DoD 8570

DoD 8570 Training

The Department of Defense requires that all information assurance personnel must become compliant with IT and security certification standards.

DoD 8570 training, also called Information Assurance training, is available through TechNow to provide you with the certification that is required.  Your DoD 8570 training  ( information assurance training ) at TechNow will provide you with all of the courses necessary to receive your DoD 8570.01-M certification.

Ongoing open enrollment through TechNow is availble for our DoD 8570.01-M courses.

Please review the full & updated DoD approved IA baseline certifications aligned to each category & level of the IA workforce:

Note: The Certifications in red are recently added to approved list as of 2/4/19

For further information or to schedule for classes, call us at 800-324-2294

in   

TN-535: Certified Forensic Computer Examiner (CFCE)

CCFE Core Competencies

  • Procedures and Legal Issues
  • Computer Fundamentals
  • Partitioning Schemes
  • Data Recovery
  • Windows File Systems
  • Windows Artifacts
  • Report writing (Presentation of Finding)
  • Procedures and Legal issues
  1. Knowledge of search and subjection and rules for evidence as applicable to computer forensics.
  2. Ability to explain the on-scene action taken for evidence preservation.
  3. Ability to maintain and document an environment consolidating the computer forensics.
  • Computer Fundamentals
  1. Understand BIOS
  2. Computer hardware
  3. Understanding of numbering system (Binary, hexadecimal, bits, bytes).
  4. Knowledge of sectors, clusters, files.
  5. Understanding of logical and physical files.
  6. Understanding of logical and physical drives.
  • Partitioning schemes
  1. Identification of current partitioning schemes.
  2. Understanding of primary and extended partition.
  3. Knowledge of partitioning schemes and structures and system used by it.
  4. Knowledge of GUID and its application.
  • Windows file system
  1. Understanding of concepts of files.
  2. Understanding of FAT tables, root directory, subdirectory along with how they store data.
  3. Identification, examination, analyzation of NTFS master file table.
  4. Understanding of $MFT structure and how they store data.
  5. Understanding of Standard information, Filename, and data attributes.
  • Data Recovery
  1. Ability to validate forensic hardware, software, examination procedures.
  2. Email headers understanding.
  3. Ability to generate and validate forensically sterile media.
  4. Ability to generate and validate a forensic image of media.
  5. Understand hashing and hash sets.
  6. Understand file headers.
  7. Ability to extract file metadata from common file types.
  8. Understanding of file fragmentation.
  9. Ability to extract component files from compound files.
  10. Knowledge of encrypted files and strategies for recovery.
  11. Knowledge of Internet browser artifacts.
  12. Knowledge of search strategies for examining electronic
  • Windows Artifacts
  1. Understanding the purpose and structure of component files that create the windows registry.
  2. Identify and capability to extract the relevant data from the dead registry.
  3. Understand the importance of restore points and volume shadow copy services.
  4. Knowledge of the locations of common Windows artifacts.
  5. Ability to analyze recycle bin.
  6. Ability to analyze link files.
  7. Analyzing of logs
  8. Extract and view windows logs
  9. Ability to locate, mount and examine VHD files.
  10. Understand the Windows swap and hibernation files.
  • Report Writing (Presentation of findings)
  1. Ability to conclude things strongly based on examination observations.
  2. Able to report findings using industry standard technically accurate terminologies.
  3. Ability to explain the complex things in simple and easy terms so that non-technical people can understand clearly.
  4. Be able to consider legal boundaries when undertaking a forensic examination

N-485: In-Depth Securing Networks with Cisco Firepower Threat Defense NGFW

Course Overview:

An in-depth course on how to use and configure Cisco Firepower Threat Defense technology,  from device setup and configuration and including routing, high availability, Firepower Threat Defense migration, traffic control, and Network Address Translation (NAT).  Students implement advanced Next Generation Firewall (NGFW) and Next Generation Intrusion Prevention System (NGIPS) features, including network intelligence, file type detection, network based malware detection, and deep packet inspection.
Students will also learn how to configure site to site VPN, remote access VPN, and SSL decryption before moving on to detailed analysis, system administration, and troubleshooting.  This course combines lecture materials and hands on labs throughout to make sure that students are able to successfully deploy and manage the Cisco Firepower system.

It is a five-day instructor-led course that is aimed at providing network security engineers with the knowledge and skills that are needed to implement and maintain perimeter solutions that are based on Cisco Firepower security appliances. At the end of the course, students will be able to reduce risk to their IT infrastructure and applications using Cisco Firepower security appliance features, and provide detailed operations support for the Firepower appliance.

