Cisco CCNA Security, Cisco CCNA Cyber OPS, Cisco CCNP Security

Corso Cisco Cybersecurity Operations

Panoramica Obiettivi Contenuti
Tipologia Prerequisiti Durata e Frequenza
Docenti Modalità di Iscrizione Calendario

PANORAMICA

Corso di preparazione al conseguimento della
Certificazione Cisco CyberOps Associate
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)

Sintesi Statistica:
Corsi realizzati: 29;
Numero Corsisti: 261;
Superamento Esame: 96,44%

Agevolazioni per Disoccupati Inoccupati e lavoratori a Termine

Contattaci ora per ricevere tutti i dettagli e per richiedere, senza alcun impegno, di parlare direttamente con uno dei nostri docenti Cyber Security CLICCA QUI.
Oppure chiamaci subito al nostro numero verde 800-177596.

OBIETTIVI DEL CORSO

Questo corso è progettato per preparare il partecipante alla certificazione Cisco Certified CyberOps Associate ottenibile attraverso il superamento dell’esame CBROPS 200-201. Il Corso Cybersecurity affronta le principali vulnerabilità legate alle infrastrutture di rete. Si analizzeranno gli attacchi e le misure di cyber-sicurezza più diffuse sia in ambienti Windows che Linux. Le organizzazioni moderne, che vogliano competere nel mercato attuale, hanno bisogno di essere dotate o servirsi di un centro definito SOC (Security Operations Center). Questa entità, composta da un Team di professionisti, si occupa di fornire i seguenti principali servizi:
• Servizi di Gestione: tutte le attività di gestione delle funzionalità di sicurezza legate all’infrastruttura IT (rete, sistemi ed applicazioni).
• Servizi di Monitoraggio: l’infrastruttura IT e di Sicurezza vengono monitorate in tempo reale al fine di individuare tempestivamente tentativi di intrusione, di attacco o di compromissione dei sistemi.
• Servizi Proattivi: sono servizi finalizzati a migliorare il livello di protezione dell’organizzazione (Security assessments, vulnerability assessments, early warning, security awareness).
Per supportare adeguatamente questi servizi, i SOC, devono essere composti da risorse qualificate a vari livelli. Personale professionalmente adeguato nell’ambito della Cybersecurity è oggi di difficile reperimento. In tale contesto nasce questo percorso formativo qualificante e certificato. Esso è specificatamente strutturato per ottenere una figura professionale che possa inserirsi rapidamente in un Security Operations Center. Il corso è caratterizzato da una parte teorica e una pratica realizzata su Laboratori forniti direttamente da Cisco. Questa è una prerogativa concessa solo ed esclusivamente ai Cisco Learning Partner.

