GEANT2 Security Toolset Training

SWITCH logo

SWITCH Offices, Zurich, Switzerland, 18 - 19 March 2008

Overview

This course has been designed to enable participants to understand and be able to use the Netflow-based GÉANT2 Security Toolset, which consists of the netflow analysis tools NfSen and NfDump and the FlowMon appliance. The course will teach participants to use NfDump and NfSen to analyse such Netflow data and it will explain how to use FlowMon appliances to acquire Netflow data. It will explain how to use the Security Toolset to identify and analyse network security threats. It will also give participants the opportunity to practice using the Toolset in a well-controlled environment.

Objectives

  • Understand the relevance of Netflow to improving network security.
  • Understand the roles and functions of the GÉANT2 Security Toolset components.
  • Understand the concept of extending the functionality of the GÉANT2 Security Toolset with plugins.
  • Be able to use the GÉANT2 Security Toolset to identify and analyse potential security issues.

Outline

  • Why Netflow? Its use for improving network security.
  • Why FlowMon? An attractive way to get Netflow data.
  • Why NfDump and NfSen? Rationale and features.
  • How NfDump and NfSen are used: use cases.
  • Connecting and configuring the FlowMon probe
  • Creating profiles.
  • NfSen alerting.
  • Working with NfSen plug-ins.
  • The road ahead: future developments.
  • Hands-on exercises.

Day Two - Train the trainers (Optional)

The second day will be an optional half day to train the attendees in how to deliver a successful training course themselves. This will focus mainly on the non-technical aspects of training, including presentation skills, problem solving, how to create the right atmosphere and much more. Once this part of the course is completed, you will become an Approved Trainer for the GÉANT2 Security Toolset, which allows you to conduct further training in your local community and beyond.

NOTE: Participants intending to deliver courses based on the materials used in this training course must have attended the training session on day two.

Timing

Day one will run from 09:00 - 16:00, and day two will run from 09:00 - 13:00 approximately.