This is the last class of the Q/ISP Qualified/ Information Security Professional Certification. It’s the class that shows you defensive scenario’s to protect your networks from the hacker attacks and internal misconfiguations, data breaches and compromises. If network defense certification and security skills assessment is your goal, this class teaches you network firewall & router monitoring and defense, deep packet analysis/ including IDS & IPS, DNA malware detection and re-engineering. You learn offense from a defensive position with a "5 step" best practice process to measure your network defense goals.
75% hands-on labs for improving risk at DMZs, internet facing connections, external partner connections, intranet traffic, and managing security breaches. This certification is all about "real life" network defense scenarios.
Class Fee: |
$3,990 |
Time: |
72 hrs |
Learning Level: |
Entry |
Contact Hours: |
18 hr Lecture 22 hr labs |
Prerequisites: |
Understanding of TCP/IP Protocols |
Credits: |
72 CPE / 3 CEU |
Method of Delivery: |
Residential (100% face-to-face) or Hybrid |
Instructor: |
TBD |
Method of Evaluation: |
95 % attendance 2. 100 % completion of Lab |
Grading: |
Pass = Attendance+ labs & quizzes Fail > 95% Attendance |
Sample Job Titles:
Information Systems Security Engineer
Intrusion Detection System (IDS) Administrator
Intrusion Detection System (IDS) Engineer
Intrusion Detection System (IDS) Technician
Network Administrator
Network Analyst
Network Security Engineer
Network Security Specialist
Security Analyst
Security Engineer
Security Specialist
Systems Security Engineer
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Who Should Attend
Information Security administrators, Information Systems Managers, Auditors, Network Administrators, Consultants, Systems and Data Security Analysts, and others seeking to enhance their FW, IPV security knowledge.
Text Materials: labs, SU Pen Testing Materials, resource CD’s and attack handouts.
Machines a Dual Core 4M Ram, 350 Gig drives, running MS OS, linux, and VMWare Workstation
Tools for class - Whois, Google Hacking, Nslookup, Sam Spade, Traceroute, NMap, HTTrack, Superscan, Nessus, PSTool,
Nbtstat, Solarwinds, Netcat, John the ripper, Nikto/Wikto, Web Scarab, HTTP Tunnel (hts.exe), LCP , Cain and Abel, Ettercap system hacking, John the Ripper Wireshark sniffers, TCP dump, D sniff, SAINT, tcpdump, Metasploit, ISS exploit, web app,Core Impact, Snort, Infostego, Etherape, Firefox with plugins (Hackbar, XSSme...), ebgoat, X Wget, Cyrpto tool, 'Curl', Hekix, Digtal DNA, Triumphant, soft wall fw, CISCO FW, Cisco routers
KU Outcomes:
- Students will be able to describe potential system attacks and the actors that might perform them.
- Students will be able to describe cyber defense tools, methods and components.
- Students will be able to apply cyber defense methods to prepare a system to repel attacks.
- Students will be able to describe appropriate measures to be taken should a system compromise occur.
Learning Objectives
Identify the threats against network infrastructures and mitigate risk/impact of attacks
Learn how to harden the network firewalls, and the SIEMs that analyze a network threat to detect the adversary
Decode and analyze packets using various tools to identify anomalies and improve network defenses
Understand how the write snort signatures and apply at points of compromise
Understand the 6 steps in the incident handling process and how to run an incident handling capability
Learn how to use tools to identify /remediate malware
Create a data classification program, deploy data loss prevention solutions at layer 2/3
In-depth Packet Analysis labs
• Hands on Snort & IPS labs
• Hands-on reverse engineering viruses & trojan labs
• Mitigate site spoofing & phishing
• Mitigating botnets
• False alarms vs. real threats analysis
• IPS Filtering techniques
• NAC's - effective containment technique
• Best practices, step by step process for perimeter protection
• Define a recovery strategy
• 5 steps that establish measurable goals for network defenses.
