Average Rating: 0.00/10
(# Rating Votes: 0 | Rate This Course | Contribute a Review )
Short Description:
The Solaris Operating System Network Intrusion Detection course provides students with the knowledge and skills necessary to perform the advanced administration skills required to firewall, monitor, log, identify and respond to network security breaches.
Full Description:
Who Can Benefit
Experienced system administrators who are tasked with protecting Sun Solaris systems in a non-trusted environment such as the Internet or a LAN environment with multiple unknown/untrusted users.
Prerequisites
To succeed fully in this course, students should be able to:
Install, configure, and maintain a Solaris product line server
Configure a Solaris NIC for LAN and Internet access
Have a firm understanding of the TCP/IP protocol stack and IP routing
Configure Solaris logging daemons like syslog
Install open source utilities like tcpdump and libpcap
Skills Gained
Upon completion of this course, you should be able to:
Identify and protect against design flaws in standard networking protocols (such as TCP, UDP, IP, ICMP, SSL, SSH, HTTP and ARP)
List possible ways that an intruder can gather information about a server or a whole network
Describe all types of network based security attacks like SYN/ACK attack, man-in-the-middle attack, ARP spoofing, session hijacking and Buffer Overflow attacks
Install a Network Intrusion Detection System and a host based firewall
Identify, in real time, a network security breach and respond
Related Courses
Before: SA-389: Solaris 8 TCP/IP Network Administration
Before: SC-300: Administering Security on the Solaris 8 Operating System
Course Content
Module 1 - Ethernet and IP Operation
--------------------------------------------------------------------------------
Review OSI network model
Review application and network service layers
Identify Ethernet security issues
Review IPv4 addressing
Understand IP fragmentation
Identify ICMP security issues
Implement basic traffic capture and analysis
Module 2 - IP and ARP Vulnerability Analysis
--------------------------------------------------------------------------------
Identify IP security issues
Describe IP routing and routing protocol security
Protect against IP abuse
Identify ARP security issues
Execute attacks against ARP
Protect against ARP abuse
Implement advanced packet capture and analysis
Module 3 - UDP/TCP Protocol and TELNET Vulnerability Analysis
--------------------------------------------------------------------------------
Discuss characteristics of UDP and TCP
Identify TCP security issues
Describe common TCP abuses: SYN attack, sequence guessing, connection hijacking
Discuss characteristics of TELNET
Identify TELNET security issues
Execute attacks on TCP and TELNET
Protect against TCP and TELNET abuse
Module 4 - FTP and HTTP Vulnerability Analysis
--------------------------------------------------------------------------------
Discuss characteristics of FTP
Describe FTP transfer methods and modes
Identify FTP security issues
Describe common FTP abuses: FTP bounce attack, port stealing, brute force
Discuss characteristics of HTTPv1.1
Describe role of HTTP proxy servers and HTTP authentication
Identify HTTP security issues
Describe common HTTP abuses: path name stealing, header spoofing, proxy poisoning
Execute attacks on FTP and HTTP
Protect against FTP and HTTP abuse
Module 5 - DNS Vulnerability Analysis
--------------------------------------------------------------------------------
Discuss characteristics of DNS
Identify DNS security issues
Describe common DNS abuses: DNS spoofing, DNS cache poisoning, unauthorized zone transfers
Execute attacks on DNS
Protect against DNS abuse
Module 6 - SSH and HTTPS Vulnerability Analysis
--------------------------------------------------------------------------------
Discuss characteristics of SSH
Describe differences between SSH1 and SSH2 protocol
Identify SSH security issues
Describe common SSH abuses: insertion attack, brute force attack, CRC compensation attack
Describe characteristics HTTPS (SSL)
Discuss other SSL enabled protocols
Identify SSL issues
Describe common SSL abuses: man-in-the-middle and version rollback attack
Module 7 - Remote Operating System Detection
--------------------------------------------------------------------------------
Use standard system commands and exploit default settings to guess remote operating systems
Use open source utilities to guess remote operating systems by scanning open ports
Describe TCP/IP stack fingerprinting
Install and use nmap for remote OS detection
Module 8 - Network Attack Techniques and Basic Attack Detection
--------------------------------------------------------------------------------
Identify sources of network attacks
Discuss methods of intrusion
Describe common network attacks: denial-of-service, software buffer overflow, poor system configuration, password guessing/cracking
Describe a typical intrusion scenario
Introduce the concept of an Intrusion Detection System (IDS)
List some of the most popular IDS tools: Klaxon, Portsentry, snort
Implement basic scan detection
Module 9 - Implementing Intrusion Detection Technologies
--------------------------------------------------------------------------------
Identify the difference between host based and network based IDS
Discuss different types of IDS implementation: hybrid NIDS and honeypots
Describe core components of a NIDS using the snort NIDS
Compile and install the snort NIDS
Module 10 - Advanced NIDS Configuration
--------------------------------------------------------------------------------
Discuss advanced snort features like "real time response" and snort log monitors
Install a database (mysql) to log snort alerts
Install the graphical user interfaces (GUI) Demarc and ACID to better interpret snort logs by querying the snort database
Generate outside attacks that trigger snort alerts
Interpret GUI snort monitors to identify attacks
Module 11 - Writing snort rules
--------------------------------------------------------------------------------
Describe the different components of a snort rule
Configure different snort rule options
Write custom snort rules to watch for specific traffic patterns
Execute attacks against custom snort rules and interpret GUI snort monitors to identify attacks
Module 12 - Solaris Routing
--------------------------------------------------------------------------------
List requirements for a Solaris host to be a router
Implement a Solaris host as a router
Use the ndd utility to secure a Solaris router
Module 13 - Solaris Firewalls
--------------------------------------------------------------------------------
Describe different types of Solaris firewalls: application firewalls and packet filters
Identify two of the most common Solaris firewall products: Sunsceen Lite and IPfilter
Learn firewall policy basics
Write firewall rules for network or host based firewalls
Install an IPfilter firewall on a Solaris host
Module - Solaris Network (NAT) and Port Translation (PAT)
--------------------------------------------------------------------------------
Describe NAT and PAT concepts
Implement NAT to secure a private network behind a Solaris firewall
Duration:
5 days
Price:
$2895.00
Submitted by: admin
Hits: 0
Sun's Solaris Operating System Network Intrusion Detection Course Web Page
|
