> > > SCYBER Detailed outline

Securing Cisco Networks with Threat Detection and Analysis (SCYBER)

Course Description Schedule Course Outline

Detailed Course Outline

Module 1: Attacker Methodology

  • Types of Attackers
  • Malware and attacker tools
  • Understand common attacks

Module 2: Defender Methodology

  • Define vulnerabilities, threats, exploits, and attacks
  • Define the network (NOC) and security operations center (SOC)
  • SOC processes and procedures
  • Responsibilities of the SOC
  • Identify security incidents

Module 3: Defender Tools

  • Identify common sources used to detect security incidents
  • Understand event correlation and baseline data
  • Define data across layers of TCP/IP model
  • Data synchronization and data collection
  • Data encryption
  • Network monitoring and event management
  • User Reports
  • Risk analysis and mitigation strategies

Module 4: Packet Analysis

  • Network structures related to packet analysis
  • Analyze packets using Cisco IOS software
    • Access control lists
    • Debug commands
    • IOS embedded packet capture (EPC)
  • Methods used to capture traffic
    • Network taps
    • Local SPAN
    • remote SPAN
  • Conduct network traces
  • Establish a packet baseline using Wireshark

Module 5: Network Log Analysis

  • Use log analysis protocols and tools
  • Explore log mechanics
  • Retrieve syslog data
  • Retrieve DNS events and proxy logs
  • Correlate log files

Module 6: Baseline Network Operations

  • Establish a network baseline
  • Baseline methodologies
  • Exception handling and monitoring tools
  • Network topology mapping
  • Network securing best practices
  • Define and identify mission-critical business components
  • Determine the health state of monitored network components

Module 7: Incident Response Preparation

  • SOC roles and responsibilities
  • Incident response standards
  • IRT roles and responsibilities
  • Remediation, resolution and closure
  • Establish an effective monitoring system
  • Analyze monitoring system

Module 8: Security Incident Detection

  • Identify an incident
  • Correlate data sources
  • SIEM as an automatic correlation
  • Review and classify incident information
  • Identify source of incident

Module 9: Investigations

  • Framework and scope of investigation
  • Data collection process
  • Describe the role of flow data in an investigation
  • Use flow data to monitor, analyze, and visualize network traffic
  • Historical analysis

Module 10: Mitigations and Best Practices

  • Development and deployment
  • Validate and test mitigations
  • Proper documentation methods
  • Describe cyber threat defense solutions and components
  • Implement access control lists (ACLs)
  • Zone-based policy firewall overview
  • Describe default policies, traffic flows, and zone Interaction
  • Implement network-layer mitigations and best practices
  • Implement link-layer best practices

Module 11: Communication

  • Incident documentation requirements and process
  • Incident assessment
  • Solutions

Module 12: Post-Event Activity

  • Conduct an incident post-mortem
  • Policies and procedures
  • Develop security proposals
    • Analyze deficiencies
    • Propose remediations
    • Implement, publicize and monitor remediations

Labs:

  • Assessing Your Understanding of Network and Security Operations
  • Exploring the Remote Lab Environment
  • Enabling Netflow Export and Syslog
  • Capturing Packets on the Pod Router and using Wireshark to examine the PCAP
  • Capturing Packets using TCPDUMP
  • Examining Logs Manually
  • Enabling AAA for Router SSH Management Access
  • Enabling SMNPv3 on the Pod Router and Pod Switch
  • Performing NMAP Scans and Using Netcat to Connect to Open Ports
  • Analyzing PCAP File with Suspicious Activities Using Wireshark
  • Examining Event Logs Manually
  • Examining Event Logs Using Splunk
  • Analyzing NetFlow Data with Lancope StealthWatch
  • Implementing IOS Zone-Based Firewall
  • Incident Response
 

Accessing our website tells us you are happy to receive all our cookies. However you can change your cookie settings at any time. Find out more.   Got it!