Course Overview: PA-213: Palo Alto Networks Firewall Install, Configure, and Manage (EDU-201) Training Class is a three-day course that teaches students to configure and manage the entire line of Palo Alto Networks next-generation firewalls. This course prepares the student for the Palo Alto Networks Accredited Configuration Engineer (ACE) and progress to the Palo Alto Networks Certified Network Security Engineer (PCNSE).  Through hands-on training, students learn high end skills of how to integrate Palo Alto next-generation firewalls into their network infrastructure.  This is not a virtualized theoretical course.  This is hands-on, real world instruction, directly relevant to the DoD and Commercial implementations of Palo Alto Networks next-generation firewalls.

Each student is issued a physical Palo Alto firewall and a Cisco layer 3 switch at their desk.  Real hardware per student for real experience and real skill development.  TechNow provides a very comprehensive client infrastructure that includes Windows, Linux, and multiple packet sniffer agents.

This course sets up the foundation for the two day course PA-212: Palo Alto Networks Firewall Configure Extended Features. The instructor for this course has been a lead in Unix kernel development to implement firewall and intrusion detection technologies.  Additionally, the instructor has taught several security appliance products and carries several SANS, ISC2, ISACA, Cisco, Unix, and Windows certifications.

Attendees to the PA-213: Palo Alto Networks Firewall Install, Configure, and Manage (EDU-201) Training Course will receive TechNow approved course materials and expert instruction.

TechNow PA-212: Palo Alto Networks Firewall Configure Extended Features (EDU-205) immediately follows this course in the schedule so that you can take both courses in the same week.  We also offer a discount for attending both classes in the same week!!

Dates/Locations: No Events

Duration: 3 days

Course Objectives:   Students attending this foundational-level training course will gain an in-depth knowledge of how to configure and manage their Palo Alto Networks firewall, including hands-on experience in configuring the security, networking, threat prevention, logging, and reporting features of the Palo Alto Networks Operating System (PAN-OS).

Day 1

  • Module 0 – Introduction & Overview
  • Module 1 – Platforms and Architecture
    • Single-Pass Architecture
    • Flow Logic
  • Module 2 – Initial Configuration
    • Initial Access to the System
    • Configuration Management
    • Licensing and Software Updates
    • Account Administration
  • Mod 3: Basic Interface Configuration
    • Security Zones
      Layer 2, Layer 3, Virtual Wire, and Tap
    • Subinterfaces
    • DHCP
    • Virtual Routers
  • Mod 4: Security and NAT Policies
    • Security Policy Configuration
    • Policy Administration
    • NAT (source and destination)

Day 2

  • Mod 5: Basic App-ID™
    • App-ID Overview
    • Application Groups and Filters
  • Mod 6: Basic Content-ID™
    • Antivirus
    • Anti-spyware
    • Vulnerability
    • URL Filtering
  • Mod 7: File Blocking and WildFire™
    • File Blocking
    • WildFire
  • Mod 8: Decryption
    • Certificate Management
    • Outbound SSL Decryption
    • Inbound SSL Decryption

       

       

Day 3

  • Mod 9: Basic User-ID™
    • Enumerating Users
    • Mapping Users to IP Addresses
    • User-ID Agent
  • Mod 10: Site-to-Site VPNs
    • IPSec Tunnels
  • Mod 11: Management and Reporting
    • Dashboard
    • Basic Logging
    • Basic Reports
    • Panorama
  • Mod 12: Active/Passive High
    • Availability
    • Configuring Active/Passive HA

 

Prerequisites:

This course is in no way associated with Palo Alto Networks, Inc.

Comments

Latest comments from students


Like the class?  Then let everyone know!

 

Course Overview:

This course explores the VMware Infrastructure and related security, which consists of VMware ESX Server & VMware Virtual Center Server. We will look at both the design environments and operational processes of the VMware Infrastructure including security. This course provides IT architects with the insight needed to tackle tough issues in server virtualization such as virtual machine technologies, storage infrastructure, and designing clustered environments with security practices included. Extensive hands-on labs provide for a rich student experience.

Hypervisors and their supporting environment require attention to security due to the aggregated risk of hosting multiple virtual servers. This course explores the security of virtualized environments. Student configure ESXi by learning to manage the security and risk between ESXi, virtual servers and security integration of ESXi to the physical network infrastructure including appropriate segregation from other sensitive networks and management networks. How to configure virtual networks when some hosts are dual or multi homed, but internally segregate between the two or more connected networks with different security levels. Appropriate integration of zero-clients and thin clients. Configuration of defensive measures on hosts, servers, hypervisors within the virtual environment and practices for those guarding it externally. Integration of Active Directory and other AAA/CIA related services relative to a virtualized environment.

