Events

 

Technical Courses /

Cyber Defence Monitoring Course Suite Module 3

Date:

8-12 May 2017

Registration deadline:

13 Mar 2017

 

Location:

Tallinn, Estonia

Participation fee:

300 € (no fee for the Sponsoring Nations, Contributing Partners and NATO bodies)

The Locked Shields technical environment is very complex and Blue Teams need a network traffic  overview to plan their strategy. It is also essential to have an overview of what happened in the network during execution. This course will make use of the latest Locked Shields execution network traffic capture as a learning material. 
 
This intensive hands‐on course concentrates on a single solution out of a number of important Cyber Defence Monitoring techniques and solutions. We will focus only on packet capture and analysis. It is not meant to replace IDS engines, but instead work alongside them to store and index all the network traffic and providing fast access to the captured data. We use Moloch, an open‐source free software tool, to build network security monitoring for different scales, from SOHO/SME up to enterprise level. 

Learning Objectives 

The course demonstrates how Moloch is a perfect fit into modern network security monitoring. Attendees gain practical experience of how to build up a scalable system and how challenging the security‐engineering and analysis process can be. 
 

Target Audience 

Locked Shields Blue Team members and/or national representatives. 

 
Outline 

  • Methods used to conduct network traffic analysis
  • Installing a single instance for small office network
  • Building from source to get a custom set of required features
  • Controlling a large setup
  • Using APIs for integration
  • Using proxies/aggregators to get data from external sources
  • Scaling up to 10Gb+
  • Scaling up months of history
  • Separation concerns. 

 
On this course, we will work with network traffic from the recent Locked Shields, which means that the traffic will have real intrusions. 

 
Prerequisites 

  • Good understanding of TCP/IP networking and network/system administration
  • Recent everyday network/system administrator's work experience of at least 2 years in UNIX environments
  • Previous detailed knowledge on following topics
    • Work principles of UNIX operating systems and UNIX file system layout
    • Common UNIX shells (e.g., sh, bash)
    • Common UNIX user tools (e.g., ls, ps, kill)
    • Common UNIX system administration utilities
  • Scripting experience is required
  • Previous programming experience is not required, but is helpful
  • English language skill comparable to STANAG 6001, 3.2.3.2. 

 
NB!  We  most  strongly  discourage  the  participation  of  students  who  do  not  fulfil  these prerequisites,  since  the  course  contains  advanced  lab  sessions  assuming  this  knowledge. Therefore, the presence of unskilled attendees is likely to hinder the overall progress of the 
course. 

Registration info

Please register for the course by visiting the NATO CCD COE website and completing the provided registration form before the deadline. Should you have any questions, please contact: events -at- ccdcoe.org. 
 
* Before registering, please check the up‐to‐date course information on the NATO CCD COE website