From: MILRAT::CORADMIN "TCDG - TECHNICAL COMPETENCY DEVELOPMENT GROUP * 223-6602 OR 381-1820 15-Jul-1997 0852" 15-JUL-1997 13:11:46.28 To: @MASTER_LIST CC: Subj: NETWORK SECURITY ADMINISTRATION - SEPT. 3-5 Technical Competency Development Group http://tcdg.zko.dec.com/ -------------------------------------------------------------------------------- TCDG Technology Open Enrollment Description ________________________________________________________________________________ Title Network Security Administration Instructor ARG Date 03-SEP-97 - 05-SEP-97 Time 8:30 - 5:00 Location FREEPORT CLASSROOM - LKG2-2 Course Number NWCNS-05 Course Fee $ 1295 Registration Log into COURSES software on MILRAT (Username: COURSES Password: TRAINING). Cancellation PLEASE WITHDRAW 11 WORKING DAYS PRIOR TO CLASS START DATE TO AVOID PAYING FULL TUITION NETWORK SECURITY ADMINISTRATION (Building Firewalls and Maintaining Secure Hosts) Format: 3 day lecture/lab PREREQUISITES: A fundamental knowledge of Unix and TCP/IP is required. Experience with DOS/Windows and/or Windows NT is a plus INTENDED AUDIENCE: Personnel responsible for designing or implementing security policy for your enterprise network. OVERVIEW: This course focuses on protecting your assets including your proprietary data and network infrastructure. You will build a security strategy, configure a screening router, set up a firewall system, and protect a host server running Unix or Windows NT. Understand firewall system architecture, capabilities, and limitations. Examine access control issues with Unix and Windows NT servers and learn how to prevent unauthorized access. BENEFITS: Learn: o How to configure screening routers and popular firewall products. o How to use security utilities to perform system monitoring and audit logging, verify user and system authentication, and manage proxy applications o How to differentiate and close potential security holes on your Unix and Windows NT systems o How to use intrusion detection tools and read audit logos to identify potential security violations o Strategies for developing and implementing effective security policies CONTENT: o An Overview of Network Security - Defining the problem - What are you trying to protect? - Who are you trying to protect it from? - More reasons for network insecurity - How much are you willing to spend? - The categories of computer security - Incident response - Legal considerations o Laying the Foundations - IP Addresses - The client/server model - Connections and Associations - TCP/IP Protocol Stack - File Transfer Protocol (FTP) - Remote Procedure Calls (RPC) o Host Security - Unix vs. Windows NT - User configuration (Unix and Windows NT) - Permissions - The Unix TCP/IP configuration files - Network Daemons on Demand (inetd) - Security services - Using Stubs to Disable Services - TCP Wrapper - Security recommendations o Trusted Network Services - Unix: The Berkeley "r" commands - Components of Trusted Access - Pros and Cons of Trusted Access - hosts.equiv and .rhosts - NFS architecture - NFS and the RPC Protocol - Windows NT Disk sharing o FTP and WWW Security - The inherent insecurities of FTP - FTP authentication - The components of anonymous FTP - Problems with incoming FTP directories - Configuring FTP daemons - WWW Security Concerns - Properties of a secure Server - CGI Script installation and configuration - Client-side vulnerabilities and security recommendations - Some WWW privacy options o Logging and Auditing Tools - Syslog - Windows NT - Auditing and vulnerability detection tools * SATAN and SAFESuite Internet Scanner * Unix auditing tools (COPS, Tripwire, Tiger) * Windows NT (C2CERT, Kane Security Analyst) o An Overview of Firewalls - The problems with host-based security - Why firewalls are a good thing - Firewall design policy - Categories of firewalls - The limitations of firewalls o Packet Filters - A generic packet filter (IP, UDP, TCP headers) - Filtering criteria for the rule sets - Packet filter strengths and limitaitons - Cisco screening router acces lists - Cisco router interfaces - Standard vs. passive mode FTP - Remote Procedure Calls (RPC) o Proxy Servers - Proxy Server Architecture - Pros and cons of proxies - Proxy issues - TIS Gauntlet - Checkpoint firewall-1 - Other commerical firewalls o Firewall Architectures - Dual-homed Screening Router - Dual-homed Bastion Host - Dual-homed Proxy Server - Bastion hosts - Screened subnet - Belt-and-suspenders - Screened Bastion Bost - Multiple Bastion Host o Secure Communications and Authentication - Features of Cryptography - Cryptanalytic Attacks - Private and Public Key Cryptography - Clipper Chip and Fortezza Card - Virtual Private Networks (VPN) - IP Encryption - Authentication - Kerberos - DES and RGP LABS: Lab 1: Develop a security policy for the classroom network and your site. Lab 2: Identify the most commonly used weaknesses used to compromise systems and identify methods to secure your host. Lab 3: Use stubs and TCP wrapper to secure network services oh your host. Lab 4: Use SATAN, ISS SAFESuite, and a vareity of other logging and auditing tools to identify and close potential security holes on your network. Lab 5: Configure Cisco screening routers to protect your subnetwork from the rest of the classroom network. Identify different packet filtering policies. Lab 6: Configure the Gauntlet Internet Firewall from Trusted Information Systems. Set up and configure access rights and proxy services. Lab 7: Configure firewall-1 from Checkpoint Lab 8: Configure and test secure messaging using the PGP encryption algorithm. 6/97 -------------------------------------------------------------------------------- Technical Competency Development Group http://tcdg.zko.dec.com/