Cyber Defence Monitoring Course Suite Module 2

 

Cyber Defence Monitoring Course Suite Module 2

Date:

14-18 Mar 2016

Registration deadline:

1 Feb 2016

 

Location:

Tallinn, Estonia

Number of participants:

16

Participation fee:

300 € (no fee for the Sponsoring Nations, Contributing Nations and NATO bodies)

CDMCS Module 2: Semantic Network Security Monitoring Course

This intensive hands-on course concentrates on a single solution out of a number of important Cyber Defence Monitoring techniques and solutions. We will focus only on semantic security monitoring. While often compared to classic intrusion detection/prevention systems, semantic monitoring takes a quite different approach by providing users with a flexible framework that facilitates customized, in-depth monitoring far beyond the capabilities of traditional systems. We use Bro, an open-source free software tool, to build network security monitoring for different scales - from SOHO/SME up to enterprise level.

The course demonstrates how Bro is a perfect fit into modern network security monitoring. Attendees gain practical experience on how to build up a scalable system and how challenging the security-engineering process can be. During hands-on exercises, students start from the basic single instance installation and end up implementing a distributed system with centralised command, analysis and visualisation solutions.

Outline

  • Installing a single instance for small office network.
  • Building from source to get a custom set of required features.
  • Tweaking protocols and artefact extraction.
  • Writing scripts to add new functionality.
  • Controlling a large setup.
  • Gathering logs and extractions.
  • Visualising for humans.

In this course we will work with network traffic from Locked Shields 2015, this means the traffic will have real intrusions. We will also use samples of existing botnets to analyse obfuscation techniques used today.

Prerequisites

  • Good understanding of TCP/IP networking and network/system administration.
  • Recent everyday network/system administrator's work experience of at least 2 years in UNIX environments. 
  • Previous detailed knowledge on following topics: work principles of UNIX operating systems and UNIX file system layout, common UNIX shells (e.g., sh, bash), common UNIX user tools (e.g., ls, ps, kill), common UNIX system administration utilities.
  • Scripting experience is required.
  • Previous programming experience is not required, but is helpful.
  • English language skill comparable to STANAG 6001, 3.2.3.2.

NB! We most strongly discourage the participation of students who do not fulfil aforementioned prerequisites, since the course contains advanced lab sessions assuming this knowledge. Therefore, the presence of unskilled attendants in the audience is likely to hinder the overall progress of the course./p>

Students can take each module in the course suite independently. However, the Centre encourages the applicants to attend all three modules in order to have a complete overview of available methods, techniques, and their implementation.

Registration info

To sign up for the course, please download the Joining Report and send the filled report to events -at- ccdcoe.org