Solaris[tm] OE Network Intrusion Detection SC-345

kurz

Základní info

The Solaris Operating System Network Intrusion Detection course provides students with the knowledge and skills necessary to perform the advanced administration skills required to firewall, monitor, log, identify and respond to network security breaches.Students who can benefit from this course:Experienced System Administrators and Security Administrators who are tasked with protecting Sun Solaris systems in a non-trusted environment such as the Internet or a LAN environment with multiple unknown/untrusted users

Vstupní předpoklady:

  • Configuring Security on the Solaris 10 Operating System (SC-301-S10)
  • Configure Solaris logging daemons like syslog
  • Install, configure, and maintain a Solaris product line server
  • Install open source utilities like tcpdump and libpcap
  • Configure a Solaris NIC for LAN and Internet access
  • Have a firm understanding of the TCP/IP protocol stack and IP routing

Co se u nás naučíte:

  • Identify and protect against design flaws in standard networking protocols (such as TCP, UDP, IP, ICMP, SSL, SSH, HTTP and ARP)
  • List possible ways that an intruder can gather information about a server or a whole network
  • Describe all types of network based security attacks like SYN/ACK attack, man-in-the-middle attack, ARP spoofing, session hijacking and Buffer Overflow attacks
  • Install a Network Intrusion Detection System and a host-based firewall
  • Identify, in real time, a network security breach and respond

Osnova:

Ethernet and IP Operation

  • Review OSI network model
  • Review application and network service layers
  • Identify Ethernet security issues
  • Review IPv4 addressing
  • Understand IP fragmentation
  • Identify ICMP security issues
  • Implement basic traffic capture and analysis

IP and ARP Vulnerability Analysis

  • Identify IP security issues
  • Describe IP routing and routing protocol security
  • Protect against IP abuse
  • Identify ARP security issues
  • Execute attacks against ARP
  • Protect against ARP abuse
  • Implement advanced packet capture and analysis

UDP/TCP Protocol and TELNET Vulnerability Analysis

  • Discuss characteristics of UDP and TCP
  • Identify TCP security issues
  • Describe common TCP abuses: SYN attack, sequence guessing, connection hijacking
  • Discuss characteristics of TELNET
  • Identify TELNET security issues
  • Execute attacks on TCP and TELNET
  • Protect against TCP and TELNET abuse

FTP and HTTP Vulnerability Analysis

  • Describe FTP transfer methods and modes and identify FTP security issues
  • Describe common FTP abuses: FTP bounce attack, port stealing, brute force
  • Discuss characteristics of HTTPv1.1
  • Describe role of HTTP proxy servers and HTTP authentication
  • Identify HTTP security issues
  • Describe common HTTP abuses: path name stealing, header spoofing, proxy poisoning
  • Execute attacks on FTP and HTTP
  • Protect against FTP and HTTP abuse

DNS Vulnerability Analysis

  • Discuss characteristics of DNS
  • Identify DNS security issues
  • Describe common DNS abuses: DNS spoofing, DNS cache poisoning, unauthorized zone transfers
  • Execute attacks on DNS
  • Protect against DNS abuse

SSH and HTTPS Vulnerability Analysis

  • Discuss characteristics of SSH
  • Describe differences between SSH1 and SSH2 protocol
  • Identify SSH security issues
  • Describe common SSH abuses: insertion attack, brute force attack, CRC compensation attack
  • Describe characteristics HTTPS (SSL)
  • Discuss other SSL enabled protocols
  • Describe common SSL abuses: man-in-the-middle and version rollback attack

Remote Operating System Detection

  • Use standard system commands and exploit default settings to guess remote operating systems
  • Use open source utilities to guess remote operating systems by scanning open ports
  • Describe TCP/IP stack fingerprinting
  • Install and use nmap for remote OS detection

Network Attack Techniques and Basic Attack Detection

  • Identify sources of network attacks
  • Discuss methods of intrusion
  • Describe common network attacks: denial-of-service, software buffer overflow, poor system configuration, password guessing/cracking
  • Describe a typical intrusion scenario
  • Introduce the concept of an Intrusion Detection System (IDS)
  • List some of the most popular IDS tools: Klaxon, Portsentry, snort
  • Implement basic scan detection
  • Implementing Intrusion Detection Technologies

Identify the difference between host based and network based IDS

  • Discuss different types of IDS implementation: hybrid NIDS and honeypots
  • Describe core components of a NIDS using the snort NIDS
  • Compile and install the snort NIDS

Advanced NIDS Configuration

  • Discuss advanced snort features like "real time response" and snort log monitors
  • Install a database (mysql) to log snort alerts
  • Install the graphical user interfaces (GUI) Demarc and ACID to better interpret snort logs by querying the snort database
  • Generate outside attacks that trigger snort alerts
  • Interpret GUI snort monitors to identify attacks

Writing snort rules

  • Describe the different components of a snort rule
  • Configure different snort rule options
  • Write custom snort rules to watch for specific traffic patterns
  • Execute attacks against custom snort rules and interpret GUI snort monitors to identify attacks

Solaris Routing

  • List requirements for a Solaris host to be a router
  • Implement a Solaris host as a router
  • Use the ndd utility to secure a Solaris router

Solaris Firewalls

  • Describe different types of Solaris firewalls: application firewalls and packet filters
  • Identify two of the most common Solaris firewall products: Sunsceen Lite and IPfilter
  • Learn firewall policy basics
  • Write firewall rules for network or host based firewalls
  • Install an IPfilter firewall on a Solaris host

Solaris Network (NAT) and Port Translation (PAT)

  • Describe NAT and PAT concepts
  • Implement NAT to secure a private network behind a Solaris firewall

Solaris[tm] OE Network Intrusion Detection SC-345

Vybraný termín:

 Praha

Cena

Kontakt na dodavatele získáte po registraci

Tento kurz je pořádán dodavatelem, který nevyužívá placenou prezentaci na portálu Abravito.

Kontaktní údaje na dodavatele získáte po registraci.

Nebo použijte poptávkový formulář.