Please note that this is not an asynchronous on-line track. Everyone is expected to log in every day all day according to the Winter Working Connections schedule. This is a synchronous track.

This on-line Working Connections event is intended solely for the person who registers. Link sharing is only permitted with the prior approval of the National Convergence Technology Center.

Registration for this track is now CLOSED, but you can be added to the “wait list” and be notified if and when space opens up. Simply make the “wait list” option your primary choice.

Description

Firewalls and antivirus are not enough to protect modern computer networks–abuses and attacks are common and cannot be completely prevented. Instead, networks are now monitored to detect security incidents, and security teams respond to them to limit the harm they cause. This class prepares students for jobs in monitoring and incident response, providing skills that are in high demand.

Hands-on projects will include basic configuration and use of Splunk, ELK, and Security Onion–popular network security monitoring solutions.

Prerequisite knowledge: Basic networking and security concepts at the Network+ and Security+ level.

Hardware requirements: Students need a host computer with VMware Player, Fusion, or Workstation installed, at least 30 GB of drive space, and an Internet connection fast enough to download 5 GB of data in a reasonable time.

Prerequisites
Basic networking and security concepts at the Network+ and Security+ level.

Hardware requirements
Students need a host computer with VMware Player, Fusion, or Workstation installed, at least 30 GB of drive space, and an Internet connection fast enough to download 5 GB of data in a reasonable time.

This class will live-streamed via Zoom. Attendees will be given log-in directions prior to the event.

To keep participants awake during lectures, there will also be Kahoot live contests to review terms and concepts.

Chapter quizzes are available in plaintext and Canvas exports for participants who want them. They will also be available online for those who wish to take them during the class.

Textbook
“The Practice of Network Security Monitoring: Understanding Incident Detection and Response” by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34. Buy from Amazon.
Please note that efforts are being made to get textbooks donated to attendees. We will keep you posted.

Instructor

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEFCON, HOPE, B-Sides SF, B-Sides LV, BayThreat, LayerOne, Toorcon, and many other schools and conferences.

He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign.

Industry Certification Exams & Prizes:
Infosec: CISSP, Certified Ethical Hacker, Security+, Defcon 21 CTP Co-Winner (Black Badge)
Microsoft: MCP, MCDST, MCTS: Vista
Networking: Network+, Certified Fiber Optic Technician, HE IPv6 Sage, CCENT, IPv6 Forum Silver & Gold, Juniper JN0-101, Wireshark WCNA

Click here for a list of presentations he's given.

Three Objectives
Upon successful completion of this course, the student will be able to:

• Explain the importance of network security monitoring and compare it to other types of defenses, such as firewalls
• Implement and configure Splunk, ELK, and Security Onion servers
• Efficiently search network traffic to detect abuses and attacks

Agenda

Monday
Network Security Monitoring Rationale
Collecting Network Traffic: Access, Storage, and Management
Standalone NSM Deployment and Installation
Projects 1-3

Tuesday
Collecting Network Traffic: Access, Storage, and Management
Standalone NSM Deployment and Installation
Projects 4-6

Wednesday
NSM Operations
Case Histories
Project 7

Resources

Instructor Links
https://samsclass.info/50//50_WinterWWC17.shtml

Please note that content is subject to change or modification based on the unique needs of the track participants in attendance.