Intrusion Analysis and Response
This course aims to develop knowledge and understanding of the strategies, techniques and technologies used in attacking and defending networks and how to design secure networks and protect against intrusion, malware and other hacker exploits.
Designed as either a standalone course or to flow from Introduction to Pen Testing, the course will explore the attackers’ mindsets and methods, and work through the different ways of protecting the estate. The course will cover keystone technologies required in an effective security defence solution including an introduction to usable and effective policies that staff will follow and not be encouraged to work around.
Topics covered include:
- Network security fundamentals
- Intrusion analysis and response
- Secure socket layer (SSL)
- Intrusion analysis practices
- Legal, privacy and ethics issues
On completion of this course, participants should be able to:
- Understand the main functions of a Security Operations Centre.
- Understand and evaluate the key issues involved in designing secure networks.
- Understand the issues arising in the collection of computer evidence after network breach.
- Develop effective risk management plans to protect against malware and other hacking exploits.
- Formulate a range of strategies and solutions for testing and continuously improving the security of a network.
Course Day Breakdown
Network Security and Linux IAR Fundamentals
The first day of the course will look at Linux incident analysis and response processes, specifically Bash Shell scripting, permissions, shell expansion, functions and hashing. Students will then be introduced to network security fundamentals, looking at layers, services, protocols and common issues.
Linux Command Line, Shell Coding, Trustico, Networking, Traffic Management, Security Architecture, SSL Components, Firewall Principles, Intrusion Analysis Practices.
Cryptography and Computer Networks
Day 2 of the course will introduce students to the principles of cryptography, properties of secure communication and methods of encryption/decryption. Students will then be stepped through the fundamentals of computer networks, covering transport-layer services, UDP/TCP and IP protocol.
Confidentiality, Authentication, Integrity, Digital Signatures, Access Control, Public Key Algorithms, Transport & Network Layer Protocols, Internet Routing.
Introduction to MANET; Incident Analysis & Response Theory
The first half of the session will cover the characteristics of mobile ad hoc networks (MANET), their applications and common security vulnerabilities. The rest of the day will focus on the concepts and practical processes of incident analysis and response.
Security in MANET, Dynamic Source Routing, Attacks in MANET, DDoS, Incident Response Process, Electronic Evidence Collection and Analysis, Cyber Kill Chain techniques.
Attacks, Counter Measures, Security Assessment and Testing
Day 4 will look at different types of attack vectors and methods of defence. Students will be given an introduction to security assessment, risk identification and evaluation techniques. We will also look at penetration testing methodologies, information gathering and flaw testing.
In-line Memory Attacks, Webshells, Dos Attack, Flood Attack, Smurf IP Attack, Asset Identification, Threat Assessment, Security Assessment Components, Probing the Network.
Legal, Privacy and Ethical Aspects
The final day of the course will give an overview of the various governance issues involved with cybercrime and computer crime. Students will be introduced to the issues facing law enforcement, intellectual property and copyright implications, privacy concerns, and ethical codes of conduct.
Types of Property, Patents, Trademarks, DMCA Copyright Act, Privacy Protections, Australian and Global Privacy Laws, Data Surveillance.
Who Should Attend
This course is useful for IT graduates entering the Cyber Security profession or those in junior Cyber Security roles. It is also useful for investigators who wish to develop a technical approach to their profession. Prior attendance at Cyber Security Boot Camp is recommended.
What You Will Receive
- Comprehensive set of course notes.
- UNSW Canberra certificate of attendance.
- Morning tea, lunch and afternoon tea.
NICE Framework Mapping
This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities):
K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
K0019: Knowledge of cryptography and cryptographic key management concepts
K0042: Knowledge of incident response and handling methodologies.
K0112: Knowledge of defence-in-depth principles and network security architecture.
K0179: Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
K0222: Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defence activities.
K0290: Knowledge of systems security testing and evaluation methods.
K0297: Knowledge of countermeasure design for identified security risks.
S0054: Skill in using incident handling methodologies.
S0059: Skill in using Virtual Private Network (VPN) devices and encryption.
S0124: Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
A0015: Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies. A0159 : Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).
What is the NICE Framework?
The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles.
To find out more about the NICE Framework, go to: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework
UNSW Canberra Cyber
UNSW Canberra Cyber is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.
The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.
Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.
Contact us at firstname.lastname@example.org to discuss how.