Q/ND® Qualified/ Network Defender This is the first class of the Q/ISP Qualified/ Information Security Professional Certification and 8570 CND (Cyber Network Defender) Certification. If Certification and Security Skills assessment is your goal, this class is your foundation security network class that teaches you from firewalls/ router monitoring and defense, deep packet analysis/ IDS & IPS, and malware / trojans detection and offense with a step by step process to defend your internal and external perimeters.
75% hands-on labs for improving risk at DMZs, internet facing connections, external partner connections, intranet traffic, including managing security breaches. Real life network defense scenarios complete with policies!
• In-depth Packet Analysis labs
• Hands on Snort & IPS labs
• Hands-on reverse engineering viruses & trojan labs
• Mitigate site spoofing & phishing
• Mitigating botnets
• False alarms vs. real threats analysis
• IPS Filtering techniques
• NAC's - effective containment technique
• Keylogger & remote access trojan RATS program mitigation
• Best practices, step by step process for perimeter protection unlike anything your ever seen
• Define a recovery strategy
• 5 steps that establish measurable goals for network defenses.
Who should attend:
Information Security Officers, Information Systems Managers, Auditors
Telecommunications and Network Administrators, Consultants, Systems and Data Security Analysts, and others seeking to enhance their information security knowledge.
4. Standard (Stateless) Packet Filters
ingress and egress filtering
packet filter control points & parameters
TCP flags & ICMP message types
configuring packet filters to control access to HTTP, SMTP, DNS
addressing denial-of-service attacks: LAND, ping floods, SYN floods
dynamic access controls
authentication, authorization and accounting (AAA)
handling difficult protocols: FTP, multimedia applications
5. Stateful Inspection Firewalls
stateful inspection firewall design
configuring the TCP/IP protocol stack
IP forwarding issues
application data
Web content: ActiveX controls, Java applets
connection tables and performance
connections for UDP
handling FTP and streaming protocols
6. Proxy-Based Firewalls
address hiding
circuit-level & application-layer proxies
strengths of proxy firewalls
configuring & hardening the TCP/IP protocol stack
IP forwarding issues
configuring application proxies to support SMTP, FTP, HTTP
7. Proxy Servers for Internal to External Access
SOCKS proxy servers
Web proxy servers
port redirectors on proxy server gateways
8. Personal Firewalls
Trojan horse problems
9. Content Filtering and Prevention Tools
Deploying content filters
SMTP filters
Anti-virus
Blocking Trojans and Worms at the SMTP server
Spam filtering
Anti-relaying
Web site filtering blockers
Recommended policies and actions
Filtering mobile code: ActiveX, Java, JavaScript
Intrusion prevention tools
Integrating firewalls & Prevention Tools
Firewall penetration-testing tools
11. Firewall Management
Creating a bastion host
Creating system baselines
Monitoring the firewall
Managing firewall alerts
Best practices for incident handling
Log file management
keeping up to date: key e-mail lists and Web sites
12. Malware
Creating Botnecks
SpyWash
Automated Spyware Removal
Counting cookies
ActiveX
Log file management
keeping up to date: key URL's and Web sites
13. Network Defense & Response
Preparation
Detection
Containment
Eradication
Recovery & patching your network
Response and follow-Up
Best practices for incident handling
14. Forensics
Investigations
Law & Legislation
Investigations
Media
Process
5 Steps for measuring Network Defense
Step 1 Preparation
Laying the groundwork for effective spyware & malware incident management with a look at the current state of spyware & malware threats and their evolution.
Real-time traffic scanning blocks spyware on-the-fly
Malware defined
Environments where spyware & malware thrive
Viruses & Trojan risks
Strengths and weaknesses of current anti-virus and anti-trojan products
Hands-On measurable defense labs
Step 2 Detection
In a recent study, less than a third of the participants realized they'd experienced a spyware or malware attack. How to detect and analyze spyware or malware incident quickly and accurately.
Pinpoints how employees are getting infected.
Detect and blockphone-home attempts by spyware installed on your computers
Advanced diagnosis and identification
False alarms vs. actual incidents
My Doom, Blaster, NIMDA, CODE RED and others - learn what they do
Dissecting audit records
Was it internal or external?
Determining source and scope of infection labs
Step 3 Containment of security breach
A look at the two essential containment techniques stopping the breach, key logger (any spyware) & malware spread and halting the side affects.
Inspects True file types
Filtering inbound and outbound network traffic
The importance of public relations
Limiting exposure by secure application coding with Microsoft SDL techniques and tools labs
Step 4 Eradication
If a virus or other malware does penetrate the network, best practice to remove it completely in the most effective and permanent manner.
Blocks spyware websites & file downloads
Reviewing system configuration and initialization items
Removing modifications to courses and data files
Benefits and challenges of current removal techniques
Step 5 Recovery & patching your network
Returning the network and any other affected systems to full operation, with minimal impact. Special emphasis on systems and data backup recovery techniques.
Returning the network systems to full operation
What was the impact
systems and data backup recovery techniques
Benefits and challenges of current patching techniques
A review of Core Security Impact vulnerability exploit tool to ensure patch updates
Step 6 Response and follow-Up
How and why did the attack happen, how was it removed, and what lessons can be applied to possible future attacks? The final and most crucial step in a successful incident management program.
Establishing a incident response team based on the type of incident
Documenting lessons learned
Metric collection and trend analysis
Establishing measurable goals
Appendix I, II, II
Audience Includes: Information Security Officers, Information Systems Managers, Auditors, Telecommunications and Network Administrators, Consultants, Systems and Data Security Analysts, and others seeking to enhance their information security knowledge.
