Transcription
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35Course ContentCourse Description:Certified Network Defender (CND) is a vendor-neutral, hands-on, instructor-led comprehensivenetwork security certification training program. It is a skills-based, lab intensive program based on ajob-task analysis and cybersecurity education framework presented by the National Initiative ofCybersecurity Education (NICE). The course has also been mapped to global job roles andresponsibilities and the Department of Defense (DoD) job roles for system/network administrators.The course is designed and developed after extensive market research and surveys.The program prepares network administrators on network security technologies and operations toattain Defense-in-Depth network security preparedness. It covers the Protect, Detect and Respondapproach to network security. The course contains hands-on labs, based on major network securitytools and techniques which will provide network administrators real world expertise on currentnetwork security technologies and operations. The study-kit provides you with over 10 GB ofnetwork security best practices, assessments and protection tools. The kit also contains templates forvarious network policies and a large number of white papers for additional learning.At Course Completion:After competing this course: Students will learn about various network security controls, protocols, and devices.Students will be able to troubleshoot their network for various network problems.Students will be able to identify various threats on organization network.Students will learn how to design and implement various security policies for their organizations.Students will learn the importance of physical security and be able to determine and implementvarious physical security controls for their organizations.Students will be able to harden security of various hosts individually in the organization’s network.Students will be able to choose appropriate firewall solution, topology, and configurations to hardensecurity through firewall.Students will be able to determine appropriate location for IDS/ISP sensors, tuning IDS for falsepositives and false negatives, and configurations to harden security through IDPS technologies.Students will be able to implement secure VPN implementation for their organization.Students will be able to identify various threats to a wireless network and learn how to mitigate them.Students will be able to monitor and conduct signature analysis to detect various types of attacks andpolicy violation activities.Students will be able to perform risk assessment, identify vulnerability assessment with the method ofscanning through various scanning tools, and generate detailed reports on the risk.www.tcworkshop.comPages 1 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 Students will be able to provide first response to the network security incident and assist IRT team andforensics investigation team in dealing with the incident.Why Certified Network Defender:Organizational focus on cyber defense is more important than eve a cyber breaches have a fargreater financial impact and can cause broad reputational damage.Despite best efforts to prevent breaches, many organizations are still being compromised. Thereforeorganizations must have, as part of their defense mechanisms, trained network engineers who arefocused on protecting, detecting, and responding to the threats on their networks.Network administrators spends a lot of time with network environments, and are familiar withnetwork components, traffic, performance and utilization, network topology, location of each system,security policy, etc.So, organizations can be much better in defending themselves from vicious attacks if the IT andnetwork administrators equipped with adequate network security skills. Thus Networkadministrator can play a significant role in network defense and become first line of defense for anyorganization.Target Students: Network AdministratorsNetwork Security AdministratorsNetwork Security EngineersNetwork Defense TechniciansCND AnalystsSecurity AnalystsSecurity OperatorsAnyone who is involved in network s 2 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35Topics:Module 01: Computer Network and DefenseFundamentals Network Fundamentals Computer Network Types of Network Major Network Topologies Network Components Network Interface Card (NIC) Repeater Hub Switches Router Bridges Gateways TCP/IP Networking Basics Standard Network Models: OSI Model Standard Network Models: TCP/IPModel Comparing OSI and TCP/IP TCP/IP Protocol Stock Domain Name System (DNS) DNS Packet Format Transmission control Protocol (TCP)o TCP Header Formato TCP Serviceso TCP Operationo Three-way Handshake User Datagram Protocol (UDP)o UDP Operation IP Headero IP Header: Protocol Fieldo What is Internet Protocol v6(IPv6)?o IPv6 Header Internet Control Message Protocol(ICMP)o Format of an ICMP Message Address Resolution Protocol (ARP)o ARP Packet Formatwww.tcworkshop.com EthernetFiber Distributed Data Interface (FDDI)Token Ringo IP Addressing Classful IP Addressing Address Classes Reserved IP Address Subnet Maskingo Subnettingo SupersubnettingIPv6 Addressingo Difference between IPv4 andIPv6o IPv4 compatible IPv6 AddressComputer Network Defense (CND) Computer Fundamental Attributes What CND is NOT CND Layerso CND Layers: Technologieso CND Layer 2: Operationso CND Layer 3: People Blue Teaming Network Defense-In-Depth Typical Secure Network DesignCND TriadCND ProcessCND ActionsCND ApproachesModule 2: Network Security ThreatsVulnerabilities, and Attacks Essential Terminologies Threats Vulnerabilities Attacks Network Security Concerns Why Network Security Concern Arises? Fundamental Network Security Threats Types of Network Security ThreatsPages 3 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 Where they arise from?How does network security breachaffects business continuity?Network Security Vulnerabilities Types of Network SecurityVulnerabilities Technological Vulnerabilities Configuration Vulnerabilities Security Policy Vulnerabilities Types of Network Security AttacksNetwork Reconnaissance Attacks Reconnaissance Attackso ICMP Scanningo Ping Sweepo DNS Footprintingo Network Range Discoveryo Network Topology Identificationo Network Information ExtractionUsing Nmap Scano Port Scanningo Network Sniffingo How an Attacker Hacks theNetwork Using Snifferso Social Engineering AttacksNetwork Access Attacks Password Attacks Password Attack Techniqueso Dictionary Attacko Brute Forcing Attackso Hybrid Attacko Birthday Attacko Rainbow Table Attack Man-in-the-Middle Attack Replay Attack Smurf Attack Spam and Spim Xmas Attack Pharming Privilege Escalation DNS Poisoningwww.tcworkshop.com DNS Cache PoisoningARP PoisoningDHCP Attacks: DHCP StarvationAttackso DHCP Spoofing Attack Switch Port Stealing Spoofing Attackso MAC Spoofing/DuplicatingDenial of Service (DoS) AttacksDistributed Denial-of-Service Attack (DDoS)Malware Attacks Malwareo Types of Malware: Trojano Types of Malware: Virus andArmored Virus Malware Attackso Adwareo Spywardo Rootkitso Backdoorso Logic Bombo Botnetso Ransomwareo Polymorphic MalwareModule 3: Network Security Controls, Protocols,and Devices Fundamental Elements of Network Security Network Security Controls Network Security Protocols Network Security Perimeter Appliances Network Security Controls Access Controlo Access Control Terminologyo Access Control Principleso Access Control System:Administrative Access Controlo Access Control System: PhysicalAccess ControlsPages 4 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 o Access Control System:Technical Access Controls Types of Access Controlo Discretionary Access Control(DAC)o Mandatory Access Control(MAC)o Role-Based Access Network Access Control (NAC) NAC SolutionsUser Identification, Authentication,Authorization and AccountingTypes of Authentication Password Authentication Two-Factor Authentication Biometrics Smart Card Authentication Single Sign-On (SSO)Types of Authorization Systems Centralized Authorization Implicit Authorization Decentralized Authorization Explicit AuthorizationAuthorization Principles Least Privilege Separation of DutiesCryptography Encryptiono Symmetric Encryptiono Asymmetric Encryption Hashing: Data Integrity Digital Signatures Digital Certificates Public Key Infrastructure (PKI)Security Policy Network Security Policy Key Consideration for Network SecurityPolicy Types of Network Security PoliciesNetwork Security Deviceswww.tcworkshop.com FirewallsDMZVirtual Private Network (VPN)Proxy Servero Advantages of using ProxyServerso Proxy Tools Honeypoto Advantages of using Honeypotso Honeypot Tools Intrusion Detection System (IDS) Intrusion Prevention System (IPS) IDS/IPS Solutions Network Protocol Analyzero How it Workso Advantages of using NetworkProtocol Analyzero Network Protocol AnalyzerTools Internet Content Filtero Advantages of using InternetContent Filterso Internet Content Filters Integrated Network Security HardwareNetwork Security Protocolso Transport Layero Network Layero Application Layero Data Link Layer RADIUS TACACS Kerbros Pretty Good Service (PGP) Protocol S/MIME Protocolo How it Workso Difference between PGP andS/MIME Secure HTTP Hyper Text Transfer Protocol Secure(HTTPS)Pages 5 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 Transport Layer Security (TLS)Internet Protocol Security (IPsec)Module 4: Network Security Policy Design andImplementation What is Security Policy? Hierarchy of Security Policy Characteristics of a Good Security Policy Contents of Security Policy Typical Policy Content Policy Statements Steps to Create and Implement SecurityPolicies Considerations before Designing aSecurity Policy Design of Security Policy Policy Implementation Checklist Types of Information Security Policyo Enterprise Information SecurityPolicy (EISP)o Issue Specific Security Policy(ISSP)o System Specific Security Policy(SSP) Internet Access Policies Promiscuous Policy Permissive Policy Paranoid Policy Prudent Policy Acceptable-Use Policy User-Account Policy Remote-Access Policy Information-Protection Policy Firewall-Management Policy Special-access Policy Network-Connection Policy Business-Partner Policy Email Security Policy Passwords Policy Physical Security Policywww.tcworkshop.com Information System Security PolicyBring Your Own Devices (BYOD) PolicySoftware/Application Security PolicyData Backup PolicyConfidential Data PolicyData Classification PolicyInternet Usage PoliciesServer PolicyIncidence Response Plan (IRP)User Access Control PolicySwitch Security PolicyIntrusion Detection and Prevention (IDS/IPS)PolicyPersonal Device Usage PolicyEncryption PolicyRouter PolicySecurity Policy Training and AwarenessISO Information Security Standards ISO/IEC 27001:2013: InformationTechnology – Security TechniquesInformation Security ManagementSystems – Requirements ISO/IEC 27033: Information Technology– Security Techniques –NetworkSecurityPayment Card Industry Data Security Standard(PCI-DSS)Health Insurance Portability and AccountabilityAct (HIPAA)Information Security ActsSarbanes Oxley Act (SOX)Gramm-Leach-Bliley Act (GLBA)The Digital Millennium Copyright Act (DMCS)Federal Information Security Management Act(FISMA)Other Information Security Acts and Laws Cyber Law in Different CountriesPages 6 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35Module 5: Physical Security Physical Security Need for Physical Security Factors Affecting Physical Security Physical Security Controlso Administrative Controlso Physical Controlso Technical Controls Physical Security Controlso Location and ArchitectureConsiderationso Fire Fighting Systemso Physical Barrierso Security Personnel Access Control Authentication Techniques Authentication Techniques Knowledge Factors Ownership Factors Biometric Factors Physical Security Controls Physical Locks Mechanical Locks: Digital Locks: Combination Locks: Electronic/Electric/ElectromagneticLocks: Concealed Weapon/ContrabandDetection Devices Mantrap Security Labels and Warning Signs Alarm System Video Surveillance Physical Security Policies andProcedures Other Physical Security Measures Lighting System Power Supply Workplace Security Reception Area Server/Backup Device Securitywww.tcworkshop.com Critical Assets and Removable Devices Securing Network Cables Securing Portables Mobile DevicesPersonnel Security: Managing Staff Hiring andLeaving ProcessLaptop Security Tool: EX05o Laptop Tracking ToolsEnvironmental Controls Heating, Ventilation, and AirConditioning Electromagnetic Interference (EMI)Shielding Hot and Cold AislesPhysical Security: Awareness/TrainingPhysical Security ChecklistsModule 6: Host Security Host Security Common Threats Specific to HostSecurity Where do they come from? Why Host Security? Before Configuring Host Security:Identify Purpose of each Host Host Security Baselining OS Security Operating System Security Baselining Common OS Security Configurations Windows Securityo Windows Security Baselining:Exampleso Microsoft Baseline SecurityAnalyzer (MBSA)o Setting up BIOS Passwordo Auditing Windows Registryo User and Password Managemento Disabling Unnecessary UserAccountso Configuring User Authentication Patch ManagementPages 7 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 o Configuring an Update Methodfor Installing Patcheso Patch Management Tools Disabling Unused System Services Set Appropriate Local Security PolicySettings Configuring Windows Firewall Protecting from Viruseso Antivirus Software Protecting from Spywareso Antispywares Email Security: AntiSpammerso Spam Filtering Software Enabling Pop-Up Blockers Windows Logs Review and Audito Log Review Recommendationso Event IDs in Windows EventLog Configuring Host-Based IDS/IPSo Host Based IDS: OSSECo Alien Vault Unified SecurityManagement (USMo Tripwireo Additional Host Based IDSes FileSystem Security: Setting AccessControls and Permission to Files andFolderso Creating and Securing aWindows File Share Files and File System Encryptiono EFS Limitationso Data EncryptionRecommendationso DATA Encryption ToolsLinux Security Linux Baseline Security Checker: BuckSecurity Password Management Disabling Unnecessary Services Killing Unnecessary Processeswww.tcworkshop.com Linux Patch ManagementUnderstanding and Checking Linux FilePermissionso Changing File Permissionso Common File PermissionSettingso Check and Verify Permissionsfor Sensitive Files and directories Host-Based Firewall Protection withIptables Linux Log Review and Audito Common Linux Log Fileso System Log Viewero Log Events to Look ForSecuring Network Servers Before Hardening Servers Hardening Web Server Hardening Email Server:Recommendations Hardening FTP Servers:RecommendationsHardening Routers and Switchers Hardening Routers: Recommendations Hardening Switcheso Hardening SwitchesRecommendations Logs Review and Audit: Syslog Server GFI EventsManager: Syslog ServerApplication/Software Security Application Securityo Application Security Phaseso Application Security:RecommendationsData Security What is Data Loss Prevention (DLP)o Best Practices to Prevent DataLosso List of DLP Solution Vendorso Data Leak/Loss Prevention ToolsPages 8 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 Virtualization Security Virtualization Terminologies Introduction to Virtualization Characteristics of Virtualization Benefits of Virtualization Virtualization Vendors Virtualization Securityo Virtualization Security Concern Securing Hypervisor Securing Virtual Machineso Implementing Software Firewallo Deploying Anti-Virus Softwareo Encrypting the Virtual Machines Secure Virtual Network Managemento Methods to Secure VirtualEnvironmento Virtualization Security BestPractices for Network Defenderso Best Practices for VirtualEnvironment SecurityModule 7: Secure Firewall Configuration andManagement Firewalls and Concerns What Firewall Does? What should you NOT Ignore?: FirewallLimitations How Does a Firewall Work? Firewall Rules Types of Firewalls Hardware Firewall Software Firewall Firewall Technologies Packet Filtering Firewall Circuit Level Gateway Application Level Firewall Stateful Multilayer Inspection Firewallo Multilayer Inspection Firewall Application Proxy Network Address Translationwww.tcworkshop.com Virtual Private NetworkFirewall Topologies Bastion Host Screened Subnet Multi-Homed Firewall Choosing Right Firewall TopologyFirewall Rule Set & Policies Build an Appropriate Firewall Ruleset Blacklist vs. Whitelist Example: Packet Filter Firewall Ruleset Implement Firewall Policy Periodic Review of Firewall