Certified Network Defender Course overview
Certified Network Defender (CND) is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program. It is a skills-based, lab intensive program based on a job-task analysis and Cyber security education framework by the National Initiative of Cyber Security Education (NICE). The course has also been mapped to global job roles and to the Department of Defense (DoD) job roles for system/network administrators. The program prepares network administrators on network security technologies and operations to attain Defense-in-Depth network security preparedness. It covers the protect, detect and respond approach to network security. The course contains hands-on labs, based on major network security tools and techniques which will provide network administrators real world expertise on current network security technologies and operations. The study-kit provides over 10 GB of network security best practices, assessments and protection tools. The kit also contains templates for various network policies and white papers for additional learning.
Instructor Led Learning
Duration: 5 Days
Registration Open Now!
Video Learning
Duration: 5 Days
Registration Open Now!
What you will learn
- Lesson 1: Computer Network and Defense Fundamentals Response & Handling
- Lesson 2: Network Security Threats, Vulnerabilities, and Attacks
- Lesson 3: Network Security Controls, Protocols, and Devices
- Lesson 4: Network Security Policy Design and Implementation
- Lesson 5: Physical Security
- Lesson 6: Host Security
- Lesson 7: Secure Firewall Configuration and Management
- Lesson 8: Secure IDS Configuration and Management
- Lesson 9: Secure VPN Configuration and Management
- Lesson 10: Wireless Network Defense
- Lesson 11: Network Traffic Monitoring and Analysis
- Lesson 12: Network Risk and Vulnerability Management
- Lesson 13: Data Backup and Recovery
- Lesson 14: Network Incident Response and Management
Basic computer skills
CompTIA A+ (IT Technician)
CompTIA N+ (Network Administration)
CompTIA S+ (Security+)
FULL COURSE OUTLINE
Module 01: Computer Network and Defense Fundamentals
Module 02: Network Security Threats, Vulnerabilities, and Attacks
Module 03: Network Security Controls, Protocols, and Devices
Module 04: Network Security Policy Design and Implementation
Module 05: Physical Security
Module 06: Host Security
Module 07: Secure Firewall Configuration and Management
Module 08: Secure IDS Configuration and Management
Module 09: Secure VPN Configuration and Management
Module 10: Wireless Network Defense
Module 11: Network Traffic Monitoring and Analysis
Module 12: Network Risk and Vulnerability Management
Module 13: Data Backup and Recovery
Module 14: Network Incident Response and Management
CND v2 Learning Outcomes: Knowledge, Skills, and Abilities Checklist
What student will learn?
After attending the CND training, students will be able to:
- Plan, implement and administer network security management for an organization
- Knowledge of various security risks, threats, vulnerabilities
- Assist in obtaining and maintaining an organization’s compliance with required regulatory standards and frameworks
- Design and implement the network security policies and procedures
- Apply security principles, protocols, and controls that suites today’s Distributed and Mobile Computing World
- Apply strong Identity and Access Management (IAM), Network Segmentation, Encryption techniques to strengthen the organization network
- Manage and maintain Windows Security Administration
- Manage and maintain Linux Security Administration
- Manage and mitigate the security risk and challenges associated with Enterprises mobile device usage policies
- Manage and mitigate the security risk and challenges associated with IoT devices used in Enterprises
- Implement strong data security techniques secure an organization’s data
- Implement and manage the security of virtualization technologies Network Virtualization (NV), Software-Defined Network (SDN), Network Function Virtualization (NFV), OS Virtualization, Containers, Dockers, Kubernetes used in Modern-day networks
- Implement and manage cloud security on various cloud platforms such as on AWS, Azure, Google Cloud Platform, etc.
- Implement and manage wireless network security
- Perform risk assessment, vulnerability assessment/scanning through various scanning tools and generate detailed reports on it
- Identify the critical data, choose an appropriate backup method, media, and technique to perform a successful backup of organization data regularly
- Provide a first response to the network security incident and assist the IRT team and forensics investigation team dealing with an incident.
- Identify the Indicators of Compromise (IoCs) and Indicators of Attack (IoA) on networks
- Integrate threat intelligence capabilities to leverage/consume threat intelligence for proactive defense
- Conduct Attack Surface Analysis by identifying Indicators of Exposures (IoE)
- Assist in Business Continuity (BC) and Disaster Recovery (DR) planning
- Monitor network traffic and ensure the security of network traffic
- Perform log management
- Monitor network logs against any anomalies
- Manage Proxy and Content filtering
- Troubleshoot the network for various network problems
- Identify various threats to an organization’s network
- Harden security of various endpoints individually in the organization’s network
- Select appropriate firewall solution, topology, and configurations to harden security through firewall
- Determine an appropriate location for IDS/IPS sensors, tuning IDS for false positives and false negatives, and configurations to harden security through IDPS technologies
- Maintain the inventory of computers, servers, terminals, modems, and other access devices
- Provide security awareness guidance and training
- Add, remove, or update user account information
- Apply operating system updates, patches and make configuration changes
- Update system configurations to maintain an updated security posture using current patches, device and operating system hardening techniques, and Access Control Lists.
