SECFND - Understanding Cisco Cybersecurity Fundamentals
Introdução
The Understanding Cisco Cybersecurity Fundamentals (SECFND) course gives you foundation-level knowledge of common security concepts, basic security techniques, and the fundamentals of applications, operating systems, and networking used in a Security Operations Center (SOC). This course helps you learn to find threats within a real-life network infrastructure using a variety of popular security tools. Through expert instruction and hands-on experience using enterprise-grade security tools, you will learn the basics of network and security concepts, endpoint attacks, cryptography, analysis, and monitoring. This course provides introductory knowledge for those interested in entering the field of cybersecurity and prepares you for the 210-250 SECFND exam, one of the two exams for the current Cisco Certified CyberOps Associate* certification.
Today’s cybersecurity professionals need to detect, investigate, and respond to a wide variety of security events. This course will help you gain the skills to play a role in your organization’s SOC detecting and responding to security events.
SECOPS v1.0 allows learners to understand how a Security Operations Center (SOC) functions while gaining the introductory-level skills and knowledge needed in this environment. Students obtain the core skills necessary to grasp the associate-level materials in the 210-255 SECOPS exam, which, when combined with passing the 210-250 SECFND exam, leads to the Cisco CCNA Cyber Ops certification.
Today’s cybersecurity professionals need to detect, investigate, and respond to a wide variety of security events. This course will help you gain the skills to play a role in your organization’s SOC detecting and responding to security events.
SECOPS v1.0 allows learners to understand how a Security Operations Center (SOC) functions while gaining the introductory-level skills and knowledge needed in this environment. Students obtain the core skills necessary to grasp the associate-level materials in the 210-255 SECOPS exam, which, when combined with passing the 210-250 SECFND exam, leads to the Cisco CCNA Cyber Ops certification.
Calendário
Próximas Datas
| Data | ||
| Solicitar mais informaçõess | ||
Baixar PDF
Carga Horária:
40 horas
Investimento:
Preço sob consulta
Solicitar Cotação
Formatos de Entrega
Público Alvo
Any learner interested in entering associate-level cybersecurity roles such as:
• SOC cybersecurity analysts
• Computer or network defense analysts
• Computer network defense infrastructure support personnel
• Future incident responders and SOC personnel
• Cisco integrators or partners
• SOC cybersecurity analysts
• Computer or network defense analysts
• Computer network defense infrastructure support personnel
• Future incident responders and SOC personnel
• Cisco integrators or partners
Objetivo
The United States Department of Defense recognizes Cisco CCNA CyberOps certification (now called Cisco Certified CyberOps Associate) as an approved baseline certification in the Information Assurance (IA) Workforce CCSP Incident Responder and CCSP Analyst job categories. Please see Cisco CCNA Cyber Ops and the DoD Approved 8570 Baseline Certifications for more information.
After completing this course, you will have basic knowledge that is required to perform the job role of an entry-level cybersecurity analyst in a threat-centric security operations center.
This course will help you:
• Learn fundamental principles of cryptography, applications, operating systems, and networking
• Learn foundational knowledge for detecting and responding to cybersecurity incidents, including monitoring, analysis, and understanding common attacks
• Prepare for the Cisco Certified CyberOps Associate certification with hands-on practice using real-life security analysis tools, such as those found in a Linux distribution
• Start your career in the high-demand area of cybersecurity
• After taking this course, you should be able to:
• Describe network operations and attacks, basic cryptography concepts, and network infrastructure device operations
• Describe basic Windows and Linux OS operations, common network applications and attacks, endpoint attacks, and network and endpoint security solutions
• Describe security data collection and monitoring, and the common threat models that security operations organizations can reference when performing cybersecurity analysis
After completing this course, you will have basic knowledge that is required to perform the job role of an entry-level cybersecurity analyst in a threat-centric security operations center.
This course will help you:
• Learn fundamental principles of cryptography, applications, operating systems, and networking
• Learn foundational knowledge for detecting and responding to cybersecurity incidents, including monitoring, analysis, and understanding common attacks
• Prepare for the Cisco Certified CyberOps Associate certification with hands-on practice using real-life security analysis tools, such as those found in a Linux distribution
• Start your career in the high-demand area of cybersecurity
• After taking this course, you should be able to:
• Describe network operations and attacks, basic cryptography concepts, and network infrastructure device operations
• Describe basic Windows and Linux OS operations, common network applications and attacks, endpoint attacks, and network and endpoint security solutions
• Describe security data collection and monitoring, and the common threat models that security operations organizations can reference when performing cybersecurity analysis
Pré Requisitos
We recommend that you have knowledge of one or more of the following before attending this course:
• Familiarity with basic networking concepts
• Working knowledge of the Windows operating system
• Familiarity with the Linux operating system
• Familiarity with basic networking concepts
• Working knowledge of the Windows operating system
• Familiarity with the Linux operating system
Conteúdo Programatico
Course Introduction
Course Outline
Course Goals & Objectives
TCP/IP and Cryptography Concepts
Describe the concepts and usage of the TCP/IP protocol suite, network infrastructure, TCP/IP attacks, and cryptography.
Describe the TCP/IP protocol suite and its functions.
Describe the OSI model and its function.
Explain the TCP/IP protocol suite.
Explain Internet Protocol characteristics.
Explain IPv4 addressing concepts.
Explain IPv4 address classes.
Describe IPv4 reserved addressing space.
Describe the difference between public and private IP address space.
Describe IPv6 addressing.
Describe TCP protocol characteristics.
Explain the TCP three-way handshake process.
Describe the UDP protocol and how it differs from TCP.
Explain the use of TCP and UDP ports in network communications
Explain how ARP provides the essential service of mapping IP addresses to physical addresses on a network.
Describe the steps required for host-to-host packet delivery using TCP.
Describe how the DHCP protocol functions.
Decribe basic DNS function and operation.
Describe the use and role of ICMP.
Packet Capture Using tcpdump
Describe how Wireshark is used to capture packets live and to open PCAP files.
Understanding the Network Infrastructure
Describe network devices and the protocols running inside the network infrastructure and investigate the logs that network devices generate.
Describe attacks that target the Dynamic Host Configuration Protocol and how to monitor DHCP exchanges.
Describe how to scale IP networks with IP subnetting.
Describe hub, bridge, and layer 2 switch operation and concepts.
Describe the function of VLANs and trunks at layer 2.
Describe layer 2 spanning-tree protocol.
Describe Standalone (Autonomous) and Lightweight Access Points, and their security vulnerabilities.
Describe the use of routers and the routing process used in network communications.
Describe routing protocols and attacks that can be used against them.
Describe how multilayer switches operate and how frame and packet forwarding take place on the switch.
Describe Network Address Translation (NAT) fundamental concepts.
Describe the purpose of Access List Control lists.
Describe ACL operation when using the established option.
Understanding Common TCP/IP Attacks
Describe security flaws in the TCP/IP protocol and how they can be used to attack networks and hosts.
Describe legacy TCP/IP vulnerabilities.
Describe vulnerabilities related to the IP protocol.
Describe vulnerabilities related to the ICMP protocol.
Describe vulnerabilities related to the TCP protocol.
Describe vulnerabilities related to the UDP protocol.
Describe the attack surface and its relation to an organizations vulnerability.
Describe how network data is collected through a reconnaissance attack.
Describe how an access attack is used to gain unauthorized access.
Man-in-the-Middle (MITM) Attacks
Describe how DoS and DDoS attacks are used against networks.
Describe how a reflection attack is used against IP hosts.
Spoofing Attacks
Describe the concepts and uses of spoofing attacks.
Describe the concepts and use of DHCP attacks.
Understanding Basic Cryptography Concepts
Describe the basic concepts and uses of cryptography.
Describe the impact of cryptography on security investigations.
Describe cryptography concepts.
Describe hashing mechanisms and algorithms.
Describe encryption usage and features.
Describe the use of cryptanalysis to break codes to decipher encrypted data.
Describe the use of symmetric encryption algorithms.
Describe the use of asymmetric cryptographic algorithms.
Describe the Diffie-Hellman key agreement and Diffie-Hellman groups.
Describe uses of the SSH protocol.
Describe the basic security services offered with the use of digital signatures.
Describe PKI components and use.
Describe PKI operations.
Describe a use case for SSL/TLS.
Describe cipher suite concepts.
Describe key management for the secure generation, verification, exchange, storage, and destruction of keys.
Describe NSA Suite B cryptographic algorithms.
