Mastering Advanced Network Services with Cyrin’s NICE Specialty Area Package Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit …
Mastering Advanced Network Services with Cyrin’s NICE Specialty Area Package
Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.
Empower your networking prowess with Cyrin’s Network Services NICE Specialty Area Package. Aligned with the National Initiative for Cybersecurity Education (NICE) framework, this comprehensive training equips you with advanced skills to design, implement, and manage robust network services. Elevate your expertise and become a distinguished Network Services Specialist.
This package consists of CYRIN labs focusing on the NIST National Initiative for Cybersecurity Education (NICE) Network Services specialty area. Completing these labs will help you learn the skills needed for a job in the area.
Prerequisites vary by lab, but are generally: familiarity with the Unix/Linux command line and basic networking concepts (TCP/IP, DNS, etc.).
16 hours, self-paced. Pause and continue at any time.
16 CPEs awarded on successful completion.
Introductory IDS Configuration with Snort
Students will learn how to configure an Intrusion Detection System (IDS) to examine traffic to/from a firewall. The popular Snort® IDS will be used in this exercise. The exercise will include both harmless background traffic and potentially-malicious traffic to be detected by Snort.
Intrusion Detection using Zeek (formerly Bro)
Students will learn how to deploy, configure and customize a Zeek Network Intrusion Detection System (NIDS). They will customize Zeek to generate enterprise specific logs and to send email notifications of events of interest. They will also create a simple Zeek plugin, using the Zeek scripting language, to detect and block brute force SSH login attempts.
Firewall Configuration with VyOS
Students will configure a network firewall using the VyOS router appliance, which mimics physical router hardware. The exercise will include both ingress and egress filtering, stateful packet inspection, and best practices. Students will set up a partitioned network and a DMZ area to isolate specific enterprise services, such as an e-mail server. Evaluation will include network probes from both inside and outside the firewall to ensure proper rules are configured.
Firewall Configuration with IPtables
Students will configure a network firewall using the standard Linux IPtables module. The exercise will include both ingress and egress filtering, stateful packet inspection, and best practices. More advanced techniques such as port knocking will also be introduced. Evaluation will include network probes from both inside and outside the firewall to ensure proper rules are configured.
Firewall Configuration with pfSense
Students will learn to secure and configure the widely used, open-source pfSense firewall. They will learn to create firewall rules, the order in which rules are applied, how pfSense aliases can be used to simplify the pfSense rule set, and how to secure pfSense itself. They will also learn to view statistics and logs collected by pfSense.
VPN Server Configuration with OpenVPN
Students will learn to configure and set up an OpenVPN server. OpenVPN is an open-source Virtual Private Network (VPN) solution. VPNs extend a private network over a public network, allowing users to send and receive data the public networks as if they are directly connected to the private network.
Students will learn to set up a Certificate Authority to create the keys and certificates needed to (1) authenticate users (VPN clients) and the VPN server and, (2) encrypt communication between the two. They will also learn how to revoke client certificates when needed.
SSH Server Configuration
Students learn the proper setup of the OpenSSH remote administration tool, including security-relevant settings. During the exercise, students will learn best practices such as host filtering, public-key or Kerberos authentication, and PAM integration.
DoS Attacks and Defenses
This lab teaches three different Denial of Service (DoS) attacks and techniques to mitigate them:
- A TCP SYN Flood attack that exploits a weakness in the design of the TCP transport protocol,
- A slow HTTP attack called Slowloris that takes advantage of how HTTP servers work, and
- A DNS amplification attack that exploits misconfigured DNS servers, of which there are plenty on the Internet.
Price included 6 months of access.