Course Overview

In this 4-day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks.

The course includes lecture, hands-on labs, and discussion about different F5 Advanced Web Application Firewall tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero-day exploits.

Course Topics

• Resource provisioning for F5 Advanced Web Application Firewall

• Traffic processing with BIG-IP Local Traffic Manager (LTM)

• Web application concepts

• Mitigating the OWASP Top 10 and other vulnerabilities

• Security policy deployment

• Security policy tuning

• Deploying Attack Signatures and Threat Campaigns

• Positive security building

• Securing cookies and other headers

• Reporting and logging

• Advanced parameter handling

• Using Automatic Policy Builder

• Integrating with web vulnerability scanners

• Login enforcement for flow control

• Brute force and credential stuffing mitigation

• Session tracking for client reconnaissance

• Using Parent and Child policies

• Layer 7 DoS protection

• Configuring Advanced Bot Defense

• Course Objectives

• Describe the role of the BIG-IP system as a full proxy device in an application delivery network

• Provision the F5 Advanced Web Application Firewall

• Define a web application firewall

• Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs, and parameters

• Deploy F5 Advanced Web Application Firewall using the Rapid Deployment template (and other templates) and define the security checks included in each

• Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web Application Firewall

• Define attack signatures and explain why attack signature staging is important

• Deploy Threat Campaigns to secure against CVE threats

• Contrast positive and negative security policy implementation and explain benefits of each

• Configure security processing at the parameter level of a web application

• Deploy F5 Advanced Web Application Firewall using the Automatic Policy Builder

• Tune a policy manually or allow automatic policy building

• Integrate third party application vulnerability scanner output into a security policy

• Configure login enforcement for flow control

• Mitigate credential stuffing

• Configure protection against brute force attacks

• Deploy Advanced Bot Defense against web scrapers, all known bots, and other automated agents

Course Objectives

• Describe the role of the BIG-IP system as a full proxy device in an application delivery network

• Provision the F5 Advanced Web Application Firewall

• Define a web application firewall

• Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs, and parameters

• Deploy F5 Advanced Web Application Firewall using the Rapid Deployment template (and other templates) and define the security checks included in each

• Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web Application Firewall

• Define attack signatures and explain why attack signature staging is important

• Deploy Threat Campaigns to secure against CVE threats

• Contrast positive and negative security policy implementation and explain benefits of each

• Configure security processing at the parameter level of a web application

• Deploy F5 Advanced Web Application Firewall using the Automatic Policy Builder

• Tune a policy manually or allow automatic policy building

• Integrate third party application vulnerability scanner output into a security policy

• Configure login enforcement for flow control

• Mitigate credential stuffing

• Configure protection against brute force attacks

• Deploy Advanced Bot Defense against web scrapers, all known bots, and other automated agents

Course Overview

Get started with Microsoft Sentinel security operations by configuring the Microsoft Sentinel workspace, connecting Microsoft services and Windows security events to Microsoft Sentinel, configuring Microsoft Sentinel analytics rules, and responding to threats with automated responses.

Course Content

Module 1 : Create and manage Microsoft Sentinel workspaces

Learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization’s security operations requirements.

  • Introduction
  • Plan for the Microsoft Sentinel workspace
  • Create a Microsoft Sentinel workspace
  • Manage workspaces across tenants using Azure Lighthouse
  • Understand Microsoft Sentinel permissions and roles
  • Manage Microsoft Sentinel settings
  • Configure logs
  • Knowledge check
  • Summary and resources

Module 2: Connect Microsoft services to Microsoft Sentinel

  • Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel.
  • Introduction
  • Plan for Microsoft services connectors
  • Connect the Microsoft Office 365 connector
  • Connect the Microsoft Entra connector
  • Connect the Microsoft Entra ID Protection connector
  • Connect the Azure Activity connector
  • Knowledge check
  • Summary and resources

Module 3: Connect Windows hosts to Microsoft Sentinel

One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.

  • Introduction
  • Plan for Windows hosts security events connector
  • Connect using the Windows Security Events via AMA Connector
  • Connect using the Security Events via Legacy Agent Connector
  • Collect Sysmon event logs
  • Knowledge check
  • Summary and resources

Module 4: Threat detection with Microsoft Sentinel analytics

In this module, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks.

  • Introduction
  • Exercise – Detect threats with Microsoft Sentinel analytics
  • What is Microsoft Sentinel Analytics?
  • Types of analytics rules
  • Create an analytics rule from templates
  • Create an analytics rule from wizard
  • Manage analytics rules
  • Exercise – Detect threats with Microsoft Sentinel analytics
  • Summary

Module 5: Automation in Microsoft Sentinel

By the end of this module, you’ll be able to use automation rules in Microsoft Sentinel to automated incident management.

  • Introduction
  • Understand automation options
  • Create automation rules
  • Knowledge check
  • Summary and resources

Module 6: Configure SIEM security operations using Microsoft Sentinel

In this module, you learned how to configure SIEM security operations using Microsoft Sentinel.

