Corso Cisco Cybersecurity Operations
PANORAMICA
PANORAMICA
Corso di preparazione al conseguimento della
Certificazione Cisco Certified CyberOps Associate
Understanding Cisco Cybersecurity Operations Fundamentals
Voucher e Piani Rateali Interni per le seguenti categorie:
- Disoccupati
- Inoccupati
- Lavoratori a Termine
- Reddito inferiore a 30.000 euro
OBIETTIVI DEL CORSO
OBIETTIVI DEL CORSOQuesto corso è progettato per preparare il partecipante alla certificazione Cisco Certified CyberOps Associate ottenibile attraverso il superamento dell’esame CBROPS 210-201. Le organizzazioni moderne, che vogliano competere nel mercato attuale, hanno bisogno di essere dotate o servirsi di un centro definito SOC (Security Operations Center). Questa entità, composta da un Team di professionisti, si occupa di fornire i seguenti principali servizi:
• Servizi di Gestione: tutte le attività di gestione delle funzionalità di sicurezza legate all’infrastruttura IT (rete, sistemi ed applicazioni).
• Servizi di Monitoraggio: l’infrastruttura IT e di Sicurezza vengono monitorate in tempo reale al fine di individuare tempestivamente tentativi di intrusione, di attacco o di compromissione dei sistemi.
• Servizi Proattivi: sono servizi finalizzati a migliorare il livello di protezione dell’organizzazione (Security assessments, vulnerability assessments, early warning, security awareness).
Per supportare adeguatamente questi servizi, i SOC, devono servirsi di personale qualificato a vari livelli. Risorse professionalmente adeguate nell’ambito della Cybersecurity sono oggi di difficile reperimento. In tale contesto nasce questo percorso formativo qualificante. Esso è specificatamente strutturato per ottenere una figura professionale che possa inserirsi rapidamente in un Security Operations Center. Il corso è caratterizzato da una parte teorica e una pratica realizzata su Laboratori forniti direttamente da Cisco. Questa è una prerogativa concessa solo ed esclusivamente ai Cisco Learning Partner.
