Palo Alto Networks Firewall Training Course Lab

Working with the TechNow lab for the PA-215: Palo Alto Networks Firewall Essentials FastTrack course has been nothing less than a techie's idea of fun. When students come in we are immediatly configuring the Cisco 3750 switches for access ports, VLANS, and trunks. We then cable the switch to the Palo Alto Networks Firewall. Each student gets their own Palo Alto Firewall Pod of hardware and software. What we find as fun is the VLAN environment, with an array of virtual machines hosted on an ESXi server that can really exercise the abilities of the Palo Alto Firewall. The DMZ VLAN hosts virtual machines that support enterprise services and also potentialy vulnerable web services. The Trust VLAN has Windows and Linux clients. The UnTrust VLAN has Web services and a VM of Kali. The hardware Firewall is additionally connected to a Management VLAN. All those VLANs are trunked into an ESXi server where the student also has a VM-Series Palo Alto Networks Firewall for High Availability.

After configuring all the trunking, VLANs, and network interfaces we learn about the firewall and configure it for the lab environment. Using Metasploitable and Kali/Metasploit nefarious penetration attempts are executed. Using packet captures, custom APP-ID's and custom signatures are generated. Custom logging and reporting are created to similate and enterprise and assist the desired Incident Response. It is always fun in a training environment to learn all about the controls available in a product, even though specific controls may not be used in the operational environment. In the end we have a good understanding of the Palo Alto Networks Firewall.

Observations of Instructor Led Training with Real Hardware

TechNow has heard many students talk about virtualized/remote training that TechNow Does Not Do. While training our most recent offering of PA-215: Palo Alto Networks Firewall Essentials FastTrack a student told his story of how he endend up in our course. His story we have heard for other technologies like Cisco, VMware, BlueCoat and other products.

A large percentage of training is moving to the virtualized/remote lab environments. Students are asked to use some variant of remote access software and remote into the training company's lab environment. Our student in our Palo Alto Networks Firewall course informed us that he went to a very costly offering of that course from the vendor and was not able to perform any labs. There were either network connectivity issues, or issues with the remote access software, or other problems. The whole training experience was very frustrating and not productive.

We keep our labs open to students if they would like after hours, or before hours access. Repeatedly going through a lab engrains that knowledge for later recall. Touching hardware is so critical in understanding the problems that arise when a cable comes loose, or a cable gets plugged in the wrong port. There are other scenarios such as just pulling the power cable, or turning off a power strip, or accidently overwriting a configuration. These disaster scenarious requires hands-on physical access to hardware. Preventing and recovering from disasters is what it's all about, and that requires hands-on, instructor led, real hardware.

TN-5415: Installation, Storage, and Compute with Windows Server 2016

Course Overview:

Course one of a three course series to obtain a Server 2016 MCSA certification. This five-day course is designed primarily for IT professionals who have some experience with Windows Server. It is designed for professionals who will be responsible for managing storage and compute by using Windows Server 2016, and who need to understand the scenarios, requirements, and storage and compute options that are available and applicable to Windows Server 2016.

The course leads directly to preparing for the(MCSA):Windows Server 2016 exam “70-740: Installation, Storage, and Compute with Windows Server 2016”. It also maps to Microsoft’s course 20740A, and is part of the Server 2016 MCSA certification.

Attendees to TN-5415: Installation, Storage, and Compute with Window Server 2016 will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

Prepare and install Nano Server, a Server Core installation, and plan a server upgrade and migration strategy
Describe the various storage options, including partition table formats, basic and dynamic disks, file systems, virtual hard disks, and drive hardware, and explain how to manage disks and volumes
Describe enterprise storage solutions, and select the appropriate solution for a given situation
Implement and manage Storage Spaces and Data Deduplication
Install and configure, and manage Windows and Hyper-V containers
Describe the high availability and disaster recovery technologies in Windows Server 2016
Plan, create, and manage a failover cluster
Implement failover clustering for Hyper-V virtual machines
Configure a Network Load Balancing (NLB) cluster, and plan for an NLB implementation
Create and manage deployment images
Manage, monitor, and maintain virtual machine installations

Prerequisites:

A basic understanding of networking fundamentals
An awareness and understanding of security best practices
An understanding of basic AD DS concepts
Basic knowledge of server hardware
Experience supporting and configuring Windows client operating systems such as Windows 10

Liked the class? Then let everyone know!

