Corso Cisco Cybersecurity Operations
PANORAMICA
PANORAMICA
Corso di preparazione al conseguimento della
Certificazione Cisco Certified CyberOps Associate
Understanding Cisco Cybersecurity Operations Fundamentals
Contattaci ora per ricevere tutti i dettagli e per richiedere, senza alcun impegno, di parlare direttamente con uno dei nostri docenti Cyber Security 
CLICCA QUI.
Oppure chiamaci subito al nostro numero verde 
800-177596.
OBIETTIVI DEL CORSO
OBIETTIVI DEL CORSOQuesto corso è progettato per preparare il partecipante alla certificazione Cisco Certified CyberOps Associate ottenibile attraverso il superamento dell’esame CBROPS 200-201. Il Corso Cybersecurity affronta le principali vulnerabilità legate alle infrastrutture di rete. Si analizzeranno gli attacchi e le misure di cyber-sicurezza più diffuse sia in ambienti Windows che Linux. Le organizzazioni moderne, che vogliano competere nel mercato attuale, hanno bisogno di essere dotate o servirsi di un centro definito SOC (Security Operations Center). Questa entità, composta da un Team di professionisti, si occupa di fornire i seguenti principali servizi:
• Servizi di Gestione: tutte le attività di gestione delle funzionalità di sicurezza legate all’infrastruttura IT (rete, sistemi ed applicazioni).
• Servizi di Monitoraggio: l’infrastruttura IT e di Sicurezza vengono monitorate in tempo reale al fine di individuare tempestivamente tentativi di intrusione, di attacco o di compromissione dei sistemi.
• Servizi Proattivi: sono servizi finalizzati a migliorare il livello di protezione dell’organizzazione (Security assessments, vulnerability assessments, early warning, security awareness).
Per supportare adeguatamente questi servizi, i SOC, devono essere composti da risorse qualificate a vari livelli. Personale professionalmente adeguato nell’ambito della Cybersecurity è oggi di difficile reperimento. In tale contesto nasce questo percorso formativo qualificante e certificato. Esso è specificatamente strutturato per ottenere una figura professionale che possa inserirsi rapidamente in un Security Operations Center. Il corso è caratterizzato da una parte teorica e una pratica realizzata su Laboratori forniti direttamente da Cisco. Questa è una prerogativa concessa solo ed esclusivamente ai Cisco Learning Partner.
CONTENUTI IN SINTESI
CONTENUTI IN SINTESIUnderstanding Cisco Cybersecurity Operations Fundamentals
- Defining the Security Operations Center
- Introduction
- Types of Security Operations Centers
- SOC Analyst Tools
- Data Analytics
- Hybrid Installations: Automated Reports, Anomaly Alerts
- Staffing an Effective Incident Response Team
- Roles in a Security Operations Center
- Developing Key Relationships with External Resources
- Understanding Network Infrastructure and Network Security Monitoring Tools
- Introduction
- NAT Fundamentals
- Packet Filtering with ACLs
- ACLs with the Established Option
- Access Control Models
- Authentication, Authorization, and Accounting
- Load Balancing
- Network-Based Malware Protection
- Network Security Monitoring Tools
- Exploring Data Type Categories
- Introduction
- Network Security Monitoring Data
- Network Security Monitoring Data Types
- Security Information and Event Management Systems
- Security Orchestration, Automation, and Response
- Security Onion Overview
- Full Packet Capture
- Packet Captures
- Packet Capture Using Tcpdump
- Session Data
- Transaction Data
- Alert Data
- Other Data Types
- Correlating NSM Data
- Information Security Confidentiality, Integrity, and Availability
- Personally Identifiable Information
- Regulatory Compliance
- Intellectual Property
- Use NSM Tools to Analyze Data Categories
- Understanding Basic Cryptography Concepts
- Introduction
- Impact of Cryptography on Security Investigations
- Cryptography Overview
- Hash Algorithms
- Encryption Overview
- Cryptanalysis
- Symmetric Encryption Algorithms
- Asymmetric Encryption Algorithms