CONTENUTI IN SINTESI
CONTENUTI IN SINTESIUnderstanding Cisco Cybersecurity Operations Fundamentals
Understanding the TCP/IP Protocol Suite
1.2 OSI Model
1.3 TCP/IP Model
1.5 IP Addressing
1.6 IP Address Classes
1.7 Reserved IP Addresses
1.8 Public and Private IP Addresses
1.9 IPv6 Addresses
1.11 TCP Three-Way Handshake
1.13 TCP and UDP Ports
1.14 Address Resolution Protocol
1.15 Host-to-Host Packet Delivery Using TCP
1.16 Dynamic Host Configuration Protocol
1.17 Domain Name System
1.18 Internet Control Message Protocol
1.19 Packet Capture Using tcpdump
1.20 Wireshark
1.21 Explore the TCP/IP Protocol Suite
Understanding the Network Infrastructure
2.2 Analyzing DHCP Operations
2.3 IP Subnetting
2.4 Hubs, Bridges, and Layer 2 Switches
2.5 VLANs and Trunks
2.6 Spanning Tree Protocols
2.7 Standalone (Autonomous) and Lightweight Access Points
2.8 Routers
2.9 Routing Protocols
2.10 Multilayer Switches
2.11 NAT Fundamentals
2.12 Packet Filtering with ACLs
2.13 ACLs with the Established Option
2.14 Explore the Network Infrastructure
Understanding Common TCP/IP Attacks
3.2 Legacy TCP/IP Vulnerabilities
3.3 IP Vulnerabilities
3.4 ICMP Vulnerabilities
3.5 TCP Vulnerabilities
3.6 UDP Vulnerabilities
3.7 Attack Surface and Attack Vectors
3.8 Reconnaissance Attacks
3.9 Access Attacks
3.10 Man-in-the-Middle Attacks
3.11 Denial of Service and Distributed Denial of Service
3.12 Reflection and Amplification Attacks
3.13 Spoofing Attacks
3.14 DHCP Attacks
3.15 Explore TCP/IP Attacks
Understanding Basic Cryptography Concepts
4.2 Impact of Cryptography on Security Investigations
4.3 Cryptography Overview
4.4 Hash Algorithms
4.5 Encryption Overview
4.6 Cryptanalysis
4.7 Symmetric Encryption Algorithms
4.8 Asymmetric Encryption Algorithms
4.9 Diffie-Hellman Key Agreement
4.10 Use Case: SSH
4.11 Digital Signatures
4.12 PKI Overview
4.13 PKI Operations
4.14 Use Case: SSL/TLS
4.15 Cipher Suite
4.16 Key Management
4.17 NSA Suite B
4.18 Explore Cryptographic Technologies
Describing Information Security Concepts
5.2 Information Security Confidentiality, Integrity, and Availability
5.3 Personally Identifiable Information
5.4 Risk
5.5 Vulnerability Assessment
5.6 CVSS v3.0
5.7 Access Control Models
5.8 Regulatory Compliance
5.9 Information Security Management
5.10 Security Operations Center
Understanding Network Applications
6.2 DNS Operations
6.3 Recursive DNS Query
6.4 Dynamic DNS
6.5 HTTP Operations
6.6 HTTPS Operations
6.7 Web Scripting
6.8 SQL Operations
6.9 SMTP Operations
6.10 Explore Network Applications
Understanding Common Network Application Attacks
7.2 Password Attacks
7.3 Pass-the-Hash Attacks
7.4 DNS-Based Attacks
7.5 DNS Tunneling
7.6 Web-Based Attacks
7.7 Malicious iFrames
7.8 HTTP 302 Cushioning
7.9 Domain Shadowing
7.10 Command Injections
7.11 SQL Injections
7.12 Cross-Site Scripting and Request Forgery
7.13 Email-Based Attacks
7.14 Explore Network Application Attacks
Understanding Windows Operating System Basics
8.2 Windows Operating System History
8.3 Windows Operating System Architecture
8.4 Windows Processes, Threads, and Handles
8.5 Windows Virtual Memory Address Space
8.6 Windows Services
8.7 Windows File System Overview
8.8 Windows File System Structure
8.9 Windows Domains and Local User Accounts
8.10 Windows Graphical User Interface
8.11 Run as Administrator
8.12 Windows Command Line Interface
8.13 Windows PowerShell
8.14 Windows net Command
8.15 Controlling Startup Services and Executing System Shutdown
8.16 Controlling Services and Processes
8.17 Monitoring System Resources
8.18 Windows Boot Process
8.19 Windows Networking
8.20 Windows netstat Command
8.21 Accessing Network Resources with Windows
8.22 Windows Registry
8.23 Windows Event Logs
8.24 Windows Management Instrumentation
8.25 Common Windows Server Functions
8.26 Common Third-Party Tools
8.27 Explore the Windows Operating System
Understanding Linux Operating System Basics
9.2 History and Benefits of Linux
9.3 Linux Architecture
9.4 Linux File System Overview
9.5 Basic File System Navigation and Management Commands
9.6 File Properties and Permissions
9.7 Editing File Properties
9.8 Root and Sudo
9.9 Disks and File Systems
9.10 System Initialization
9.11 Emergency/Alternate Startup Options
