Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

Q/ND® Qualified/ Network Defender

Q/NDThis is the last class of the Q/ISP Qualified/ Information Security Professional Certification. Its the class that shows you defensive scenarios to protect your networks from the hacker attacks and internal misconfiguations, data breaches and compromises. If network defense certification and security skills assessment is your goal, this class teaches you network firewall & router monitoring and defense, deep packet analysis/ including IDS & IPS, DNA malware detection and re-engineering. You learn offense from a defensive position with a "5 step" best practice process to measure your network defense goals.

 

View more of our Q/ND® Training videos on our YouTube Channel:
http://www.youtube.com/SecUniv

75% hands-on labs for improving risk at DMZs, internet facing connections, external partner connections, intranet traffic, and managing security breaches. This certification is all about "real life" network defense scenarios.

Key topics:
•  In-depth Packet Analysis labs
•  Hands on Snort & IPS labs
•  Hands on Live HB Gary Digital DNA labs
•  Hands on Helix labs
•  Hands-on reverse engineering viruses & trojan labs
•  Mitigate site spoofing & phishing
•  Mitigating botnets
•  False alarms vs. real threats analysis
•  IPS Filtering techniques
•  NAC's - effective containment technique
•  Best practices, step by step process for perimeter protection
•  Define a recovery strategy
•  5 steps that establish measurable goals for network defenses.

What is "Qualified"

The Q/ISP Certification is obtained through Security University for the purpose of recognizing qualified individuals who have distinguished themselves as knowledgeable and proficient information security practitioners with validated hands-on tactical security skills. The Q/ISP certificate also provides THE only means of identifying and certifying qualified persons who subscribe to a rigorous requirement for maintaining their knowledge and proficiency in information security with "validated" their hands-on tactical security skills.

Certification is awarded to those qualified individuals who validate their security skills to a prescribed qualified level of tactical hands-on information security experience, comply with a professional code of ethics, and pass rigorous examinations on the Q/ISP Body of Knowledge for information security.

Keeping your Q/ISP Valid

In order to maintain currency in the field, each Q/ISP must complete participation in research or study, attendance at recognized subject-matter training and professional educational programs, presentation or publication of information security papers, contributions to the information security Q/ISP Body of Knowledge, or service in professional organizations. Each Q/SIP must acquire 120 CPE continuing professional education credits every three years. (40 credits per year)

The Q/ISP Certification does not require you to complete Q/ISP hands-on classes - however to "validate" your security skills and use the "Qualified" symbol as your trust mark, you will be asked to complete the Q/PTL workshop, the Q/FE & Q/ND practical's that validate your tactical security skills.

Class Fee $2,995
Time: 8am -5 pm
Location: Click here to view the class schedule
Call now to ask answers 1-877-357-7744
Prerequisites: Understanding of TCP/IP protocols
CPE Credits: 40
Instructor TBD Highly Qualified CEH™ Q/EH, ECSA™ Q/SA, CHFI™, Q/FE
Download the SU Class Roadmap

Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical

Who should attend:
Information Systems Managers, System Administrators, Security Systems Analyst, Database Security Analysts, Network Administrators, Gov't Consultants,and others seeking to enhance their information security knowledge.

What you will learn:

1. Essential concepts / Policy, Auditing, Certification
2. Vulnerability Analysis
3. Hacking Primer Basic, Service attacks, Top 10
4. Perimeter Defenses Firewalls, Stateless, Stateful, Application Proxy, Web App Firewall
5. IPS/ IDS What is IPS/ IDS, Testing performance and effectiveness, Signatures and Analysis, Tuning
6. Advanced Threats Advances in malware, Malware analysis
7. Endpoint and NAC protection
8. Log Analysis, SEIM and Event Correlation

1. Review of Internet Attacks
       • hacker trends and motives
       • denial-of-service attacks:
       • network probes and scans
       • IP spoofing
       • Trojan horses
       • application-level attacks

