CBT Campus' Online Skills Training Courses.

Network & Host Analysis: Network Analysis Formats

discover the key concepts covered in this course
describe the function and characteristics of the NetFlow and IPFIX network flow protocols
describe how NetFlow is used to baseline a network
recognize the importance of audit logs for security
identify the goals, capabilities, and types of application-based blocking for network access
outline techniques used to tap network traffic
outline techniques for collecting and forwarding logs
outline techniques for event queuing and handling
describe how SNMP is used for network management and monitoring
describe how PCAP is implemented for packet capture and filtering programs
outline the process for whitelisting and blacklisting applications
use Wireshark to detect an anomalous or potentially dangerous event
import and export captured traffic in the PCAP format using Wireshark
summarize the key concepts covered in this course

A variety of formats and protocols are used to help manage networks. Knowing what you have at your disposal to integrate into your operational duties is essential in defensive CyberOps. In this course, you'll learn the format and tools required to manage, operate, and analyze your networks.

You'll start by recognizing the purpose and characteristics of NetFlow and IPFIX network flow protocols. You'll then outline how NetFlow is used to baseline a network. Next, you'll identify the importance of logging, access control, and event queues. You'll examine techniques for tapping network traffic and collecting and forwarding logs. You'll explore SNMP, the PCAP format, and whitelisting. Finally, you'll set up Wireshark to detect potentially harmful events and import and export captured traffic in the PCAP format.

Target

Prerequisites: none

Network & Host Analysis: Network Observations

Course Number:
it_cynthadj_03_enus

Network & Host Analysis: Network Observations

discover the key concepts covered in this course
display the tree of protocol traffic captured by Wireshark
identify network endpoints from captured network traffic using Wireshark
describe considerations when visualizing network nodes
create a simple network diagram using Visio
outline effective approaches to assessing network security
recognize the use of various baselines for network management
work with baseline activity monitoring in Wireshark
describe the different capture engines used in Wireshark
create firewall rules based on Wireshark
detect Nmap scans using Wireshark
monitor traffic remotely using Wireshark and SSH tunneling
summarize the key concepts covered in this course

Knowing what goes on over a network requires a high-level picture of it. The ability to conceptualize your network's structure, capabilities, and events is essential to protecting it. In this course, you'll explore the concepts and tools required to identify and visualize your network components.

You'll work mostly with the open source network protocol analyzer, Wireshark. You'll start by displaying protocol hierarchies and identifying network endpoints. You'll then describe considerations for visualizing networks and create a network diagram using Visio.

Next, you'll outline network security assessment methods, recognize the use of baselines for network management, and carry out baseline activity monitoring. You'll also look at ways of capturing network data. Lastly, you'll explore how Wireshark combines with other tools such as Nmap, SSH, and firewalls.

Target

Prerequisites: none

Network & Host Analysis: Network Operations

Course Number:
it_cynthadj_05_enus

Network & Host Analysis: Network Operations

discover the key concepts covered in this course
compare and contrast various network defense tools
recognize the characteristics of NSM and outline how to implement it as part of a network defense strategy
describe how SIEMs are used to detect threat activity
install and configure Suricata to be used for network defensive operations, including NSM, IDS, and IPS
apply a Suricata rule and illustrate the action, header, and rule options
create an alert using a Suricata rule
configure Suricata output in JSON using the EVE output facility
install prerequisites for ELK Stack and Suricata from the command line
install ELK stack in preparation for it to serve as a SIEM for Suricata
integrate Suricata logs with ELK Stack using Filebeat and Logstash
navigate ELK Stack's Kibana dashboards for SIEM use when connected to Suricata
output a PCAP log from Suricata to be read by Wireshark
summarize the key concepts covered in this course

Securely operating a network requires tools to monitor, detect, and prevent breaches. Knowing what goes on and how to stop malicious traffic involves the use of Network Security Monitoring (NSM), security information and event management (SIEM), and intrusion detection and prevention systems (IDS/IPS). In this course, you'll explore these tools and implement Suricata and Kibana as NSM, IDS, IPS, and SIEM solutions.

Furthermore, you'll compare and contrast network defense tools. You'll examine NSM and SIEM's purpose and characteristics and outline how to implement and benefit from these techniques. Next, you'll install Suricata and Kibana, and use their features for rule creation, alerts, logging, scripting, and integration. Finally, you'll integrate Suricata and Wireshark to leverage both tools' capabilities so that you can operate your network securely.

Target

Prerequisites: none

Network & Host Analysis: Network Protocols

Course Number:
it_cynthadj_02_enus

Network & Host Analysis: Network Protocols

discover the key concepts covered in this course
apply DNS filters and examine DNS queries in Wireshark
apply generic TCP filters by port and address in Wireshark
apply generic UDP filters by port and address in Wireshark
capture ICMP traffic using Wireshark
capture and examine HTTP traffic using Wireshark
inspect SSH traffic using Wireshark
extract data from FTP traffic using Wireshark
apply email protocol filters for POP, IMAP, and SMTP using Wireshark
capture ARP traffic using Wireshark
capture DHCP traffic using Wireshark
monitor a Telnet session using Wireshark
capture only IPv6-based traffic in Wireshark
summarize the key concepts covered in this course

The ability to filter based on the protocols in use over a network gives a window into how it is used. Knowing what good and bad traffic looks like and identifying unencrypted traffic and potential avenues for security compromise is essential. In this course, you'll apply various filters to network traffic using Wireshark and explore factors to look out for based on the protocol being examined.

You'll learn to filter DHCP and DNS traffic. You'll differentiate between TCP, UDP, ICMP, and ARP traffic. You'll watch insecure protocols like POP, IMAP, Telnet, and FTP. You'll examine what can be discovered by looking at secure traffic over SSH and HTTPS and secure POP and IMAP variants. Finally, you'll examine IPv6 packets.

Target

Prerequisites: none

Network & Host Analysis: Protocol Analysis

Course Number:
it_cynthadj_01_enus

Network & Host Analysis: Protocol Analysis

discover the key concepts covered in this course
describe common analysis patterns for network data
outline the Open Systems Interconnection (OSI) model for network communications
characterize the passive and active approaches to scanning
capture network traffic using Wireshark
apply traffic filters using Wireshark
customize packet capturing in Wireshark
save and export packet captures in the PCAP format in Wireshark
use coloring rules to examine traffic using Wireshark
extract files transferred in the clear using Wireshark
use configuration profiles to save preferences in Wireshark
apply display filters to control which packets are shown in Wireshark
combine capture and display filters to packets in Wireshark
summarize the key concepts covered in this course