Description
The Course Name : SECFND – Understanding Cisco Cybersecurity Fundamentals
The Duration: 5 Days
The Overview:
The purpose of this course is to teach participants basic security principles, concepts, provide fundamental knowledge and core skills needed to begin preparing for a job in cybersecurity.
What You Will Learn:
- How to describe, compare and identify various network concepts
- Fundamentals of TCP/IP
- How to describe and compare fundamental security concepts
- How to describe network applications and the security challenges
- How to understand basic cryptography principles.
- How to understand endpoint attacks, including interpreting log data to identify events in Windows and Linux
- How to develop knowledge in security monitoring, including identifying sources and types of data and events
- How to know various attack methods, security weaknesses, evasion methods, and remote versus local exploits
The Course Index:
This course allows learners to understand common security concepts, and start to learn the basic security techniques used in a Security Operations Center (SOC) to find threats on a network using a variety of popular security tools within a “real-life” network infrastructure.
Module 1: TCP/IP and Cryptography Concepts
Objective: Describe the concepts and usage of the TCP/IP protocol suite, network infrastructure, TCP/IP attacks, and cryptography.
Lesson 1: Understanding the TCP/IP Protocol Suite
Objective: Describe the TCP/IP protocol suite and its functions.
This lesson includes these topics:
OSI Model
Objective: Describe the OSI model and its function.
TCP/IP Model
Objective: Explain the TCP/IP protocol suite.
Introduction to the Internet Protocol
Objective: Explain Internet Protocol characteristics.
IP Addressing
Objective: Explain IPv4 addressing concepts.
IP Address Classes
Objective: Explain IPv4 address classes.
Reserved IP Addresses
Objective: Describe IPv4 reserved addressing space.
Public and Private IP Addresses
Objective: Describe the difference between public and private IP address space.
IPv6 Addresses
Objective: Describe IPv6 addressing.
Introduction to the Transmission Control Protocol
Objective: Describe TCP protocol characteristics.
TCP Three-Way Handshake
Objective: Explain the TCP three-way handshake process.
Introduction to the User Datagram Protocol
Objective: Describe the UDP protocol and how it differs from TCP.
TCP and UDP Ports
Objective: Explain the use of TCP and UDP ports in network communications. List some of the well-known ports.
Address Resolution Protocol
Objective: Explain how ARP provides the essential service of mapping IP addresses to physical addresses on a network.
Host-to-Host Packet Delivery Using TCP
Objective: Describe the steps required for host-to-host packet delivery using TCP.
Dynamic Host Configuration Protocol
Objective: Describe how the DHCP protocol functions.
Domain Name System
Objective: Describe basic DNS function and operation.
Internet Control Message Protocol
Objective: Describe the use and role of ICMP.
Packet Capture Using tcpdump
Objective: This topic analysis packet captures using tools such as tcpdump.
Wireshark
Objective: Describe how Wireshark is used to capture packets live and to open PCAP files.
Lesson 2: Understanding the Network Infrastructure
Objective: Describe network devices and the protocols running inside the network infrastructure and investigate the logs that network devices generate.
This lesson includes these topics:
Analyzing DHCP Operations
Objective: Describe attacks that target the Dynamic Host Configuration Protocol and how to monitor DHCP exchanges.
IP Subnetting
Objective: Describe how to scale IP networks with IP subnetting.
Hubs, Bridges, and Layer 2 Switches
Objective: Describe hub, bridge, and layer 2 switch operation and concepts.
VLANs and Trunks
Objective: Describe the function of VLANs and trunks at layer 2.
Spanning Tree Protocols
Objective: Describe layer 2 spanning-tree protocol.
Standalone (Autonomous) and Lightweight Access Points
Objective: Describe Standalone (Autonomous) and Lightweight Access Points, and their security vulnerabilities.
Routers
Objective: Describe the use of routers and the routing process used in network communications.
Routing Protocols
Objective: Describe routing protocols and attacks that can be used against them.
Multilayer Switches
Objective: Describe how multilayer switches operate and how frame and packet forwarding take place on the switch.
NAT Fundamentals
Objective: Describe Network Address Translation (NAT) fundamental concepts.
Packet Filtering with ACLs
Objective: Describe the purpose of Access List Control lists.
ACLs with the Established Option
Objective: Describe ACL operation when using the established option.
