1 / 6

Network Defense Analyst Training Plan Adjustments

This outline covers the adjustments made to the Network Defense Analyst Training Plan. It includes the removal of specific periods, changes in areas such as laws and policies, and emphasis on practical exercises and discussions. The training now focuses on validating alerts, analyzing traffic patterns, and utilizing tools like NMAP and Bitmasking in TCPDUMP. Labs and exercises are designed to simulate real-world scenarios on a closed network, incorporating critical services like DNS, DHCP, and IDS services such as SNORT/SURICATA.

clyde
Télécharger la présentation

Network Defense Analyst Training Plan Adjustments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network Defense AnalystTraining Plan Adjustments LS Pulsifer Surveillance Analyst 23 May 2014

  2. Outline • Current Form • What's gone and why • Where did it go? • Labs and exercises • Discussion

  3. What's gone? 15 periods removed from EO001.01 TP7-9 Includes 495 minutes (11 periods) of Vim, linux boot process, configuring and installing applications, sysadmin duties (groups and users) Laws and Policies have been stripped to 45 minutes from 6 hours Bitmasking in TCPDUMP eg 'tcp[13] & 0x12 != 0' NMAP ............ among other things

  4. Where did it go? Validate the legitimacy of the alert by comparing the results of : Open source research Alert signature Expected traffic patterns (define “normal’) Traffic analysis 9.1 DAYS

  5. Labs & Exercises Created on a closed network (cnda.lab domain) Contain critical services (DNS, DHCP, NTP) Aux services HTTP PROXY (squid?) ? IDS Services SNORT/SURICATA @ various sense points FRONT END BASE / SNORBY / SQUERT Similar exercises to forensicscontest or honeynet challenges

More Related