Preferred method of contact:

Systems Security Professional Essentials Labs

COURSE TYPE

Hands-On

Course Number

E003

PDF Add to WishList

Learn the security techniques used by the Internet’s most skilled professionals. CYBRScore Systems Security Essentials, which includes 32 hands-on labs, will prepare you with the essential principles of risk management, network security, identity and access management, security operations and more.

This Lab Bundle is designed to align to (ISC)2 Certified Information Systems Security Professional certification — Course 2058, CISSP Training and Certification Exam Preparation.

You Will Learn How To:

  • Practice the objectives presented in the (ISC)2 Certified Information Systems Security Professional certification
  • Understand the principles of risk management, network security, identity and access management, security operations and more
  • Identify whether high-risk systems were affected in an attack
  • Analyze, update, and perform a gap analysis on a sample BCP/BIA/DRP/CIRP

Important Course Information

What course does this lab bundle align to?

What is a CYBRScore Lab Bundle?

  • CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience. This bundles features a selection cybersecurity labs that align to the training objectives of the course listed above.
  • CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience.

How long will each lab take to complete?

  • Each lab consists of multiple tasks that take anywhere from 30 minutes to 2 hours to complete.

Are there any system requirements?

  • All you need is an HTML5 compatible browser, such as Google Chrome, Mozilla Firefox, or Microsoft Edge.

How long do I have access to the labs for?

  • CYBRScore Labs are available use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.

How do I access my purchased labs?

  • Once your purchase is complete, Learning Tree will contact you with the URL and login credentials you will use to access your lab bundle.

Course Outline

  • Analyze and Update a Company BCP/BIA/DRP/CIRP

Students will become familiar with the Business Continuity Plan (BCP), Business Impact Assessment (BIA), Disaster Recovery Plan (DRP) and Computer Incident Response Plan (CIRP). Each of these documents are used to address different, but related, aspects of continuing or recovering business functionality during/after an incident. During the course of the lab, students will perform a gap analysis using the provided BCP, BIAs and DRP, and make the necessary fixes to the DRP.

  • Analyze SQL Injection Attack

Students will Identify the use of an SQL Injection through the use of Wireshark. The students will also isolate the different aspects of the SQL Injection and execute the selected code.

  • Analyze Structured Exception Handler Buffer Overflow Exploit

Students will identify the use of a Buffer Overflow exploit through the use of Wireshark and by analyzing items found in the captured traffic. The students will also find the exploit code and isolate the different aspects of a Buffer Overflow exploit.

  • Applying Filters to TCPDump and Wireshark

This lab exercise is designed to allow the trainee to become familiar with applying a capture filter to TCPDump and Wireshark using Berkley Packet Filter (BPF) syntax.

  • Baseline Systems in Accordance with Policy Documentation

Students are provided a whitelist of applications allowed for installation on a system. Students will compare the list against multiple hosts and remove the installed applications which are not on the list.

  • Creating a Baseline Using the Windows Forensic Toolchest (WFT)

Students will run Windows Forensic Toolchest against an existing system to create a baseline that will be used for future analysis.

  • Creating a List of Installed Programs, Services and User Accounts from a WIN2K12 Server

Students will create a list of installed programs, services, and accounts in a Windows 2012 server environment using various tools and methods.

  • Creating a Secondary Baseline and Conducting Comparison

Students will create a second baseline using the Window Forensic Toolchest (WFT) and compare it against a previously created baseline using KDiff3.

  • Creation of Standard Operating Procedures for Recovery

Students will have access to the results of a vulnerability scan run again a sample Windows 2008 Server. They will perform any necessary remediations to the server by applying a variety of patches, systems/firewall tweaks in order to further harden it. Next, they will run a follow-up scan to ensure that the previously discovered weaknesses have been mitigated down to a reasonable level of risk. After the verification scan has been completed, they will then author a Standard Operating Procedure to help others walk through the same mitigation process they went through - enabling others to perform the same actions on other Windows 2008 servers.

