Network Security
BT208
Table of Contents
Description
Network security is a broad term that covers multiple technologies, devices, and processes. Nowadays, every organization, regardless of size, industry, or infrastructure, requires a network security expert in place to protect it from the ever-growing landscape of cyber threats today.
After this course, you will be able to discover security vulnerabilities across the entire network by using network hacking techniques and vulnerability scanning. You will understand the various types of firewalls that are available and master the hardening for both Windows and Linux servers.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories,
- Self-work at home between lessons,
- Repetition of materials, self-learning, performing tasks, etc …
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium system
Target audience
The course targets participants with basic knowledge in IT or networking, who wish to understand corporate cybersecurity and cyber defense on a technical perspective. Primarily:
- IT personnel
- IT/network administrators
- Incident responders
- Security analysts
Objectives
- Learning the cyber threat landscape that modern organizations face
- Acquiring the necessary knowledge and tools to defend the corporate network from various cyber threats
- Identifying when attacks are happening on the network
- Testing networks and systems for vulnerabilities
- Learning how to analyze network traffic and create a monitoring environment to operate as a semi-Security Operations Center
- Becoming familiar with available tools for performing security-related tasks
Pre-requisites
Syllabus
Description
This module will dive deeper into the world of cybersecurity, the primary goal being to teach participants to embrace the attacker state-of-mind to recognize the necessary defense mechanisms. Participants will deal with several types of malware, spyware, viruses, and vulnerabilities that can put the organization network at risk—also, different social-engineering techniques and Honeypots.
Technical content
- Network Security Fundamentals
o Principles of Network Security
o Security Terminologies
▪ Security Components
▪ Security Policies
o Security Procedures
▪ Physical Security
▪ Securing Devices
▪ Securing Applications
▪ OS Updates - Advanced TCP/IP
o Communication Protocols in Depth
o Network Layers Attacks
o The Process of DHCP and APIPA - Packet Structure and Analysis
o CHANGE TO CAPTURE PACKETS
Description
Large organizations these days suffer greatly from network attacks and malicious intrusions. Those who manage the organization’s network have an immense impact on ensuring its safety. This module will teach the participant to embrace the role of the network security administrator. participants will learn to inspect the network and find targets and possible security issues before the attackers can use them.
Technical content
- Analyzing The Network
o Preforming Web-Screenshots using NMAP
o Detecting Service Changes using Shodan CLI
o Launching NSE to Detect Possible Vulnerabilities
o The Methodology of Finding Hosts in the Network
o Capturing Fake MAC and IP Addresses
o Spying the Local network using Driftnet and Urlsnarf
o Hunting for Rootkits with windbg - Analysis of Leaked Network Security Information
o The OSINT Framework
o Social Engineering
o Using The-Harvester to Find Exposed Private Emails
o Private Domain Hunting using Amass
o The WHO-IS and Dimitry Tools
o Phishing Attacks
o DNS Poisoning - Network Security Threats (hands-on)
o Virus
o Malware
o Trojans
o Worm
o Spyware
o Payloads
o Buffer Overflows
Description
This module will explain a wide verity of IT security concepts and tools. Participants will learn the step by step of hardening measures. Explore some security weaknesses of the Linux operating system, and learn to protect against those weaknesses. Learn how to secure the various account types on a Linux system, enforce strong passwords, configure the firewall, and more.
Technical content
- Routing and Network Components Hardening
o Static ARP and DHCP Entry to Prevent Poisoning
o Firewall Components
▪ Iptables vs. UFW
▪ Monitoring the FW using Tshark
▪ IP Chains Concepts
o Proxy Server
▪ Load-Balancing
▪ Mitigating DoS Techniques - Counter-measuring attacks
o Designing and Configuring an IDS
▪ IDS vs. IPS
▪ Host vs. Network-Based IDS
▪ Limitation of IDS
▪ Snort as IDS and IPS
▪ Installing Snort
▪ Setting Rules
▪ Identifying NMAP Scans
o Constructing Honeypots
o Session Hijacking Counter-Measures
o Detecting Active Sniffing
o SMB Hardening against Enumerations
o Identifying Log Tampering - Working with VPNs
o VPN Fundamentals
o IP Security Protocols
o Design and Architecture
o VPN Security
o Configure your VPN
Description
This module will cover foundational security concepts and guidelines that can help Linux and Windows systems administrators keep their servers safe. The training includes in-depth walkthrough hardening measures, and step-by-step creating your security environment.
Technical content
- Securing Linux
o Key Concepts Linux
o Administration and Security
o Linux Network Files
o Linux Network Process
o Key Linux Network Commands
o Hardening Linux
o Network File System and Linux
o Network Information Service and Linux - Securing Windows
o Windows Fundamental Security
o Windows Infrastructure
o Windows Authentication
o Windows User and Group Security
Labs
- Lab 1 Security Procedures
- Lab 2 Setting your Domain
- Lab 3 Identifying Attacks
- Lab 4 Analyzing C&C Communications
- Lab 5 Reversing Malware Network Behavior
- Lab 6 Analyzing Network Attacks
- Lab 7 Working with CVE
- Lab 8 Working with Firewalls
- Lab 9 IPv6 Security
- Lab 10 IDS Configurations
- Lab 11 Honeypots
- Lab 12 Securing Linux
- Lab 13 Securing Windows
Course type
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberarena
- In situe classroom with proctored labs and scenarios executed in our Cyberarena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Course Group:
defense
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.
Certification
This course prepares the participant to the following certification:
- GCED (SANS)
- CySA+ (CompTIA)
- Security+ (CompTIA)
- GISP (SANS), GISF (SANS)
Required EqUIPMENT
Network connection
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic
