For those who can get on location – and can afford it – Richard Bejtlich, from TaoSecurity will give a 2-days course on how to detect and react to an attack on a network. The course will cover those points:
- Collection: What data do you need to detect intruders? How can you acquire it? What tools and platforms work, and what doesn’t? Can I build what I need?
- Analysis: How do you make sense of data? If intrusion detection systems are dead, what good are they? What is Network Security Monitoring (NSM)? How can I perform network forensics?
- Escalation: What do you do when you suspect an intrusion? How can you confirm a compromise? How should you act?
- Response: You’re owned — now what? Do you contain, remediate, or play dead? How do intruders react to your actions? Can you ever win?
Black Hat Europe 2009 will occur from April 14 to 17 in Amsterdam and will reunite 20 internationally renowned security specialists worldwide.
Black Hat Europe 2008 Briefings, http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html (accessed on November 11, 2008)