2. Characteristics of the Firewall Environment
       • objectives of firewalls
       • creating security domains
       • perimeter and internal firewalls
       • firewall rule sets - default deny vs.default allow
       • firewall platforms - common commercial firewalls
       • host-based firewalls, firewall appliances, firewall configurations
       • demilitarized zones (DMZs)
       • dual & multi-homed configurations & screened sub-networks
       • HA - high availability firewalls
       • access policy for internal applications

3. Firewall Security Policies
       • risk assessment approach
       • identifying essential services
       • identifying key threats
       • vulnerability assessment
       • policies for inbound access and outbound access
       • Network Address Translation (NAT) and PortAddress Translation (PAT)
       • denial-of-service filters
       • account management and authentication
       • remote management

4. Standard (Stateless) Packet Filters
       • ingress and egress filtering
       • packet filter control points & parameters
       • TCP flags & ICMP message types
       • configuring packet filters to control access to HTTP, SMTP, DNS
       • addressing denial-of-service attacks: LAND, ping floods, SYN floods
       • dynamic access controls
       • authentication, authorization and accounting (AAA)
       • handling difficult protocols: FTP, multimedia applications

5. Stateful Inspection Firewalls
       • stateful inspection firewall design
       • configuring the TCP/IP protocol stack
       • IP forwarding issues
       • application data
       • Web content: ActiveX controls, Java applets
       • connection tables and performance
       • connections for UDP
       • handling FTP and streaming protocols

6. Proxy-Based Firewalls
       • address hiding
       • circuit-level & application-layer proxies
       • strengths of proxy firewalls
       • configuring & hardening the TCP/IP protocol stack
       • IP forwarding issues
       • configuring application proxies to support SMTP, FTP, HTTP

7. Proxy Servers for Internal to External Access
       • SOCKS proxy servers
       • Web proxy servers
       • port redirectors on proxy server gateways

8. Personal Firewalls
       • Trojan horse problems

9. Content Filtering and Prevention Tools
       • Deploying content filters
       • SMTP filters
       • Anti-virus
       • Blocking Trojans and Worms at the SMTP server
       • Spam filtering
       • Anti-relaying
       • Web site filtering blockers
       • Recommended policies and actions
       • Filtering mobile code: ActiveX, Java, JavaScript
       • Intrusion prevention tools
       • Integrating firewalls & Prevention Tools
       • Firewall penetration-testing tools

11. Firewall Management
        • Creating a bastion host
        • Creating system baselines
        • Monitoring the firewall
        • Managing firewall alerts
        • Best practices for incident handling
        • Log file management
        • keeping up to date: key e-mail lists and Web sites

12. Malware
        • Creating Botnecks
        • SpyWash 
        • Automated Spyware Removal
        • Counting cookies
        • ActiveX
        • Log file management
        • keeping up to date: key URL's and Web sites

13. Network Defense & Response
        • Preparation
        • Detection
        • Containment
        • Eradication
        • Recovery & patching your network
        • Response and follow-Up
        • Best practices for incident handling

14. Forensics
        • Investigations
        • Law & Legislation
        • Investigations
        • Media
        • Process

Appendix I, II, II

 

CND Training

CND-SP SPECIALTY outlines:  
 
C11.2.1.1.  CND-SP Analyst (CND-A)
C11.2.1.2.  CND-SP Infrastructure Support (CND-IS)
C11.2.1.3.  CND-SP Incident Responder (CND-IR)
C11.2.1.4.  CND-SP Auditor (CND-AU)
C11.2.1.5.  CND-SP Manager (CND-SPM)

C.11.2.1.1 CND-A Functions
CND-A.1. Mastery of IAT Level I and IAT Level II CE and skills with applicable certification.
A.2.How to analyze network alerts skills
A.3. How to validate network alerts
A.4. How to analyze log files from a variety of sources ( host logs, network traffic logs, firewall logs, and ISD logs) or SIM
A.5. Learn how to identify anomalous activity and analyze network traffic and how they threaten network resources.
A.6. Build external data sources database or dashboard  for daily monitoring (e.g. CND vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain CND threat conditions & impact
A.7.  Learn to write signatures for CND network tools in response to new or observed threats.
A.8. Learn how to do event correlation from a variety of sources  to gain situational awareness and determine the effectiveness of an observed attack.
A.9. Notify CND managers, CND incident responders, and other CND-SP team members of suspected CND incidents and articulate the event’s history, status, and potential impact for further action.