  • Data Backup and Recovery

In this lab we will simulate the recovery phase where we must perform a backup in a server environment.

  • Firewall Setup and Configuration

In this lab you will perform the steps necessary to set up a pfSense firewall from the basic command line interface and then configure the firewall using the web configuration GUI on a Windows machine. This lab will provide an understanding how network interfaces are configured to allow network connectivity. You will also view and create a firewall rule which enforces your understanding of how network traffic can be managed at different levels – (IP-based, Protocol-based, Machine-based, etc).

  • Identify Access to a LINUX Firewall Through SYSLOG Service

Students will identify access to a PFSENSE firewall through the forwarding of SYSLOG (System logs) from a Firewall to the SYSLOG service we have configured and set up on the Network. Students will then identify malicious activity through system logs.

  • Identify Whether High-Risk Systems Were Affected

The highest risk systems are the ones with Internet facing Applications. One an attacker from the Internet is able to compromise the internal network, then it is very likely they will attempt to move to other machines on the network. The machines in the Demilitarized Zone (DMZ) are at high risk because they are not usually as protected as the computers which are part of the Internal Network.

  • Identifying System Vulnerabilities with OpenVAS

Students will scan a system in OpenVAS (Open Vulnerability Assessment) to discover and identify systems on the network that have vulnerabilities.

  • IDS Setup

Network and host based Intrusion Detection Systems (IDS) analyze traffic and provide log and alert data for detected events and activity. Security Onion provides multiple IDS options including Host IDS and Network IDS. In this lab you will setup Security Onion to function as a network based IDS and Snorby, the GUI web interface for Snort.

  • Implementing Least-Privilege on Windows

Least-privilege is an important concept across many domains (e.g., Windows server/workstation management, networking, Linux management, etc.) and requires great discipline to implement properly. This lab walks students through implementing least privilege in both an Active Directory setup and a normal Windows-based workstation.

  • Linux Users and Groups

In this lab students will use command line tools to create, modify, and manage users and groups within the Linux operating environment.

  • Log Correlation & Analysis to Identify Potential IOC

When defending networked digital systems, attention must be paid to the logging mechanisms set in place to detect suspicious behavior. In this lab, students will work with Splunk to help correlate server logs, system logs, and application logs in order to determine if an attacker was successful, and if so what happened and how they got in.

  • Manual Vulnerability Assessments

Students will learn how to conduct manual scanning against systems using command line tools such as Netcat then they will login to a discovered system and enable object access verify that auditing to the object is enabled.

  • Manually Analyze Malicious PDF Documents

Several company employees have received unsolicited emails with suspicious pdf attachments. The CIO has asked you to look at the attachments and see if they are malicious.

  • Manually Analyze Malicious PDF Documents 2

Several company employees have received unsolicited emails with suspicious pdf attachments. The CIO has asked you to look at the attachments and see if they are malicious.

  • Microsoft Baseline Security Analyzer

In this lab you will use Microsoft Baseline Security Analyzer (MBSA) to perform scans of individual host computers and of groups of computers. You will also learn how to perform the most common scans using command line tools. Once completed, you will have learned how to use MBSA to perform a comprehensive security analysis of your network environment.

  • Monitoring and Verifying Management Systems

Students will analyze a MBSA Baseline report and compare it to current system configurations. Students will then make necessary system changes to machines and validate baseline using MBSA. Students will finally compare hash values to determine if any changes have been made to a system.

  • Monitoring Network Traffic for Potential IOA/IOC

In this lab we will replicate potentially malicious scans from the Internet against a corporate asset. Scans from the Internet are very common. An analyst should know how to identify this activity by artifacts that are present in the IDS as well as entries in the web logs.

