Cyber Defense Infrastructure Support Specialist 1 - Job Role Training


Looking to become a Cyber Defense Infrastructure Support Specialist? This package consists of hands-on labs focusing on that NIST National Initiative for Cybersecurity Education (NICE) work role. Completing these labs will help you learn the skills needed for a job in the area. A follow-on package, "Cyber Defense Infrastructure Support Specialist 2" is also available for more in-depth practice with these job skills.


Prerequisites vary by lab, but are generally: familiarity with the Unix/Linux command line and basic networking concepts (TCP/IP, DNS, etc.).


16 hours, self-paced. Pause and continue at any time.


  • Firewall Configuration with IPtables
    Students will configure a network firewall using the standard Linux iptables module. The exercise will include both ingress and egress filtering, stateful packet inspection, and best practices. More advanced techniques such as port knocking will also be introduced. Evaluation will include network probes from both inside and outside the firewall to ensure proper rules are configured.
  • Introductory IDS Configuration with Snort
    Students will learn how to configure an Intrusion Detection System (IDS) to examine traffic to/from a firewall. The popular Snort® IDS will be used in this exercise. The exercise will include both harmless background traffic and potentially-malicious traffic to be detected by Snort.
  • Using Active Directory to Manage Domain User Accounts
    Students learn to use the Windows Active Directory service to create and manage domain user accounts. They also learn to set up security policies and assign these policies to users and organizational units.
  • Secure Configuration of the Apache Web Server
    Students will learn how to set up a web server securely by configuring the commonly-used Apache HTTP Server® on a Linux system. Security options will be explored, including location/directory restrictions, permissions, authentication, and SSL configuration.
  • Secure SSL Configuration in Apache
    Students will build on the basic Apache configuration exercise to configure Secure Sockets Layer (SSL) encryption for the Apache HTTP Server®. Students will learn and implement best security practices and strong cryptography guarantees while avoiding vulnerabilities such as Heartbleed.
  • DoS Attacks and Defenses
    This lab teaches three different Denial of Service attacks and techniques to mitigate them:
    1. A TCP SYN Flood attack that exploits a weakness in the design of the TCP transport protocol
    2. A slow HTTP attack called Slowloris that takes advantage of how HTTP servers work
    3. A DNS amplification attack that exploits misconfigured DNS servers, of which there are plenty on the Internet.
  • Protocol Analysis I: Wireshark Basics
    Where do you begin in network traffic analysis? Learn the process for examining a live or pre-recorded packet capture file using graphical tools such as Wireshark. Is there malicious activity? Learn to think like an attacker, going through the same methods the attacker would, to assess whether what you're seeing is "normal" or signs of an attack. At the same time, students will run basic network scans using nmap, while seeing how they appear in Wireshark. Finally, students will analyze packet traces indicative of HTTP-based attacks.
  • Protocol Analysis II: Extracting Data from Network Traffic
    Build on what you learned in Protocol Analysis I, this time using command line tools and techniques. You will use the ubiquitous tcpdump program, starting with simple capture tasks and then building up to complex filtering and display options. In the process, you will dig deeply into TCP and IP header fields, learning how these can be used to find the traffic you're interested in. You will examine ICMP, SSH, and HTTP traffic, including that from web shells commonly used in attacks. With the techniques learned in this exercise, you will be able to gather and filter packet capture data from server systems, then later process it on graphical security operations workstations.


  • Cyber Defense Infrastructure Support Specialist

Stock number: