Black Hat USA 2007 Briefings and Training
Caesars Palace, Las Vegas • July 28-31 (Four Days)

Overview
HomeLand Security asks you to protect your networks from Cyberspace.. this 5 day class teaches you how.

Daily intense hands on labs teach how to manage edge protection. Get the real grip on IPS firewalls and spyware devices that can stop viruses, trojans and malware, so they don't manage you.

You will leave with a complete understanding of your level of spyware and malware risk. You will see trojaned machines sending data outside your company, identify what PCs are infected with spyware, ranked by infection severity. You build a template for Best Practices for removing active spyware from pages and build a process to rank what to clean by spyware and virus severity.

In class you'll use current IPS techniques and technologies to stop cold keyloggers, remote access terminals (RATs), and phone-homes with tools like Mi5. You'll uncover the strengths and weaknesses of current spyware, anti-virus and anti-trojan software, and become an expert at separating false alarms and website spoofing and phishing from actual incidents and identity theft.

Live penetration testing details bad processes, bad patching and bad software. In short, you'll learn everything you need to know to evaluate, create, and implement safe edge authentication, spyware, virus & trojan incident management program to protect your edge.

Key topics:

• 15 + Hands on spyware, viruses, trojan and phising labs
• Mitigate site spoofing & phishing
• False alarms vs. real threats from spyware, virus & trojans
• IPS Filtering as effective containment technique
• Discover the best practices for edge protection unlike anything your ever seen
• Pros and cons of current anti-virus & anti-trojan software and techniques
• Define a recovery strategy
• Establish measurable goals for spyware risk.

Course Structure
This is a four-day course.

What You Will Learn
Step 1: Preparation
Laying the groundwork for effective spyware & malware incident management with a look at the current state of spyware & malware threats and their evolution.

• Real-time traffic scanning blocks spyware on-the-fly
• Malware defined
• Environments where spyware & malware thrive
• Viruses & Trojan risks
• Strengths and weaknesses of current anti-virus and anti-trojan products
• Install Confidence on-line, SOPHOS, NORTON, MCAFEE and other virus & anti-trojan software in Hands-On labs

Step 2: Detection
In a recent study, less than a third of the participants realized they'd experienced a spyware or malware attack. How to detect and analyze spyware or malware incident quickly and accurately.

• Pinpoints how employees are getting infected.
• Detect and block“phone-home” attempts by spyware installed on your computers
• Advanced diagnosis and identification
• False alarms vs. actual incidents
• My Doom, Blaster, NIMDA, CODE RED and others - learn what they do
• Dissecting audit records
• Was it internal or external?
• Determining source and scope of infection

Step 3: Containment
A look at the two essential containment techniques — stopping the spyware & malware spread and halting the side affects.

• Inspects True file types
• Filtering inbound and outbound network traffic
• The importance of public relations
• Limiting exposure by secure application coding

Step 4: Eradication
If a virus or other malware does attack, how to remove it completely in the most effective and permanent manner.

• Blocks spyware websites & file downloads
• Reviewing system configuration and initialization items
• Removing modifications to courses and data files
• Benefits and challenges of current removal techniques

Step 5: Recovery & patching your network
Returning the network and any other affected systems to full operation, with minimal impact. Special emphasis on systems and data backup recovery techniques.

• Returning the network systems to full operation
• What was the impact
• Systems and data backup recovery techniques
• Benefits and challenges of current patching techniques
• A review of Core Security Impact vulnerability exploit tool to ensure patch updates

Step 6: Response and follow-Up
How and why did the attack happen, how was it removed, and what lessons can be applied to possible future attacks? The final and most crucial step in a successful incident management program.

• Establishing a incident response team based on the type of incident
• Documenting lessons learned
• Metric collection and trend analysis
• Establishing measurable goals

Who Should Attend?
Information Security Officers, Information Systems Managers, Auditors, Telecommunications and Network Administrators, Consultants, Systems and Data Security Analysts, and others seeking to enhance their information security knowledge.

Security University's goal is prepare and qualify security professionals to protect electronic assets. SU "helps raise the level of computer security and information assurance in your company" by providing hands-on computer security training for executives, network professionals, system administrators, security administrators and consultants.

Security University is the first computer security training company to provide IT professionals a complete hands-on computer security curriculum for the creation of secure infrastructures. And in 2007 is the first to provide qualified information security training, educations and testing.

Each class provides SU escalating security workshops and hands-on technical labs that teach how to plan, implement, build and maintain security and compliance to reduce risk.