Course #388-12-FXVA-1

Advanced Cyber Network Defense

Dates: Nov-01-2011 - Nov-04-2011


AFCEA Headquarters (Map)
4400 Fair Lakes Court
Fairfax, VA 22033

Hours: 8:30am-4:30pm

Early Bird Rates In Effect through 10/01/2011!

$2,600 $2,500 Government AFCEA Member
                Government Non Member
$2,700 $2,600 Non-Government AFCEA Member
$2,800 $2,700 Non-Government Non Member

Note: This course has been cancelled by the company which provides the instructor, so we are unable to offer the course.

Course Description:

Course # 388

Advanced Cyber Network Defense Training


Classification: Unclassified

$2,495 Industry/Contractor Rate
$2,395 Industry/Contractor AFCEA Member Rate
$2,295 Government Rate
$2,295 Government AFCEA Member Rate

Location: AFCEA Headquarters - Map and Directions



This course is designed to train the Information Technology Professional on advanced tactics, techniques, and procedures of Advanced Cyber Network Defense (ACND) pertaining to network threats, vulnerabilities, and exploits and how to detect, analyze, mitigate, validate and report them.  The students will be critiqued on how they defend their networks against various attacks, including Denial of Service, Data Exfiltration, Web Server Attacks, and Buffer Overflow Attacks, using the skills they have learned.  The course is performance/demonstration-based training and is 75% hands-on using network simulators.



This course is suited for the seasoned Computer Security Professionals, Senior Network and Systems Administrators, Information Technology Professionals, and Computer Network Defenders with 5 years of current hands-on experience as network or systems administrators.  



MODULE 1:  Advanced Cyber Network Defense (ACND) Course Intro and Course Overview

A.  Introductions

B.  Administrivia

C.  Course Objectives and Expectations

D.  Course Format

E.  Course Overview


MODULE 2: ACND Overview

A.  What is Cyber Network Defense (CND)?

B.  CND Methodology

C.  CND Concepts

    • Know Thyself
    • Preventative Measures
    • Defense in Depth


MODULE 3:  ACND Tools Review

A.  Intrusion Detection Systems (IDS) / Intrusion Prevention Systems (IPS)

    • Host-based
    • Network-based

B.  Firewalls

C.  SMTP (Email) Filtering

D.  Infrastructure

    • Layer 2 – Switches
    • Layer 3 – Routers

E.  People


MODULE 4: ACND HOTSIM Familiarization

A.  Architecture

B.  Virtual Workstation Setup

C.  Simulator ACND Tools

    • HIDS – OSSEC
    • NIDS – SNORT
    • Firewall – IPCop
    • Mail (SMTP) Filtering – Symantec Mail Security
    • Switches – Cisco
    • External Router – Cisco
    • Useful Windows Commands

D.  Simulator Services

    • Active Directory
    • DHCP
    • Internal DNS
    • Mail (Exchange)
    • External DNS
    • WWW


MODULE 5: ACND HOTSIM Familiarization Labs

A.  Simulator Connectivity / Setup

B.  Simulator CND Tools Lab

    • HIDS – OSSEC
    • NIDS – SNORT
    • Firewall – IPCop
    • Mail (SMTP) Filtering – Symantec Mail Security
    • Switches – Cisco
    • External Router – Cisco
    • Useful Windows Commands

C.  Simulator Services Lab

    • Mail (Exchange)
    • Active Directory
    • DHCP


MODULE 6: ACND Scenario Prep

A.  Team Concept

B.  Response vs. Prevention

C.  ROEs

E.  Scenario Overview

F.  Scenario Walkthrough


MODULE 7: Protocol Abuse

A.  Definition of Protocol Abuse

B.  Tunneling and C2 (Command and Control)

C.  ICMP Abuse


E.  DNS Abuse

F.  Prevention

G.  Defense



A.  Definition of DOS / DDOS

B.  Types of DOS / DDOS

C.  Prevention

D.  Defense


MODULE 9: Botnets

A.  Definition

B.  Traditional Botnets

C.  Modern Botnets

D.  Anatomy of Botnet

E.  Botnet Usage

F.  Defense and Prevention


MODULE 10: ACND Buffer Overflow Exploits

  • General Info
  • Terminology
  • Stack-Based Overflow
  • The Exploit
  • NOP Sled


MODULE 11: ACND Password Protection and Malware

  • What is privileged account password protection?
  • Methods to obtain passwords
  • Password Defensive Countermeasures
  • Malware Definition
  • Malware Terminology
  • Type Descriptions
  • Case Studies



3-5 years of recent System Administration/Network Management



Course Coordinator and Lecturer:

Christian Espinosa is the R&D Director for EADS NA Defense Security and Systems Solutions, Inc. (DS3).  Christian holds a BS in Engineering from the U.S. Air Force Academy and an MBA in Computer and Information Management from Webster University.


Christian was stationed with the Air Force at Brooks AFB, Texas where he managed 14 personnel in support of a 500 node network.  In 1996, Christian took a Network Engineering position at Scott AFB, IL.  As a Network Engineer for Air Mobility Command (AMC), Christian designed and installed numerous networks, including the AMC Terminals for BWI and Seattle-Tacoma International Airports. Christian also completed the MCSE and taught night and weekend courses as an Adjunct Faculty member for Southwestern Illinois College.


Christian left the Air Force in 1999 and worked as a Senior Security Engineer in Scope Network.  Christian was instrumental in establishing procedures for network and security review and optimization.  Christian traveled to over 50 locations worldwide to optimize and secure DoD networks.  Christian became a Microsoft Certified Trainer (MCT) and established a Microsoft Certified Technical Education Center.


In 2002, Christian worked for ARC Information Assurance Institute, Inc. as a Senior Information Security Consultant.  Christian was instrumental with the original simulator and defense training concepts for the Joint Cyber Operations Range.  Christian also worked with the Defense Information Systems Agency (DISA) as a Network Information Assurance Officer, responsible for the security of the Global Information Grid for the Department of Defense.  In 2005, Christian took a position with DS3 as the Chief Engineer.  As Chief Engineer, Christian was instrumental in the development of the Computer Network Defense block of the Air Force Undergraduate Network Warfare Training (UNWT) School.


Christian has held over 15 industry certifications, including the CISSP, MCSE, CCSP, MCT, and CFSO.  Christian is currently pursuing a Ph. D. in Information Security.


Directions to AFCEA Headquarters     Restaurants Near AFCEA      AFCEA Travel Info