Course Code: 5678

EC-Council - CND - Certified Network Defender

Class Dates:
5 Days
Class Time:
Instructor-Led Training, Virtual Instructor-Led Training


  • Course Overview
  • Certified Network Defender (CND) is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program. It is a skills-based, lab intensive program based on a job-task analysis and cybersecurity education framework presented by the National Initiative of Cybersecurity Education (NICE).

    The course has also been mapped to global job roles and responsibilities and the Department of Defense (DoD) job roles for system/network administrators.

    The program prepares network administrators on network security technologies and operations to attain Defense-in-Depth network security preparedness. It covers the project, detect and respond approach to network security.

    The course contains hands-on labs, based on major network security tools and techniques which will provide network administrators real world expertise on current network security technologies and operations.
  • Audience
  • Network Administrators
    Network security Administrators
    Network Security Engineer
    Network Defense Technicians
    CND Analyst
    Security Analyst
    Security Operator
    Anyone who involves in network operations

Course Details

  • Computer Network and Defense Fundamentals.
  • Network Security Threats, Vulnerabilities, and Attacks.
  • Network Security Controls, Protocols, and Devices.
  • Network Security Policy Design and Implementation.
  • Physical Security, Host Security.
  • Secure Firewall Configuration and Management.
  • Secure IDS Configuration and Management.
  • Secure VPN Configuration and Management.
  • Wireless Network Defense, Network Traffic Monitoring and Analysis.
  • Network Risk and Vulnerability Management.
  • Data Backup and Recovery.
  • Network Incident Response and Management.
  • Module 01: Network Attacks and Defense Strategies
  • Asset, Threat, Vulnerability, Risk, Attack
  • Network-level attack techniques
  • Application-level attack techniques
  • Social engineering attack techniques
  • Email attack techniques
  • Mobile device-specific attack techniques
  • Cloud-specific attack techniques
  • Wireless network-specific attack techniques
  • Attacker’s Hacking Methodologies and Frameworks
  • Understand fundamental goal, benefits, and challenges in network defense
  • Continual/Adaptive security strategy
  • Defense-in-depth security strategy
  • .
  • Understanding the Working of SQL Injection Attacks
  • Understanding the Working of XSS Attacks
  • Understanding the Working of Network Scanning Attacks
  • Understanding the Working of Brute Force Attacks
  • Module 02 Administrative Network Security
  • Learn to obtain compliance with regulatory framework and standards
  • Discuss various Regulatory Frameworks, Laws, and Acts
  • Learn to design and develop security policies
  • Learn to conduct different type security and awareness training
  • Learn to implement other administrative security measures
  • Implementing Password Policies Using Windows Group Policy
  • Implementing Password Policies in Linux
  • Monitoring User Activities on Remote User System
  • Module 03: Technical Network Security
  • Discuss access control principles, terminologies, and models
  • Redefine the Access Control in Today’s Distributed and Mobile Computing World
  • Discuss Identity and Access Management (IAM)
  • Discuss cryptographic security techniques
  • Discuss various cryptographic algorithms
  • Discuss security benefits of network segmentation techniques
  • Discuss various essential network security solutions
  • Discuss various essential network security protocols
  • Implementing Role-Based Access Control using JEA
  • Implementing Role-Based Access Control in Windows Admin Center (WAC)
  • Implementing Proxy Server Using Squid Proxy
  • Establishing VPN Connection using OpenVPN
  • .
  • Establishing VPN Connection using SoftEther VPN
  • Module 04 Network Perimeter Security
  • Understand firewall security concerns, capabilities, and limitations
  • Understand different types of firewall technologies and their usage
  • Understand firewall topologies and their usage
  • Distinguish between hardware, software, host, network, internal, and external firewalls
  • Select firewalls based on its deep traffic inspection capability
  • Discuss firewall implementation and deployment process
  • : Discuss recommendations and best practices for secure firewall Implementation and
  • Discuss firewall administration concepts
  • Understand role, capabilities, limitations, and concerns in IDS deployment
  • Discuss IDS classification
  • Discuss various components of ID
  • Discuss effective deployment of network and host-based IDS
  • .
  • Learn to how to deal with false positive and false negative IDS/IPS alerts
  • Discuss the considerations for selection of an appropriate IDS/IPS solutions
