This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks.
Securing Cisco Networks with Threat Detection and Analysis
This course is designed to teach you how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network. Whilst the requirements for a security analyst will vary from industry to industry and differ in the private sector versus the public sector the base requirements will remain the same.
Profil uczestnika
Agenda
Attacker Methodology
- Defining the Attacker Methodology
- Identifying Malware and Attacker Tools
- Understanding Attacks
Defender Methodology
- Enumerating Threats, Vulnerabilities and Exploits
- Defining SOC Services
- Defining SOC Procedures
- Defining the Role of a Network Security Analyst
- Identifying a Security Incident
Defender Tools
- Collecting Network Data
- Understanding Correlation and Baselines
- Assessing Sources of Data
- Understanding Events
- Examining User Reports
- Introducing Risk Analysis and Mitigation
Packet Analysis
- Identifying Packet Data
- Analyzing Packets Using Cisco IOS Software
- Accessing Packets in Cisco IOS Software
- Acquiring Network Traces
- Establishing a Packet Baseline
Network Log Analysis
- Using Log Analysis Protocols and Tools
- Exploring Log Mechanics
- Retrieving Syslog Data
- Retrieving DNS Events and Proxy Logs
- Correlating Log Files
Baseline Network Operations
- Baselining Business Processes
- Mapping the Network Topology
- Managing Network Devices
- Baselining monitored Networks
- Monitoring Network Health
Incident Response Preparation
- Defining the Role of the SOC
- Establishing Effective Security Controls
- Establishing an Effective Monitoring System
Security Incident Detection
- Correlating Events Manually
- Correlating Events Automatically
- Assessing Incidents
- Classifying Incidents
- Attributing the Incident Source
Investigations
- Scoping the Investigation
- Investigating Through Data Correlation
- Understanding NetFlow
- Investigating Connection USing NetFlow
Mitigations and Best Practices
- Mitigating Incidents
- Cisco Cyber Threat Defense Overview
- Implementing Cisco IOS ACLs and Zone-Based Policy Firewall
- Implementing Network-Layer Mitigations and Best Practices
- Implementing Link-Layer Best Parctices
Communication
- Documenting Incident Details
- Communicating Incidents
Post-Event Activity
- Conducting an Incident Post-Mortem
- Improving Security of Monitored Networks
Labs
- Lab 1: Assess Understanding of Network and Security Operations
- Lab 2: Exploring the Remote Lab Environment
- Lab 3: Enabling Netflow Export and Syslog
- Lab 4: Capturing Packets on the Pod Router and using Wireshark to examine the PCAP
- Lab 5: Capturing Packets using the TCPDUMP
- Lab 6: Examining Logs Manually
- Lab 7: Enabling AAA for Router SSH management Access
- Lab 8: Enabling SMNPv3 on the Pod Router and Pod Switch
- Lab 9: Performing NMAP Scans and Using NetCat to Connect to Open Ports
- Lab 10: Analyzing PCAP File with Suspicious Activities Using Wireshark
- Lab 11: Examining Event Logs Manually
- Lab 12: Examining Event Logs Using Splunk
- Lab 13: Analyzing NetFlow Data with LancopeStealthWatch
- Lab 14: Implementing IOS ZOne-Based Firewall
- Lab 15: Incident Response
Wymagane przygotowanie uczestników
- CCNA Certification (ICND1 and ICND2 ) as a minimum, CCNA Security (ICND1 and IINS) is a plus
- Basic Understanding of CIsco Security Product Features
- Basic Understanding of Open-Source and Commercial Network Security Tools
- Basic Understanding of Microsoft Windows and Unix/Linux operating systems, desktops and servers.
- Basic Understanding of the Open Systems Interconnection (OSI) model and TCP/IP
Zagadnienia
- Monitor security events
- Configure and tune security event detection and alarming
- Analyze traffic for security threats
- Respond appropriately to security incidents