1. Information Security in Todays Networked Enterprise u Security breaches - the industrys "dirty little secret"u Types of threats to information securityu Case studies of intrusionsu Emerging trends in patterns of intrusionsu Why "Security through obscurity" fails2. Key Concepts in Information Security u Fundamental conceptsu Safety, security, and integrity from a software engineering standpointu Vulnerabilities, threats, and counter measuresu Operating systems, networks, files, permissionsu Overall security policies: the forgotten cornerstone of computer security.3. Hacking - A Demonstration u Where do hackers find the tools?u Breaking in to your own system why YOU should do it!u Why you must obtain written permission from the key executives BEFORE attempting any break-in?u Establish the procedure you will follow WHEN you break in.u Why "controlled hacking" is an essential part of a regular security audit?4. Latest State-of-the-art Developments and Initiatives in IT Security u Evaluation of New generation productsu Routers, Proxies, and Firewallsu Even the best products will fail if they are not correctly configured.u Can auto-configuration, or Dynamic Directories make the difference?u Latest methodologies5. Developing an Effective Security Policy for Your Organization u Operational security & configuration managementu Protecting your PBX and telephone systems, avoiding financial disaster.u The role of audit in developing and implementing your information security frameworku Responding to computer security incidents - a coordinated approach6. Main Vulnerabilities of Operating Systems u Password controlu "Set user-id root" programsu FTP & TFTPu The "r" commandsu Electronic mailu ActiveXu Javau NFSu Trusted hostsu Inappropriate file permissionsu "Race conditions"7. How Networks Are Being Subverted u Packet sniffersu IP spoofingu Denial of serviceu Dial-up connectionsu CGI & WWW vulnerabilities8. Effective System Administration Policies u The KISS principle of securityu Physical assuranceu Backups, backups, backups9. Firewalls and Information Security u Basic firewall conceptsu Different architectural models for firewallsu Examples of available firewall products10. What Else You Should Be Doing u Kerberos/Andrew File Systemu Ubiquitous encryption of datau One-Time Passwordsu Challenge-response systems & "smart cards"u COPS, Tripwire, etc.u "Sacrificial" machinesu Crack, SATAN and other self-evaluation tools11. Ensuring Security for Electronic Commerce, Financial Networks, Intranets and Extranets u Determining a policyu Securing on-line transactionsu Security in EFT/POS and transaction servicesu Challenge-response systems & "smart cards" - are they really what they claim to be12. Combating Viruses u Practising "safe computing"u Virus delivery systemsu Disk virusesu Network virusesu Document or mail virusesu Virus elimination13. Security Across Different Operating Systems and Platforms u Netwareu Windows NT 4.0 and 5.0u Windows 95 and 98u UNIX14. Business Continuity and u Establishing the cost of downtimeu Developing a policy for continuity and recoveryu Developing a disaster recovery planu Maintaining operational continuityu Testing15. Future Directions
|