Incident Response Course Syllabus
In this course, you will learn how to use open source tools for incident response purposes. This course utilizes first-hand explanations and screencast demonstrations of how to use these tools in a step-by-step manner so you can start incident response work immediately on your own.
Table of Contents
Course Overview – Introductory Lesson
Incident Response - Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.
Cyber Attacks - Here we will cover CyberAttacks on Wi-Fi networks and over the web so you can understand how to respond to them.
Virtualization and Cloud Security - So virtualization can mean many things at different layers of the stack. At the network layer, you have VLAN’s, MPLS networks and even SDN (Software Defined Network) technologies such as OpenFlow. At the storage layer, you have VSAN’s. At the Hardware and OS layer, you have hypervisors for machine virtualization and containers for runtime virtualization and isolation. Databases have even gotten in on the act using container technology.
Malware - In this section, we will define Malware categories and characteristics and talk through protective countermeasures to keep networks, systems, and data safe from compromise. ‘
Static Malware Analysis
Analyze malware statically in VM environments.
Operational Security - Once we have a Risk Management program in place we need to implement operational security to manage the day to day aspects of security. In this lesson, you will learn about Operational Security Controls what they consist of and how they help us to incrementally manage risk on a daily basis.
Lesson 7 – Disaster Recovery - While at first glance DR might not seem like a natural fit with cybersecurity after further analysis we realize that disasters are threats that can inflict much more damage than any hacker. Here we will talk about DR planning, strategies, and best practices.
Platform Hardening and Baselining - Minimizing the attack surface area of operating systems, databases and applications is a key tenet of operational security. In this lesson, you will learn about techniques for OS/DB and App hardening.
Lesson 9 - Advanced Perimeter Security - While many argue that with the advent of mobile technologies and the cloud the perimeter is dissolving, it will remain a key component in securing network resources for years to come. Here we’ll cover Load balancers, forward and reverse proxies, API Security Gateways, Firewall rules and Unified Threat Management technologies.
IDS - Intrusion Detection technology is offered in multiple flavors. They are either network based or host based and can be detective or preventive in nature.
Advanced IDS - Previously we’ve talked about IDS basic concepts. Now it’s time to cover advanced IDS architectures, standards and further, explore the inner workings of statistical and Rule-based IDS.
Snort and Bro – In this lesson, you will learn how to use Snort and Bro NIDS/HIDS by example.
Honeypots and Honeynets - Luring attackers away from critical data and studying their behavior can help us to protect the data that matters most. Let’s found out how we can use honeypots to tie up attackers and find out what they are up to.
Kippo SSH Honeypot
Firewalls - In this lesson, we will cover the evolution of firewalls and their capabilities.
Apache Security Logging – Apache is still the most popular web server by install base on the web. Let’s learn how to log malicious activities using Apache logging.
SIM - Management of logs is a key component of operational security. These days the velocity, variety and volume of data collected via logs have catapulted log management into the realm of Big Data. You will learn how to effectively manage these logs and derive useful security information from them.
Learn how to acquire a forensic duplicate using Linux based tool
What are the requirements?
- Students should have a basic understanding of technology and networking.
- A working internet connection.
What am I going to get from this course?
- Defend networks and systems from common threats and attacks using open source incident response tools.
- Use Snort and Bro to conduct incident response.
- Use Kippo as an SSH Honeypot.
- Architect IDS and network perimeter security environments.
What is the target audience?
- Students who desire to learn more about defending networks and systems against hackers.