- Manage network Authentication, Authorization, Accounting (AAA) for network devices
- Review audit logs from Firewall, IDS/IPS, servers, and hosts on the internal, protected network
- Analyze, troubleshoot, and investigate security-related information systems’ anomalies based on security platform
- Maintain, configure, and analyze network and host-based security platforms
- Evaluate security products as well as security operations procedures and processes.
Knowledge (K) – Knowledge that students will gain after attending CNDv2
- Knowledge of cybersecurity-related terminologies (Threat, attacks, vulnerabilities, risks) and the relation between them
- Knowledge of various threat sources (Intentional, Unintentional, Natural, Internal, External, etc.)
- Knowledge of various types of threats actors/agents such as Hacktivist, Cyber Terrorists, Script Kiddies, Insider Threat, State-Sponsored Hackers, etc.
- Knowledge of Attacker’s Tools, Techniques, and Procedures (TTP)
- Knowledge of various Network level threats, attacks, and vulnerabilities (Sniffing, Man-in-the-Middle, Brute force, Privilege Escalation, DNS Poisoning, ARP Poisoning, DHCP Starvation. DHCP Spoofing, MAC Spoofing, DoS, DDOS, Malware, Advanced Persistent Threats (APTs) etc.)
- Knowledge of various application-level threats, attacks and vulnerabilities (SQL Injection, Cross-site Scripting (XSS), Parameter Tampering, Directory Traversal, Cross-site Request Forgery (CSRF), Session Hijacking, etc.)
- Knowledge of different social engineering attack techniques (Impersonation, Eavesdropping, Shoulder Surfing, Dumpster Diving, Piggybacking, Tailgating, etc.)
- Knowledge of different email attack techniques (Malicious Email Attachments, Malicious Email Attachments, Phishing, Spamming, etc.)
- Knowledge of mobile device-specific attack techniques (Rooting, Jailbreaking, Malicious Apps, Mobile Spamming, SMiShing, Bluebugging, etc.)
- Knowledge of OWASP Top 10 Cloud Security Risks and other cloud-specific attack techniques
- Knowledge of wireless network-specific attack techniques (Rogue Access Point, WarDriving, AP MAC Spoofing, Client Misassociation, etc.)
- Knowledge of Attacker’s Hacking Methodologies and Frameworks such as CEH black hat operation, Cyber Kill Chain, MITRE Attack Framework, etc.
- Knowledge of Information Assurance (IA) Principles (such as Confidentiality, Integrity, Availability, Non-repudiation, etc.)
- Knowledge of Continual/Adaptive security strategy
- Knowledge of defense-in-depth security strategy
- Knowledge of Preventive, Reactive, Retrospective, Proactive Approach of network defense
- Knowledge of administrative, technical, and physical network defense
- Knowledge of technologies, operations, and people involved in network defense
- Knowledge of regulatory framework compliance
- Knowledge of hierarchy required for Regulatory Frameworks Compliance (Regulatory Frameworks, Policies, Standards, Procedures, Practices, and Guidelines)
- Knowledge of various regulatory frameworks, including PCI-DSS, HIPAA, GDPR, SOX, GLBA, etc.
- Knowledge of various Information Security Acts and Laws in Cyber Laws in different countries
- Knowledge of design consideration for various security policies
- Knowledge of design and development security policies
- Knowledge of the various type of employee awareness training
- Knowledge of staff hiring and leaving policies and process
- Knowledge of Employee Monitoring tools
- Knowledge of access control principles (Principle of Least Privileges (PoLP), Separation of Duties (SoD)
- Need to know, etc.)
- Knowledge of access control models such as MAC, DAC, RBAC, RB-RBAC, etc.
- Knowledge of access control model examples such as Bell-LaPadula Model (BLM), Biba Integrity Model, Access Control Matrix, etc.
- Knowledge of Castle-and-Moat Model security model
- Knowledge of Zero Trust Security Model
- Knowledge of Identity and Access Management (IAM) and related terminologies such as User Identity Management, User Authentication, User Authorization, User Accounting, etc.
- Knowledge of different user authentication types (Password, Biometric, Smart Card, Two-factor, Single Sign-on (SSO), etc.)
- Knowledge of different types of user authorization (Centralized, Decentralized, Implicit, Explicit, etc.)
- Knowledge of cryptography (Encryption, Hashing, Digital Signature, digital certificates, Public Key Infrastructure (PKI), etc.)
- Knowledge of different cryptographic algorithms (DES, AES, RC4, RC5, RC6, DSA, RSA, MD5, SHA, HMAC, etc.)
- Knowledge of network segmentation
- Knowledge of network security controls and tools (Firewall, IDS/IPS, Honeypot, Proxy Server, Protocol Analyzer, Web Content Filter, Load Balancer, Unified Threat Management (UTM), Security Information and Event Management (SIEM), Network Access Control (NAC), Virtual Private Network (VPN))
- Knowledge of Security Protocols (RADIUS, TACACS+, Kerberos, PGP, S/MIME, IPsec SSL, TLS, HTTPS, Secure HTTP
- Knowledge of firewall capabilities and limitations
- Knowledge of different firewall technologies such as Packet Filtering, Circuit Level Gateways, Stateful Multilayer Inspection, Application Level Gateways, Application Proxies, NAT, Next-Generation Firewall (NGFW), etc.