Network Applications and Endpoint Security
Describing Information Security Concepts
Describe information security concepts and strategies within the network.
Describe the Information Security CIA triad.
Describe PII as it relates to information security.
Describe risk as a function of the likelihood of a given threat source’s exercising a particular potential vulnerability.
Describe vulnerability assessment in the context of information security.
Describe the CVSS.
Describe basic models for implementing access controls over network resources.
Describe compliance regulations and their effects on an organization.
Describe frameworks for information security management.
Describe the SOC components of people, processes, and technologies, and the reason for the SOC.
Understanding Network Applications
Explain DNS terminology and operations.
Describe the process of recursive DNS queries.
Describe the automated discovery and registration process of the client public IP addresses via DDNS.
Describe HTTP operations and traffic analysis to identify anomalies in the HTTP traffic.
Describe the use of and operation of HTTPS traffic.
Describe how web scripting can be used to deliver malware.
Describe how SQL is used to query, operate, and administer relational database management systems as well as how to recognize SQL based attacks.
Describe how the mail delivery process works, and SMTP conversations.
Understanding Common Network Application Attacks
Describe password attacks such as brute force and dictionary attacks.
Describe pass-the-hash attacks.
Describe DNS-based attacks.
Describe DNS tunneling and its use to exfiltrate data out of their networks.
Describe web-based attacks and their risk to businesses.
Describe malicious scripts that are hidden inside inline frames.
Describe web site redirection with HTTP 302 cushioning.
Describe the domain shadowing process used to hijack users' domain registration logins to create subdomains.
Describe command injection used to execute arbitrary commands on vulnerable web applications.
Describe how SQL injections are used against databases.
Describe how cross-site scripting and request forgery are used to threaten the security of web applications.
Describe how email-based attacks are used against enterprises.
Understanding Windows Operating System Basics
Describe the history on the Windows operating systems and vulnerabilities.
Describe the Windows OS architecture and components.
Describe Windows processes, threads, and handles.
Describe virtual memory allocation in the Windows OS.
Describe Windows services and how they are used.
Describe the functionality of Windows NTFS.
Describe the Windows NTFS structure.
Describe Windows domains and local user accounts.
Describe the Windows graphical user interface and its use.
Describe how to perform tasks in Windows which may require administrator privileges.
Windows Command Line Interface
Describe the features of the Windows PowerShell.
Windows net Command
Describe how the net command is used for Windows administration and maintenance.
Describe how to control Windows startup services, and execute a system shutdown.
Describe how to control Windows services and processes that are operating on a host.
Describe how to monitor Windows system resources with the use of Windows Task Manager.
Describe the Windows boot process, starting services, and registry entries.
Describe how to configure Windows networking properties.
Describe how to use the netstat command to view running networking functions.
Describe how access Windows network resources and perform remote functions.
Describe the use of the Windows registry.
Describe how the Windows Event Viewer is used to browse and manage event logs.
Describe how the Windows Management Instrumentation is used for management of data and operations on Windows-based operating systems.
Describe common Windows server functions and features.
Describe commonly used third-party tools to manage to manage Windows operating systems.
Understanding Linux Operating System Basics
Provide brief history and benefits of Linux operating system
Describe Linux architecture.
Provide an overview of the Linux file system.
Describe basic file system navigation and management commands in Linux.
Describe Linux file properties and permissions.
Describe Linux commands that you can use to manage file permissions and ownership.
Describe Root and Sudo commands in Linux.
Describe Linux storage disks and file systems.
Describe the Linux boot process.
Describe alternate startup options in case Linux is experiencing problems or has been compromised.
Describe properly procedure to shut down a Linux-based system when you need to bring the system down for maintenance or troubleshooting.
Describe Linux system processes.
Describe mechanisms for interacting with the Linux operating system.
Explore important concepts about the Linux shell and its usage.
Explore Linus Piping command output.
Describe other useful Linux command line tools.
Provide an overview of Secure Shell Protocol.
Describe Linux f tools and features for managing virtually every aspect of networking and connectivity configuration.
Describe the process of managing services in SysV environments.
Describe tools to track the services running in your Linux installation.
Provide an overview of the Domain Name System.
Explore the Linux operating system tools to test name resolution.
Explore Linux tools to viewing network traffic.
Explore logging functionality in context to Linux systems.
Configure remote syslog in context to Linux systems.
