Network Defense and Administration

Duration: 35 Hours (5 Days) Focus: Policy Development, Threat Mitigation, and Incident Response

Day 1: Foundations, Policy, and Protocol Security 📝

Network Context (Review of Network topology, Network Types, and the OSI Model).
Security Policy Core (What is Security Policy? What Defines a good security policy).
Policy Structure and Implementation (Structuring a security policy, developing and implementing security guidelines).
Policy Efficacy (Defining the Requirements of Effective Security Policy).

Core Network Protocols (Overview of protocols: SLIP, PPP, ARP, RARP, IGMP, ICMP, SNMP, HTTP).
IP Layer Security (IP: Attacks and Countermeasures).
Transport Layer Threats (TCP, UDP: Attacks and Countermeasures).
Application Service Weaknesses (Vulnerabilities in legacy services: FTP, TFTP, TELNET, SMTP).

Physical Threats (Physical Security Threats and implementing preventative measures).
Access Control (Locks and Keys, Biometric Devices, and PC Security: Boot Access).
Emanations Control (Understanding and mitigating TEMPEST issues).
Fire Safety (Fire Suppression, Gaseous Emission Systems, and safety protocols).
Device Protection (Laptop Security: Physical Security Countermeasures).

Threat Definitions (Current Statistics, defining key terms: Threats, Attack and Exploit).
Attacker Classification (Classification of Hackers and Attacks).
Injection and Manipulation (Web Page Defacement, SQL Injection, Buffer Overflow).
Deception and Snooping (Spoofing, Eaves Dropping, Phishing, Wire Tapping).
Wireless Attacks (War Driving, War Chalking, War Flying).
Brute Force (War Dialing, Password Cracking).
Availability Attacks (Denial of Service (DOS) Attacks and Distributed DOS).

Threat Handling (Handling threats and security tasks, Protection against hacking).
Firewall Types (Packet filtering and Stateful Packet Filtering).
Advanced Deployments (Implementing Multi-layer firewall protection and Multi firewall DMZ).
Specialized Firewalls (Specialty firewalls and Reverse firewalls).
Centralization (Centralization and Documentation).

IDS Characteristics (Characteristics of IDS and the difference between Host based IDS Vs Network based IDS).
Detection Methods (IDS Detection Methods and Types of Signatures).
Prevention Systems (Intrusion Prevention System and the key difference between IDS Vs IPS).
IPS Tools (Overview of IPS Tool capabilities).

Network Address Translation (NAT) (Network Address Translation basics and security implications).
Proxying and Gateways (Application layer gateway and Proxying).
Bastion and Honeypots (Bastion Host, Honeypots and Honeynet configuration).
VPN Fundamentals (VPN concepts and the Authentication process).

Router Security (Understanding Internet work Operating Systems (IOS) and Troubleshooting a router).
Hardening Procedures (Hardening a Router and its Components of router security).
Testing Tools (Overview of Router security: testing tools).
OS Security (Windows) (Objects And Permissions, NTFS File System Permissions, Active Directory, Kerberos Authentication And Security, IP Security).
OS Security (Linux) (Basic Linux hardening techniques).

Vulnerability Assessment (Vulnerability Assessment goals and methodology).
Assessment Tools (Selecting vulnerability assessment tools).
Patch Management (Red Hat Up2date, Microsoft Patch Management Process and Windows Update Services).
Patch Tools (Using Qchain, Microsoft Baseline Security Analyzer, and other Patch Management Tools).

Web Application Security (Securing Web Applications).
Secure Code (Writing Secure Code and Best Practices).
Remote Administration (Remote Administration Security).
Web Defenses (Network Devices and Design, Altering the Network Addresses).
Client/Browser Security (Client Authorization and Secure Client Transmissions, Browser Security Settings, Malicious Code Detection).
Input Validation (Common Gateway Interface (CGI), Web Application Input Data Validation and Buffer Overflows).

Core Concepts (Maintaining confidentiality, Firewalls Implementing Encryption).
Cryptography (Public and Private Keys (including PGP), Choosing the size of keys).
PKI (Digital certificates and Certificate Management Through PKI).
Scheme Analysis (Analyzing popular encryption schemes including IPSEC).

WLAN Basics (Wireless Network Types, Antenna, WLAN Standards, BlueTooth And Ultra Wideband).
Legacy Tools (WEP Description Tool (Air Snort and WEPCrack)).
Modern WLAN Security (WLAN Security, WPA, TKIP, WTLS).
Authentication (EAP Methods, RADIUS, Multifactor Authentication).
Mobile Security (Mobile Security Through Certificates).
Encryption Standards (Advanced Encryption Standards (AES), DES, RSA Encryption).

Email Structure (Components Of An Email and E-mail protocols).
Risks and Defense (E-Mail Security Risks and How to defend against E-Mail security risks).

Need for Resilience (Why Create Fault Tolerance, Reasons For System Failure).
Planning (Planning For Fault Tolerance).
Implementation (Network Security: Fault Tolerance).
Measures (Preventive Measures).

Incident Definition (What Is an Incident and What Is an Incident Response).
Response Team (Incident Response Team).
Handling Procedure (Step by Step Procedure for Managing Incidents).
PICERF Methodology (Six Step Approach for Incident Handling).
Recovery Planning (What is a Disaster Recovery, Disaster Recovery Planning).
Business Continuity (Business Continuity Planning Process).
Prevention (Disaster Prevention).