Atjaunināt sīkdatņu piekrišanu

CCNA Cybersecurity Operations Course Booklet [Mīkstie vāki]

3.50/5 (4 ratings by Goodreads)
  • Formāts: Paperback / softback, 336 pages, height x width x depth: 276x210x24 mm, weight: 920 g
  • Sērija : Course Booklets
  • Izdošanas datums: 09-May-2018
  • Izdevniecība: Cisco Press
  • ISBN-10: 1587134373
  • ISBN-13: 9781587134371
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 40,55 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
CCNA Cybersecurity Operations Course BookletPalielināt
  • Formāts: Paperback / softback, 336 pages, height x width x depth: 276x210x24 mm, weight: 920 g
  • Sērija : Course Booklets
  • Izdošanas datums: 09-May-2018
  • Izdevniecība: Cisco Press
  • ISBN-10: 1587134373
  • ISBN-13: 9781587134371
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781587134371.html
Keywords:
Your Cisco Networking Academy Course Booklet is designed as a study resource you can easily read, highlight, and review on the go, wherever the Internet is not available or practical:







·         The text is extracted directly, word-for-word, from the online course so you can highlight important points and take notes in the Your Chapter Notes section.

·         Headings with the exact page correlations provide a quick reference to the online course for your classroom discussions and exam preparation.

·         An icon system directs you to the online curriculum to take full advantage of the images embedded within the Networking Academy online course interface and reminds you to perform the labs, Class Activities, interactive activities, Packet Tracer activities, watch videos, and take the chapter quizzes and exams.







The Course Booklet is a basic, economical paper-based resource to help you succeed with the Cisco Networking Academy online course.

 
Chapter 0 Course Introduction 1(4)
0.0 Welcome to CCNA: Cybersecurity Operations
1(4)
0.0.1 Message to the Student
1(4)
0.0.1.1 Welcome
1(1)
0.0.1.2 A Global Community
1(1)
0.0.1.3 More than Just Information
1(1)
0.0.1.4 How We Teach
2(1)
0.0.1.5 Ethical Hacking Statement
2(1)
0.0.1.6 Course Overview
3(2)
Chapter 1 Cybersecurity and the Security Operations Center 5(12)
1.0 Introduction
5(1)
1.0.1 Welcome
5(1)
1.0.1.1
Chapter 1: Cybersecurity and the Security Operations Center
5(1)
1.0.1.2 Activity - Top Hacker Shows Us How It is Done
5(1)
1.1 The Danger
5(4)
1.1.1 War Stories
5(1)
1.1.1.1 Hijacked People
5(1)
1.1.1.2 Ransomed Companies
5(1)
1.1.1.3 Targeted Nations
6(1)
1.1.1.4 Lab - Installing the CyberOps Workstation Virtual Machine
6(1)
1.1.1.5 Lab - Cybersecurity Case Studies
6(1)
1.1.2 Threat Actors
6(2)
1.1.2.1 Amateurs
6(1)
1.1.2.2 Hacktivists
7(1)
1.1.2.3 Financial Gain
7(1)
1.1.2.4 Trade Secrets and Global Politics
7(1)
1.1.2.5 How Secure is the Internet of Things?
7(1)
1.1.2.6 Lab - Learning the Details of Attacks
7(1)
1.1.3 Threat Impact
8(1)
1.1.3.1 PII and PHI
8(1)
1.1.3.2 Lost Competitive Advantage
8(1)
1.1.3.3 Politics and National Security
8(1)
1.1.3.4 Lab - Visualizing the Black Hats
9(1)
1.2 Fighters in the War Against Cybercrime
9(4)
1.2.1 The Modern Security Operations Center
9(2)
1.2.1.1 Elements of a SOC
9(1)
1.2.1.2 People in the SOC
9(1)
1.2.1.3 Process in the SOC
10(1)
1.2.1.4 Technologies in the SOC
10(1)
1.2.1.5 Enterprise and Managed Security
10(1)
1.2.1.6 Security vs. Availability
11(1)
1.2.1.7 Activity - Identify the SOC Terminology
11(1)
1.2.2 Becoming a Defender
11(2)
1.2.2.1 Certifications
11(1)
1.2.2.2 Further Education
12(1)
1.2.2.3 Sources of Career Information
12(1)
1.2.2.4 Getting Experience
13(1)
1.2.2.5 Lab - Becoming a Defender
13(1)
1.3 Summary
13(2)
1.3.1 Conclusion
13(4)
1.3.1.1
Chapter 1: Cybersecurity and the Security Operations Center
13(2)
Quiz
15(1)
Exam
15(1)
Your
Chapter Notes
15(2)
Chapter 2 Windows Operating System 17(24)
2.0 Introduction
17(1)
2.0.1 Welcome
17(1)
2.0.1.1
Chapter 2: Windows Operating System
17(1)
2.0.1.2 Class Activity - Identify Running Processes
17(1)
2.1 Windows Overview
17(10)
2.1.1 Windows History
17(3)
2.1.1.1 Disk Operating System
17(1)
2.1.1.2 Windows Versions
18(1)
2.1.1.3 Windows GUI
19(1)
2.1.1.4 Operating System Vulnerabilities
19(1)
2.1.2 Windows Architecture and Operations
20(7)
2.1.2.1 Hardware Abstraction Layer
20(1)
2.1.2.2 User Mode and Kernel Mode
21(1)
2.1.2.3 Windows File Systems
21(2)
2.1.2.4 Windows Boot Process
23(1)
2.1.2.5 Windows Startup and Shutdown
24(1)
2.1.2.6 Processes, Threads, and Services
25(1)
2.1.2.7 Memory Allocation and Handles
25(1)
2.1.2.8 The Windows Registry
26(1)
2.1.2.9 Activity - Identify the Windows Registry Hive
27(1)
2.1.2.10 Lab - Exploring Processes, Threads, Handles, and Windows Registry
27(1)
2.2 Windows Administration
27(10)
2.2.1 Windows Configuration and Monitoring
27(7)
2.2.1.1 Run as Administrator
27(1)
2.2.1.2 Local Users and Domains
27(1)
2.2.1.3 CLI and PowerShell
28(1)
2.2.1.4 Windows Management Instrumentation
29(1)
2.2.1.5 The net Command
30(1)
2.2.1.6 Task Manager and Resource Monitor
30(1)
2.2.1.7 Networking
31(2)
2.2.1.8 Accessing Network Resources
33(1)
2.2.1.9 Windows Server
33(1)
2.2.1.10 Lab - Create User Accounts
34(1)
2.2.1.11 Lab - Using Windows PowerShell
34(1)
2.2.1.12 Lab - Windows Task Manager
34(1)
2.2.1.13 Lab - Monitor and Manage System Resources in Windows
34(1)
2.2.2 Windows Security
34(3)
2.2.2.1 The netstat Command
34(1)
2.2.2.2 Event Viewer
35(1)
2.2.2.3 Windows Update Management
35(1)
2.2.2.4 Local Security Policy
35(1)
2.2.2.5 Windows Defender
36(1)
2.2.2.6 Windows Firewall
37(1)
2.2.2.7 Activity - Identify the Windows Command
37(1)
2.2.2.8 Activity - Identify the Windows Tool
37(1)
2.3 Summary
37(3)
2.3.1 Conclusion
37(4)
2.3.1.1
Chapter 2: Windows Operating System
37(3)
Quiz
40(1)
Exam
40(1)
Your
Chapter Notes
40(1)
Chapter 3 Linux Operating System 41(18)
3.0 Introduction
41(1)
3.0.1 Welcome
41(1)
3.0.1.1
Chapter 3: Linux Operating System
41(1)
3.1 Linux Overview
41(5)
3.1.1 Linux Basics
41(2)
