CAST 614 – Advanced Network Defense

Overview

This course empowers you to transcend the traditional mindset that hacking is where the excitement lies. Embrace the role of the defender, develop an offensive mindset to craft robust defenses, and outsmart hackers at their own game.

In this course, you will explore advanced hacking methods and defense fortification techniques, helping you establish best practices and methodologies to secure environments effectively. The course emphasizes segmentation and isolation to minimize the impact of advanced persistent threats (APTs).

CAST 614 covers fundamental strategies for fortifying your defenses by developing a secure baseline and hardening your enterprise architecture against advanced attacks. After establishing a fortified perimeter, the course addresses sophisticated malware defenses, the importance of live memory analysis, and real-time monitoring.

Duration

3 days

Intended Audience

  • Firewall Administrators
  • System Architects
  • System Administrators
  • Windows Administrators
  • Anyone responsible for or interested in:
  • Identifying security weaknesses in systems or networks
  • Exposing weaknesses for system owners to fix breaches before being compromised
  • Applying hacking and penetration testing constructively to defend against attacks
  • Analyzing best practices for developing secure system and network configurations
  • Establishing a secure baseline for deploying machines in a protected state
  • Understanding popular attack methods used by hackers to fortify their systems

Course Outlines

1. Firewalls

  • Overview of Firewalls
  • Types of Firewalls: Stateless Packet Filters
  • Enhancing Device Remote-Access Security
  • Securing the Console Port
  • Protecting Terminal Lines
  • Establishing Encrypted Communications
  • Configuring HTTPS and SSH
  • Lab: Securing the Perimeter

2. Advanced Filtering

  • Advanced Filtering Techniques
  • Ingress and Egress Filtering
  • Source Address Verification (SAV) and uRPF
  • Additional Filtering Considerations
  • Time-Based and Reflexive ACLs
  • Context-Based Access Control (CBAC)
  • Essential Steps to Harden Routers
  • Lab: Advanced Filtering

3. Firewall Configuration

  • Advanced Filtering Techniques
  • Types of Firewalls: Stateful Packet Filters and Application Proxies
  • Comparing Application Proxies and Stateful Packet Filters
  • Web Application Firewalls: Types and Products
  • Firewall Architecture: Screened Subnet, Classic Firewall, Belt and Braces, Separate Services Subnet
  • Perimeter Configuration Strategies
  • Lab: Selecting a Firewall Architecture

4. Hardening: Establishing a Secure Baseline

  • Windows NT/2000/2003, XP, Vista, and Server 2003 Architecture
  • UNIX/Linux Security
  • Secure Server Guidelines and System Hardening
  • Using Security Compliance Manager
  • Device Security and Hardening Switches
  • Lab: Hardening

5. Intrusion Detection and Prevention

  • Importance of Intrusion Detection
  • Introduction to Intrusion Detection
  • Addressing False Positives and Topology Concerns
  • Realistic Implementation of Intrusion Prevention
  • Types of Intrusion Prevention Systems (IPS)
  • Host-Based Intrusion Prevention Systems
  • Lab: Intrusion Detection

6. Protecting Web Applications

  • Overview of OWASP Top 10 Vulnerabilities
  • Injection Flaws, Cross-Site Scripting (XSS), and Broken Authentication
  • Insecure Cryptographic Storage
  • Reverse Engineering Web Applications
  • Tools: Hackbar, Tamper Data, SQL Inject Me, XSS ME
  • Web Application Firewalls: Components and Tools
  • Lab: Protecting Web Apps

7. Memory Analysis

  • Revisiting Data Types: Volatile and Non-Volatile
  • System Date and Time, Network Connections, Open Ports
  • Processes, Cached NetBIOS Names, Logged-On Users
  • Internal Routing and Running Processes
  • Tools: Pslist, Tasklist, Tlist, Memory Dumps
  • Lab: Memory Analysis

8. Endpoint Protection

  • Introduction to Network Access Control (NAC)
  • NAC Architecture and Concepts: Inline vs. Out-of-Band
  • Implementing User-Based Identity Access Control
  • Network Access Protection (NAP): Components, Enforcement, and Best Practices
  • 802.1x and EAP Explained
  • Labs:
  • Network Access Protection with DHCP
  • Network Access Protection with IPsec
  • Endpoint Protection

9. Securing Wireless Networks

  • Wireless Tools and Vulnerabilities
  • MAC Filtering, Hiding Access Points, Hijacking, and Jamming
  • Identifying Targets: Wardriving and Sniffing
  • Attacking Encrypted Networks: WEP, WPA, LEAP
  • Comparison of Security Protocols and Tools