img
img

Course Details!

Description

Certified Network Defender v2 has been designed by industry experts to help IT Professionals play an active role in the Protection of digital business assets and Detection and Response to Cyber Threats, while leveraging Threat Intelligence to Predict them before they happen.
CND is a network security course designed to help organizations create and deploy the most comprehensive network defense system.
Certified Network Defender v2 is recommended for individuals who have fundamental knowledge of networking concepts.
It will also help individuals from the below mentioned job roles progress further in their career:
Network Administrators
IT Administrators
Network Engineers
Data Analysts
Network Technicians

What Will I Learn?

  • The end goal of Certified Network Defender (CND v2) is to help Blue Teams defend and win the war against network breaches in a post-pandemic world.
  • The program is the ideal cyber defense course for organizations and individuals for the following reasons:
  • Based on Common Job Role frameworks recognized by organizations around the world.
  • ANSI
  • ISO
  • IEC 17024 accredited Certification Program.
  • Mapped to the NICE 2.0 framework.
  • Focuses on latest technologies including Cloud, IoT, Virtualization and Remote Worker Threats, Attack Surface Analysis, Threat Intelligence, Software Defined Networks (SDN), and Network Function Virtualization (NFV), as well as docker, Kubernetes, and container security.
  • Covers the latest tools, techniques, and methodologies used by top cybersecurity experts around the world.

Module 01: Network Attacks and Defense Strategies

  • Network Fundamentals
  • Computer Network
  • Types of Network
  • Major Network Topologies
  • Network Components
  • Network Interface Card (NIC)
  • Repeater
  • Hub
  • Switches
  • Router
  • Bridges
  • Gateways
  • TCP
  • IP Networking Basics
  • Standard Network Models: OSI Model
  • Standard Network Models: TCP
  • IP Model
  • Comparing OSI and TCP
  • IP
  • TCP
  • IP Protocol Stack
  • Domain Name System (DNS)
  • DNS Packet Format
  • Transmission Control Protocol (TCP)
  • TCP Header Format
  • TCP Services
  • TCP Operation
  • Three-way handshake
  • User Datagram Protocol (UDP)
  • UDP Operation
  • IP Header
  • IP Header: Protocol Field
  • What is Internet Protocol v6 (IPv6)?
  • IPv6 Header
  • Internet Control Message Protocol (ICMP)
  • Format of an ICMP Message
  • Address Resolution Protocol (ARP)
  • ARP Packet Format EC-Council
  • Ethernet
  • Fiber Distributed Data Interface (FDDI)
  • Token Ring
  • IP Addressing
  • Classful IP Addressing
  • Address Classes
  • Reserved IP Address
  • Subnet Masking
  • Subnetting
  • Supernetting
  • IPv6 Addressing
  • Difference between IPv4 and IPv6
  • IPv4 compatible IPv6 Address
  • Computer Network Defense (CND)
  • Computer Fundamental Attributes
  • What CND is NOT
  • CND Layers
  • CND Layer 1: Technologies
  • CND Layer 2: Operations
  • CND Layer 3: People
  • Blue Teaming
  • Network Defense-In-Depth
  • Typical Secure Network Design
  • CND Triad
  • CND Process
  • CND Actions
  • CND Approaches

