CCNA Cybersecurity Operations Lab Manual, 1st edition
Published by Cisco Press (March 30, 2018) © 2018
Price Reduced From: $56.67
Details
- A print text
CCNA Cybersecurity Operations 1.0 covers knowledge and skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level Security Analyst working in a Security Operations Center (SOC).
Chapter 1 Cybersecurity and the Security Operations Center 1
   1.0.1.2 Class Activity—Top Hacker Shows Us How It is Done 1
       Objectives 1
       Background/Scenario 1
       Required Resources 1
   1.1.1.4 Lab—Installing the CyberOps Workstation Virtual Machine 3
       Objectives 3
       Background/Scenario 3
       Required Resources 3
       Part 1: Prepare a Host Computer for Virtualization 3
       Part 2: Import the Virtual Machine into the VirtualBox Inventory 4
       Reflection 6
   1.1.1.5 Lab—Cybersecurity Case Studies 7
       Objectives 7
       Background/Scenario 7
       Required Resources 7
   1.1.2.6 Lab—Learning the Details of Attacks 9
       Objectives 9
       Background/Scenario 9
       Required Resources 9
       Conduct a Search of IoT Application Vulnerabilities 9
   1.1.3.4 Lab—Visualizing the Black Hats 11
       Objectives 11
       Background/Scenario 11
       Required Resources 11
   1.2.2.5 Lab—Becoming a Defender 14
       Objectives 14
       Background/Scenario 14
       Required Resources 14
Chapter 2 Windows Operating System 17
   2.0.1.2 Class Activity—Identify Running Processes 17
       Objectives 17
       Background/Scenario 17
       Required Resources 17
   2.1.2.10 Lab—Exploring Processes, Threads, Handles, and Windows Registry 20
       Objectives 20
       Required Resources 20
       Part 1: Exploring Processes 20
       Part 2: Exploring Threads and Handles 23
       Part 3: Exploring Windows Registry 25
   2.2.1.10 Lab—Create User Accounts 28
       Objectives 28
       Required Resources 28
       Part 1: Creating a New Local User Account 28
       Part 2: Reviewing User Account Properties 33
       Part 3: Modifying Local User Accounts 34
       Reflection 36
   2.2.1.11 Lab—Using Windows PowerShell 37
       Objectives 37
       Background/Scenario 37
       Required Resources 37
       Reflection 42
   2.2.1.12 Lab—Windows Task Manager 43
       Objectives 43
       Background/Scenario 43
       Required Resources 43
       Part 1: Working in the Processes Tab 43
       Part 2: Working in the Services Tab 47
       Part 3: Working in the Performance Tab 48
       Reflection 51
   2.2.1.13 Lab—Monitor and Manage System Resources in Windows 52
       Objectives 52
       Recommended Equipment 52
       Part 1: Starting and Stopping the Routing and Remote Access Service 52
       Part 2: Working in the Computer Management Utility 59
       Part 3: Configuring Administrative Tools 61
Chapter 3 Linux Operating System 71
   3.1.2.6 Lab—Working with Text Files in the CLI 71
       Objectives 71
       Required Resources 71
       Part 1: Graphical Text Editors 71
       Part 2: Command Line Text Editors 72
       Part 3: Working with Configuration Files 74
       Reflection 81
   3.1.2.7 Lab—Getting Familiar with the Linux Shell 82
       Introduction 82
       Recommended Equipment 82
       Part 1: Shell Basics 82
       Part 2: Copying, Deleting, and Moving Files 87
       Reflection 89
   3.1.3.4 Lab—Linux Servers 90
       Introduction 90
       Recommended Equipment 90
       Part 1: Servers 90
       Part 2: Using Telnet to Test TCP Services 94
       Reflection 96
   3.2.1.4 Lab—Locating Log Files 97
       Introduction 97
       Required Resources 97
       Part 1: Log File Overview 97
       Part 2: Locating Log Files in Unknown Systems 99
       Part 3: Monitoring Log Files in Real Time 104
       Reflection 113
   3.2.2.4 Lab—Navigating the Linux Filesystem and Permission Settings 114
       Objectives 114
       Required Resources 114
       Part 1: Exploring Filesystems in Linux 114
       Part 2: File Permissions 117
       Part 3: Symbolic Links and other Special File Types 120
       Reflection 123
Chapter 4 Network Protocols and Services 125
   4.1.1.7 Lab—Tracing a Route 125
       Objectives 125
       Background 125
       Scenario 125
       Required Resources 126
       Part 1: Verifying Network Connectivity Using Ping 126
       Part 2: Tracing a Route to a Remote Server Using Traceroute 126
       Part 3: Trace a Route to a Remote Server Using Web-Based Traceroute
       Tool 127
       Reflection 128
   4.1.2.10 Lab—Introduction to Wireshark 129
       Mininet Topology 129
