Description
Fully understanding how TCP/IP works is a must-have skill for anyone involved in IT security, this course will teach you everything about the TCP/IP protocol suite and its security concerns and implications.
You will learn all the gory details about the packets that are exchanged whether you browse, send emails, DDoS your friends, ARP spoof or hijack connections. You will learn how to sniff, decode and understand packet traces and attack patterns, how to craft packets for good and evil using specific tools, how to defend the networks you manage by deploying firewalls and Intrusion Detection Systems.
Topics
You'll learn:
TCP/IP protocol suite and related protocols
sniffing with tcpdump, Wireshark and other specialized tools
network scanning and system fingerprinting
common attack patterns
packet crafting tools
purpose-specific tools for session hijacking, DoS'ing and much more
advanced firewalling and Network Intrusion Detection System deployment
Prerequisites
basic command line proficiency on *NIX systems
Prerequisite material
Each student must bring his own laptop running a modern and up to date Linux distribution, capable of compiling without problems.
Needless to say a working network adapter (along with a IPv4 TCP/IP) stack is required.
Instructor: Andrea Barisani
Andrea Barisani is a system administrator and security consultant. His professional career began 8 years ago but all really started when a Commodore-64 first arrived in his home when he was 10. Now, 16 years later, Andrea is having fun with large-scale IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security training and his Open Source projects. He eventually found that system and security administration are the only effective way to express his need for paranoia. He's currently involved with the Gentoo project managing infrastructure server security being a member of the Gentoo Security and Infrastructure Teams along with distribution development. Being an active member of the international Open Source and security community he's maintainer/author of the tenshi, ftester and openssh-lpk projects and he's been involved in the Open Source Security Testing Methodology Manual, becoming a ISECOM Core Team member. Outside the community he has been a security consultant for Italian firms and he's now the co-founder and Chief Security Engineer of Inverse Path Ltd.