Attendees to N-485: In-Depth Securing Networks with Cisco Firepower Threat Defense NGFW will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Understand Sourcefire, Firepower 6.2, FireAMP, and Firepower Threat Defense (FTD)
  • Configure the Firepower Management Center (FMC)
  • Raise you confidence managing the Firepower Manager and Firepower tThreat Defense (FTD)
  • Describe the Cisco Firepower Systems infrastructure
  • Navigate the user interface and administrative features of the Cisco Firepower 6.2 system, including advanced analysis and reporting functionality to properly assess threats
  • Describe the System Configuration and Health policies and implement them
  • Describe the role Network Discovery (Firepower) technology plays in the Cisco devices
  • Describe, create, and implement objects for use in Access Control policies
  • Create DNS and URL policies and configure Sinkholes
  • Configure FTD policies such as Platform, Routing, Interface, Zones, PreFilter, QoS, NAT and Flex Config!
  • Describe advanced policy configuration and Firepower system configuration options
  • Configure Malware Policies to find and stop Malware
  • Understand Security Intelligence, and how to configure SI to stop attacks NOW!
  • Configure policies to find and stop Ransomware
  • Understand how to fine tune IPS policies
  • Understand how to find tun Snort Preprocessor policies (NAP)
  • Configure Correlation events, white rules, traffic profiles and create respective events and remediate them
  • Analyze events
  • Create reporting templates and schedule them
  • Configure backups, rule updates, Firepower Recommendations, URL updates, and more to run every week automatically
  • Set up external authentication for users using LDAP/Realms
  • Configuring system integration, realms, and identity sources
  • Configure FMC domains and implement them
  • Configure FTD HA with two FTD devices
  • SSL Policy – decrypt your traffic
  • AnyConnect and Site-to-Site VPN
  • Understand network and host based AMP.  Configure and analyze host based AMP
  • Understand Cisco Identity Services Engine (ISE)
  • Configure ISE and integrate with Cisco FMC identity policy using PxGrid

Prerequisites:

Comments

Latest comments from students

Liked the class?  Then let everyone know!

TN-969: Windows Security Administrator Course

Course Overview:

A skills focus enables the student to better absorb the subject matter and perform successfully on the job.  This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs to secure Windows systems. Lecture and labs start with quick review of Active Directory and group policy to enforce security mechanisms within the Windows architecture.  Students then gain network experience and use sniffing to help exemplify the benefit of learning wired and wireless security configurations.  PowerShell is made for SecOps/DevOps automation and students will learn to write PowerShell scripts to automate security operations and Desired State Configuration (DSC).  The course concludes with exercising real attack strategies to demonstrate the effectives of properly securing your host.

Attendees to TN-969: Windows Security Administrator course will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Active Directory and BloodHound
  • Security Controls
  • PKI
  • Encryption
  • Wireless & Network Security and Hardening DNS
  • 802.1x and Endpoint Protection
  • Firewalls and VPN
  • PowerShell Scripting
  • JEA, DSC, Enterprise Security with PowerShell
  • Windows Attack Strategies

Prerequisites:

  • Security+
  • Windows System Administration Skills

 

Comments

Latest comments from students

User: bbrabender

Instructor comments: Instructor was very knowledgeable and help more inexperienced users with concepts as well explaining in a way that can be understood.

Facilities comments: N/A

User: dale.r.anderson

Instructor comments: Instructor was well knowlegeable accross alot of domains.

Facilities comments: Pretty good

Liked the class?  Then let everyone know!

PA-242: Palo Alto Networks Firewall Manage Cyberthreats (EDU-231)

  

 

Course Overview:  PA-242: Palo Alto Networks Firewall Manage Cyberthreats (EDU-231) Training Class is a two-day course that teaches students strategies in defense against cyberthreats.  Successful completion of this course enables administrators to better understand the threat landscape.  This is not a virtualized theoretical course.  This is hands-on, real world instruction, directly relevant to the DoD and Commercial implementations of Palo Alto Networks next-generation firewalls.

Each student is issued a physical Palo Alto firewall and a Cisco layer 3 switch at their desk.  Real hardware per student for real experience and real skill development.  TechNow provides a very comprehensive client infrastructure that includes Windows, Linux, and multiple packet sniffer agents.

The instructor for this course has been a lead in Unix kernel development to implement firewall and intrusion detection technologies.  Additionally, the instructor has taught several security appliance products and carries several SANS, ISC2, ISACA, Cisco, Unix, and Windows certifications.

Attendees to the PA-242: Palo Alto Networks Firewall Manaage Cyberthreats  (EDU-231) Training Course will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 days

Course Objectives:   Students attending this training course will gain an understanding of cyberthreats and their characteristics.  Students will learn how to manage cyberthreats using security policies, profiles, and signatures to protect their network against emerging threats.

Day 1

  • Mod 1: Threat Landscape
    • Advanced Persistent
    • Threats
    • Data Breaches and Tactics
    • Threat Management
    • Strategies
  • Mod 2: Integrated
    • Approach to Threat
    • Protection
    • Integrated Approach to
    • Protection
    • Next-Generation Firewall
    • Advanced Endpoint
    • Protection
  • Mod 3: Network Visibility
    • Zero Trust Model
    • SSL Decryption
    • Decryption Policy
  • Mod 4: Reducing the Attack
    • Surf
    • ection

 

Day 2

  • Mod 5: Handling Known
    • Threats
    • WildFire Analysis
    • Security Profiles
  • Mod 6: Handling Unknown
    • Traffic and Zero-Day Exploits
    • WildFire
    • Researching Threat Events
    • Identifying Unknown
    • Applications
  • Mod 7: Investigating
    • Breaches
    • Identify IOCs Using
    • App-Scope
    • Log Correlation
    • Finding Infected Host
  • Mod 8: Using Custom
    • Signatures
    • Creating Custom App-IDs
    • Threat Signatures

A

Prerequisites:

  • Students must complete the PA-213: Install, Configure, and Manage course
  • Understanding of network concepts, including routing, switching, and IP addressing
  • In-depth knowledge of port-based security and security technologies such as IPS, proxy, and content filtering

This course is in no way associated with Palo Alto Networks, Inc.

Comments

Latest comments from students

Like the class?  Then let everyone know!