Advanced Security Essentials – Enterprise Defender

Become an Enterprise Defender! Enhance your knowledge and skills in the specific areas of network architecture defense, penetration testing, security operations, digital forensics and incident response, and malware analysis. : Advanced Security Essentials – Enterprise Defender is an essential course for members of security teams of all sizes. That includes smaller teams where you wear several (or all) hats and need a robust understanding of many facets of cybersecurity, and larger teams where your role is more focused, and gaining skills in additional areas adds to your flexibility and opportunities. This course concentrates on showing you how to examine the traffic that is flowing on your networks, look for indications of an attack, and perform penetration testing and vulnerability analysis against your enterprise to identify problems and issues before a compromise occurs. (Online classes available)

Course Key Learnings

• Core components of building a defensible network infrastructure and properly securing your routers, switches, and other network infrastructure
• Formal methods to perform vulnerability assessment and penetration testing to find weaknesses on your enterprise network
• Methods to detect advanced attacks against your network and indicators of compromise on deployed systems, including the forensically sound collection of artifacts and what you can learn from them
• How to respond to an incident using the six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
• Approaches to analyzing malware, ranging from fully automated techniques to the manual analysis of static properties, interactive behavior, and code reversing

BUSINESS TAKEAWAYS

This course will help your organization:

• Improve the effectiveness, efficiency, and success of cybersecurity initiatives
• Build defensible networks that minimize the impact of attacks
• Identify your organization’s exposure points to ultimately prioritize and fix the vulnerabilities, increasing the organization’s overall security

Course Content

Module1: Defensible Network Architecture

Overview

Section 1 will focus on security in the design and configuration of various enterprise infrastructures. From a security perspective, proper design and configuration protects both the components being configured and the rest of the enterprise that depends on that gear to defend other components from attacks. In other words, a good house needs a good foundation!

We will discuss published security benchmarks, vendor guidance to secure various products, and regulatory requirements and how they impact defending infrastructure against specific attacks. To illustrate these points, we will look in detail at securing and defending a router infrastructure against a number of device- and network-based attacks. Securing private and public cloud infrastructure against common attacks will also be discussed.

Exercises

• Initial Router Configuration and Audit
• Securing AAA
• Securing Redundancy Protocols
• Log Infrastructure in Defense
• Defending Routing Protocols
• Final Router Hardening Steps/Audit

Topics

• Security Standards and Audit
• Authentication, Authorization, and Accounting
• Defending Network Infrastructure
• Intrusion Prevention Systems and Firewalls
• Name Resolution Attacks and Defense
• Securing Private and Public Cloud Infrastructure

Module2: Penetration Testing

Overview

Security is all about understanding, mitigating, and controlling the risk to an enterprise’s critical assets. An enterprise must understand the changing threat landscape and have the capacity to compare it against its own vulnerabilities that could be exploited to compromise the environment. This second course section will present the variety of tests that can be run against an enterprise and show how to perform effective penetration tests to better understand the security posture for network services, operating systems, and applications. In addition, we will talk about social engineering and reconnaissance activities to better emulate increasingly prevalent threats to users.

Exercises

• Network Scanning Fundamentals
• Scanning with Nessus
• Exploitation and Metasploit Basics
• Metasploit and Pivoting
• Basic Web App Scans and Attacks

Topics

• Penetration Testing Scoping and Rules of Engagement
• Online Reconnaissance
• Social Engineering
• Network Mapping and Scanning Techniques
• Enterprise Vulnerability Scanning
• Network Exploitation Tools and Techniques
• Post-Exploitation and Pivoting
• Web Application Exploitation Tools and Techniques
• Reporting and Debriefing

Module3: Security Operations Foundations

Overview

“Prevention is ideal, but detection is a must” is a critical motto for security professionals. However, because of the changing landscape of attacks, detecting them is an ongoing challenge. Today’s attacks are stealthier and more difficult to find than ever before. Only by understanding the core principles of traffic analysis can you become a skilled analyst capable of differentiating between normal and attack traffic. New attacks are surfacing all the time, so security professionals must be able to write intrusion detection rules that detect the latest attacks before they compromise a network environment.

Exercises

• Analyzing PCAPs with tcpdump
• Attack Analysis with Wireshark
• Snort Basics
• Detecting Malicious Activity with Security Onion
• Security Analytics with SOF-ELK

Topics

• Network Security Monitoring
• Advanced Packet Analysis
• Network Intrusion Detection/Prevention
• Writing Signatures for Detection
• Network Forensics and More
• Event Management Introduction
• Continuous Monitoring
• Logging and Event Collection and Analysis
• SIEM and Analytics

Module4: Digital Forensics and Incident Response

Overview

“Bad guy elimination” is the core mission for Digital Forensics and Incident Response (DFIR) professionals. Incidents happen, and enterprises rely on these professional responders to find, scope, contain, and eradicate evil from their networks. Investigators employ DFIR practices to determine what happened. DFIR teams conduct investigations to find evidence of compromise, remediate the environment, and provide data to generate local threat intelligence for operations teams in order to continuously improve detection. While traditionally seen as a finite process, incident response is now viewed as ongoing, with DFIR professionals searching for evidence of an attacker that has existed in the environment without detection by applying new threat intelligence to existing evidence. This is the crux of the concept known as “threat hunting.”

Exercises

• Active Defense: Honeyports
• Data Recovery with FTK Imager and Photorec
• Discovering Artifacts
• Ransomware Timeline Analysis
• Ransomware Network Analysis

Topics

• Active Defense
• DFIR Core Concepts: Digital Forensics
• DFIR Core Concepts: Incident Response
• Modern DFIR
• Widening the Net: Scaling and Scoping

Module 5: Malware Analysis