TN-575: Open Source Network Security Monitoring

Course Overview:

TN-575: Open Source Network Security Monitoring teaches students how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. No network is bullet proof and when attackers access your network, this course will show you how to build a security net to detect, contain, and control the attacker. Sensitive data can be monitored and deep packet and deep attachment analysis can be achieved. As organizations stand up a Security Operations Center (SOC) the enterprise NSM is the key ingredient to that SOC. This course not only teaches how to implement an NSM technologically, but how to effectively monitor an enterprise operationally. You will learn how to architect an NSM solution: where to deploy your NSM platforms and how to size them, stand-alone or distributed, and integration into packet analysis, interpret evidence, and integrate threat intelligence from external sources to identify sophisticated attackers. A properly implemented NSM is integral to incident response and provides the responders timely information to react to the incident. TN-575: Open Source Network Security Monitoring is a lab intensive environment with a cyber range that gives each student in-depth knowledge and practical experience monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls.

Attendees to TN-575: Open Source Network Security Monitoring class will receive TechNow approved course materials and expert instruction.

This Course is taught utilizing Security Onion or RockNSM as specified by the customer.

Dates/Locations:

No Events

Duration: 5 Days

Course Objective:

The focus of this course is to present a suite of Open Source security products integrated into a highly functional and scalable Network Security Monitoring solution.

Prerequisites:

Students should have a basic understanding of networks, TCP/IP and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required

Course Outline:

Network Security Monitoring (NSM) Methodology
High Bandwidth Packet Capture Challenges
Installation of Security Onion
- Use Cases (analysis, lab, stand-alone, distributed)
- Resource Requirements
Configuration
- Setup Phase I – Network Configuration
- Setup Phase 2 – Service Configuration
- Evaluation Mode vs. Configuration Mode
- Verifying Services
Security Onion Architecture
- Configuration Files and Folders
- Network Interfaces
- Docker Environment
- Security Onion Containers
Overview of Security Onion Analyst Tools
- Kibana
- CapME
- CyberChef
- Squert
- Sguil
- NetworkMiner
Quick Review of Wireshark and Packet Analysis
- Display and Capture Filters
- Analyze and Statistics Menu Options
- Analysis for Signatures
Analyzing Alerts
- Replaying Traffic
- 3 Primary Interfaces:
  - Squert
  - Sguil
  - Kibana
- Pivoting Between Interfaces
- Pivoting to Full Packet Capture
Snort and Surricata
- Rule Syntax and Construction
- Implementing Custom Rules
- Implementing Whitelists and Blacklists
Hunting
- Using Kibana to Slice and Dice Logs
- Hunting Workflow with Kibana
Bro
- Introduction and Overview
  - Architecture, Commands
- Understanding and Examining Bro Logs
  - Using AWK, sort, uniq, and bro-cut
- Working with traces/PCAPs
- Bro Scripts Overview
  - Loading and Using Scripts
- Bro Frameworks Overview
  - Bro File Analysis Framework FAF
- Using Bro scripts to carve out more than files
RockNSM ( * If Applicable)
- Kafka
  - Installation and Configuration
  - Kafka Messaging
  - Brokers
  - Integration with Bro and FSF
- File Scanning Framework FSF
  - Custom YARA Signatures
  - JSON Trees
  - Sub-Object Recursion
  - Bro and Suricata Integration
Elastic Stack
- Adding new data sources in Logstash
- Enriching data with Logstash
- Automating with Elastalert
- Building new Kibana dashboards
Production Deployment
- Advanced Setup
- Master vs Sensor
- Node Types – Master, Forward, Heavy, Storage
- Command Line Setup with sosetup.conf
- Architectural Recommendations
- Sensor Placement
- Hardening
- Administration
- Maintenance
Tuning
- Using PulledPork to Disable Rules
- BPF’s to Filter Traffic
- Spinning up Additional Snort / Suricata / Bro Workers to Handle Higher Traffic Loads

Comments

Latest comments from students

Liked the class? Then let everyone know!

