|
Home 
IT Security Online Training
IT Security Online Training
These free online courses are designed to provide continuing intermediate
and advanced technical training to members of the UM security community.
Most courses include lab exercises conducted in a virtual lab environment
that you install on your own computer.
Current course offerings include:
ITS Virtual Lab Environment
Online training course experiments are conducted in a VMware-based virtual lab
environment. These experiments are an integral part of most courses and will
enhance your learning experience.
You will need an IA32 compatible laptop running VMware Player,
Server, or Fusion. Download the following two files to the same directory
(right-click on each and select "Save As"). then open the VMX file in VMware
to boot the lab environment.
Note: IE7 cannot download files larger than 4 GB. Please use a standards-compliant browser such as FireFox instead, or download this compressed version:
- ITS372 FC8.vmdk.gz (1.4 GB)
After downloading and decompressing this file, you should verify
the MD5 checksum matches that of the original uncompressed version.
Some online training courses may require supplemental software
installation before virtual lab experiments may be performed. Please see
the individual course entries below for pointers to the supplemental
software.
The ITS virtual lab environment has been modified specifically for
use with ITS online security training. It suffers several security
vulnerabilities and is not kept up to date with respect to patches.
It contains a firewall configured not to allow most inbound connections
as the only line of defense. While a necessary and valuable component
of ITS online security training, the lab environment is not recommended
for any other use.
ITS 258: Network Security
Course Description:
This course provides intermediate training in securing networked
enterprise deployments, and covers network topologies, firewalls, and
open-source and commercial network scanners.
Takeaways:
After completing this course, participants will: understand firewall
fundamentals; understand enterprise network topology fundamentals;
understand Linux iptables firewall administration and operation; and be
able to install, operate, and analyze the output of Nessus scanner.
Audience:
This course is intended for security administrators.
Course modules:
| Module |
Webcast |
Slides |
Duration |
| Introduction |
swf |
pdf |
12:35 |
| Installation |
swf |
pdf |
7:58 |
| Firewalls |
swf |
pdf |
1h:43 |
| Scanning |
swf |
pdf |
57:15 |
Supplemental Software:
Please copy the following compressed archive to any directory in your virtual
lab environment and install it using the command
sudo tar Pzxf its258.tgz
This archive adds the /usr/local/lab/nessus subdirectory needed for the
Scanning module.
- its258.tgz
md5sum: 000e6a10332ceefda5773bcbde7b4af3
ITS 260: Mobile Device Security
Course Description:
This course provides basic training in the secure use of mobile devices.
Best practices and self-management in the secure use of these devices
is covered, and includes: definition of private data, threats to data
on mobile devices, and securing these data. Built-in and freely
available technologies are discussed, including BitLocker and EFS for
Windows systems, encrypted volumes and FileVault for Mac OS X, and
use of Lexar SecureII jump drives for encrypted storage of data.
A demonstration of the use of the Lexar Secure II jump drive is included.
Takeaways:
After completing this course, participants will: understand the definition
of and risks to private data stored on mobile devices; understand the
threats to data on mobile devices; and understand best practices in securing
these data useing built-in and freely available technologies.
Audience:
This course was developed for researchers who self-manage their mobile
devices, but the concepts and tools apply to anyone who stores data
on self-managed mobile devices.
Course modules:
| Module |
Webcast |
Slides |
Duration |
| Mobile Device Security |
swf |
pdf |
1h:25 |
| Demonstration Discussion |
swf |
pdf |
00:00 |
| Secure II Flash Drive Demo |
swf |
- |
22:22 |
| Basics of Cryptography |
swf |
pdf |
45:44 |
Supplemental Software:
No virtual lab software is needed for this course. You will need a Lexar
Secure II Jump Drive and a platform running either Windows XP or Vista or
Mac OS X in order to participate in the demo.
ITS 270: Intrusion Detection
Course Description:
This course provides an overview of Intrusion Detection and Prevention systems, and discusses the architecture, implementation, and efficacy of such systems. Students will use the open source Snort IDS systems to create scripts for detecting network attacks, and will experiment with sampling of real or recorded network traffic.
Takeaways:
After completing this course, participants will: understand IDS/IPS
fundamentals; understand the physiology of IDS rulesets; understand the
difficulties of and available mitigations to operating an IDS; and be able
to install, configure, operate and analyze the output of the Snort IDS.
Audience:
This course is intended for security administrators.
Course modules:
| Module |
Webcast |
Slides |
Duration |
| Introduction |
swf |
pdf |
13:03 |
| Installation |
swf |
pdf |
7:58 |
| Fundamentals |
swf |
pdf |
1h:27 |
| Countermeasures |
swf |
pdf |
1h:18 |
| IDS Issues |
swf |
pdf |
58:55 |
Supplemental Software:
Please copy the following compressed archive to any directory in your virtual
lab environment and install it using the command
sudo tar Pzxf its270.tgz
This archive adds the /usr/local/lab/snort subdirectory needed for the
Countermeasures module.
- its270.tgz
md5sum: 063d7d60c9911bb6311cfe01b7274291
ITS 372: Advanced Web Security
Course Description:
This course shows how to assess and secure your web infrastructure,
using current open-source tools and techniques. Topics to be covered
include: reconnaissance tools, code & SQL injection, cross-site
scripting & request forgery, secure coding practices, fuzzing, and
U-M information security policies. This course includes hands-on
student experiments using a virtual lab environment.
Takeaways:
After completing this course, participants will: understand HTTP &
HTTPS protocols & usage; use practical methods and tools to assess
web application security; understand strategies and approaches for
securing web infrastructures; and understand the elements of secure
web application coding practices.
Audience:
This course is intended for security administrators.
Course modules:
|