Lesson 3: Understanding Common TCP/IP Attacks
Objective: Describe security flaws in the TCP/IP protocol and how they can be used to attack networks and hosts.
This lesson includes these topics:
Legacy TCP/IP Vulnerabilities
Objective: Describe legacy TCP/IP vulnerabilities.
IP Vulnerabilities
Objective: Describe vulnerabilities related to the IP protocol.
ICMP Vulnerabilities
Objective: Describe vulnerabilities related to the ICMP protocol.
TCP Vulnerabilities
Objective: Describe vulnerabilities related to the TCP protocol.
UDP Vulnerabilities
Objective: Describe vulnerabilities related to the UDP protocol.
Attack Surface and Attack Vectors
Objective: Describe the attack surface and its relation to an organizations vulnerability.
Reconnaissance Attacks
Objective: Describe how network data is collected through a reconnaissance attack.
Access Attacks
Objective: Describe how an access attack is used to gain unauthorized access.
Man-in-the-Middle (MITM) Attacks
Objective: Describe MITM attacks.
Denial of Service and Distributed Denial of Service
Objective: Describe how DoS and DDoS attacks are used against networks.
Reflection and Amplification Attacks
Objective: Describe how a reflection attack is used against IP hosts.
Spoofing Attacks
Objective: Describe the concepts and uses of spoofing attacks.
DHCP Attacks
Objective: Describe the concepts and use of DHCP attacks.
Lesson 4: Understanding Basic Cryptography Concepts
Objective: Describe the basic concepts and uses of cryptography.
This lesson includes these topics:
Impact of Cryptography on Security Investigations
Objective: Describe the impact of cryptography on security investigations.
Cryptography Overview
Objective: Describe cryptography concepts.
Hash Algorithms
Objective: Describe hashing mechanisms and algorithms.
Encryption Overview
Objective: Describe encryption usage and features.
Cryptanalysis
Objective: Describe the use of cryptanalysis to break codes to decipher encrypted data.
Symmetric Encryption Algorithms
Objective: Describe the use of symmetric encryption algorithms.
Asymmetric Encryption Algorithms
Objective: Describe the use of asymmetric cryptographic algorithms.
Diffie-Hellman Key Agreement
Objective: Describe the Diffie-Hellman key agreement and Diffie-Hellman groups.
Use Case: SSH
Objective: Describe uses of the SSH protocol.
Digital Signatures
Objective: Describe the basic security services offered with the use of digital signatures.
PKI Overview
Objective: Describe PKI components and use.
PKI Operations
Objective: Describe PKI operations.
Use Case: SSL/TLS
Objective: Describe a use case for SSL/TLS.
Cipher Suite
Objective: Describe cipher suite concepts.
Key Management
Objective: Describe key management for the secure generation, verification, exchange, storage, and destruction of keys.
NSA Suite B
Objective: Describe NSA Suite B cryptographic algorithms.
Module 2: Network Applications and Endpoint Security
Lesson 1: Describing Information Security Concepts
Objective: Describe information security concepts and strategies within the network.
This lesson includes these topics:
Information Security Confidentiality, Integrity, and Availability
Objective: Describe the Information Security CIA triad.
Personally Identifiable Information
Objective: Describe PII as it relates to information security.
Risk
Objective: Describe risk as a function of the likelihood of a given threat source’s exercising a particular potential vulnerability.
Vulnerability Assessment
Objective: Describe vulnerability assessment in the context of information security.
CVSS v3.0
Objective: Describe the CVSS.
Access Control Models
Objective: Describe basic models for implementing access controls over network resources.
Regulatory Compliance
Objective: Describe compliance regulations and their effects on an organization.
Information Security Management
Objective: Describe frameworks for information security management.
Security Operations Center
Objective: Describe the SOC components of people, processes, and technologies, and the reason for the SOC.
Challenge
Lesson 2: Understanding Network Applications
Objective: This lesson describes the use of network applications and how the security analyst can use this knowledge to detect malicious behavior.
This lesson includes these topics:
DNS Operations
Objective: Explain DNS terminology and operations.
Recursive DNS Query
Objective: Describe the process of recursive DNS queries.
Dynamic DNS
Objective: Describe the automated discovery and registration process of the client public IP addresses via DDNS.
HTTP Operations
Objective: Describe HTTP operations and traffic analysis to identify anomalies in the HTTP traffic.
HTTPS Operations
Objective: Describe the use of and operation of HTTPS traffic.
