Course Overview:

PowerShell is made for Security Operations (SecOps) automation on Windows. SecOps requires automation in order to scale out security changes and monitoring beyond a handful of hosts. For example, when a vulnerability must be remediated but there is no patch for it yet, automation is needed to quickly and consistently enact the changes necessary. PowerShell “remoting” is encrypted remote command execution of PowerShell scripts in a way that can scale to thousands of endpoints and servers.

Imagine being able to hunt for indicators of compromise across thousands of machines with just a few lines of PowerShell code. Or imagine having the local Administrator account password reset every night on thousands of endpoints in a secure way, and being able to retrieve that password securely too.

We will show you to do these tasks and more. Transcription logging for forensics, strong encryption code signing, application whitelisting of scripts, IPSec port control, and Just Enough Admin (JEA).

As more and more of our systems are moved up to the cloud, PowerShell will become even more important. Amazon Web Services, Microsoft Azure, Office 365, Hyper-V and VMware already support PowerShell administration for many tasks.

Attendees to TN-965: Windows Security Automation with PowerShell will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Intended Audience
This course is intended for IT Professionals already experienced in general Windows Server and Windows Client administration or already experienced in administering and supporting Application servers and services including applications like Exchange, SharePoint, and SQL. It is broadly intended for students who want to use Windows PowerShell to automate administrative tasks from the command line, using any Microsoft or independent software vendor (ISV) product that supports Windows PowerShell manageability.

Course Objectives:

PowerShell Overview and Tips

• • Getting started running commands
  • Using and updating the built-in help
  • Execution policies
  • Fun tricks with the ISE graphical editor
  • Piping .NET and COM objects, not text
  • Using properties and methods of objects
  • Helping Linux admins feel more at home
  • Aliases, cmdlets, functions, modules, etc.
  • Customizing your profile script

What Can We Do With PowerShell

• • PowerShell remote command execution
  • Fan-out remoting and security
  • File copy via PowerShell remoting
  • Capturing the output of commands
  • Parsing text files and logs with regex patterns
  • Searching remote event logs faster with XPath
  • Mounting the registry as a drive
  • Exporting data to CSV, HTML and JSON files
  • Parsing and mining nmap port scanner XML output
  • Running scripts as scheduled jobs
  • Pushing out scripts through Group Policy
  • Importing modules and dot-sourcing functions
  • http://www.PowerShellGallery.com

Write your own scripts

• • Writing your own functions
  • Passing arguments into your scripts
  • Function parameters and returning output
  • Flow control: if-then, do-while, foreach, switch
  • The .NET Framework class library: a playground
  • How to pipe data in/out of your scripts

Continuous Secure Configuration Enforcement

• • How to use Group Policy and PowerShell together
  • Automate with INF security templates
  • How to customize INF templates
  • Microsoft Security Compliance Manager (SCM)
  • SECEDIT.EXE scripting
  • Building an in-house security repository for SecOps/DevOps
  • NSA’s Secure Host Baseline GPOs

Group Policy Precision Targeting

• • Managing Group Policy Objects (GPOs) with PowerShell
  • LSDOU, Block Inheritance, Enforced GPOs
  • Group Policy permissions for targeting changes
  • ADMX templates for mass registry editing
  • Deploying PowerShell startup and logon scripts
  • WMI item-level targeting of GPO preferences
  • GPO scheduled tasks to run PowerShell scripts
  • Remote command execution via GPO (not remoting)
  • Empowering the Hunt Team to fight back!

Server Hardening for SecOps/DevOps

• • Server Manager scripting with PowerShell
  • Adding and removing roles and feature
  • Remotely inventory roles, features, and apps
  • Why Server Nano or Server Core
  • Running PowerShell automatically after service failure
  • Service account identities, passwords, and risks
  • Tools to reset service account passwords securely

PowerShell Desired State Configuration (DSC)

• • DSC is Configuration Management built in for free
  • Using DSC for continuous reinforcement of settings
  • Writing your own DSC configuration scripts
  • Free DSC resource modules: www.PowerShellGallery.com
  • How to push DSC configurations to many targets
  • DSC background job processing in push mode
  • Examples: sync files, install roles, manage groups
  • Auditing a remote target against a DSC MOF template
  • “ApplyAndAutoCorrect” mode for continuous enforcement

PowerShell Just Enough Admin (JEA)

• • JEA is Windows sudo, like on Linux
  • JEA is Windows setuid root, like on Linux
  • Restricting commands and arguments
  • Verbose transcription logging
  • How to set up and configure JEA
  • Privilege Access Workstations (PAWs)