CLICK TO ROLL DOWN OUR CLASS SYLLABUS
Lesson Plan 1
1. Review of Internet Attacks
hacker trends and motives
denial-of-service attacks: SYN floods, smurf, Trinoo and others
network probes and scans
IP spoofing
Trojan horses
application-level attacks
2. Characteristics of the Firewall Environment
objectives of firewalls
creating security domains
perimeter and internal firewalls
firewall rule sets
defining the firewall stance: default deny vs. default allow
firewall platforms
common commercial firewalls
host-based firewalls
firewall appliances
firewall configurations
dual-homed configurations
demilitarized zones (DMZs)
screened sub-networks
multi-homed configurations
high availability firewalls
positioning Network Services in the firewall environment
servers on the firewall
single server vs. multiple server
access to internal applications
firewall architectures: packet filters, proxy-based firewalls, hybrid firewalls
issues not addressed by firewalls: poor
passwords, data-driven attacks, modems, internal attacks
3. Firewall Security Policies
risk assessment approach
identifying essential services
identifying key threats
vulnerability assessment
developing firewall rule sets
supporting essential network services
"dangerous" network services
creating policies for inbound access and outbound access
Network Address Translation (NAT) and PortAddress Translation (PAT)
additional elements of the firewall security policy
denial-of-service filters
account management and authentication
remote management
4. Standard (Stateless) Packet Filters
packet filter design
identifying where packet filtering is performed
rules processing
ingress and egress filtering
packet filter control points
connection parameters
TCP flags
ICMP message types
permitting established connections
configuring packet filters to control access to common protocols: HTTP, SMTP, DNS
advanced packet filter usage
addressing denial-of-service attacks: LAND, ping floods, SYN floods
dynamic access controls
authentication, authorization and accounting (AAA)
limitations of packet filters
handling difficult protocols: FTP, multimedia applications
Lesson Plan 2
5. Stateful Inspection Firewalls
stateful inspection firewall design
overcoming the limitations of standard (stateless)
packet filters
control points for stateful inspection firewalls
strengths and weaknesses of stateful inspection technology
configuring the TCP/IP protocol stack
IP forwarding issues
maintaining stateful information
connection tables and performance
pseudo connections for UDP
network address translation techniques
application protocol handling
handling FTP and streaming protocols
application data
Web content: ActiveX controls, Java applets
6. Proxy-Based Firewalls
proxy firewall design
characteristics of proxy-based connections
important differences between proxy firewalls and
caching proxy servers
address hiding
circuit-level proxies
application-layer proxies
strengths and weaknesses of proxy firewalls
configuring the TCP/IP protocol stack for proxy firewalls
hardening the protocol stack
IP forwarding issues
application proxy rules processing
application protocol and data handling
configuring application proxies to support SMTP, FTP, HTTP
configuring generic proxy servers
onE-to-one
any-to-one
7. Proxy Servers for Internal to External Access
types of proxy servers
Winsock proxy servers
SOCKS proxy servers
Web proxy servers
configuring clients for proxy servers, client
applications, client operating systems, port
redirectors on proxy server gateways
8. Personal Firewalls
the need for personal firewalls
the mobile user
home office users
Trojan horse problems
managing the personal firewall
standard templates vs advanced configuration
user managed vs. centralized management
common personal firewalls
Lesson Plan 3
9. VPN’s
• The need for VPN’s
• How to configure
• How to integrate with firewalls
• What VPN’s to use with which firewalls
Securing network connections using VPN
Prevention Tools
• The need for IPVs
• How to configure
• How to integrate with firewalls & VPN’s
• What VPN’s to use with which firewalls
• Gartner’s report on IPV & IPV matrix
10. Content Filtering and Other Network Perimeter Safeguards
the need for content filters
deploying content filters
SMTP filters
anti-virus
blocking Trojans and Worms at the SMTP server
spam filtering
anti-relaying
Web site filtering blockers
database management
recommended policies and actions
filtering mobile code: ActiveX, Java, JavaScript
intrusion detection tools
Integrating firewalls
firewall penetration-testing tools
securing network connections using VPNs
11. Firewall, VPN & Prevention Management
assessing the firewall, VPN & IPV vendors
independent certification of firewall & VPN products
installation, training and after sales support
assigning resources for firewall, VPN & IPV management
firewall & VPN administrator responsibilities
88 creating a secure platform for prevention
creating a bastion host
NT hardening
Unix hardening
creating system baselines
monitoring the firewall
firewall, VPN, & IPV alerts
incident handling: best practices
log file management: content and processing tools
keeping up to date: key E-mail lists and Web sites
Lesson Plan 4
1. Preparation - Laying the groundwork for effective malware
incident management with a look at the current state of malware
threats and their evolution.