C.11.2.1.2 CND-IS Functions
CND-IS.1. Mastery of the appropriate IAT Level I and IAT Level II CE and skills with applicable certification.
IS.2. Learn how to create, edit, and manage changes to network access control lists on firewalls and IPS.
IS.3. Learn Anti-Virus or Audit/Remediation administration  including installation, configuration, maintenance, and backup/restore.
IS.4. Learn how to implement C&A requirements for specialized CND systems and document and maintain records for them.
IS.5. Learn how to manage and administer the updating of  rules and signatures for specialized CND applications. (IDS/IPS, anti-virus, and content blacklists)
IS.6. Learn how to Identify potential CND  implementation conflicts (e.g., tool/signature testing and optimization).
IS.7. Learn how to build and administer CND test bed to evaluate new CND applications, rules/signatures, access controls, and configurations of CND-SP managed platforms.

Table C11.T7.  CND-IR Functions
CND-IR.1.   Mastery of the appropriate IAT Level I, IAT Level II, or IAT Level III CE, NE, or enclave knowledge and skills with applicable certification.
IR.2.    You will understand how to collect and analyze intrusion artifacts (e.g., source code, malware, and trojans) to mitigate potential CND incidents.
IR.3. You will learn how perform initial, forensically sound collection of images to discern mitigation/ remediation.
IR.4.Learn how to coordinate with and provide expert technical support to resolve CND incidents.
IR.5.You will learn how to track and document CND incidents from initial detection through final resolution.
IR.6. You will learn the step by step process of  CND incident triage to determine scope, urgency, and potential
impact;  identify the specific vulnerability and make recommendations which enable expeditious remediation.
IR.7. You will learn how to correlate incident data and perform CND trend analysis and reporting.
IR.8. You will coordinate with intelligence analysts to correlate threat assessment data.
IR.9. You will learn how to serve as technical experts to law enforcement for incident details & expert testimony
IR.10. You will perform real-time CND Incident Handling (e.g., forensic collections, intrusion
correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRT).
IR.11. You will learn how to maintain deployable CND toolkit (e.g., specialized CND software/hardware) to support IRT missions.
IR.12. You will learn who to write and publish CND guidance and reports on incident findings to appropriate
constituencies.

Table C11.T9.  CND-AU Functions
CND-AC.1. Mastery of the appropriate IAT Level I, IAT Level II, or IAT Level III CE, NE, or enclave knowledge and skills with applicable certification.
AC.2. You will learn applicable CND policies, regulations, and compliance documents specifically related to CND auditing.
AC.3. You will learn how to do step by step CND vulnerability assessments.
AC.4. You will learn how to do step by step CND risk assessments.
AC.5. You will learn how to  conduct authorized penetration testing of network assets.
AC.6. You will learn how to analyze site CND policies and configurations and evaluate compliance with regulations and enclave directives.
AC.7. You will learn how to prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.
AC.8. You will learn how to maintain deployable CND audit toolkit (e.g., specialized CND software/hardware) to support CND audit missions.

