Course Overview:

The mark of excellence for a professional certification program is the value and recognition it bestows on the individual who achieves it.  The technical skills & practices the CISA promotes and evaluates are the building blocks of success in the field. Possessing the CISA designation demonstrates proficiency and is the basis for measurement in the profession.  With a growing demand for professionals possessing IS audit, control and security skills, CISA has become a preferred certification program by individuals and organizations around the world.  CISA certification signifies commitment to serving an organization and the IS audit, control and security industry with distinction.  This course will help the student prepare to obtain this credential.

Attendees to TN-822: Certified Information Systmes Auditor (CISA) Seminar will receive TechNow approved course materials and expert instruction.

Document Flow Chart iconsm

Dates/Locations:

Date/Time Event
01/06/2025 - 01/10/2025
08:00 -16:00
TN-822: Certified Information Systems Auditor (CISA) Seminar
TechNow, Inc, San Antonio TX
02/10/2025 - 02/14/2025
08:00 -16:00
TN-822: Certified Information Systems Auditor (CISA) Seminar
TechNow, Inc, San Antonio TX
05/05/2025 - 05/09/2025
08:00 -16:00
TN-822: Certified Information Systems Auditor (CISA) Seminar
TechNow, Inc, San Antonio TX
10/06/2025 - 10/10/2025
08:00 -16:00
TN-822: Certified Information Systems Auditor (CISA) Seminar
TechNow, Inc, San Antonio TX

Duration: 5 Days

Course Objectives:

  • The IS Audit Process (10%)
    • Provide IS audit services in accordance with IS audit standards, guidelines, and best practices to assist the organization in ensuring that its information technology and business systems are protected & controlled.
  • IT Governance (15%)
    • Provide assurance that the organization has the structure, policies, accountability, mechanisms and monitoring practices in place to achieve the requirements of corporate governance of IT.
  • System and Infrastructure Life Cycle Management (16%)
    • Provide assurance that the management practices for the development/acquisition, testing, implementation, maintenance and disposal of systems and infrastructure will meet the organization's objectives.
  • IT Service Delivery and Support (14%)
    • Provide assurance that the IT service management practices will ensure the delivery of the level of services required to meet the organization's objectives.
  • Protection of Information Assets (31%)
    • Provide assurance that the security architecture (policies, standards, procedures and controls) ensures the confidentiality, integrity and availability of information assets.
  • Business Continuity and Disaster Recovery (14%)
    • Provide assurance that, in the event of a disruption, the business continuity and disaster recovery processes will ensure the timely resumption of IT services, while minimizing the business impact.

Prerequisites:

A minimum of five years of professional information systems auditing, control & security work experienced is required.  Experience must have been gained within the 10-year period preceding the application date for certification, or within five years from the date of initially passing the examination.

Comments

Latest comments from students


User: fsarisen

Instructor comments: Thank you Tim for all the great information! I am confident that I'll do well on the ICND exam.


User: storoy30

Instructor comments: The instructor, Tim Burkard, was very knowledgeable on the course material and skilled at explain more complex ideas.


Liked the class?  Then let everyone Know!

Course Overview:

This course delivers the technical knowledge, insight, and hands-on training to receive in-depth knowledge on Wireshark® and TCP/IP communications analysis. You will learn to use Wireshark to identify the most common causes of performance problems in TCP/IP communications. You will learn about the underlying theory of TCP/IP and the most used application protocols, so that you can intelligently examine network traffic for performance issues or possible Indicators of Compromise (IoC).

Duration: 5 Days

Audience:

Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, and security analysts.

Course Prerequisites:

We recommend that attendees of this course have the following prerequisite:
• Network+

Dates/Locations: No Events

Course Outline:

DAY ONE

Course Set Up and Analyzer Testing

Network Analysis Overview
Wireshark Functionality Overview
Capturing Wired and Wireless Traffic
Define Global and Personal Preferences for Faster Analysis
Defined Time Values and Interpret Summaries
Interpret Basic Trace File Statistics to Identify Trends
Create and Apply Display Filters for Efficient Analysis

DAY TWO

Follow Streams and Reassemble Data
Use Wireshark’s Expert System to Identify Anomalies
TCP/IP Analysis Overview
Analyze Common TCP/IP Traffic Patterns

DAY THREE

Graph I/O Rates and TCP Trends
802.11 (WLAN) Analysis Fundamentals
Voice over IP (VoIP) Analysis Fundamentals
Network Forensics Fundamentals

DAY FOUR

Detect Scanning and Discovery Processes
Analyze Suspect Traffic

DAY FIVE

Use Command‐Line Tools

Next/Related Courses:

 

 

TechNow’s GSA Contract

Learn how TechNow can help you achieve your career and education goals with the information below or contact a Training Advisor today at 1-800-324-2294.  To request more information via the web click here.