- Malware defined
- Environments where viruses & malware thrive
- Malware risks
- Review the new threat - blended attacks
- Trojan review & analysis
- Patch Management using PatchLink Update
- Strengths and weaknesses of current anti-virus products
- Install Confidence on-line, NORTON, SOPHOS, MCAFEE and other virus software in Hands-On labs
2. Detection - In a recent study, less than a third of the participants realized they'd experienced a malware attack. How to detect and analyze a malware incident quickly and accurately.
- Advanced virus & trojan diagnosis and identification
- Identifying missing Patches
- False positives alarms vs. actual incidents
- NIMDA, CODE RED and others - learn what they do
- Dissecting audit records
- Determining source and scope of infection
3. Containment and secure application review - A look at the two essential containment techniques — stopping the malware spread, bad coding and halting the side affects.
- Filtering inbound and outbound network traffic
- The importance of public relations
- Identifying patch impact
- Limiting exposure by secure application coding
4. Eradication - If a virus or other malware does attack, how to remove it completely in the most effective and permanent manner.
- Reviewing system configuration and initialization items
- Removing modifications to courses and data files
- Benefits and challenges of current removal techniques
Defining a recovery strategy and restoring a system
Defining incident management goals and metrics
Lesson Plan 5
5. Recovery and patching your network - Returning the network and any other affected systems to full operation, with minimal impact. Special emphasis on systems and data backup recovery techniques.
- Returning the network systems to full operation
- Patch deployment
- What was the impact.
- systems and data backup recovery techniques
- A review of Core Security Impact vulnerability exploit tool to ensure patch updates.
6 . Response and follow-Up - How and why did the attack happen, how was it removed, and what lessons can be applied to possible future attacks? The final and most crucial step in a successful incident management program
- Establishing a incident response team based on the type of incident
- Documenting lessons learned
- Metric collection and trend analysis
- Establishing measurable goals for compliance
Class Exercises
- Anti-virus and anti-trojan product strengths and weaknesses
- Determining a detection treatment for trojans & viruses
- Selecting effective containment and patching techniques
- Removing infections and residual affects
- Defining patch management goals and compliance metrics
Exam 75 Questions Online exam, begins at 1pm
Grades - All students must ordinarily take all quizzes, labs, final exam and submit the class practical in order to be eligible for a Q/ISP, Q/IAP, Q/SSE, or Q/WP credential with SU or another school unless granted an exception in writing by the President. Know that Q/ISP classes draws quite the spectrum of students, including "those less comfortable," "those more comfortable," and those somewhere in between. However, what ultimately matters in this course is not so much where you end up relative to your classmates but where you end up relative to yourself in on Friday of class. The course is graded as a pass or fail solely on your attendance and participation. Those less comfortable and somewhere in between are not at a disadvantage vis-à-vis those more comfortable. Escalating labs help you prepare for real world scenarios. Each labs escalates upon itself, increasing in intensity, rising to the next level, while you’re mitigating the threat step by step. All books are provided during class.