Course Overview:

TN-575: Open Source Network Security Monitoring teaches students how to deploy, build, and run an NSM operation using open source software and vendor-neutral tools. No network is bullet proof and when attackers access your network, this course will show you how to build a security net to detect, contain, and control the attacker. Sensitive data can be monitored and deep packet and deep attachment analysis can be achieved. As organizations stand up a Security Operations Center (SOC) the enterprise NSM is the key ingredient to that SOC. This course not only teaches how to implement an NSM technologically, but how to effectively monitor an enterprise operationally. You will learn how to architect an NSM solution: where to deploy your NSM platforms and how to size them, stand-alone or distributed, and integration into packet analysis, interpret evidence, and integrate threat intelligence from external sources to identify sophisticated attackers. A properly implemented NSM is integral to incident response and provides the responders timely information to react to the incident. TN-575: Open Source Network Security Monitoring is a lab intensive environment with a cyber range that gives each student in-depth knowledge and practical experience monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls.

Attendees to TN-575: Open Source Network Security Monitoring class will receive TechNow approved course materials and expert instruction.

This Course is taught utilizing Security Onion or RockNSM as specified by the customer.

Dates/Locations:

No Events

Duration: 5 Days

Course Objective:

The focus of this course is to present a suite of Open Source security products integrated into a highly functional and scalable Network Security Monitoring solution.

Prerequisites:

Students should have a basic understanding of networks, TCP/IP and standard protocols such as DNS, HTTP, etc. Some Linux knowledge/experience is recommended, but not required

Course Outline:

  • Network Security Monitoring (NSM) Methodology
  • High Bandwidth Packet Capture Challenges
  • Installation of Security Onion
    • Use Cases (analysis, lab, stand-alone, distributed)
    • Resource Requirements
  • Configuration
    • Setup Phase I – Network Configuration
    • Setup Phase 2 – Service Configuration
    • Evaluation Mode vs. Configuration Mode
    • Verifying Services
  • Security Onion Architecture
    • Configuration Files and Folders
    • Network Interfaces
    • Docker Environment
    • Security Onion Containers
  • Overview of Security Onion Analyst Tools
    • Kibana
    • CapME
    • CyberChef
    • Squert
    • Sguil
    • NetworkMiner
  • Quick Review of Wireshark and Packet Analysis
    • Display and Capture Filters
    • Analyze and Statistics Menu Options
    • Analysis for Signatures
  • Analyzing Alerts
    • Replaying Traffic
    • 3 Primary Interfaces:
      • Squert
      • Sguil
      • Kibana
    • Pivoting Between Interfaces
    • Pivoting to Full Packet Capture
  • Snort and Surricata
    • Rule Syntax and Construction
    • Implementing Custom Rules
    • Implementing Whitelists and Blacklists
  • Hunting
    • Using Kibana to Slice and Dice Logs
    • Hunting Workflow with Kibana
  • Bro
    • Introduction and Overview
      • Architecture, Commands
    • Understanding and Examining Bro Logs
      • Using AWK, sort, uniq, and bro-cut
    • Working with traces/PCAPs
    • Bro Scripts Overview
      • Loading and Using Scripts
    • Bro Frameworks Overview
      • Bro File Analysis Framework FAF
    • Using Bro scripts to carve out more than files
  • RockNSM ( * If Applicable)
    •  Kafka
      • Installation and Configuration
      • Kafka Messaging
      • Brokers
      • Integration with Bro and FSF
    • File Scanning Framework FSF
      • Custom YARA Signatures
      • JSON Trees
      • Sub-Object Recursion
      • Bro and Suricata Integration
  • Elastic Stack
    • Adding new data sources in Logstash
    • Enriching data with Logstash
    • Automating with Elastalert
    • Building new Kibana dashboards
  • Production Deployment
    • Advanced Setup
    • Master vs Sensor
    • Node Types – Master, Forward, Heavy, Storage
    • Command Line Setup with sosetup.conf
    • Architectural Recommendations
    • Sensor Placement
    • Hardening
    • Administration
    • Maintenance
  • Tuning
    • Using PulledPork to Disable Rules
    • BPF’s to Filter Traffic
    • Spinning up Additional Snort / Suricata / Bro Workers to Handle Higher Traffic Loads

Comments

Latest comments from students


 

Liked the class?  Then let everyone know!