  • Introduction
  • Exercise – Configure SIEM operations using Microsoft Sentinel
  • Exercise – Install Microsoft Sentinel Content Hub solutions and data connectors
  • Exercise – Configure a data connector Data Collection Rule
  • Exercise – Perform a simulated attack to validate the Analytic and Automation rules
  • Summary

Course Overview

This course is designed for students who are planning to take the Configure Secure Access to your Workloads using Azure Virtual Networking Assessment (APL-1002) and provides a bridge between fundamental level skills and entry-level associate skills. This course helps learners progress in multiple IT roles, including infrastructure and security administrators and architects.

Course Objectives

In this course, the student will have many opportunities to practice configuring and securing network resources through lab based scenarios. Skills developed will include creating and configuring virtual networks, network routing, DNS Zones, DNS Settings, network security groups, and Azure Firewall.

Course Content

This course will cover;

  • Configure virtual networks
  • Configure Azure Virtual Network peering
  • Manage and control traffic flow in your Azure deployment with routes
  • Host your domain on Azure DNS
  • Configure network security groups
  • Configure Azure Firewall

Course Overview

Use Microsoft Entra to manage access by using entitlements, access reviews, privileged access tools, and monitor access events.

Course Content

When new users or external users join your site, quickly assigning them access to Azure solutions is a must. Explore how to entitle users to access your site and resources.

  • Define catalogs.
  • Define access packages.
  • Plan, implement and manage entitlements.
  • Implement and manage terms of use.
  • Manage the lifecycle of external users in Microsoft Entra Identity Governance settings.

2- Plan, implement, and manage access review

Once identity is deployed, proper governance using access reviews is necessary for a secure solution. Explore how to plan for and implement access reviews.

  • Plan for access reviews
  • Create access reviews for groups and apps
  • Monitor the access review findings
  • Manage licenses for access reviews
  • Automate management tasks for access review
  • Configure recurring access reviews

3- Monitor and maintain Microsoft Entra ID

Audit and diagnostic logs within Microsoft Entra ID provide a rich view into how users are accessing your Azure solution. Learn to monitor, troubleshoot, and analyze sign-in data.

  • Analyze and investigate sign in logs to troubleshoot access issues
  • Review and monitor Microsoft Entra audit logs
  • Enable and integrate Microsoft Entra diagnostic logs with Log Analytics / Azure Sentinel
  • Export sign in and audit logs to a third-party SIEM (security information and event management)
  • Review Microsoft Entra activity by using Log Analytics / Azure Sentinel, excluding KQL (Kusto Query Language) use
  • Analyze Microsoft Entra workbooks / reporting
  • Configure notifications

4- Plan and implement privileged access

Ensuring that administrative roles are protected and managed to increase your Azure solution security is a must. Explore how to use PIM to protect your data and resources.

  • Define a privileged access strategy for administrative users (resources, roles, approvals, and thresholds)
  • Configure Privileged Identity Management for Microsoft Entra roles
  • Configure Privileged Identity Management for Azure resources
  • Assign roles
  • Manage PIM requests
  • Analyze PIM audit history and reports
  • Create and manage emergency access accounts

5- Explore the many features of Microsoft Entra Permissions Management

While diving deeper into the features of Microsoft Entra Permissions Management, we use the framework of discover, remediate, monitor as a guide to help walkthrough how the Permissions Management features set can benefit your organization.

  • Understand the features of Microsoft Entra Permissions Management
  • Learn more specifics about how Permissions Management allows you to discover, remediate, and monitor identities, permissions, and resources
  • Get real-world views of the data and analytics Permissions Management provides

Course Overview

CompTIA PenTest+ is the most comprehensive cybersecurity exam covering all red team activities and is designed for cybersecurity professionals tasked with penetration testing and vulnerability management.

PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks. The CompTIA PenTest+ certification exam will verify successful candidates have the knowledge and skills required to:

  • Plan and scope a penetration testing engagement
  • Understand legal and compliance requirements
  • Perform vulnerability scanning and penetration testing using appropriate tools and
  • techniques, and then analyze the results
  • Produce a written report containing proposed remediation techniques, effectively
  • communicate results to the management team, and provide practical recommendations

Course Objectives

After completing this course you should be able to:

  • Explain the importance of planning and key aspects of compliance-based assessments.
  • Conduct information gathering exercises with various tools and analyse output and basic scripts (limited to: Bash, Python, Ruby, PowerShell).
  • Gather information to prepare for exploitation then perform a vulnerability scan and analyse results.
  • Utilise report writing and handling best practices explaining recommended mitigation strategies for discovered vulnerabilities.
  • Exploit network, wireless, application, and RF-based vulnerabilities, summarize physical security attacks, and perform post-exploitation techniques.

