Systems Administrator 2 - Job Role Training


Looking to become a System Administrator, or enhance your existing skills in the area? This package consists of hands-on labs focusing on that NIST National Initiative for Cybersecurity Education (NICE) work role. Completing these labs will help you learn the skills needed for a job in the area. The "System Administrator 1" package, or equivalent experience, is suggested prior to completing this package.


Prerequisites vary by lab, but are generally: familiarity with the Unix/Linux command line and basic networking concepts (TCP/IP, DNS, etc.).


18 hours, self-paced. Pause and continue at any time.


  • Intrusion Detection using Zeek (formerly Bro)
    Students will learn how to deploy, configure and customize a Zeek Network Intrusion Detection System (NIDS). They will customize Zeek to generate enterprise specific logs and to send email notifications of events of interest. They will also create a simple Zeek plugin, using the Zeek scripting language, to detect and block brute force ssh login attempts.
  • Firewall Configuration with VyOS
    Students will configure a network firewall using the VyOS router appliance, which mimics physical router hardware. The exercise will include both ingress and egress filtering, stateful packet inspection, and best practices. Students will set up a partitioned network and a DMZ area to isolate specific enterprise services, such as an e-mail server. Evaluation will include network probes from both inside and outside the firewall to ensure proper rules are configured.
  • Firewall Configuration with pfSense
    Students will learn to secure and configure the widely used, open-source pfSense firewall. They will learn to create firewall rules, the order in which rules are applied, how pfSense aliases can be used to simplify the pfSense rule set, and how to secure pfSense itself. They will also learn to view statistics and logs collected by pfSense.
  • VPN Server Configuration with OpenVPN
    Students will learn to configure and set up an OpenVPN server. OpenVPN is an open-source virtual private network (VPN) solution. VPNs extend a private network over a public network, allowing users to send and receive data the public networks as if they are directly connected to the private network.
  • Split-Horizon DNS Configuration using BIND
    Hackers shouldn’t be able to explore your internal network. To make sure they do not, you need to learn about split horizon DNS configuration. And it might help to know something about BIND, probably the most used DNS software on the internet.
  • SSH Server Configuration
    Students learn the proper setup of the OpenSSH remote administration tool, including security-relevant settings. During the exercise, students will learn best practices such as host filtering, public-key or Kerberos authentication, and PAM integration.
  • Log Analytics with Splunk
    In this lab the student will learn how to configure and securely run the Splunk Enterprise security information collection and analysis platform. The objective of the lab is to deploy multiple instances of Splunk data forwarders through a deployment server and analyze the logs received from the servers. The student will write custom scripts to generate logs, create both visual and textual reports, organize these reports into a single dashboard, and learn to recognize malicious activity.
  • Log Analytics with Elastic Stack
    Elastic Stack is a group of services designed to take data from almost any type of source and in almost any type of format, and to search, analyze and visualize that data in real time. In this lab, Elastic Stack will be used for log analytics. Students will learn to set up and run the Elasticsearch, Logstash and Kibana components of Elastic Stack. Multiple computers in a small network will forward their logs to a central server where they will be processed by Elastic Stack. Student will use Kibana to view logs, filter them and set up dashboards. Information in the logs will be used to identify and block an on-going attack.
  • Introduction to Jenkins CI/CD Pipelines
    In this lab students will learn to use Jenkins, a widely used automation tool to set up a CI/CD (continuous integration/continuous delivery) pipeline. CI establishes a consistent and automated way to build, package, and test applications. CD automates the delivery of applications. A pipeline is the set of software integration, testing and deployment steps that the software being developed must go through.
  • Deploying a LAMP Stack
    Students will learn about the LAMP (Linux, Apache, MySQL, PHP) stack and will deploy a LAMP stack running an application written in PHP. LAMP is one of the most common software stacks for many of the web's most popular applications.



Stock number: