This course is provided by Wintrac. Wintrac provides one stop shopping for all your IT
training needs. Wintrac’s course catalog of over two thousand courses includes courses on Security Training
Overview
Network Defense and Countermeasures is an instructor-led 5-day classroom delivery with structured and hands-on activities.
It is the second course in the first level of the Security Certified Program, focusing on the student's understanding of the architecture for network defense.
The course is designed for the student who is a network administrator responsible for maintaining a wide range of networking technologies.
Students will work with layered network defense structures and implement firewalls on various platforms. Students will also gain a working knowledge of Virtual Private Networks and Intrusion Detection Systems, perform packet and signature analyses, identify different methods of risk analysis, and create a security policy.
This is the final Level One course of the Security Certification Program. Passing the associated exams for the Level One courses results in the Security Certified Network Professional (SCNP) certification.
Level Two consists of two courses: PKI Concepts & Planning, and PKI & Biometrics. Passing the associated exams for the Level Two courses results in the Security Certified Network Architect (SCNA) certification.
LEARNING OBJECTIVES
- Identify the basic components of a layered structure for network defense architecture, and describe access control objectives and auditing concepts.
- Identify key concepts and technologies used in the design of firewall systems, as well as methods of implementing firewalls in different scenarios.
- Implement and configure firewalls for three different operating systems and compare their functionality while also identifying the differences between the technologies.
- Describe Virtual Private Networks (VPNs) and related security issues, and take steps to implement a VPN solution built into Windows 2000.
- Describe the key concepts of Intrusion Detection Systems, including distinguishing between host-based and network-based Intrusion Detection Systems.
- Implement and configure a network-based and a host-based IDS.
- Describe core concepts of TCP/IP packet and signature analysis with the goal of intrusion detection, and examine the goals of the Common Vulnerabilities and Exposure (CVE) project.
- Identify the concepts and issues related to risk analysis, and analyze different methods of risk analysis, different standards, and different techniques to minimize risk.
- Implement a security policy for an organization by examining different methods of policy creation and implementation, and creating a policy document.
Prerequisites
Network Security Fundamentals (the first course in the Security Certified Program)
Course duration
5 days
Course outline
|
Chapter 1: Network Defense Fundamentals |
| |
Network Defense
Defensive Technologies
Objectives of Access Control
The Impact of Defense
Network Auditing Concepts
|
|
Chapter 2: Designing Firewall Systems
|
| |
Firewall Components
Create a Firewall Policy
Rule Sets and Packet Filters
Proxy Server
The Bastion Host
The Honeypot
|
|
Chapter 3: Configuring Firewalls |
| |
Firewall Implementation Practices
Installing and Configuring FireWall-1
Installing and Configuring ISA Server 2000
Monitor ISA Server
IPChains Concepts
Implementing Firewall Technologies
Chapter 4: Configuring VPNs
VPN Fundamentals
IP Security Protocol (IPSec)
VPN Design and Architecture
VPN Security
Configuring a VPN
|
|
Chapter 4: Designing an IDS |
| |
The Goals of an Intrusion Detection System
Technologies and Techniques of Intrusion Detection
Host-based Intrusion Detection
Network-based Intrusion Detection
The Analysis
How to Use an IDS
What an Intrusion Detection System Cannot Do
|
|
Chapter 5: Configuring an IDS
|
| |
Snort Foundations
Snort Installation
Snort as an IDS
Configuring ISS Scanners
|
|
Chapter 6: Analyzing Intrusion Signatures
|
| |
Signature Analysis
Common Vulnerabilities and Exposures (CVE)
Signatures
Normal Traffic Signatures
Abnormal Traffic Signatures
|
|
Chapter 7: Performing a Risk Analysis
|
| |
Concepts of Risk Analysis
Methods of Risk Analysis
The Process of Risk Analysis
Techniques to Minimize Risk
Continual Risk Analysis
|
|
Chapter 8: Creating a Security Policy
|
| |
Concepts of Security Policies
The Policy Design
The Policies
An Example Policy
Incident Handling and Escalation Procedures
Partner Policies
|
Hardware and Software
Operating Systems
DOS 6.22 bootable floppy disk (with important utilities like fdisk, format, mscdex, etc)
Windows 98 CD (optional)
Windows NT 4.0 Server CD
Windows 2000 Server CD
Red Hat Linux 7.1
Drivers for all the operating systems.
Service Packs and other software
SP2 for Windows 2000
SP6a for Windows NT 4 Server
Internet Explorer 4.0 or later. Use version 5.0 for NT 4.0
ISA Server 2000 Standard Edition (trial version)
Windows 2000 Resource Kit
Check Point FireWall-1 Enterprise Edition 4.1 for 172.17.10.1
A decompression utility for Windows, such as WinZip
Disk cloning tools and SID changing utilities
Norton Ghost
Norton Ghostwalk
Hardware
Two instructor PCs
One student machine per student
Three Cisco 2500 seriesrouters
Two back-to-back serial cables
Two 10/100 switches or hubs
Cisco console kit
Two crossover cables
One null modem cable per every two PCs
Three transceivers
Minimum PC Specifications
Pentium III 500 processor
128 MB of RAM
8 GB of available hard drive space
Two non-integrated Network Interface Card per PC (such as a 3Com 3C905C)
A non-integrated video card (from the point of view of driver availability for all OSs)
Internet access (optional)
|