Describe requirements to run software in a Linux installation.
Explore Linux executable files and interpreters that can execute code.
Describe package managers to install software in Linux.
Describe system applications used to serve clients in context to Linux.
Provide an overview of the Lightweight Directory Access Protocol.
Understanding Common Endpoint Attacks
Describe various attack techniques against the endpoints.
Classify attacks, exploits, and vulnerabilities in context to endpoint attacks.
Describe buffer overflow vulnerability.
Describe malware in context to endpoint attacks.
Describe reconnaissance in context to endpoint attacks.
Describe gaining access and control in context to endpoint attacks.
Describe how social engineering is used to gain access to endpoints.
Describe phishing as an example of social engineering.
Describe how attacker can gain access via web-based attacks.
Describe how attackers can use exploit kit to discover and exploit vulnerabilities in an endpoint.
Describe rootkit as an attacker tool.
Describe mechanisms that attackers can use to escalate privileges.
Describe how attackers use pivoting technique to expand their access in a network.
Provide example of tools used in the post-exploitation phase of an attack.
Describe Angler exploit kit chain of events.
Understanding Network Security Technologies
Describe how various network security technologies work together to guard against attacks.
Describe the traditional Defense-in-Depth approach to provide a layered security by using multiple security mechanisms.
Describe the security model that works across the attack continuum.
Describe AAA: Authentication, Authorization, and Accounting
Describe Identity and Access Management solutions.
Describe stateful firewalls.
This topic describes network taps.
This topic describes switched port analyzer.
This topic describes remote switched port analyzer.
Describe Intrusion Prevention Systems.
Describe Intrusion Prevention Systems Evasion Techniques.
Describe Snort Rules
Describe Intrusion Prevention Systems.
Describe VPNs.
Describe email content security.
Describe web content security.
Describe DNS security.
Describe network-based malware protection.
Describe Next Generation Firewall.
Describe the use of security intelligence feed.
Describe threat analytics systems
Describe the three network security device form factors: physical, virtual, and cloud.
Describe the Security Onion open source security monitoring tool.
Security Tools Reference
Describe online security research tools.
Understanding Endpoint Security Technologies
Provides basic understanding of endpoint security and be familiar with common endpoint security technologies.
Describe host-based personal firewall.
Describe host-based anti-virus.
Describe host-based Intrusion Prevention System.
Describe application whitelists and blacklists.
Describe host-based malware protection.
Describe sandboxing in context to network security.
Describe how security analysts use file integrity checking tools.
Security Monitoring and Analysis
This module discusses network security monitoring, data collection, and data analysis.
Describing Security Data Collection
Describe placement of network security monitoring devices on the network.
Describe the various types of data used in monitoring network security.
Describe the importance and use of IPS alerts in network security monitoring.
Describe true and false positive IPS alerts and their effects on security monitoring.
Describe the process of IPS alert analysis.
Describe the context of a security incident in firewall syslog messages.
Describe the need for network DNS activity log analysis.
Describe web proxy log analysis for investigating web-based attacks.
Describe email proxy log analysis for investigating email-based attacks.
Describe AAA server log analysis.
Describe NGFW log analysis for incident investigation.
Describe application log analysis for detecting application misuse.
Describe packet capture usage and benefits for investigating security incidents.
Describe the use of NetFlow for collection and monitoring of network traffic flow data.
Describe network behavior anomaly monitoring for detecting deviations from the normal patterns.
Decribe using NetFlow for data loss detection.
Describe the deployment and use of SIEMs to collect, sort, process, prioritize, store, and report the alarms.
Describing Security Event Analysis
Explore the different threat models that security operations organizations can reference when performing cybersecurity analysis.
Provide overview of the cyber kill chain model that describes the structure of an attack.
Describe advanced persistence threats characteristics.
Describe the Diamond model for intrusion analysis.
Summarize cybersecurity threat models.
Provide an overview of the SOC runbook automation.
Describe how malware reverse engineering can help protect or defend against future attacks.
Describe chain of custody for all evidence and interacting with law enforcement.