- Knowledge of different types of firewall topologies such as Bastion host, Screened subnet, Multi-homed firewall, etc.
- Knowledge of firewall implementation and deployment
- Knowledge of firewall administration
- Knowledge of IDS/IPS capabilities and limitations
- Knowledge of IDS/IPS technologies
- Knowledge of components of IDS (Network sensors, Alert systems, Command console, Response system, Attack Signatures Database)
- Knowledge of various NIDS and HIDS Solutions (Snort, Zeek (Bro), Suricata, OSSEC, Wazuh, etc.) with their intrusion detection capabilities
- Knowledge of router and switch security countermeasure and best practices
- Knowledge of Software-defined Perimeter (SDP)
- Knowledge of Windows OS
- Knowledge of Windows security risks
- Knowledge of Windows security components (SRM, LSASS, SAM, AD, Winlogon, LogonUI, Netlogon, KSecDD, etc.
- Knowledge of Windows security features
- Knowledge of Windows OS-level security
- Knowledge of Windows security baseline configurations
- Knowledge of Windows user account and password management
- Knowledge of Windows Patch Management
- Knowledge of User Access Management
- Knowledge of Windows active directory security
- Knowledge of Windows Network Services and Protocol Security
- Knowledge of Linux OS
- Knowledge of Linux Security Risks
- Knowledge of Linux Patch Management
- Knowledge of Linux OS Level Security
- Knowledge of user access and password management
- Knowledge of Linux network and remote access security
- Knowledge of Linux security tools and frameworks (Lynis, AppArmor, SELinux, OpenSCAP)
- Knowledge of mobile usage policies in enterprises (BYOD, CYOD, COPE, COBO)
- Knowledge of security risks and challenges associated with enterprises mobile usage policies
- Knowledge of enterprise-level mobile security management
- Knowledge of enterprise-level mobile management solutions (MDM, MAM, MCM, MTD, MEM, EMM, UEM, etc.)
- Knowledge of mobile security at the device level (Android, iOS, etc.)
- Knowledge of security solutions for Android devices
- Knowledge of security solutions for iOS devices
- Knowledge of IoT devices used in IoT-enabled Environments
- Knowledge of IoT Ecosystem and Communication models
- Knowledge of IoT Architecture
- Knowledge of IoT-Enabled IT Environment
- Knowledge of security challenges and risks associated with IoT-enabled environments
- Knowledge of OWASP TOP 10 IoT Vulnerabilities
- Knowledge of IoT Threat Landscape
- Knowledge of Security Measures for IoT enabled IT Environments
- Knowledge of IoT security solutions
- Knowledge of various standards, initiatives, and efforts for IoT security (AIOTI WG03, NIST
, US DHS, GSMA, AT&T, etc.) - Knowledge of Application Whitelisting and Blacklisting
- Knowledge of Application Sandboxing
- Knowledge of Application Patch Management
- Knowledge of Application-Level Firewall (WAF)
- Knowledge of Software Restriction Policies (SRPs)
- Knowledge of PUA Protection (Group Policy Settings, PowerShell cmdlets, etc.)
- Knowledge of Data Security Technologies (Data Access Control, Data Encryption, Data Masking, Data Resilience, and Backup, Data Destruction, Data Retention)
- Knowledge of concepts “Data at Rest” vs. “Data in Use” vs. “Data in Transit.”
- Knowledge of implementation of Logical Access Controls
- Knowledge of Access Controls and Permission to Files and Folders in Windows and Linux
- Knowledge of Encryption of “Data-at-Rest” (disk encryption, file-level encryption, removable media encryption, database encryption, etc.)
- Knowledge of Disk Encryption (Windows, Mac, Linux, Android, iOS, etc.)
- Knowledge of disk encryption tools
- Knowledge of File Level Encryption (Windows, Mac, etc.)
- Knowledge of File Level Encryption tools
- Knowledge of Removable Media Encryption (Windows, Mac, Linux, etc.)
- Knowledge of Database Encryption (MS SQL Server, Oracle, etc.)
- Knowledge of Encryption of “Data at transit” between browser and web server
- Knowledge of Digital certificates (Root Certificate, Renew Certificate, Revoke Certificate, etc.)
- Knowledge of Encryption of “Data at transit” between the database server and web server (SQL Server, Oracle, etc.)
- Knowledge of Encryption of “Data at transit” in Email Delivery (MS Outlook, Gmail, etc.)
- Knowledge of data masking and data making solutions
- Knowledge of data backup (Full, Differential, Incremental)
- Knowledge of data backup in Windows, Linux, Mac, MS SQL Server, Oracle, Outlook, Gmail, IIS, Website, etc.)
- Knowledge of Data Backup Retention policy
- Knowledge of data destruction policy and techniques
- Knowledge of Data loss prevention (DLP)
- Knowledge of security management in modern virtualized IT environments
- Knowledge of virtualization concepts
- Knowledge of virtualization enablers (NV, SDN, NFV, etc.)