CONTENUTI IN SINTESI

Understanding Cisco Cybersecurity Operations Fundamentals

Defining the Security Operations Center
Introduction
Types of Security Operations Centers
SOC Analyst Tools
Data Analytics
Hybrid Installations: Automated Reports, Anomaly Alerts
Staffing an Effective Incident Response Team
Roles in a Security Operations Center
Developing Key Relationships with External Resources
Understanding Network Infrastructure and Network Security Monitoring Tools
Introduction
NAT Fundamentals
Packet Filtering with ACLs
ACLs with the Established Option
Access Control Models
Authentication, Authorization, and Accounting
Load Balancing
Network-Based Malware Protection
Network Security Monitoring Tools
Exploring Data Type Categories
Introduction
Network Security Monitoring Data
Network Security Monitoring Data Types
Security Information and Event Management Systems
Security Orchestration, Automation, and Response
Security Onion Overview
Full Packet Capture
Packet Captures
Packet Capture Using Tcpdump
Session Data
Transaction Data
Alert Data
Other Data Types
Correlating NSM Data
Information Security Confidentiality, Integrity, and Availability
Personally Identifiable Information
Regulatory Compliance
Intellectual Property
Use NSM Tools to Analyze Data Categories
Understanding Basic Cryptography Concepts
Introduction
Impact of Cryptography on Security Investigations
Cryptography Overview
Hash Algorithms
Encryption Overview
Cryptanalysis
Symmetric Encryption Algorithms
Asymmetric Encryption Algorithms
Diffie-Hellman Key Agreement
Use Case: SSH
Digital Signatures
PKI Overview
PKI Operations
Use Case: SSL/TLS
Cipher Suite
Key Management
NSA Suite B
Explore Cryptographic Technologies
Understanding Common TCP/IP Attacks
Introduction
Address Resolution Protocol
Legacy TCP/IP Vulnerabilities
IP Vulnerabilities
ICMP Vulnerabilities
TCP Vulnerabilities
UDP Vulnerabilities
Attack Surface and Attack Vectors
Reconnaissance Attacks
Access Attacks
Man-in-the-Middle Attacks
Denial of Service and Distributed Denial of Service
Reflection and Amplification Attacks
Spoofing Attacks
DHCP Attacks
Explore TCP/IP Attacks
Understanding Endpoint Security Technologies
Introduction
Host-Based Personal Firewall
Host-Based Antivirus
Host Intrusion Prevention System
Application Whitelists and Blacklists
Host-Based Malware Protection
Sandboxing
File Integrity Checking
Explore Endpoint Security
Understanding Incident Analysis in a Threat-Centric SOC
Introduction
Classic Kill Chain Model Overview
Kill Chain Phase : Reconnaissance
Kill Chain Phase : Weaponization
Kill Chain Phase : Delivery
Kill Chain Phase : Exploitation
Kill Chain Phase : Installation
Kill Chain Phase : Command-and-Control
Kill Chain Phase : Actions on Objectives
Applying the Kill Chain Model
Diamond Model Overview
Applying the Diamond Model
MITRE ATTACK™ Framework
Investigate Hacker Methodology
Identifying Resources for Hunting Cyber Threats
Introduction
Cyber-Threat Hunting Concepts
Hunting Maturity Model
Cyber Threat Hunting Cycle
Common Vulnerability Scoring System
CVSS vScoring
CVSS vExample
Hot Threat Dashboard
Publicly Available Threat Awareness Resources
Other External Threat Intelligence Sources and Feeds Reference
Security Intelligence
Threat Analytic Systems
Security Tools Reference
Hunt Malicious Traffic
Understanding Event Correlation and Normalization
Introduction
Event Sources
Evidence
Chain of Custody
Security Data Normalization
Event Correlation
Other Security Data Manipulation
Correlate Event Logs, PCAPs, and Alerts of an Attack
Identifying Common Attack Vectors
Introduction
DNS Operations
Recursive DNS Query
Dynamic DNS
HTTP Operations
HTTPS Operations
HTTP/ Operations
SQL Operations
SMTP Operations
Web Scripting
Obfuscated JavaScript
Shellcode and Exploits
Common Metasploit Payloads
Directory Traversal
SQL Injection
Cross-Site Scripting
Punycode
DNS Tunneling
Pivoting
HTTP Cushioning
Gaining Access Via Web-Based Attacks
Exploit Kits
Emotet Advanced Persistent Threat
Investigate Browser-Based Attacks
Identifying Malicious Activity
Introduction
Understanding the Network Design
Zero Trust Model
Identifying Possible Threat Actors
Log Data Search
System Logs
Windows Event Viewer
Firewall Log
DNS Log
Web Proxy Log
Email Proxy Log
AAA Server Log
Next Generation Firewall Log
Applications Log
NetFlow
NetFlow as a Security Tool
Network Behavior Anomaly Detection
Data Loss Detection Using NetFlow Example
DNS Risk and Mitigation Tool
IPS Evasion Techniques
The Onion Router
Gaining Access and Control
Peer-to-Peer Networks
Encapsulation
Altered Disk Image
Analyze Suspicious DNS Activity
Explore Security Data for Analysis
Identifying Patterns of Suspicious Behavior
Introduction
Network Baselining
Identifying Anomalies and Suspicious Behaviors
PCAP Analysis
Delivery
Investigate Suspicious Activity Using Security Onion
Conducting Security Incident Investigations
Introduction
Security Incident Investigation Procedures
Threat Investigation Example: China Chopper Remote Access Trojan
Investigate Advanced Persistent Threats
Using a Playbook Model to Organize Security Monitoring
Introduction
Security Analytics
Playbook Definition
What Is in a Play?
Playbook Management System
Explore SOC Playbooks
Understanding SOC Metrics
Introduction
Security Data Aggregation
Time to Detection
Security Controls Detection Effectiveness
SOC Metrics
Understanding SOC Workflow and Automation
Introduction
SOC WMS Concepts
Incident Response Workflow
SOC WMS Integration
SOC Workflow Automation Example
Describing Incident Response
Introduction
Incident Response Planning
Incident Response Life Cycle
Incident Response Policy Elements
Incident Attack Categories
Reference: US-CERT Incident Categories
Regulatory Compliance Incident Response Requirements
CSIRT Categories
CSIRT Framework
CSIRT Incident Handling Services
Understanding the Use of VERIS
Introduction
VERIS Overview
VERIS Incidents Structure
VERIS A’s
VERIS Records
VERIS Community Database
Verizon Data Breach Investigations Report and Cisco Annual Security Report
Understanding Windows Operating System Basics
Introduction
Windows Operating System History
Windows Operating System Architecture
Windows Processes, Threads, and Handles
Windows Virtual Memory Address Space
Windows Services
Windows File System Overview
Windows File System Structure
Windows Domains and Local User Accounts
Windows GUI
Run as Administrator
Windows CLI
Windows PowerShell
Windows net Command
Controlling Startup Services and Executing System Shutdown
Controlling Services and Processes
Monitoring System Resources
Windows Boot Process
Windows Networking
Windows netstat Command
Accessing Network Resources with Windows
Windows Registry
Windows Management Instrumentation
Common Windows Server Functions
Common Third-Party Tools
Explore the Windows Operating System
Understanding Linux Operating System Basics
Introduction
History and Benefits of Linux
Linux Architecture
Linux File System Overview
Basic File System Navigation and Management Commands
File Properties and Permissions
Editing File Properties
Root and Sudo
Disks and File Systems
System Initialization
Emergency/Alternate Startup Options
Shutting Down the System
System Processes
Interacting with Linux
Linux Command Shell Concepts
Piping Command Output
Other Useful Command-Line Tools
Overview of Secure Shell Protocol
Networking
Managing Services in SysV Environments
Viewing Running Network Services
Name Resolution: DNS
Testing Name Resolution
Viewing Network Traffic
Configuring Remote Syslog
Running Software on Linux
Executables vs. Interpreters
Using Package Managers to Install Software in Linux
System Applications
Lightweight Directory Access Protocol
Explore the Linux Operating System

