
توضیح دوره تشخیص نفوذ در عمق (Intrusion Detection)
دوره مانیتورینگ و پالایش ترافیک شبکه به افراد توانایی تجزیه و تحلیل ترافیک شبکه و شناسایی ترافیک غیر مجاز را براساس استفاده از IDPS می دهد. افراد در دوره مانیتورینگ و پالایش ترافیک شبکه با مفهوم و پیکربندی نرم افزار snort آشنا می شوند و نصب و پیکربندی HIPSهای متن باز را فرا می گیرند.
برای اطلاعات بیشتر درباره زمان برگزاری دوره مانیتورینگ و پالایش ترافیک شبکه با کارشناسان نورانت تماس حاصل فرمایید.
پیش نیاز دوره
- پیش نیاز این دوره، دوره هکر قانونمند می باشد
مخاطبین دوره
- مدیران فناوری اطلاعات
- مدیران امنیت اطلاعات
- کارشناسان امنیت
- کارشناسان واحد پاسخگویی به حوادث
- کارشناسان واحد مرکز عملیات امنیت
سرفصل دوره
Section1: Fundamentals of Traffic Analysis: Part I
Concepts of TCP/IP
- Why is it necessary to understand packet headers and data?
- TCP/IP communications model
- Data encapsulation/de-encapsulation
- Discussion of bits, bytes, binary, and hex
Introduction to Wireshark
- Navigating around Wireshark
- Examination of Wireshark statistics
- Stream reassembly
- Finding content in packets
Network Access/Link Layer: Layer 2
- Introduction to 802.x link layer
- Address resolution protocol
- ARP spoofing
IP Layer: Layer 3
IPv4
- Examination of fields in theory and practice
- Checksums and their importance, especially for an IDS/IPS
- Fragmentation: IP header fields involved in fragmentation, composition of the fragments, fragmentation attacks
IPv6
- Comparison with IPv4
- IPv6 addresses
- Neighbor discovery protocol
- Extension headers
- IPv6 in transition
Section 2:Fundamentals of Traffic Analysis: Part II
Wireshark Display Filters
- Examination of some of the many ways that Wireshark facilitates creating display filters
- Composition of display filters
Writing BPF Filters
- The ubiquity of BPF and utility of filters
- Format of BPF filters
- Use of bit masking
TCP
- Examination of fields in theory and practice
- Packet dissection
- Checksums
- Normal and abnormal TCP stimulus and response
- Importance of TCP reassembly for IDS/IPS
UDP
- Examination of fields in theory and practice
- UDP stimulus and response
ICMP
- Examination of fields in theory and practice
- When ICMP messages should not be sent
- Use in mapping and reconnaissance
- Normal ICMP
- Malicious ICMP
Real-World Analysis — Command Line Tools
- Regular Expressions fundamentals
- Rapid processing using command line tools
- Rapid identification of events of interest
Section 3: Application Protocols and Traffic Analysis
Scapy
- Packet crafting and analysis using Scapy
- Writing a packet(s) to the network or a pcap file
- Reading a packet(s) from the network or from a pcap file
- Practical Scapy uses for network analysis and network defenders
Advanced Wireshark
- Exporting web objects
- Extracting arbitrary application content
- Wireshark investigation of an incident
- Practical Wireshark uses for analyzing SMB protocol activity
- Tshark
Detection Methods for Application Protocols
- Pattern matching, protocol decode, and anomaly detection challenges
DNS
- DNS architecture and function
- Caching
- DNSSEC
- Malicious DNS, including cache poisoning
Microsoft Protocols
- SMB/CIFS
- MSRPC
- Detection challenges
- Practical Wireshark application
Modern HTTP and TLS
- Protocol format
- Why and how this protocol is evolving
- Detection challenges
SMTP
- Protocol format
- STARTTLS
- Sample of attacks
- Detection challenges
IDS/IPS Evasion Theory
- Theory and implications of evasions at different protocol layers
- Sampling of evasions
- Necessity for target-based detection
Identifying Traffic of Interest
- Finding anomalous application data within large packet repositories
- Extraction of relevant records
- Application research and analysis
- Hands-on exercises after each major topic that offer students the opportunity to reinforce what they just learned.
Section 4: Network Monitoring: Signatures vs. Behaviors
Network Architecture
- Instrumenting the network for traffic collection
- IDS/IPS deployment strategies
- Hardware to capture traffic
Introduction to IDS/IPS Analysis
- Function of an IDS
- The analyst’s role in detection
- Flow process for Snort and Bro
- Similarities and differences between Snort and Bro
Snort
- Introduction to Snort
- Running Snort
- Writing Snort rules
- Solutions for dealing with false negatives and positives
- Tips for writing efficient rules
Zeek
- Introduction to Zeek
- Zeek Operational modes
- Zeek output logs and how to use them
- Practical threat analysis
- Zeek scripting
- Using Zeek to monitor and correlate related behaviors
- Hands-on exercises, one after each major topic, offer students the opportunity to reinforce what they just learned.
Section 5: Network Traffic Forensics
Introduction to Network Forensics Analysis
- Theory of network forensics analysis
- Phases of exploitation
- Data-driven analysis vs. Alert-driven analysis
- Hypothesis-driven visualization
Using Network Flow Records
- NetFlow and IPFIX metadata analysis
- Using SiLK to find events of interest
- Identification of lateral movement via NetFlow data
Examining Command and Control Traffic
- Introduction to command and control traffic
- TLS interception and analysis
- TLS profiling
- Covert DNS C2 channels: dnscat2 and Ionic
- Other covert tunneling, including The Onion Router (TOR)
Analysis of Large pcaps
- The challenge of analyzing large pcaps
- Students analyze three separate incident scenarios.
درخواست مشاوره
برای کسب اطلاعات بیشتر درباره این دوره درخواست مشاوره خود را ارسال کنید و یا با ما در تماس باشید.
درخواست مشاورهدوره های مرتبط
پیکربندی فایروال تحت وب
در دوره پیکربندی فایروال تحت وب که 3 روز برگزار میشود، می آموزید چگونه قابلیت های رایج FortiWeb را پیکربندی و مدیریت کنید.
تحلیل حملات با SIEM
در این دوره افراد با ساختار و معماری SIEM آشنا می شوند و با تجزیه و تحلیل داده هایی که به عنوان ورودی به SIEM ها ارسال می گردند و SIEM های مختلف مانند Splunk , EIK , Tripwive بررسی می شوند.
دوره امنیت لینوکس
در دوره امنیت لینوکس افراد با ایمن سازی سیستم عامل لینوکس و یونیکس آشنا می شوند.
1,600,000 تومان
مدرسین
