Course Description

Network Defense and Countermeasures is an instructor-led 5-day classroom delivery with structured and hands-on activities.
It is the second course in the first level of the Security Certified Program, focusing on the student's understanding of the architecture for network defense.
The course is designed for the student who is a network administrator responsible for maintaining a wide range of networking technologies.
Students will work with layered network defense structures and implement firewalls on various platforms. Students will also gain a working knowledge of Virtual Private Networks and Intrusion Detection Systems, perform packet and signature analyses, identify different methods of risk analysis, and create a security policy.
This is the final Level One course of the Security Certification Program. Passing the associated exams for the Level One courses results in the Security Certified Network Professional (SCNP) certification.
Level Two consists of two courses: PKI Concepts & Planning, and PKI & Biometrics. Passing the associated exams for the Level Two courses results in the Security Certified Network Architect (SCNA) certification.

Prerequisites

Network Security Fundamentals (the first course in the Security Certified Program)

Objectives

Identify the basic components of a layered structure for network defense architecture, and describe access control objectives and auditing concepts.
Identify key concepts and technologies used in the design of firewall systems, as well as methods of implementing firewalls in different scenarios.
Implement and configure firewalls for three different operating systems and compare their functionality while also identifying the differences between the technologies.
Describe Virtual Private Networks (VPNs) and related security issues, and take steps to implement a VPN solution built into Windows 2000.
Describe the key concepts of Intrusion Detection Systems, including distinguishing between host-based and network-based Intrusion Detection Systems.
Implement and configure a network-based and a host-based IDS.
Describe core concepts of TCP/IP packet and signature analysis with the goal of intrusion detection, and examine the goals of the Common Vulnerabilities and Exposure (CVE) project.
Identify the concepts and issues related to risk analysis, and analyze different methods of risk analysis, different standards, and different techniques to minimize risk.
Implement a security policy for an organization by examining different methods of policy creation and implementation, and creating a policy document.

Hardware and Software

Operating Systems

Bootable DOS 6.22 floppy disk (with important utilities like fdisk, format, mscdex, etc.)
Windows 98 CD (optional)
Windows NT 4.0 Server CD
Windows 2000 Server CD
Red Hat Linux 7.1
Drivers for all the operating systems

Service Packs and other software

SP2 for Windows 2000
SP6a for Windows NT 4 Server
Internet Explorer 4.0 or later. Use version 5.0 for NT 4.0
ISA Server 2000 Standard Edition (trial version)
Windows 2000 Resource Kit
Check Point FireWall-1 Enterprise Edition 4.1 for 172.17.10.1
A decompression utility for Windows, such as WinZip

Disk cloning tools and SID changing utilities

Norton Ghost
Norton Ghostwalk

Hardware Specifications

Two instructor PCs
One student machine per student
Three Cisco 2500 seriesrouters
Two back-to-back serial cables
Two 10/100 switches or hubs
Cisco console kit
Two crossover cables
One null modem cable per every two PCs
Three transceivers

Internet access (optional)

Minimum PC Specification

Pentium III 500 processor
128 MB of RAM
8 GB of available hard drive space
Two non-integrated Network Interface Card per PC (such as a 3Com 3C905C)
A non-integrated video card (from the point of view of driver availability for all OSs)

Course Content

Chapter 1: Network Defense Fundamentals

Network Defense
Defensive Technologies
Objectives of Access Control
The Impact of Defense
Network Auditing Concepts

Chapter 2: Designing Firewall Systems

Firewall Components
Create a Firewall Policy
Rule Sets and Packet Filters
Proxy Server
The Bastion Host
The Honeypot

Chapter 3: Configuring Firewalls

Firewall Implementation Practices
Installing and Configuring FireWall-1
Installing and Configuring ISA Server 2000
Monitor ISA Server
IPChains Concepts
Implementing Firewall Technologies
Chapter 4: Configuring VPNs
VPN Fundamentals
IP Security Protocol (IPSec)
VPN Design and Architecture
VPN Security
Configuring a VPN

Chapter 5: Designing an IDS

The Goals of an Intrusion Detection System
Technologies and Techniques of Intrusion Detection
Host-based Intrusion Detection
Network-based Intrusion Detection
The Analysis
How to Use an IDS
What an Intrusion Detection System Cannot Do

Chapter 6: Configuring an IDS

Snort Foundations
Snort Installation
Snort as an IDS
Configuring ISS Scanners

Chapter 7: Analyzing Intrusion Signatures

Signature Analysis
Common Vulnerabilities and Exposures (CVE)
Signatures
Normal Traffic Signatures
Abnormal Traffic Signatures

Chapter 8: Performing a Risk Analysis

Concepts of Risk Analysis
Methods of Risk Analysis
The Process of Risk Analysis
Techniques to Minimize Risk
Continual Risk Analysis

Chapter 9: Creating a Security Policy

Concepts of Security Policies
The Policy Design
The Policies
An Example Policy
Incident Handling and Escalation Procedures
Partner Policies