Training


Real Time Situational Awareness Using Argus

Carter Bullard, QoSient LLC

This class will introduce Argus, the network Audit Record Generation and Utilization System. It will include Argus’ approaches to data generation, collection, and stream processing of large scale flow data, including establishing, maintaining, and using large flow repositories and archives.

 


Network Profiling Using Flow – Part I
George Jones, SEI CERT

The “Network Profiling Using Flow” tutorial at FloCon 2012 will guide students through the process of learning what is on a network by looking at available netflow. Students will examine publicly available data from the 2009 Inter-Service Academy Cyber Defense Exercise (CDX) using SiLK. Students will perform initial investigations, we will present a methodology for profiling services, students will profile common services in the data (web, DNS, etc.), log their findings in a workbook, and present their findings.

Prerequisites

  • Required Knowledge (basic understanding/familiarity)
    • TCP/IP and network architecture
    • Unix command line tools
    • Information and Network Security concepts, terms and tools
  • Strongly Recommended
    • Some experience with SiLK (http://tools.netsa.cert.org/silk/)
  • Hardware and Software
    • A laptop or other device capable of running SSH
    • Your favorite report writing and presentation software (e.g. Microsoft Office, Open Office, Emacs, LaTeX ...)
    • [optional] Visio or other tools to create/update network maps

Recommended Preparation

 


Introduction to iSiLK
Ron Bandes, SEI CERT
Jonathan Steele, SEI CERT

This class will introduce students to network flow analysis using the iSiLK graphical user interface. This is an optionally hands-on class in which students may follow along on their own laptops if they fulfill the prerequisites.

Prerequisites

For students who wish to follow along on their own MS Windows laptops, iSiLK must be installed in advance of class.

 


Network Profiling Using Flow – Part II
George Jones, SEI CERT

The “Network Profiling Using Flow” tutorial at FloCon 2012 will guide students through the process of learning what is on a network by looking at available netflow. Students will examine publicly available data from the 2009 Inter-Service Academy Cyber Defense Exercise (CDX) using SiLK. Students will perform initial investigations, we will present a methodology for profiling services, students will profile common services in the data (web, DNS, etc.), log their findings in a workbook, and present their findings.

Prerequisites

  • Required Knowledge (basic understanding/familiarity)
    • TCP/IP and network architecture
    • Unix command line tools
    • Information and Network Security concepts, terms and tools
  • Strongly Recommended
    • Some experience with SiLK (http://tools.netsa.cert.org/silk/)
  • Hardware and Software
    • A laptop or other device capable of running SSH
    • Your favorite report writing and presentation software (e.g. Microsoft Office, Open Office, Emacs, LaTeX ...)
    • [optional] Visio or other tools to create/update network maps

Recommended Preparation