Network Services
JANET CSIRT
Networking Support Services
Network Application Services
Advisory Services
Videoconferencing
UK Federation
Customer Services
Connections
Events and Conferences
Publications
Training
Events and Conferences

Events Calendar

Events Archive

Networkshop

Producing Slides for Conference Presentations

Travel Links

Contact

JANET Training

Community Events

CSIRT Training Course

24 and 25 July 2002

Aston Business School, Birmingham

Course Summary

Abstract

The CSIRT training course aims to develop the knowledge and skills that are needed by staff who are creating or joining a Computer Security Incident Response Team. The course has been developed by members of a number of European CSIRTs, covering both commercial and academic sectors, as a project of TERENA's CSIRT Task Force. The course is a mixture of presentations, exercises and discussion sessions, occupying two days. The course package will include accommodation as we feel that informal discussions after the training sessions are an important part of the learning experience.

Objectives

Pre-requisites

Trainees will be assumed to be competent system administrators and users, with an awareness of the security issues involved in connecting computers to the Internet. They must be committed to using their skills to improve the security of computers and networks. To protect the interests of other delegates, reference may be made to employing organisations before places on the course are confirmed.

For the technical sections of the course, familiarity with the normal operation of TCP/IP networks, addresses and protocols will be assumed.

Syllabus

The course consists of five modules. Some of these include exercises for the trainees to complete and discuss, others will include time for discussion among the whole class.

CSIRT Organisation

Describes how CSIRTs fit into their organisations: planning the CSIRT, defining the constituency of the team and gaining management authority for it, deciding the services the team will offer, working with others in the organisation, working with those outside the organisation, staffing the CSIRT, funding. Students will be invited to discuss their own organisation and how their team fits into it.

Technical

Understanding how intruders attack systems: intruders and their motivations, network protocols and how they can be abused, operating systems and services, types of vulnerability, information gathering, breaking in, hiding traces, denial of service attacks. A number of exercises are used to show how these appear in practice.

CSIRT Operations

Describes the facilities, systems and tools needed by CSIRTs to operate successfully: housing the CSIRT, equipment, e-mail, remote access, information and contacts, servers and networks, incident response plans and procedures, tracking systems. During the workshop exercise students will be invited to discuss and develop incident response plans for their own teams.

Legal Issues

Looks at the areas of legislation that are likely to affect CSIRTs in their work and which team members need to be aware of: origins of computer legislation, problems, data protection, computer misuse, working with law enforcement, monitoring, evidence, European developments.

Working with vulnerabilities

Discusses the roles that CSIRTs may decide to play in distributing and producing information about vulnerabilities: why do vulnerabilities exist, what should CSIRTs aim to do, sources of information and how to use them, advisories - distribution, interpretation, investigation and coordination.

2002 Archive index

Privacy Policy | Web Admin
© The JNT Association - JANET(UK), Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0SG
Tel: 01235 822200 Fax: 01235 822399