Web Scripting
Objective: Describe how web scripting can be used to deliver malware.
SQL Operations
Objective: Describe how SQL is used to query, operate, and administer relational database management systems as well as how to recognize SQL based attacks.
SMTP Operations
Objective: Describe how the mail delivery process works, and SMTP conversations.
Lesson 3: Understanding Common Network Application Attacks
Objective: This lesson discusses several network application-based attacks. The security analyst needs to be aware of and able to detect these types of attacks.
This lesson includes these topics:
Password Attacks
Objective: Describe password attacks such as brute force and dictionary attacks.
Pass-the-Hash Attacks
Objective: Describe pass-the-hash attacks.
DNS-Based Attacks
Objective: Describe DNS-based attacks.
DNS Tunneling
Objective: Describe DNS tunneling and its use to exfiltrate data out of their networks.
Web-Based Attacks
Objective: Describe web-based attacks and their risk to businesses.
Malicious iFrames
Objective: Describe malicious scripts that are hidden inside inline frames.
HTTP 302 Cushioning
Objective: Describe web site redirection with HTTP 302 cushioning.
Domain Shadowing
Objective: Describe the domain shadowing process used to hijack users’ domain registration logins to create subdomains.
Command Injections
Objective: Describe command injection used to execute arbitrary commands on vulnerable web applications.
SQL Injections
Objective: Describe how SQL injections are used against databases.
Cross-Site Scripting and Request Forgery
Objective: Describe how cross-site scripting and request forgery are used to threaten the security of web applications.
Email-Based Attacks
Objective: Describe how email-based attacks are used against enterprises.
Lesson 4: Understanding Windows Operating System Basics
Objective: This lesson focuses on the Windows operating system feature and functionality.
This lesson includes these topics:
Windows Operating System History
Objective: Describe the history on the Windows operating systems and vulnerabilities.
Windows Operating System Architecture
Objective: Describe the Windows OS architecture and components.
Windows Processes, Threads, and Handles
Objective: Describe Windows processes, threads, and handles.
Windows Virtual Memory Address Space
Objective: Describe virtual memory allocation in the Windows OS.
Windows Services
Objective: Describe Windows services and how they are used.
Windows File System Overview
Objective: Describe the functionality of Windows NTFS.
Windows File System Structure
Objective: Describe the Windows NTFS structure.
Windows Domains and Local User Accounts
Objective: Describe Windows domains and local user accounts.
Windows Graphical User Interface
Objective: Describe the Windows graphical user interface and its use.
Run as Administrator
Objective: Describe how to perform tasks in Windows which may require administrator privileges.
Windows Command Line Interface
Windows PowerShell
Objective: Describe the features of the Windows PowerShell.
Windows net Command
Objective: Describe how the net command is used for Windows administration and maintenance.
Controlling Startup Services and Executing System Shutdown
Objective: Describe how to control Windows startup services, and execute a system shutdown.
Controlling Services and Processes
Objective: Describe how to control Windows services and processes that are operating on a host.
Monitoring System Resources
Objective: Describe how to monitor Windows system resources with the use of Windows Task Manager.
Windows Boot Process
Objective: Describe the Windows boot process, starting services, and registry entries.
Windows Networking
Objective: Describe how to configure Windows networking properties.
Windows netstat Command
Objective: Describe how to use the netstat command to view running networking functions.
Accessing Network Resources with Windows
Objective: Describe how access Windows network resources and perform remote functions.
Windows Registry
Objective: Describe the use of the Windows registry.
Windows Event Logs
Objective: Describe how the Windows Event Viewer is used to browse and manage event logs.
Windows Management Instrumentation
Objective: Describe how the Windows Management Instrumentation is used for management of data and operations on Windows-based operating systems.
Common Windows Server Functions
Objective: Describe common Windows server functions and features.
Common Third-Party Tools
Objective: Describe commonly used third-party tools to manage to manage Windows operating systems.
Lesson 5: Understanding Linux Operating System Basics
Objective: Provide an overview of the Linux Operating System.
This lesson includes these topics:
History and Benefits of Linux
Objective: Provide brief history and benefits of Linux operating system
Linux Architecture
Objective: Describe Linux architecture.
Linux File System Overview
Objective: Provide an overview of the Linux file system.
Basic File System Navigation and Management Commands
Objective: Describe basic file system navigation and management commands in Linux.
File Properties and Permissions
Objective: Describe Linux file properties and permissions.
