Course Overview:
Intrusion Analyst is a hands-on course that covers intrusion detection in-depth. This includes concepts such as the use of Snort, network traffic analysis, and IDS signatures.
A skills focus enables the student to better absorb the subject matter and perform successfully on the job. This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of packet and intrusion analysis.
Attendees to TN-979: Intrusion Analyst will receive TechNow approved course materials and expert instruction.
Date/Locations:
Duration: 5 days
Course Objectives:
- Advanced Snort Concepts
- Analyst Toolkit
- Domain Name System (DNS)
- Examining Packet Crafting
- Examining Packet Header Fields
- Fragmentation
- ICMP Theory
- IDS Interoperability
- IDS Patterns
- IDS/IPS Management & Architecture Issues
- Indications, Warnings & Traffic Correlation
- IPv6
- Microsoft Protocols
- Network Traffic Analysis
- NIDS Evasion, Instertion & Checksums
- Snort Fundamentals & Configuration
- Snort GUIs & Sensor Management
- Snort Performance, Active Response & Tagging
- Snort Rules
- Stimulus Response
- TCPdump Fundamentals
- TCP/IP Fundamentals
- Wireshark Fundamentals
- Writing TCPdump Filters
Course Prerequisites:
- GSEC or equivalent experience
- UNIX, Windows, Networking, and Security Experience
- This is a hands-on skill course requiring comfort with command line interaction and network communications
Comments
Latest comments from students
User: Tosha
Instructor comments: Dave was an excellent instructor. He is very informative and knowledgeable in the course and the material. I have enjoyed the class and I would take another course with him as the instructor.
Facilities comments: Very nice and clean hotel.
User: buckey26
Instructor comments: Dave was one of the best instructors I have ever had for a tech course. He broke down everything to the point where you can understand it internally.
Liked the class? Then let everyone know!
Course Overview:
This is a hands-on course that covers many of the concepts of securing the perimeter of an organization. This includes concepts such as intrusion detection, packet filtering, and central logging.
A skills focus enables the student to better absorb the subject matter and perform better on the job. This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of Firewalls.
This course is an excellent precursor to PA-215 Palo Alto Firewall Essentials FastTrack.
Attendees to TN-949: Certified Firewall Analyst Prep will receive TechNow approved course materials and expert instruction.
Date/Locations:
Duration: 5 days
Course Objectives:
- Analyzing Network and Wireless Design
- Creating and Auditing a Rulebase
- Firewall Assessment and Penetration Testing
- Host-Based Detection and DLP
- Incident Detection and Analysis
- IOS and Router Security
- IPv6 and ICMPv6
- Log Collection and Analysis
- NAT and Proxies
- Netfilter IPtables
- Network Access Control
- Network-Based Intrusion Detection
- Packet Filters and Inspection
- Packet Fragmentation
- Perimeter Concepts and IP Fundamentals
- Securing Hosts and Services
- TCP/IP Protocols
- VPN Design and Auditing
- VPN Implementation
Course Prerequisites:
- GSEC or equivalent experience
- UNIX, Windows, networking and security experience
- This is a hands-on skill course requiring comfort with command line interaction and network communications
Comments
Latest comments from students
Liked the class? Then let everyone know!
Course Overview:
This course delivers the technical knowledge, insight, and hands-on training to receive in-depth knowledge on Wireshark® and TCP/IP communications analysis. You will learn to use Wireshark to identify the most common causes of performance problems in TCP/IP communications. You will learn about the underlying theory of TCP/IP and the most used application protocols, so that you can intelligently examine network traffic for performance issues or possible Indicators of Compromise (IoC).
Duration: 5 Days
Audience:
Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, and security analysts.
Course Prerequisites:
We recommend that attendees of this course have the following prerequisite:
• Network+
Dates/Locations:
Course Outline:
DAY ONE
Course Set Up and Analyzer Testing
Network Analysis Overview
Wireshark Functionality Overview
Capturing Wired and Wireless Traffic
Define Global and Personal Preferences for Faster Analysis
Defined Time Values and Interpret Summaries
Interpret Basic Trace File Statistics to Identify Trends
Create and Apply Display Filters for Efficient Analysis
DAY TWO
Follow Streams and Reassemble Data
Use Wireshark’s Expert System to Identify Anomalies
TCP/IP Analysis Overview
Analyze Common TCP/IP Traffic Patterns
DAY THREE
Graph I/O Rates and TCP Trends
802.11 (WLAN) Analysis Fundamentals
Voice over IP (VoIP) Analysis Fundamentals
Network Forensics Fundamentals
DAY FOUR
Detect Scanning and Discovery Processes
Analyze Suspect Traffic
DAY FIVE
Use Command‐Line Tools
TechNow Provides Integrated Solutions
TechNow delivers enterprise hardware, software, and consulting that implements technologies in the areas of virtualization, IP telephony, open source systems, or security. If your company is interested in the benefits of cost effective and secure hardware, software and consulting solutions, please contact us for further information.
TechNow Virtualization Solutions: TechNow delivers virtualization solutions in several virtualization stacks: Microsoft HyperV, Oracle VM, and VMware. TechNow integrates open system RAID NAS storage solutions that enable high availability solutions for all stacks. High performance I/O is critical to virtualized solutions and TechNow delivers the hardware, software, and consulting to make that happen. Mission critical environment and optimized for be both scalable and secure. If you are interested in purchasing a virtualization solution please contact TechNow to setup an appointed to discuss your requirements.
TechNow VoIP Solutions: TechNow delivers VoIP affordable solutions utilizing SIP and integrating desktop softphones, physical handset phones, iPad/iPod clients, cell phones, web status, email, voicemail, extisting landlines, and VoIP SIP Trunks. There are many marketing terms for highly integrated solutions, the term our product is "Great". If you are interested in purchasing a VoIP solution please contact TechNow to setup an appointed to discuss your requirements.
TechNow Security Solutions: TechNow delivers security solutions that are enterprise centric. As organizations grapple with managing security in their infrastructure, TechNow can architect, deliver, and implement hardware, software, and consulting required to insure a responsive and integrated approach to infastructure security.