9.12 Shutting Down the System
9.13 System Processes
9.14 Interacting with Linux
9.15 Linux Command Shell Concepts
9.16 Piping Command Output
9.17 Other Useful Command Line Tools
9.18 Overview of Secure Shell Protocol
9.19 Networking
9.20 Managing Services in SysV Environments
9.21 Viewing Running Network Services
9.22 Name Resolution: DNS
9.23 Testing Name Resolution
9.24 Viewing Network Traffic
9.25 System Logs
9.26 Configuring Remote syslog
9.27 Running Software on Linux
9.28 Executables vs. Interpreters
9.29 Using Package Managers to Install Software in Linux
9.30 System Applications
9.31 Lightweight Directory Access Protocol
9.32 Explore the Linux Operating System
Understanding Common Endpoint Attacks
10.2 Classify Attacks, Exploits, and Vulnerabilities
10.3 Buffer Overflow
10.4 Malware
10.5 Reconnaissance
10.6 Gaining Access and Control
10.7 Gaining Access Via Social Engineering
10.8 Social Engineering Example: Phishing
10.9 Gaining Access Via Web-Based Attacks
10.10 Exploit Kits
10.11 Rootkits
10.12 Privilege Escalation
10.13 Pivoting
10.14 Post-Exploitation Tools Example
10.15 Exploit Kit Example: Angler
10.16 Explore Endpoint Attacks
Understanding Network Security Technologies
11.2 Defense-in-Depth Strategy
11.3 Defend Across the Attack Continuum
11.4 Authentication, Authorization, and Accounting
11.5 Identity and Access Management
11.6 Stateful Firewall
11.7 Network Taps
11.8 Switched Port Analyzer
11.9 Remote Switched Port Analyzer
11.10 Intrusion Prevention System
11.11 IPS Evasion Techniques
11.12 Snort Rules
11.13 VPNs
11.14 Email Content Security
11.15 Web Content Security
11.16 DNS Security
11.17 Network-Based Malware Protection
11.18 Next Generation Firewall
11.19 Security Intelligence
11.20 Threat Analytic Systems
11.21 Network Security Device Form Factors
11.22 Security Onion Overview
11.23 Security Tools Reference
11.24 Explore Network Security Technologies
Understanding Endpoint Security Technologies
12.2 Host-Based Personal Firewall
12.3 Host-Based Anti-Virus
12.4 Host-Based Intrusion Prevention System
12.5 Application Whitelists and Blacklists
12.6 Host-Based Malware Protection
12.7 Sandboxing
12.8 File Integrity Checking
12.9 Explore Endpoint Security
Describing Security Data Collection
13.2 Network Security Monitoring Placement
13.3 Network Security Monitoring Data Types
13.4 Intrusion Prevention System Alerts
13.5 True/False, Positive/Negative IPS Alerts
13.6 IPS Alerts Analysis Process
13.7 Firewall Log
13.8 DNS Log
13.9 Web Proxy Log
13.10 Email Proxy Log
13.11 AAA Server Log
13.12 Next Generation Firewall Log
13.13 Applications Log
13.14 Packet Captures
13.15 NetFlow
13.16 Network Behavior Anomaly Detection
13.17 Data Loss Detection Using Netflow Example
13.18 Security Information and Event Management Systems
13.19 Explore Security Data for Analysis
Describing Security Event Analysis
14.2 Cyber Kill Chain
14.3 Advanced Persistent Threats
14.4 Diamond Model for Intrusion Analysis
14.5 Cybersecurity Threat Models Summary
14.6 SOC Runbook Automation
14.7 Malware Reverse Engineering
14.8 Chain of Custody
Defining the Security Operations Center
1.2 Types of Security Operations Centers
1.3 SOC Analyst Tools
1.4 Data Analytics
1.5 Hybrid Installations: Automated Reports, Anomaly Alerts
1.6 Sufficient Staffing Necessary for an Effective Incident Response Team
1.7 Roles in a Security Operations Center
1.8 Develop Key Relationships with External Resources
Understanding NSM Tools and Data
2.2 NSM Tools
2.3 NSM Data
2.4 Security Onion
2.5 Full Packet Capture
2.6 Session Data
2.7 Transaction Data
2.8 Alert Data
2.9 Other Data Types
2.10 Correlating NSM Data
2.11 Explore Network Security Monitoring Tools
Understanding Incident Analysis in a Threat-Centric SOC
3.2 Classic Kill Chain Model Overview
3.3 Kill Chain Phase 1: Reconnaissance
3.4 Kill Chain Phase 2: Weaponization
3.5 Kill Chain Phase 3: Delivery
3.6 Kill Chain Phase 4: Exploitation
3.7 Kill Chain Phase 5: Installation
3.8 Kill Chain Phase 6: Command-and-Control
3.9 Kill Chain Phase 7: Actions on Objectives
3.10 Applying the Kill Chain Model
3.11 Diamond Model Overview
3.12 Applying the Diamond Model
3.13 Exploit Kits
3.14 Investigate Hacker Methodology
