Using Logfiles for Security
What will you learn?
On completion of this course, delegates will be able to:
- Describe how logfiles are generated and explain the different services which might generate them.
- Describe the contents of common logfiles and explain the problems with structure and standards.
- Perform an in-depth analysis on logfiles and explain what is happening in detail.
- Describe how different Operating Systems handle logfiles and explain how to manage common problems.
- Apply knowledge to enable and configure logging on Microsoft Windows, UNIX/Linux and Mac OS X.
- Identify reasons for enabling logging and explain ways of monitoring the output.
- Identify the stage involved in an intrusion and to be able to identify why intrusions are a risk to an institution.
- Describe the different types of attack and explain key components of each.
- Identify the best solutions to preventing intrusions in different system configurations.
- Explain the relevance of backdoors in an intrusion and identify different characteristics of each.
- Apply knowledge of patterns to predict intrusion activity and inform future planning.
- Explain the impact of legal issues connected to IT systems.
- Explain the differences between Intrusion Detection Systems and Intrusion Prevention Systems.
- Explain the advantages and disadvantages of each type of Intrusion Detection System.
- Identify false positives and explain the reason behind them.
- Identify the ideal location for Intrusion Detection Systems.
- Apply basic knowledge of the open source Snort project to install and configure a working system.
- Apply basic knowledge of the Cisco PIX Firewall to obtain intrusion information and logging.
- Apply knowledge of attacks and intrusions to create an incident response checklist.
- Identify future developments that may have an important impact on institutional IT monitoring requirements and give a brief overview of each development.
Course Overview
Logfiles are one of the most useful tools in detecting and investigating problems with computer systems. Logs can provide information about systems faults and misuse as well as early warning of problems. This course provides a hands-on guide to the use of intrusion prevention and detection systems in conjunction with logfile analysis. Participants will get practical experiences of detecting attacks against IT systems; knowledge of the tools and systems for intrusion detection and prevention; and reinforce the need for policy to authorise their use.
Topics Covered
- Logfiles, how they are generated and what they contain
- Creating, enabling using and managing logfiles
- Understanding Intrusion, what is involved, patterns and solutions
- Legal Responsibilities and the role of a Server Manager in this area.
- Intrusion Detection Systems, what they are and how to use them.
- Overview of three popular products
- How to respond to incidents
- Future developments
Benefits
The course will provide participants with the skills necessary to obtain information about the performance and security of computer systems.
Who should attend?
This course is aimed at staff with responsibility for the management and security of IT systems. A sound background and understanding in networking would be a strong advantage, as would knowledge of preventive security. Staff interested in this course but who do not have an understanding of preventive security may wish to attend our ‘Managing IT Security’ course prior to registering for this course.
Timetable/On the Day
The course timetable will be adjusted on the day to allow discussion of areas of particular interest to the audience. The course will therefore run from 10am to 4.30pm. Registration will take place from 09:30 – 10:00.
This course includes participant involvement through hands-on activities, discussion, group work and simulations created specifically for the course. All delegates will receive a colour workbook specifically written for the course.
Related Courses
