Advanced Network/Security Analysis

Register for Course Request Information

A path-way into Network and Security Analysis

This course is designed for Networking, and Security that need to further enhance their Network Analysis skills through study of Advanced Network Analysis using Wireshark and other Open-Source Network / Security Analysis tools. Successful completion of this course will provide these individuals with a path-way into the field of both Network and Security Analysis.

It is recommended that attendees to this course complete the previous course: Wireshark – Troubleshooting TCP / IP Networks or have significant experience knowledge of Network Analysis using Wireshark. Attendees will be required to bring their own laptop. Information for downloading the required software will be provided at time of enrollment.

Course Description:
Network and Security Analysis encompasses the skills of not only capturing data, but also the ability to discern unusual patterns hidden within seemingly normal network traffic. This course will provide the student with a set of investigate and analysis techniques focusing on the use of vendor-neutral, Open-Source Tools such as Wireshark to provide insight into the following areas:

  • Advanced Network and Security Analysis methodologies
  • Network performance analysis and Security threat recognition for a variety of network performance issues, network attack and exploit scenarios including network reconnaissance techniques, Bot-Net threat recognition  as well as common user protocol issues including IP related Protocols (IP(v4/v6) / DHCP (v4/v6), TCP/SCTP, DNS/DNSsec, ICMP(v4 /v6), Email Protocols (POP / SMTP / IMAP) and other, common Internet based User Protocols (HTTP, VoIP, IRC, IM)
  • Open-Source Network Analysis Tools
  • Specialized Network Security Analysis techniques including suspicious data traffic reconstruction and viewing techniques.
  • Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical Network and Security Analysis skills. Attendees will receive a training binder including numerous reference Wireshark trace files and a DVD with networking and Security tools, as well as a library of Network Security Analysis reference documents.

Course Objectives:
As a result of successful completion of this workshop, participants will be able to:

  • Understand the principles of Network and Security Analysis and how to apply them
  • Select and configure various Open-Source tools for Network Security Analysis to capture and recognize traffic patterns associated with suspicious network behavior
  • Reconstruct User activities such as Emails, file transfer or Web-Browsing for detailed analysis
  • Understand and recognize potential performance and network security infrastructure mis-configurations
  • Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical Network and Security Analysis skills. Attendees will receive a training binder including numerous reference capture trace files and a DVD with networking and Security tools, as well as a library of Network and Security Analysis reference documents.

1. Introduction to Advanced Network Analysis

  • Logistics
  • Network analysis challenges – Data Collection
  • The new protocols – how have the traditional protocol suites changed?
    • Before and After IPV6

2. Collecting the Data – Data Capture

  • Data Collection
    • Location – How Network Infrastructure Devices Affect Network Analysis
      • Hubs, Switches, Bridges, Routers, Firewalls and CSU / DSU
  • Stealth / Silent Collection of Data – Tips & Techniques
  • WiFi Device Analysis

3. Network Analysis Methodology

  • Analyzing the 3 Different Network Communication Architectures
  • Analyzing Conversations and Activities
    • Using Expert Systems to Determine Unusual Activity
      • Determining Which Conversations Are Suspect – Analyzing Latency and Throughput to identify suspicious behavior
  • A Sample Network Analysis Methodology
    • 6 Steps for Advanced Network Analysis
  • Diagraming Conversations

4. Advanced Analysis of Network Applications and User Traffic

  • The Networking Protocols
    • What’s Normal vs. Abnormal – The Role of Baseline Files
    • Building a Baseline Library – Where Do I go to Find Samples?
  • Before and after IPv6 – New Protocols and New Functions
    • Configuration Protocols – DHCP / DHCPv6
      • Structure and Analysis of DHCP  vs. DHCPv6
  • Resolving Addresses – DNS  / DNSsec
    • Structure and Analysis of DNS / DNSsec
  • Networking Protocols – IPv4 / IPv6
    • Structure and Analysis of IPv4  vs. IPv6
    • IP Options – What’s the Big Deal?
  • Utility Protocols – Internet Control Message Protocol (ICMPv4 / ICMPv6)
    • Structure and Analysis of ICMPv4 vs. ICMPv6
    • Network Analysis Using the ICMP Analysis – Types and Codes
  • Moving the Data – TCP / SCTP
    • Structure and Advanced Analysis of TCP
    • TCP Options – What’s the Big Deal?
    • Advanced TCP Analysis Using Expert Systems
      • Correcting Data Transmission Problems – Retransmissions – Fast vs. Regular
      • Detecting Problems – Duplicate Acknowledgements
      • Flow Control and TCP Windows Scaling
      • TCP is Broken? – Stream Control Transmission Protocols (SCTP)
  • Network Analysis of User Traffic and Common User Protocols
    • Email Applications Using POP / SMTP / IMAP
      • Structure and Analysis of the Email Cloud
      • Web-Based Applications Using HTTP
        • Structure and Analysis of HTTP / HTTPS
          • Unscrambling SSL
          • Response Codes – The answer to analyzing HTTP
          • Reassembling and Exporting of Objects
      • Voice over IP (VoIP) VoIP Applications
        • Structure and Analysis of the VoIP Protocols
        • Signaling – SIP / MGCP / H.323 / SCCP / Unistem
        • Analyzing VoIP Data – the Codecs
      • Instant Messenger (IM) Applications
        • Structure and analysis of IM Protocols

5. I’ve Been Hacked?  – Network Security Analysis

  • Overview and history of Network Security Analysis
    • Answering the key incident questions
    • A Sample Network Security Analysis Methodology
  • Security Analysis of an Intrusion
    • Scouting out the Target – Network Reconnaissance and Scanning Tools
      • Recognizing Scanning Signatures – NMAP / Retina / Nessus, etc..
      • Using Wireshark to Build ACL Rules
  • Common IP Exploits and Examples of Intrusion Signatures
    • IPv6 Tunnel Attacks – What’s the Big Deal?
  • Common TCP Exploits and Examples of Intrusion Signatures
  • Recognizing and Analyzing Suspicious ICMP Traffic Analysis
  • Where do I go from Here?

Format: 5 days Classroom Instruction
Start/End Times: 09:00-17:00
Recommended Class Size:  6-16
Language: English

Register for Course Request Information

SCOS -Wireshark University
Keep Calm - Be Aware: Packets Never Lie
SCOS.Training