  • Discuss various NIDS and HIDS Solutions with their intrusion detection capabilities
  • Discuss router and switch security measures, recommendations, and best practices
  • Leverage Zero Trust Model Security using Software-Defined Perimeter (SDP)
  • : Implementing Network-Based Firewall Functionality: Blocking Unwanted Website access
  • Implementing Network-Based Firewall Functionality: Blocking Insecure Ports using
  • Implementing Network-Based Firewall Functionality: Blocking Insecure Ports using
  • Implementing host-based firewall functionality using Windows Firewall
  • Implementing host-based firewall functionality using IPtable
  • Implementing network-based IDS functionality using Snort IDS
  • Implementing network-based IDS functionality using Suricata IDS
  • .
  • Implementing network-based IDS functionality using Bro IDS
  • Implementing Host-based IDS functionality using Wazuh HIDS
  • Module 05 Endpoint Security-Windows Systems
  • Understand Window OS and Security Concerns
  • Discuss Windows Security Components
  • Discuss Various Windows Security Features
  • Discuss Windows Security Baseline Configurations
  • Discuss Windows User Account and Password Management
  • Discuss Windows Patch Management
  • Discuss User Access Management
  • Windows OS Security Hardening Techniques
  • Discuss Windows Active Directory Security Best Practices
  • Discuss Windows Network Services and Protocol Security
  • Basic Network Administration and Troubleshooting Using Windows Command Line
  • Analyzing Security Configuration Baseline Using Microsoft Security Compliance Toolkit
  • .
  • Remote Patch Management using BatchPatch
  • Remote Patch Management using ManageEngine Patch Manager Plus
  • Delegating Admin Permission to User Using Delegation of Control Wizard
  • Securing Local Administrator Password using LAPS
  • Securing Windows File Share in Active Directory
  • Module 06 Endpoint Security-Linux Systems
  • Understand Linux OS and security concerns
  • Discuss Linux Installation and Patching
  • Discuss Linux OS Hardening Techniques
  • Discuss Linux User Access and Password Management
  • Discuss Linux Network Security and Remote Access
  • Discuss Various Linux Security Tools and Frameworks
  • Implementing Linux security Best Practices
  • Implementing Name-based Mandatory Access Controls Using AppArmor
  • : Linux Security Auditing and System Hardening Using Lynis
  • Module 07 Endpoint Security- Mobile Devices
  • Common Mobile Usage Policies in Enterprises
  • Discuss Security Risk and Guidelines associated with Enterprises mobile usage policies
  • Discuss and implement various enterprise-level mobile security management
  • Discuss and implement general security guidelines and best practices on Mobile
  • Discuss Security guidelines and tools for Android devices
  • Discuss Security guidelines and tools for iOS devices
  • Implementing Enterprise Mobile Security Using Miradore MDM Solution
  • Implementing Enterprise Mobile Security Using COMODO (ITarian) MDM Solution
  • Module 08 Endpoint Security-IoT Devices
  • Understanding IoT Devices, their need and Application Areas
  • Understanding IoT Ecosystem and Communication models
  • Understand Security Challenges and risks associated with IoT-enabled environments
  • Discuss the security in IoT-enabled environments
  • Discuss Security Measures for IoT enabled IT Environments
  • Discuss IoT Security Tools and Best Practices
  • Discuss and refer various standards, Initiatives and Efforts for IoT Security
  • Exercise 01: Securing IoT Device Communication Using TLS\SSL
  • Module 09 Administrative Application Security
  • Discuss and implement Application Whitelisting and Blacklisting
  • Discuss and implement application Sandboxing
  • Discuss and implement Application Patch Management
  • Discuss and implement Web Application Firewall (WAF)
  • Exercise 01: Implementing Application whitelisting using AppLocker
  • Exercise 02: Implementing Application whitelisting using SRP
  • Exercise 03: Implementing Application Security Using Firejail Sandbox
  • Exercise 04: Deploying and implementing URLscan as WAF
  • Module 10: Data Security
  • Understand data security and its importance
  • Discuss the implementation of data access controls
  • Discuss the implementation of Encryption of Data at rest
  • Discuss the implementation of Encryption of “Data at transit”
  • Discuss the implementation of Encryption of “Data at transit” between database server and
  • Discuss the implementation of Encryption of “Data at transit” in Email Delivery
  • Discuss Data Masking Concepts
  • Discuss data backup and retention
  • Discuss Data Destruction Concepts
  • Data Loss Prevention Concepts
  • Exercise 01: Encrypting data at rest using VeraCrypt
  • Exercise 01: Implementing Encryption on SQL Server Database using Transparent Database
  • Module 11: Enterprise Virtual Network Security
  • Discuss the evolution of network and security management concept in modern Virtualized IT