PowerShell and WMI

• • Windows Management Instrumentation (WMI) service
  • What is WMI and why do hackers abuse it so much?
  • Using PowerShell to query WMI CIM classes
  • WMI authentication and traffic encryption
  • Inventory operating system versions and installed software
  • WMI remote command execution versus PowerShell remoting
  • PowerShell security best practices
  • PowerShell transcription logging to catch hackers

Prerequisites:

• Previous Windows Server and Windows Client management knowledge and hands on experience.
  Experience installing and configuring Windows Server into existing enterprise environments, or as standalone installations.
• Knowledge and experience of network adapter configuration, basic Active Directory user administration, and basic disk configuration.
• Knowledge and hands on experience specifically with Windows Server 2012/Windows Server 2012 R2 and Windows 8/Windows 8.1 would be of benefit but is not essential.

Comments

Latest comments from students

Liked the class?  Then let everyone know!

Course Overview:

The Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) course gives you the knowledge and skills needed to configure, troubleshoot, and manage enterprise wired and wireless networks. You’ll also learn to implement security principles, implement automation and programmability within an enterprise network, and how to overlay network design by using SD-Access and SD-WAN solutions.

Attendees to N-415: Implementing and Operating Cisco Enterprise Network Core Technologies (ENCOR) will receive TechNow approved course materials, expert instruction, and prepare you to take the 350-401 Implementing Cisco® Enterprise Network Core Technologies (ENCOR) exam.

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

• Illustrate the hierarchical network design model and architecture using the access, distribution, and core layers
• Compare and contrast the various hardware and software switching mechanisms and operation, while defining the Ternary Content Addressable Memory (TCAM) and Content Addressable Memory (CAM), along with process switching, fast switching, and Cisco Express Forwarding concepts
• Troubleshoot Layer 2 connectivity using VLANs and trunking
• Implementation of redundant switched networks using Spanning Tree Protocol
• Troubleshooting link aggregation using Etherchannel
• Describe the features, metrics, and path selection concepts of Enhanced Interior Gateway Routing Protocol (EIGRP)
• Implementation and optimization of Open Shortest Path First (OSPF)v2 and OSPFv3, including adjacencies, packet types, and areas, summarization, and route filtering for IPv4 and IPv6
• Implementing External Border Gateway Protocol (EBGP) interdomain routing, path selection, and single and dual-homed networking
• Implementing network redundancy using protocols including Hot Standby Routing Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP)
• Implementing internet connectivity within Enterprise using static and dynamic Network Address Translation (NAT)
• Describe the virtualization technology of servers, switches, and the various network devices and components
• Implementing overlay technologies such as Virtual Routing and Forwarding (VRF), Generic Routing Encapsulation (GRE), VPN, and Location Identifier Separation Protocol (LISP)
• Describe the components and concepts of wireless networking including Radio Frequency (RF) and antenna characteristics, and define the specific wireless standards
• Describe the various wireless deployment models available, include autonomous Access Point (AP) deployments and cloud-based designs within the centralized Cisco Wireless LAN Controller (WLC) architecture
• Describe wireless roaming and location services
• Describe how APs communicate with WLCs to obtain software, configurations, and centralized management
• Configure and verify Extensible Authentication Protocol (EAP), WebAuth, and Pre-Shared Key (PSK) wireless client authentication on a WLC
• Troubleshoot wireless client connectivity issues using various available tools
• Troubleshooting Enterprise networks using services such as Network Time Protocol (NTP), Simple Network Management Protocol (SNMP), Cisco Internetwork Operating System (Cisco IOS®) IP Service Level Agreements (SLAs), NetFlow, and Cisco IOS Embedded Event Manager
• Explain the use of available network analysis and troubleshooting tools, which include show and debug commands, as well as best practices in troubleshooting
• Configure secure administrative access for Cisco IOS devices using the Command-Line Interface (CLI) access, Role-Based Access Control (RBAC), Access Control List (ACL), and Secure Shell (SSH), and explore device hardening concepts to secure devices from less secure applications, such as Telnet and HTTP
• Implement scalable administration using Authentication, Authorization, and Accounting (AAA) and the local database, while exploring the features and benefits
• Describe the enterprise network security architecture, including the purpose and function of VPNs, content security, logging, endpoint security, personal firewalls, and other security features
• Explain the purpose, function, features, and workflow of Cisco DNA Center™ Assurance for Intent-Based Networking, for network visibility, proactive monitoring, and application experience
• Describe the components and features of the Cisco SD-Access solution, including the nodes, fabric control plane, and data plane, while illustrating the purpose and function of the Virtual Extensible LAN (VXLAN) gateways
• Define the components and features of Cisco SD-WAN solutions, including the orchestration plane, management plane, control plane, and data plane
• Describe the concepts, purpose, and features of multicast protocols, including Internet Group Management Protocol (IGMP) v2/v3, Protocol-Independent Multicast (PIM) dense mode/sparse mode, and rendezvous points
• Describe the concepts and features of Quality of Service (QoS), and describe the need within the enterprise network
• Explain basic Python components and conditionals with script writing and analysis
• Describe network programmability protocols such as Network Configuration Protocol (NETCONF) and RESTCONF
• Describe APIs in Cisco DNA Center and vManage

