Cyber Threats Detection and Mitigation Training

Networking Signature Development Understood with this Cyber Threats Detection and Mitigation Training

Cyber Threats Detection and Mitigation Training; Cyber threats are increasing at an alarming rate every year and the ability of organizations to defend against full-scaled distributed attacks quickly and effectively is becoming more and more difficult. In order to be safe and secure on today’s Internet, organizations must learn to become more automated. This means being capable of characterizing attacks across hundreds or even thousands of IP sessions and improving their ability to recognize attack commonalities. With intrusion detection systems and trained network security auditors, organizations have a reliable means to prioritize and isolate only the most critical threats in real time.

Taught by leaders in network defense who work in the computer security industry, this Cyber Threats Detection and Mitigation Training course demonstrates how to defend large-scale network infrastructure by building and maintaining intrusion detection systems, network security auditing, and incident response techniques.

• Cloud Security Fundamentals Training
• Computer Forensics Training
• Certified Powershell Hacker (CPSH) Training
• Cybersecurity Foundations Training
• Cyber Threats Hunting (CCTHP) Training
• Cybersecurity Investigations and Network Forensics Analysis
• Cyber Threat Intelligence Analysis Training
• Cybersecurity Investigations and Network Forensics Analysis

DAY 1

• Cyber Threat Overview
• Intrusions Defined
• Historical Intruders
• Historical Intrusions
• Wireshark Overview
• TCP Session Initialization Review
• Incident Response

DAY 2-3

• NetFlow Analysis
• Cisco NetFlows Ver 1 – Ver 9 (IPFIX)
• SFlows
• JFlows
• Silk and Argus Collectors
• Intrusion Detection Systems
• Definition
• IDS Types
• Scanning versus Compromise
• IDS Known Good vs. Known Bad Approaches
• Cyber Threats Detection and Mitigation Training
• Rule Based IDS
• Heuristics Based IDS
• Response Actions
• Inline IDSs
• Problems with Active Response
• Defense in Depth
• False Positive and False Negatives
• Intrusion Prevention Systems
• Active Response Techniques
• Introduction to SNORT
• Packet Sniffer
• Packet Logger
• NIDS
• Protocol Support
• Sourcefire
• Packer Decoder
• Preprocessors
• Detection Engine
• Alert and Logging
• Detection Rules
• Actions After a Match
• What Rules Can’t Do
• Fundamentals of a Rule
• Rule Actions
• Rule Body Options
• Content Modifiers
• Pre-Processors
• Output Plug-ins
• Attack Scenarios
• Writing Signatures

DAY 4

• Syslog Tools
• Kiwi SyslogD Server Setup
• Non-Payload Detection Rules
• Dsize
• Fragoffset
• TT1
• TOS
• ID
• IPOpts
• Fragbits
• Flags
• Flow
• Flowbits
• Seq
• Window
• Post-Detection Rule Options
• Log to
• Session
• Resp
• React
• Tag
• Writing Effective Snort Rules
• Content Matching
• Catch Vulnerabilities
• Oddities of the Protocol
• Optimizing IDS Rules
• Attack Scenarios
• Writing Signatures

DAY 5

Student Practical Demonstration:

• You will be given five attack scenarios in which you will need to write Snort rules to defend against. Once you have implemented the rules in your Snort System, the instructor will launch attacks against them to determine if your rules were effective.

LABS

• Setup and Configure an IDS to match a network topology map
• Define Network Variables
• Configure Output Statements
• Write over 30 Signatures
• Analyze and Write Signatures based attack patterns
• Tune signatures to reduce false positives and false negatives
• Reverse Engineering Existing and Downloaded rule

Cyber Threats Detection and Mitigation Training Course Recap, Q/A, and Evaluations