Cyber Threats Detection and Mitigation Training

Cyber Threats Detection and Mitigation Training

Print Friendly, PDF & Email

Introduction:

Cyber Threats Detection and Mitigation Training Course with hands-on Intensive labs

Taught by leaders in network defense who work in the computer security industry, this Cyber Threats Detection and Mitigation Training course demonstrates how to defend large scale network infrastructure by building and maintaining intrusion detection systems, network security auditing, and incident response techniques.

Cyber threats are increasing at an alarming rate every year and the ability for organizations to defend against full-scaled distributed attacks quickly and effectively is becoming more and more difficult. In order to be safe and secure on today’s Internet, organizations must learn to become more automated. This means being capable of characterizing attacks across hundreds or even thousands of IP sessions and improving their ability to recognize attack commonalities. With intrusion detection systems and trained network security auditors, organizations have a reliable means to prioritize, and isolate only the most critical threats in real time.

Duration: 5 days

Cyber Threats Detection and Mitigation Training
 
Cyber Threats Detection and Mitigation TrainingRelated Courses
 

Customize It:

• If you are familiar with some aspects of Cyber Threats Detection and Mitigation Training, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Cyber Threats Detection and Mitigation Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cyber Threats Detection and Mitigation Training course in manner understandable to lay audiences.

Objectives:

After completing this Cyber Threats Detection and Mitigation Training course, attendees will be able to:

• Identify the best defensive measures to effectively protect a network
• Setup and maintain an intrusion detection system
• Conceptualize and develop intrusion detection rules and rule sets
• Analyze and respond to intrusion attempts
• Recover from a successful intrusion

Cyber Threats Detection and Mitigation Training – Course Outline:

Cyber Threat Overview

◾Intrusions Defined
◾Historical Intruders
◾Historical Intrusions
◾Wireshark Overview
◾TCP Session Initialization Review
◾Incident Response

NetFlow Analysis

◾Cisco NetFlows Ver 1 – Ver 9 (IPFIX)
◾SFlows
◾JFlows
◾Silk and Argus Collectors

Intrusion Detection Systems

◾Definition
◾IDS Types
◾Scanning versus Compromise
◾IDS Known Good vs. Known Bad Approaches
◾Rule Based IDS
◾Heuristics Based IDS
◾Response Actions
◾Inline IDSs
◾Problems with Active Response
◾Defense in Depth
◾False Positive and False Negatives

Introduction to SNORT

◾Packet Sniffer
◾Packet Logger
◾NIDS
◾Protocol Support
◾Sourcefire
◾Packer Decoder
◾Preprocessors
◾Detection Engine
◾Alert and Logging

Detection Rules

◾Actions After a Match
◾What Rules Can’t Do
◾Fundamentals of a Rule
◾Rule Actions
◾Rule Body Options
◾Content Modifiers
◾Pre-Processors
◾Output Plug-ins

Attack Scenarios

◾Writing Signatures

Syslog Tools

◾Kiwi SyslogD Server Setup

Non Payload Detection Rules

◾Dsize
◾Fragoffset
◾TT1
◾TOS
◾ID
◾IPOpts
◾Fragbits
◾Flags
◾Flow
◾Flowbits
◾Seq
◾Window

Post-Detection Rule Options

◾Logto
◾Session
◾Resp
◾React
◾Tag

Writing Effective Snort Rules

◾Content Matching
◾Catch Vulnerabilities
◾Oddities of the Protocol

Optimizing IDS Rules

Attack Scenarios

◾Writing Signatures

Student Practical Demonstration

◾You will be given five attack scenarios in which you will need to write Snort rules to defend against. Once you have implemented the rules in your Snort System, the instructor will launch attacks against them to determine if your rules were effective.

Whether you are looking for general information or have a specific question, we want to help!

 
Request More Information

Time frame:

No Comments Yet.

Leave a comment

0