Information

SPECIAL NOTICE TO AGENCIES: Small Business Participation – SBA strongly supports the participation of small business concerns in the Federal Supply Schedules Program. To enhance Small Business Participation SBA policy allows agencies to include in their procurement base and goals, the dollar value of orders expected to be placed against the Federal Supply Schedules, and to report accomplishments against these goals.

For orders exceeding the micro-purchase threshold, FAR 8.404 requires agencies to consider the catalogs/price lists of at least three schedule contractors or consider reasonably available information by using the GSA Advantage!( on-line shopping service www.fss.gsa.gov. The catalog/price lists, GSA Advantage!( and the Federal Supply Service Home Page www.fss.gsa.gov contain information on a broad array of products and services offered by small business concerns.   This information should be used as a tool to assist ordering activities in meeting or exceeding established small business goals. It should also be used as a tool to assist in including small, small disadvantaged, and women-owned small businesses among those considered when selecting price lists for a best value determination. For orders exceeding the micro-purchase threshold, customers are to give preference to small business concerns when two or more items at the same delivered price will satisfy their requirement.

1. Geographic Scope of Contract:?The 48 contiguous states of the United States of America, the District of Columbia, Puerto Rico, Alaska, and Hawaii, the United Kingdom and Europe.

2. Contractor’s Ordering Address and Payment Information:

Ordering and Payment Assistance
Maria Askey,
Sales Development
14117 Jones Maltsberger Rd.
San Antonio, TX  78247
800-324-2294  Toll Free
210-733-1093  ext. 224
210-733-6032  Fax
askey.maria@technow.com

Contractors are required to accept the Government purchase card for payments equal to or less than the micro-purchase threshold for oral or written delivery orders. Government purchase cards will be acceptable for payment above the micro-purchase threshold. In addition, bank account information for wire transfer payments will be shown on the invoice.

The following telephone numbers can be used by ordering agencies to obtain technical and/or ordering assistance:

a. Ordering Assistance
Maria Askey, Sales Development
14117 Jones Maltsberger Rd.
San Antonio, TX  78247
800-324-2294 Toll Free
210-733-1093 ext. 224
210-733-6032  Fax
askey.maria@technow.com  

b. Technical Assistance
David Askey
14117 Jones Maltsberger
San Antonio, TX  78247
800-324-2294 Toll Free
210-733-1093 Local
210-733-6032  Fax
askey.davidr@technow.com

3. LIABILITY FOR INJURY OR DAMAGE: The Contractor shall not be liable for any injury to Government personnel or damage to Government property arising from the use of equipment maintained by the Contractor, unless such injury or damage is due to the fault or negligence of the Contractor.

4. Statistical Data for Government Ordering Office Completion of Standard   Form 279:

Block 9:G.Order/Modification
Under Federal Schedule
Block 16: Data Universal Numbering System
(DUNS) Number:   624661591
Block 30: Type of Contractor –  A. Small Disadvantaged Business
Block 31: Woman-Owned Small Business – Yes
Block 36: Contractor’s Taxpayer ID -(TIN):  74-2573500
a. CAGE Code: 0R9N0
b. Contractor has registered with the Central
Contractor Registration  Database.

5. FOB Destination

6. DELIVERY SCHEDULE

a. TIME OF DELIVERY: The Contractor shall deliver   to destination within the number of calendar days after receipt of order (ARO), as set forth below:
SPECIAL ITEM NUMBER  – 132-50

DELIVERY TIME (Days ARO)

For courses at client site, as mutually agreed, for courses at contractor site, per training schedule.

b. URGENT REQUIREMENTS: When the Federal Supply Schedule contract delivery period does not meet the bona fide urgent delivery requirements of an ordering agency, agencies are encouraged, if time permits, to contact the Contractor for the purpose of obtaining accelerated delivery. The Contractor shall reply to the inquiry within 3 workdays after receipt. (Telephonic replies shall be confirmed by the Contractor in writing.) If the Contractor offers an accelerated delivery time acceptable to the ordering agency, any order(s) placed pursuant to the agreed upon accelerated delivery time frame shall be delivered within this shorter delivery time and in accordance with all other terms and conditions of the contract.

7. Discounts: Prices shown are NET Prices; Basic Discounts have been deducted.

a. Prompt Payment: _1_% – _29_ days from receipt of invoice or   date of acceptance, whichever is later.
b. Quantity-None.
c. Dollar Volume-None.
d. Government Educational Institutions- Government – Educational Institutions are offered the same discounts as all other Government customers.
e. Other-20% discount from commercial prices.

8. Trade Agreements Act of 1979, as amended:?All items are U.S. made end products, designated country end products, Caribbean Basin country end products, Canadian end products, or Mexican end products as defined in the Trade Agreements Act of 1979, as amended.

9. Statement Concerning Availability of Export Packing: Export packing will be provided when required.

10. Small Requirements: The minimum dollar value of orders to be issued is  $no limit.

11. Maximum Order (All dollar amounts are exclusive of any discount for prompt payment.)

a. The Maximum Order value for the following Special Item Numbers (SINs) is $25,000:?Special Item Number 132-50 – Training Courses

12. USE OF FEDERAL SUPPLY SERVICE INFORMATION TECHNOLOGY SCHEDULE CONTRACTS. In accordance with FAR 8.404:[NOTE: Special ordering procedures have been established for Special Item Numbers (SINs) 132-51 IT Professional Services and 132-52 EC Services; refer to the terms and conditions for those SINs.]

Orders placed pursuant to a Multiple Award Schedule (MAS), using the procedures in FAR 8.404, are considered to be issued pursuant to full and open competition. Therefore, when placing orders under Federal Supply Schedules, ordering offices need not seek further competition, synopsize the requirement, make a separate determination of fair and reasonable pricing, or consider small business set-asides in accordance with subpart 19.5. GSA has already determined the prices of items under schedule contracts to be fair and reasonable. By placing an order against a schedule using the procedures outlined below, the ordering office has concluded that the order represents the best value and results in the lowest overall cost alternative (considering price, special features, administrative costs, etc.) to meet the Government’s needs.

a. Orders placed at or below the micro-purchase threshold. Ordering offices can place orders at or below the micro-purchase threshold with any Federal Supply Schedule Contractor.

b. Orders exceeding the micro-purchase threshold but not exceeding the maximum order threshold. Orders should be placed with the Schedule Contractor that can provide the supply or service that represents the best value. Before placing an order, ordering offices should consider reasonably available information about the supply or service offered under MAS contracts by using the “GSA Advantage!” on-line shopping service, or by reviewing the catalogs/price lists of at least three Schedule Contractors and selecting the delivery and other options available under the schedule that meets the agency’s needs. In selecting the supply or service representing the best value, the ordering office may consider–

(1) Special features of the supply or service that are required in effective program performance and that are not provided by a comparable supply or service;
(2) Trade-in considerations;
(3) Probable life of the item selected as compared with that of a comparable item;
(4) Warranty considerations;
(5) Maintenance availability;
(6) Past performance; and
(7) Environmental and energy efficiency considerations.

c. Orders exceeding the maximum order threshold. Each schedule contract has an established maximum order threshold. This threshold represents the point where it is advantageous for the ordering office to seek a price reduction. In addition to following the procedures in paragraph b, above, and before placing an order that exceeds the maximum order threshold, ordering offices shall– ?       Review additional Schedule Contractors’

(1) catalogs/price lists or use the “GSA Advantage!” on-line shopping service;
(2) Based upon the initial evaluation, generally seek price reductions from the Schedule Contractor(s) appearing to provide the best value (considering price and other factors); and
(3) After price reductions have been sought, place the order with the Schedule Contractor that provides the best value and results in the lowest overall cost alternative. If further price reductions are not offered, an order may still be placed, if the ordering office determines that it is appropriate.