- Knowledge of Network Virtualization (NV)
- Knowledge of virtual networks (Internal, External)
- Knowledge of Hypervisor Products (VMware ESXi, Microsoft Hyper-V Server, VirtualBox, etc.)
- Knowledge of internal virtual network (VMware ESX)
- Knowledge of external virtual network (VLANs)
- Knowledge of Hypervisor vulnerabilities
- Knowledge of Virtual Networks vulnerabilities
- Knowledge of VLAN Risks and Vulnerabilities
- Knowledge of Hypervisor security (Hyper-V, VM Ware, Virtual Box, etc.)
- Knowledge of Virtual Network Security
- Knowledge of VLAN Security
- Knowledge of Software Defined Network (SDN)
- Knowledge of SDN benefits, limitations
- Knowledge of SDN vulnerabilities
- Knowledge of SND security
- Knowledge of Network Function Virtualization (NFV)
- Knowledge of NFV Vulnerabilities
- Knowledge of NFV security (Infrastructure, VNF, MANO, etc.)
- Knowledge of OS virtualization (Container, Docker, Kubernetes, etc.)
- Knowledge of vulnerabilities and risk on Container, Docker, Kubernetes, etc.
- Knowledge of Container security
- Certified Network Defender Copyright © by EC-Council
- Knowledge of Docker security
- Knowledge of Kubernetes security
- Knowledge of cloud computing
- Knowledge of cloud computing Service Modules
- Knowledge of cloud computing deployment models
- Knowledge of Customer vs. CSP Shared Responsibilities in IaaS, PaaS, and SaaS
- Knowledge of NIST Cloud Deployment Reference Architecture
- Knowledge cloud computing security, cloud security shared responsibilities, Elements of Cloud Security-Consumers Vs. Providers, etc.
- Knowledge of Identity and Access Management (IAM) in Cloud
- Knowledge of Data Storage Security in Cloud
- Knowledge of Network Security in Cloud
- Knowledge of monitoring, logging, compliance in the cloud
- Knowledge of CSP security capabilities (AWS, Azure, and GCP)
- Knowledge of Security Controls Provided by Major CSP (AWS, Azure, GCP, Oracle, IBM, etc.)
- Knowledge of AWS Shared Responsibility Model (Infrastructure, Container, Abstract Services)
- Knowledge of AWS Identity and Access Management (IAM) security
- Knowledge of AWS Encryption security
- Knowledge of AWS Network Security
- Knowledge of AWS Storage Security
- Knowledge of AWS Monitoring and Logging
- Knowledge of AWS Secured Solution Design
- Knowledge of Azure’s Shared Responsibility Model
- Knowledge of Azure Identity and Access Management (IAM) security
- Knowledge of Azure Encryption security
- Knowledge of Azure Network Security
- Knowledge of Azure Storage Security
- Knowledge of Azure Monitoring, Logging, and Compliance
- Knowledge of Azure Secured Solution Design
- Knowledge of Google Cloud Shared Responsibility Model
- Knowledge of GCP Identity and Access Management (IAM) security
- Knowledge of GCP Encryption security
- Knowledge of GCP Network Security
- Knowledge of GCP Monitoring, Logging, and Compliance
- Knowledge of GCP Secured Solution Design
- Knowledge of NIST Recommendations for Cloud Security
- Knowledge of best practices, checklists, guidelines, tools for cloud security
- Knowledge of wireless terminologies such as OFDM, DSSS, FHSS, MIMO-OFDM, SSID, LEAP, EAP, etc.
- Knowledge of Wireless Network Standards, 802.11x, 802.12, 802.15, 802.16, etc.
- Knowledge of Wireless Network Topologies
- Knowledge of Components in Wireless Networks
- Knowledge of wireless encryption mechanisms (WEP, WPA, WPA2, WPA3, etc.)
- Knowledge of wireless network authentication methods
- Knowledge of wireless network security controls, measures, and best practices
- Knowledge of Network Traffic Monitoring
- Knowledge of Network Sniffers
- Knowledge of baseline traffic signatures for normal and suspicious network traffic
- Knowledge of Attack Signature Analysis Techniques
- Knowledge of attack detection using Wireshark
- Knowledge of network performance and bandwidth monitoring
- Knowledge of Log Management
- Knowledge of log review and audit
- Knowledge of log monitoring and analysis (Windows, Linux, Mac, Firewall, Routers, Webserver, etc.)
- Knowledge of centralized log monitoring and analysis (Log Collection, Transmission, Storage, Normalization, Correlation, Analysis, Alerting and Reporting, etc.)
- Knowledge of first response
- Knowledge of incident response process
- Knowledge of Incident Response(IR) Plan
- Knowledge of forensics investigation process
- Knowledge of Business Continuity (BC)
- Knowledge of Disaster Recovery (DR)
- Knowledge of Business Continuity Management (BCM)
- Knowledge of Business Impact Analysis (BIA)
- Knowledge of Recovery Time Objective (RTO)
- Knowledge of Recovery Point Objective (RPO)
- Knowledge of BC/DR Activities
- Knowledge of Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
- Knowledge of risk management
- Knowledge of risk management program
- Knowledge risk management frameworks (ERM, NIST, COSO, COBIT, etc.)
