• 60 likes • 149 Views
Network Defense Analyst Training Plan Adjustments. LS Pulsifer Surveillance Analyst 23 May 2014. Outline. Current Form What's gone and why Where did it go? Labs and exercises Discussion. What's gone?. 15 periods removed from EO001.01 TP7-9
E N D
Network Defense AnalystTraining Plan Adjustments LS Pulsifer Surveillance Analyst 23 May 2014
Outline • Current Form • What's gone and why • Where did it go? • Labs and exercises • Discussion
What's gone? 15 periods removed from EO001.01 TP7-9 Includes 495 minutes (11 periods) of Vim, linux boot process, configuring and installing applications, sysadmin duties (groups and users) Laws and Policies have been stripped to 45 minutes from 6 hours Bitmasking in TCPDUMP eg 'tcp[13] & 0x12 != 0' NMAP ............ among other things
Where did it go? Validate the legitimacy of the alert by comparing the results of : Open source research Alert signature Expected traffic patterns (define “normal’) Traffic analysis 9.1 DAYS
Labs & Exercises Created on a closed network (cnda.lab domain) Contain critical services (DNS, DHCP, NTP) Aux services HTTP PROXY (squid?) ? IDS Services SNORT/SURICATA @ various sense points FRONT END BASE / SNORBY / SQUERT Similar exercises to forensicscontest or honeynet challenges