Module 02: Network Security Threats, Vulnerabilities, and Attacks

  • Essential Terminologies
  • Threats
  • Vulnerabilities
  • Attacks
  • Network Security Concerns
  • Why Network Security Concern Arises?
  • Fundamental Network Security Threats
  • Types of Network Security Threats EC-Council
  • Where they arises from?
  • How does network security breach affects business continuity?
  • Network Security Vulnerabilities
  • Types of Network Security Vulnerabilities
  • Technological Vulnerabilities
  • Configuration Vulnerabilities
  • Security policy Vulnerabilities
  • Types of Network Security Attacks
  • Network Reconnaissance Attacks
  • Reconnaissance Attacks
  • Reconnaissance Attacks: ICMP Scanning
  • Reconnaissance Attacks: Ping Sweep
  • Reconnaissance Attacks: DNS Footprinting
  • Reconnaissance Attacks: Network Range Discovery
  • Reconnaissance Attacks: Network Topology Identification
  • Reconnaissance Attacks: Network Information Extraction using Nmap Scan
  • Reconnaissance Attacks: Port Scanning
  • Reconnaissance Attacks : Network Sniffing
  • How an Attacker Hacks the Network Using Sniffers
  • Reconnaissance Attacks : Social Engineering Attacks
  • Network Access Attacks
  • Password Attacks
  • Password Attack Techniques
  • Dictionary Attack
  • Brute Forcing Attacks
  • Hybrid Attack
  • Birthday Attack
  • Rainbow Table Attack
  • Man-in-the-Middle Attack
  • Replay Attack
  • Smurf Attack
  • Spam and Spim
  • Xmas Attack
  • Pharming
  • Privilege Escalation
  • DNS Poisoning EC-Council
  • DNS Cache Poisoning
  • ARP Poisoning
  • DHCP Attacks: DHCP Starvation Attacks
  • DHCP Attacks: DHCP Spoofing Attack
  • Switch Port Stealing
  • Spoofing Attacks
  • MAC Spoofing
  • Duplicating
  • Denial of Service (DoS) Attacks
  • Distributed Denial-of-Service Attack (DDoS)
  • Malware Attacks
  • Malware
  • Types of Malware: Trojan
  • Types of Malware: Virus and Armored Virus
  • Malware Attacks
  • Adware
  • Spyware
  • Rootkits
  • Backdoors
  • Logic Bomb
  • Botnets
  • Ransomware
  • Polymorphic malware

Module 03: Network Security Controls, Protocols, and Devices

  • Fundamental Elements of Network Security
  • Network Security Controls
  • Network Security Protocols
  • Network Security Perimeter Appliances
  • Network Security Controls
  • Access Control
  • Access Control Terminology
  • Access Control Principles
  • Access Control System: Administrative Access Control
  • Access Control System: Physical Access Controls
  • Access Control System: Technical Access Controls
  • Types of Access Control
  • Discretionary Access Control (DAC) EC-Council
  • Mandatory Access Control (MAC)
  • Role-based Access
  • Network Access Control (NAC)
  • NAC Solutions
  • User Identification, Authentication, Authorization and Accounting
  • Types of Authentication :Password Authentication
  • Types of Authentication: Two-factor Authentication
  • Types of Authentication : Biometrics
  • Types of Authentication : Smart Card Authentication
  • Types of Authentication: Single Sign-on (SSO)
  • Types of Authorization Systems
  • Centralized Authorization
  • Implicit Authorization
  • Decentralized Authorization
  • Explicit Authorization
  • Authorization Principles
  • Least privilege
  • Separation of duties
  • Cryptography
  • Encryption
  • Symmetric Encryption
  • Asymmetric Encryption
  • Hashing: Data Integrity
  • Digital Signatures
  • Digital Certificates
  • Public Key Infrastructure (PKI)
  • Security Policy
  • Network Security Policy
  • Key Consideration for Network Security Policy
  • Types of Network Security Policies
  • Network Security Devices
  • Firewalls
  • DMZ
  • Virtual Private Network (VPN)
  • Proxy Server
  • Advantages Of using Proxy Servers EC-Council
  • Proxy Tools
  • Honeypot
  • Advantages of using Honeypots
  • Honeypot Tools
  • Intrusion Detection System (IDS)
  • Intrusion Prevention System (IPS)
  • IDS
  • IPS Solutions
  • Network Protocol Analyzer
  • How it Works
  • Advantages of using Network Protocol Analyzer
  • Network Protocol Analyzer Tools
  • Internet Content Filter
  • Advantages of using Internet Content Filters
  • Internet Content Filters
  • Integrated Network Security Hardware
  • Network Security Protocols
  • Transport Layer
  • Network Layer
  • Application Layer
  • Data Link Layer
  • RADIUS
  • TACACS+
  • Kerbros
  • Pretty Good Service (PGP) Protocol
  • S
  • MIME Protocol
  • How it Works
  • Difference between PGP and S
  • MIME
  • Secure HTTP
  • Hyper Text Transfer Protocol Secure (HTTPS)
  • Transport Layer Security (TLS)
  • Internet Protocol Security (IPsec)

