Who should attend?
I T Security Centre Personnel, Auditors, CERT members, Network and System Administrators.
- Basic knowledge of TCP/IP, networks, Linux and Windows operating system.
The following topics will be covered in order to conduct incident analysis without referring to storage
components such as hard disks and RAM. Another objective is to detect incidents and malicious network traffic exploiting incorrect configuration of network components.
- Foundations of traffic analysis
- Network packet capturing technologies: Hardware, software and tools
- Basic network protocols and components
- Network security component log analysis: Logs of firewalls, intrusion detection and prevention systems, etc.
- Analysis of network protocols (HTTP, SMTP, DNS etc.)
- Deep packet inspection
- Detection of malicious network traffic: “Man in the middle attack”, “DNS cache poisoning” etc. attacks
- Detection of network traffic tunnelling techniques: DNS, ICMP, SSH tunnelling etc.
- Analysis of encrypted network traffic: “SSL traffic listening” technique
- Reconstruction of network traffic to obtain original data
- Network flow analysis
Attendees will be able to conduct network traffic analysis and to collect evidence without accessing storage components. They will also be able to detect malicious network traffic and security incidents deriving