1 / 9

Practical Training of Information Security

Practical Training of Information Security. Masahito Gotaishi, R & D Initiative, Chuo Universty. About Us. Graduate School of Chuo University Faculty of Science & Engineering 8 major subjects including Information and System Engineering

shina
Download Presentation

Practical Training of Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Practical Training of Information Security Masahito Gotaishi, R & D Initiative, Chuo Universty

  2. About Us • Graduate School of Chuo University • Faculty of Science & Engineering • 8 major subjects including Information and System Engineering • 5 minor subjects including e-Society & Information Security in the MS Course • Part-time Doctoral Course • Launched the Project of Development of the Information Security Training System, sponsored by the MEXT

  3. Necessity of Training Following curriculum is required as the Technical Training… • Threat (ways of unauthorized access) • OS Security • Network Security • Application Security • User Authentication • Network Technology • Encryption • PKI mandatory

  4. ,,, -but for What ? • For the skill of implementing security systems • For the skill of Risk Analysis • For the skill of Self-Learning

  5. Description of our Course • Practical Windows security Course • 15~18 students in each class. 3 classes in 2003 • 5 day intensive course, with practice • Purpose • To teach the tools & methodology used in the real scene of SysAdmin & security management. • To realize students the actual risk of the vulnerabilities and exploits. • To give basic training for researching & discovering new methodologies of attacks and defense technology It is one of the new security courses, planned in the Development of the Information Security Training System, sponsored by the MEXT

  6. 101 151 171 The environment Windows 2000 Professional (Attack machine) Windows 2000 Server (Target machine) VMware Workstation 4.0 W2K Pro IP W2K Sv IP RedHat IP Red Hat Linux 9

  7. Among the things which impressed the students • Password Cracking • Offline dictionary attacks by Cain to work out the password from the hash • ARP cache poisoning • One of the “Monkey in the Middle” tricks. Most people are amazed at the ease of eavesdropping ,,,,,, and various other ways of intrusion including dcom.exe (MS03-026)

  8. Follow-up study making use of the graduates' community • Graduates' mailing list • Those who finished the course can join the graduates' mailing list to exchange various information related to security • Follow-up study group • Other workshops about the particular fields including "Buffer Overflow" are held among those who want to do

  9. Acknowledgement This work was supported by “The Special Coordination Funds for Promoting Science and Technology” of the Ministry of Education, Culture, Sports, Science and Technology (MEXT), Japan.

More Related