Q/ND® QUALIFIED/ NETWORK DEFENDER Q/ND® Qualified/ Network Defender This is the last class of the Q/ISP Qualified/ Information Security Professional Certification. Its the class that shows you defensive senarios to protect your networks from the hacker attacks and internal misconfiguations, data breaches and compromises. If network defense certification and security skills assessment is your goal, this class teaches you network firewall & router monitoring and defense, deep packet analysis/ including IDS & IPS, DNA malware detection and re-engineering. You learn offense from a defensive position with a "5 step" best practice process to measure your network defense goals.
75% hands-on labs for improving risk at DMZs, internet facing connections, external partner connections, intranet traffic, and managing security breaches. This certification is all about "real life" network defense scenarios.
Key topics:
• In-depth Packet Analysis labs
• Hands on Snort & IPS labs
• Hands on Live HB Gary Digital DNA labs
• Hands on Helix labs
• Hands-on reverse engineering viruses & trojan labs
• Mitigate site spoofing & phishing
• Mitigating botnets
• False alarms vs. real threats analysis
• IPS Filtering techniques
• NAC's - effective containment technique
• Best practices, step by step process for perimeter protection
• Define a recovery strategy
• 5 steps that establish measurable goals for network defenses.
What is "Qualified"
The Q/ISP Certification is obtained through Security University for the purpose of recognizing qualified individuals who have distinguished themselves as knowledgeable and proficient information security practitioners with validated hands-on tactical security skills. The Q/ISP certificate also provides THE only means of identifying and certifying qualified persons who subscribe to a rigorous requirement for maintaining their knowledge and proficiency in information security with "validated" their hands-on tactical security skills.
Certification is awarded to those qualified individuals who validate their security skills to a prescribed qualified level of tactical hands-on information security experience, comply with a professional code of ethics, and pass rigorous examinations on the Q/ISP Body of Knowledge for information security.
Keeping your Q/ISP Valid
In order to maintain currency in the field, each Q/ISP must complete participation in research or study, attendance at recognized subject-matter training and professional educational programs, presentation or publication of information security papers, contributions to the information security Q/ISP Body of Knowledge, or service in professional organizations. Each Q/SIP must acquire 120 CPE continuing professional education credits every three years. (40 credits per year)
The Q/ISP Certification does not require you to complete Q/ISP hands-on classes - however to "validate" your security skills and use the "Qualified" symbol as your trust mark, you will be asked to complete the Q/PTL workshop, the Q/FE & Q/ND practical's that validate your tactical security skills.
Who should attend:
Information Systems Managers, System Administrators, Security Systems Analyst, Database Security Analysts, Network Administrators, Gov't Consultants,and others seeking to enhance their information security knowledge.
What you will learn: 1. Essential concepts / Policy, Auditing, Certification 2. Vulnerability Analysis
3. Hacking Primer
Basic, Service attacks, Top 10
4. Perimeter Defenses
Firewalls, Stateless, Stateful, Application Proxy, Web App Firewall
5. IPS/ IDS
What is IPS/ IDS, Testing performance and effectiveness, Signatures and Analysis, Tuning
6. Advanced Threats
Advances in malware, Malware analysis
7. Endpoint and NAC protection
8. Log Analysis, SEIM and Event Correlation
1. Review of Internet Attacks
hacker trends and motives
denial-of-service attacks:
network probes and scans
IP spoofing
Trojan horses
application-level attacks
2. Characteristics of the Firewall Environment
objectives of firewalls
creating security domains
perimeter and internal firewalls
firewall rule sets - default deny vs.default allow
firewall platforms - common commercial firewalls
host-based firewalls, firewall appliances, firewall configurations
demilitarized zones (DMZs)
dual & multi-homed configurations & screened sub-networks
HA - high availability firewalls
access policy for internal applications
4. Standard (Stateless) Packet Filters
ingress and egress filtering
packet filter control points & parameters
TCP flags & ICMP message types
configuring packet filters to control access to HTTP, SMTP, DNS
addressing denial-of-service attacks: LAND, ping floods, SYN floods
dynamic access controls
authentication, authorization and accounting (AAA)
handling difficult protocols: FTP, multimedia applications
5. Stateful Inspection Firewalls
stateful inspection firewall design
configuring the TCP/IP protocol stack
IP forwarding issues
application data
Web content: ActiveX controls, Java applets
connection tables and performance