3.1.1.1 What is Linux?
41(1)
3.1.1.2 The Value of Linux
42(1)
3.1.1.3 Linux in the SOC
42(1)
3.1.1.4 Linux Tools
43(1)
3.1.2 Working in the Linux Shell
43(2)
3.1.2.1 The Linux Shell
43(1)
3.1.2.2 Basic Commands
43(1)
3.1.2.3 File and Directory Commands
44(1)
3.1.2.4 Working with Text Files
44(1)
3.1.2.5 The Importance of Text Files in Linux
44(1)
3.1.2.6 Lab - Working with Text Files in the CLI
45(1)
3.1.2.7 Lab - Getting Familiar with the Linux Shell
45(1)
3.1.3 Linux Servers and Clients
45(1)
3.1.3.1 An Introduction to Client-Server Communications
45(1)
3.1.3.2 Servers, Services, and Their Ports
45(1)
3.1.3.3 Clients
45(1)
3.1.3.4 Lab - Linux Servers
45(1)
3.2 Linux Administration
46(5)
3.2.1 Basic Server Administration
46(2)
3.2.1.1 Service Configuration Files
46(1)
3.2.1.2 Hardening Devices
46(1)
3.2.1.3 Monitoring Service Logs
47(1)
3.2.1.4 Lab - Locating Log Files
48(1)
3.2.2 The Linux File System
48(3)
3.2.2.1 The File System Types in Linux
48(1)
3.2.2.2 Linux Roles and File Permissions
49(1)
3.2.2.3 Hard Links and Symbolic Links
50(1)
3.2.2.4 Lab - Navigating the Linux Filesystem and Permission Settings
50(1)
3.3 Linux Hosts
51(4)
3.3.1 Working with the Linux GUI
51(1)
3.3.1.1 X Window System
51(1)
3.3.1.2 The Linux GUI
51(1)
3.3.2 Working on a Linux Host
52(3)
3.3.2.1 Installing and Running Applications on a Linux Host
52(1)
3.3.2.2 Keeping the System Up To Date
52(1)
3.3.2.3 Processes and Forks
52(1)
3.3.2.4 Malware on a Linux Host
53(1)
3.3.2.5 Rootkit Check
54(1)
3.3.2.6 Piping Commands
54(1)
3.3.2.7 Video Demonstration - Applications, Rootkits, and Piping Commands
55(1)
3.4 Summary
55(2)
3.4.1 Conclusion
55(4)
3.4.1.1
Chapter 3: Linux Operating System
55(2)
Quiz
57(1)
Exam
57(1)
Your
Chapter Notes
57(2)
Chapter 4 Network Protocols and Services 59(50)
4.0 Introduction
59(1)
4.0.1 Welcome
59(1)
4.0.1.1
Chapter 4: Network Protocols and Services
59(1)
4.1 Network Protocols
59(8)
4.1.1 Network Communications Process
59(3)
4.1.1.1 Views of the Network
59(1)
4.1.1.2 Client-Server Communications
60(1)
4.1.1.3 A Typical Session: Student
60(1)
4.1.1.4 A Typical Session: Gamer
61(1)
4.1.1.5 A Typical Session: Surgeon
61(1)
4.1.1.6 Tracing the Path
62(1)
4.1.1.7 Lab - Tracing a Route
62(1)
4.1.2 Communications Protocols
62(5)