TN-822: Certified Information Systems Auditor (CISA) Seminar

Course Overview:

The mark of excellence for a professional certification program is the value and recognition it bestows on the individual who achieves it. The technical skills & practices the CISA promotes and evaluates are the building blocks of success in the field. Possessing the CISA designation demonstrates proficiency and is the basis for measurement in the profession. With a growing demand for professionals possessing IS audit, control and security skills, CISA has become a preferred certification program by individuals and organizations around the world. CISA certification signifies commitment to serving an organization and the IS audit, control and security industry with distinction. This course will help the student prepare to obtain this credential.

Attendees to TN-822: Certified Information Systmes Auditor (CISA) Seminar will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

Information Systems Auditing Process (18%)
- Providing industry-standard audit services to assist organizations in protecting and controlling information systems, Domain-1 affirms your credibility to offer conclusions on the state of an organization’s IS/IT security, risk and control solutions.
Governance & Management of IT (18%)
- This domain confirms to stakeholders your abilities to identify critical issues and recommend enterprise-specific practices to support and safeguard the governance of information and related technologies.
Information Systems Acquisition, Development & Implementation (12%)
- Domains 3 and 4 offer proof not only of your competency in IT controls, but also your understanding of how IT relates to business.
Information Systems Operation & Business Resilience (26%)
- Domains 3 and 4 offer proof not only of your competency in IT controls, but also your understanding of how IT relates to business.s.
Protection of Information Assets (26%)
- Cybersecurity now touches virtually every information systems role, and understanding its principles, best practices and pitfalls is a major focus within Domain 5.

Prerequisites:

A minimum of five years of professional information systems auditing, control & security work experienced is required. Experience must have been gained within the 10-year period preceding the application date for certification, or within five years from the date of initially passing the examination.

Comments

Latest comments from students

User: fsarisen

Instructor comments: Thank you Tim for all the great information! I am confident that I'll do well on the ICND exam.

User: storoy30

Instructor comments: The instructor, Tim Burkard, was very knowledgeable on the course material and skilled at explain more complex ideas.

Liked the class? Then let everyone Know!

CT-205: A+ Certification Course

Course Overview:

CT-205: A+ Certification Course provides students with the skills, knowledge and understanding that will enable them to install, configure, upgrade, troubleshoot and repair personal computer systems. The A+ curriculum is excellent preparation for almost any computer related career or position. This course lays the foundation for further study in networking and programming. Designed for the new computer professional who has support knowledge of PC hardware, but needs to expand upon that knowledge.

Attendees to CT-205: A+ Certification Course will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

Identifying, Adding & Removing System Components
Installation, Configuring & System Optimization
Diagnosing & Troubleshooting Problems
Power Protection & Safety Procedures
Motherboards, Processors & Memory
Printers
Basic Networking
Operating System Fundamentals
Installation, Configuration & Upgrade
Diagnosing & Troubleshooting
Networks

Prerequisites:

None

Comments

Latest comments from students

User: whiggins29

Instructor comments: Very knowledgeable, very engaging.

User: jstuke12

Instructor comments: Instructor was wonderful, Tim explained all questions fully and was a pleasure to learn from.

Facilities comments: Facilities were outstanding.

Like the class? Then let everyone know!

P-415: Advanced PERL Programming

Course Overview:

Every programmer must keep up with the latest tools and techniques. This course will help you push your skills to the next level and become a more accomplished programmer. Advanced PERL Programming teaches you all the complex techniques for production-ready PERL programs and explains concepts such as introspection, overriding built-ins, extending PERL's OO model, and testing your code for greater stability.

Attendees to P-415: Advanced PERL Programming will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

Advanced Techniques
Parsing Techniques
Templating Tools
Objects, Databases, and Applications
Natural Language Tools
PERL and Natural Languages
Handling English Text
Modules for Parsing English
Categorization and Extraction
PERL and Unicode
POE
Programming in an Event-Driven Environment
Testing
Keeping Tests and Code Together
Inline Extensions
Just Another PERL Hacker

Prerequisites:

P-315: Intermediate PERL Programming or equivalent knowledge and skills

Comments

Latest comments from students

Liked the class? Then let everyone know!

