Security Training Classes and Talks
On this page:
- System Security from the Ground Up
- Securing Windows Systems and Domains
- Securing Unix and Linux Systems
- Managing Information Technology at Stanford
- Hardening Systems Through Hindsight
- Encryption Technology
- Basic Computer and Network Security Awareness for Non-Techies
Please consult STARS for dates, time, and registration for these classes at Stanford University's Axess system. You will be required to login.
System Security from the Ground Up
DESCRIPTION
We'll cover the basic principles of information security. The goal is to provide attendees with the conceptual framework to defend their systems from attack, know when systems are being attacked, and how to respond when such security incidents happen.Topics include fundamental security principles, definitions, risks, best practices, the role of systemadministrators, network security, host security, application security, and miscellaneous topics (e.g., physical security, identifying critical assets, laws and policies, incident response, data classification, SU network strengths and weaknesses, mobile computing). Examples are from popular operating systems (e.g., Windows, Linux, and Solaris) and applications (e.g., Apache).
PREREQUISITES
At least one year's experience managing or supporting systems/networks, or developing/deploying applications. No prior security knowledge is expected. "Core computing technology" is always briefly reviewed before more in-depth discussions.
WHO SHOULD ATTEND
Staff who support any computer systems and/or networks at Stanford. Attendees would likely be LNAs, system administrators, network administrators, application deployment specialists, firewall, switch and router technical staff.
INSTRUCTOR
Securing Windows Systems and Domains (ITS-2825)
DESCRIPTION
This course will discuss methods for securing Windows XP/Server 2003 systems and domains in detail. It will cover the many facilities provided by the operating system for doing so (i.e., group policies, authentication and authorization methods, secure communications protocols, and so on). Drawing on real-world examples, it will address both the available security options and recommended best practices.
TOPICS COVERED
- Thinking about security
- Analyzing threats
- Windows security architecture
- Lessons learned from several security incidents
- Controlling user environments
- Securing files and data
- Securing networks and network communications
- Mitigating network threats
- Configuring applications for maximum security
- Security monitoring and auditing
- Summary: Hardening Windows systems d or decrypted at the target. Due to the mixed Windows server environment on campus, remote file transfer of encrypted files is to be avoided.
INSTRUCTOR
Securing Unix and Linux Systems (ITS-2823)
DESCRIPTION
This course will discuss methods for securing UNIX/Linux systems and networks in detail. It will cover both standard operating system features and open source add-on software. Drawing on realworld examples, it will address both the available security options and recommended best practices.
TOPICS COVERED
- Thinking about security: analyzing threats and possible responses
- Controlling user environments
- Securing files and data
- Securing system services
- Network security (including remote access issues)
- Mitigating network threats
- Security monitoring and auditing
- Configuring applications for maximum security
- System hardening
INSTRUCTOR
Managing Information Technology at Stanford
DESCRIPTION
Managing at Stanford often includes working with computers and sensitive data, or supervising individuals who do. This presentation will cover what criteria to use to determine if you're working with Stanford Restricted and Sensitive data and what steps you should take if you are. We'll describe the most common ways that computers can be compromised and present strategies to use to protect yourself and your computer. Finally, we'll present some case studies which highlight managers' roles in protecting Stanford computing resources.
INSTRUCTOR
Hardening Systems Through Hindsight (ITS-2827)
DESCRIPTION
There are hundreds of databases and application systems at Stanford, and not all of them are secure "out of the box". This presentation will illustrate how penetration testers are able to compromise several systems using only publicly available tools and information. The talk is intended for anyone who owns, develops, or maintains a Stanford information system and will provide basic defensive strategies that will help to harden those systems.
INSTRUCTOR
Encryption Technology (ITS-2829)
DESCRIPTION
AES, PGP, SSL, WEP, IPSEC. Modern computers and networks use an alphabet soup of encryption technologies to protect their data. But just what are they doing to the data, and how safe should you feel about it? This presentation will cover the basic elements of cryptography and show how they fit into many popular encryption systems, with particular focus on those commonly used at Stanford. Learn what the best practices are in using cryptography, and what can happen when they're not followed. The talk will help developers and end users make sensible decisions about how to use encryption to secure their systems and their data.
INSTRUCTOR
Basic Computer and Network Security Awareness for Non-Techies (ITS-2811)
DESCRIPTION
This course is intended for individuals just beginning to explore computer security. This course is designed to teach participants with little to no security experience important technology concepts every Internet user should know. In this class, you will learn about threats, anti-spyware, firewalls, Phishing, identity theft, how to create strong passwords and more. This course will raise your awareness and give you the basic information you need to protect yourself whether you are on your computer at work, on the road, or at home. I've designed this course for those of you who think may be vulnerable but did not know where to get basics fundamentals and information.
SOME TOPICS TO BE COVERED
- Passwords
- Spyware
- Hacking and malicious code
- Web browser security
- Anti virus
- Patching
- Wireless security
- Firewalls
- Identity Theft
- Phishing
- Securing Files
WHO SHOULD ATTEND
- Anyone interested in the very basics of computer security and wanted to know what those buzz words are all about.
- Those who possess or access sensitive files on computers.
- Those who go online for shopping and banking and wondered about safety.
- Telecommuters
- Those with home and wireless networks.
INSTRUCTOR
Last modified Wednesday, 23-May-2007 01:06:37 PM