Module 04: Network Security Policy Design and Implementation

  • What is Security Policy?
  • Hierarchy of Security Policy
  • Characteristics of a Good Security Policy
  • Contents of Security Policy EC-Council
  • Typical Policy Content
  • Policy Statements
  • Steps to Create and Implement Security Policies
  • Considerations Before Designing a Security Policy
  • Design of Security Policy
  • Policy Implementation Checklist
  • Types of Information Security Policy
  • Enterprise information security policy(EISP
  • Issue specific security policy(ISSP)
  • System specific security policy (SSSP)
  • Internet Access Policies
  • Promiscuous Policy
  • Permissive Policy
  • Paranoid Policy
  • Prudent Policy
  • Acceptable-Use Policy
  • User-Account Policy
  • Remote-Access Policy
  • Information-Protection Policy
  • Firewall-Management Policy
  • Special-Access Policy
  • Network-Connection Policy
  • Business-Partner Policy
  • Email Security Policy
  • Passwords Policy
  • Physical Security Policy
  • Information System Security Policy
  • Bring Your Own Devices (BYOD) Policy
  • Software
  • Application Security Policy
  • Data Backup Policy
  • Confidential Data Policy
  • Data Classification Policy
  • Internet Usage Policies
  • Server Policy
  • Wireless Network Policy
  • Incidence Response Plan (IRP)
  • User Access Control Policy
  • Switch Security Policy EC-Council
  • Intrusion Detection and Prevention (IDS
  • IPS) Policy
  • Personal Device Usage Policy
  • Encryption Policy
  • Router Policy
  • Security Policy Training and Awareness
  • ISO Information Security Standards
  • ISO
  • IEC 27001:2013: Information technology — Security Techniques — Information security Management Systems — Requirements
  • ISO
  • IEC 27033:Information technology -- Security techniques -- Network security
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Information Security Acts: Sarbanes Oxley Act (SOX)
  • Information Security Acts: Gramm-Leach-Bliley Act (GLBA)
  • Information Security Acts: The Digital Millennium Copyright Act (DMCA) and Federal Information Security Management Act (FISMA)
  • Other Information Security Acts and Laws
  • Cyber Law in Different Countries

Module 05: Physical Security

  • Physical Security
  • Need for Physical Security
  • Factors Affecting Physical Security
  • Physical Security Controls
  • Administrative Controls
  • Physical Controls
  • Technical Controls
  • Physical Security Controls: Location and Architecture Considerations
  • Physical Security Controls: Fire Fighting Systems
  • Physical Security Controls: Physical Barriers
  • Physical Security Controls: Security Personnel
  • Access Control Authentication Techniques
  • Authentication Techniques: Knowledge Factors
  • Authentication Techniques: Ownership Factors
  • Authentication Techniques: Biometric Factors
  • Physical Security Controls
  • Physical Locks
  • Mechanical locks: EC-Council
  • Digital locks:
  • Combination locks:
  • Electronic
  • Electric
  • Electromagnetic locks:
  • Concealed Weapon
  • Contraband Detection Devices
  • Mantrap
  • Security Labels and Warning Signs
  • Alarm System
  • Video Surveillance
  • Physical Security Policies and Procedures
  • Other Physical Security Measures
  • Lighting System
  • Power Supply
  • Workplace Security
  • Reception Area
  • Server
  • Backup Device Security
  • Critical Assets and Removable Devices
  • Securing Network Cables
  • Securing Portable Mobile Devices
  • Personnel Security: Managing Staff Hiring and Leaving Process
  • Laptop Security Tool: EXO5
  • Laptop Tracking Tools
  • Environmental Controls
  • Heating, Ventilation and Air Conditioning
  • Electromagnetic Interference (EMI) Shielding
  • Hot and Cold Aisles
  • Physical Security: Awareness
  • Training
  • Physical Security Checklists