NOTE: For orders exceeding the maximum order threshold, the Contractor may:

(1) Offer a new lower price for this requirement (the Price Reductions clause is not applicable to orders placed over the maximum order in FAR 52.216-19 Order Limitations);
(2) Offer the lowest price available under the contract; or
(3) Decline the order (orders must be returned in accordance with FAR 52.216-19).

d. Blanket purchase agreements (BPAs). The establishment of Federal Supply Schedule BPAs is permitted when following the ordering procedures in FAR 8.404. All schedule contracts contain BPA provisions. Ordering offices may use BPAs to establish accounts with Contractors to fill recurring requirements. BPAs should address the frequency of ordering and invoicing, discounts, and delivery locations and times.

e. Price reductions. In addition to the circumstances outlined in paragraph c, above, there may be instances when ordering offices will find it advantageous to request a price reduction. For example, when the ordering office finds a schedule supply or service elsewhere at a lower price or when a BPA is being established to fill recurring requirements, requesting a price reduction could be advantageous. The potential volume of orders under these agreements, regardless of the size of the individual order, may offer the ordering office the opportunity to secure greater discounts. Schedule Contractors are not required to pass on to all schedule users a price reduction extended only to an individual agency for a specific order.

f. Small business. For orders exceeding the micro-purchase threshold, ordering offices should give preference to the items of small business concerns when two or more items at the same delivered price will satisfy the requirement.

g. Documentation. Orders should be documented, at a minimum, by identifying the Contractor the item was purchased from, the item purchased, and the amount paid. If an agency requirement in excess of the micro-purchase threshold is defined so as to require a particular brand name, product, or feature of a product peculiar to one manufacturer, thereby precluding consideration of a product manufactured by another company, the ordering office shall include an explanation in the file as to why the particular brand name, product, or feature is essential to satisfy the agency’s needs.

13. FEDERAL INFORMATION TECHNOLOGY/TELECOMMUNICATION STANDARDS REQUIREMENTS: Federal departments and agencies acquiring products from this Schedule must comply with the provisions of the Federal Standards Program, as appropriate (reference: NIST Federal Standards Index). Inquiries to determine whether or not specific products listed herein comply with Federal Information Processing Standards (FIPS) or Federal Telecommunication Standards (FED-STDS), which are cited by ordering offices, shall be responded to promptly by the Contractor.

FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATIONS (FIPS PUBS): Information Technology products under this Schedule that do not conform to Federal Information Processing Standards (FIPS) should not be acquired unless a waiver has been granted in accordance with the applicable “FIPS Publication.” Federal Information Processing Standards Publications (FIPS PUBS) are issued by the U.S. Department of Commerce, National Institute of Standards and Technology (NIST), pursuant to National Security Act. Information concerning their availability and applicability should be obtained from the National Technical Information Service (NTIS), 5285 Port Royal Road, Springfield, Virginia 22161. FIPS PUBS include voluntary standards when these are adopted for Federal use. ??Individual orders for FIPS PUBS should be referred to the NTIS Sales Office, and orders for subscription service should be referred to the NTIS Subscription Officer, both at the above address, or telephone number (703) 487-4650.

13.2 FEDERAL TELECOMMUNICATION STANDARDS (FED-STDS): Telecommunication products under this Schedule that do not conform to Federal Telecommunication Standards (FED-STDS) should not be acquired unless a waiver has been granted in accordance with the applicable “FED-STD.” Federal Telecommunication Standards are issued by the U.S. Department of Commerce, National Institute of Standards and Technology (NIST), pursuant to National Security Act. Ordering information and information concerning the availability of FED-STDS should be obtained from the GSA, Federal Supply Service, Specification Section, 470 East L’Enfant Plaza, Suite 8100, SW, Washington, DC 20407, telephone number (202)619-8925. Please include a self-addressed mailing label when requesting information by mail. Information concerning their applicability can be obtained by writing or calling the U.S. Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone number (301) 975-2833.

14. SECURITY REQUIREMENTS. In the event security requirements are necessary, the ordering activities may incorporate, in their delivery orders, a security clause in accordance with current laws, regulations, and individual agency policy; however, the burden of administering the security requirements shall be with the ordering agency. If any costs are incurred as a result of the inclusion of security requirements, such costs will not exceed ten percent (10%) or $100,000, of the total dollar value of the order, whichever is less.