Attività Laboratoriale

Configure the Initial Collaboration Lab Environment
Use NSM Tools to Analyze Data Categories
Explore Cryptographic Technologies
Explore TCP/IP Attacks
Explore Endpoint Security
Investigate Hacker Methodology
Hunt Malicious Traffic
Correlate Event Logs, PCAPs, and Alerts of an Attack
Investigate Browser-Based Attacks
Analyze Suspicious DNS Activity
Explore Security Data for Analysis
Investigate Suspicious Activity Using Security Onion
Investigate Advanced Persistent Threats
Explore SOC Playbooks
Explore the Windows Operating System
Explore the Linux Operating System

TIPOLOGIA DEL CORSO

Corso di Formazione con Docente;

INFRASTRUTTURA LABORATORIALE

Per tutte le tipologie di erogazione, il Corsista può accedere alle attrezzature e ai sistemi reali Cisco presenti nei Nostri laboratori o direttamente presso i data center Cisco in modalità remota h24. Ogni partecipante dispone di un accesso per implementare le varie configurazioni avendo così un riscontro pratico e immediato della teoria affrontata.
Ecco di seguito alcune topologie di rete dei Laboratori Cisco Disponibili:

Corsi e certificazioni CCNA Cyber OPS SECOPS - Cybersecurity

Laboratorio, Corsi e Certificazione CCNA Security

PREREQUISITI

Non ci sono prerequisiti formali.

DURATA E FREQUENZA

Durata Estensiva 48 Ore;
Erogato anche in modalità Intensiva;
Varie tipologie di Frequenza Estensiva ed Intensiva.

DOCENTI

I docenti sono Istruttori Ufficiali pluri certificati Cisco e in altre tecnologie di IT Security, con anni di esperienza pratica nel settore e nella Formazione.

MODALITÀ DI ISCRIZIONE

Le iscrizioni sono a numero chiuso per garantire ai tutti i partecipanti un servizio eccellente.
L’iscrizione avviene richiedendo di essere contattati dal seguente Link, o contattando la sede al numero verde 800-177596 o inviando una richiesta all’email [email protected].