Module 06: Host Security

  • Host Security
  • Common Threats Specific to Host Security
  • Where do they come from?
  • Why Host Security?
  • Before Configuring Host Security: Identify purpose of each Host
  • Host Security Baselining
  • OS Security
  • Operating System Security Baselining
  • Common OS Security Configurations EC-Council
  • Windows Security
  • Windows Security Baselining: Example
  • Microsoft Baseline Security Analyzer (MBSA)
  • Setting up BIOS Password
  • Auditing Windows Registry
  • User and Password Management
  • Disabling Unnecessary User Accounts
  • Configuring user authentication
  • Patch Management
  • Configuring an update method for Installing Patches
  • Patch Management Tools
  • Disabling Unused System Services
  • Set Appropriate Local Security Policy Settings
  • Configuring Windows Firewall
  • Protecting from Viruses
  • Antivirus Software
  • Protecting from Spywares
  • Antispywares
  • Email Security: AntiSpammers
  • Spam Filtering Software
  • Enabling Pop-up Blockers
  • Windows Logs Review and Audit
  • Log Review Recommendations
  • Event IDs in Windows Event log
  • Configuring Host-based IDS
  • IPS
  • Host based IDS: OSSEC
  • AlienVault Unified Security Management (USM)
  • Tripwire
  • Additional Host Based IDSes
  • File System Security: Setting Access Controls and Permission to Files and Folders
  • Creating and Securing a Windows file share
  • File and File System Encryption
  • EFS Limitations
  • Data encryption Recommendations
  • DATA Encryption Tools
  • Linux Security
  • Linux Baseline Security Checker: buck-security
  • Password Management EC-Council
  • Disabling Unnecessary Services
  • Killing unnecessary processes
  • Linux Patch Management
  • Understanding and checking Linux File Permissions
  • Changing File Permissions
  • Common File Permission Settings
  • Check and Verify Permissions for Sensitive Files and Directories
  • Host-based Firewall Protection with iptables
  • Linux Log review and Audit
  • Common Linux log files
  • System Log Viewer
  • Log Events to Look for
  • Securing Network Servers
  • Before Hardening Servers
  • Hardening Web Server
  • Hardening Email Server: Recommendations
  • Hardening FTP Servers: Recommendations
  • Hardening Routers and Switches
  • Hardening Routers: Recommendations
  • Hardening Switches
  • Hardening Switches-Recommendations
  • Logs Review and Audit: Syslog
  • GFI EventsManager: Syslog Server
  • Application
  • software Security
  • Application Security
  • Application Security Phases
  • Application Security: Recommendations
  • Data Security
  • What is Data Loss Prevention (DLP)
  • Best Practices to Prevent Data Loss
  • List of DLP Solution Vendors
  • Data Leak
  • Loss Prevention Tools
  • Virtualization Security
  • Virtualization Terminologies
  • Introduction to Virtualization
  • Characteristics of Virtualization
  • Benefits of Virtualization EC-Council
  • Virtualization Vendors
  • Virtualization Security
  • Virtualization Security Concern
  • Securing Hypervisor
  • Securing Virtual machines
  • Implementing Software Firewall
  • Deploying Anti-virus Software
  • Encrypting the Virtual Machines
  • Secure Virtual Network Management
  • Methods to Secure Virtual Environment
  • Virtualization Security Best Practices for Network Defenders
  • Best Practices for Virtual Environment Security

