2010.9.2(Kamata) CERT Instructor Training Course for Technical Staff Date: 2010.11.20~22 (1) Technical Overview of Information Security This topic covers basic understanding of information security like CIA (Confidentiality, Integrity and Availability) factors and other basics of information security. Also talk about Vulnerability, Risk, Threat and major attack way on the internet. (2) Overview of Internet Security This topic covers technical topics of Internet security such as reviewing basic knowledge of network or servers, major attack methods, vulnerabilities, etc. Participants will have a good understanding of the basic technical knowledge of Internet security. (3) Incident Analysis Basics ? Log Analysis ? [Hands-On] Understanding log information is very important to find computer security incidents. This topic will cover the basic knowledge of log information within major servers such as mail server, web server, database server, etc. This topic will include hands on exercise to read and understand actual attack logs. (4) Network Monitoring and Traffic Analysis - [Hands-on] Network monitoring is one of the ways to understand what is happening within the network. This session will cover the basic knowledge of network monitoring and issues that we should know (Ex: legal issues, privacy issues, encryption, covert channel, etc.). 2 types of hands-on trainings using malicious traffic data are included. (5) Information Gathering and Analysis ? [Exercise] Information gathering is one of the most important activities for operating CSIRTs. Most of the important information can be found on major websites. This session will cover how to gather information, how to evaluate, how to store and how to respond to each information. These information may include zero day activities, large scale cyber attacks, vulnerabilities, new virus or malware, etc. Exercise is included. (6) Security Tools for CSIRT Understanding security tools for CSIRT is one of the good ways to reduce our work. This session is to introduce various types of security tools around the world. ************************************************************************************************ CERT Instructor Training Course for Technical Staff(detail Description) > This course covers technical CERT training for CERT staffs of > technical operations to > make them understand the basic operation of CERT and basic information > security > topics. > > Participants must have basic technical background about the Internet > technology > such as network, protocols, operating systems, server, programming, > database and so on. > Additionally, it's better to have basic understanding of information > security and recent > cyber threats. > > This course include hands-on training, so participants have to bring > their own laptop > to do exercises. > > > [1st day] > (1) Overview of Internet Security ? 3hours > This topic covers technical topics of Internet security such as > reviewing basic knowledge of network or servers, major attack methods, > vulnerabilities, etc. Participants will have a good understanding of > the basic technical knowledge of Internet security. > > (2) Incident Analysis Basics ? Log Analysis ? 4 hours [Hands-On] > Understanding log information is very important to find computer > security incidents. This topic will cover the basic knowledge of log > information within major servers such as mail server, web server, > database server, etc. This topic will include hands on exercise to > read and understand actual attack logs. > > > [2nd day] > (3) Technical Overview of Information Security ? 6hours > This topic covers basic understanding of information security like > CIA (Confidentiality, Integrity and Availability) factors and other > basics of information security. Also talk about Vulnerability, Risk, > Threat and major attack way on the internet. > > (4) Security Tools for CSIRT ? 1 hours > Understanding security tools for CSIRT is one of the good ways to > reduce our work. This session is to introduce various types of > security tools around the world. > > [3rd day] > (5) Information Gathering and Analysis ? 3 hours [Exercise] > Information gathering is one of the most important activities for > operating CSIRTs. Most of the important information can be found on > major websites. This session will cover how to gather information, how > to evaluate, how to store and how to respond to each information. > These information may include zero day activities, large scale cyber > attacks, vulnerabilities, new virus or malware, etc. Exercise is > included. > > > (6) Publishing Technical Documents ? 3 hours [Exercise] > Publishing technical documents is a key role of CSIRTs. The > documents should be trustful enough for our constituencies. This > session will cover how to consider writing technical security > advisories or other technical documents from a CSIRT standpoint. > Exercise is included. > > (7) How to conduct Technical Training of Informationa Security - 1 hour > Share experience, idea, knowledge, method and motivation of Mr. > Kamata doing technical CERT training. > -- kamata Back to the AAF Homepage