Montana State University
IT Center Home > MSU Security Conference > 2012 Pre-Conference Workshops

MSU IT Center

Renne Library Commons
P.O. Box 173240
Bozeman, MT 59717-3240
406-994-1777 | helpdesk@montana.edu

Chief Information Officer

Jerry Sheehan
jsheehan@montana.edu

Chief Security Officer

Adam Edelman
itsecurity@montana.edu
MSU Enterprise Security Icon

2012 Security Workshops
September 25th · 8:00 - 5pm
Strand Union Building - Room 233

spacer

Introduction to Malicious Netflow Investigations(8am - 12pm)

Ken Dunham will lead a hands-on class on how to quickly perform incident response and threat research to properly respond to ongoing threats against a network. Key components include introduction to Wireshark and netflow traffic, baselining normal activity, streams analysis, and HTTP data filters. Finally, participants will learn how to apply domain intelligence and malcode analysis to discoveries made during netflow investigations.

Target audience: Incident responders and tactical staff that regularly work with domain and IP management.

Topics covered:

  • Triage of netflow activity
  • Identification of normal activity
  • Identify C&Cs of interest
  • Stream analysis
  • HTTP data
  • Filters
  • Domain Intelligence
  • Malcode Analysis Triage

Required setup:Laptop with VMware or a similar virtualization solution with:

  • Windows XP or Windows 7 installed as VM
  • Updated version of Wireshark installed on Windows VM
  • Wireless capabilities

Note:There will not be time for extensive setup support during class. Be prepared to start at 8am sharp. Please take care of any setup issues prior to class.

Recommended skills: Participants, ideally will have experience with Windows, some Linux, and will not be afraid of the command line or analyzing PCAP data (experience highly preferred). Familiarity with netflow is a must as there will not be time for specific instructions or questions to get those new to the subject up to speed.

Filtering the Noise (1 - 5pm)

This workshop will explore the building blocks to starting an affordable security testing methodology. The workshop will begin by getting some well known security tools installed and configured for real-world ethical testing of participants' own infrastructure and applications.

Target audience: Security, network, and system administrators interested in learning how to identify target systems on their network and in participating in design and remediation discussions.

Topics covered:

  • Building a toolbox
  • Mapping systems
  • Identifying risk in systems
  • Identifying risk on the wire
  • Remediation
  • Network design considerations
  • System build solutions

Required setup: Windows laptop. Other requirements TBD.

Note:There will not be time for extensive setup support during class. Be prepared to start at 1pm sharp. Please take care of any setup issues prior to class.

Recommended skills: Hands-on participants will ideally have experience with Windows, some Linux, and will not be afraid of the command line. Design and solution discussions are open to the less technical, but will require a logical understanding of networking.