- Knowledge of vulnerability management
- Knowledge of vulnerability management program
- Knowledge of vulnerability assessment (external network, internal network, web, etc.)
- Knowledge of different types of attack surfaces (network, software, physical, human, system, etc.)
- Knowledge of Indicators of Exposures (IoE)
- Knowledge of attack surface analysis (network, software, physical, human, system, etc.)
- Knowledge of attack simulation
- Knowledge of Breach and Attack Simulation (BAS) Vendors
- Knowledge of attack surface reduction
- Knowledge of attack surface analysis (Cloud and IoT)
- Knowledge of cyber threat intelligence
- Knowledge of different types of threat Intelligence (Strategic, Tactical, Operational, etc.)
- Knowledge of Indicators of Compromise (IoCs) and Indicators of Attack (IoA)
- Knowledge of different Threat Intelligence layers (TI Sources, TI feeds, TI platforms, TI Professional Services, etc.)
- Knowledge of different Threat Intelligence Sources (internal Intelligence, open-source Intelligence, Counter Intelligence, Human Intelligence, etc.)
- Knowledge of Open Source Intelligence (Hacking Forums, etc.)
- Knowledge of TI Feeds Providers (Open source, commercial, etc.)
- Knowledge of TI Platforms (TC Complete™, FireEye iSIGHT Threat Intelligence, etc.)
- Knowledge of TI consumption for proactive network defense
Skills (S)- Skills that students will acquire after attending CNDv2
- Skill in identifying threats to organizations
- Skill in recognizing the assets of an organization
- Skill in identifying the attacker’s mindset, goal, behind the attack
- Skill in identifying Attacker’s Tools, Techniques, and Procedures (TTP)
- Skill in identifying and leveraging Attacker’s Tools, Techniques, and Procedures (TTP)
- Skill in identifying the Indicator of Compromises
- Skill in assessing the organization’s security posture with the Attacker’s Tools, Techniques, and Procedures (TTP) and analyzing the results
- Skill in determining and planning defensive, reactive, retrospective, and proactive network security for an organization
- Skill in determining and planning adaptive and defense-in-depth security strategies for an organization to prevent, detect, respond and predict possible threats continuously.
- Skills in identifying regulatory framework and Organization within Scope for compliance
- Skill in designing and developing security policies
- Skill in conducting training needs analysis
- Skill in monitoring employee activities with the help of appropriate monitoring tools
- Skill in determining the necessary level of access control
- Skill in implementing Zero Trust Security Model
- Skill in identifying the user roles and managing permissions on a role basis
- Skill in applying cryptographic techniques to secure organization information
- Skill in determining the trusted and untrusted zones (DMZ) in the network
- Skill in using appropriate security controls that best suits the organization need
- Skill in using appropriate firewall technologies based on organization requirements
- Skill in choosing appropriate firewall topologies that best suits your IT infrastructure and provides maximum effectiveness
- Skill in determining appropriate firewall (hardware, software, host-based, network-based, internal, and external firewalls as per organization’s requirements
- Skill in determine appropriate firewalls based on its deep traffic inspection capability
- Skill in applying various best practices for secure firewall Implementation and deployment
- Skill in implementing, deploying, and administering firewalls
- Skill in using appropriate IDS/IPS technologies
- Skill in the effective deployment of network and host-based IDS
- Skill in dealing with deal with false positive and false negative IDS alerts
- Skill in determining appropriate IDS/IPS solutions for the organization
- Skill in applying router and switch security countermeasure and best practices
- Skill in leveraging zero trust model using SDP
- Skill in windows security administration
- Skill in analyzing result from Security Compliance Toolkit (SCT)
- Skill in Windows Systems path management
- Skill in managing user, access, and permissions in Windows systems
- Skill in applying various OS-level security measures
- Skills in securing domains active directory
- Skill in securing Windows network Services and protocol
- Skill in Administrative Access Management using Just Enough Administration (JEA)
- Skill in securing PowerShell Remoting
- Skill in Securing Remote Desktop Protocol (RDP)
- Skill in Securing DNS
- Skill in using PowerShell Cmdlets for Securing Active Directory
- Skill in Linux security administration
- Skill in Linux path management
- Skill in managing user, access, and permissions in Linux systems
- Skill in applying various OS-level security measures
- Skill in configuring remote access security in Linux (SSH, etc.)
- Skill in Linux Security Auditing and Security Compliance (Lynis, AppArmor, SELinux, OpenSCAP)
- Skill in implementing BYOD, CYOD, COPE, COBO policies in the organization
- Skill in managing the security of mobile devices in enterprises under BYOD, CYOD, COPE, COBO policies
- Skill in using Mobile management solutions (MDM, MAM, MCM, MTD, MEM, EMM, UEM, etc.)