  • Understand Virtualization Essential Concepts
  • Discus Network Virtualization (NV) Security
  • Discuss SDN Security
  • Discuss Network Function Virtualization (NFV) Security
  • Discus OS Virtualization Security
  • Discuss Security Guidelines, Recommendations and Best Practices for Containers
  • Discuss Security Guidelines, Recommendations and Best practices for Dockers
  • Discuss Security Guidelines, Recommendations and Best Practices for Kubernetes
  • Exercise 01: Auditing Docker Host Security Using Docker-Bench-Security Tool
  • Exercise 02: Securing SDN communication between Switch and SDN Controller using SSL
  • Module 12: Enterprise Cloud Security
  • Understand Cloud Computing Fundamentals
  • Understanding the Insights of Cloud Security
  • Evaluate CSP for Security before Consuming Cloud Service
  • Discuss security in Amazon Cloud (AWS)
  • Discuss security in Microsoft Azure Cloud
  • Discuss security in Google Cloud Platform (GCP)
  • Discuss general security best practices and tools for cloud security
  • Exercise 01: Implementing AWS Identity and Access Management
  • Exercise 02: Implementing Key Management Services
  • Exercise 03: Securing AWS Storage
  • Module 13: Wireless Network Security
  • Understand wireless network fundamentals
  • Understand wireless network encryption mechanisms
  • Understand wireless network authentication methods
  • Discuss and implement wireless network security measures
  • Exercise 1: Configuring Security on Wireless Router
  • Module 14: Network Traffic Monitoring and Analysis
  • Understand the need and advantages of network traffic monitoring
  • Setting up the environment for network monitoring
  • Determine baseline traffic signatures for normal and suspicious network traffic
  • Perform network monitoring and analysis for suspicious traffic using Wireshark
  • Discuss network performance and bandwidth monitoring tools and techniques
  • Exercise 01: Capturing Network Traffic using Wireshark
  • Exercise 02: Analyzing and Examining Various Network Packet Headers using Wireshark
  • Exercise 03: Analyzing and Examining Various Network Packet Headers in Linux using tcpdump
  • Exercise 04: Applying Various Filters in Wireshark
  • Exercise 05: Detecting Clear-Text Traffic using Wireshark
  • Exercise 06: Monitoring and Detecting Network Reconnaissance, Access, and DoS/DDoS Attempts
  • Exercise 07: Detecting Brute Force Attempt using Wireshark
  • .
  • Exercise 08: Detecting SQL Injection Attack using Wireshark
  • Exercise 09: Network Traffic Monitoring using PRTG
  • Exercise 10: Network Traffic Analysis Using Capsa
  • Exercise 11: Network Traffic Bandwidth Monitoring using NTOP
  • Module 15: Network Logs Monitoring and Analysis
  • Understand logging concepts
  • Discuss log monitoring and analysis on Windows systems
  • Discuss log monitoring and analysis on Linux
  • Discuss log monitoring and analysis on Mac
  • Discuss log monitoring and analysis in Firewall
  • Discuss log monitoring and analysis on Routers
  • Discuss log monitoring and analysis on Web Servers
  • Discuss centralized log monitoring and analysis
  • Exercise 01: Configuring, Viewing and Analyzing Windows Event Logs
  • Exercise 02: Configuring, Viewing and Analyzing IIS Logs
  • Exercise 03: Configuring, Viewing and Analyzing Logs in Centralized Location Using Splunk
  • Exercise 04: Identifying Suspicious Activities Using Log Monitoring and Analysis
  • Module 16 Incident Response and Forensic Investigation
  • Understand incident response concept
  • : Understand the role of first responder in incident response
  • Discuss Do’s and Don’t in first response
  • Describe incident handling and response process
  • Describe forensics investigation process
  • Exercise 1: Working with Incident Tickets in OSSIM
  • Module 17 Business Continuity and Disaster Recovery
  • : Introduction to Business Continuity (BC) and Disaster Recovery (DR) concepts
  • Discuss BC/DR Activities
  • Explain Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
  • Discuss BC/DR Standards
  • Exercise 1: Implementing Business Continuity and Disaster Recovery Using Network Load Balancing
  • Module 18 Risk Anticipation with Risk Management
  • Understand risk management concepts
  • Learn to manage risk though risk management program
  • Learn different Risk Management Frameworks (RMF)
  • Learn to manage vulnerabilities through vulnerability management program
  • Learn vulnerability Assessment and Scanning
  • Exercise 01: Vulnerability Management using OSSIM
  • Exercise 02: Vulnerability Analysis Using the Nessus
  • Exercise 03: Network Vulnerabilities Scanning Using GFI LanGuard
  • Exercise 04: Auditing the Network Security with Nsauditor
  • Exercise 05: Application Vulnerability Scanning using OWASP ZAP
  • Module 19 Threat Assessment with Attack Surface Analysis
  • Module 20 Threat Prediction with Cyber Threat Intelligence