- Diffie-Hellman Key Agreement
- Use Case: SSH
- Digital Signatures
- PKI Overview
- PKI Operations
- Use Case: SSL/TLS
- Cipher Suite
- Key Management
- NSA Suite B
- Explore Cryptographic Technologies
- Understanding Common TCP/IP Attacks
- Introduction
- Address Resolution Protocol
- Legacy TCP/IP Vulnerabilities
- IP Vulnerabilities
- ICMP Vulnerabilities
- TCP Vulnerabilities
- UDP Vulnerabilities
- Attack Surface and Attack Vectors
- Reconnaissance Attacks
- Access Attacks
- Man-in-the-Middle Attacks
- Denial of Service and Distributed Denial of Service
- Reflection and Amplification Attacks
- Spoofing Attacks
- DHCP Attacks
- Explore TCP/IP Attacks
- Understanding Endpoint Security Technologies
- Introduction
- Host-Based Personal Firewall
- Host-Based Antivirus
- Host Intrusion Prevention System
- Application Whitelists and Blacklists
- Host-Based Malware Protection
- Sandboxing
- File Integrity Checking
- Explore Endpoint Security
- Understanding Incident Analysis in a Threat-Centric SOC
- Introduction
- Classic Kill Chain Model Overview
- Kill Chain Phase : Reconnaissance
- Kill Chain Phase : Weaponization
- Kill Chain Phase : Delivery
- Kill Chain Phase : Exploitation
- Kill Chain Phase : Installation
- Kill Chain Phase : Command-and-Control
- Kill Chain Phase : Actions on Objectives
- Applying the Kill Chain Model
- Diamond Model Overview
- Applying the Diamond Model
- MITRE ATTACK™ Framework
- Investigate Hacker Methodology
- Identifying Resources for Hunting Cyber Threats
- Introduction
- Cyber-Threat Hunting Concepts
- Hunting Maturity Model
- Cyber Threat Hunting Cycle
- Common Vulnerability Scoring System
- CVSS vScoring
- CVSS vExample
- Hot Threat Dashboard
- Publicly Available Threat Awareness Resources
- Other External Threat Intelligence Sources and Feeds Reference
- Security Intelligence
- Threat Analytic Systems
- Security Tools Reference
- Hunt Malicious Traffic
- Understanding Event Correlation and Normalization
- Introduction
- Event Sources
- Evidence
- Chain of Custody
- Security Data Normalization
- Event Correlation
- Other Security Data Manipulation
- Correlate Event Logs, PCAPs, and Alerts of an Attack
- Identifying Common Attack Vectors
- Introduction
- DNS Operations
- Recursive DNS Query
- Dynamic DNS
- HTTP Operations
- HTTPS Operations
- HTTP/ Operations
- SQL Operations
- SMTP Operations
- Web Scripting
- Obfuscated JavaScript
- Shellcode and Exploits
- Common Metasploit Payloads
- Directory Traversal
- SQL Injection
- Cross-Site Scripting
- Punycode
- DNS Tunneling
- Pivoting
- HTTP Cushioning
- Gaining Access Via Web-Based Attacks
- Exploit Kits
- Emotet Advanced Persistent Threat
- Investigate Browser-Based Attacks
- Identifying Malicious Activity
- Introduction
- Understanding the Network Design
- Zero Trust Model
- Identifying Possible Threat Actors
- Log Data Search
- System Logs
- Windows Event Viewer
- Firewall Log
- DNS Log
- Web Proxy Log
- Email Proxy Log
- AAA Server Log
- Next Generation Firewall Log
- Applications Log
- NetFlow
- NetFlow as a Security Tool
- Network Behavior Anomaly Detection
- Data Loss Detection Using NetFlow Example
- DNS Risk and Mitigation Tool
- IPS Evasion Techniques
- The Onion Router
- Gaining Access and Control
- Peer-to-Peer Networks
- Encapsulation
- Altered Disk Image
- Analyze Suspicious DNS Activity
- Explore Security Data for Analysis
- Identifying Patterns of Suspicious Behavior
- Introduction
- Network Baselining
- Identifying Anomalies and Suspicious Behaviors
- PCAP Analysis
- Delivery
- Investigate Suspicious Activity Using Security Onion
- Conducting Security Incident Investigations
- Introduction
- Security Incident Investigation Procedures
- Threat Investigation Example: China Chopper Remote Access Trojan
- Investigate Advanced Persistent Threats
- Using a Playbook Model to Organize Security Monitoring
- Introduction
- Security Analytics
- Playbook Definition
- What Is in a Play?