L-245: Linux System Administration I

Course Overview:

In this course students will learn to install the Linux™ operating system, to administer users and software, to use vi, basic Linux security, process control, file system maintenance, backup and recovery, including some basic networking concepts. This course insures that students have the skills to configure all desktop and client side related activity.

Attendees to L-245: Linux System Administration I will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 days

Course Objectives:

Linux operating system installation
Hardware Issues
LILO & GRUB Configuration
Managing the Linux file system
Boot Process
Customization of setup files
System Startup
Run Levels
Network Services
User Management
Changing Passwords
Monitoring, accessing & restricting root system access
Administration Tools
Disk Management
Quotas
Process Control
Installing & removing software & patches
Network Configuration
Client side components of NFS, Samba, NTP, NIS
Printing
Backup and Recovery
Using utilities for process control, locating files & automating maintenance tasks

Prerequisites:

Students should have an understanding of all basic UNIX commands as well as variable substitution, wild card expansion, command pipes, permissions, the grep and find commands.
These prerequisites can be met through completion of TN-125: Introduction to UNIX & Linux and six month’s experience with Linux.

Comments

Latest comments from students

User: flores2015

Instructor comments: Very Good Instructor (Bill Peterson)

Facilities comments: Nice - Can't wait for your new facility.

Liked the class? Then let everyone know!

TN-905: Cyber Threat Intelligence Analysis

Course Overview:

TechNow has worked worldwide enterprise infrastructures for over 30 years and has developed demos and labs to exemplify the techniques required to demonstrate technologies that effectively support CTI. This course integrates well with our courses TN-575: Open Source Network Security Monitoring and TN-865: Wireshark Network Traffic and Security Analysis .

TechNow develops Cyber Ranges and makes them available for conferences in support of annual meetings for Cyber Threat Response Teams. Developing scenarios and reacting to them appropriately is a big part of the value in understanding the contexts required to comprehend valuable CTI. As with many advanced TechNow security courses, there is a large hands-on ratio. This course helps Cyber Protection Teams (CPT), Defensive Cyber Operations (DCO), and Mission Defense Teams (MDT) to collect, analyze and apply targeted cyber intelligence to defensive operations in order to proactively act on and tune response to attacks by cyber adversaries. CPT, DCO, and MDT can take preemptive action by utilizing CTI, understanding CTI tools, techniques and procedures (TTPs) needed to generate and consume timely and relevant intelligence to improve resilience and prevention.

This course focuses on the collection, classification, and exploitation of knowledge about adversaries and their TTPs. . MDT puts us close the mission and helps define the internal context to be analyzed against the CTI. TechNow pushes the student to truly understand how to think about and use CTI to make a difference.

Attendees to TN-905: Cyber Threat Intelligence Analysis will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 5 days

Course Objectives:

Learn to comprehend and develop complex scenarios
Identify and create intelligence requirements through practices such as threat modeling
Utilize threat modeling to drive intelligence handling and practices
Breakdown tactical, operational, and strategic-level threat intelligence
Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
How to collect adversary information creating better value CTI
How to filter and qualify external sources, mitigating low integrity intelligence
Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX
Move security maturity past IOCs into understanding and countering the behavioral tradecraft of threats
Breaking down threats mapped against their tradecraft to tweak IOCs
Establish structured analytical techniques to be successful in any security role
Learn and apply structured principles in support of CTI and how to communicate that to any security role.