Table C11.T11.  CND-SPM Functions
CND-SPM.1.  Mastery of the appropriate IAM Level I or IAM Level II CE and/or NE knowledge and skills with applicable certification.
SPM.2. You will learn how to implement and enforce CND policies and procedures reflecting applicable laws, policies, procedures, and regulations (e.g., Reference (g)).
SPM.3. You will learn how to  publish CND guidance (e.g., IAVAs and TCNOs) for the enclave constituency.
SPM.4. You will learn how to provide incident reports, summaries, and other situational awareness  information to higher headquarters.
SPM.5. You will learn how to manage an incident (e.g., coordinate documentation, work efforts, resource
utilization within the organization) from inception to final remediation and after action reporting.
SPM.6. You will learn how to manage threat or target analysis of CND information and production of threat or target information within the network.
CND-SPM.7. You will learn how  to manage the monitoring of external CND data sources to maintain enclave situational awareness.
SPM.8. You will learn how to interface with external organizations (e.g., public affairs, law enforcement,
Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other CND information.
SPM.9.  You will learn  how to Lead risk analysis and management activities for the network.

SPM.10. You will learn how to track compliance audit findings, incident after-action reports, and recommendations to ensure appropriate mitigation actions are taken.

What is "Qualified"

Q/ISP Certification is obtained through Security University for the purpose of recognizing qualified individuals who have distinguished themselves as knowledgeable, skilled and proficient information security practitioners with validated hands-on tactical security skills. The Q/ISP certificate also provides the ONLY means of identifying qualified security professionals who subscribe to a rigorous requirement for maintaining their knowledge and proficiency in information security with "validated" hands-on tactical security skills.

Certification is awarded to those qualified individuals who validate their security skills to a prescribed qualified level of tactical hands-on information security experience, comply with a professional code of ethics, and pass rigorous examinations on the Q/ISP Body of Knowledge for information security.

Keeping your Q/ISP Valid

In order to maintain currency in the field, each Q/ISP must complete participation in research or study, attendance at recognized subject-matter training and professional educational programs, presentation or publication of information security papers, contributions to the information security Q/ISP Body of Knowledge, or service in professional organizations. Each Q/SIP must acquire 120 CPE continuing professional education credits every three years. (40 credits per year)

The Q/ISP Certification does not require you to complete Q/ISP hands-on classes - however to "validate" your security skills and use the "Qualified" symbol as your trust mark, you will be asked to complete the Q/PTL workshop, the Q/FE & Q/ND practical's that validate your tactical security skills.

What is a Q/ISP® "Qualified" Information Security Professional Certification?
The 125 question online Q/ISP certification exam has questions from 4 Q/ISP Security Skills certification prep classes:
Q/Ethical Hacking
Q/Security Analysis Penetration Testing
Q/Forensics Expert
Q/Network Defense

The Q/ISP, Q/EH, Q/SA-Q/PTL, Q/FE & Q/ND certification exams do not require training classes. The Q/ISP certification is awaiting NOCA's new assessment based certification approval.

What is a "Qualified" Q/ISP?

A Qualified Q/ISP has attained 4 SU Q/ISP® Validation Certifications. Each Validation Certification is attained by attending the Q/ISP tactical security skills certification prep class that validates your tactical security skills - Q/EH, Q/SA - Q/PT License, Q/FE & Q/ND. Each certification prep class is 5 days of hands-on labs, with an online certification exam AND a hands-on "Practical" exam. You have to pass both the On-line in certification exam and the "Practical" projects before you achieve a SU Q/ISP (Validation) Certification.

Prior to 2008, if you attended Security University's EC-Council Authorized CEH™, ECSA™,CHFI™ classes and passed the exams you are eligible for the Q/ISP® Qualified Certifications but still have to pass the Q/ISP certification exam.

Since 2004 SU has certified over 3500 ECSA™/ Q/SA® Qualified Security Analysts Penetration Testers in 7 countries! Customize your Q/SA® Q/PTL training program today!

  US Congress wants hack teams for self-penetration download for more.

Compliance requirements aside, penetration testing is an absolutely critical aspect of any security program. Attackers test every company's defenses every day.

The Q/ISP Qualified/ Information Security Professional Certification Program has been short-listed as finalists for SC Magazine's Best Professional Security Training Program 2009. Click here to view the press release.

** Class fees are subject to change.