Cyber Defense Infrastructure Support Specialist 2 - Job Role Training

COURSE DESCRIPTION

Looking to become a Cyber Defense Infrastructure Support Specialist, or enhance your existing skills in the area? This package consists of hands-on labs focusing on that NIST National Initiative for Cybersecurity Education (NICE) work role. Completing these labs will help you learn the skills needed for a job in the area. The "Cyber Defense Infrastructure Support Specialist 1" package, or equivalent experience, is suggested prior to completing this package.

PREREQUISITES

Prerequisites vary by lab, but are generally: familiarity with the Unix/Linux command line and basic networking concepts (TCP/IP, DNS, etc.).

EXPECTED DURATION

16 hours, self-paced. Pause and continue at any time.

COURSE CONTENTS AND LABS

• Intrusion Detection using Zeek (formerly Bro)
  Students will learn how to deploy, configure and customize a Zeek Network Intrusion Detection System (NIDS). They will customize Zeek to generate enterprise specific logs and to send email notifications of events of interest. They will also create a simple Zeek plugin, using the Zeek scripting language, to detect and block brute force ssh login attempts.
• Firewall Configuration with pfSense
  Students will learn to secure and configure the widely used, open-source pfSense firewall. They will learn to create firewall rules, the order in which rules are applied, how pfSense aliases can be used to simplify the pfSense rule set, and how to secure pfSense itself. They will also learn to view statistics and logs collected by pfSense.
• Firewall Configuration with VyOS
  Students will configure a network firewall using the VyOS router appliance, which mimics physical router hardware. The exercise will include both ingress and egress filtering, stateful packet inspection, and best practices. Students will set up a partitioned network and a DMZ area to isolate specific enterprise services, such as an e-mail server. Evaluation will include network probes from both inside and outside the firewall to ensure proper rules are configured.
• VPN Server Configuration with OpenVPN
  Students will learn to configure and set up an OpenVPN server. OpenVPN is an open-source virtual private network (VPN) solution. VPNs extend a private network over a public network, allowing users to send and receive data the public networks as if they are directly connected to the private network.
• Split-Horizon DNS Configuration using BIND
  Hackers shouldn’t be able to explore your internal network. To make sure they do not, you need to learn about split horizon DNS configuration. And it might help to know something about BIND, probably the most used DNS software on the internet.
• Host IDS Setup with OSSEC
  Students learn how to configure and run the widely-used, free OSSEC Host Intrusion Detection System (HIDS). During the exercise, students will learn how to check for rootkits using OSSEC, how to verify file integrity, how to set up passive and active responses, and more. Host intrusion detection is critical to maintaining a secure system, and is required by HIPAA and PCI regulations, both of which OSSEC can help you meet.
• Intrusion Analysis using Network Traffic
  Examine packet captures from actual intrusions and dive deeper into how attackers operate! Students will learn the details of protocols such as SMB and SSH by examining network traffic captures in Wireshark®, then will proceed to build network packets "by hand" in order to tunnel secret data in normal-looking traffic. Finally, students will learn the details of "web shell" payloads commonly used by attackers.
• Advanced Analysis of Malicious Network Traffic
  Continue your exploration into malware's behavior on the network! Students will analyze network captures containing real, malicious network traffic, both by hand and using tools such as Security Onion and Sguil. Both malware spreading methods and command and control operations will be explored. In addition, students will create web shell payloads of their own to see how they operate from the inside.

NIST NICE FRAMEWORK - JOB WORK ROLE

• Cyber Defense Infrastructure Support Specialist