Incident Response Course Syllabus
In this course you will learn how to use open source tools for incident response purposes. This course utilizes first hand explanations and screencast demonstrations of how to use these tools in a step-by-step manner so you can start incident response work immediately on your own.
Table of Contents
Course Overview – Introductory Lesson
Unit 1- Incident Response Concepts, Planning and Preparation
Lesson 1 – Incident Response – Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack . The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.
Lesson 2 – Cyber Attacks – Here we will cover CyberAttacks on Wi-Fi networks and over the web so you can understand how to respond to them.
Lesson 3 – Virtualization and Cloud Security – So virtualization can mean many things at different layers of the stack. At the network layer you have VLAN’s, MPLS networks and even SDN (Software Defined Network) technologies such as Openflow. At the storage layer you have VSAN’s. At the Hardware and OS layer you have hypervisors for machine virtualization and containers for runtime virtualization and isolation. Databases have even gotten in on the act using container technology.
Lesson 4 – Malware – In this section we will define Malware categories and characteristics and talk through protective countermeasures to keep networks, systems and data safe from compromise. ‘
Lesson 5 – Static Malware Analysis
Analyze malware statically in VM environments.
Lesson 6 – Operational Security – Once we have a Risk Management program in place we need to implement operational security to manage the day to day aspects of security. In this lesson you will learn about Operational Security Controls what they consist of and how they help us to incrementally manage risk on a daily basis.
Lesson 7 – Disaster Recovery – While at first glance DR might not seem like a natural fit with cybersecurity after further analysis we realize that disasters are threats that can inflict much more damage than any hacker. Here we will talk about DR planning, strategies and best practices.
Unit 2 – Incident Response Mitigating Controls
Lesson 8 – Platform Hardening and Baselining – Minimizing the attack surface area of operating systems, databases and applications is a key tenet of operational security. In this lesson you will learn about techniques for OS/DB and App hardening.
Lesson 9 – Advanced Perimeter Security – While many argue that with the advent of mobile technologies and the cloud the perimeter is dissolving, it will remain a key component in securing network resources for years to come. Here we’ll cover Load balancers, forward and reverse proxies, API Security Gateways, Firewall rules and Unified Threat Management technologies.
Lesson 10 – IDS – Intrusion Detection technology is offered in multiple flavors. They are either network based or host based and can be detective or preventive in nature.
Lesson 11 – Advanced IDS – Previously we’ve talked about IDS basic concepts. Now it’s time to cover advanced IDS architectures, standards and further explore the inner workings of statistical and Rule based IDS.
Lesson 12 – Snort and Bro – In this lesson you will learn how to use Snort and Bro NIDS/HIDS by example.
Lesson 13 – Honeypots and Honeynets – Luring attackers away from critical data and studying their behavior can help us to protect the data that matters most. Let’s found out how we can use honeypots to tie up attackers and find out what they are up to.
Lesson 13.5 – Kippo SSH Honeypot
Lesson 14 – Firewalls – In this lesson we will cover the evolution of firewalls and their capabilities.
Unit 3 – Incident Forensics Analysis
Lesson 15 – Apache Security Logging – Apache is still the most popular web server by install base on the web. Let’s learn how to log malicious activities using Apache logging.
Lesson 16 – SIM – Management of logs is a key component of operational security. These days the velocity, variety and volume of data collected via logs has catapulted log management into the realm of Big Data. You will learn how to effectively manage these logs and derive useful security information from them.
Lesson 17 – Forensic Duplication
Learn how to acquire a forensic duplicate using Linux based tool