This FireEye course provides hands on, tactical experience with network protocols, network architecture, intrusion detection systems, network traffic capture and traffic analysis. Through Live Lab Sessions you’ll study the types of network monitoring and tools used to identify malicious network activity and prevent sophisticated attackers from blending seamlessly with legitimate traffic. Explore the most useful techniques for investigating botnets and how to utilize honeypots in network monitoring.
4 Live Hands-On Labs
4-6 Hours of Work per Module
“The way I like to think of incident response is as if it's a jigsaw puzzle. Network Traffic Analysis makes up the outline pieces. Once you get an outline, you're able to fill in the actual image with host information.”
Describe how Network Traffic Analysis is conducted throughout the attacker lifecycle. Review basic Linux commands and concepts. Conduct basic Wireshark analysis, such as using the dissector, display filter and the expression builder, setting user preferences, review common application protocols, and analyzing SSL traffic. Use the OSI TCP/IP model to determine what portions of the packet header are located at what layer.
Analyze DNS protocol to include different types of records. Analyze HTTP traffic. Describe multiple protocols, what they look like on the wire, and their use in the attacker lifecycle. Analyze binary protocols.
Describe network hardware to include their uses and complications. Create a network topology. Conduct analysis using NetFlow and tools. Conduct analysis using non-Wireshark tools.
Identify Snort rule options. Identify Surricata options. Create Snort signatures.