NDS: Perimeter Defense Mechanism


Course Description

The Network Defense Series from EC-Council | Press is comprised of 5 books designed to educate learners from a vendor-neutral standpoint on how to defend the networks they manage. This series covers the fundamental skills in evaluating the internal and external threats to network security and design, how to enforce network level security policies, and how to ultimately protect an organization's information. The books in the series cover a broad range of topics from secure network fundamentals, protocols & analysis, standards and policy, hardening infrastructure, to configuring IPS, IDS, firewalls, bastion host, and honeypots. Learners completing this series will have a full understanding of defensive measures taken to secure their organization's information, and along with the proper experience these books will prepare readers for the EC-Council Network Security Administrator (E|NSA) certification.

An organization is only as strong as its weakest link. The same is true in network security. Mis-configurations, outdated software, and technical glitches are often the easiest point of entry for a hacker. This book, the third in the series, is designed to teach the potential security practitioner how to harden the network infrastructure, evaluate hardware, and software configurations and introduce log analysis, creating a strong foundation for Network Security Troubleshooting, response, and repair.



Who should Attend

This course will significantly benefit the security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

  • Duration: 2 days (9:00AM – 5:00PM)
  • CPE/ECE Qualification:2 ECE Credits awarded for attendance (1 for each 8 hour class day)
  • Program Cost: $750 USD
  • Supplement Cost (Courseware & Certificate exam Access): $75 USD
  • Bundle Price: $799 USD
  • Getting Started: Find Training Click HERE
  • Corporate Trainers interested in setting up internal company training programs, click here



What’s included?

  • Physical Courseware
  • 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate

Related Certificates:

  • Network Defense Specialist: Fundamentals & Protocols
  • Network Defense Specialist: Security Policy & Threats
  • Network Defense Specialist: Securing and Troubleshooting Network Operating Systems
  • Network Defense Specialist: Security & Vulnerability Assessment


Course Outline

Hardening Physical Security

Physical security has to be in place to secure the hardware or the software from the intruders. Security is enabled to safeguard the organization’s information from the attackers. This chapter describes about the need for physical security, factors that affect the network security, implementing premise security, threats to networks, and the physical security breach incidents. It discusses the various methods used to physically secure networks and their elements. This chapter also describes the challenges in ensuring physical security. It provides a checklist for developing the physical security.


Firewall is a program which is placed at the network gateway server. It is responsible for the traffic to be allowed to pass, block, or refuse. This chapter describes the multiple components of a firewall, its operations, and types. This chapter explains the rules and restrictions for establishing your Firewall. It also describes the firewall configuration strategies, architecture, multi-layer firewall protection, and deployment strategies. This chapter also discusses the advantages and disadvantages of using firewalls and lists the limitations of firewall.

Packet Filtering and Proxy Servers

Packet filtering is the process of blocking or allowing the packets at a network interface based on the source and destination addresses, ports, or protocols, and a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. This chapter describes approaches to packet filtering, sequencing, prioritization, and fragmentation. It explains the types, advantages, and disadvantages of filtering and explains the types of TCP flags. This chapter also describes the role of proxy server and explains the authentication process and firewalls in Proxy Server.

Bastion Hosts and Honeypots

A bastion host acts as a gateway between the organizational internal private network and outside public network. It is placed on the unrestricted side of the demilitarized zone (DMZ) whereas a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
This chapter describes the need, the basic principles and steps for building, and the requirements to setup and configure a Bastion Host. It discusses the special consideration for Unix systems and explains the Bastion Host Security Policy. This chapter also describes how to build and deploy Honeypots. It also explains how to create a Homemade Honeypot.

Wireless Network Security

Wireless Network allows connecting computer to a network using radio waves instead of wires/cables. This network can allow access to other wired networks through a device called an Access Point.
This chapter describes the types of wireless networks based on connections and geography. It discusses the components of a wireless network, access points, wireless technologies, types of wireless threats and attacks, wireless standards such as IEEE 802.11a (Wi-Fi), IEEE 802.11b (Wi-Fi), and IEEE 802.11g (Wi-Fi). This chapter also discusses about securing wireless communication, authentication, WLAN security policy development issues and provides a wireless network security checklist.