Network Defense and Countermeasures

Course length: 5 Days

 

Course Description

Network Defense and Countermeasures is the second course of the first level of the Security Certified Program. It is focused on understanding the architecture for Network Defense.

 

Prerequisites: To ensure your success, you must first take the Software Training course Network Security Fundamentals or have extensive equivalent knowledge, and have a basic understanding of your computer's operating system, and the Internet. For example, you should know how to launch an application, create and save files, and copy files from CDs and other media. The Software Training classes, Windows 98: Introduction, and Internet Explorer 5.x are designed to teach these skills, though they are not required.

 

Delivery Method: Instructor-led, group-paced, classroom-delivery learning model with structured hands-on activities.

 

Performance-Based Objectives

Lesson objectives help students become comfortable with the course, and also provide a means to evaluate learning. Upon successful completion of this course, students will be able to:

• Identify the basic components of a layered structure for Network Defense architecture, describe Access Control objectives and Auditing concepts
• Identify key concepts and technologies used in the design of firewall systems as well as methods of implementing firewalls in different scenarios.
• Implement and configure firewalls for three different operating systems and compare their functionality and at the same time the differences between the technologies.
• Describe Virtual Private Networks (VPN) and security issues related to it. You'll also take steps to implement a VPN solution built into Windows 2000
• Describe the key concepts of Intrusion Detection Systems. You'll be able to distinguish between Host-based and Network-based Intrusion Detection Systems.
• Implement and configure a network-based and a host-based IDS
• Describe core concepts of TCP/IP packet and signature analysis with the goal of intrusion detection. You will also examine the goals of the CVE project.
• Describe the concepts and issues related to Risk Analysis. You will see different methods of risk analysis, different standards, and different techniques to minimize risk.
• Implement security policies for an organization. You will be introduced to different methods of policy creation and implementation, and you will create a policy document.

 

Course Content

Lesson 1: Network Defense Fundamentals

Topic 1A: Describe Network Defense

Topic 1B: Identify Defensive Technologies

Topic 1C: Describe the Objectives of Access Control

Topic 1D: Identify the Impact of Defense

Topic 1E: Define the Concepts of Network Auditing

 

Lesson 2: Designing Firewall Systems

Topic 2A: Examine Firewall Components

Topic 2B: Create a Firewall Policy

Topic 2C: Rule Sets and Packet Filters

Topic 2D: Proxy Server

Topic 2E: The Bastion Host

Topic 2F: The Honeypot

 

Lesson 3: Configuring Firewalls

Topic 3A: Firewall Implementation Practices

Topic 3B: Installing and Configuring Firewall-1

Topic 3C: Monitor Firewall-1

Topic 3D: Installing and Configuring ISA Server 2000

Topic 3E: Monitor ISA Server

Topic 3F: IPChains Concepts

Topic 3G: Implementing Firewall Technologies

 

Lesson 4: Configuring VPNs

Topic 4A: VPN Fundamentals

Topic 4B: IP Security Protocol (IPSec)

Topic 4C: VPN Design and Architecture

Topic 4D: VPN Security

Topic 4E: Configuring a VPN

 

Lesson 5: Designing an IDS

Topic 5A: The Goals of an Intrusion Detection System

Topic 5B: Technologies and Techniques of Intrusion Detection

Topic 5C: Host-based Intrusion Detection

Topic 5D: Network-based Intrusion Detection

Topic 5E: The Analysis

Topic 5F: How to Use an IDS

Topic 5G: What an Intrusion Detection System Cannot Do

 

Lesson 6: Configuring an IDS

Topic 6A: Snort Foundations

Topic 6B: Installing Snort

Topic 6C: Snort as an IDS

Topic 6D: IDS center

Topic 6E: Configuring ISS Scanners

 

Lesson 7: Analyzing Intrusion Signatures

Topic 7A: Describe the Concepts of Signature Analysis

Topic 7B: Common Vulnerabilities and Exposures (CVE)

Topic 7C: Signatures

Topic 7D: Normal Traffic Signatures

Topic 7E: Abnormal Traffic Signatures

 

Lesson 8: Performing a Risk Analysis

Topic 8A: Concepts of Risk Analysis

Topic 8B: Methods of Risk Analysis

Topic 8C: The Process of Risk Analysis

Topic 8D: Techniques to Minimize Risk

Topic 8E: Continual Risk Analysis

 

Lesson 9: Creating a Security Policy

Topic 9A: Concepts of Security Policies

Topic 9B: The Policy Design

Topic 9C: The Policies

Topic 9D: An Example Policy

Topic 9E: Incident Handling and Escalation Procedures

Topic 9F: Partner Policies

 

Appendix A: Equipment and Software List, Class Setup and Layout

Classroom Requirements Topic

Student PC Setup Topic

Hard Disk Partitioning Scheme (Important)Topic

Ghosting of drives Topic

Tools Topic

Recommended Classroom Layout and Configuration Topic

Detailed Steps for Computer and Classroom Setup: Topic

IP Addressing, Computer and Domain Naming Scheme Topic

Partitioning scheme for a 8 GB hard drive: Topic

 

Appendix B: Trojan Port Numbers

Trojan Port Numbers Topic

 

Appendix C: Security-related RFCs

Security Related Request for Comments Topic

 

Appendix D: A Case Study

Understanding Denial of Service Topic

 

Appendix E: The Security Certified Program

The Security Career Roadmap Topic