Course Summary
This extremely popular class focuses on network security.
Duration
5 days.
Objectives
After a detailed discussion of the TCP/IP suite component protocols and ethernet operation, the student practices using various tools to capture, analyze, and generate IP traffic. Students then explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks. After building a thorough understanding of network based attacks, course focus shifts to the defensive solutions available. Students install, configure, and test two of the most popular and powerful NIDS solutions available. Finally, students create a Linux based router / firewall solution, including advanced functionality such as NAT, policy routing, and traffic shaping.
Audience
Since the tools used in class are compiled and run on a Linux system, Linux or UNIX system experience is helpful, but not necessary. A solid background in networking concepts will greatly aid in comprehension. This is an intense class that covers many topics.
Outline
DAY 1
- Ethernet and IP Operation
- TCP/IP Protocol vulnerability analysis (Layer 2/3)
- Tools for frame capture, analysis, and creation
- Tools for packet capture, analysis, and creation
- IP and ARP Vulnerability Analysis
- ARP spoofing, IP address spoofing, ICMP abuse
- Protecting against IP abuse
- ARP cache poisoning defense
- UDP/TCP Vulnerability Analysis
- TCP format, state, and operations
- SYN attack, sequence guessing, hijacking
- TELNET Protocol Vulnerability Analysis
- FTP Vulnerability Analysis
- Bounce attack, port stealing, brute-force
- HTTP Vulnerability Analysis
- Attacks on file and pathnames
- Header spoofing
- Auth credentials and cookies
- DNS Protocol Vulnerability Analysis
- SSH Protocol Vulnerability Analysis
- Insertion attack, brute force, CRC attack
- Host authentication bypass
- HTTPS Vulnerability Analysis
- SSL protocol structure
- Intercepted key exchange
- Version rollback attack
- Remote O/S detection
- TCP/IP stack fingerprinting
- Attacks and Basic Attack Detection
- Sources of attack
- Denial of service attacks
- Remote intrustion expoits
- Attack detection tools
- Intrusion Detection Technologies
- Host, network, hybrid IDS
- Honeypots
- Focused Monitors
- Using snort
- Advanced snort Configuration
- snort addons
- Writing snort Rules
- ACID and SnortCenter
- Linux as a router
- Types of firewalls
- Proxies: squid
- Packet filters: stateless and stateful
- Firewall limitations
- Configuring iptables
- NAT and PAT on Linux
- Advanced policy routing
Customized On-site Training
Related Courses