Lab outline
Lab 1: Explore the TCP/IP Protocol Suite
Lab 2: Explore the Network Infrastructure
Lab 3: Explore TCP/IP Attacks
Lab 4: Explore Cryptographic Technologies
Lab 5: Explore Network Applications
Lab 6: Explore Network Application Attacks
Lab 7: Explore the Windows Operating System
Lab 8: Explore the Linux Operating System
Lab 9: Explore Endpoint Attacks
Lab 10: Explore Network Security Technologies
Lab 11: Explore Endpoint Security
Lab 12: Explore Security Data for Analysis
Course Outline
Course Goals & Objectives
TCP/IP and Cryptography Concepts
Describe the concepts and usage of the TCP/IP protocol suite, network infrastructure, TCP/IP attacks, and cryptography.
Describe the TCP/IP protocol suite and its functions.
Describe the OSI model and its function.
Explain the TCP/IP protocol suite.
Explain Internet Protocol characteristics.
Explain IPv4 addressing concepts.
Explain IPv4 address classes.
Describe IPv4 reserved addressing space.
Describe the difference between public and private IP address space.
Describe IPv6 addressing.
Describe TCP protocol characteristics.
Explain the TCP three-way handshake process.
Describe the UDP protocol and how it differs from TCP.
Explain the use of TCP and UDP ports in network communications
Explain how ARP provides the essential service of mapping IP addresses to physical addresses on a network.
Describe the steps required for host-to-host packet delivery using TCP.
Describe how the DHCP protocol functions.
Decribe basic DNS function and operation.
Describe the use and role of ICMP.
Packet Capture Using tcpdump
Describe how Wireshark is used to capture packets live and to open PCAP files.
Understanding the Network Infrastructure
Describe network devices and the protocols running inside the network infrastructure and investigate the logs that network devices generate.
Describe attacks that target the Dynamic Host Configuration Protocol and how to monitor DHCP exchanges.
Describe how to scale IP networks with IP subnetting.
Describe hub, bridge, and layer 2 switch operation and concepts.
Describe the function of VLANs and trunks at layer 2.
Describe layer 2 spanning-tree protocol.
Describe Standalone (Autonomous) and Lightweight Access Points, and their security vulnerabilities.
Describe the use of routers and the routing process used in network communications.
Describe routing protocols and attacks that can be used against them.
Describe how multilayer switches operate and how frame and packet forwarding take place on the switch.
Describe Network Address Translation (NAT) fundamental concepts.
Describe the purpose of Access List Control lists.
Describe ACL operation when using the established option.
Understanding Common TCP/IP Attacks
Describe security flaws in the TCP/IP protocol and how they can be used to attack networks and hosts.
Describe legacy TCP/IP vulnerabilities.
Describe vulnerabilities related to the IP protocol.
Describe vulnerabilities related to the ICMP protocol.
Describe vulnerabilities related to the TCP protocol.
Describe vulnerabilities related to the UDP protocol.
Describe the attack surface and its relation to an organizations vulnerability.
Describe how network data is collected through a reconnaissance attack.
Describe how an access attack is used to gain unauthorized access.
Man-in-the-Middle (MITM) Attacks
Describe how DoS and DDoS attacks are used against networks.
Describe how a reflection attack is used against IP hosts.
Spoofing Attacks
Describe the concepts and uses of spoofing attacks.
Describe the concepts and use of DHCP attacks.
Understanding Basic Cryptography Concepts
Describe the basic concepts and uses of cryptography.
Describe the impact of cryptography on security investigations.
Describe cryptography concepts.
Describe hashing mechanisms and algorithms.
Describe encryption usage and features.
Describe the use of cryptanalysis to break codes to decipher encrypted data.
Describe the use of symmetric encryption algorithms.
Describe the use of asymmetric cryptographic algorithms.
Describe the Diffie-Hellman key agreement and Diffie-Hellman groups.
Describe uses of the SSH protocol.
Describe the basic security services offered with the use of digital signatures.
Describe PKI components and use.
Describe PKI operations.
Describe a use case for SSL/TLS.
Describe cipher suite concepts.
Describe key management for the secure generation, verification, exchange, storage, and destruction of keys.
Describe NSA Suite B cryptographic algorithms.
Network Applications and Endpoint Security
Describing Information Security Concepts
Describe information security concepts and strategies within the network.
Describe the Information Security CIA triad.
Describe PII as it relates to information security.
Describe risk as a function of the likelihood of a given threat source’s exercising a particular potential vulnerability.
Describe vulnerability assessment in the context of information security.
Describe the CVSS.
