Advanced Cyber Network Defense

Course # 388

Advanced Cyber Network Defense Training

Dates:

Classification: Unclassified

Fees:
$2,495 Industry/Contractor Rate
$2,395 Industry/Contractor AFCEA Member Rate
$2,295 Government Rate
$2,295 Government AFCEA Member Rate

Location: AFCEA Headquarters - Map and Directions

OBJECTIVE:

This course is designed to train the Information Technology Professional on advanced tactics, techniques, and procedures of Advanced Cyber Network Defense (ACND) pertaining to network threats, vulnerabilities, and exploits and how to detect, analyze, mitigate, validate and report them.  The students will be critiqued on how they defend their networks against various attacks, including Denial of Service, Data Exfiltration, Web Server Attacks, and Buffer Overflow Attacks, using the skills they have learned.  The course is performance/demonstration-based training and is 75% hands-on using network simulators.

WHO SHOULD ATTEND:

This course is suited for the seasoned Computer Security Professionals, Senior Network and Systems Administrators, Information Technology Professionals, and Computer Network Defenders with 5 years of current hands-on experience as network or systems administrators.  

COURSE OUTLINE:

MODULE 1:  Advanced Cyber Network Defense (ACND) Course Intro and Course Overview

A.  Introductions

B.  Administrivia

C.  Course Objectives and Expectations

D.  Course Format

E.  Course Overview

MODULE 2: ACND Overview

A.  What is Cyber Network Defense (CND)?

B.  CND Methodology

C.  CND Concepts

• Know Thyself
• Preventative Measures
• Defense in Depth

MODULE 3:  ACND Tools Review

A.  Intrusion Detection Systems (IDS) / Intrusion Prevention Systems (IPS)

• Host-based
• Network-based

B.  Firewalls

C.  SMTP (Email) Filtering

D.  Infrastructure

• Layer 2 – Switches
• Layer 3 – Routers

E.  People

MODULE 4: ACND HOTSIM Familiarization

A.  Architecture

B.  Virtual Workstation Setup

C.  Simulator ACND Tools

• HIDS – OSSEC
• NIDS – SNORT
• Firewall – IPCop
• Mail (SMTP) Filtering – Symantec Mail Security
• Switches – Cisco
• External Router – Cisco
• Useful Windows Commands

D.  Simulator Services

• Active Directory
• DHCP
• Internal DNS
• Mail (Exchange)
• External DNS
• WWW

MODULE 5: ACND HOTSIM Familiarization Labs

A.  Simulator Connectivity / Setup

B.  Simulator CND Tools Lab

• HIDS – OSSEC
• NIDS – SNORT
• Firewall – IPCop
• Mail (SMTP) Filtering – Symantec Mail Security
• Switches – Cisco
• External Router – Cisco
• Useful Windows Commands

C.  Simulator Services Lab

• Mail (Exchange)
• Active Directory
• DHCP

MODULE 6: ACND Scenario Prep

A.  Team Concept

B.  Response vs. Prevention

C.  ROEs

E.  Scenario Overview

F.  Scenario Walkthrough

MODULE 7: Protocol Abuse

A.  Definition of Protocol Abuse

B.  Tunneling and C2 (Command and Control)

C.  ICMP Abuse

D.  HTTP/HTTPS Abuse

E.  DNS Abuse

F.  Prevention

G.  Defense

MODULE 8: ACND DOS Attacks

A.  Definition of DOS / DDOS

B.  Types of DOS / DDOS

C.  Prevention

D.  Defense

MODULE 9: Botnets

A.  Definition

B.  Traditional Botnets

C.  Modern Botnets

D.  Anatomy of Botnet

E.  Botnet Usage

F.  Defense and Prevention

MODULE 10: ACND Buffer Overflow Exploits

• General Info
• Terminology
• Stack-Based Overflow
• The Exploit
• NOP Sled

MODULE 11: ACND Password Protection and Malware

• What is privileged account password protection?
• Methods to obtain passwords
• Password Defensive Countermeasures
• Malware Definition
• Malware Terminology
• Type Descriptions
• Case Studies

Prerequisites:

3-5 years of recent System Administration/Network Management

Security+

Course Coordinator and Lecturer:

Christian Espinosa is the R&D Director for EADS NA Defense Security and Systems Solutions, Inc. (DS3).  Christian holds a BS in Engineering from the U.S. Air Force Academy and an MBA in Computer and Information Management from Webster University.

Christian was stationed with the Air Force at Brooks AFB, Texas where he managed 14 personnel in support of a 500 node network.  In 1996, Christian took a Network Engineering position at Scott AFB, IL.  As a Network Engineer for Air Mobility Command (AMC), Christian designed and installed numerous networks, including the AMC Terminals for BWI and Seattle-Tacoma International Airports. Christian also completed the MCSE and taught night and weekend courses as an Adjunct Faculty member for Southwestern Illinois College.

Christian left the Air Force in 1999 and worked as a Senior Security Engineer in Scope Network.  Christian was instrumental in establishing procedures for network and security review and optimization.  Christian traveled to over 50 locations worldwide to optimize and secure DoD networks.  Christian became a Microsoft Certified Trainer (MCT) and established a Microsoft Certified Technical Education Center.

In 2002, Christian worked for ARC Information Assurance Institute, Inc. as a Senior Information Security Consultant.  Christian was instrumental with the original simulator and defense training concepts for the Joint Cyber Operations Range.  Christian also worked with the Defense Information Systems Agency (DISA) as a Network Information Assurance Officer, responsible for the security of the Global Information Grid for the Department of Defense.  In 2005, Christian took a position with DS3 as the Chief Engineer.  As Chief Engineer, Christian was instrumental in the development of the Computer Network Defense block of the Air Force Undergraduate Network Warfare Training (UNWT) School.

Christian has held over 15 industry certifications, including the CISSP, MCSE, CCSP, MCT, and CFSO.  Christian is currently pursuing a Ph. D. in Information Security.

Directions to AFCEA Headquarters     Restaurants Near AFCEA      AFCEA Travel Info

Connect with the AFCEA Educational Foundation

	Like PDC on Facebook!
	Like our Scholarship page on Facebook!
	Follow us on Twitter
	Join us on Linkedin
	Shutterfly Photo Gallery
	Event Presentations