- Skill in securing Android, iOS devices at devices level
- Skill in using mobile device security solutions
- Skill in managing and administering the security of IoT devices in IoT-enabled Environments
- Skill in reducing IoT attack surface
- Skill in gaining complete visibility of IoT Devices used in IoT-enabled Environments
- Skill in mapping IoT assets that can help in finding rogue IoT devices (Oracle’s IoT Assets Monitoring)
- Skill in monitoring IoT Device’s behavior ( Domotz Pro, TeamViewer IoT, Azure IoT Hub, AWS IoT Device Management, etc.)
- Skill in isolating IoT devices and implementing proper network segmentation for limiting IoT devices access to the entire network
- Skill in creating Virtual LAN pipe dynamically to connect to IoT device
- Skill in applying network access Port ACLs (PACLs) and VLAN ACLs (VACLs) to control (permit, deny, and monitor) access of users on IoT devices
- Skill in scanning the IoT Device for Vulnerabilities (Retina IoT Vulnerability Scanner, beSTORM, IoTInspector, etc.)
- Skill in patching upgrading IoT devices
- Skill in deploying End-to-End Encryption on IoT devices
- Skill in securing Remote Administration of IoT Devices
- Skill in securing Router of IoT Connected Devices
- Skill in monitoring Network Activity of IoT Device
- Skill in monitoring Bandwidth Consumption of IoT device
- Skill in managing risk from Shadow IoT Devices
- Skill in application security administration
- Skill in Protecting users from downloading and installing potentially harmful applications
- Skill in restricting applications to create and modify executable files
- Skill in restricting applications to access, create, and modify OS resources unnecessarily
- Skill in restricting applications to spawns into various processes
- Skill in regularly updating applications with the latest patches, updates, and versions for security implications
- Skill in configuring applications securely to prevent unwanted security risk arises from security misconfigurations
- Skill in identifying business-critical data of an organization
- Skill in assigning and managing Permission to Files and Folders (Windows, Linux, etc.)
- Skill in implementing Disk Encryption using Built-in and third-party tools (Windows, Mac, Linux, Android, iOS, etc.)
- Skill in implementing file system encryption (Windows, Mac, etc.)
- Skill in implementing Removable Media Encryption in Linux, Windows, Mac systems
- Skill in implementing database encryption (MS SQL Server, Oracle, etc.)
- Skill in securing HTTP Connection; SSL Certificates
- Skill in configuring SSL Certificate on Windows Server
- Skill in implementing Encryption between the database server and web server
- Skill in implementing Encryption in emails
- Skill in implementing Dynamic Data Masking in SQL Server, Oracle databases
- Skill in performing data backup on Windows, Linux, Mac, etc.
- Skill in performing database backups (MS SQL Server, Oracle, etc.)
- Skill in performing email data backup (Outlook, Gmail, etc.)
- Skill in performing IIS webserver configuration backup
- Skill in performing website data backup
- Skill in implementing data retention policy
- Skill in implementing data destruction policy and applying various data destruction techniques
- Skill in implementing Data Loss Prevention (DLP)
- Skill in managing security in modern virtualized IT environments
- Skill in managing security Hypervisors (Hyper-V, VM Ware, Virtual Box, etc.)
- Skill in managing the security of VLANs
- Skill in managing the security of SDN
- Skill in managing the security of NFV
- Skill in managing the security of Containers
- Skill in managing the security of Dockers
- Skill in managing the security of Kubernetes
- Skill in identifying and determining the CSP’s and consumer’s responsibilities in cloud security
- Skill in configuring various cloud security elements such as IAM, Storage, network, Logging, monitoring, compliance, etc.
- Skill in evaluating the CSP (AWS, Azure, GCP, etc.) against security features and controls that they offer
- Skill in configuring AWS IAM security (User Roles, Accounts, Credentials, MFA, Access levels/permissions, EC2 Instances, Locking Root User Access Keys, etc.)
- Skill in configuring AWS Encryption Security (Server/Client-side Encryption
- TLS, Key management, Cloud HSM, S3, etc.)
- Skill in configuring AWS Network Security (VPC, AWS Direct Connect, DMZ, etc.)
- Skill in configuring AWS Storage Security (S3, EBS, etc.)
- Skill in performing AWS Monitoring and Logging (AWS Inspector, CloudTrail, CloudWatch, etc.)
- Skill in configuring Azure IAM security (SSO, AD Conditional Access, AD password protection, MFA, RBAC, Azure AD Connect Sync, etc.)
- Skill in configuring Azure Encryption security (Azure Key Vault, Azure Disk Encryption, Azure Storage Service Encryption (SSE), Transparent Data Encryption (TDE), Azure Site-to-Site VPN, SSL, etc.)
- Skill in configuring Azure Network Security (Endpoint Access Control List (ACL), RDP/SSH Access, Load Balancing, Azure Firewall, Azure Web Application Firewall (WAF), Antimalware, etc.)
- Skill in configuring Azure Storage Security (Active Geo-replication, etc.)
- Skill in performing Azure Monitoring, Logging, and Compliance (Azure Security Center, Azure Management Portal, Activity Log, Network Watcher, etc.)
