Cyber Infrastructure & Technology
This course provides students with the knowledge & practical training needed to design & maintain secure infrastructures. Students will also learn to implement various security countermeasures and build their knowledge base in anticipation of taking the CompTIA Security+ certification exam.
The course provides an in-depth examination of the different methods of defensive infrastructure. The curriculum focuses on how to design a secure architecture and will familiarize students with various security measures that can be used to harden networks, devices, and cloud infrastructure. Students will also learn how to work with Security Information & Event Management (SIEM) solutions, with an emphasis on Splunk, a popular open-source solution currently available on the market.
Description
Prerequisites:
-Understand security measures
-Understand and access common OS logs
-Harden enterprise services using security solutions
-Install, manage, and configure SIEM solutions.
Module-1:
Endpoint Security Measures
-Network & Endpoint Security Introduction
-Problems and Risks
-Endpoint Security Components
-Endpoint Detection & Response
-Yara Rules & Signatures
-Whitelist Databases
Module-2:
Honeypots
-Introduction to Honeypots
-Honeypot Strategy
-Honeytokens
-Honeypot Products
-Valhala Honeypot
-Evasion
Module-3:
Data Loss Prevention
-Sensitive Data
-Data Leak Channels
-Regular Expressions
-DLP Introduction
-OpenDLP
-Risk
-DLP Bypass Techniques
Module-4:
Mail Security
-DNS Intro
-Mail Protocols
-DNS Mail Protection
-Mail Headers
-Mail Relay Introduction
-Mail relay Concepts
-Mail Relay Features
Module-5:
SIEM Introduction
-Security Measures
-Introduction to SIEM
-SIEM Installation
-Log Collection & Types
Module-6:
Advanced SIEM
-Log Queries
-Log Parsing
-Operators
-Advanced Queries
Module-7:
SIEM & SOAR
-Alerts
-Trends and Dashboards
-SOAR Introduction
-SOAR Capabilities
-Automation