This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks.

Attacker Methodology

• Defining the Attacker Methodology
• Identifying Malware and Attacker Tools
• Understanding Attacks

Defender Methodology

• Enumerating Threats, Vulnerabilities and Exploits
• Defining SOC Services
• Defining SOC Procedures
• Defining the Role of a Network Security Analyst
• Identifying a Security Incident

Defender Tools

• Collecting Network Data
• Understanding Correlation and Baselines
• Assessing Sources of Data
• Understanding Events
• Examining User Reports
• Introducing Risk Analysis and Mitigation

Packet Analysis

• Identifying Packet Data
• Analyzing Packets Using Cisco IOS Software
• Accessing Packets in Cisco IOS Software
• Acquiring Network Traces
• Establishing a Packet Baseline

Network Log Analysis

• Using Log Analysis Protocols and Tools
• Exploring Log Mechanics
• Retrieving Syslog Data
• Retrieving DNS Events and Proxy Logs
• Correlating Log Files

Baseline Network Operations

• Baselining Business Processes
• Mapping the Network Topology
• Managing Network Devices
• Baselining monitored Networks
• Monitoring Network Health

Incident Response Preparation

• Defining the Role of the SOC
• Establishing Effective Security Controls
• Establishing an Effective Monitoring System

Security Incident Detection

• Correlating Events Manually
• Correlating Events Automatically
• Assessing Incidents
• Classifying Incidents
• Attributing the Incident Source

Investigations

• Scoping the Investigation
• Investigating Through Data Correlation
• Understanding NetFlow
• Investigating Connection USing NetFlow

Mitigations and Best Practices

• Mitigating Incidents
• Cisco Cyber Threat Defense Overview
• Implementing Cisco IOS ACLs and Zone-Based Policy Firewall
• Implementing Network-Layer Mitigations and Best Practices
• Implementing Link-Layer Best Parctices

Communication

• Documenting Incident Details
• Communicating Incidents

Post-Event Activity

• Conducting an Incident Post-Mortem
• Improving Security of Monitored Networks

Labs

• Lab 1: Assess Understanding of Network and Security Operations
• Lab 2: Exploring the Remote Lab Environment
• Lab 3: Enabling Netflow Export and Syslog
• Lab 4: Capturing Packets on the Pod Router and using Wireshark to examine the PCAP
• Lab 5: Capturing Packets using the TCPDUMP
• Lab 6: Examining Logs Manually
• Lab 7: Enabling AAA for Router SSH management Access
• Lab 8: Enabling SMNPv3 on the Pod Router and Pod Switch
• Lab 9: Performing NMAP Scans and Using NetCat to Connect to Open Ports
• Lab 10: Analyzing PCAP File with Suspicious Activities Using Wireshark
• Lab 11: Examining Event Logs Manually
• Lab 12: Examining Event Logs Using Splunk
• Lab 13: Analyzing NetFlow Data with LancopeStealthWatch
• Lab 14: Implementing IOS ZOne-Based Firewall
• Lab 15: Incident Response

• CCNA Certification (ICND1 and ICND2 ) as a minimum, CCNA Security (ICND1 and IINS) is a plus
• Basic Understanding of CIsco Security Product Features
• Basic Understanding of Open-Source and Commercial Network Security Tools
• Basic Understanding of Microsoft Windows and Unix/Linux operating systems, desktops and servers.
• Basic Understanding of the Open Systems Interconnection (OSI) model and TCP/IP

• Monitor security events
• Configure and tune security event detection and alarming
• Analyze traffic for security threats
• Respond appropriately to security incidents