VTEC Training
Course Code: 19025
CYBER THREATS DETECTION AND MITIGATION TRAINING
VTEC Training
Portland,
ME
Class Dates:
1/1/0001
Length:
5 Days
Cost:
$2495.00
Class Time:
Technology:
Security
Delivery:
Instructor-Led Training, Virtual Instructor-Led Training
Overview
- Course Overview
- This 5 day training course examines the fundamentals of system forensics: what forensics is, the role of computer forensics specialists, computer forensic evidence, and application of forensic analysis skills. It also gives an overview of computer crimes, forensic methods, and laboratories. Students will learn about the tools, techniques, and methods used to perform computer forensics and investigation. This course explores emerging technologies as well as future directions of this interesting and cutting-edge field.
In this 5 day course you will learn:
Identify the best defensive measures to effectively protect a network
Setup and maintain an intrusion detection system
Conceptualize and develop intrusion detection rules and rule sets
Analyze and respond to intrusion attempts
Recover from a successful intrusion
- Audience
- WHO SHOULD ATTEND
Network defenders who want to respond to networking threats
Incident responders needing to quickly address system security breaches
Individuals who need a firm understanding of signature development and Snort
Prerequisites
- Before taking this course, students should have the following skills and experience:
A firm understanding of TCP/IP
Network+ or equivalent knowledge or background
Both the Network Traffic Analysis course and the Malicious Network Traffic Analysis course are recommended prior to attending.
Course Details
- DAY 1:
- Cyber Threat Overview
- Intrusions Defined
- Historical Intruders
- Historical Intrusions
- Wireshark Overview
- TCP Session Initialization Review
- Incident Response
- DAY 2 - 3
- NetFlow Analysis
- Cisco NetFlows Ver 1 - Ver 9 (IPFIX)
- SFlows, JFlows
- Silk and Argus Collectors, Intrusion Detection Systems
- Definition, IDS Types, Scanning versus Compromise
- " IDS Known Good vs. Known Bad Approaches
- Rule Based IDS,Heuristics Based IDS, Response Actions
- Inline IDSs, Problems with Active Response, Defense in Depth
- False Positive and False Negatives, Intrusion Prevention Systems, Active Response Techniques
- Introduction to SNORT, Packet Sniffer, Packet Logger
- NIDS, Protocol Support, Sourcefire, Packer Decoder, Preprocessors
- Detection Engine, Alert and Logging,
- .
- Detection Rules, Actions After a Match
- What Rules Can't Do, Fundamentals of a Rule
- Rule Actions, Rule Body Options
- Content Modifiers, Pre-Processors
- Output Plug-ins,
- Attack Scenarios
- Writing Signatures
- DAY 4
- Syslog Tools, Kiwi SyslogD Server Setup
- Non Payload Detection Rules, Dsize, Fragoffset
- TT1, TOS, ID, IPOpts, Fragbits
- Flags, Flow, Flowbits, Seq
- Window, Post-Detection Rule Options
- Logto, Session, Resp, Tag,
- Writing Effective Snort Rules
- Content Matching
- Catch Vulnerabilities
- Oddities of the Protocol, Optimizing IDS Rules
- Attack Scenarios
- Writing Signatures
- DAY 5
- Student Practical Demonstration
- You will be given five attack scenarios in which you will need to write Snort rules to defend against.
- Once you have implemented the rules in your Snort System, the instructor will launch attacks against them to determine if your rules were effective.
- LABS
- Setup and Configure an IDS to match a network topology map
- Define Network Variables
- Configure Output Statements
- Write over 30 Signatures
- Analyze and Write Signatures based attack patterns
- Tune signatures to reduce false positives and false negatives
- Reverse Engineering Existing and Downloaded rule