4.1.2.1 What are Protocols?
62(1)
4.1.2.2 Network Protocol Suites
63(1)
4.1.2.3 The TCP/IP Protocol Suite
63(1)
4.1.2.4 Format, Size, and Timing
64(1)
4.1.2.5 Unicast, Multicast, and Broadcast
64(1)
4.1.2.6 Reference Models
65(1)
4.1.2.7 Three Addresses
65(1)
4.1.2.8 Encapsulation
65(1)
4.1.2.9 Scenario: Sending and Receiving a Web Page
66(1)
4.1.2.10 Lab - Introduction to Wireshark
67(1)
4.2 Ethernet and Internet Protocol (IP)
67(9)
4.2.1 Ethernet
67(1)
4.2.1.1 The Ethernet Protocol
67(1)
4.2.1.2 The Ethernet Frame
68(1)
4.2.1.3 MAC Address Format
68(1)
4.2.1.4 Activity - Ethernet Frame Fields
68(1)
4.2.2 IPv4
68(2)
4.2.2.1 IPv4 Encapsulation
68(1)
4.2.2.2 IPv4 Characteristics
69(1)
4.2.2.3 Activity - IPv4 Characteristics
70(1)
4.2.2.4 The IPv4 Packet
70(1)
4.2.2.5 Video Demonstration - Sample IPv4 Headers in Wireshark
70(1)
4.2.3 IPv4 Addressing Basics
70(2)
4.2.3.1 IPv4 Address Notation
70(1)
4.2.3.2 IPv4 Host Address Structure
70(1)
4.2.3.3 IPv4 Subnet Mask and Network Address
71(1)
4.2.3.4 Subnetting Broadcast Domains
71(1)
4.2.3.5 Video Demonstration - Network, Host, and Broadcast Addresses
72(1)
4.2.4 Types of IPv4 Addresses
72(1)
4.2.4.1 IPv4 Address Classes and Default Subnet Masks
72(1)
4.2.4.2 Reserved Private Addresses
73(1)
4.2.5 The Default Gateway
73(2)
4.2.5.1 Host Forwarding Decision
73(1)
4.2.5.2 Default Gateway
74(1)
4.2.5.3 Using the Default Gateway
74(1)
4.2.6 IPv6
75(1)
4.2.6.1 Need for IPv6
75(1)
4.2.6.2 IPv6 Size and Representation
75(1)
4.2.6.3 IPv6 Address Formatting
75(1)
4.2.6.4 IPv6 Prefix Length
76(1)
4.2.6.5 Activity - IPv6 Address Notation
76(1)
4.2.6.6 Video Tutorial - Layer 2 and Layer 3 Addressing
76(1)
4.3 Connectivity Verification
76(5)
4.3.1 ICMP
76(2)
4.3.1.1 ICMPv4 Messages
76(1)
4.3.1.2 ICMPv6 RS and RA Messages
77(1)
4.3.2 Ping and Traceroute Utilities
78(3)
4.3.2.1 Ping - Testing the Local Stack
78(1)
4.3.2.2 Ping - Testing Connectivity to the Local LAN
79(1)
4.3.2.3 Ping - Testing Connectivity to Remote Host
79(1)
4.3.2.4 Traceroute - Testing the Path
80(1)
4.3.2.5 ICMP Packet Format
80(1)
4.4 Address Resolution Protocol
81(5)
4.4.1 MAC and IP
81(1)
4.4.1.1 Destination on Same Network
81(1)
4.4.1.2 Destination on Remote Network
82(1)
4.4.2 ARP
82(3)
4.4.2.1 Introduction to ARP
82(1)
4.4.2.2 ARP Functions
82(1)
4.4.2.3 Video - ARP Operation - ARP Request
83(1)
4.4.2.4 Video - ARP Operation - ARP Reply
84(1)
4.4.2.5 Video - ARP Role in Remote Communication
84(1)
4.4.2.6 Removing Entries from an ARP Table
85(1)
4.4.2.7 ARP Tables on Networking Devices
85(1)
4.4.2.8 Lab - Using Wireshark to Examine Ethernet Frames
85(1)
4.4.3 ARP Issues
85(1)
4.4.3.1 ARP Broadcasts
85(1)
4.4.3.2 ARP Spoofing
86(1)
4.5 The Transport Layer
86(9)
4.5.1 Transport Layer Characteristics
86(4)
4.5.1.1 Transport Layer Protocol Role in Network Communication
86(1)
4.5.1.2 Transport Layer Mechanisms
87(1)
4.5.1.3 TCP Local and Remote Ports
87(1)
4.5.1.4 Socket Pairs
88(1)
4.5.1.5 TCP vs UDP
88(1)
4.5.1.6 TCP and UDP Headers
89(1)
4.5.1.7 Activity - Compare TCP and UDP Characteristics
90(1)
4.5.2 Transport Layer Operation
90(5)
4.5.2.1 TCP Port Allocation
90(1)
4.5.2.2 A TCP Session Part I: Connection Establishment and Termination
91(1)
4.5.2.3 Video Demonstration - TCP 3-Way Handshake
92(1)
4.5.2.4 Lab - Using Wireshark to Observe the TCP 3-Way Handshake
92(1)
4.5.2.5 Activity - TCP Connection and Termination Process
92(1)
4.5.2.6 A TCP Session Part II: Data Transfer
92(2)
4.5.2.7 Video Demonstration - Sequence Numbers and Acknowledgments
94(1)
4.5.2.8 Video Demonstration - Data Loss and Retransmission
94(1)
4.5.2.9 A UDP Session
94(1)
4.5.2.10 Lab - Exploring Nmap
95(1)
4.6 Network Services
95(10)
4.6.1 DHCP
95(2)
4.6.1.1 DHCP Overview
95(1)
4.6.1.2 DHCPv4 Message Format
96(1)
4.6.2 DNS
97(3)
4.6.2.1 DNS Overview
97(1)
4.6.2.2 The DNS Domain Hierarchy
97(1)
4.6.2.3 The DNS Lookup Process
97(1)
4.6.2.4 DNS Message Format
98(1)
4.6.2.5 Dynamic DNS
99(1)
4.6.2.6 The WHOIS Protocol
99(1)
4.6.2.7 Lab - Using Wireshark to Examine a UDP DNS Capture
100(1)
4.6.3 NAT
100(1)
4.6.3.1 NAT Overview
