TN-979: Intrusion Analyst Course

Course Overview:

Intrusion Analyst is a hands-on course that covers intrusion detection in-depth. This includes concepts such as the use of Snort, network traffic analysis, and IDS signatures.

A skills focus enables the student to better absorb the subject matter and perform successfully on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of packet and intrusion analysis.

Attendees to TN-979: Intrusion Analyst will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Advanced Snort Concepts
  • Analyst Toolkit
  • Domain Name System (DNS)
  • Examining Packet Crafting
  • Examining Packet Header Fields
  • Fragmentation
  • ICMP Theory
  • IDS Interoperability
  • IDS Patterns
  • IDS/IPS Management & Architecture Issues
  • Indications, Warnings & Traffic Correlation
  • IPv6
  • Microsoft Protocols
  • Network Traffic Analysis
  • NIDS Evasion, Instertion & Checksums
  • Snort Fundamentals & Configuration
  • Snort GUIs & Sensor Management
  • Snort Performance, Active Response & Tagging
  • Snort Rules
  • Stimulus Response
  • TCPdump Fundamentals
  • TCP/IP Fundamentals
  • Wireshark Fundamentals
  • Writing TCPdump Filters

Course Prerequisites:

  • GSEC or equivalent experience
  • UNIX, Windows, Networking, and Security Experience
  • This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students

User: Tosha

Instructor comments: Dave was an excellent instructor. He is very informative and knowledgeable in the course and the material. I have enjoyed the class and I would take another course with him as the instructor.

Facilities comments: Very nice and clean hotel.

User: buckey26

Instructor comments: Dave was one of the best instructors I have ever had for a tech course. He broke down everything to the point where you can understand it internally.

Liked the class?  Then let everyone know!

TN-804: Corporate Risk Management

Course Overview:

TechNow understands the security threats that make your network & your company vulnerable.  We have developed a program to help you learn what those threats are, the kinds of defenses available, the language of Network Security, & how to organize yourself internally to deal with these Network Security issues.  TechNow's Corporate Risk Management course will give your team the fundamental skills & knowledge they need to develop, manage or implement your organization's Information Security Policy.

Attendees to TN-804: Corporate Risk Management will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 4 Days

Course Objectives:

  • Day 1
    • Chapter 1: What is information Security
    • Chapter 2: Types of Attacks
    • Chapter 3: Information Security Services
    • Chapter 4: Legal Issues
    • Chapter 5: Policy
  • Day 2
    • Chapter 6: Managing Risk
    • Chapter 7: Information Security Process
    • Chapter 8: Information Security Best Practices
    • Chapter 9: Internet Architecture
    • Chapter 10: Virtual Private Networks
  • Day 3
    • Chapter 11: E-Commerce Security Needs
    • Chapter 12: Encryption
    • Chapter 13: Hacker Techniques
    • Chapter 14: Intrusion Detection
  • Day 4
    • Chapter 15: UNIX Security Issues
    • Chapter 16: Windows Security Issues
    • Open Discussion

Prerequisites:

  • Basic computer literacy.

 

Comments

Latest comments from students

Liked the class?  Then let everyone know!

DoD 8570 Training in San Antonio, TX

DoD 8570 Training in San Antonio, TX.

TechNow has developed a proven training program that brings the skillset to the certification process.  TechNow is a mobile testing center that can deliver D0D 8570 training and the certification in one week. Our intergrated DoD 8570 training in San Antonio, TX  incorporates hands on skills with testing objectives that produces an incredibly high pass rate.  To learn more about our DoD 8570 training program click here

DoD-8570 in San Antonio, TX

Palo Alto Networks Firewall Training Course Lab

Working with the TechNow lab for the PA-215: Palo Alto Networks Firewall Essentials FastTrack course has been nothing less than a techie's idea of fun.  When students come in we are immediatly configuring the Cisco 3750 switches for access ports, VLANS, and trunks.  We then cable the switch to the Palo Alto Networks Firewall.  Each student gets their own Palo Alto Firewall Pod of hardware and software.  What we find as fun is the VLAN environment, with an array of virtual machines hosted on an ESXi server that can really exercise the abilities of the Palo Alto Firewall.  The DMZ VLAN hosts virtual machines that support enterprise services and also potentialy vulnerable web services.  The Trust VLAN has Windows and Linux clients.  The UnTrust VLAN has Web services and a VM of Kali. The hardware Firewall is additionally connected to a Management VLAN.  All those VLANs are trunked into an ESXi server where the student also has a VM-Series Palo Alto Networks Firewall for High Availability.  

After configuring all the trunking, VLANs, and network interfaces we learn about the firewall and configure it for the lab environment.  Using Metasploitable and Kali/Metasploit nefarious penetration attempts are executed.  Using packet captures, custom APP-ID's  and custom signatures are generated.  Custom logging and reporting are created to similate and enterprise and assist the desired Incident Response.  It is always fun in a training environment to learn all about the controls available in a product, even though specific controls may not be used in the operational environment.  In the end we have a good understanding of the Palo Alto Networks Firewall.