Module 07: Secure Firewall Configuration and Management

  • Firewalls and Concerns
  • What Firewalls Does?
  • What should you not Ignore?: Firewall Limitations
  • How Does a Firewall Work?
  • Firewall Rules
  • Types of Firewalls
  • Hardware Firewall
  • Software Firewall
  • Firewall Technologies
  • Packet Filtering Firewall
  • Circuit Level Gateway
  • Application Level Firewall
  • Stateful Multilayer Inspection Firewall
  • Multilayer Inspection Firewall
  • Application Proxy
  • Network Address Translation
  • Virtual Private Network
  • Firewall Topologies
  • Bastion host
  • Screened subnet
  • Multi-homed firewall
  • Choosing Right Firewall Topology
  • Firewall Rule Set & Policies EC-Council
  • Build an Appropriate Firewall Ruleset
  • Blacklist vs Whitelist
  • Example: Packet Filter Firewall Ruleset
  • Implement Firewall Policy
  • Periodic Review of Firewall Policies
  • Firewall Implementation
  • Before Firewall Implementation and Deployment
  • Firewall Implementation and Deployment
  • Planning Firewall Implementation
  • Factors to Consider before Purchasing any Firewall Solution
  • Configuring Firewall Implementation
  • Testing Firewall Implementation
  • Deploying Firewall Implementation
  • Managing and Maintaining Firewall Implementation
  • Firewall Administration
  • Firewall Administration: Deny Unauthorized Public Network Access
  • Firewall Administration: Deny Unauthorized Access Inside the Network
  • Firewall Administration: Restricting Client’s Access to External Host
  • Firewall Logging and Auditing
  • Firewall Logging
  • Firewall Logs
  • Firewall Anti-evasion Techniques
  • Why Firewalls are Bypassed?
  • Full Data Traffic Normalization
  • Data Stream-based Inspection
  • Vulnerability-based Detection and Blocking
  • Firewall Security Recommendations and Best Practices
  • Secure Firewall Implementation: Best Practices
  • Secure Firewall Implementation: Recommendations
  • Secure Firewall Implementation: Do’s and Don’ts
  • Firewall Security Auditing Tools
  • Firewall Analyzer
  • Firewall Tester: Firewalk
  • FTester
  • Wingate
  • Symantec Enterprise Firewall
  • Hardware Based Firewalls EC-Council
  • Software Based Firewalls

Module 08: Secure IDS Configuration and Management

  • Intrusions and IDPS
  • Intrusions
  • General Indications of Intrusions
  • Intrusion Detection and Prevention Systems (IDPS)
  • Why do We Need IDPS?
  • IDS
  • Role of IDS in Network Defense
  • IDS Functions
  • What Events do IDS Examine?
  • What IDS is NOT?
  • IDS Activities
  • How IDS Works?
  • IDS Components
  • Network Sensors
  • Alert Systems
  • Command Console
  • Response System
  • Attack Signature Database
  • Intrusion Detection Steps
  • Types of IDS Implementation
  • Approach-based IDS
  • Anomaly and Misuse Detection Systems
  • Behavior-based IDS
  • Protection-based IDS
  • Structure-based IDS
  • Analysis Timing based IDS
  • Source Data Analysis based IDS
  • IDS Deployment Strategies
  • Staged IDS Deployment
  • Deploying Network-based IDS
  • Types of IDS Alerts
  • True Positive (Attack - Alert)
  • False Positive (No Attack - Alert)
  • False Negative(Attack - No Alert)
  • True Negative (No Attack - No Alert) EC-Council
  • Dealing with False Positive
  • Alarm
  • What should be the Acceptable Levels of False Alarms
  • Calculating False Positive
  • False Negative Rate
  • Dealing with False Negative
  • Excluding False Positive Alerts with Cisco Secure IPS
  • Characteristics of a Good IDS
  • IDS mistakes that should be avoided
  • IPS
  • IPS Technologies
  • IPS Placement
  • IPS Functions
  • Need of IPS
  • IDS vs IPS
  • Types of IPS
  • Network-Based IPS
  • Host-Based IPS
  • Wireless IPS
  • Network Behavior Analysis (NBA) System
  • Network-Based IPS
  • Network-Based IPS: Security Capabilities
  • Placement of IPS Sensors
  • Host-Based IPS
  • Host-Based IPS Architecture
  • Wireless IPS
  • WLAN Components and Architecture
  • Wireless IPS: Network Architecture
  • Security Capabilities
  • Management
  • Network Behavior Analysis (NBA) System
  • NBA Components and Sensor Locations
  • NBA Security Capabilities
  • IDPS Product Selection Considerations
  • General Requirements
  • Security Capability Requirements
  • Performance Requirements
  • Management Requirements
  • Life Cycle Costs EC-Council
  • IDS Counterparts
  • Complementing IDS
  • Vulnerability Analysis or Assessment Systems
  • Advantages & Disadvantages of Vulnerability Analysis
  • File Integrity Checkers
  • File Integrity Checkers Tools
  • Honey Pot & Padded Cell Systems
  • Honey Pot and Padded Cell System Tools
  • IDS Evaluation: Snort
  • IDS
  • IPS Solutions
  • IDS Products and Vendors

Ahmed Aziz

Linux Admin I -II -ECSS -CND -CEH

Comments

Course Instructor

user

Ahmed Aziz

Member Since November 2017
See All Course