Network Security

BT208

Table of Contents

Description

Network security is a broad term that covers multiple technologies, devices, and processes. Nowadays, every organization, regardless of size, industry, or infrastructure, requires a network security expert in place to protect it from the ever-growing landscape of cyber threats today.

After this course, you will be able to discover security vulnerabilities across the entire network by using network hacking techniques and vulnerability scanning. You will understand the various types of firewalls that are available and master the hardening for both Windows and Linux servers.

How to make the most of this course?

In order to succeed in the course, the following requirements must be met:

  • Participation in all practical laboratories,
  • Self-work at home between lessons,
  • Repetition of materials, self-learning, performing tasks, etc …

In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium system

Target audience

The course targets participants with basic knowledge in IT or networking, who wish to understand corporate cybersecurity and cyber defense on a technical perspective. Primarily:

  • IT personnel
  • IT/network administrators
  • Incident responders
  • Security analysts

Objectives

  • Learning the cyber threat landscape that modern organizations face
  • Acquiring the necessary knowledge and tools to defend the corporate network from various cyber threats
  • Identifying when attacks are happening on the network
  • Testing networks and systems for vulnerabilities
  • Learning how to analyze network traffic and create a monitoring environment to operate as a semi-Security Operations Center
  • Becoming familiar with available tools for performing security-related tasks

Pre-requisites

ThinkCyber Level-1 Courses

Syllabus

Description

This module will dive deeper into the world of cybersecurity, the primary goal being to teach participants to embrace the attacker state-of-mind to recognize the necessary defense mechanisms. Participants will deal with several types of malware, spyware, viruses, and vulnerabilities that can put the organization network at risk—also, different social-engineering techniques and Honeypots.

Technical content

  • Network Security Fundamentals
    o Principles of Network Security
    o Security Terminologies
    ▪ Security Components
    ▪ Security Policies
    o Security Procedures
    ▪ Physical Security
    ▪ Securing Devices
    ▪ Securing Applications
    ▪ OS Updates
  • Advanced TCP/IP
    o Communication Protocols in Depth
    o Network Layers Attacks
    o The Process of DHCP and APIPA
  • Packet Structure and Analysis
    o CHANGE TO CAPTURE PACKETS

Description

Large organizations these days suffer greatly from network attacks and malicious intrusions. Those who manage the organization’s network have an immense impact on ensuring its safety. This module will teach the participant to embrace the role of the network security administrator. participants will learn to inspect the network and find targets and possible security issues before the attackers can use them.

Technical content

  • Analyzing The Network
    o Preforming Web-Screenshots using NMAP
    o Detecting Service Changes using Shodan CLI
    o Launching NSE to Detect Possible Vulnerabilities
    o The Methodology of Finding Hosts in the Network
    o Capturing Fake MAC and IP Addresses
    o Spying the Local network using Driftnet and Urlsnarf
    o Hunting for Rootkits with windbg
  • Analysis of Leaked Network Security Information
    o The OSINT Framework
    o Social Engineering
    o Using The-Harvester to Find Exposed Private Emails
    o Private Domain Hunting using Amass
    o The WHO-IS and Dimitry Tools
    o Phishing Attacks
    o DNS Poisoning
  • Network Security Threats (hands-on)
    o Virus
    o Malware
    o Trojans
    o Worm
    o Spyware
    o Payloads
    o Buffer Overflows

Description

This module will explain a wide verity of IT security concepts and tools. Participants will learn the step by step of hardening measures. Explore some security weaknesses of the Linux operating system, and learn to protect against those weaknesses. Learn how to secure the various account types on a Linux system, enforce strong passwords, configure the firewall, and more.

Technical content

  • Routing and Network Components Hardening
    o Static ARP and DHCP Entry to Prevent Poisoning
    o Firewall Components
    ▪ Iptables vs. UFW
    ▪ Monitoring the FW using Tshark
    ▪ IP Chains Concepts
    o Proxy Server
    ▪ Load-Balancing
    ▪ Mitigating DoS Techniques
  • Counter-measuring attacks
    o Designing and Configuring an IDS
    ▪ IDS vs. IPS
    ▪ Host vs. Network-Based IDS
    ▪ Limitation of IDS
    ▪ Snort as IDS and IPS
    ▪ Installing Snort
    ▪ Setting Rules
    ▪ Identifying NMAP Scans
    o Constructing Honeypots
    o Session Hijacking Counter-Measures
    o Detecting Active Sniffing
    o SMB Hardening against Enumerations
    o Identifying Log Tampering
  • Working with VPNs
    o VPN Fundamentals
    o IP Security Protocols
    o Design and Architecture
    o VPN Security
    o Configure your VPN

Description

This module will cover foundational security concepts and guidelines that can help Linux and Windows systems administrators keep their servers safe. The training includes in-depth walkthrough hardening measures, and step-by-step creating your security environment.

Technical content

  • Securing Linux
    o Key Concepts Linux
    o Administration and Security
    o Linux Network Files
    o Linux Network Process
    o Key Linux Network Commands
    o Hardening Linux
    o Network File System and Linux
    o Network Information Service and Linux
  • Securing Windows
    o Windows Fundamental Security
    o Windows Infrastructure
    o Windows Authentication
    o Windows User and Group Security

Labs

The following labs are part of the actual BT208 course:
  • Lab 1 Security Procedures
  • Lab 2 Setting your Domain
  • Lab 3 Identifying Attacks
  • Lab 4 Analyzing C&C Communications
  • Lab 5 Reversing Malware Network Behavior
  • Lab 6 Analyzing Network Attacks
  • Lab 7 Working with CVE
  • Lab 8 Working with Firewalls
  • Lab 9 IPv6 Security
  • Lab 10 IDS Configurations
  • Lab 11 Honeypots
  • Lab 12 Securing Linux
  • Lab 13 Securing Windows

Real Cases Studies

Case Study #1 (NS001)
Just before last Christmas and year-end holidays, Citrix announced that its Citrix Application Delivery Controller (ADC) and Citrix Gateway are vulnerable. The vulnerability allows the attacker to execute arbitrary code on the servers. As the Network security expert, your company put you in charge of this case. Use your Network abilities to find the vulnerability and mitigate it
Reference
Case Study #2 (NS002)
Kaspersky Lab reports that A massive DNS cache poisoning attack attempting to infect users trying to access websites is currently underway in Brazil. Several large ISPs in the highly connected country have been affected by the attack. You have been tasked to identify details related to the attack to remediate any damage discovered in the identification phase.
Reference
Previous slide
Next slide
BT208

 Course type

This course is delivered in the following ways:

  • Virtual classroom with proctored labs and scenarios executed in our Cyberarena
  • In situe classroom with proctored labs and scenarios executed in our Cyberarena

All sessions are recorded and attendees can replay them  during 30 days. All course material is electronically made available to the participant.

 Course Group:
defense

LEVEL
0%
HOURS
1

 Hands-on / Theory MiX

The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.

Hands-on
1 %
Labs
1
Case Studies
1

Certification

This course prepares the participant to the following certification:

  • GCED (SANS)
  • CySA+ (CompTIA)
  • Security+ (CompTIA)
  • GISP (SANS), GISF (SANS)

Required EqUIPMENT

Network connection

As this course extensively uses  a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.

BYOD – Bring Your Own Device

As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:

  • Audio and Video
  • 8 GB RAM
  • 200 GB Disk Space
  • Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)

And also a Good Headset with Mic

More Details

Subscribe