CanSecWest: Security Masters Dojo Vancouver
Detecting and Mitigating Attacks Using Your Network Infrastructure
Instructor:
Joseph Kiarpenko, Cisco
John Stuppi, Cisco
Register for this course.
Description
Security engineering teams often focus on the security of networked workstations, servers and applications, neglecting the network itself. Many networks also receive only rudimentary security implementations that are often deployed inconsistently. These scenarios not only fail to completely protect the network from the threats of today, they fail to fully utilize the network to detect and mitigate attacks against the computing infrastructure of an organization.PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
During this course students will learn leading network security practices from experts who develop these techniques and put them to practical use. The techniques covered in this course are not limited to those typically thought of as "security features"; this course will detail how to leverage innate network functionality, such as routing protocols and NetFlow, to provide a full range of attack identification and mitigation capabilities. This course is organized around a proven six phase approach to incident response, which moves from preparation through postmortem, and includes extensive demonstrations and hands-on lab work.
Outline:
- Day One
- Introduction
- Understanding the Threat
- Threat Models for IP Networks
- IPv6 Threats
- Overview of the Six Phase Methodology to Incident Response
- Phase One: Preparation
- Designing secure networks
- IP addressing as a security tool
- Defining security control points in the network
- The Three Planes of the Network
- Infrastructure Access Control Lists
- Designing secure networks
- First Lab
- The Three Planes of the Network (Cont.)
- Control Plane Security
- General Control Plane Security
- Control Plane Policing
- Control Plane Protection
- Routing Protocol Security
- Management Plane Security
- General Management Plane
- Security
- Management Plane Protection
- Data Plane Security
- General Data Plane Security
- IPv6 Security Best Practices
- The Three Planes of the Network (Cont.)
- Second Lab
- Phase Two: Identification and Phase Three: Classification
- Monitoring Cisco IOS Device Resources
- Cisco IOS NetFlow for Security Purposes
- DNS
- Cisco IOS Embedded Event Manager
- DEMO: Detecting a Blocked Interface
- Queue
- Using the Network to Capture Attack Packets
- Detecting Attacks with Cisco ASA
- Detecting Attacks with Cisco IPS
- First Lab
- Phase Four: Traceback
- General Traceback Techniques
- NetFlow Traceback Techniques
- Attract and Analyze: Sinkholes
- Phase Five: Reaction
- Reacting to Attacks
- Reacting with Quality of Service
- Reacting with Access Control Lists
- IPv6 Access Control Lists
- Reacting with Cisco IOS Flexible Packet Matching
- Reacting with BGP
- Reacting with Cisco ASA
- Reacting to Attacks with Cisco IPS
- Packet Cleaning
- Phase Six: Post Mortem
- Second Lab
- Keeping Up to Date
Prerequisites
- Student familiarity with basic IOS operations is required.
Prerequisite material
- All student must being a laptop to participate int his course.
