MANDIANT - Incident Response Crash Course
Instructor: A Mandiant Consultant
Dates: 10/26/09 to 10/28/09
Time: 8:30am to 5:00pm
Cost: $1,900.00

As the sophistication and threats caused by malicious attacks continue to increase, Mandiant has raised the bar of effective detection, response, and remediation by introducing our Incident Response (IR) class. This three-day Special Edition class has been specifically designed for information security professionals and analysts who respond to computer security incidents. It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area. Hands on exercises and labs in Windows Intrusion as well as the following topics are covered:

Introduction to Malware Dissection
Instructor: Tyler Hudak
Dates: 10/27/09 to 10/28/09
Time: 8:30am to 5:00pm
Cost: $475.00

Due to the increase in the use of malware as an attack vector, having the ability to analyze worms, bots and Trojan horses has become a necessity for organizations. Using in-the-wild samples in a hands-on environment, students will learn the concepts and techniques necessary to analyze the malware they come across in their organizations. Topics include:

- Setting up a malware analysis lab
- Static malware analysis
- Dynamic malware analysis
- Behavioral monitoring
- Network communication monitoring
- Sandnets

Laptop Prerequisites:

Students will be required to supply their own properly configured laptop.

Laptops should be installed with VMWare Workstation or VMWare Server and should have a Windows XP SP2 or higher virtual machine already installed and ready to go. Other versions of Windows may be used, but some portions of the hands-on exercises may be unable to be completed.

Please note that use of VMWare's snapshots will be used so VMWare workstation is required. Since VMWare Player does not have sufficient snapshot capabilities, they will not work. A 30-day trial of VMWare Workstation is available at http://www.vmware.com.

The host OS of the laptop may be Windows or Linux. Tools for both operating systems will be used in class so accessibility to both operating systems may provide the best learning environment for the student.

Any questions on the laptop pre-requisites may be directed to Tyler Hudak at tyler@hudakville.com.

Proof-of-Technology; Tivoli Compliance Insight Manager
Instructor: Chet Metcalf
Date: 10/27/09
Time: 8:30am to 4:30pm
Cost: $0.00

This one day workshop is taught by an IBM TCIM expert. IBM provides a hands-on experience for those interested in examining common compliance and security information event management (SIEM) challenges facing organizations today. Participants will learn how the IBM® Tivoli® “Best of Breed” Tivoli Security Information and Event Manager (TSIEM) solution is best suited to solve compliance, log management, security, and event management challenges. All students will receive hands-on experience with TSIEM - Tivoli Compliance Insight Manager. This Proof of Technology is specifically targeted for Enterprise / Security Architects, Systems Administrators, and Systems Analysts Compliance and Security Event and Information Management solutions for their organization. No prerequisite knowledge of any IBM Tivoli Security products is required. However, it is recommended that participants have an understanding of their organization’s business needs and current IT technologies.

Computer Forensic for the Security Practitioner
Instructor: Len Drinkard
Date: 10/28/09
Time: 8:30am to 5:00pm
Cost: $250.00

Accidental/intentional destruction of data, hardware failure or cyber attacks can happen at any time and you may be called upon to respond, investigate, document, handle, and escalate the analysis to a formal investigation. In this hands-on workshop, you'll consider when investigations are appropriate or warranted, and learn how and when to recover lost or deleted information from the Recycler Bin (Info2 file), Disk Directory/Master-File-Table and hard drive free space, how to examine the operating system artifacts that connect the user to the actions taken on the computer (including event logs, SID info, link files, pre-fetch files, auto-complete files, email NK2 files, index files, external devices attached and much more).

The workshop will include hands-on investigative scenarios and attendees will be provided with the training and tools to locate and properly examine important user and operating system sources of information. This course material is often taught to law enforcement personnel.

Network Access Control: Background, Technology, and Deployment
Instructor: Joel Snyder
Date: 10/28/09
Time: 8:30am to 5:00pm
Cost: $25.00

Network Access Control takes "defense in depth" all the way to the desktop. With NAC on your network, every connection can be authenticated and controlled, helping to reduce the risk of malware or malicious people taking hold on the network. Because NAC is the hot buzzword right now, the products can be confusing and the vendors contentious. However, NAC represents the most significant change in the way that networks are secured since the invention of the firewall.

Network managers are now being given the tools to create a strong link between users, end systems, desktop workstations, laptops, and access to network resources. With components of end-point security, authentication and access control, these emerging NAC architectures and products offer almost endless options. Your job is to select the right components and pieces to match your own requirements.

This full-day seminar will cover the concepts behind NAC, giving you the tools to understand both single-vendor solutions and multi-vendor NAC architectures. We'll discuss specific issues in deploying NAC in enterprise networks, and cover key strategies you can use to ensure successful NAC planning and deployment.