15. CONTRACT ADMINISTRATION FOR ORDERING OFFICES: Any ordering office, with respect to any one or more delivery orders placed by it under this contract, may exercise the same rights of termination as might the GSA Contracting Officer under provisions of FAR 52.212-4, paragraphs (l) Termination for the Government’s convenience, and (m) Termination for Cause (See C.1.)

16. GSA Advantage! GSA Advantage! is an on-line, interactive electronic information and ordering system that provides on-line access to vendors’ schedule prices with ordering information. GSA Advantage! will allow the user to perform various searches across all contracts including, but not limited to:

(1) Manufacturer;
(2) Manufacturer’s Part Number; and
(3) Product categories.

Agencies can browse GSA Advantage! by accessing the Internet World Wide Web utilizing a browser (ex.: NetScape). The Internet address is http://www.fss.gsa.gov/

17. PURCHASE OF INCIDENTAL, NON-SCHEDULE ITEMS:

For administrative convenience, open market (non-contract) items may be added to a Federal Supply Schedule Blanket Purchase Agreement (BPA) or an individual order, provided that the items are clearly labeled as such on the order, all applicable regulations have been followed, and price reasonableness has been determined by the ordering activity for the open market (non-contract) items.

18. CONTRACTOR COMMITMENTS, WARRANTIES AND REPRESENTATIONS

a. For the purpose of this contract, commitments, warranties and representations include, in addition to those agreed to for the entire schedule contract:

(1) Time of delivery/installation quotations for individual orders;
(2) Technical representations and/or warranties of products concerning performance, total system performance and/or configuration, physical, design and/or functional characteristics and capabilities of a product/equipment/ service/software package submitted in response to requirements which result in orders under this schedule contract.
(3) Any representations and/or warranties concerning the products made in any literature, description, drawings and/or specifications furnished by the Contractor.

b. The above is not intended to encompass items not currently covered by the GSA Schedule contract.

19. OVERSEAS ACTIVITIES?The terms and conditions of this contract shall apply to all orders for installation, maintenance and repair of equipment in areas listed in the price list outside the 48 contiguous states and the District of Columbia, except as indicated below: Not applicable-equipment is not offered.???Upon request of the Contractor, the Government may provide the Contractor with logistics support, as available, in accordance with all applicable Government regulations. Such Government support will be provided on a reimbursable basis, and will only be provided to the Contractor’s technical personnel whose services are exclusively required for the fulfillment of the terms and conditions of this contract.

20. YEAR 2000 WARRANTY-COMMERCIAL SUPPLY ITEMS

a. As used in this clause, “Year 2000 compliant” means, with respect to information technology, that the information technology accurately processes date/time data (including, but not limited to, calculating, comparing and sequencing) from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000, and leap year calculations, to the extent that other information technology used in combination with the information technology being acquired, properly exchanges date/time data with it.

b. The Contractor shall warrant that each hardware, software, and firmware product delivered under this contract shall be able to accurately process date time data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the twentieth and twenty-first centuries, including leap year calculations, when used in accordance with the product documentation provided by the Contractor, provided that all products (e.g. hardware, software, firmware) used in combination with products properly exchange date time data with it. If the contract requires that specific listed products must perform as a system in accordance with the foregoing warranty, then that warranty shall apply to those products as a system. The duration of this warranty and the remedies available under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the Contractor in writing within ninety (90) days after acceptance (installation is considered acceptance). The Contractor may offer an extended warranty to the Government to include repair or replacement of any product whose non-compliance is discovered and made known to the Contractor in writing at any time prior to June 1, 2000, or for a period of 6 months following acceptance (installation is considered acceptance) whichever is later. Nothing in this warranty shall be construed to limit any rights or remedies the Government may otherwise have under this contract with respect to defects other than Year 2000 performance.

21. BLANKET PURCHASE AGREEMENTS (BPAs)?Federal Acquisition Regulation (FAR) 13.303-1(a) defines Blanket Purchase Agreements (BPAs) as “…a simplified method of filling anticipated repetitive needs for supplies or services by establishing ‘charge accounts’ with qualified sources of supply.” The use of Blanket Purchase Agreements under the Federal Supply Schedule Program is authorized in accordance with FAR 13.303-2(c)(3), which reads, in part, as follows:

“BPAs may be established with Federal Supply Schedule Contractors, if not inconsistent with the terms of the applicable schedule contract.”

