CAST 614 - Advanced Network Defense

Advanced Network Defense Course


 
  Get Advanced Penetration Testing Training From EC-Council Get Certified in Mobile Hacking & Forensics Investigations Learn & Get Certified In Advanced Application Security Course Online From EC-Council Join Advanced Network Defense Training Program Online  
  Securing Windows Infrastructure (CAST 616)   Designing and Implementing Cloud Security  Advanced SQLi Attacks and Countermeasures
 
 
 



 

 

Come experience a comprehensively structured and fast paced program that immerses you into the mysterious world of the “hacker”, providing insights of their mindset; a critical weapon for defending against some of the most malicious attacks around.

 


With this course you can be among the few who transcend the old idea of the hacker having all the fun, take pride being the defender, form an offensive mindset to skillfully orchestrate robust and solid defenses and reinvent popular belief by beating the hacker at his own game.

You will be evaluating advanced “hacks” and methods of defense fortification bringing you closer to establishing perfect security by reviewing best practices and methodologies you can apply to secure environments, provide segmentation and isolation to reduce the effectiveness of the Advanced Persistent Threat.

The course will cover fundamental areas of fortifying your defenses; you will discover methods of developing a secure baseline and how to “harden” your enterprise architectures from the most advanced attacks. Once a strategy for a fortified perimeter is defined the course moves on to defending against the sophisticated malware that is on the rise today and the importance of “live” memory analysis and real time monitoring.

Kevin Cardwell - Technical Editor & Author for Computer Forensics and Hacking Courses

JKevin Cardwell spent 22 years in the U.S. Navy, during this time he tested and evaluated Surveillance and Weapon system software, some of this work was on projects like the Multi-Sensor Torpedo Alertment Processor (MSTRAP), Tactical Decision Support System (TDSS), Computer Aided Dead Reckoning Tracer (CADRT), Advanced Radar Periscope Discrimination and Detection (ARPDD), and the Remote Mine Hunting System (RMHS). He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations Center (NOC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean. He served as the Leading Chief of Information Security at the NOC for six years prior to retiring from the U.S. Navy. During this time he was the leader of a 5 person Red Team that had a 100% success rate at compromising systems and networks.

He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US and UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is technical editor of the Learning Tree Course Ethical Hacking and Countermeasures and Computer Forensics. He is author of the Controlling Network Access course. He has presented at the Blackhat USA Conferences. He is a contributing author to the Computer Hacking Forensics Investigator V3 Study Guide and The Best Damn Cybercrime and Digital Forensics Book Period. He is a Certified Ethical Hacker (CEH), Certified Security analyst (E|CSA), Qualified Penetration Tester (QPT), Certified in Handheld Forensics, Computer Hacking Forensic Investigator (CHFI) and Live Computer Forensics Expert (LCFE), and holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. His current research projects are in Computer Forensic evidence collection on "live" systems, Professional Security Testing and Advanced Rootkit technologies. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman, he servers as a professional training consultant to the Oman Information Technology Authority, and is currently developing the team to man the first Commercial Security Operations Center in the country of Oman.


Students completing this course will gain in-depth knowledge in the following areas:
  • Staging a strong defense against popular security threats
  • Fortifying your organization with a good foundation of risk protection methods
  • Applying latest references and guidance on best practices in the field of cyber security
  • Securing your enterprise architecture from a medium threat level and building towards more sophisticated threats






1. Firewalls
  • Firewalls
  • Firewall Types: Stateless Packet Filters
  • Improving Device Remote-Access Security
  • Locking Down the Console Port
  • Protecting Terminal Lines
  • Establishing Encrypted Communications
  • Configuring HTTPS
  • Configuring SSH

LAB: Securing the Perimeter

2. Advanced Filtering
  • Advanced Filtering Techniques
  • Ingress Filtering
  • Egress Filtering
  • Source Address Verification (SAV)
  • uRPF
  • Additional Filtering Considerations
  • Time-Based ACLs
  • Reflexive ACLs
  • Reflexive ACL vs. Static ACL
  • Context-Based Access Control (CBAC)
  • Essential Steps to Harden Routers

