Cyber Threats Detection and Mitigation Training

Print Friendly, PDF & Email
Introduction

Cyber Threats Detection and Mitigation Training Course with Hands-on Labs

Networking Signature Development Understood with this Cyber Threats Detection and Mitigation Training

Cyber Threats Detection and Mitigation Training; Cyber threats are increasing at an alarming rate every year and the ability for organizations to defend against full-scaled distributed attacks quickly and effectively is becoming more and more difficult. In order to be safe and secure on today's Internet, organizations must learn to become more automated.

This means being capable of characterizing attacks across hundreds or even thousands of IP sessions and improving their ability to recognize attack commonalities. With intrusion detection systems and trained network security auditors, organizations have a reliable means to prioritize, and isolate only the most critical threats in real time.

Taught by leaders in network defense who work in the computer security industry, this Cyber Threats Detection and Mitigation Training course demonstrates how to defend large scale network infrastructure by building and maintaining intrusion detection systems, network security auditing, and incident response techniques.

Duration: 5 days

Cyber Threats Detection and Mitigation Training Related Courses

Customize It!

• We can adapt this Cyber Threats Detection and Mitigation Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this Cyber Threats Detection and Mitigation Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Cyber Threats Detection and Mitigation Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cyber Threats Detection and Mitigation Training course in manner understandable to lay audiences.

Audience / Target Group

The target audience for this Cyber Threats Detection and Mitigation Training course:

• Network defenders who want to respond to networking threats
• Incident responders needing to quickly address system security breaches
• Individuals who need a firm understanding of signature development and Snort

Objectives:

Upon completing this Cyber Threats Detection and Mitigation Training course, learners will be able to meet these objectives:

• Identify the best defensive measures to effectively protect a network
• Setup and maintain an intrusion detection system
• Conceptualize and develop intrusion detection rules and rule sets
• Analyze and respond to intrusion attempts
• Recover from a successful intrusion

Cyber Threats Detection and Mitigation Training - Course Content:

Day 1

Cyber Threat Overview
Intrusions Defined
Historical Intruders
Historical Intrusions
Wireshark Overview
TCP Session Initialization Review
Incident Response

Day 2-3

NetFlow Analysis
Cisco NetFlows Ver 1 – Ver 9 (IPFIX)
SFlows
JFlows
Silk and Argus Collectors
Intrusion Detection Systems
Definition
IDS Types
Scanning versus Compromise
IDS Known Good vs. Known Bad Approaches
Rule Based IDS
Heuristics Based IDS
Response Actions
Inline IDSs
Problems with Active Response
Defense in Depth
False Positive and False Negatives
Intrusion Prevention Systems
Active Response Techniques
Introduction to SNORT
Packet Sniffer
Packet Logger
NIDS
Protocol Support
Sourcefire
Packer Decoder
Preprocessors
Detection Engine
Alert and Logging
Detection Rules
Actions After a Match
What Rules Can’t Do
Fundamentals of a Rule
Rule Actions
Rule Body Options
Content Modifiers
Pre-Processors
Output Plug-ins
Attack Scenarios
Writing Signatures

Day 4

Syslog Tools
Kiwi SyslogD Server Setup
Non Payload Detection Rules
Dsize
Fragoffset
TT1
TOS
ID
IPOpts
Fragbits
Flags
Flow
Flowbits
Seq
Window
Post-Detection Rule Options
Logto
Session
Resp
React
Tag
Writing Effective Snort Rules
Content Matching
Catch Vulnerabilities
Oddities of the Protocol
Optimizing IDS Rules
Attack Scenarios
Writing Signatures

Day 5

Student Practical Demonstration:
You will be given five attack scenarios in which you will need to write Snort rules to defend against. Once you have implemented the rules in your Snort System, the instructor will launch attacks against them to determine if your rules were effective.
Labs
Hands-on labs are interspersed throughout this course.

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0