60 likes | 151 Vues
This outline covers the adjustments made to the Network Defense Analyst Training Plan. It includes the removal of specific periods, changes in areas such as laws and policies, and emphasis on practical exercises and discussions. The training now focuses on validating alerts, analyzing traffic patterns, and utilizing tools like NMAP and Bitmasking in TCPDUMP. Labs and exercises are designed to simulate real-world scenarios on a closed network, incorporating critical services like DNS, DHCP, and IDS services such as SNORT/SURICATA.
E N D
Network Defense AnalystTraining Plan Adjustments LS Pulsifer Surveillance Analyst 23 May 2014
Outline • Current Form • What's gone and why • Where did it go? • Labs and exercises • Discussion
What's gone? 15 periods removed from EO001.01 TP7-9 Includes 495 minutes (11 periods) of Vim, linux boot process, configuring and installing applications, sysadmin duties (groups and users) Laws and Policies have been stripped to 45 minutes from 6 hours Bitmasking in TCPDUMP eg 'tcp[13] & 0x12 != 0' NMAP ............ among other things
Where did it go? Validate the legitimacy of the alert by comparing the results of : Open source research Alert signature Expected traffic patterns (define “normal’) Traffic analysis 9.1 DAYS
Labs & Exercises Created on a closed network (cnda.lab domain) Contain critical services (DNS, DHCP, NTP) Aux services HTTP PROXY (squid?) ? IDS Services SNORT/SURICATA @ various sense points FRONT END BASE / SNORBY / SQUERT Similar exercises to forensicscontest or honeynet challenges