LAB: Advanced Filtering

3. Firewall Configuration
  • Advanced Filtering Techniques
  • Firewall Types: Stateful Packet Filters
  • Application Proxies
  • Application Proxies vs. Stateful Packet filters
  • Web Application Firewalls
  • Web Application Firewall Types
  • Web Application Firewall Products
  • Firewall Architecture
  • Screened Subnet Firewall
  • The Classic Firewall Architecture
  • Belt and Braces Firewall
  • Separate Services Subnet
  • Fortress Mentality
  • De-parameterization
  • Perimeter Configuration

Lab: Selecting a Firewall Architecture

4. Hardening: Establishing a Secure Baseline
  • Windows NT/2000/2003 and XP
  • Windows 2000/2003/XP
  • Windows 2003
  • Windows Vista
  • Server 2003 Architecture
  • Broken Kernel
  • Modes of the OS
  • UNIX/Linux
  • Secure Server Guidelines
  • Hardening Systems
  • Security Compliance Manager
  • Device Security
  • Essential Steps to Harden Switches

LAB: Hardening

Windows Server 2008 Security (Part I)
  • Server 2008 Components
  • Enterprise Protection
  • AD RMS
  • AD RMS Components
  • EFS
  • EFS Enhancements in Server 2008
  • EFS Best Practices

LAB: Server 2008 Lab

Windows Server 2008 Security (Part II)
  • IPsec Rules
  • Firewall Scripting
  • netsh
  • Isolating a Server
  • Group Policy Object
  • Server Isolation Steps
  • Domain Isolation
  • Domain Isolation Issues
  • Best Practices
  • Trusted Platform Module
  • Wave Systems
  • TPM Architecture
  • Crypto API
  • Example
  • Embassy Server Software
  • Embassy Client Software
  • Self-Encrypting Drives

LAB: TPM

5. Intrusion Detection and Prevention Why Intrusion Detection?
  • Windows NT/2000/2003 and XP
  • Fortress Mentality
  • Intrusion Detection 101
  • What is Intrusion Detection?
  • False positives!
  • Topology concerns
  • Recommended in most circles
  • Realistic
  • Intrusion Prevention
  • Types of IPS
  • Host-Based Intrusion Prevention Systems
  • Host-Based Intrusion Prevention Systems

LAB: Intrusion Detection

6. Protecting Web Applications
  • Windows NT/2000/2003 and XP
  • Top 10 www.owasp.org
  • Injection Flaws
  • Cross Site Scripting
  • Broken Authentication
  • Insecure Cryptographic Storage
  • Reverse Engineering Web Apps
  • Tools
  • Hackbar
  • Tamper Data
  • The Two Main Attacks for Web
  • XSS
  • SQL Injection
  • xp_cmdshell
  • There is More
  • More Tools
  • SQL Inject Me
  • XSS ME
  • Choose The Right Database
  • Practice, Practice, Practice
  • Tutorials
  • Mutillidae
  • Web Application Firewalls
  • Components of Web Application Firewall

Protecting Web Apps

7. Memory Analysis
  • Data Types Revisited
  • Volatile
  • System date and time
  • Current network connections and Open ports
  • Processes that opened ports
  • Cached NetBIOS Names
  • Users Currently Logged On
  • Internal routing
  • Running Processes
  • Pslist
  • Trivia
  • Pslist –t
  • Tasklist
  • Tlist
  • Running Services
  • Open Files
  • Process Memory Dumps

LAB: Memory Analysis

8. Endpoint protection
  • Introduction to NAC
  • NAC Defined
  • NAC General Architecture
  • NAC General Architecture Illustrated
  • NAC Concepts
  • Inline NAC
  • Out-of-Band
  • Identifying NAC Requirements
  • Implementing User-Based Identity Access Control
  • Network Access Protection (NAP)
  • NAP Components
  • NAP Enforcement
  • NAP Best Practices
  • 802.1x
  • EAP Explained