Editing File Properties
Objective: Describe Linux commands that you can use to manage file permissions and ownership.
Root and Sudo
Objective: Describe Root and Sudo commands in Linux.
Disks and File Systems
Objective: Describe Linux storage disks and file systems.
System Initialization
Objective: Describe the Linux boot process.
Emergency/Alternate Startup Options
Objective: Describe alternate startup options in case Linux is experiencing problems or has been compromised.
Shutting Down the System
Objective: Describe properly procedure to shutdown a Linux-based system when you need to bring the system down for maintenance or troubleshooting.
System Processes
Objective: Describe Linux system processes.
Interacting with Linux
Objective: Describe mechanisms for interacting with the Linux operating system.
Linux Command Shell Concepts
Objective: Explore important concepts about the Linux shell and its usage.
Piping Command Output
Objective: Explore Linus Piping command output.
Other Useful Command Line Tools
Objective: Describe other useful Linux command line tools.
Overview of Secure Shell Protocol
Objective: Provide an overview of Secure Shell Protocol.
Networking
Objective: Describe Linux f tools and features for managing virtually every aspect of networking and connectivity configuration.
Managing Services in SysV Environments
Objective: Describe the process of managing services in SysV environments.
Viewing Running Network Services
Objective: Describe tools to track the services running in your Linux installation.
Name Resolution: DNS
Objective: Provide an overview of the Domain Name System.
Testing Name Resolution
Objective: Explore the Linux operating system tools to test name resolution.
Viewing Network Traffic
Objective: Explore Linux tools to viewing network traffic.
System Logs
Objective: Explore logging functionality in context to Linux systems.
Configuring Remote syslog
Objective: Configure remote syslog in context to Linux systems.
Running Software on Linux
Objective: Describe requirements to run software in a Linux installation.
Executables vs. Interpreters
Objective: Explore Linux executable files and interpreters that can execute code.
Using Package Managers to Install Software in Linux
Objective: Describe package managers to install software in Linux.
System Applications
Objective: Describe system applications used to serve clients in context to Linux.
Lightweight Directory Access Protocol
Objective: Provide an overview of the Lightweight Directory Access Protocol.
Lesson 6: Understanding Common Endpoint Attacks
Objective: Describe various attack techniques against the endpoints.
This lesson includes these topics:
Classify Attacks, Exploits, and Vulnerabilities
Objective: Classify attacks, exploits, and vulnerabilities in context to endpoint attacks.
Buffer Overflow
Objective: Describe buffer overflow vulnerability.
Malware
Objective: Describe malware in context to endpoint attacks.
Reconnaissance
Objective: Describe reconnaissance in context to endpoint attacks.
Gaining Access and Control
Objective: Describe gaining access and control in context to endpoint attacks.
Gaining Access via Social Engineering
Objective: Describe how social engineering is used to gain access to endpoints.
Social Engineering Example: Phishing
Objective: Describe phishing as an example of social engineering.
Gaining Access Via Web-Based Attacks
Objective: Describe how attacker can gain access via web-based attacks.
Exploit Kits
Objective: Describe how attackers can use exploit kit to discover and exploit vulnerabilities in an endpoint.
Rootkits
Objective: Describe rootkit as an attacker tool.
Privilege Escalation
Objective: Describe mechanisms that attackers can use to escalate privileges.
Pivoting
Objective: Describe how attackers use pivoting technique to expand their access in a network.
Post-Exploitation Tools Example
Objective: Provide example of tools used in the post-exploitation phase of an attack.
Exploit Kit Example: Angler
Objective: Describe Angler exploit kit chain of events.
Lesson 7: Understanding Network Security Technologies
Objective: Describe how various network security technologies work together to guard against attacks.
This lesson includes these topics:
Defense-in-Depth Strategy
Objective: Describe the traditional Defense-in-Depth approach to provide a layered security by using multiple security mechanisms.
Defend Across the Attack Continuum
Objective: Describe the security model that works across the attack continuum.
Authentication, Authorization, and Accounting
Objective: Describe AAA.
Identity and Access Management
Objective: Describe Identity and Access Management solutions.
Stateful Firewall
Objective: Describe stateful firewalls.
Network Taps
Objective: This topic describes network taps.
Switched Port Analyzer
Objective: This topic describes switched port analyzer.
Remote Switched Port Analyzer
Objective: This topic describes remote switched port analyzer.