Federal Supply Schedule contracts contain BPA provisions to enable schedule users to maximize their administrative and purchasing savings. This feature permits schedule users to set up “accounts” with Schedule Contractors to fill recurring requirements. These accounts establish a period for the BPA and generally address issues such as the frequency of ordering and invoicing, authorized callers, discounts, delivery locations and times. Agencies may qualify for the best quantity/volume discounts available under the contract, based on the potential volume of business that may be generated through such an agreement, regardless of the size of the individual orders. In addition, agencies may be able to secure a discount higher ?than that available in the contract based on the aggregate volume of business possible under a BPA. Finally, Contractors may be open to a progressive type of discounting where the discount would increase once the sales accumulated under the BPA reach certain prescribed levels. Use of a BPA may be particularly useful with the new Maximum Order feature. See the Suggested Format, contained in this Schedule Price List, for customers to consider when using this purchasing tool.

22. CONTRACTOR TEAM ARRANGEMENTS?Contractors participating in contractor team arrangements must abide by all terms and conditions of their respective contracts. This includes compliance with Clauses 552.238-74, Contractor’s Reports of Sales and 552.238-76, Industrial Funding Fee, i.e., each contractor (team member) must report sales and remit the IFF for all products and services provided under its individual contract.

in   
 

Course Overview:

TN-575: Open Source Network Security Monitoring teaches students how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. No network is bullet proof and when attackers access your network, this course will show you how to build a security net to detect, contain, and control the attacker. Sensitive data can be monitored and deep packet and deep attachment analysis can be achieved. As organizations stand up a Security Operations Center (SOC) the enterprise NSM is the key ingredient to that SOC. This course not only teaches how to implement an NSM technologically, but how to effectively monitor an enterprise operationally. You will learn how to architect an NSM solution: where to deploy your NSM platforms and how to size them, stand-alone or distributed, and integration into packet analysis, interpret evidence, and integrate threat intelligence from external sources to identify sophisticated attackers. A properly implemented NSM is integral to incident response and provides the responders timely information to react to the incident. TN-575: Open Source Network Security Monitoring is a lab intensive environment with a cyber range that gives each student in-depth knowledge and practical experience monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls.

Attendees to TN-575: Open Source Network Security Monitoring class will receive TechNow approved course materials and expert instruction.

This Course is taught utilizing Security Onion or RockNSM as specified by the customer.

Dates/Locations:

No Events

Duration: 5 Days

Course Objective:

The focus of this course is to present a suite of Open Source security products integrated into a highly functional and scalable Network Security Monitoring solution.

Prerequisites:

Students should have a basic understanding of networks, TCP/IP and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required

Course Outline:

  • Network Security Monitoring (NSM) Methodology
  • High Bandwidth Packet Capture Challenges
  • Installation of Security Onion
    • Use Cases (analysis, lab, stand-alone, distributed)
    • Resource Requirements
  • Configuration
    • Setup Phase I – Network Configuration
    • Setup Phase 2 – Service Configuration
    • Evaluation Mode vs. Configuration Mode
    • Verifying Services
  • Security Onion Architecture
    • Configuration Files and Folders
    • Network Interfaces
    • Docker Environment
    • Security Onion Containers
  • Overview of Security Onion Analyst Tools
    • Kibana
    • CapME
    • CyberChef
    • Squert
    • Sguil
    • NetworkMiner
  • Quick Review of Wireshark and Packet Analysis
    • Display and Capture Filters
    • Analyze and Statistics Menu Options
    • Analysis for Signatures
  • Analyzing Alerts
    • Replaying Traffic
    • 3 Primary Interfaces:
      • Squert
      • Sguil
      • Kibana
    • Pivoting Between Interfaces
    • Pivoting to Full Packet Capture
  • Snort and Surricata
    • Rule Syntax and Construction
    • Implementing Custom Rules
    • Implementing Whitelists and Blacklists
  • Hunting
    • Using Kibana to Slice and Dice Logs
    • Hunting Workflow with Kibana
  • Bro
    • Introduction and Overview
      • Architecture, Commands
    • Understanding and Examining Bro Logs
      • Using AWK, sort, uniq, and bro-cut
    • Working with traces/PCAPs
    • Bro Scripts Overview
      • Loading and Using Scripts
    • Bro Frameworks Overview
      • Bro File Analysis Framework FAF
    • Using Bro scripts to carve out more than files
  • RockNSM ( * If Applicable)
    •  Kafka
      • Installation and Configuration
      • Kafka Messaging
      • Brokers
      • Integration with Bro and FSF
    • File Scanning Framework FSF
      • Custom YARA Signatures
      • JSON Trees
      • Sub-Object Recursion
      • Bro and Suricata Integration
  • Elastic Stack
    • Adding new data sources in Logstash
    • Enriching data with Logstash
    • Automating with Elastalert
    • Building new Kibana dashboards
  • Production Deployment
    • Advanced Setup
    • Master vs Sensor
    • Node Types – Master, Forward, Heavy, Storage
    • Command Line Setup with sosetup.conf
    • Architectural Recommendations
    • Sensor Placement
    • Hardening
    • Administration
    • Maintenance
  • Tuning
    • Using PulledPork to Disable Rules
    • BPF’s to Filter Traffic
    • Spinning up Additional Snort / Suricata / Bro Workers to Handle Higher Traffic Loads