PoliciesFirewall Implementation Before Firewall Implementation andDeployment Firewall Implementation andDeployment Planning Firewall Implementation Factors to Consider Before Purchasingany Firewall Solution Configuring Firewall Implementation Testing Firewall Implementation Managing and Maintaining FirewallImplementationFirewall Administration Deny Unauthorized Public NetworkAccess Deny Unauthorized Access Inside theNetwork Restricting Client’s Access to ExternalHotsFirewall Logging and Auditing Firewall Logging Firewall LogsFirewall Anti-Evasion TechniquesWhy Firewalls are Bypassed?Full Data Traffic NormalizationData Stream-Basted InspectionVulnerability-Based Detection and BlockingPages 9 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 Firewall Security Recommendations and BestPractices Secure Firewall Implementation: BestPractices Secure Firewall Implementation:Recommendations Secure Firewall Implementation: Do’sand Don’tsFirewall Security Auditing Tools Firewall Analyzer Firewall Tester: Firewalk FTester Wingate Symantec Enterprise Firewall Hardware Based Firewalls Software Based FirewallsModule 8: Secure IDS Configuration andManagement Intrusions and IDPS Intrusionso General Indications of Intrusions Intrusion Detection and PreventionSystems (IDPS)o Why do We Need IDPS? IDS Role of IDS in Network Defense IDS Functions What Events do IDS Examine? What IDSis NOT? IDS Activities How IDS Works? IDS Componentso Network Sensorso Alert Systemso Command Consoleo Response Systemo Attack Signatureo Database Intrusion Detection Stepswww.tcworkshop.com Types of IDS Implementation Approach-Based IDSo Anomaly and Misuse DetectionSystems Behavior- Based IDS Protection-Based IDS Structure-Based IDS Analysis TimingBased IDS Source Data Analysis Based IDSIDS Deployment Strategies Staged IDS Deployment Deploying Network-Based IDSTypes of IDS Alerts True Positive (Attack – Alert) False Positive (No Attack – Alert) False Negative (Attack – No Alert) True Negative (No Attack – No Alert Dealing with False Positive/Alarmo What should be the AcceptableLevels of False Alarms? Calculating False Positive Alerts withCisco Secure IPS Dealing with False Negative Excluding False Positive Alerts withCisco Secure IPS Characteristics of a Good IDS IDs mistakes that should be avoidedIPS IPS Technologies IPS Placement IPS Functions Need of IPS IDS vs. IPS Types of IPSo Network-Based IPSo Host-Based IPSo Wireless IPSo Network Behavior Analysis(NBA) SystemPages 10 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 Network-Based IPSo Network-Based IPS: SecurityCapabilitieso Placements of IPS Sensors Host-Based IPSo Host-Based IPS Architecture Wireless IPSo WLAN Components andArchitectureo Wireless IPS: NetworkArchitectureo Security Capabilitieso Management Network Behavior Analysis (NBA)Systemo NBA Components and SensorLocationso NBA Security CapabilitiesIDPS Product Selection Considerations General Requirements Security Capability Requirements Performance Requirements Management Requirements Life Cycle CostIDS Counterparts Complementing IDS Vulnerability Analysis or AssessmentSystemso Advantages & Disadvantages ofVulnerability Analysis File Integrity Checkerso File Integrity Checkers Tools Honey Pot & Padded Cell Systemso Honey Pot and Padded CellSystem Tools IDS Evaluation: snort IDS/IPS Solutions IDS Products and Vendorswww.tcworkshop.comModule 9: Secure VPN Configuration andManagement Understanding Virtual Private Network (VPN) How VPN works? Why to Establish VNP? VPN Components VPN Client Tunnel Terminating Device Network Access Server (NAS) VPN Protocol VPN Concentrators Functions of VPN Concentrator Types of VPN Client-to-Site (Remote-Access) VPNs Site-to-Site VPNs Establishing Connections with VPN VPN Categories Hardware VPNo Hardware VPN Products Software VPNso Software VPN Products Selecting Appropriate VPN VPN Core Functions Encapsulation Encryption Authentication VPN Technologies VPN Topologies Hub-and-Spoke VPN Topology Point-to-Point VPN Topology Full Mesh VPN Topology Star Topology Common VPN Flaws VPN Fingerprinting Insecure Storage of AuthenticationCredentials by VPN Clients Username Enumeration