- Playbook Management System
- Explore SOC Playbooks
- Understanding SOC Metrics
- Introduction
- Security Data Aggregation
- Time to Detection
- Security Controls Detection Effectiveness
- SOC Metrics
- Understanding SOC Workflow and Automation
- Introduction
- SOC WMS Concepts
- Incident Response Workflow
- SOC WMS Integration
- SOC Workflow Automation Example
- Describing Incident Response
- Introduction
- Incident Response Planning
- Incident Response Life Cycle
- Incident Response Policy Elements
- Incident Attack Categories
- Reference: US-CERT Incident Categories
- Regulatory Compliance Incident Response Requirements
- CSIRT Categories
- CSIRT Framework
- CSIRT Incident Handling Services
- Understanding the Use of VERIS
- Introduction
- VERIS Overview
- VERIS Incidents Structure
- VERIS A’s
- VERIS Records
- VERIS Community Database
- Verizon Data Breach Investigations Report and Cisco Annual Security Report
- Understanding Windows Operating System Basics
- Introduction
- Windows Operating System History
- Windows Operating System Architecture
- Windows Processes, Threads, and Handles
- Windows Virtual Memory Address Space
- Windows Services
- Windows File System Overview
- Windows File System Structure
- Windows Domains and Local User Accounts
- Windows GUI
- Run as Administrator
- Windows CLI
- Windows PowerShell
- Windows net Command
- Controlling Startup Services and Executing System Shutdown
- Controlling Services and Processes
- Monitoring System Resources
- Windows Boot Process
- Windows Networking
- Windows netstat Command
- Accessing Network Resources with Windows
- Windows Registry
- Windows Management Instrumentation
- Common Windows Server Functions
- Common Third-Party Tools
- Explore the Windows Operating System
- Understanding Linux Operating System Basics
- Introduction
- History and Benefits of Linux
- Linux Architecture
- Linux File System Overview
- Basic File System Navigation and Management Commands
- File Properties and Permissions
- Editing File Properties
- Root and Sudo
- Disks and File Systems
- System Initialization
- Emergency/Alternate Startup Options
- Shutting Down the System
- System Processes
- Interacting with Linux
- Linux Command Shell Concepts
- Piping Command Output
- Other Useful Command-Line Tools
- Overview of Secure Shell Protocol
- Networking
- Managing Services in SysV Environments
- Viewing Running Network Services
- Name Resolution: DNS
- Testing Name Resolution
- Viewing Network Traffic
- Configuring Remote Syslog
- Running Software on Linux
- Executables vs. Interpreters
- Using Package Managers to Install Software in Linux
- System Applications
- Lightweight Directory Access Protocol
- Explore the Linux Operating System
Attività Laboratoriale
- Configure the Initial Collaboration Lab Environment
- Use NSM Tools to Analyze Data Categories
- Explore Cryptographic Technologies
- Explore TCP/IP Attacks
- Explore Endpoint Security
- Investigate Hacker Methodology
- Hunt Malicious Traffic
- Correlate Event Logs, PCAPs, and Alerts of an Attack
- Investigate Browser-Based Attacks
- Analyze Suspicious DNS Activity
- Explore Security Data for Analysis
- Investigate Suspicious Activity Using Security Onion
- Investigate Advanced Persistent Threats
- Explore SOC Playbooks
- Explore the Windows Operating System
- Explore the Linux Operating System
TIPOLOGIA DEL CORSO
TIPOLOGIA DEL CORSOVarie tipologie di erogazione;
Lezioni frontali Presenza in Aula e Laboratorio;
Lezioni a distanza in Video Presenza Tempo Reale e Laboratorio;
INFRASTRUTTURA LABORATORIALE
INFRASTRUTTURA LABORATORIALEPer tutte le tipologie di erogazione, il Corsista può accedere alle attrezzature e ai sistemi reali Cisco presenti nei Nostri laboratori o direttamente presso i data center Cisco in modalità remota h24. Ogni partecipante dispone di un accesso per implementare le varie configurazioni avendo così un riscontro pratico e immediato della teoria affrontata.
Ecco di seguito alcune topologie di rete dei Laboratori Cisco Disponibili:
PREREQUISITI
PREREQUISITINon ci sono prerequisiti formali.
Si consiglia una conoscenza basilare scolastica della lingua Inglese.
DURATA E FREQUENZA
Durata Estensiva 48 Ore;
Erogato anche in modalità Intensiva;
Varie tipologie di Frequenza Estensiva ed Intensiva.
DOCENTI
DOCENTII docenti sono Istruttori Ufficiali pluri certificati Cisco e in altre tecnologie di IT Security, con anni di esperienza pratica nel settore e nella Formazione.
MODALITÀ DI ISCRIZIONE
MODALITÀ DI ISCRIZIONELe iscrizioni sono a numero chiuso per garantire ai tutti i partecipanti un servizio eccellente.
L’iscrizione avviene richiedendo di essere contattati dal seguente Link, o contattando la sede al numero verde 800-177596 o inviando una richiesta all’email contatti@vegatraining.eu.
CALENDARIO
CALENDARIOCorso Cisco Cybersecurity Operations: 06/05/2020 – Lun. Mer. 18:30/21:30
Posti Rimanenti: 0/12
Corso Cisco Cybersecurity Operations: 03/07/2020 – Lun. Mer. Ven. 18:30/21:30
Posti Rimanenti: 5/12
Elenco Corsi Cisco per Certificazione