Comments

Latest comments from students


 

Liked the class?  Then let everyone know!

Course Overview:

An in-depth course on how to use and configure Cisco Firepower Threat Defense technology,  from device setup and configuration and including routing, high availability, Firepower Threat Defense migration, traffic control, and Network Address Translation (NAT).  Students implement advanced Next Generation Firewall (NGFW) and Next Generation Intrusion Prevention System (NGIPS) features, including network intelligence, file type detection, network based malware detection, and deep packet inspection.
Students will also learn how to configure site to site VPN, remote access VPN, and SSL decryption before moving on to detailed analysis, system administration, and troubleshooting.  This course combines lecture materials and hands on labs throughout to make sure that students are able to successfully deploy and manage the Cisco Firepower system.

It is a five-day instructor-led course that is aimed at providing network security engineers with the knowledge and skills that are needed to implement and maintain perimeter solutions that are based on Cisco Firepower security appliances. At the end of the course, students will be able to reduce risk to their IT infrastructure and applications using Cisco Firepower security appliance features, and provide detailed operations support for the Firepower appliance.

Attendees to N-485: In-Depth Securing Networks with Cisco Firepower Threat Defense NGFW will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Understand Sourcefire, Firepower 6.2, FireAMP, and Firepower Threat Defense (FTD)
  • Configure the Firepower Management Center (FMC)
  • Raise you confidence managing the Firepower Manager and Firepower tThreat Defense (FTD)
  • Describe the Cisco Firepower Systems infrastructure
  • Navigate the user interface and administrative features of the Cisco Firepower 6.2 system, including advanced analysis and reporting functionality to properly assess threats
  • Describe the System Configuration and Health policies and implement them
  • Describe the role Network Discovery (Firepower) technology plays in the Cisco devices
  • Describe, create, and implement objects for use in Access Control policies
  • Create DNS and URL policies and configure Sinkholes
  • Configure FTD policies such as Platform, Routing, Interface, Zones, PreFilter, QoS, NAT and Flex Config!
  • Describe advanced policy configuration and Firepower system configuration options
  • Configure Malware Policies to find and stop Malware
  • Understand Security Intelligence, and how to configure SI to stop attacks NOW!
  • Configure policies to find and stop Ransomware
  • Understand how to fine tune IPS policies
  • Understand how to find tun Snort Preprocessor policies (NAP)
  • Configure Correlation events, white rules, traffic profiles and create respective events and remediate them
  • Analyze events
  • Create reporting templates and schedule them
  • Configure backups, rule updates, Firepower Recommendations, URL updates, and more to run every week automatically
  • Set up external authentication for users using LDAP/Realms
  • Configuring system integration, realms, and identity sources
  • Configure FMC domains and implement them
  • Configure FTD HA with two FTD devices
  • SSL Policy – decrypt your traffic
  • AnyConnect and Site-to-Site VPN
  • Understand network and host based AMP.  Configure and analyze host based AMP
  • Understand Cisco Identity Services Engine (ISE)
  • Configure ISE and integrate with Cisco FMC identity policy using PxGrid

Prerequisites:

Comments

Latest comments from students


Liked the class?  Then let everyone know!