CL-415: AWS System Operations

Course Overview:

AWS System Operations begins with a one day introduction to AWS products, services, and common solutions. It provides you with fundamentals to become more proficient in identifying AWS services so that you can make informed decisions about IT solutions based on your business requirements and get started working on AWS.

The AWS course continues to flow with teaching those in a Systems Administrator or Developer Operations (DevOps) role how to create automatable and repeatable deployments of networks and systems on the AWS platform. The course covers the specific AWS features and tools related to configuration and deployment, as well as common techniques used throughout the industry for configuring and deploying systems.

To continue to learn more about AWS, TechNow has the following course:

CL-425: AWS Security Operations and Architecture

Attendees to CL-415: AWS System Operations will receive TechNow approved course materials and expert instruction.

Duration: 5 Days

Audience:
This course is intended for:
• System Administrators
• Software Developers, especially those in a Developer Operations (DevOps) role

DoD 8140: Not Mandated

Course Prerequisites:
We recommend that attendees of this course have the following prerequisites:
• Background in either software development or systems administration
• Some experience with maintaining operating systems at the command line (shell scripting in Linux environments, cmd or PowerShell in Windows)
• Basic knowledge of networking protocols (TCP/IP, HTTP)

Course Objectives:
This course is designed to teach you how to:
• Understand basic data center design concepts.
• Recognize terminology and concepts as they relate to the AWS platform and navigate the AWS Management Console.
• Understand the foundational infrastructure services, including Amazon Virtual Private Cloud (VPC), Amazon Elastic Compute Cloud (EC2), Amazon Elastic Block Store (EBS), Amazon Simple Storage Service (S3), Auto Scaling, and Elastic Load Balancing (ELB).
• Understand the security measures AWS provides and key concepts of AWS Identity and Access Management (IAM).
• Understand AWS database services, including Amazon DynamoDB and Amazon Relational Database Service (RDS).
• Understand AWS management tools, including Amazon CloudWatch and AWS Trusted Advisor.
• Use standard AWS infrastructure features such as Amazon Virtual Private Cloud (VPC), Amazon Elastic Compute Cloud (EC2), Elastic Load Balancing, and Auto Scaling from the command line
• Use AWS CloudFormation and other automation technologies to produce stacks of AWS resources that can be deployed in an automated, repeatable fashion
• Build functioning virtual private networks with Amazon VPC from the ground up using the AWS Management Console
• Deploy Amazon EC2 instances using command line calls and troubleshoot the most common problems with instances
• Monitor the health of Amazon EC2 instances and other AWS services
• Manage user identity, AWS permissions, and security in the cloud
• Manage resource consumption in an AWS account using tools such as Amazon CloudWatch, tagging, and Trusted Advisor
• Select and implement the best strategy for creating reusable Amazon EC2 instances
• Configure a set of Amazon EC2 instances that launch behind a load balancer, with the system scaling up and down in response to demand
• Edit and troubleshoot a basic AWS CloudFormation stack definition

Dates/Locations:

No Events

Course Outline:

Day 1

• Introduction and History of AWS
• AWS Infrastructure: Compute, Storage, and Networking
• AWS Security, Identity, and Access Management
• AWS Databases
• AWS Management Tools

Day 2
• System Operations on AWS Overview
• Networking in the Cloud
• Computing in the Cloud
Day 3
• Storage and Archiving in the Cloud
• Monitoring in the Cloud
• Managing Resource Consumption in the Cloud
Day 4
• Configuration Management in the Cloud
• Creating Scalable Deployments in the Cloud
• Creating Automated and Repeatable Deployments
Day 5
Full Day Lab
• Select the appropriate AWS service based on compute, data, or security requirements
• Execute steps required to provision cloud resources for selected deployment
• Identify and implement data protection, encryption, and capacity planning
• Implement and manage security policies, access controls, and role
• Implement Automation