Describe basic models for implementing access controls over network resources.
Describe compliance regulations and their effects on an organization.
Describe frameworks for information security management.
Describe the SOC components of people, processes, and technologies, and the reason for the SOC.
Understanding Network Applications
Explain DNS terminology and operations.
Describe the process of recursive DNS queries.
Describe the automated discovery and registration process of the client public IP addresses via DDNS.
Describe HTTP operations and traffic analysis to identify anomalies in the HTTP traffic.
Describe the use of and operation of HTTPS traffic.
Describe how web scripting can be used to deliver malware.
Describe how SQL is used to query, operate, and administer relational database management systems as well as how to recognize SQL based attacks.
Describe how the mail delivery process works, and SMTP conversations.
Understanding Common Network Application Attacks
Describe password attacks such as brute force and dictionary attacks.
Describe pass-the-hash attacks.
Describe DNS-based attacks.
Describe DNS tunneling and its use to exfiltrate data out of their networks.
Describe web-based attacks and their risk to businesses.
Describe malicious scripts that are hidden inside inline frames.
Describe web site redirection with HTTP 302 cushioning.
Describe the domain shadowing process used to hijack users' domain registration logins to create subdomains.
Describe command injection used to execute arbitrary commands on vulnerable web applications.
Describe how SQL injections are used against databases.
Describe how cross-site scripting and request forgery are used to threaten the security of web applications.
Describe how email-based attacks are used against enterprises.
Understanding Windows Operating System Basics
Describe the history on the Windows operating systems and vulnerabilities.
Describe the Windows OS architecture and components.
Describe Windows processes, threads, and handles.
Describe virtual memory allocation in the Windows OS.
Describe Windows services and how they are used.
Describe the functionality of Windows NTFS.
Describe the Windows NTFS structure.
Describe Windows domains and local user accounts.
Describe the Windows graphical user interface and its use.
Describe how to perform tasks in Windows which may require administrator privileges.
Windows Command Line Interface
Describe the features of the Windows PowerShell.
Windows net Command
Describe how the net command is used for Windows administration and maintenance.
Describe how to control Windows startup services, and execute a system shutdown.
Describe how to control Windows services and processes that are operating on a host.
Describe how to monitor Windows system resources with the use of Windows Task Manager.
Describe the Windows boot process, starting services, and registry entries.
Describe how to configure Windows networking properties.
Describe how to use the netstat command to view running networking functions.
Describe how access Windows network resources and perform remote functions.
Describe the use of the Windows registry.
Describe how the Windows Event Viewer is used to browse and manage event logs.
Describe how the Windows Management Instrumentation is used for management of data and operations on Windows-based operating systems.
Describe common Windows server functions and features.
Describe commonly used third-party tools to manage to manage Windows operating systems.
Understanding Linux Operating System Basics
Provide brief history and benefits of Linux operating system
Describe Linux architecture.
Provide an overview of the Linux file system.
Describe basic file system navigation and management commands in Linux.
Describe Linux file properties and permissions.
Describe Linux commands that you can use to manage file permissions and ownership.
Describe Root and Sudo commands in Linux.
Describe Linux storage disks and file systems.
Describe the Linux boot process.
Describe alternate startup options in case Linux is experiencing problems or has been compromised.
Describe properly procedure to shut down a Linux-based system when you need to bring the system down for maintenance or troubleshooting.
Describe Linux system processes.
Describe mechanisms for interacting with the Linux operating system.
Explore important concepts about the Linux shell and its usage.
Explore Linus Piping command output.
Describe other useful Linux command line tools.
Provide an overview of Secure Shell Protocol.
Describe Linux f tools and features for managing virtually every aspect of networking and connectivity configuration.
Describe the process of managing services in SysV environments.
Describe tools to track the services running in your Linux installation.
Provide an overview of the Domain Name System.
Explore the Linux operating system tools to test name resolution.
Explore Linux tools to viewing network traffic.
Explore logging functionality in context to Linux systems.
Configure remote syslog in context to Linux systems.
Describe requirements to run software in a Linux installation.
Explore Linux executable files and interpreters that can execute code.
Describe package managers to install software in Linux.
Describe system applications used to serve clients in context to Linux.
Provide an overview of the Lightweight Directory Access Protocol.
Understanding Common Endpoint Attacks
Describe various attack techniques against the endpoints.
