Detecting and Mitigating Attacks Using Your Network Infrastructure
Cisco july 21-22 july 23-24
Ends February 1
Ends June 1
Ends July 20
Security engineering teams often focus on the security of networked workstations, servers, and applications, neglecting the network itself . Many networks also receive only rudimentary security controls that are often deployed inconsistently. These scenarios not only fail to completely protect the network from today's threats, but they also fail to fully utilize innate network capabilities and existing security controls to detect and mitigate attacks against the computing infrastructure of an organization.
During this course, students will learn leading network security practices from experts who developed these techniques and put them to practical use. The techniques covered in this course are not limited to those that are typically considered "security features"; this course will detail how to leverage network functionality (for example, routing protocols and Cisco IOS NetFlow) and security controls to provide a full range of attack identification and mitigation capabilities. This course is organized around a proven six-phase approach to incident response, which transitions from preparation through post mortem and includes extensive hands-on lab work. The course includes the following instructor-led labs:
- Hardening the base configuration of a router that is running Cisco IOS Software
- Advanced hardening of the Control and Management Planes of a router using Control Plane Protection, infrastructure access control lists, and Unicast Reverse Path Forwarding to defeat resource exhaustion attacks
- Identifying, classifying, and reacting to an ongoing attack using routers, firewalls, and Cisco IPS
- Diverting direct and indirect attacks using Remotely Triggered Black Hole filtering
What to bring
Laptop with Ethernet connectivity, working web browser, telnet client, CD-ROM drive, and the ability to view PDF files and edit text files.
John Stuppi, CCIE No. 11154, is a Sr. Security Engineer in the Security Research and Operations organization at Cisco where he helps customers leverage their Cisco infrastructure to overcome emerging security challenges. In this role, John is responsible for creating, testing, and communicating effective techniques using Cisco product capabilities to provide identification and mitigation solutions for Cisco customers facing current or expected security threats. John is also a CISSP and holds an Information Systems Security (INFOSEC) Professional Certification. In addition, John has a BSEE from Lehigh University and an MBA from Rutgers University.
Randy Ivener, CCIE No. 10722, is a Sr. Security Engineer with the Cisco Applied Intelligence team. He is a CISSP and ASQ CSQE. Randy has spent many years as a network security consultant helping companies understand and secure their networks. Before becoming immersed in information security, he spent time in software development and as a training instructor. Randy graduated from the U.S. Naval Academy and holds an MBA.
Joseph Karpenko currently works as a Sr. Security Engineer in the Security Intelligence Engineering organization at Cisco. Joseph is a 10-year veteran of technology with expertise in networking, security, data center, and the systems administration fields. Currently Joseph is responsible for developing security solutions that deter, detect, and prevent existing, current, and emerging threats and attacks. Joseph has also been a speaker at multiple conferences presenting on security topics. During his career, Joseph has worked with customers on the design and implementation of large-scale enterprise and data center network and security architectures. Prior to joining Cisco, Joseph worked as a system administrator and senior escalation engineer handling and troubleshooting complex security and network incidents.