AfNOG - CERT & Network Monitoring & Management Training

AFNOG - CERT Technical & Management Training

This course covers technical training for CERT staff of technical operations of organizations to make them understand the basic operation of CERT and information security topics.

Participants must have basic technical background about the Internet technology such as network, protocols, operating systems, server, programming, database and so on. Additionally, Participants should have basic understanding of information security and recent cyber threats.

The course is ideal for technical security staff of governments, regulators, law enforcement, academia and Internet industry.  This course include hands-on training, so participants have to bring their own laptop to do exercises.  

The 3-day CERT Instructor Training Course for Technical Staff will be given by Mr. Kamata of JPCERT/APCERT.

This course covers technical CERT training for CERT staffs of technical operations to make them understand the basic operation of CERT and basic information security topics.

1. Overview of Internet Security: This topic covers technical topics of Internet security such as reviewing basic knowledge of network or servers, major attack methods, vulnerabilities, etc. Participants will have a good understanding of the basic technical knowledge of Internet security.
2. Incident Analysis Basics – Log Analysis [Hands-On] : Understanding log information is very important to find computer security incidents. This topic will cover the basic knowledge of log information within major servers such as mail server, web server, database server, etc. This topic will include hands on exercise to read and understand actual attack logs.

1. Technical Overview of Information Security: This topic covers basic understanding of information security like CIA (Confidentiality, Integrity and Availability) factors and other basics of information security. Also talk about Vulnerability, Risk, Threat and major attack way on the internet.
2. Security Tools for CSIRT:  Understanding security tools for CSIRT is one of the good ways to reduce our work. This session is to introduce various types of security tools around the world.

1. Information Gathering and Analysis – [Exercises] : Information gathering is one of the most important activities for operating CSIRTs. Most of the important information can be found on major websites. This session will cover how to gather information, how to evaluate, how to store and how to respond to each information. These information may include zero day activities, large scale cyber attacks, vulnerabilities, new virus or malware, etc. Exercise is included.
2. Publishing Technical Documents – [Exercise] : Publishing technical documents is a key role of CSIRTs. The documents should be trustful enough for our constituencies. This session will cover how to consider writing technical security advisories or other technical documents from a CSIRT standpoint. Exercise is included.
3. How to conduct Technical Training of Information Security: Share experience, idea, knowledge, method and motivation by Mr. Kamata.

Advanced CERT  Training

1.  Advanced Incident Analysis –Web Application Security : Recently, computer security incidents focus more on HTTP related world such as web application program. Understanding HTTP protocol is a key to understanding web-based security issues. This session will cover the knowledge of HTTP protocol and security issues related toweb-based systems.
2. Introduction to Malware Analysis – [Hands-On] : Malware distribution is continuing to increase. This session covers introduction to malware analysis and understanding the basics of malware analysis such as static analysis, surface analysis, dynamic analysis, etc. Hands-on exercise with malware analysis tool is included.
3. International Incident Handling Drill –  [Exercise] : After conducting all the above trainings, the experience of an International Incident Handling Drill is one of the good ways to test the participants’ skill. In this session, participants will be divided into 4 teams to act as 4 different countries, and experience the scenario of international-scale computer security incidents. Skills required are malware analysis, log analysis, web application security, etc.

Network Monitoring & Management

A 5-day course for those who need to manage diverse Network and NOC  operations. A combination of theory and lab, with lab work accounting for approximately 60% of the total course.

Topics include

•  General Network Management and Planning Principles
•  Network Operations Center overview
• Documenting your network, including a discussion of available tools and the use of Trac as a wiki resource.
• SNMP and other network management Protocols
• MRTG/RRDTool, Nagios, Netflow/NfSen, SmokePing, Cacti
• Ticketing systems such as Request Tracker (RT).
• Scripting and adapting tools to your system
• Rancid and SVN for configuration management
• Log management and monitoring

Who should attend

Engineers and system staffs at ISPs and large networks including  academic networks who are involved system management, network  monitoring, and network management. The course is for those who need to manage diverse Network and NOC operations.

Pre-requisites

Good knowledge of Unix/Linux, IPv4 addressing and general network concepts