Students are also walked through DoD ESXi Security Technical Implementation Guide (STIG). Introduction to the impact of Intel Trusted Execution Technology integrated with ESXi to create a trusted platform for virtual machines. Additionally the instructor walks the students through NIST Special Publication 800-125A: Security Recommendations for Hypervisor Deployment on Servers, and NIST Special Publication 800-125B: Secure Virtual Network Configuration for Virtual Machine (VM) Protection.

Attendees to “VM-345: VMware Infrastructure Security: VMware Install, Configure, and Manage with Security Objectives” will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

• Virtual Infrastructure Overview
• ESX and ESXi Server Installation
• Configuration of Networking, Scalability and Security
• Storage
• Install and Configure vCenter Server and Components
• Creation, Deployment, Management, and Migration of Virtual Machines
• Utilize vCenter Server for Resource Management
• Utilize vCenter Server for Virtual Machine Access Control and User Managment
• Use vCenter Server to increase scalability
• Monitoring Your Environment
• Data & Availability Protection Troubleshooting
• Use VMware vCenter Update Manager to apply ESXi patches
• Use vCenter Server to manage vMotion, HA, DRS and data protection.

 

Course Overview:

TN-575: Open Source Network Security Monitoring teaches students how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. No network is bullet proof and when attackers access your network, this course will show you how to build a security net to detect, contain, and control the attacker. Sensitive data can be monitored and deep packet and deep attachment analysis can be achieved. As organizations stand up a Security Operations Center (SOC) the enterprise NSM is the key ingredient to that SOC. This course not only teaches how to implement an NSM technologically, but how to effectively monitor an enterprise operationally. You will learn how to architect an NSM solution: where to deploy your NSM platforms and how to size them, stand-alone or distributed, and integration into packet analysis, interpret evidence, and integrate threat intelligence from external sources to identify sophisticated attackers. A properly implemented NSM is integral to incident response and provides the responders timely information to react to the incident. TN-575: Open Source Network Security Monitoring is a lab intensive environment with a cyber range that gives each student in-depth knowledge and practical experience monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls.

Attendees to TN-575: Open Source Network Security Monitoring class will receive TechNow approved course materials and expert instruction.

This Course is taught utilizing Security Onion or RockNSM as specified by the customer.

Dates/Locations:

No Events

Duration: 5 Days

Course Objective:

The focus of this course is to present a suite of Open Source security products integrated into a highly functional and scalable Network Security Monitoring solution.

Prerequisites:

Students should have a basic understanding of networks, TCP/IP and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required

Course Outline:

  • Network Security Monitoring (NSM) Methodology
  • High Bandwidth Packet Capture Challenges
  • Installation of Security Onion
    • Use Cases (analysis, lab, stand-alone, distributed)
    • Resource Requirements
  • Configuration
    • Setup Phase I – Network Configuration
    • Setup Phase 2 – Service Configuration
    • Evaluation Mode vs. Configuration Mode
    • Verifying Services
  • Security Onion Architecture
    • Configuration Files and Folders
    • Network Interfaces
    • Docker Environment
    • Security Onion Containers
  • Overview of Security Onion Analyst Tools
    • Kibana
    • CapME
    • CyberChef
    • Squert
    • Sguil
    • NetworkMiner
  • Quick Review of Wireshark and Packet Analysis
    • Display and Capture Filters
    • Analyze and Statistics Menu Options
    • Analysis for Signatures
  • Analyzing Alerts
    • Replaying Traffic
    • 3 Primary Interfaces:
      • Squert
      • Sguil
      • Kibana
    • Pivoting Between Interfaces
    • Pivoting to Full Packet Capture
  • Snort and Surricata
    • Rule Syntax and Construction
    • Implementing Custom Rules
    • Implementing Whitelists and Blacklists
  • Hunting
    • Using Kibana to Slice and Dice Logs
    • Hunting Workflow with Kibana
  • Bro
    • Introduction and Overview
      • Architecture, Commands
    • Understanding and Examining Bro Logs
      • Using AWK, sort, uniq, and bro-cut
    • Working with traces/PCAPs
    • Bro Scripts Overview
      • Loading and Using Scripts
    • Bro Frameworks Overview
      • Bro File Analysis Framework FAF
    • Using Bro scripts to carve out more than files
  • RockNSM ( * If Applicable)
    •  Kafka
      • Installation and Configuration
      • Kafka Messaging
      • Brokers
      • Integration with Bro and FSF
    • File Scanning Framework FSF
      • Custom YARA Signatures
      • JSON Trees
      • Sub-Object Recursion
      • Bro and Suricata Integration
  • Elastic Stack
    • Adding new data sources in Logstash
    • Enriching data with Logstash
    • Automating with Elastalert
    • Building new Kibana dashboards
  • Production Deployment
    • Advanced Setup
    • Master vs Sensor
    • Node Types – Master, Forward, Heavy, Storage
    • Command Line Setup with sosetup.conf
    • Architectural Recommendations
    • Sensor Placement
    • Hardening
    • Administration
    • Maintenance
  • Tuning
    • Using PulledPork to Disable Rules
    • BPF’s to Filter Traffic
    • Spinning up Additional Snort / Suricata / Bro Workers to Handle Higher Traffic Loads

Comments

Latest comments from students


 

Liked the class?  Then let everyone know!

