Incident Response for Cyber Professionals
What you'll learn
- Defend networks and systems from common threats and attacks using open source incident response tools.
- Use Snort and Bro to conduct incident response.
- Use Kippo as an SSH Honeypot.
- Architect IDS and network perimeter security environments.
- Students should have a basic understanding of technology and networking.
- A working internet connection.
Incident Response Course Syllabus
In this course you will learn how to use open source tools for incident response purposes. This course utilizes first hand explanations and screencast demonstrations of how to use these tools in a step-by-step manner so you can start incident response work immediately on your own.
Table of Contents
Course Overview – Introductory Lesson
Incident Response - Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack . The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.
Cyber Attacks - Here we will cover CyberAttacks on Wi-Fi networks and over the web so you can understand how to respond to them.
Virtualization and Cloud Security - So virtualization can mean many things at different layers of the stack. At the network layer you have VLAN’s, MPLS networks and even SDN (Software Defined Network) technologies such as Openflow. At the storage layer you have VSAN’s. At the Hardware and OS layer you have hypervisors for machine virtualization and containers for runtime virtualization and isolation. Databases have even gotten in on the act using container technology.
Malware - In this section we will define Malware categories and characteristics and talk through protective countermeasures to keep networks, systems and data safe from compromise. ‘
Static Malware Analysis –
Analyze malware statically in VM environments.
Operational Security - Once we have a Risk Management program in place we need to implement operational security to manage the day to day aspects of security. In this lesson you will learn about Operational Security Controls what they consist of and how they help us to incrementally manage risk on a daily basis.
Lesson 7 – Disaster Recovery - While at first glance DR might not seem like a natural fit with cybersecurity after further analysis we realize that disasters are threats that can inflict much more damage than any hacker. Here we will talk about DR planning, strategies and best practices.
Platform Hardening and Baselining - Minimizing the attack surface area of operating systems, databases and applications is a key tenet of operational security. In this lesson you will learn about techniques for OS/DB and App hardening.
Lesson 9 - Advanced Perimeter Security - While many argue that with the advent of mobile technologies and the cloud the perimeter is dissolving, it will remain a key component in securing network resources for years to come. Here we’ll cover Load balancers, forward and reverse proxies, API Security Gateways, Firewall rules and Unified Threat Management technologies.
IDS - Intrusion Detection technology is offered in multiple flavors. They are either network based or host based and can be detective or preventive in nature.
Advanced IDS - Previously we’ve talked about IDS basic concepts. Now it’s time to cover advanced IDS architectures, standards and further explore the inner workings of statistical and Rule based IDS.
Snort and Bro – In this lesson you will learn how to use Snort and Bro NIDS/HIDS by example.
Honeypots and Honeynets - Luring attackers away from critical data and studying their behavior can help us to protect the data that matters most. Let’s found out how we can use honeypots to tie up attackers and find out what they are up to.
Kippo SSH Honeypot
Firewalls - In this lesson we will cover the evolution of firewalls and their capabilities.
Apache Security Logging – Apache is still the most popular web server by install base on the web. Let’s learn how to log malicious activities using Apache logging.
SIM - Management of logs is a key component of operational security. These days the velocity, variety and volume of data collected via logs has catapulted log management into the realm of Big Data. You will learn how to effectively manage these logs and derive useful security information from them.
Learn how to acquire a forensic duplicate using Linux based tool
Who this course is for:
- Students who desire to learn more about defending networks and systems against hackers.
Instructor Bio – Chad Russell
Join the Cyber Security Industry!
If you are interested in starting a career in the Cyber Security Industry now is the time!
Learning the fundamentals of Cyber Security provides you with a powerful and very useful set of skills. Study Penetration Testing and Ethical Hacking and learn to think like a hacker so you can better defend your networks and data.
Jobs in Cyber Security are plentiful, and getting Security+ Certified will give you a strong background to more easily pick up and tackle more advanced exams such as the Certified Ethical Hacker and CISSP certifications.
Get certified and land an entry level Cyber Security position paying upwards of six figures! There are currently over a million Cyber Security job openings global and demand is greatly outpacing supply which means more opportunity, job security and higher pay for you!
But, don't take my word for it...please take a look at the FREE previews (they are available in all my courses) and see for yourself. This year I have partnered with Web of Security, a premier provider of ‘All Things Information Security’ to bring you a fantastic suite of Cyber Security certification training to help you get into the hottest industry in IT.
Hello, I’m Chad Russell. I’ve been in the CyberSecurity industry for over 15 years. I’ve taught Microsoft Engineering courses as a Certified trainer, I’ve managed teams of security engineers and analysts for an internet banking provider, I’ve been an information security consultant working for companies including SAP, Microsoft and Oracle.
I lead and conduct 'Security Risk Assessments' for customers throughout North America with an emphasis on cloud security, identity governance, network security, social engineering, mobile security, breach assessments, database security and access management.
Over the past 15 years I've held numerous certifications including CISSP, CCNP, MCSE and MCDBA certifications and have a B.S. in Computer Science from Excelsior College I can help you get certified and get ahead!