- Skill in configuring GCP IAM security (user roles, Accounts, Service Account Keys, Policy, etc.)
- Skill in configuring GCP Encryption Security (Server/Client-side Encryption, Key Management, Cloud KMS, Key Ring, etc.)
- Skill in configuring GCP Network Security (VPC, defense-in-depth, Firewall Rules, Routes, etc.)
- Skill in performing GCP Monitoring, Logging, and Compliance (GCP Console, Cloud Audit Logs, Stackdriver, etc.)
- Skill in Creating an Inventory of the Wireless Devices
- Skill in deploying a Wireless AP inappropriate location outside access and improve performance
- Skill in deploying Wireless Antenna based type, angle, location of the AP, and the coverage required
- Skill in selecting Stronger Wireless Encryption technologies
- Skill in enabling MAC Address Filtering to block all unauthorized devices from accessing the network
- Skill in monitoring Wireless Network Traffic
- Skill in detecting and locating Rogue Access Points
- Skill in detecting excessive RF interference to avoid Denial of Service attacks such as RF Jamming, Signal Bombing, and War Spamming
- Skill in assessing the Security of a Wireless Network
- Skill in deploying a Wireless IDS (WIDS) /Wireless IPS (WIPS)
- Skill in configuring Administrative Security on Wireless Routers
- Skill in implementing various best practices for wireless networks security
- Skill in using Network Sniffers (Wireshark, tcpdump, etc.)
- Skill in Setting up the environment for network monitoring
- Skill in determining baseline traffic signatures for normal and suspicious network traffic
- Skill in performing network monitoring and analysis for suspicious traffic
- Skill in performing network performance and bandwidth monitoring
- Skill in configuring, monitoring, and analyzing local logs (Windows, Linux, Mac, Firewall, Routers, Webserver, etc.) and detecting suspicious events
- Skill in configuring, monitoring, and analyzing centralized logs and detecting suspicious events
- Skill in proving the first response in incidents
- Skill in assisting IRT in incident response
- Skill in assisting Forensics team in forensics investigation
- Skill in assisting in the BC/DR process
- Skill in performing data recovery during BC/DR process.”
- Skill in assisting in the risk management process
- Skill in managing vulnerabilities through a vulnerability management program
- Skill in performing vulnerability assessment/scanning to identify potential vulnerabilities in an organization’s infrastructure
- Skill in identifying IoE’s on the network, software, physical, human, system, etc.
- Skill in conducting attack surface analysis on organization infrastructure
- Skill in reducing the attack surface of an organization
- Skill in identifying IoCs and IOAs of attacks
- Skill in integrating TI Feeds into SIEM, NGFW, NGIPS, etc.
- Skill in manually reviewing TI Feeds, investigating threats that seem relevant to the organization’s security posture
Abilities (A)- Tasks that students will be to perform after attending CNDv2
- Ability to simulate attacks and analyze the result
- Ability to assess the organization security posture
- Ability to determine and monitor the attack progression
- Ability to identify the attacker’s goal
- Ability to implement and administer defensive, reactive, retrospective, and proactive network security for an organization
- Ability to implement and administer adaptive and defense-in-depth security strategies for an organization
- Ability to comply with organizations with a required regulatory framework such as HIPAA, PCI-DSS, GDPR, etc.
- Ability to design, develop, implement and enforce security policies for the organizations
- Ability to conduct different security awareness training (such as Security Policy, Physical Security, Social Engineering, Data Classification, etc.) for employees in the organization
- Ability to monitor employee’s activities for suspicious behavior
- Ability to implement the necessary level of access controls
- Ability to implement appropriate cryptographic techniques to secure data at rest
- Ability to logically implement DAC, MAC, and RBAC access controls
- Ability to apply and implement proper network segmentation techniques to isolate untrusted networks from the rest of the network
- Ability to implement network security controls and solutions such as Pfsense firewall, snort IDS, Squid Proxy, KFSensor Honeypot, OpenVPN, SoftEther VPN, etc.
- Ability to implement, deploy, and administer network-based firewalls (pfSense, Smoothwall, etc.)
- Ability to implement, deploy, and administer host-based firewalls (Windows Firewall, iptables, etc.)
- Ability to deploy and implement network-based IDS effectively (Snort, Suricata, Bro (Zeek), etc.)
- Ability to deploy and implement network-based IDS effectively (OSSEC, Wazuh HIDS)
- Ability to perform Windows security administration
- Ability to perform Windows Systems local/remote path management
- Ability to secure active directories
- Ability to assess and configure Baseline Security Configurations
- Ability to secure Windows network Services and protocols, DNS, RDP, etc.
- Ability to perform Linux security administration
- Ability to perform Linux Systems path management
- Ability to assign privilege/permission to users as per security requirements
- Ability to perform Linux system hardening
- Ability to perform Linux system auditing
- Ability to implement BYOD, CYOD, COPE, COBO policies
- Ability to perform mobile device management in enterprises under BYOD, CYOD, COPE, COBO policies
- Ability to secure mobile devices (Android, iOS, etc.) used in organizations
- Ability to manage, monitor, administer the security of IoT devices in IoT-enabled Environments
- Ability to Isolate IoT device from the rest of the network
- Ability to scan IoT devises for vulnerabilities
- Ability to ensure secure IoT communication
- Ability to secure Router of IoT Connected Devices
- Ability to monitor Network Activity and bandwidth consumption of IoT device
- Ability to perform application security administration activities
- Ability to perform application whitelisting (Software Restriction Policies (SRPs), AppLocker, etc.)