Vulnerabilities Offline Password Cracking Man-in-the-Middle AttacksPages 11 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 Lack of Account Lockout Poor Default Configurations Poor Guidance and DocumentationVPN Security Firewalls VPN Encryption and Security Protocolso Symmetric Encryptiono Asymmetric Encryption Authentication for VPN Accesso VPN Security: IPsec Servero AAA Server Connection to VPN: SSH and PPP Connection to VPN: Concentrator VPN Security – RadiusQuality of Service and Performance in VPNs Improving VPN Speed Quality of Service (QOS) in VPNs SSL VPN Deployment Considerationso Client Securityo Client Integrity Scanningo Sandboxo Secure Logoff and CredentialWipingo Timeouts and Re-Authenticationo Virus, Malicious code and WormActivityo Audit and Activity Awarenesso Internal Network SecurityFailings SLAs for VPN IPVPN Service Level Management VPN Service Providers Auditing and Testing the VPNo Testing VPN File Transfer Best Security Practices for VPNConfigurationo Recommendations for VPNConnectionwww.tcworkshop.comModule 10: Wireless Network DefenseWireless Terminologies Wireless Terminologies Wireless Networks Advantages of Wireless Networks Disadvantages of Wireless Networks Wireless Standard Wireless Topologies Ad-Hoc Standalone NetworkArchitecture (IBSS – Independent BasicService Set) Infrastructure Network Topology(Centrally Coordinated Architecture /BSS – Basic Service Set) Typical Use of Wireless Networks Extension to a Wired Network Multiple Access Points LAN-to LAN Wireless Network 3G Hotspot Components of Wireless Network Assess Point Wireless Cards (NIC) Wireless Modem Wireless Bridge Wireless Repeater Wireless Router Wireless Gateways Wireless USB Adapter Antennao Directional Antennao Parabolic Grid Antennao Dipole Antennao Omnidirection Antennao Yagi Antennao Reflector Antenna WEP (Wired Equivalent Privacy) Encryption WPA (Wi-Fi Protected Access) Encryption WPA2 Encryption WEP vs. WPA vs. WPA2Pages 12 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 Wi-Fi Authentication Method Open System Authentication Shared Key AuthenticationWi-Fi Authentication Using a CentralizedAuthentication ServerWireless Network Threats War Driving Client Mis-Association Unauthorized Association HoneySpot Access Point (Evil Twin)Attach Rogue Access Point Attack Misconfigured Access Point Attack AdHoc Connection Attack AP MAC Spoofing Denial-of-Service Attack WPA-PSK Cracking RADIUS Replay ARP Poisoning Attack WEP Cracking Man-in-the-Middle Attack Fragmentation Attack Jamming Signal AttackBluetooth Threats Leaking Calendars and Address Books Bugging Devices Sending SMS Messages Causing Financial Losses Remote Control Social Engineering Malicious Code Protocol VulnerabilitiesWireless Network Security Creating Inventory of Wireless Devices Placement of Wireless APo Placement of Wireless Antenna Disable SSID Broadcasting Selecting Stronger Wireless EncryptionMode Implementing MAC Address Filteringwww.tcworkshop.com Monitoring Wireless Network TrafficDefending Against WPA Crackingo Passphraseso Client Settingso Passphrase Complexityo Additional Controls Detecting Rogue Access Pointso Wireless Scanning:o Wired-Side Network Scanningo SNMP PollingWi-Fi Discovery Tools InSSIDer and NetWurveyor Vistumbler and NetStumblerLocating Rogue Access PointsProtecting from Denial-of-Service At5tacks:InterferenceAssessing Wireless Network SecurityWi-Fi Security Auditing Tool: AirMagnet WiFiAnalyzerWPA Security Assessment Tool Elcomsoft Wireless Security Auditor Cain & AbleWi-Fi Vulnerability Scanning ToolsDeploying Wireless IDS (WIDS) and WirelessIPS (WIPS) Typical Wireless IDP/IPS DeploymentWIPS Tool Adaptive Wireless IPS AirDefenseConfiguring Security on Wireless RoutersAdditional wireless Network SecurityGuidelinesPages 13 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35Module 11: Network Traffic Monitoring andAnalysis Network Traffic Monitoring and Analysis(Introduction) Advantages of Network TrafficMonitoring and Analysis Network Monitoring and Analysis:Techniqueso Router Basedo Non-Router Based Router Based Monitoring Techniqueso SNMP Monitoringo Netflow Monitoring Non-Router