NWGL510 - Network Security

You are here:Home > Additional Hardware and Software Training > LINUX Training > Security Courses > NWGL510 - Network Security

This extremely popular class focuses on network security, and makes an excellent companion class to the NWGL550: Enterprise Linux Security Administration course. After a detailed discussion of the TCP/IP suite component protocols and ethernet operation, the student practices using various tools to capture, analyze, and generate IP traffic. Students then explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks. After building a thorough understanding of network based attacks, course focus shifts to the defensive solutions available. Students install, configure, and test two of the most popular and powerful NIDS solutions available. Finally, students create a Linux based router / firewall solution, including advanced functionality such as NAT, policy routing, and traffic shaping.

Prerequisites:

Since the tools used in class are compiled and run on a Linux system, Linux or UNIX system experience is helpful, but not necessary. A solid background in networking concepts will greatly aid in comprehension. This is an intense class that covers many topics. If you are unsure if you meet the prerequisites, please speak with a Guru Labs' representative.

Supported Distributions:

Fedora Core 1

Red Hat Enterprise Linux 3

Recommended Class Length:

5 days

Detailed Course Outline:

Ethernet and IP Operation
1. OSI Network Model
2. Application Layers
3. Network Services Layers
4. Moving Data Through The Stack
5. Data Link Layer Format
6. Ethernet Operation
7. Hub and Switch Operation
8. Ethernet Security Issues
9. Detecting Promiscuous NICs
10. Network Packet Capture
11. tcpdump
12. Ethereal
13. IPv4
14. IP Addressing
15. Differentiated Services
16. IP Fragmentation
17. Path MTU Discovery
18. ARP
19. ICMP
20. ICMP Redirects
21. Important ICMP Messages
22. ICMP Security Issues
23. Protecting Against ICMP Abuse
Lab Tasks
1. Basic Traffic Generation, Capture, and Analysis
2. Capturing and analyzing ARP traffic
3. Capturing and analyzing ICMP echo, unreachable, and redirect messages
4. Exploring traffic capture utilities
IP And ARP Vulnerability Analysis
1. IP Security Issues
2. IP Routing
3. Routing Protocol Security
4. Protecting Against IP Abuse
5. ARP Security Issues
6. Cache Poisoning with ARP Replies
7. Cache Poisoning with ARP Requests
8. ARP Cache Poisoning Defense
Lab Tasks
1. Advanced Traffic Generation, and Capture
2. Learning to forge headers
3. Using ARP cache 'poisoning'
4. Discovering promiscuous mode
UDP/TCP Protocol and TELNET Vulnerability Analysis
1. User Datagram Protocol
2. UDP Segment Format
3. Transmission Control Protocol
4. TCP Segment Format
5. TCP Port Numbers
6. TCP Sequence / Acknowledgment #'s
7. TCP Three-way Handshake
8. TCP Window Size
9. The TCP State Machine
10. The TCP State Transitions
11. TCP Connection Termination
12. TCP SYN Attack
13. TCP Sequence Guessing
14. TCP Connection Hijacking
15. Telnet
16. Telnet Concepts - Options, Commands,
17. Security Concerns
Lab Tasks
1. Attacks on TCP
2. Using forged packets to slow and kill TCP sessions
3. Monitoring and hijacking a telnet session
FTP And HTTP Vulnerability Analysis
1. FTP Modes
2. Transfer Methods
3. Security Concerns
4. The Bounce Attack
5. Minimizing Risk
6. FTP - Port Stealing
7. Brute-force Attacks
8. Access Restriction
9. HTTPv1.1
10. HTTP Protocol Parameters
11. HTTP Message
12. HTTP Request/Method Definitions
13. Response/Status Codes
14. Proxies
15. Authentication
16. Security Concerns
17. Personal Information
18. Attacks On File and Path Names
19. Header Spoofing
20. Auth Credentials and Idle Clients
21. Proxy Servers
Lab Tasks
1. Attacks on FTP and HTTP
2. Using dsniff
3. Using urlsnarf and webspy
DNS Protocol Vulnerability
1. Analysis
2. DNS
3. DNS Basic Concepts and Terms
4. DNS Resolution
5. DNS Zone Transfers
6. DNS Spoofing
7. DNS Cache Poisoning
8. DNS Security Improvements
Lab Tasks