 

Course Overview:

CT-395: CompTIA CySA+ Cybersecurity Analyst is for IT professionals looking to gain IT security analyst skills, and for those following the recommended skills pathway to achieve cybersecurity mastery. It provides a bridge between CompTIA Security+ (CT-325) and CompTIA Advanced Security Practitioner (CASP,CT-425), thus completing a certification path within the CompTIA family of certifications. As attackers have learned to evade traditional signature-based solutions, an analytics-based approach has become extremely important. CySA+ applies behavioral analytics to the IT security market to improve the overall state of security. The CompTIA Cybersecurity Analyst (CySA+) certification verifies that successful candidates have the knowledge and skills required to configure and use threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization, with the end goal of securing and protecting applications and systems within an organization. Let us help you bridge this gap, and leave you prepared for the certification exam (CS0-002).

TechNow is a CompTIA partner uses official CompTIA CySA+ curriculum.

Dates/Locations:

Date/Time Event
12/02/2024 - 12/06/2024
08:00 -16:00
CT-395: CYSA+
TechNow, Inc, San Antonio TX

Duration: 5 Days

Course Objectives:

  • Threat Management
  • Vulnerability Management
  • Cyber Incident Response
  • Security Architecture and Tool Sets

Prerequisites: 

While there is no required prerequisite, the CompTIA CySA+ certification is intended to follow CT-325: Security+ or equivalent experience.  It is recommended for CompTIA CySA+ candidates to have the following:

  • 3-4 years of hands-on information security or related experience
  • Network+, Security+, or equivalent knowledge.

Comments

Latest comments from students


 

Liked the class?  Then let everyone know!

Course Overview:

This is an introductory course into the Python scripting language.  This class uses a hands-on approach in teaching the Python language.  This course builds the prerequisite skills for TechNow's P-345: Python for Pentration Testers course.  Getting comfortable with Python is important to understanding how Python can be utilitized for offensive measures.

This course is hands-on with the instructor walking the students through many short examples to exemplify an objective.  Dexterity with the language comes through many small code examples to produce the desired result.  Students have fun acquiring points for all the code examples they get correct.  We must be having fun because TechNow is always amazed at how competitive students are in trying to acquire the most points!  

The instructor will focus on the level that each student is currently at, and ensure the student absorbs the subject matter.  Programming is not a daily tasking of administrators or offensive operators and TechNow understands that.  As an instructor led course TechNow is very successful in making Python accessible to those who do not live eat and breath programming.  If a student's ultimate goal is to attend a course like TechNow's P-345: Python for Pentration Testers course, then not being bogged down in the Python language is critical, and this course (P-325: Python Programming) meets that objective.

Recently we have introduced Raspberry Pi's and multiple sensors to the P-325: Python Programming course.  This enables the student to actually see productive results from their coding skills in the physical world!  Some examples that students create programs for are: Motion detectors, distance, temperature, cameras and keypads.

Attendees to P-325: Python Programming will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • How Python Runs Programs
  • Introducing Python Object Types
    • Numeric Types
    • Dynamic Typing
  • Variables
  • Regular Expressions
  • Strings
  • Conditionals
    • if Tests and Syntax Rules
  • Lists and Dictionaries
  • Tuples and Files
  • Introducing Python Statements
  • Assignments, Expressions, and Prints
  • while and for Loops
  • Iterations and Comprehensions
  • Documentation
  • Function Basics
  • Built-In Functions
  • Scopes
  • Arguments
  • Modules
  • Module Packages and Importing
  • Classes and OOP
  • Operator Overloading
  • Recursion
  • Exception Coding Details
  • Exception Objects
  • Unicode and Byte Strings
  • Working with Raspberry Pi
    • Writing code for sensors

Prerequisites:

  • Experience with some form of programming is preferred

 

Comments

Latest comments from students


User: slewis8435

Instructor comments: Very good instructor - he was excited about the material, very knowledgeable, and explained things clearly.

Facilities comments: The facilities were fine - plenty of room for each student to set up an extra computer and have room for note taking


User: nathan.karras

Instructor comments: Instructor was extremely knowledgeable in programming and scripting. He encouraged students to explore and ask questions. He would work with individuals to troubleshoot lab problems sets. Would highly recommend as an instructor.

Facilities comments: Room got a little warn. Instructor purchased fans to cool things off for the class. Projector had over scan.


Liked the class?  Then let everyone know!