- Ability to perform application blacklisting (ManageEngine Desktop Central, PUA, Group policies, PowerShell cmdlet, etc.)
- Ability to perform application sandboxing in Windows (Windows Sandbox, Firejail, Sandboxie, etc.)
- Ability to perform application Patch Management for Third-party Software (SolarWinds Patch Manager)
- Ability to deploy and configure WAFs
- Ability to implement data access controls and assign permissions and privilege as per requirements
- Ability to perform Encryption (disk, file, removable media, database, etc.) on a variety of platforms
- Ability to configure SSL Certificates to ensure secure communications
- Ability to encrypt emails
- Ability to perform database masking
- Ability to perform full, differential, incremental backups on Windows, Linux, Mac, etc.
- Ability perform database, email, website, web server backups
- Ability to implement data retention and data destruction policies
- Ability to implement Data Loss Prevention (DLP)
- Ability to secure modern virtualized IT environments
- Ability to secure Hypervisors (Hyper-V, VM Ware, Virtual Box, etc.)
- Ability to secure VLANs environments
- Ability to secure SDN environments
- Ability to secure NFV environments
- Ability to secure Containers environments
- Ability to secure Dockers environments
- Ability to secure Kubernetes environments
- Ability to determine the CSP’s and consumer’s responsibilities in cloud security
- Ability to configure various cloud security elements, such as IAM, Storage, network, Logging, monitoring, compliance, etc.
- Ability to evaluate the CSP (AWS, Azure, GCP, etc.) against security features and controls that they offer
- Ability to manage, administer and monitor AWS security (User Roles, Accounts, Credentials, MFA, Access levels/permissions, EC2 Instances, Locking Root User Access Keys, Server/Client-side Encryption
- TLS, Key management, Cloud HSM, S3, etc.)
- Ability to manage, administer and monitor Azure Security (SSO, AD Conditional Access, AD password protection, MFA, RBAC, Azure AD Connect Sync, Azure Key Vault, Azure Disk Encryption, Azure Storage Service Encryption (SSE), Transparent Data Encryption (TDE), Azure Site-to-Site VPN, SSL, ACL, RDP/SSH Access, Load Balancing, Azure Firewall, Azure Web Application Firewall (WAF), Antimalware, Active Geo-replication, Azure Security Center, Azure Management Portal, Activity Log, Network Watcher, etc.)
- Ability to manage, administer and monitor GCP Security (User roles, Accounts, Service Account Keys, Policy, Server/Client-side Encryption, Key Management, Cloud KMS, Key Ring, VPC, defense-in-depth, Firewall Rules, Routes, GCP Console, Cloud Audit Logs, Stackdriver, etc.)
- Ability to monitor Wireless Network Traffic
- Ability to detecting and locating Rogue Access Points
- Ability to assess the Security of a Wireless Network
- Ability to configure Administrative Security on Wireless Routers
- Ability to implement various best practices for wireless networks security
- Ability to capture, monitor, and analyze network traffic using Network Sniffers such as Wireshark, tcpdump, etc.
- Ability to detect suspicious/malicious traffic on the network
- Ability to perform network performance and bandwidth monitoring
- Ability to configure, monitor, and analyze local logs for Windows, Linux, Mac, Firewall, Routers, Webserver, etc.) and detect suspicious events
- Ability to configure, monitor, and analyze centralized logs and detect suspicious events.
Certified Network Defender Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- Ability to perform log review and audit
- Ability to perform log management
- Ability to provide first response in incidents
- Ability to precisely communicating, reporting and escalating incidents
- Ability to assist IRT in incident response
- Ability to assist the Forensics team in forensics investigation
- Ability to participate and assist in the BC/DR process
- Ability to perform data recovery during BC/DR process.
- Ability to participate and assist in the organization’s risk management program
- Ability to manage vulnerability management program (OSSIM)
- Ability to conduct vulnerability scanning to identify potential vulnerabilities in an organization’s infrastructure (Nessus, GFI LanGuard, Nsauditor, OWASP ZAP, etc.)
- Ability to identify IoE’s on network, software, physical, human, system, etc.
- Ability to conduct attack surface analysis (Windows Attack Surface Analyzer, OWASP Attack Surface Detector, Amass, etc.)
- Ability to help reduce the attack surface of an organization
- Ability to leverage/consume threat intelligence for proactive defense
- Ability to identify IoCs and IOAs of attacks
- Ability to integrate TI Feeds into SIEM, NGFW, NGIPS, etc.
- Ability to manually review TI Feeds, investigating threats that seem relevant to the organization’s security posture.
Join Over 10,000 Students that have studied with MasterGrade IT Now
Become Part of MasterGrade IT to Further Your Career.