SC-345 --- Solaris[tm] OE Network Intrusion Detection

The Solaris Operating System Network Intrusion Detection course provides students with the knowledge and skills necessary to perform the advanced administration skills required to firewall

The Solaris Operating System Network Intrusion Detection course provides students with the knowledge and skills necessary to perform the advanced administration skills required to firewall, monitor, log, identify and respond to network security breaches.

• Install, configure, and maintain a Solaris product line server

• Install open source utilities like tcpdump and libpcap

• Configure a Solaris NIC for LAN and Internet access

• Have a firm understanding of the TCP/IP protocol stack and IP routing

• Configuring Security on the Solaris 10 Operating System (SC-301-S10)

• Configure Solaris logging daemons like syslog

• Experienced System Administrators and Security Administrators who are tasked with protecting Sun Solaris systems in a non-trusted environment such as the Internet or a LAN environment with multiple unknown/untrusted users

• This course counts towards the Hands-on course requirement for the Oracle Solaris 10 Security Administrator Certification. Only instructor-led inclass or instructor-led online formats of this course will meet the Certification Hands-on Requirement. Self Study CD-Rom and Knowledge Center courses DO NOT meet the Hands-on Requi

5 Days

Solaris[tm] OE Network Intrusion Detection (SC-345) Content Details

Ethernet and IP Operation Review OSI network model Review application and network service layers Identify Ethernet security issues Review IPv4 addressing Understand IP fragmentation Identify ICMP security issues Implement basic traffic capture and analysis IP and ARP Vulnerability Analysis Identify IP security issues Describe IP routing and routing protocol security Protect against IP abuse Identify ARP security issues Execute attacks against ARP Protect against ARP abuse Implement advanced packet capture and analysis UDP/TCP Protocol and TELNET Vulnerability Analysis Discuss characteristics of UDP and TCP Identify TCP security issues Describe common TCP abuses: SYN attack, sequence guessing, connection hijacking Discuss characteristics of TELNET Identify TELNET security issues Execute attacks on TCP and TELNET Protect against TCP and TELNET abuse FTP and HTTP Vulnerability Analysis Describe FTP transfer methods and modes and identify FTP security issues Describe common FTP abuses: FTP bounce attack, port stealing, brute force Discuss characteristics of HTTPv1.1 Describe role of HTTP proxy servers and HTTP authentication Identify HTTP security issues Describe common HTTP abuses: path name stealing, header spoofing, proxy poisoning Execute attacks on FTP and HTTP Protect against FTP and HTTP abuse DNS Vulnerability Analysis Discuss characteristics of DNS Identify DNS security issues Describe common DNS abuses: DNS spoofing, DNS cache poisoning, unauthorized zone transfers Execute attacks on DNS Protect against DNS abuse SSH and HTTPS Vulnerability Analysis Discuss characteristics of SSH Describe differences between SSH1 and SSH2 protocol Identify SSH security issues Describe common SSH abuses: insertion attack, brute force attack, CRC compensation attack Describe characteristics HTTPS (SSL) Discuss other SSL enabled protocols Describe common SSL abuses: man-in-the-middle and version rollback attack Remote Operating System Detection Use standard system commands and exploit default settings to guess remote operating systems Use open source utilities to guess remote operating systems by scanning open ports Describe TCP/IP stack fingerprinting Install and use nmap for remote OS detection   Network Attack Techniques and Basic Attack Detection Identify sources of network attacks Discuss methods of intrusion Describe common network attacks: denial-of-service, software buffer overflow, poor system configuration, password guessing/cracking Describe a typical intrusion scenario Introduce the concept of an Intrusion Detection System (IDS) List some of the most popular IDS tools: Klaxon, Portsentry, snort Implement basic scan detection Implementing Intrusion Detection Technologies Identify the difference between host based and network based IDS Discuss different types of IDS implementation: hybrid NIDS and honeypots Describe core components of a NIDS using the snort NIDS Compile and install the snort NIDS Advanced NIDS Configuration Discuss advanced snort features like "real time response" and snort log monitors Install a database (mysql) to log snort alerts Install the graphical user interfaces (GUI) Demarc and ACID to better interpret snort logs by querying the snort database Generate outside attacks that trigger snort alerts Interpret GUI snort monitors to identify attacks Writing snort rules Describe the different components of a snort rule Configure different snort rule options Write custom snort rules to watch for specific traffic patterns Execute attacks against custom snort rules and interpret GUI snort monitors to identify attacks Solaris Routing List requirements for a Solaris host to be a router Implement a Solaris host as a router Use the ndd utility to secure a Solaris router Solaris Firewalls Describe different types of Solaris firewalls: application firewalls and packet filters Identify two of the most common Solaris firewall products: Sunsceen Lite and IPfilter Learn firewall policy basics Write firewall rules for network or host based firewalls Install an IPfilter firewall on a Solaris host Solaris Network (NAT) and Port Translation (PAT) Describe NAT and PAT concepts Implement NAT to secure a private network behind a Solaris firewall

Interested in any of our courses. Use this form to contact us