1. Attacks on DNS
2. Using dnsspoof
3. Using forged DNS responses
SSH and HTTPS Protocol Vulnerability Analysis
1. SSH Concepts
2. Initial Connection
3. Protocols
4. SSH1
5. SSH2
6. Encryption Vulnerabilities
7. SSH Vulnerabilities
8. SSH1 Insertion Attack
9. SSH Brute Force Attack
10. SSH1 CRC Compensation Attack
11. Bleichenbacher Oracle
12. SSH1 Session Key Recovery
13. Client Authentication Forwarding
14. Host Authentication Bypass
15. X Session Forwarding
16. HTTPS Protocol Analysis
17. SSL Enabled Protocols
18. SSL protocol
19. SSL Layers
20. The SSL Handshake
21. SSL Vulnerabilities
22. Intercepted Change Cipher Spec
23. Intercepted Key Exchange
24. Version Rollback Attack
Lab Tasks
1. HTTPS and SSH
2. Performing a man-in-the-middle attack
3. Performing a timing and packet length attack
Remote Operating System
1. Detection
2. OS Detection
3. Banners
4. Commands
5. Less-direct Approaches
6. TCP/IP Stack Fingerprinting
7. Remote Fingerprinting Apps
8. nmap
Lab Tasks
1. Using the Nmap utility network sweep scans
2. Using Nmap for scans on a host
3. Using Nmap for TCP/IP fingerprinting
Attacks and Basic Attack Detection
1. Sources of Attack
2. Denial-of-Service Attacks
3. Methods of Intrusion
4. Exploit Software Bugs
5. Exploit System Configuration
6. Exploit Design Flaws
7. Password cracking
8. Typical Intrusion Scenario
9. Intrusion Detection
10. IDS Considerations
11. Attack Detection Tools
12. Klaxon
13. PortSentry
14. PortSentry Design
15. Snort
Lab Tasks
1. Basic Scan Detection
2. Examining standard system logs and statistics
3. Configuring PortSentry for logging port scans from nmap
4. Configuring PortSentry for active response to port scans
Intrusion Detection Technologies
1. Intrusion Detection Systems
2. Host Based IDS
3. Network Based IDS
4. Network Node IDS
5. File Integrity Checkers
6. Hybrid IDS
7. Honeypots
8. Focused Monitors
9. Snort Architecture
10. Snort Detection Rules
11. Snort Logs and Alerts
12. Snort Rules
Lab Tasks
1. Exploring Snort
2. Installing snort
3. Testing Snort for Nmap scans
4. Examining network traffic in decoded text format
5. Capturing all network packets
6. Using ethereal
7. Logging to SYSLOG
Advanced Snort Configuration
1. Advanced Snort Features
2. Snort Add-ons
3. ACID Web Console
4. The ACID Interface
5. SnortCenter Management
Lab Tasks
1. Snort Tools
2. Setting up a new database for snort
3. Configuring snort with database
4. Configuring ACID analysis tool
5. Configuring SnortCenter
6. Configuring the Linux SnortCenter Sensor Agent
Snort Rules
1. Snort Rules Format
2. Snort Rules Options
3. Writing Snort Rules
4. Example Rules
Lab Tasks
1. Custom Snort Rules
2. Capturing packets from exploit
3. Writing a custom rules for snort
4. Verifying exploit detection
Linux and Static Routing
1. Linux As a Router
2. Linux Router Minimum Requirements
3. Router Focused Distributions
4. Router Specific Settings
Lab Tasks
1. Static Routing
2. Configuring a host router
3. Configuring anti-spoofing protection
Linux Firewalls
1. Types of Firewalls
2. Application Firewalls:TCP Wrappers
3. Application Firewalls: Squid
4. Packet Filter: ipchains
5. Stateful Packet Filter: iptables
6. Firewall Topology
7. Recommended Firewall Rules
8. Firewall Limitations
9. iptables Concepts
10. Using iptables
11. Advanced iptables Actions
12. iptables: A More Secure Approach
Lab Tasks
1. Iptables
2. Filtering traffic
3. Logging traffic
Network and Port Address
1. Translation
2. Address Translation
3. Configuring NAT and PAT
4. NAT Limitations
5. Security Using NAT and PAT
6. Detecting NAT
Lab Tasks
1. NAT
2. Performing SNAT
3. Configuring DNAT
4. Configure a 1 to 1 IP mapping
IP Policy Routing
1. Advanced Routing
2. Replacing ifconfig with ip
3. Replacing route and arp
4. Policy Routing
5. Linux Policy Routing
6. Linux Policy Routing Rules
Lab Tasks
1. Marking packets based on protocol
2. Routing telnet and ssh packets
3. Routing using tcpdump

Sort By:

Page of 1

NWGL510 - Network Security

Our Price: $2,600.00

Join our mailing list!