Identifying Resources for Hunting Cyber Threats
4.2 Cyber-Threat Hunting Concepts
4.3 Hunting Maturity Model
4.4 Cyber-Threat Hunting Cycle
4.5 Common Vulnerability Scoring System
4.6 CVSS v3.0 Scoring
4.7 CVSS v3.0 Example
4.8 Hot Threat Dashboard
4.9 Publicly Available Threat Awareness Resources
4.10 Other External Threat Intelligence Sources and Feeds Reference
4.11 Hunt Malicious Traffic
Understanding Event Correlation and Normalization
5.2 Event Sources
5.3 Evidence
5.4 Security Data Normalization
5.5 Event Correlation
5.6 Other Security Data Manipulation
5.7 Correlate Event Logs, PCAPs, and Alerts of an Attack
Identifying Common Attack Vectors
6.2 Obfuscated JavaScript
6.3 Shellcode and Exploits
6.4 Common Metasploit Payloads
6.5 Directory Traversal
6.6 SQL Injection
6.7 Cross-Site Scripting
6.8 Punycode
6.9 DNS Tunneling
6.10 Pivoting
6.11 Investigate Browser-Based Attacks
Identifying Malicious Activity
7.2 Understanding the Network Design
7.3 Identifying Possible Threat Actors
7.4 Log Data Search
7.5 NetFlow as a Security Tool
7.6 DNS Risk and Mitigation Tool
7.7 Analyze Suspicious DNS Activity
Identifying Patterns of Suspicious Behavior
8.2 Network Baselining
8.3 Identify Anomalies and Suspicious Behaviors
8.4 PCAP Analysis
8.5 Delivery
8.6 Investigate Suspicious Activity Using Security Onion
Conducting Security Incident Investigations
9.2 Security Incident Investigation Procedures
9.3 Threat Investigation Example: China Chopper Remote Access Trojan
9.4 Investigate Advanced Persistent Threats
Describing the SOC Playbook
10.2 Security Analytics
10.3 Playbook Definition
10.4 What Is in a Play?
10.5 Playbook Management System
10.6 Explore SOC Playbooks
Understanding the SOC Metrics
11.2 Security Data Aggregation
11.3 Time to Detection
11.4 Security Controls Detection Effectiveness
11.5 SOC Metrics
Understanding the SOC WMS and Automation
12.2 SOC WMS Concepts
12.3 Incident Response Workflow
12.4 SOC WMS Integration
12.5 SOC Workflow Automation Example
Describing the Incident Response Plan
13.2 Incident Response Planning
13.3 Incident Response Life Cycle
13.4 Incident Response Policy Elements
13.5 Incident Attack Categories
13.6 Reference: US-CERT Incident Categories
13.7 Regulatory Compliance Incident Response Requirements
Describing the Computer Security Incident Response Team
14.2 CSIRT Categories
14.3 CSIRT Framework
14.4 CSIRT Incident Handling Services
Understanding the use of VERIS
15.2 VERIS Overview
15.3 VERIS Incidents Structure
15.4 VERIS 4 A’s
15.5 VERIS Records
15.6 VERIS Community Database
15.7 Verizon Data Breach Investigations Report and Cisco Annual Security Report
TIPOLOGIA DEL CORSO
TIPOLOGIA DEL CORSOLezioni frontali Presenza in Aula e Laboratorio;
Lezioni a distanza in Video Presenza Tempo Reale e Laboratorio;
INFRASTRUTTURA LABORATORIALE
INFRASTRUTTURA LABORATORIALEPer tutte le tipologie di erogazione, il Corsista può accedere alle attrezzature e ai sistemi reali Cisco presenti nei Nostri laboratori o direttamente presso i data center Cisco in modalità remota h24. Ogni partecipante dispone di un accesso per implementare le varie configurazioni avendo così un riscontro pratico e immediato della teoria affrontata.
Ecco di seguito alcune topologie di rete dei Laboratori Cisco Disponibili:
PREREQUISITI
PREREQUISITII partecipanti dovranno avere una conoscenza basilare scolastica della lingua Inglese.
DURATA E FREQUENZA
Durata 51h – Frequenza Serale 2 Volte a settimana;
Durata 5gg – Frequenza Full Time;
Altre tipologie di Frequenza;
DOCENTI
DOCENTII docenti sono Istruttori Ufficiali pluri certificati Cisco e in altre tecnologie IT, con anni di esperienza pratica nel settore e nella Formazione.
MODALITÀ DI ISCRIZIONE
MODALITÀ DI ISCRIZIONEL’iscrizione avviene contattando la sede.
Le iscrizioni sono rivolte ad un massimo di 12 partecipanti. Si ricorda inoltre che il costo del corso non comprende gli esami di certificazione che il corsista può sostenere alla fine del percorso formativo presso i nostri centri
CALENDARIO
CALENDARIOCCNA Cyber Ops: 24/02/2020 – Lun. Mer. 18:30/21:30
Posti Rimanenti: 0/12
Cisco Cybersecurity Operations: 06/05/2020 – Lun. Mer. 18:30/21:30
Posti Rimanenti: 5/12
Elenco Corsi Cisco per Certificazione