Based MonitoringTechniqueso Packet Snifferso Network Monitors Network Monitoring: Positioning your Machineat Appropriate Location Connecting Your Machine to ManagedSwitch Network Traffic Signatures Normal Traffic Signature Attack Signatures Baselining Normal Traffic Signatures Categories of Suspicious TrafficSignatureso Informationalo Reconnaissanceo Unauthorized Accesso Denial of Service Attack Signature Analysis Techniqueso Content-Based SignaturesAnalysiso Context-Based SignaturesAnalysiso Atomic Signatures-BasesAnalysiso Composite Signatures-BasedAnalysiswww.tcworkshop.com Packet Sniffer: Wireshark Understanding Wireshark Components Wireshark Capture and display Filters Monitoring and Analyzing FTP Traffic Monitoring and Analyzing TELNETTraffic Monitoring and Analyzing HTTP TrafficDetecting OS Fingerprinting Attempts Detecting Passive OS FingerprintingAttempts Detecting Active OS FingerprintingAttemptso Detecting ICMP Based OSFingerprintingo Detecting TCP Based OSFingerprinting Examine Nmap Process for OSFingerprintingDetecting PING Sweep AttemptDetecting ARP Sweep/ARP Scan AttemptDetecting TCP Scan Attempt TCP Half Open/Stealth Scan Attempt TCP Full Connect Scan TCP Null Scan Attempt TCP Xmas Scan AttemptDetecting SYN.FIN DDOS AttemptDetecting UDP Scan AttemptDetecting Password Cracking AttemptsDetecting Sniffing (MITM) AttemptsDetecting the Mac Flooding AttemptDetecting the ARP Poisoning AttemptAdditional Packet Sniffing ToolsNetwork Monitoring and Analysis PRTG Network MonitorBandwidth Monitoring Bandwidth Monitoring – Best Practices Bandwidth Monitoring ToolsPages 14 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35Module 12: Network Risk and VulnerabilityManagement What is Risk? Risk Levels Extreme/High Medium Low Risk Matrix Risk Management Benefits Key Roles and Responsibilities in RiskManagement Key Risk indicators (KRI) Risk Management Phase Risk Identificationo Establishing Contexto Quantifying Risks Risk Assessmento Risk Analysiso Risk Prioritization Risk Treatment Risk Treatment Steps Risk Tracking and Review Enterprise Network Risk Management Enterprise Risk ManagementFramework (ERM) Goals of ERM Framework NIST Risk Management Framework COSO ERM Framework COBIT Framework Risk Management Information Systems(RMIS) Tools for RMIS Enterprise Network Risk ManagementPolicy Best Practices for EffectiveImplementation of Risk Management Vulnerability Management Discovery Asset Prioritization Assessmentwww.tcworkshop.como Advantages of VulnerabilityAssessmento Requirements for EffectiveNetwork VulnerabilityAssessmento Types of VulnerabilityAssessmento Steps for Effective ExternalVulnerability Assessmento Vulnerability Assessment Phaseso Network VulnerabilityAssessment Toolso Choosing a VulnerabilityAssessment Toolo Choosing a VulnerabilityAssessment Tool: DeploymentPractices and PrecautionsReportingo Sample VulnerabilityManagement ReportsRemediationo Remediation Stepso Remediation PlanVerificationModule 13: Data Backup and Recovery Introduction to Data Backup Backup Strategy/Plan Identifying Critical Business Data Selecting Backup Media RAID (Redundant Array of Independent Disks)Technology Advantages/Disadvantages of RAIDsystems RAID Storage Architecture RAID Level 0: Disk Striping RAID Level 1: Disk Mirroring RAID Level 3: Disk Striping RAID Level 5: Block InterleavedDistributed ParityPages 15 of 17800.639.3535
CND: Certified Network DefenderCourse ID #: 1275-235-ZZ-WHours: 35 RAID Level 10: Blocks Striped andMirrored RAID Level 50: Mirroring and StripingAcross Multiple RAID Levels Selecting Appropriate RAID Levels Hardware and Software RAIDs RAID Usage Best PracticesStorage Area Network (SAN) Advantages of SAN SAN Backup Best Practices SAN Data Storage and Back upManagement ToolsNetwork Attached Storage (NAS) Types of NAS Implementationo Integrated NAS Systemo Gateway N
CND: Certified Network Defender Course ID #: 1275-235-ZZ-W Hours: 35 www.tcworkshop.com Pages 1 of 17 800.639.3535 Course Content Course Description: Certified Network Defender (CND) is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program. It is a skills-based, lab intensive program based on a
