Introduction
Evaluating intrusion alerts
()
Setting up your test environment
()
1. Working with Network Security Data
Comparing methods to examine traffic
()
Comparing IPS and IDS
()
Recognizing alerts and events
()
Monitoring traffic
()
Interpreting IDS/IPS alerts
()
2. Evaluating Alerts and Log Files
Challenge: Regular expressions
()
Solution: Regular expressions
()
Being application aware
()
Evaluating antivirus alerts
()
Viewing web proxy logs
()
3. Using Wireshark to Evaluate Traffic
Understanding the OSI model
()
Tapping into the network
()
Creating an Ethernet frame
()
Identifying key elements from a pcap
()
Extracting objects from a pcap
()
Challenge: Log file analysis
()
Solution: Log file analysis
()
4. Diving into TCP/IP Headers
Understanding TCP
()
Moving through the TCP handshake and teardown
()
Recognizing User Datagram Protocol
()
Viewing IPv4
()
Investigating IPv6
()
Grasping ICMP
()
Discovering ICMPv6
()
5. Visualizing Application Data
Analyzing HTTP
()
Dissecting DNS
()
Using ARP
()
Outlining email threats
()
Detecting malware by examining artifacts
()
Confirming malware by examining artifacts
()
Ex_Files_Cisco_Certified_CyberOps_2024.zip
(80 KB)