       Objectives 129
       Background/Scenario 129
       Required Resources 130
       Part 1: Install and Verify the Mininet Topology 130
       Part 2: Capture and Analyze ICMP Data in Wireshark 131
   4.4.2.8 Lab—Using Wireshark to Examine Ethernet Frames 136
       Mininet Topology 136
       Objectives 136
       Background/Scenario 136
       Required Resources 137
       Part 1: Examine the Header Fields in an Ethernet II Frame 137
       Part 2: Use Wireshark to Capture and Analyze Ethernet Frames 139
       Reflection 142
   4.5.2.4 Lab—Using Wireshark to Observe the TCP 3-Way Handshake 143
       Mininet Topology 143
       Objectives 143
       Background/Scenario 143
       Required Resources 143
       Part 1: Prepare the Hosts to Capture the Traffic 144
       Part 2: Analyze the Packets Using Wireshark 144
       Part 3: View the Packets Using tcpdump 147
       Reflection 148
   4.5.2.10 Lab—Exploring Nmap 149
       Topology 149
       Objectives 149
       Background/Scenario 149
       Required Resources 149
       Part 1: Exploring Nmap 149
       Part 2: Scanning for Open Ports 152
       Reflection 155
   4.6.2.7 Lab—Using Wireshark to Examine a UDP DNS Capture 156
       Topology 156
       Objectives 156
       Background/Scenario 156
       Required Resources 156
       Part 1: Record VM’s IP Configuration Information 156
       Part 2: Use Wireshark to Capture DNS Queries and Responses 157
       Part 3: Analyze Captured DNS or UDP Packets 158
       Reflection 162
   4.6.4.3 Lab—Using Wireshark to Examine TCP and UDP Captures 163
       Topology — Part 1 (FTP) 163
       Mininet Topology — Part 2 (TFTP) 163
       Objectives 164
       Background/Scenario 164
       Required Resources 164
       Part 1: Identify TCP Header Fields and Operation Using a Wireshark FTP
       Session Capture 164
       Part 2: Identify UDP Header Fields and Operation Using a Wireshark
       TFTP Session Capture 171
       Reflection 174
   4.6.6.5 Lab—Using Wireshark to Examine HTTP and HTTPS 175
       Objectives 175
       Background/Scenario 175
       Required Resources 175
       Part 1: Capture and Vview HTTP Traffic 175
       Part 2: Capture and View HTTPS Traffic 178
       Reflection 181
Chapter 5 Network Infrastructure 183
   5.2.2.4 Packet Tracer—Access Control List Demonstration 183
       Topology 183
       Objectives 183
       Background 183
       Part 1: Verify Local Connectivity and Test Access Control List 183
       Part 2: Remove ACL and Repeat Test 184
       Suggested Scoring Rubric 185
   5.3.1.10 Packet Tracer—Identify Packet Flow 186
       Topology 186
       Objectives 186
       Background/Scenario 186
       Required Resources 186
       Part 1: Verifying Connectivity 187
       Part 2: Remote LAN Network Topology 187
       Part 3: WAN Network Topology 188
Chapter 6 Principles of Network Security 191
   6.2.1.11 Lab—Anatomy of Malware 191
       Objectives 191
       Background/Scenario 191
       Required Resources 191
       Conduct a Search of Recent Malware 191
   6.2.2.9 Lab—Social Engineering 192
       Objectives 192
       Background/Scenario 192
       Required Resources 192
Chapter 7 Network Attacks: A Deeper Look 195
   7.0.1.2 Class Activity—What’s Going On? 195
       Objectives 195
       Background/Scenario 195
       Required Resources 195
   7.1.2.7 Packet Tracer—Logging Network Activity 198
       Topology 198
       Addressing Table 198
       Objectives 198
       Background 198
       Part 1: Create FTP Traffic 198
       Part 2: Investigate the FTP Traffic 199
       Part 3: View syslog Messages 199
       Suggested Scoring Rubric 200
   7.3.1.6 Lab—Exploring DNS Traffic 201
       Objectives 201
       Background/Scenario 201
       Required Resources 201
       Part 1: Capture DNS Traffic 201
       Part 2: Explore DNS Query Traffic 204
       Part 3: Explore DNS Response Traffic 209
       Reflection 211
   7.3.2.4 Lab—Attacking a mySQL Database 212
       Objectives 212
       Background/Scenario 212
       Required Resources 212
       Part 1: Open the PCAP File and Follow the SQL Database Attacker 212
       Reflection 225
   7.3.2.5 Lab—Reading Server Logs 226
       Objectives 226
       Background/Scenario 226
       Required Resources 226
       Part 1: Reading Log Files with Cat, More, Less, and Tail 226
       Part 2: Log Files and Syslog 230
       Part 3: Log Files and Journalctl 231
       Reflection 232
Chapter 8 Protecting the Network 233
   There are no labs in this chapter.