connections for UDP
handling FTP and streaming protocols
6. Proxy-Based Firewalls
address hiding
circuit-level & application-layer proxies
strengths of proxy firewalls
configuring & hardening the TCP/IP protocol stack
IP forwarding issues
configuring application proxies to support SMTP, FTP, HTTP
7. Proxy Servers for Internal to External Access
SOCKS proxy servers
Web proxy servers
port redirectors on proxy server gateways
8. Personal Firewalls
Trojan horse problems
9. Content Filtering and Prevention Tools
Deploying content filters
SMTP filters
Anti-virus
Blocking Trojans and Worms at the SMTP server
Spam filtering
Anti-relaying
Web site filtering blockers
Recommended policies and actions
Filtering mobile code: ActiveX, Java, JavaScript
Intrusion prevention tools
Integrating firewalls & Prevention Tools
Firewall penetration-testing tools
11. Firewall Management
Creating a bastion host
Creating system baselines
Monitoring the firewall
Managing firewall alerts
Best practices for incident handling
Log file management
keeping up to date: key e-mail lists and Web sites
12. Malware
Creating Botnecks
SpyWash
Automated Spyware Removal
Counting cookies
ActiveX
Log file management
keeping up to date: key URL's and Web sites
13. Network Defense & Response
Preparation
Detection
Containment
Eradication
Recovery & patching your network
Response and follow-Up
Best practices for incident handling
14. Forensics
Investigations
Law & Legislation
Investigations
Media
Process
Appendix I, II, II
What is "Qualified"
Q/ISP Certification is obtained through Security University for the purpose of recognizing qualified individuals who have distinguished themselves as knowledgeable, skilled and proficient information security practitioners with validated hands-on tactical security skills. The Q/ISP certificate also provides the ONLY means of identifying qualified security professionals who subscribe to a rigorous requirement for maintaining their knowledge and proficiency in information security with "validated" hands-on tactical security skills.
Certification is awarded to those qualified individuals who validate their security skills to a prescribed qualified level of tactical hands-on information security experience, comply with a professional code of ethics, and pass rigorous examinations on the Q/ISP Body of Knowledge for information security.
Keeping your Q/ISP Valid
In order to maintain currency in the field, each Q/ISP must complete participation in research or study, attendance at recognized subject-matter training and professional educational programs, presentation or publication of information security papers, contributions to the information security Q/ISP Body of Knowledge, or service in professional organizations. Each Q/SIP must acquire 120 CPE continuing professional education credits every three years. (40 credits per year)
The Q/ISP Certification does not require you to complete Q/ISP hands-on classes - however to "validate" your security skills and use the "Qualified" symbol as your trust mark, you will be asked to complete the Q/PTL workshop, the Q/FE & Q/ND practical's that validate your tactical security skills.
What is a Q/ISP® "Qualified" Information Security Professional Certification? The 125 question online Q/ISP certification exam has questions from 4 Q/ISP Security Skills certification prep classes:
Q/Ethical Hacking
Q/Security Analysis Penetration Testing
Q/Forensics Expert
Q/Network Defense
The Q/ISP, Q/EH, Q/SA-Q/PTL, Q/FE & Q/ND certification exams do not require training classes.
The Q/ISP certification is awaiting NOCA's new assessment based certification approval.
What is a "Qualified" Q/ISP? A Qualified Q/ISP has attained 4 SU Q/ISP® Validation Certifications. Each Validation Certification is attained by attending the Q/ISP tactical security skills certification prep class that validates your tactical security skills - Q/EH, Q/SA - Q/PT License, Q/FE & Q/ND. Each certification prep class is 5 days of hands-on labs, with an online certification exam AND a hands-on "Practical" exam. You have to pass both the On-line in certification exam and the "Practical" projects before you achieve a SU Q/ISP (Validation) Certification.
Prior to 2008, if you attended Security University's EC-Council Authorized CEH™, ECSA™,CHFI™ classes and passed the exams you are eligible for the Q/ISP® Qualified Certifications but still have to pass the Q/ISP certification exam.
Since 2004 SU has certified over 3500 ECSA™/ Q/SA® Qualified Security Analysts Penetration Testers in 7 countries!
Customize your Q/SA® Q/PTL training program today! US Congress wants hack teams for self-penetration download for more..
Compliance requirements aside, penetration testing is an absolutely critical aspect of any security program. Attackers test every company's defenses every day.
The Q/ISP Qualified/ Information Security Professional Certification Program has been short-listed as finalists for SC Magazine's Best Professional Security Training Program 2009. Click here to view the press release.
