streams), and freeware tools that
can be used in incident response activities.

Specifics about the course can be seen here:

http://patriot.net/~carvdawg/ir.html

I've taught this course several times already, and
presented a trimmed-down version at the recent
BlackHat Windows Security conference.  It's been very
well received, and everyone (including myself) has
learned a lot.

This course is taught at your site.  That means that
instead of sending up to 16 people away to a remote
site, and paying their course fees, travel and
lodging, I come to your site and teach the course.

Anyone interested in learning more about the course
can contact me at keydet89at_private

Thanks,

Carv

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: tfmat_private: "Re: strange telnet behavior"
Previous message: Vladimir Ivaschenko: "Re: strange telnet behavior"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 20 2002 - 16:27:43 PST