Classify attacks, exploits, and vulnerabilities in context to endpoint attacks.
Describe buffer overflow vulnerability.
Describe malware in context to endpoint attacks.
Describe reconnaissance in context to endpoint attacks.
Describe gaining access and control in context to endpoint attacks.
Describe how social engineering is used to gain access to endpoints.
Describe phishing as an example of social engineering.
Describe how attacker can gain access via web-based attacks.
Describe how attackers can use exploit kit to discover and exploit vulnerabilities in an endpoint.
Describe rootkit as an attacker tool.
Describe mechanisms that attackers can use to escalate privileges.
Describe how attackers use pivoting technique to expand their access in a network.
Provide example of tools used in the post-exploitation phase of an attack.
Describe Angler exploit kit chain of events.
Understanding Network Security Technologies
Describe how various network security technologies work together to guard against attacks.
Describe the traditional Defense-in-Depth approach to provide a layered security by using multiple security mechanisms.
Describe the security model that works across the attack continuum.
Describe AAA: Authentication, Authorization, and Accounting
Describe Identity and Access Management solutions.
Describe stateful firewalls.
This topic describes network taps.
This topic describes switched port analyzer.
This topic describes remote switched port analyzer.
Describe Intrusion Prevention Systems.
Describe Intrusion Prevention Systems Evasion Techniques.
Describe Snort Rules
Describe Intrusion Prevention Systems.
Describe VPNs.
Describe email content security.
Describe web content security.
Describe DNS security.
Describe network-based malware protection.
Describe Next Generation Firewall.
Describe the use of security intelligence feed.
Describe threat analytics systems
Describe the three network security device form factors: physical, virtual, and cloud.
Describe the Security Onion open source security monitoring tool.
Security Tools Reference
Describe online security research tools.
Understanding Endpoint Security Technologies
Provides basic understanding of endpoint security and be familiar with common endpoint security technologies.
Describe host-based personal firewall.
Describe host-based anti-virus.
Describe host-based Intrusion Prevention System.
Describe application whitelists and blacklists.
Describe host-based malware protection.
Describe sandboxing in context to network security.
Describe how security analysts use file integrity checking tools.
Security Monitoring and Analysis
This module discusses network security monitoring, data collection, and data analysis.
Describing Security Data Collection
Describe placement of network security monitoring devices on the network.
Describe the various types of data used in monitoring network security.
Describe the importance and use of IPS alerts in network security monitoring.
Describe true and false positive IPS alerts and their effects on security monitoring.
Describe the process of IPS alert analysis.
Describe the context of a security incident in firewall syslog messages.
Describe the need for network DNS activity log analysis.
Describe web proxy log analysis for investigating web-based attacks.
Describe email proxy log analysis for investigating email-based attacks.
Describe AAA server log analysis.
Describe NGFW log analysis for incident investigation.
Describe application log analysis for detecting application misuse.
Describe packet capture usage and benefits for investigating security incidents.
Describe the use of NetFlow for collection and monitoring of network traffic flow data.
Describe network behavior anomaly monitoring for detecting deviations from the normal patterns.
Decribe using NetFlow for data loss detection.
Describe the deployment and use of SIEMs to collect, sort, process, prioritize, store, and report the alarms.
Describing Security Event Analysis
Explore the different threat models that security operations organizations can reference when performing cybersecurity analysis.
Provide overview of the cyber kill chain model that describes the structure of an attack.
Describe advanced persistence threats characteristics.
Describe the Diamond model for intrusion analysis.
Summarize cybersecurity threat models.
Provide an overview of the SOC runbook automation.
Describe how malware reverse engineering can help protect or defend against future attacks.
Describe chain of custody for all evidence and interacting with law enforcement.
Lab outline
Lab 1: Explore the TCP/IP Protocol Suite
Lab 2: Explore the Network Infrastructure
Lab 3: Explore TCP/IP Attacks
Lab 4: Explore Cryptographic Technologies
Lab 5: Explore Network Applications
Lab 6: Explore Network Application Attacks
Lab 7: Explore the Windows Operating System
Lab 8: Explore the Linux Operating System
Lab 9: Explore Endpoint Attacks
Lab 10: Explore Network Security Technologies
Lab 11: Explore Endpoint Security
Lab 12: Explore Security Data for Analysis