Intrusion Prevention System
Objective: Describe Intrusion Prevention Systems.
IPS Evasion Techniques
Objective: Describe Intrusion Prevention Systems Evasion Techniques.
Snort Rules
Objective: Describe Intrusion Prevention Systems.
VPNs
Objective: Describe VPNs.
Email Content Security
Objective: Describe email content security.
Web Content Security
Objective: Describe web content security.
DNS Security
Objective: Describe DNS security.
Network-Based Malware Protection
Objective: Describe network-based malware protection.
Next Generation Firewall
Objective: Describe Next Generation Firewall.
Security Intelligence
Objective: Describe the use of security intelligence feed.
Threat Analytic Systems
Objective: Describe threat analytics systems
Network Security Device Form Factors
Objective: Describe the three network security device form factors: physical, virtual, and cloud.
Security Onion Overview
Objective: Describe the Security Onion open source security monitoring tool.
Security Tools Reference
Objective: Describe online security research tools.
Lesson 8: Understanding Endpoint Security Technologies
Objective: Provides basic understanding of endpoint security and be familiar with common endpoint security technologies.
This lesson includes these topics:
Host-Based Personal Firewall
Objective: Describe host-based personal firewall.
Host-Based Anti-Virus
Objective: Describe host-based anti-virus.
Host-Based Intrusion Prevention System
Objective: Describe host-based Intrusion Prevention System.
Application Whitelists and Blacklists
Objective: Describe application whitelists and blacklists.
Host-Based Malware Protection
Objective: Describe host-based malware protection.
Sandboxing
Objective: Describe sandboxing in context to network security.
File Integrity Checking
Objective: Describe how security analysts use file integrity checking tools.
Module 3: Security Monitoring and Analysis
Objective: This module discusses network security monitoring, data collection, and data analysis.
Lesson 1: Describing Security Data Collection
Objective: This lesson discusses security monitoring and analysis of logs and data collected from multiple sources.
This lesson includes these topics:
Network Security Monitoring Placement
Objective: Describe placement of network security monitoring devices on the network.
Network Security Monitoring Data Types
Objective: Describe the various types of data used in monitoring network security.
Intrusion Prevention System Alerts
Objective: Describe the importance and use of IPS alerts in network security monitoring.
True/False, Positive/Negative IPS Alerts
Objective: Describe true and false positive IPS alerts and their effects on security monitoring.
IPS Alerts Analysis Process
Objective: Describe the process of IPS alert analysis.
Firewall Log
Objective: Describe the context of a security incident in firewall syslog messages.
DNS Log
Objective: Describe the need for network DNS activity log analysis.
Web Proxy Log
Objective: Describe web proxy log analysis for investigating web-based attacks.
Email Proxy Log
Objective: Describe email proxy log analysis for investigating email-based attacks.
AAA Server Log
Objective: Describe AAA server log analysis.
Next Generation Firewall Log
Objective: Describe NGFW log analysis for incident investigation.
Applications Log
Objective: Describe application log analysis for detecting application misuse.
Packet Captures
Objective: Describe packet capture usage and benefits for investigating security incidents.
NetFlow
Objective: Describe the use of NetFlow for collection and monitoring of network traffic flow data.
Network Behavior Anomaly Detection
Objective: Describe network behavior anomaly monitoring for detecting deviations from the normal patterns.
Data Loss Detection Using Netflow Example
Objective: Describe using NetFlow for data loss detection.
Security Information and Event Management Systems
Objective: Describe the deployment and use of SIEMs to collect, sort, process, prioritize, store, and report the alarms.
Lesson 2: Describing Security Event Analysis
Objective: Explore the different threat models that security operations organizations can reference when performing cybersecurity analysis.
This lesson includes these topics:
Cyber Kill Chain
Objective: Provide overview of the cyber kill chain model that describes the structure of an attack.
Advanced Persistent Threats
Objective: Describe advanced persistent threats characteristics.
Diamond Model for Intrusion Analysis
Objective: Describe the Diamond model for intrusion analysis.
Cybersecurity Threat Models Summary
Objective: Summarize cybersecurity threat models.
SOC Runbook Automation
Objective: Provide an overview of the SOC runbook automation.
Malware Reverse Engineering
Objective: Describe how malware reverse engineering can help protect or defend against future attacks.
Chain of Custody
Objective: Describe chain of custody for all evidence and interacting with law enforcement.