LAB 1: Network Access Protection with DHCP

LAB 2: Network Access Protection with IPsec

LAB 3: Endpoint Protection

9. Securing Wireless
  • ireless Tools
  • Wireless Vulnerabilities Summary
  • MAC Filtering
  • Hiding Access Points
  • Hijacking
  • Jamming
  • Identifying Targets
  • Wardriving
  • Sniffing on Wireless
  • Attacking Encrypted Networks
  • Wep Data
  • The other case
  • Reality
  • WPA Tools
  • WPA
  • LEAP
  • Asleap
  • Comparison

LAB: Securing Wireless

How will this course benefit you?
  • Executing a set of techniques that are critical to the protection of your entire enterprise against some of today’s most advanced threats
  • Reviewing methods of system deployments in as secure a state as possible while supporting your daily business requirements
  • Applying necessary techniques required for malware identification throughout the enterprise even in the case of the malware not being detectable by any of your security controls
  • Staging Advanced Attacks to appreciate methods of correctly eliminating or mitigating risk to an acceptable level




Firewall administrators, system architects, system administrators, windows admin or those responsible for or interested in:
  • Identifying security weaknesses in computer systems or networks
  • Exposing weaknesses for system's owners to fix breaches before being targets of compromise
  • Applying hacking and pen testing constructively to defend against various possible attacks
  • Analysing best practices in developing secure system and network configurations
  • Establishing a secure baseline in deploying machines in a protected state
  • Appreciating popular attack methods applied by hackers in order to fortify their systems

From practically any organization that handles important data would find this course beneficial, examples are:
  • Government agencies
  • Universities
  • Hospitality
  • Retail
  • Banking and Financial institutions
  • Brokerage and Trading firms
  • Insurance
  • Scientific institutions & research agencies
  • Telecommunication
  • Computer design firms
  • Consulting firms
  • Science and Engineering firms
  • Those involved with online related businesses & transactions
  • Card related businesses
NOTE: This is definitely not a beginner’s course; participants will be expected to possess the knowledge of attempting attacks against a variety of platforms and architectures under the supervision of an expert. Ideally, the student will be CEH, ECSA or hold equivalent industry experience
CAST On-site provides personalised Advanced Security Courses to meet the needs of the individual or company and are planned to ensure maximum flexibility in terms of logistics, dates and cost issues. Our certified expert trainers are experienced educators and highly knowledgeable in their respective fields. CAST On-site prides itself on strict quality control principles at all times to ensure that clients receive the highest standard of training and service.
CAST On-Site training is designed to add great value to your work force by increasing staff efficiency and skills ensuring improved productivity and output that far exceeds the value of the initial training costs.

Key features of CAST On-site:
  • Each of the courses selected from the CAST Advanced Training Suite will be specifically designed to meet the needs of each individual, based according to their current skills and pace of learning to meet your organisation’s unique objectives and goals
  • CAST On-site expert/trainers will be flown down to your premise of choice at a date most suitable to you
  • CAST On-site allows students to receive training in more manageable sessions arranged over a spread of a few days that allowing for greater absorption of knowledge with an opportunity to practice and verify the new skills after each session prior to commencing the next one
  • With CAST On-site Advanced Security courses students will be able to take advantage of directly conversing with the chosen expert in matters unique to the student and your organisation
  • You can be rest assured that all challenges and objectives pertaining to your organisation’s goals can be discussed in an environment that ensures complete confidentiality
  • Each individual client receives the required high level of training that is benchmarked to international best practise and standards
  • Each student receives a CAST Advanced Security Training Courseware that allows them to follow and revise the material that has been taught to them
  • Upon completion of the course, each student will receive a CAST On-Site Advanced Security Training certificate of attendance

Enquire Online About Advanced Security Training Programs

We at CAST would like to hear from you

if you have questions, comments or feedback for us, please send us a message using the from below or email us at cast@eccouncil.org
For more information and news updates, connect with us via Social Media or our Mailing List.
We look forward to hearing from you!

CAST General Enquiry Form







CAST 614 Videos