TECHNOLOGY TRANSFER PRESENTS
KEN VAN WYK IDS/IPS Intrusion Detection & Prevention in depth OCTOBER 28-30, 2009 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)
info@technologytransfer.it www.technologytransfer.it
IDS/IPS: Intrusion Detection & Prevention in depth
ABOUT THIS SEMINAR Today’s Enterprise Data Processing environments are large, distributed, and highly complex. Monitoring and maintaining security in these heterogeneous data centers can be daunting and confusing. Further exacerbating the problem is that fact that security product vendors bombard IT managers with one “miracle product” after another, often resulting in security domains that are strained to effectively solve the problems they were intended to in the first place. In this class, we’ll take a product-neutral look at what technologies exist and what their real capabilities are. We’ll compare different types of Intrusion Detection Systems (IDS) as well as Intrusion Prevention Systems (IPS) to get a realistic appreciation of what we can expect of them in production environments. We’ll present a clear picture of just how they do what they do. We’ll see first-hand the sorts of attacks these products face and why some products are best suited for particular categories of attacks. And we’ll look at how IDS/IPS products can be integrated into a typical data center environment effectively. In summary, this course aims to: • Define clearly how IDS/IPS technologies and products work • Present a thorough description of the sorts of real world challenges one is likely to encounter when deploying IDS/IPS products • Look at IDS/IPS distributed architectures and how they work • Deliver a realistic view of typical Enterprise security attacks, how they work, and how they might (or might not) be detected by IDS/IPS technologies • Describe how IDS/IPS can be instrumental at providing essential input to an incident response program Upon completion, participants should be able to demonstrate each of the following: • A clear conceptual understanding of how modern IDS/IPS products work • Their ability to develop an IDS/IPS architecture that meets the needs of a modern Enterprise Data Processing environment • A solid foundational understanding of the modern system and application vulnerabilities, their attacks, and how these can be detected • Their ability to effectively work together with an Enterprise incident response program
WHO SHOULD ATTEND The course is intended for IT Security Managers and Team Members who need to develop a thorough understanding of IDS/IPS, free of vendor biases.
PREREQUISITES • Knowledge of TCP/IP networking fundamentals • Knowledge Enterprise Data Processing system and Network Architectures PC REQUIREMENTS (minimum) • Windows, Linux, or Mac OS X system • 2 Gb RAM • 10 Gb available disk space • Desktop administrator privileges • Strongly recommended: A virtual machine environment (e.g., VMware, Parallels, Virtual Box)
OUTLINE 1. Understanding the problem • Overview of today’s common attacks and methods • Understanding the need for IDS and IPS • Historical view of how IDS/IPS evolved into today’s systems - Detection algorithms used - Network-based solutions - Host-based solutions - Strengths and weaknesses • A look at today’s distributed and highly heterogeneous IDS/IPS architectures
2. Survey of today’s product space • Spotlight of today’s popular product solutions • Distributed, heterogeneous product monitoring solutions
• Students will attack a flawed application in a safe environment on their own laptop computers (see student PC requirements) • Discussion of feasibility and challenges associated with detecting each type of attack
• Discussion, demonstration, and class exercises of common system weaknesses and corresponding attacks • Students will install and run several (free and open source) attack tools • Discussion of feasibility and challenges associated with detecting each type of attack
4. Attacks and attack tools hands-on exercises – Application level • Discussion, demonstration, and class exercises of common system weaknesses and corresponding attacks
• How should an IDS/IPS system interface with the incident response process • Security diagnostics vs. forensics • Evidence handling issues • Using an IDS in an incident response operation
5. IDS tools in action • Discussion, demonstration, and class exercise installing and running a popular Open Source IDS product • Students will install and run a simple Open Source network intrusion detection system on their laptops • Class discussion of features, strengths, and weaknesses
6. Application-level considerations 3. Attacks and attack tools hands-on exercises – Network and System level
8. Incident response considerations
• The role that applications can and should play in an IDS/IPS strategy • Web application firewalls and how they work - Pros and cons associated with these technologies
7. Real world pitfalls to understand and avoid • A realistic look at data center complexities that make IDS/IPS difficult • Common mistakes and how to avoid (where possible)
9. Bringing it all together • Next steps to take in building an enterprise grade IDS/IPS program
10. Questions and Answers
INFORMATION PARTICIPATION FEE
HOW TO REGISTER
GENERAL CONDITIONS
€ 1500
GROUP DISCOUNT
The fee includes all seminar documentation, luncheon and coffee breaks.
You must send the registration form with the receipt of the payment to: TECHNOLOGY TRANSFER S.r.l. Piazza Cavour, 3 - 00193 Rome (Italy) Fax +39-06-6871102
VENUE
within October 13, 2009
Visconti Palace Hotel Via Federico Cesi, 37 Rome (Italy)
SEMINAR TIMETABLE
9.30 am - 1.00 pm 2.00 pm - 5.00 pm
PAYMENT
Wire transfer to: Technology Transfer S.r.l. Banca Intesa Sanpaolo S.p.A. Agenzia 6787 di Roma Iban Code: IT 34 Y 03069 05039 048890270110
If a company registers 5 participants to the same seminar, it will pay only for 4. Those who benefit of this discount are not entitled to other discounts for the same seminar. EARLY REGISTRATION
The participants who will register 30 days before the seminar are entitled to a 5% discount. CANCELLATION POLICY
A full refund is given for any cancellation received more than 15 days before the seminar starts. Cancellations less than 15 days prior the event are liable for 50% of the fee. Cancellations less than one week prior to the event date will be liable for the full fee. CANCELLATION LIABILITY
In the case of cancellation of an event for any reason, Technology Transfer’s liability is limited to the return of the registration fee only.
first name ............................................................... surname ................................................................. job title ...................................................................
October 28-30, 2009 Visconti Palace Hotel Via Federico Cesi, 37 Rome (Italy) Registration fee: € 1500
"
KEN VAN WYK IDS/IPS INTRUSION DETECTION & PREVENTION IN DEPTH
Stamp and signature
organisation ........................................................... address .................................................................. postcode ................................................................ city ......................................................................... country ................................................................... telephone ...............................................................
If registered participants are unable to attend, or in case of cancellation of the seminar, the general conditions mentioned before are applicable.
fax .......................................................................... e-mail .....................................................................
Send your registration form with the receipt of the payment to: Technology Transfer S.r.l. Piazza Cavour, 3 - 00193 Rome (Italy) Tel. +39-06-6832227 - Fax +39-06-6871102 info@technologytransfer.it www.technologytransfer.it
SPEAKER Ken Van Wyk is an internationally recognized information security expert and author of the O’Reilly and Associates books, “Incident Response and Secure Coding”. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds numerous positions: as a monthly columnist for on-line security Portal, eSecurityPlanet and a Visiting Scientist at Carnegie Mellon University’s Software Engineering Institute. Mr. van Wyk has 20+ years experience as an IT Security practitioner in the academic, military, and commercial sectors. Mr. Van Wyk also served a two-year elected position as a member of the Steering Committee for the Forum of Incident Response and Security Teams (FIRST) organization. At the Software Engineering Institute of Carnegie Mellon University, Mr. van Wyk was one of the founders of the Computer Emergency Response Team (CERT®).