Securing the information systems environment is one of the important tasks of the organization’s IT. This course focuses on the design, analysis, and implementation of enterprise-level security information systems. This course will expose the student to secure computing and networking concepts, security protocols, and principles along with practical networking security methodologies.
The course starts with the risks and risk analysis methods and continues with protocols and security algorithms, network security and how to implement it, operating systems, and security devices. The course finalizes with network analysis and common tools that can be used for the purpose.
Course Objectives
Upon completing the course, the participants will be able to:
- Describe the architecture & components of core and perimeter network protection
- Understand the use of detection and response tools and mechanisms
- Understand how to securely deploy a wired and wireless network
- Use common scanning and analysis tools
Topics
The following topics are covered in the course
- Thinking security
- Risks and risk assessment
- Security protocols – encryption and authentication
- Core and perimeter protection
- Detection and response
- Anti-malware technologies
- OSs security and protection
- Network security – how to secure the network and its components
- Wireless communication security
- Network and computer forensics and analysis
Target Audience
CIOs and IT managers, information security managers, system administrators, network and system engineers
Prerequisites
Good knowledge of networking and network protocols
Duration
5 Days
Outline
- Data Networks Structure and Weakness Points
-
- Data Centers and enterprise networks architecture and components
- Data, control, and management planes
- Cloud connectivity and threats
- The new world networks – SDN/NFV and potential threats
- Type of attacks and where they are implemented
- Network architecture and protocols
-
- L2 protocols – Ethernet and LAN switching mechanisms
- IP, ARP, and routing protocols
- TCP/UDP structure and network behavior
- Application-level protocols
- Encapsulation and tunnelling
- Security architecture and protocols
-
- Encryption basics and protocols
- Authentication basics and protocols
- Authorization and access control protocols
- Certificates and digital signatures
- IPSec and key-management protocols
- SSL/TLS and Proxies
- IKE and public key infrastructure
- RADIUS/TACACS and AAA systems
- Network security components – FW, IDS/IPSs, NAC, WAFs and others
- Network-based attacks and tools
-
- Active and passive attacks
- DoS/DDoS attacks and flooding
- Spoofing and smurf attacks
- L2 Attacks and ARP Poisoning
- L3/4 ICMP and port scanning
- Reconnaissance and information gathering
- DHCP Starvation
- Information gathering and Eavesdropping
-
- Packet analysis tools – Wireshark, TCPDump, and others
- Using Linux/Shell tools and Python/Pyshark for deep network analysis
- Advanced packet dissection with LUA
- ARP spoofing, session hijacking, and data hijacking tools, scripts, and techniques
- Packet generation and replaying tools and when to use them
- Attacks on Network Devices and their Characteristics
-
- Network device’s structure and components
- Memory and buffer structure and exhaustion attacks
- Memory corruption and exploit mitigations
- Storage structure and exhaustion attacks
- CPU structure and exhaustion attacks
- Network Traffic Analysis and Eavesdropping
-
- Packet analysis tools – Wireshark, TCPDump, and others
- Using Linux/Shell tools and Python/Pyshark for deep network analysis
- Advanced packet dissection with LUA
- ARP spoofing, session hijacking, and data hijacking tools, scripts, and techniques
- Packet generation and replaying tools and when to use them
- Network Protocols – How to Attack and How to Protect – Methodologies and Tools
-
- Layer-2 storms and how to generate them
- Storm identification, where can it block the network, and what to
- IP-based attacks, DHCP starvations, ARP Poisoning
- ICMP-Based attacks, Teardrops, Ping scans, Ping of death, L3 DDoS
- MAC and IP Spoofing
- IP fragmentation attacks
- Deep dive into UDP and TCP protocols data structure and behavior
- Syn Flood and SYN stealth scans attacks and countermeasures
- RST and FIN attacks and countermeasures
- TCP sequence attacks and session hijacking attacks
- TCP/TLS attacks and prevention
- Wireless network security
-
- Protocols, operation, and implementation – 802.11 versions, operating principles
- Security protocols – WEP, WPA, WPA-PSKWPA2, WPA3, 802.11i, TKIP, AES and CCMP, 802.1X and EAP
- Common attacks on Wireless networks – adding a fake AP, Eavesdropping, encryption cracking, authentication attacks, MAC spoofing, and more
- WLAN security architectures and how to protect your Wireless network
- Securing routing networks and protocols
-
- IGP standard protocols – RIP (brief), OSPF, and ISIS protocols behaviors
- RIP, OSPF, and ISIS data structure
- Potential threats and common attacks – falsification, overclaiming, and disclaiming
- Tools and scripts
- DDoS, mistreating, and attacks on routers control plane
- HEADING 6: Routing tables poisoning and attacks on the management plane
- Traffic generation and attacks on data plane
- How to configure your routers to protect
- BGP – protocol and operation
- What are the symptoms of BGP hijacking?
- How to protect against BGP hijacking
- Internet Protocols Security – DNS, HTTP, and Mail Protocols
-
- The DNS protocols, behavior and data structure
- Attacks on service: Domain spoofing and hijacking, Flooding, Cache poisoning
- Using DNS to bypass network controls: DNS tunneling
- Attacks on DNS resources: NX records, subdomains
- DNS attacks discovery and protection: tools and analysis
- HTTP and HTTP2 protocol behavior, data structure, and analysis
- SSL/TLS protocol behavior, data structure, and analysis
- HTTP hacking tools – scanners, vulnerability checkers and others
- Web hack – URL interceptions, Input validation, SQL injection, Buffer overflow
- Web hacks – HTTP session hijacking and impersonation
- Email protocols, vulnerabilities, and how to protect your network and messaging
- Countermeasures and defense
- Enterprise Applications Security – Databases, Filesystems, and More
-
- Microsoft network protocols – NetBIOS/SMB and LDAP operation and vulnerabilities
- Database network protocols – TDS and SQLNet operation and vulnerabilities
- Attacking DB protocols: tools and methods, DB injection methods
- Protecting NetBIOS and LDAP
- Securing your databases through the network and servers
- IP Telephony and Collaboration Services Security
-
- SIP and RTP – Protocols, operations, and vulnerabilities
- Attack and destroy – DoS, Sessions tear down, Fuzzing and more
- Attack and take – registration manipulation, Man in the Middle, redirects, and more
- Discover and identify attacks
- Protecting methodology and tools
- Using Behaviour Analysis and Anomaly Detection
-
- Collection methods – agents, Netflow/IPFix, Telemetry, and packet analysis
- Establishing the baseline – traffic loads, applications, and protocols patterns
- Typical suspicious patterns