Chapter 9 Cryptography and the Public Key Infrastructure 235
   9.0.1.2 Class Activity—Creating Codes 235
       Objectives 235
       Background/Scenario 235
       Required Resources 235
   9.1.1.6 Lab—Encrypting and Decrypting Data Using OpenSSL 238
       Objectives 238
       Background/Scenario 238
       Required Resources 238
       Part 1: Encrypting Messages with OpenSSL 238
       Part 2: Decrypting Messages with OpenSSL 240
   9.1.1.7 Lab—Encrypting and Decrypting Data Using a Hacker Tool 241
       Objectives 241
       Background/Scenario 241
       Required Resources 241
       Part 1: Create and Encrypt Files 242
       Part 2: Recover Encrypted Zip File Passwords 243
   9.1.1.8 Lab—Examining Telnet and SSH in Wireshark 247
       Objectives 247
       Background/Scenario 247
       Required Resources 247
       Part 1: Examining a Telnet Session with Wireshark 247
       Part 2: Examine an SSH Session with Wireshark 249
       Reflection 250
   9.1.2.5 Lab—Hashing Things Out 251
       Objectives 251
       Background/Scenario 251
       Required Resources 251
       Part 1: Creating Hashes with OpenSSL 251
       Part 2: Verifying Hashes 253
   9.2.2.7 Lab—Certificate Authority Stores 254
       Objectives 254
       Background/Scenario 254
       Required Resources 254
       Part 1: Certificates Trusted by Your Browser 254
       Part 2: Checking for Man-In-Middle 258
       Part 3: Challenges (Optional) 262
       Reflection 262
Chapter 10 Endpoint Security and Analysis 263
   There are no labs in this chapter.
Chapter 11 Security Monitoring 265
   11.2.3.10 Packet Tracer—Explore a NetFlow Implementation 265
       Topology 265
       Objectives 265
       Background 265
       Part 1: Observe NetFlow Flow Records - One Direction 265
       Part 2: Observe NetFlow Records for a Session that Enters and Leaves the
       Collector 269
       Suggested Scoring Rubric 271
   11.2.3.11 Packet Tracer—Logging from Multiple Sources 272
       Topology 272
       Objectives 272
       Background/Scenario 272
       Part 1: View Log Entries with Syslog 272
       Part 2: Log User Access 273
       Part 3: NetFlow and Visualization 274
       Reflection 275
   11.3.1.1 Lab—Setup a Multi-VM Environment 276
       Topology 276
       Objectives 276
       Background/Scenario 276
       Required Resources 276
Chapter 12 Intrusion Data Analysis 283
   12.1.1.7 Lab—Snort and Firewall Rules 283
       Topology 283
       Objectives 283
       Background/Scenario 283
       Required Resources 284
       Part 1: Preparing the Virtual Environment 284
       Part 2: Firewall and IDS Logs 284
   12.2.1.5 Lab—Convert Data into a Universal Format 292
       Objectives 292
       Background/Scenario 292
       Required Resources 292
       Part 1: Normalize Timestamps in a Log File 292
       Part 2: Normalize Timestamps in an Apache Log File 295
       Part 3: Log File Preparation in Security Onion 297
       Part 4: Reflection 303
   12.2.2.9 Lab—Regular Expression Tutorial 304
       Objectives 304
       Background/Scenario 304
       Required Resources 304
   12.2.2.10 Lab—Extract an Executable from a PCAP 307
       Objectives 307
       Background/Scenario 307
       Required Resources 307
       Part 1: Prepare the Virtual Environment 307
       Part 2: Analyze Pre-Captured Logs and Traffic Captures 307
       Part 3: Extract Downloaded Files From PCAPS 311
   12.4.1.1 Alt Lab—Interpret HTTP and DNS Data to Isolate Threat Actor 315
       Objectives 315
       Background/Scenario 315
       Required Resources 315
       Part 1: Prepare the Virtual Environment 315
       Part 2: Investigate an SQL Injection Attack 316
       Part 3: Analyze a Data Exfiltration 323
   12.4.1.1 Lab—Interpret HTTP and DNS Data to Isolate Threat Actor 325
       Topology 325
       Objectives 325
       Background/Scenario 325
       Required Resources 326
       Part 1: Prepare the Virtual Environment 326
       Part 2: Investigate an SQL Injection Attack 327
       Part 3: Data Exfiltration Using DNS 336
   12.4.1.2 Alt Lab—Isolated Compromised Host Using 5-Tuple 342
       Objectives 342
       Background/Scenario 342
       Required Resources 342
       Part 1: Prepare the Virtual Environment 342
       Part 2: Review the Logs 343
       Reflection 351
   12.4.1.2 Lab—Isolated Compromised Host Using 5-Tuple 352
       Topology 352
       Objectives 352
       Background/Scenario 352
       Required Resources 353
       Part 1: Prepare the Virtual Environment 353
       Part 2: Reconnaissance 355
       Part 3: Exploitation 356
       Part 4: Infiltration 360
       Part 5: Review the Logs 363
       Reflection 371
Chapter 13 Incident Response and Handling 373
   13.2.2.13 Lab—Incident Handling 373
       Objectives 373
       Background/Scenario 373
       Scenario 1: Worm and Distributed Denial of Service (DDoS) Agent
       Infestation 373
       Scenario 2: Unauthorized Access to Payroll Records 374
Need help? Get in touch