  • Network Segmentation (FW/DMZ/WAN/LAN)

In this lab we will take the concept of zones and create three zones and route traffic accordingly. We will have the trusted zones ZONE - LAN which will be the internal Local Area Network. ZONE - DMZwhich will be the demilitarized zone. ZONE - WAN - which will be the Wide area network. We will set up a firewall (PFSENSE) to allow internal traffic from the LAN to the WAN. We will allow traffic WAN to DMZ and DMZ to WAN. Internal traffic WILL NOT BE ALLOWED TO ENTER THE DMZ UNLESS IT COMES through the WAN interface. This will prevent/deter hackers who if possibly compromised a DMZ asset will not be able to access the internal LAN segment. We'll also show trainees how a contractor would likely VPN into a retail network and how to appropriately restrict their access.

  • Parse Files Out of Network Traffic

This lab teach students how to extract various files from network traffic using Network Miner and Wireshark.

  • Patch Installation and Validation Testing

Students will identify if a vulnerability is present on two Windows systems and then move to remediate the vulnerability, if necessary.

  • Performing Incident Response in a Windows Environment

This next lab walks students through identifying a security incident, as well as handling and then responding to the incident.

  • Scanning and Mapping Networks

Students will use Zenmap to scan a network segment in order to create an updated network map and detail findings on the systems discovered. They will use the material they generated to help them discover if there have been any changes to the network after they compare it to a previously generated network map/scan.

  • Securing Linux for System Administrators

Linux environments are ubiquitous in many different sectors, and securing these environments is as important as securing Windows environments. This lab walks you through implementing least-privilege and strong security practices in a Linux environment. Specifically, you will walk through ways to secure your Linux box, look at and fix common areas of privilege issues/abuses, and get introduced to SELinux and how it helps when implementing least-privilege.

  • Use pfTop to Analyze Network Traffic

Students will use pfTop, a network traffic monitoring/statistics plugin used in pfSense, to analyze and monitor network traffic. They will walk through the steps of performing a detailed investigation to determine what type of traffic is occurring across the exercise network. Finally, with the use of visualization tools they will be able to further analyze network traffic statistics and learn how visuals can quickly aid in the incident response process.

  • Vulnerability Identification and Remediation

Learners will use Nmap and OpenVAS/Greenbone Vulnerability Scanner to confirm old vulnerable systems and to also discover new ones. They will perform a risk analysis of the findings and determine steps to be taken to mitigate the issues discovered. Finally, armed with a previously completed audit report as an example, they will fill out the necessary audit documentation to provide details on their findings and to add any suggested mitigations.

Show complete outline
Show Less

On Demand
Tuition — $190

Practice your skills in a virtual network environment. Learn by doing wherever you are on your own time at your own pace.

  • CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience.
  • CYBRScore Labs are available use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.
  • System Requirements: All you need is an HTML5 compatible browser, such as Google Chrome, Mozilla Firefox, or Microsoft Edge
  • Once your purchase is complete, Learning Tree will contact you with the URL and login credentials you will use to access your lab bundle.

Systems Security Professional Essentials Labs

Thank you for your interest in this event, but there are no available seats at this time. Please select another date. You may also contact a customer service representative or training advisor about your training needs, from single courses to large enterprise solutions.

You have used Passport or Voucher Number for this event. Please contact our Customer Service Representative or Training Advisor and they will work with your payment options.

Please select the quantity Please select the quantity
Please enter a valid Promo Code
{{vm.lineItem.$VoucherNumberValidationMessage}} Please enter a valid Passport or Voucher Number
Email address is required Please enter a valid Email
Remember, No Advance Payment Required
• You'll have the chance to pay by credit card at checkout or request an invoice, as always
• Vouchers are accepted as payment. Don't know your Voucher or Passport#? Please use the CHAT or call us at 1-888-843-8733 for assistance.

Added to cart

For enrolling multiple subscribers at the same time, contact us »

- ,

Prev
Next
Chat Now

Please Choose a Language

Canada - English

Canada - Français