CanSecWest: Security Masters Dojo Vancouver
Network Threat Defense, Countermeasures, and Controls
Register for March 2-3 CourseRegister for March 4-5 Course
Instructor(s):
Joseph Karpenko
Randy Ivener
Description
In this 2-day instructor-led Dojo training course, attendees will perform 2 roles. First as a Security Practitioner who will secure and harden devices within an organizations network infrastructure and Second as a Security Incident Response Investigator who must correctly detect, classify, and prevent threats targeting a network by configuring and deploying advanced network threat defenses and countermeasures.
Security engineering teams often focus on the security of networked workstations, servers, and applications, but may neglect the network's infrastructure routers and switches. Failing to completely protect the network infrastructure from today's threats places the entire computing infrastructure of the organization at risk.
In the Security Practitioner role, attendees will learn about inherent security features and techniques on Cisco IOS software including Management Plane hardening, Infrastructure Access-lists, and Data Plane hardening. The attendees will acquire hands-on experience configuring and testing these inherent security features and techniques in simulated real world threat scenarios.
At the conclusion of this role, attendees will be prepared to effectively implement and deploy inherent security features and techniques for increasing the security posture and preparedness of their network infrastructure, allowing them to detect and mitigate current threats.
Security Incident Response Investigator
Miscreants continue to evolve as does the cyber threat landscape. Miscreant's targets are your business assets and disrupting the availability of your business operations. Why, depends on what you have to offer and its value, or who you may have negatively provoked. Questions to consider include:
- Do you have countermeasures deployed for detecting and mitigating current threats?
- Will you be able to identify an attack?
- Once you have identified an attack are you prepared to respond?
In the Security Incident Response Investigator role, attendees must correctly detect, classify, and prevent threats targeting a network by configuring and deploying advanced network threat defenses and countermeasures, such as Control Plane Policing, IOS NetFlow, and Remotely-Triggered Black Hole (RTBH) Routing on network infrastructure devices. After these countermeasures and controls are implemented, attendees will be responsible for validating the control's effectiveness and adjusting them to changing network conditions and attack pattern profiles.
Class Outline
Day 1:- Module 01: General Management Plane Hardening
- Module 02: Infrastructure Access-Lists (iACLs)
- Module 03: Control Plane Hardening
- Module 04: Advanced Management Plane Hardening
- Module 05: Data Plane Hardening and Unicast RPF
- Module 06: Firewall Basics
- Module 07: Control Plane Policing
- Module 08: Mitigating Exploits with Firewalls
- Module 09: Advanced Firewall Configurations
- Module 10: Attack Identification
- Module 11: Reacting with BGP
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
Hardware and Software Requirement
- Laptop with both Ethernet and Wireless connectivity
- Working WEB browser
- Telnet client
- A PDF Viewer
- Text Editor
- Video player capable of playing MP4 and MPG videos (VLC, etc)
- Ability to install Cisco AnyConnect Secure Mobility Client (used for SSL VPN access to the remote training lab).
