1 / 6

Network Defense Analyst Training Plan Adjustments

Network Defense Analyst Training Plan Adjustments. LS Pulsifer Surveillance Analyst 23 May 2014. Outline. Current Form What's gone and why Where did it go? Labs and exercises Discussion. What's gone?. 15 periods removed from EO001.01 TP7-9

clyde
Download Presentation

Network Defense Analyst Training Plan Adjustments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Defense AnalystTraining Plan Adjustments LS Pulsifer Surveillance Analyst 23 May 2014

  2. Outline • Current Form • What's gone and why • Where did it go? • Labs and exercises • Discussion

  3. What's gone? 15 periods removed from EO001.01 TP7-9 Includes 495 minutes (11 periods) of Vim, linux boot process, configuring and installing applications, sysadmin duties (groups and users) Laws and Policies have been stripped to 45 minutes from 6 hours Bitmasking in TCPDUMP eg 'tcp[13] & 0x12 != 0' NMAP ............ among other things

  4. Where did it go? Validate the legitimacy of the alert by comparing the results of : Open source research Alert signature Expected traffic patterns (define “normal’) Traffic analysis 9.1 DAYS

  5. Labs & Exercises Created on a closed network (cnda.lab domain) Contain critical services (DNS, DHCP, NTP) Aux services HTTP PROXY (squid?) ? IDS Services SNORT/SURICATA @ various sense points FRONT END BASE / SNORBY / SQUERT Similar exercises to forensicscontest or honeynet challenges

More Related