Georgia Tech: Fundamentals of Enterprise Network Security

Fundamentals of Enterprise Network Security

Program ID: EE-260
Program type: Short Courses (weekday)
CEUs: 1.8

Location/ (Accommodations)	Program Administrator	Start	End	Status	Cost
Georgia Tech Global Learning & Conference Center, Atlanta, GA (Georgia Tech Hotel and Conference Center)	Dr. John Copeland	February 7, 2006	February 9, 2006		$1,495.00
Section ID: 41634 Meeting time(s): •Tuesday, February 7, 2006 (7:30 AM-4:30 PM) •Wednesday, February 8, 2006 (8:00 AM-4:30 PM) •Thursday, February 9, 2006 (8:00 AM-4:30 PM)

Who Should Attend

This course is for network administrators of corporations, institutions, and government agencies who want to understand the technologies used for local area networks and the Internet, how these technologies create vulnerabilities to attacks, and what technologies can be used to provide the best security for a certain budget. In addition to the textbook, the students will be provided with notes on additional topics.

Course Objectives

Enterprise networks today rely on technologies developed and refined over the last two decades. Switched Ethernet now dominates the physical level of local area networks (which can cover wide-spread campuses), while at the higher levels Internet protocols carry messages around the world. Encryption technology is available that is virtually immune to a mathematical attack, but its purpose may be defeated by techniques such as a "man-in-the-middle attack," or by malicious software at the end points. The underlying technical issues that are exploited by network worms, viruses, bot nets, denial of service attacks, Trojan horses, and root kits will be covered. Techniques for network traffic monitoring to detect various undesirable activities will be emphasized, such as network anomaly detection, and the use of honey pots and honey nets to detect stealthy network reconnaissance by professional hackers. The course will cover network technologies and techniques in enough detail to understand how they work and how they can be misused (for example; "sniffing" traffic on a switched Ethernet, or "hijacking" a TCP/IP connection). The use of a multilayer, defense-in-depth approach to optimize security for a given cost will be analyzed.

Textbook

Network Security Essentials: Applications and Standards, by Wm. Stallings, Prentice Hall, second edition (2002).

Course Outline

Introduction

How Networks are Used
Objectives of Data Security

Networking Fundamentals

Ethernet
Internet Protocols (IP, TCP, UDP, ICMP, DNS, email, Web)
Wireless LANs

Cryptography Fundamentals

Secret Key
Public/Private Key

Use of Cryptography

Authentication Systems
Email (PGP, S/MIME)
Hashes and Message Digests
Digital signatures and certificates

Security Problems

Intruders
Worms
Email Viruses
Adware and Spyware
Spam Relaying
Denial of Service
Malicious Web Sites
Covert Channels

Hackers, for Fun and Profit

Script Kiddies
Media Sharers
Insiders
Spammers
Phishers
Bot-Net Operators
Blackmail
Industrial Spies
Nation-Level Threats

Network Protection

Firewalls
DMZs
Email Servers with Filters
Virtual Private Networks
Host-based Firewalls
Virus Protection

Network Monitoring

Firewall and Switch Logs
Signature IDS
Anomaly IDS

Detecting the Stealthy

Honey Pots
Dark Nets

System Design for Security

Segmenting the network
Layers of protection
Balancing Protection and Detection

Staying Current

Publications
Security email lists
Security Web Sites

Instructor

Dr. John A. Copeland is the John H. Weitnauer, Jr. Chaired Professor at the Georgia Tech School of Electrical and Computer Engineering (1983-). He teaches graduate and undergraduate courses on communications networks and network security, and does research in those areas (http://www.csc.gatech.edu). He was Director of the Georgia Center for Advanced Telecommunications Technology (1993-1996), Vice President, Technology at Hayes Microcomputer Products (1985-1993), and Vice President, Engineering Technology at Sangamo Weston, Inc. (1982-1985), and did research at Bell Labs on semiconductor circuits and optical fiber networks (1965-1982).

Dr. Copeland received B.S., M.S. and Ph.D. degrees in physics from the Georgia Tech. He has been awarded 38 patents and has published over 60 technical papers. In 1970 he received the IEEE's Morris N. Liebmann Award. He is a Fellow of the IEEE and has served as the Editor of the IEEE Transactions on Electron Devices. He served on the Board of Trustees for the Georgia Tech Research Corporation (1983-1993). He is a member of Infragard, the ISSA, and the ACM SIGSAC.

In 2000, he invented the StealthWatch network behavior anomaly detection system, and founded Lancope (http://www.lancope.com) which has deployed the StealthWatch system on over 100 corporate and government networks.