Students in this course develop more advanced skills in identifying network security vulnerabilities,
including wireless vulnerabilities; conducting risk assessments; preventing, detecting and
responding to intrusions; and providing for business continuity and disaster recovery. Topics
include firewall architecture, authentication, intrusion-prevention strategies, web security,
cryptography and security gates.
Learning Objectives
- Given a large Network with Internet access, analyze the possible internal or external attacks on the network. Describe the attack scenarios and how to deal with each type of attack. Include Denial of Service attacks, Spoofing, Replays, TCP Session Hijacking and Attacks on Encrypted Data (such as passwords).
- Given a medium size network with various IT personnel, create a plan for secure access to the network routers that includes: (1) Encrypted Authentication (2) Encrypted communication between the network router and the IT personnel and (3) Different levels of access based IT personnel roles.
- Given a large network, implement a high level security plan that protects Layer 2 devices (Switches) from attacks based on Spanning-Tree Protocol (STP), DHCP, MAC Flooding and MAC Spoofing. The plan should allow authorized users to access network resources while preventing unauthorized access.
- Given a large Network site connected to the Internet via a Firewall perimeter router, design a security solution using Access Control Lists (ACLs) that accomplish the following: (1) allow the free flow of inside initiated TCP and UDP sessions with its associated return traffic (2) do not allow any TCP or UDP sessions initiated from the Internet to enter the inside network (3) filter ICMP messages to prevent unnecessary inbound Internet ICMP messages that can be used to probe the network. Reflexive and/or Context Based Access Control (CBAC) ACLs should be considered.
- Given a large Network connected to the Internet, create an Authentication plan designed to increase network security. Include internal users as well as remote users. Justify your choices in terms of security, cost and management overhead.
- Given a large internetwork of two or more Local Area Networks (LANs) connected to each other via a public medium (such as the Internet); create a detailed plan for the creation of a Virtual Private Network (VPN) to maintain data confidentiality and integrity for protected packets.
- Given a large network connected to the Internet, devise an Intrusion Detection/Prevention System (IDS/IDS) that will record all information regarding intrusions from the Internet that match known attack signatures. The attack should be prevented and the information should be stored permanently with timestamps on a syslog server.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Cyber Operations
- Cyber Operational Planning
- Training, Education, and Awareness
- Cyber Investigation
- Targets
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.