Prerequisites:

• CCNA certification
• Implementation of Enterprise LAN networks
• Basic understanding of Enterprise routing and wireless connectivity
• Basic understanding of Python scripting

Comments

Latest comments from students

User: don.seguin

Instructor comments: Tim was a great.

Facilities comments: The classroom was great.

User: jrtrussell

Instructor comments: Awesome

Facilities comments: Great

Liked the class?  Then let everyone know!

Course Overview: PA-212: Palo Alto Networks Firewall Configure Extended Features (EDU-205) Training Class is a two-day course that teaches students to configure and manage the entire line of Palo Alto Networks next-generation firewalls. Students also will be instructed on the basics of implementing and managing GlobalProtect™ and active/ active high availability. Students will gain an in-depth knowledge of how to optimize their visibility and control of applications, users, and content.  This course prepares the student for Palo Alto Networks Certified Network Security Engineer (PCNSE).  Through hands-on training, students learn high end skills of how to integrate Palo Alto next-generation firewalls into their network infrastructure.  This is not a virtualized theoretical course.  This is hands-on, real world instruction, directly relevant to the DoD and Commercial implementations of Palo Alto Networks next-generation firewalls.

Each student is issued a physical Palo Alto firewall and a Cisco layer 3 switch at their desk.  Real hardware per student for real experience and real skill development.  TechNow provides a very comprehensive client infrastructure that includes Windows, Linux, and multiple packet sniffer agents.

This course sets up the foundation for the three day course PA-243: Palo Alto Networks Firewall Debug and Troubleshoot (EDU-311). The instructor for this course has been a lead in Unix kernel development to implement firewall and intrusion detection technologies.  Additionally, the instructor has taught several security appliance products and carries several SANS, ISC2, ISACA, Cisco, Unix, and Windows certifications.  Attendees to the PA-212: Palo Alto Networks Firewall Configure Extended Features (EDU-205) Training Course will receive TechNow approved course materials and expert instruction.

Dates/Locations: No Events

Duration: 2 days

Course Objectives:   Students attending this foundational-level training course will gain an in-depth knowledge of how to configure and manage their Palo Alto Networks firewall.  Students also will be instructed on the basics of implementing and managing GlobalProtect™ and active/ active high availability. Students will gain an in-depth knowledge of how to optimize their visibility and control of applications, users, and content.

Prerequisites:

• PA-213: Palo Alto Networks Firewall Install, Configure, and Manage (EDU-201)

This course is in no way associated with Palo Alto Networks, Inc.

Comments

Latest comments from students

Like the class?  Then let everyone know!

Course Overview: 

This course identifies how business analysts can elicit Agile requirements by writing user stories from use cases and personas of customer profiles.  This leads to the processes of confirming the validity and usability for quality of the product development.  An Agile Business Analyst has become a new recognized role within the other Agile Framework roles.

Attendees to PM-242:Defining Agile Requirements with User Stories will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objectives: At the conclusion of this course, students will be able to:

• Understand the Scrum Flow, the core components of the Scrum framework
• Understand the scope of the Product Owner role in detail
• Understand the scope of the Agile Business Analysis role in coordination with the Product Owner, Scrum Master and Development Team
• Understand the scope of the Scrum Master role at a high level
• Understand the scope of the Scrum Development Team roles
• Document the interactions between the user of a system and the system itself
• Dive into understanding the Agile principles for requirements using user stories in a card, conversation, and confirmation format

Target Student:

• Designed specifically for Agile project team members, product owners, project leaders and business analysts or anyone wanting to understand the Agile Framework.

Comments

Latest comments from students

Liked the class?  Then let everyone know!