100(1)
4.6.3.2 NAT-Enabled Routers
100(1)
4.6.3.3 Port Address Translation
100(1)
4.6.4 File Transfer and Sharing Services
101(1)
4.6.4.1 FTP and TFTP
101(1)
4.6.4.2 SMB
102(1)
4.6.4.3 Lab - Using Wireshark to Examine TCP and UDP Captures
102(1)
4.6.5 Email
102(1)
4.6.5.1 Email Overview
102(1)
4.6.5.2 SMTP
102(1)
4.6.5.3 POP3
103(1)
4.6.5.4 IMAP
103(1)
4.6.6 HTTP
103(2)
4.6.6.1 HTTP Overview
103(1)
4.6.6.2 The HTTP URL
104(1)
4.6.6.3 The HTTP Protocol
104(1)
4.6.6.4 HTTP Status Codes
105(1)
4.6.6.5 Lab - Using Wireshark to Examine HTTP and HTTPS Traffic
105(1)
4.7 Summary
105(2)
4.7.1 Conclusion
105(4)
4.7.1.1
Chapter 4: Network Protocols and Services
105(2)
Quiz
107(1)
Exam
107(1)
Your
Chapter Notes
107(2)
Chapter 5 Network Infrastructure 109(28)
5.0 Introduction
109(1)
5.0.1 Welcome
109(1)
5.0.1.1
Chapter 5: Network Infrastructure
109(1)
5.1 Network Communication Devices
109(11)
5.1.1 Network Devices
109(7)
5.1.1.1 End Devices
109(1)
5.1.1.2 Video Tutorial - End Devices
109(1)
5.1.1.3 Routers
110(1)
5.1.1.4 Activity - Match Layer 2 and Layer 3 Addressing
110(1)
5.1.1.5 Router Operation
110(1)
5.1.1.6 Routing Information
111(1)
5.1.1.7 Video Tutorial - Static and Dynamic Routing
112(1)
5.1.1.8 Hubs, Bridges, LAN Switches
112(1)
5.1.1.9 Switching Operation
113(1)
5.1.1.10 Video Tutorial - MAC Address Tables on Connected Switches
114(1)
5.1.1.11 VLANs
114(1)
5.1.1.12 STP
114(1)
5.1.1.13 Multilayer Switching
115(1)
5.1.2 Wireless Communications
116(4)
5.1.2.1 Video Tutorial - Wireless Communications
116(1)
5.1.2.2 Protocols and Features
116(1)
5.1.2.3 Wireless Network Operations
117(1)
5.1.2.4 The Client to AP Association Process
118(1)
5.1.2.5 Activity - Order the Steps in the Client and AP Association Process
119(1)
5.1.2.6 Wireless Devices - AP, LWAP, WLC
119(1)
5.1.2.7 Activity - Identify the LAN Device
119(1)
5.2 Network Security Infrastructure
120(10)
5.2.1 Security Devices
120(5)
5.2.1.1 Video Tutorial - Security Devices
120(1)
5.2.1.2 Firewalls
120(1)
5.2.1.3 Firewall Type Descriptions
120(1)
5.2.1.4 Packet Filtering Firewalls
121(1)
5.2.1.5 Stateful Firewalls
121(1)
5.2.1.6 Next-Generation Firewalls
121(1)
5.2.1.7 Activity - Identify the Type of Firewall
122(1)
5.2.1.8 Intrusion Protection and Detection Devices
122(1)
5.2.1.9 Advantages and Disadvantages of IDS and IPS
122(1)
5.2.1.10 Types of IPS
123(1)
5.2.1.11 Specialized Security Appliances
124(1)
5.2.1.12 Activity - Compare IDS and IPS Characteristics
125(1)
5.2.2 Security Services
125(5)
5.2.2.1 Video Tutorial - Security Services
125(1)
5.2.2.2 Traffic Control with ACLs
125(1)
5.2.2.3 ACLs: Important Features
126(1)
5.2.2.4 Packet Tracer - ACL Demonstration
126(1)
5.2.2.5 SNMP
126(1)
5.2.2.6 NetFlow
127(1)
5.2.2.7 Port Mirroring
127(1)
5.2.2.8 Syslog Servers
128(1)
5.2.2.9 NTP
128(1)
5.2.2.10 AAA Servers
129(1)
5.2.2.11 VPN
130(1)
5.2.2.12 Activity - Identify the Network Security Device or Service
130(1)
5.3 Network Representations
130(4)
5.3.1 Network Topologies
130(4)
5.3.1.1 Overview of Network Components
130(1)
5.3.1.2 Physical and Logical Topologies
131(1)
5.3.1.3 WAN Topologies
131(1)
5.3.1.4 LAN Topologies
131(1)
5.3.1.5 The Three-Layer Network Design Model
132(1)
5.3.1.6 Video Tutorial - Three-Layer Network Design
132(1)
5.3.1.7 Common Security Architectures
133(1)
5.3.1.8 Activity - Identify the Network Topology
134(1)
5.3.1.9 Activity - Identify the Network Design Terminology
134(1)
5.3.1.10 Packet Tracer - Identify Packet Flow
134(1)
5.4 Summary
134(2)
5.4.1 Conclusion
134(3)
5.4.1.1
Chapter 5: Network Infrastructure
134(2)
Quiz
136(1)
Exam
136(1)
Your
Chapter Notes
136(1)
Chapter 6 Principles of Network Security 137(18)
6.0 Introduction
137(1)
6.0.1 Welcome
137(1)
6.0.1.1
Chapter 6: Principles of Network Security
137(1)
6.1 Attackers and Their Tools
137(4)
6.1.1 Who is Attacking Our Network?
137(3)
6.1.1.1 Threat, Vulnerability, and Risk
137(1)
6.1.1.2 Hacker vs. Threat Actor
138(1)
6.1.1.3 Evolution of Threat Actors
138(1)
6.1.1.4 Cybercriminals
139(1)
6.1.1.5 Cybersecurity Tasks
139(1)
6.1.1.6 Cyber Threat Indicators
139(1)
6.1.1.7 Activity - What Color is my Hat?
140(1)
6.1.2 Threat Actor Tools
140(1)
6.1.2.1 Introduction of Attack Tools
140(1)
6.1.2.2 Evolution of Security Tools
140(1)
6.1.2.3 Categories of Attacks
141(1)
6.1.2.4 Activity - Classify Hacking Tools
141(1)
6.2 Common Threats and Attacks
141(11)
6.2.1 Malware
141(4)
6.2.1.1 Types of Malware
141(1)
6.2.1.2 Viruses
141(1)
6.2.1.3 Trojan Horses
141(1)
6.2.1.4 Trojan Horse Classification
142(1)
6.2.1.5 Worms
142(1)
6.2.1.6 Worm Components
143(1)
6.2.1.7 Ransomware
143(1)
6.2.1.8 Other Malware
144(1)
6.2.1.9 Common Malware Behaviors
144(1)
6.2.1.10 Activity - Identify the Malware Type
145(1)
6.2.1.11 Lab - Anatomy of Malware
145(1)
6.2.2 Common Network Attacks
145(7)
6.2.2.1 Types of Network Attacks
145(1)
6.2.2.2 Reconnaissance Attacks
145(1)
6.2.2.3 Sample Reconnaissance Attacks
146(1)
6.2.2.4 Access Attacks
146(1)
6.2.2.5 Types of Access Attacks
147(1)
6.2.2.6 Social Engineering Attacks
147(1)
6.2.2.7 Phishing Social Engineering Attacks
148(1)
6.2.2.8 Strengthening the Weakest Link
149(1)
6.2.2.9 Lab - Social Engineering
149(1)
6.2.2.10 Denial of Service Attacks
149(1)
6.2.2.11 DDoS Attacks
149(1)
6.2.2.12 Example DDoS Attack
150(1)
6.2.2.13 Buffer Overflow Attack
150(1)
6.2.2.14 Evasion Methods
151(1)
6.2.2.15 Activity - Identify the Types of Network Attack
151(1)
6.2.2.16 Activity - Components of a DDoS Attack
151(1)
6.3 Summary
152(2)
6.3.1 Conclusion
152(3)
6.3.1.1
Chapter 6: Principles of Network Security
152(2)
Quiz
154(1)
Exam
154(1)
Your
Chapter Notes
154(1)
Chapter 7 Network Attacks: A Deeper Look 155(24)
7.0 Introduction
155(1)
7.0.1 Welcome
155(1)
7.0.1.1
Chapter 7: Network Attacks: A Deeper Look
155(1)
7.0.1.2 Class Activity - What's Going On?
155(1)
7.1 Attackers and Their Tools
155(5)
7.1.1 Who is Attacking Our Network?
155(2)
7.1.1.1 Network Security Topology
155(1)
7.1.1.2 Monitoring the Network
156(1)
7.1.1.3 Network Taps
156(1)
7.1.1.4 Traffic Mirroring and SPAN
156(1)
7.1.2 Introduction to Network Monitoring Tools
157(3)
7.1.2.1 Network Security Monitoring Tools
157(1)
7.1.2.2 Network Protocol Analyzers
157(1)
7.1.2.3 NetFlow
158(1)
7.1.2.4 SIEM
159(1)
7.1.2.5 SIEM Systems
159(1)
7.1.2.6 Activity - Identify the Network Monitoring Tool
159(1)
7.1.2.7 Packet Tracer - Logging Network Activity
159(1)
7.2 Attacking the Foundation
160(7)
7.2.1 IP Vulnerabilities and Threats
160(5)
7.2.1.1 IPv4 and IPv6
160(1)
7.2.1.2 The IPv4 Packet Header
160(1)
7.2.1.3 The IPv6 Packet Header
161(1)
7.2.1.4 IP Vulnerabilities
161(1)
7.2.1.5 ICMP Attacks
162(1)
7.2.1.6 DoS Attacks
163(1)
7.2.1.7 Amplification and Reflection Attacks
163(1)
7.2.1.8 DDoS Attacks
163(1)
7.2.1.9 Address Spoofing Attacks
164(1)
7.2.1.10 Activity - Identify the IP Vulnerability
164(1)
7.2.1.11 Lab - Observing a DDoS Attack
164(1)
7.2.2 TCP and UDP Vulnerabilities
165(2)
7.2.2.1 TCP
165(1)
7.2.2.2 TCP Attacks
165(1)
7.2.2.3 UDP and UDP Attacks
166(1)
7.2.2.4 Lab - Observing TCP Anomalies
166(1)
7.3 Attacking What We Do
167(9)
7.3.1 IP Services
167(3)
7.3.1.1 ARP Vulnerabilities
167(1)
7.3.1.2 ARP Cache Poisoning
167(1)
7.3.1.3 DNS Attacks
168(1)
7.3.1.4 DNS Tunneling
169(1)
7.3.1.5 DHCP
169(1)
7.3.1.6 Lab - Exploring DNS Traffic
170(1)
7.3.2 Enterprise Services
170(6)
7.3.2.1 HTTP and HTTPS
170(3)
7.3.2.2 Email
173(1)
7.3.2.3 Web-Exposed Databases
174(2)
7.3.2.4 Lab - Attacking a MySQL Database
176(1)
7.3.2.5 Lab - Reading Server Logs
176(1)
7.3.2.6 Lab - Reading Server Logs
176(1)
7.4 Summary
176(2)
7.4.1 Conclusion
176(3)
7.4.1.1
Chapter 7: Network Attack: A Deeper Look
176(2)
Quiz
178(1)
Exam
178(1)
Your
Chapter Notes
178(1)
Chapter 8 Protecting the Network 179(14)
8.0 Introduction
179(1)
8.0.1 Welcome
179(1)
8.0.1.1
Chapter 8: Protecting the Network
179(1)
8.1 Understanding Defense
179(5)
8.1.1 Defense-in-Depth
179(3)
8.1.1.1 Assets, Vulnerabilities, Threats
179(1)
8.1.1.2 Identify Assets
179(1)
8.1.1.3 Identify Vulnerabilities
180(1)
8.1.1.4 Identify Threats
181(1)
8.1.1.5 Security Onion and Security Artichoke Approaches
181(1)
8.1.2 Security Policies
182(2)
8.1.2.1 Business Policies
182(1)
8.1.2.2 Security Policy
182(1)
8.1.2.3 BYOD Policies
183(1)
8.1.2.4 Regulatory and Standard Compliance
184(1)
8.2 Access Control
184(3)
8.2.1 Access Control Concepts
184(1)
8.2.1.1 Communications Security: CIA
184(1)
8.2.1.2 Access Control Models
185(1)
8.2.1.3 Activity - Identify the Access Control Model
185(1)
8.2.2 AAA Usage and Operation
185(2)
8.2.2.1 AAA Operation
185(1)
8.2.2.2 AAA Authentication
186(1)
8.2.2.3 AAA Accounting Logs
187(1)
8.2.2.4 Activity - Identify the Characteristic of AAA
187(1)
8.3 Threat Intelligence
187(3)
8.3.1 Information Sources
187(1)
8.3.1.1 Network Intelligence Communities
187(1)
8.3.1.2 Cisco Cybersecurity Reports
188(1)
8.3.1.3 Security Blogs and Podcasts
188(1)
8.3.2 Threat Intelligence Services
188(2)
8.3.2.1 Cisco Talos
188(1)
8.3.2.2 FireEye
189(1)
8.3.2.3 Automated Indicator Sharing
189(1)
8.3.2.4 Common Vulnerabilities and Exposures Database
189(1)
8.3.2.5 Threat Intelligence Communication Standards
189(1)
8.3.2.6 Activity - Identify the Threat Intelligence Information Source
190(1)
8.4 Summary
190(1)
8.4.1 Conclusion
190(3)
8.4.1.1
Chapter 8: Protecting the Network
190(1)
Quiz
191(1)
Exam
191(1)
Your
Chapter Notes
191(2)
Chapter 9 Cryptography and the Public Key Infrastructure 193(22)
9.0 Introduction
193(1)
9.0.1 Welcome
193(1)
9.0.1.1
Chapter 9: Cryptography and the Public Key Infrastructure
193(1)
9.0.1.2 Class Activity - Creating Codes
193(1)
9.1 Cryptography
193(11)
9.1.1 What is Cryptography?
193(4)
9.1.1.1 Securing Communications
193(1)
9.1.1.2 Cryptology
194(1)
9.1.1.3 Cryptography - Ciphers
195(1)
9.1.1.4 Cryptanalysis - Code Breaking
195(1)
9.1.1.5 Keys
196(1)
9.1.1.6 Lab - Encrypting and Decrypting Data Using OpenSSL
197(1)
9.1.1.7 Lab - Encrypting and Decrypting Data Using a Hacker Tool
197(1)
9.1.1.8 Lab - Examining Telnet and SSH in Wireshark
197(1)
9.1.2 Integrity and Authenticity
197(3)
9.1.2.1 Cryptographic Hash Functions
197(1)
9.1.2.2 Cryptographic Hash Operation
198(1)
9.1.2.3 MD5 and SHA
198(1)
9.1.2.4 Hash Message Authentication Code
199(1)
9.1.2.5 Lab - Hashing Things Out
200(1)
9.1.3 Confidentiality
200(4)
9.1.3.1 Encryption
200(1)
9.1.3.2 Symmetric Encryption
200(1)
9.1.3.3 Symmetric Encryption Algorithms
201(1)
9.1.3.4 Asymmetric Encryption Algorithms
202(1)
9.1.3.5 Asymmetric Encryption - Confidentiality
202(1)
9.1.3.6 Asymmetric Encryption - Authentication
203(1)
9.1.3.7 Asymmetric Encryption - Integrity
203(1)
9.1.3.8 Diffie-Hellman
204(1)
9.1.3.9 Activity - Classify the Encryption Algorithms
204(1)
9.2 Public Key Infrastructure
204(8)
9.2.1 Public Key Cryptography
204(2)
9.2.1.1 Using Digital Signatures
204(2)
9.2.1.2 Digital Signatures for Code Signing
206(1)
9.2.1.3 Digital Signatures for Digital Certificates
206(1)
9.2.1.4 Lab - Create a Linux Playground
206(1)
9.2.2 Authorities and the PKI Trust System
206(4)
9.2.2.1 Public Key Management
206(1)
9.2.2.2 The Public Key Infrastructure
207(1)
9.2.2.3 The PKI Authorities System
207(1)
9.2.2.4 The PKI Trust System
208(1)
9.2.2.5 Interoperability of Different PKI Vendors
208(1)
9.2.2.6 Certificate Enrollment, Authentication, and Revocation
209(1)
9.2.2.7 Lab - Certificate Authority Stores
209(1)
9.2.3 Applications and Impacts of Cryptography
210(2)
9.2.3.1 PKI Applications
210(1)
9.2.3.2 Encrypting Network Transactions
210(1)
9.2.3.3 Encryption and Security Monitoring
211(1)
9.3 Summary
212(2)
9.3.1 Conclusion
212(3)
9.3.1.1
Chapter 9: Cryptography and the Public Key Infrastructure
212(2)
Quiz
214(1)
Exam
214(1)
Your
Chapter Notes
214(1)
Chapter 10 Endpoint Security and Analysis 215(24)
10.0 Introduction
215(1)
10.0.1 Welcome
215(1)
10.0.1.1
Chapter 10: Endpoint Security and Analysis
215(1)
10.1 Endpoint Protection
215(7)
10.1.1 Antimalware Protection
215(3)
10.1.1.1 Endpoint Threats
215(1)
10.1.1.2 Endpoint Security
216(1)
10.1.1.3 Host-Based Malware Protection
216(1)
10.1.1.4 Network-Based Malware Protection
217(1)
10.1.1.5 Cisco Advanced Malware Protection (AMP)
218(1)
10.1.1.6 Activity - Identify Antimalware Terms and Concepts
218(1)
10.1.2 Host-Based Intrusion Protection
218(3)
10.1.2.1 Host-Based Firewalls
218(1)
10.1.2.2 Host-Based Intrusion Detection
219(1)
10.1.2.3 HIDS Operation
220(1)
10.1.2.4 HIDS Products
220(1)
10.1.2.5 Activity - Identify the Host-Based Intrusion Protection Terminology
220(1)
10.1.3 Application Security
221(1)
10.1.3.1 Attack Surface
221(1)
10.1.3.2 Application Blacklisting and Whitelisting
221(1)
10.1.3.3 System-Based Sandboxing
222(1)
10.1.3.4 Video Demonstration - Using a Sandbox to Launch Malware
222(1)
10.2 Endpoint Vulnerability Assessment
222(13)
10.2.1 Network and Server Profiling
222(3)
10.2.1.1 Network Profiling
222(1)
10.2.1.2 Server Profiling
223(1)
10.2.1.3 Network Anomaly Detection
223(1)
10.2.1.4 Network Vulnerability Testing
224(1)
10.2.1.5 Activity - Identify the Elements of Network Profiling
225(1)
10.2.2 Common Vulnerability Scoring System (CVSS)
225(3)
10.2.2.1 CVSS Overview
225(1)
10.2.2.2 CVSS Metric Groups
225(1)
10.2.2.3 CVSS Base Metric Group
226(1)
10.2.2.4 The CVSS Process
226(1)
10.2.2.5 CVSS Reports
227(1)
10.2.2.6 Other Vulnerability Information Sources
227(1)
10.2.2.7 Activity - Identify CVSS Metrics
228(1)
10.2.3 Compliance Frameworks
228(2)
10.2.3.1 Compliance Regulations
228(1)
10.2.3.2 Overview of Regulatory Standards
228(1)
10.2.3.3 Activity - Identify Regulatory Standards
229(1)
10.2.4 Secure Device Management
230(4)
10.2.4.1 Risk Management
230(1)
10.2.4.2 Activity - Identify the Risk Response
231(1)
10.2.4.3 Vulnerability Management
231(1)
10.2.4.4 Asset Management
231(1)
10.2.4.5 Mobile Device Management
232(1)
10.2.4.6 Configuration Management
232(1)
10.2.4.7 Enterprise Patch Management
233(1)
10.2.4.8 Patch Management Techniques
233(1)
10.2.4.9 Activity - Identify Device Management Activities
234(1)
10.2.5 Information Security Management Systems
234(1)
10.2.5.1 Security Management Systems
234(1)
10.2.5.2 ISO-27001
234(1)
10.2.5.3 NIST Cybersecurity Framework
234(1)
10.2.5.4 Activity - Identify the ISO 27001 Activity Cycle
235(1)
10.2.5.5 Activity - Identify the Stages in the NIST Cybersecurity Framework
235(1)
10.3 Summary
235(3)
10.3.1 Conclusion
235(4)
10.3.1.1
Chapter 10: Endpoint Security and Analysis
235(3)
Quiz
238(1)
Exam
238(1)
Your
Chapter Notes
238(1)
Chapter 11 Security Monitoring 239(18)
11.0 Introduction
239(1)
11.0.1 Welcome
239(1)
11.0.1.1
Chapter 11: Security Monitoring
239(1)
11.1 Technologies and Protocols
239(5)
11.1.1 Monitoring Common Protocols
239(3)
11.1.1.1 Syslog and NTP
239(1)
11.1.1.2 NTP
240(1)
11.1.1.3 DNS
240(1)
11.1.1.4 HTTP and HTTPS
241(1)
11.1.1.5 Email Protocols
241(1)
11.1.1.6 ICMP
242(1)
11.1.1.7 Activity - Identify the Monitored Protocol
242(1)
11.1.2 Security Technologies
242(2)
11.1.2.1 ACLs
242(1)
11.1.2.2 NAT and PAT
242(1)
11.1.2.3 Encryption, Encapsulation, and Tunneling
243(1)
11.1.2.4 Peer-to-Peer Networking and Tor
243(1)
11.1.2.5 Load Balancing
244(1)
11.1.2.6 Activity - Identify the Impact of the Technology on Security and Monitoring
244(1)
11.2 Log Files
244(10)
11.2.1 Types of Security Data
244(2)
11.2.1.1 Alert Data
244(1)
11.2.1.2 Session and Transaction Data
245(1)
11.2.1.3 Full Packet Captures
245(1)
11.2.1.4 Statistical Data
246(1)
11.2.1.5 Activity - Identify Types of Network Monitoring Data
246(1)
11.2.2 End Device Logs
246(4)
11.2.2.1 Host Logs
246(1)
11.2.2.2 Syslog
247(1)
11.2.2.3 Server Logs
248(1)
11.2.2.4 Apache Webserver Access Logs
248(1)
11.2.2.5 IIS Access Logs
249(1)
11.2.2.6 SIEM and Log Collection
249(1)
11.2.2.7 Activity - Identify Information in Logged Events
250(1)
11.2.3 Network Logs
250(4)
11.2.3.1 Tcpdump
250(1)
11.2.3.2 NetFlow
250(1)
11.2.3.3 Application Visibility and Control
251(1)
11.2.3.4 Content Filter Logs
251(1)
11.2.3.5 Logging from Cisco Devices
252(1)
11.2.3.6 Proxy Logs
252(1)
11.2.3.7 NextGen IPS
253(1)
11.2.3.8 Activity - Identify the Security Technology from the Data Description
254(1)
11.2.3.9 Activity - Identify the NextGen IPS Event Type
254(1)
11.2.3.10 Packet Tracer - Explore a NetFlow Implementation
254(1)
11.2.3.11 Packet Tracer - Logging from Multiple Sources
254(1)
11.3 Summary
254(2)
11.3.1 Conclusion
254(3)
11.3.1.1 Lab - Setup a Multi-VM Environment
254(1)
11.3.1.2
Chapter 11: Security Monitoring
254(2)
Quiz
256(1)
Exam
256(1)
Your
Chapter Notes
256(1)
Chapter 12 Intrusion Data Analysis 257(20)
12.0 Introduction
257(1)
12.0.1 Welcome
257(1)
12.0.1.1
Chapter 12: Intrusion Data Analysis
257(1)
12.1 Evaluating Alerts
257(7)
12.1.1 Sources of Alerts
257(5)
12.1.1.1 Security Onion
257(1)
12.1.1.2 Detection Tools for Collecting Alert Data
257(1)
12.1.1.3 Analysis Tools
258(1)
12.1.1.4 Alert Generation
259(1)
12.1.1.5 Rules and Alerts
260(1)
12.1.1.6 Snort Rule Structure
260(1)
12.1.1.7 Lab - Snort and Firewall Rules
261(1)
12.1.2 Overview of Alert Evaluation
262(2)
12.1.2.1 The Need for Alert Evaluation
262(1)
12.1.2.2 Evaluating Alerts
262(1)
12.1.2.3 Deterministic Analysis and Probabilistic Analysis
263(1)
12.1.2.4 Activity - Identify Deterministic and Probabilistic Scenarios
264(1)
12.1.2.5 Activity - Identify the Alert Classification
264(1)
12.2 Working with Network Security Data
264(7)
12.2.1 A Common Data Platform
264(2)
12.2.1.1 ELSA
264(1)
12.2.1.2 Data Reduction
264(1)
12.2.1.3 Data Normalization
265(1)
12.2.1.4 Data Archiving
265(1)
12.2.1.5 Lab - Convert Data into a Universal Format
266(1)
12.2.1.6 Investigating Process or API Calls
266(1)
12.2.2 Investigating Network Data
266(4)
12.2.2.1 Working in Sguil
266(1)
12.2.2.2 Sguil Queries
267(1)
12.2.2.3 Pivoting from Sguil
267(1)
12.2.2.4 Event Handling in Sguil
268(1)
12.2.2.5 Working in ELSA
268(1)
12.2.2.6 Queries in ELSA
269(1)
12.2.2.7 Investigating Process or API Calls
269(1)
12.2.2.8 Investigating File Details
270(1)
12.2.2.9 Lab - Regular Expression Tutorial
270(1)
12.2.2.10 Lab - Extract an Executable from a PCAP
270(1)
12.2.3 Enhancing the Work of the Cybersecurity Analyst
270(1)
12.2.3.1 Dashboards and Visualizations
270(1)
12.2.3.2 Workflow Management
271(1)
12.3 Digital Forensics
271(4)
12.3.1 Evidence Handling and Attack Attribution
271(4)
12.3.1.1 Digital Forensics
271(1)
12.3.1.2 The Digital Forensics Process
272(1)
12.3.1.3 Types of Evidence
272(1)
12.3.1.4 Evidence Collection Order
273(1)
12.3.1.5 Chain of Custody
273(1)
12.3.1.6 Data Integrity and Preservation
274(1)
12.3.1.7 Attack Attribution
274(1)
12.3.1.8 Activity - Identify the Type of Evidence
275(1)
12.3.1.9 Activity - Identify the Forensic Technique Terminology
275(1)
12.4 Summary
275(1)
12.4.1 Conclusion
275(2)
12.4.1.1 Lab - Interpret HTTP and DNS Data to Isolate Threat Actor
275(1)
12.4.1.2 Lab - Isolate Compromised Host using 5-Tuple
275(1)
12.4.1.3
Chapter 12: Intrusion Data Analysis
275(1)
Quiz
276(1)
Exam
276(1)
Your
Chapter Notes
276(1)
Chapter 13 Incident Response and Handling 277(22)
13.0 Introduction
277(1)
13.0.1 Welcome
277(1)
13.0.1.1
Chapter 13: Incident Response and Handling
277(1)
13.1 Incident Response Models
277(8)
13.1.1 The Cyber Kill Chain
277(3)
13.1.1.1 Steps of the Cyber Kill Chain
277(1)
13.1.1.2 Reconnaissance
278(1)
13.1.1.3 Weaponization
278(1)
13.1.1.4 Delivery
278(1)
13.1.1.5 Exploitation
279(1)
13.1.1.6 Installation
279(1)
13.1.1.7 Command and Control
279(1)
13.1.1.8 Actions on Objectives
279(1)
13.1.1.9 Activity - Identify the Kill Chain Step
279(1)
13.1.2 The Diamond Model of Intrusion
280(2)
13.1.2.1 Diamond Model Overview
280(1)
13.1.2.2 Pivoting Across the Diamond Model
280(1)
13.1.2.3 The Diamond Model and the Cyber Kill Chain
281(1)
13.1.2.4 Activity - Identify the Diamond Model Features
282(1)
13.1.3 The VERIS Schema
282(3)
13.1.3.1 What is the VERIS Schema?
282(1)
13.1.3.2 Create a VERIS Record
282(1)
13.1.3.3 Top-Level and Second-Level Elements
283(2)
13.1.3.4 The VERIS Community Database
285(1)
13.1.3.5 Activity - Apply the VERIS Schema to an Incident
285(1)
13.2 Incident Handling
285(11)
13.2.1 CSIRTs
285(2)
13.2.1.1 CSIRT Overview
285(1)
13.2.1.2 Types of CSIRTs
286(1)
13.2.1.3 CERT
286(1)
13.2.1.4 Activity - Match the CSIRT with the CSIRT Goal
287(1)
13.2.2 NIST 800-61r2
287(9)
13.2.2.1 Establishing an Incident Response Capability
287(1)
13.2.2.2 Incident Response Stakeholders
288(1)
13.2.2.3 NIST Incident Response Life Cycle
288(1)
13.2.2.4 Preparation
289(1)
13.2.2.5 Detection and Analysis
290(1)
13.2.2.6 Containment, Eradication, and Recovery
291(2)
13.2.2.7 Post-Incident Activities
293(1)
13.2.2.8 Incident Data Collection and Retention
294(1)
13.2.2.9 Reporting Requirements and Information Sharing
295(1)
13.2.2.10 Activity - Identify the Incident Response Plan Elements
296(1)
13.2.2.11 Activity - Identify the Incident Handling Term
296(1)
13.2.2.12 Activity - Identify the Incident Handling Step
296(1)
13.2.2.13 Lab - Incident Handling
296(1)
13.3 Summary
296(2)
13.3.1 Conclusion
296(2)
13.3.1.1
Chapter 13: Incident Response and Handling
296(2)
Quiz
298(1)
Exam
298(1)
Your
Chapter Notes
298(1)
Index 299
Cisco Networking Academy is an innovative Cisco education initiative that delivers information and communication technology skills to improve career and economic opportunities around the world. The Academy provides online courses, interactive tools, and lab activities to prepare individuals for information technology and networking careers in virtually every industry.