Securing Cisco Networks with Threat Detection and Analysis

This course is designed to teach you how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network. Whilst the requirements for a security analyst will vary from industry to industry and differ in the private sector versus the public sector the base requirements will remain the same.

Czas trwania

5 dni

cena szkolenia netto

 Skontaktuj się z nami

Kod szkolenia

SCYBER

Profil uczestnika

This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks.

Agenda

Attacker Methodology

  • Defining the Attacker Methodology
  • Identifying Malware and Attacker Tools
  • Understanding Attacks

Defender Methodology

  • Enumerating Threats, Vulnerabilities and Exploits
  • Defining SOC Services
  • Defining SOC Procedures
  • Defining the Role of a Network Security Analyst
  • Identifying a Security Incident

Defender Tools

  • Collecting Network Data
  • Understanding Correlation and Baselines
  • Assessing Sources of Data
  • Understanding Events
  • Examining User Reports
  • Introducing Risk Analysis and Mitigation

Packet Analysis

  • Identifying Packet Data
  • Analyzing Packets Using Cisco IOS Software
  • Accessing Packets in Cisco IOS Software
  • Acquiring Network Traces
  • Establishing a Packet Baseline

Network Log Analysis

  • Using Log Analysis Protocols and Tools
  • Exploring Log Mechanics
  • Retrieving Syslog Data
  • Retrieving DNS Events and Proxy Logs
  • Correlating Log Files

Baseline Network Operations

  • Baselining Business Processes
  • Mapping the Network Topology
  • Managing Network Devices
  • Baselining monitored Networks
  • Monitoring Network Health

Incident Response Preparation

  • Defining the Role of the SOC
  • Establishing Effective Security Controls
  • Establishing an Effective Monitoring System

Security Incident Detection

  • Correlating Events Manually
  • Correlating Events Automatically
  • Assessing Incidents
  • Classifying Incidents
  • Attributing the Incident Source

Investigations

  • Scoping the Investigation
  • Investigating Through Data Correlation
  • Understanding NetFlow
  • Investigating Connection USing NetFlow

Mitigations and Best Practices

  • Mitigating Incidents
  • Cisco Cyber Threat Defense Overview
  • Implementing Cisco IOS ACLs and Zone-Based Policy Firewall
  • Implementing Network-Layer Mitigations and Best Practices
  • Implementing Link-Layer Best Parctices

Communication

  • Documenting Incident Details
  • Communicating Incidents

Post-Event Activity

  • Conducting an Incident Post-Mortem
  • Improving Security of Monitored Networks

Labs

  • Lab 1: Assess Understanding of Network and Security Operations
  • Lab 2: Exploring the Remote Lab Environment
  • Lab 3: Enabling Netflow Export and Syslog
  • Lab 4: Capturing Packets on the Pod Router and using Wireshark to examine the PCAP
  • Lab 5: Capturing Packets using the TCPDUMP
  • Lab 6: Examining Logs Manually
  • Lab 7: Enabling AAA for Router SSH management Access
  • Lab 8: Enabling SMNPv3 on the Pod Router and Pod Switch
  • Lab 9: Performing NMAP Scans and Using NetCat to Connect to Open Ports
  • Lab 10: Analyzing PCAP File with Suspicious Activities Using Wireshark
  • Lab 11: Examining Event Logs Manually
  • Lab 12: Examining Event Logs Using Splunk
  • Lab 13: Analyzing NetFlow Data with LancopeStealthWatch
  • Lab 14: Implementing IOS ZOne-Based Firewall
  • Lab 15: Incident Response

Wymagane przygotowanie uczestników

  • CCNA Certification (ICND1 and ICND2 ) as a minimum, CCNA Security (ICND1 and IINS) is a plus
  • Basic Understanding of CIsco Security Product Features
  • Basic Understanding of Open-Source and Commercial Network Security Tools
  • Basic Understanding of Microsoft Windows and Unix/Linux operating systems, desktops and servers.
  • Basic Understanding of the Open Systems Interconnection (OSI) model and TCP/IP

Zagadnienia

  • Monitor security events
  • Configure and tune security event detection and alarming
  • Analyze traffic for security threats
  • Respond appropriately to security incidents
Zapisz się