Course Overview:

This course will cover topics to ensure that students have the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments.  Students will be able to apply critical thinking and judgement across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.  This course will prepare students for the objectives covered in the CompTIA CASP+ certification exam (CAS-004).

Attendees to CT-425: CompTIA Advanced Security Practitioner (CASP+) will receive TechNow approved course materials and expert instruction.

Date/Locations:

Date/Time Event
12/16/2024 - 12/20/2024
08:00 -16:00
CT-425: CASP+
TechNow, Inc, San Antonio TX

Duration: 5 days

Course Objectives:

  • Support IT governance in the enterprise with an emphasis on managing risk
  • Leverage collaboration tools and technology to support enterprise security
  • Use research and analysis to secure the enterprise
  • Integrate advanced authentication and authorization techniques
  • Implement cryptographic techniques
  • Implement security controls for hosts
  • Implement security controls for mobile devices
  • Implement network security
  • Implement security in the systems and software development lifecycle
  • Integrate hosts, storage, networks, applications, virtual environments, and cloud technologies in a secure enterprise architecture
  • Conduct security assessments
  • Respond to and recover from security incidents

Prerequisites:

Completion of the following or equivalent knowledge:

CompTIA Certification: A+ Essentials

CompTIA Certification: Security+

Comments

Latest comments from students


User: clbrack

Instructor comments: I expect to pass, another great class from technow!


User: christopher0470

Instructor comments: Alan takes the time to cover the material so that you understand the concepts and applications of the information presented.

Facilities comments: I like the location. It was quiet and very conducive to learning.


Liked the class?  Then let everyone know!

Course Overview:

An in-depth course on how to use and configure Cisco Firepower Threat Defense technology,  from device setup and configuration and including routing, high availability, Firepower Threat Defense migration, traffic control, and Network Address Translation (NAT).  Students implement advanced Next Generation Firewall (NGFW) and Next Generation Intrusion Prevention System (NGIPS) features, including network intelligence, file type detection, network based malware detection, and deep packet inspection.
Students will also learn how to configure site to site VPN, remote access VPN, and SSL decryption before moving on to detailed analysis, system administration, and troubleshooting.  This course combines lecture materials and hands on labs throughout to make sure that students are able to successfully deploy and manage the Cisco Firepower system.

It is a five-day instructor-led course that is aimed at providing network security engineers with the knowledge and skills that are needed to implement and maintain perimeter solutions that are based on Cisco Firepower security appliances. At the end of the course, students will be able to reduce risk to their IT infrastructure and applications using Cisco Firepower security appliance features, and provide detailed operations support for the Firepower appliance.

Attendees to N-485: In-Depth Securing Networks with Cisco Firepower Threat Defense NGFW will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Understand Sourcefire, Firepower 6.2, FireAMP, and Firepower Threat Defense (FTD)
  • Configure the Firepower Management Center (FMC)
  • Raise you confidence managing the Firepower Manager and Firepower tThreat Defense (FTD)
  • Describe the Cisco Firepower Systems infrastructure
  • Navigate the user interface and administrative features of the Cisco Firepower 6.2 system, including advanced analysis and reporting functionality to properly assess threats
  • Describe the System Configuration and Health policies and implement them
  • Describe the role Network Discovery (Firepower) technology plays in the Cisco devices
  • Describe, create, and implement objects for use in Access Control policies
  • Create DNS and URL policies and configure Sinkholes
  • Configure FTD policies such as Platform, Routing, Interface, Zones, PreFilter, QoS, NAT and Flex Config!
  • Describe advanced policy configuration and Firepower system configuration options
  • Configure Malware Policies to find and stop Malware
  • Understand Security Intelligence, and how to configure SI to stop attacks NOW!
  • Configure policies to find and stop Ransomware
  • Understand how to fine tune IPS policies
  • Understand how to find tun Snort Preprocessor policies (NAP)
  • Configure Correlation events, white rules, traffic profiles and create respective events and remediate them
  • Analyze events
  • Create reporting templates and schedule them
  • Configure backups, rule updates, Firepower Recommendations, URL updates, and more to run every week automatically
  • Set up external authentication for users using LDAP/Realms
  • Configuring system integration, realms, and identity sources
  • Configure FMC domains and implement them
  • Configure FTD HA with two FTD devices
  • SSL Policy – decrypt your traffic
  • AnyConnect and Site-to-Site VPN
  • Understand network and host based AMP.  Configure and analyze host based AMP
  • Understand Cisco Identity Services Engine (ISE)
  • Configure ISE and integrate with Cisco FMC identity policy using PxGrid

