|
Provided by: Security University QND Qualified Network DefenderTraining, Instruction and Documentation |
 |
|
|
||||||||||
- In-depth Packet Analysis labs
- Hands-on Snort & IPS labs
- Hands-on reverse engineering viruses & trojan labs
- Mitigate site spoofing & phishing
- Mitigating botnets
- False alarms vs. real threats analysis
- IPS Filtering techniques
- NAC's - effective containment technique
- Keylogger & remote access trojan RATS program mitigation
- Best practices, step by step process for perimeter protection unlike anything your ever seen
- Define a recovery strategy
- 5 steps that establish measurable goals for network defenses.
What You Will Learn:
Essential computer and network concepts
Internet Security
Network Security
1. Review of Internet Attacks
hacker trends and motives
denial-of-service attacks
network probes and scans
IP spoofing
Trojan horses
application-level attacks
2. Characteristics of the Firewall Environment
objectives of firewalls
creating security domains
perimeter and internal firewalls
firewall rule sets - default deny vs. default allow
firewall platforms - common commercial firewalls
host-based firewalls, firewall appliances, firewall configurations
demilitarized zones (DMZs)
dual & multi-homed configurations & screened sub-networks
HA - high availability firewalls
access policy for internal applications
3. Firewall Security Policies
risk assessment approach
identifying essential services
identifying key threats
vulnerability assessment
policies for inbound access and outbound access
Network Address Translation (NAT) and PortAddress Translation (PAT)
denial-of-service filters
account management and authentication
remote management
4. Standard (Stateless) Packet Filters
ingress and egress filtering
packet filter control points & parameters
TCP flags & ICMP message types
configuring packet filters to control access to HTTP, SMTP, DNS
addressing denial-of-service attacks: LAND, ping floods, SYN floods
dynamic access controls
authentication, authorization and accounting (AAA)
handling difficult protocols: FTP, multimedia applications
5. Stateful Inspection Firewalls
stateful inspection firewall design
configuring the TCP/ IP protocol stack
IP forwarding issues
application data
Web content: ActiveX controls, Java applets
connection tables and performance
connections for UDP
handling FTP and streaming protocols
6. Proxy-Based Firewalls
address hiding
circuit-level & application-layer proxies
strengths of proxy firewalls
configuring & hardening the TCP/ IP protocol stack
IP forwarding issues
configuring application proxies to support SMTP, FTP, HTTP
7. Proxy Servers for Internal to External Access
SOCKS proxy servers
Web proxy servers
port redirectors on proxy server gateways
8. Personal Firewalls
Trojan horse problems
9. Content Filtering and Prevention Tools
Deploying content filters
SMTP filters
Anti-virus
Blocking Trojans and Worms at the SMTP server
Spam filtering
Anti-relaying
Web site filtering blockers
Recommended policies and actions
Filtering mobile code: ActiveX, Java, JavaScript
Intrusion prevention tools
Integrating firewalls & Prevention Tools
Firewall penetration-testing tools
11. Firewall Management
Creating a bastion host
Creating system baselines
Monitoring the firewall
Managing firewall alerts
Best practices for incident handling
Log file management
keeping up to date: key e-mail lists and Web sites
12. Malware
Creating Botnecks
SpyWash
Automated Spyware Removal
Counting cookies
ActiveX
Log file management
keeping up to date: key URL's and Web sites
13. Network Defense & Response
Preparation
Detection
Containment
Eradication
Recovery & patching your network
Response and follow-Up
Best practices for incident handling
14. Forensics
Investigations
Law & Legislation
Investigations
Media
Process