Prerequisites:

Comments

Latest comments from students


Liked the class?  Then let everyone know!

Course Overview:

TechNow’s Course ensures that you are ready to test for the CCNA Certification. This intensive ten-day program is a high end, hands-on, bootcamp using physical routers & switches in classroom.  Students will learn how to install, operate, configure, and verify basic IPv4 and IPv6 networks. The course covers configuring network components such as switches, routers, and wireless LAN controllers; managing network devices; and identifying basic security threats. The course also gives you a foundation in network programmability, automation, and software-defined networking. Additionally the course stress tests the students on exam practices that insure the student a successful outcome on the 200-301 CCNA exam.

This course is available for group purchasing with a minimum of 4 students. Please call to get scheduling availability.

Attendees to N-310: CCNA Extended Bootcamp will receive TechNow approved course materials and expert instruction.

Date/Locations:

This course is available for group purchasing with a minimum of 4 students. Please call to get scheduling availability. (210) 733-1093

No Events

Duration: 10 days

Course Objectives:

    • Identify the components of a computer network and describe their basic characteristics
    • Understand the model of host-to-host communication
    • Describe the features and functions of the Cisco Internetwork Operating Systems (IOS) software
    • Describe LANs and the role of switches within LANs
    • Describe Ethernet as the network access layer of TCP/IP and describe the operation of switches
    • Install a switch and perform the initial configuration
    • Describe the TCP/IP Internet layer, IPv4, its addressing scheme, and subnetting
    • Describe the TCP/IP Transport layer and Application layer
    • Explore functions of routing
    • Implement basic configuration on a Cisco router
    • Explain host-to-host communications across switches and routers
    • Identify and resolve common switched network issues and common problems associated with IPv4 addressing
    • Describe IPv6 main features and addresses, and configure and verify basic IPv6 connectivity
    • Describe the operation, benefits, and limitations of static routing
    • Describe, implement, and verify Virtual Local Area Networks (VLANs) and trunks
    • Describe the application and configuration of inter-VLAN routing
    • Explain the basics of dynamic routing protocols and describe components and terms of Open Shortest Path First (OSPF)
    • Explain how Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) work
    • Configure link aggregation using EtherChannel
    • Describe the purpose of Layer 3 redundancy protocols
    • Describe basic WAN and VPN concepts
    • Describe the operation of Access Control Lists (ACLs) and their applications in the network
    • Configure Internet access using Dynamic Host Configuration Protocol (DHCP) clients and explain and configure Network Address Translation (NAT) on Cisco routers
    • Describe basic Quality of Service (QoS) concept
    • Describe network and device architectures and introduce virtualization
    • Introduce the concept of network programmability and Software-Defined Networking (SDN)
    • Configure basic IOS system monitoring tools
    • Describe the management of Cisco devices
    • Describe the current security threat landscape
    • Describe threat defense technologies
    • Implement a basic security configuration of the device management plane
    • Implement basic steps to harden network devices

Lab Objectives:

      • Get started with Cisco Command-Line Interface (CLI)
      • Observe How a Switch Operates
      • Perform Basic Switch Configuration
      • Implement the Initial Switch Configuration
      • Inspect TCP/IP Applications
      • Configure an Interface on a Cisco Router
      • Configure and Verify Layer 2 Discovery Protocols
      • Implement an Initial Router Configuration
      • Configure Default Gateway
      • Explore Packet Forwarding
      • Troubleshoot switch Media and Port Issues
      • Troubleshoot Port Duplex Issues
      • Configure Basic IPv6 Connectivity
      • Configure and Verify IPv4 Static Routes
      • Configure Iv6 Static Routes
      • Implement IPv4 Static Routing
      • Implement IPv6 Static Routing
      • Configure VLAN and Trunk
      • Troubleshoot VLANs and Trunk
      • Configure a Router on a Stick
      • Implement Multiple VLANs and Basic Routing Between the VLANs
      • Configure and Verify Single-Area OSPF
      • Configure and Verify EtherChannel
      • Improve Redundant Switched Topologies with EtherChannel
      • Configure and Verify IPv4 ACLs
      • Implement Numbered and Named IPv4 ACLs
      • Configure a Provider-Assigned IPv4 Address
      • Configure Static NAT
      • Configure Dynamic NAT and Port Address Translation (PAT)
      • Implement PAT
      • Log into the WLC
      • Monitor the WLC
      • Configure a Dynamic (VLAN) Interface
      • Configure a DHCP Scope
      • Configure a WLAN
      • Define a Remote Access Dial-In User Service (RADIUS) Server
      • Explore Management Options
      • Explore the Cisco DNA Center
      • Configure and Verify NTP
      • Configure System Message Logging
      • Create the Cisco IOS Image Backup
      • Upgrade Cisco IOS Image
      • Configure WLAN Using Wi-Fi Protected Access 2 (WPA2) Pre-Shared Key (PSK) Using the GUI
      • Secure Console and Remote Access
      • Enable and Limit Remote Access Connectivity
      • Secure Device Administrative Access
      • Configure and Verify Port Security
      • Implement Device Hardening

Prerequisites:

      • Familiarity in the following networking topics:
        • TCP/IP
        • IP Configuration
        • Peer-to-Peer Networking
        • Subnetting
        • Building a Routing Table
      • It is not required but highly recommended to have the following certifications:

Comments

Latest comments from students


User: kdinivahi29

Instructor comments: The instructor Mr. Tom Bigger has done a terrific job of substantiating the textbook content with hands on labs. He has been patient and ensure that we understood the material


User: MikeWisn

Instructor comments: Did exceptional job explaining complicated concepts.

Facilities comments: Hotel front desk phone ringing loudly during class was distracting.


Liked the class?  Then let everyone know!

 

Course Overview:

CT-225: Network+ is a five-day course that teaches students the fundamentals of networking. Through hands-on training, students learn the vendor-independent networking skills & concepts that affect all aspects of networking, such as installing & configuring the TCP/IP client. The course also helps to prepare students for three popular certification examinations: CompTIA Network+, Microsoft Networking Essentials, and Novell Networking Technologies.

Attendees to CT-225: Network+ will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration 5 days

Course Objectives:

  • Identify basic network theory concepts and major network communications methods
  • Describe bounded network media
  • Describe unbounded network media
  • Identify the major types of network implementations
  • Identify TCP/IP addressing and data delivery methods
  • Analyze routing and switching technologies
  • Identify the components of a TCP/IP implementation
  • Analyze network security
  • Implement network security
  • Identify the components of a WAN implementation
  • Identify the components used in cloud computing and virtualization
  • Identify the components of a remote network implementation
  • Manage networks
  • Troubleshoot network issues

Prerequisites:

Comments

Latest comments from students


User: hanbri9

Instructor comments: Great instructor.

Facilities comments: BEST HOTEL!!!!!!! AMAZING LOCATION, GOOD FOOD, NICE SPACE. The location of the hotel is what is almost the best about it. Driving up hwy 10 in the morning is absolutely awful.



 

Like the class?  Then let everyone know!