Course Content

  • Lesson 1: Scoping Organizational/Customer Requirements
  • Lesson 2: Defining the Rules of Engagement
  • Lesson 3: Footprinting and Gathering Intelligence
  • Lesson 4: Evaluating Human and Physical Vulnerabilities
  • Lesson 5: Preparing the Vulnerability Scan
  • Lesson 6: Scanning Logical Vulnerabilities
  • Lesson 7: Analyzing Scanning Results
  • Lesson 8: Avoiding Detection and Covering Tracks
  • Lesson 9: Exploiting the LAN and Cloud
  • Lesson 10: Testing Wireless Networks
  • Lesson 11: Targeting Mobile Devices
  • Lesson 12: Attacking Specialized Systems
  • Lesson 13: Web Application-Based Attacks
  • Lesson 14: Performing System Hacking
  • Lesson 15: Scripting and Software Development
  • Lesson 16: Leveraging the Attack: Pivot and Penetrate
  • Lesson 17: Communicating During the PenTesting Process
  • Lesson 18: Summarizing Report Components
  • Lesson 19: Recommending Remediation
  • Lesson 20: Performing Post-Report Delivery Activities

Course Overview

The PECB CMMC Foundations training course enables participants to understand the fundamental concepts and principles of the CMMC model.

The PECB CMMC Foundations training course allows you to learn more about the structure of the CMMC model including CMMC levels, domains, capabilities, processes, and practices. You will also gain basic knowledge related to the CMMC ecosystem, the CMMC assessment process and methodology, and the CMMC Code of Professional Conduct.

The successful completion of the training course is followed by an exam. A PECB Foundations certificate demonstrates that you comprehend the CMMC model, are able to interpret the requirements for specific CMMC levels, and have the basic knowledge to help an organization in implementing and managing the requirements of the CMMC model.

This course is offered by Cyber Security Training and Consulting LLC, a Licensed Training Partner (LTP) of The Cyber AB/CAICO and PECB.

Course Objectives

This training course allows you to:

  • Understand the basic concepts, definitions, and approaches of the CMMC model
  • Get acquainted with the CMMC maturity levels, domains, processes, and practices
  • Develop a general understanding of how the CMMC model could be applied in the supply chain of the DoD and the DIB sector

Course Content

  1. Day 1: Introduction to the CMMC ecosystem and the CMMC model
  2. Day 2: CMMC practices, assessment process, and code of professional conduct

Course Overview

Designed for experienced IT professionals, this course is best suited for individuals who will be deploying and/or managing Application Firewall, AAA for Application Traffic, and NetScaler Console (ADM) in their NetScaler environments.

You will leave this course with the skills required to deploy and manage NetScaler Web Application Firewall including types of web attacks, protections and signatures, the Adaptive learning engine, App Firewall policies and profiles, troubleshooting, and additional pertinent NetScaler security Features. You will be able to deploy AAA for Application Traffic with nFactor and understand concepts related to Login Schemas, Policy Labels, and customizations. You will also be able to deploy the NetScaler Console to manage a NetScaler environment.

Product Versions Covered: NetScaler VPX v14.1 and NetScaler Console v14.1

Virtual Learning

This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.

Course Objectives

  • Configure NetScaler Web Application Firewall including policies, profiles, signatures and error pages
  • Mitigate various types of attacks using the NetScaler Web Application Firewall
  • Utilize additional security features of the NetScaler such as Bot Management, Rate Limiting, HTTP Callout, IP Reputation, and AppQoE.
  • Deploy AAA for Application Traffic and nFactor to control access to resources behind the NetScaler.
  • Use NetScaler console to monitor and manage a NetScaler environment

Course Content

Module 1: Introduction to WAF

  • The Business Problem
  • Industry Standards
  • Protection Methodologies
  • Introducing NetScaler Web App Firewall

Module 2: WAF Profiles, Policies, Monitoring

  • NetScaler Web App Firewall Policies, Profiles, and Learning
  • Logging and Reporting
  • Customizing Errors
  • Signatures and Comment Stripping

Module 3: Implementing Protections

  • Security Checks and Data Flow
  • URL Protections
  • Top-Level Protections
  • Advanced Form Protection Checks
  • Rules and Adaptive Learning
  • Credit Card Check
  • Safe Object

Module 4: Advanced Security Features

  • Bot Protection
  • API Protection
  • Responder Logging
  • Content Inspection

Module 5: Security and Filtering

  • IP Reputation
  • HTTP Callout
  • IP Rate Limiting
  • Application Quality of Experience (AppQoE)

Module 6: Intorduction to AAA and nFactor Overview

  • Authentication, Authorization, and Auditing
  • Intro to nFactor
  • Policy Label
  • Login Schemas
  • Authentication Policy and Action
  • Supported Protocol

Module 7: nFactor Use Cases

  • Single Sign-On Overview
  • Traffic Policies
  • Security Assertion Markup Language (SAML)
  • Certificate Authentication
  • OAuth

Module 8: AAA Customizations

  • Portal Theme Customizations
  • End User License Agreement (EULA)
  • Custom Error Messages

Module 9: Intro to NetScaler Console

  • Introducing NetScaler Console
  • NetScaler Console Service
  • Getting Started with NetScaler Console
  • Initial Configuration
  • Instance Management

Module 10: Managing and Monitoring NetScaler Console

  • User Management
  • Instance Management
  • Event Management
  • SSL Certificate Management
  • Unified Security Dashboard
  • Insights

Module 11: Managing Apps and  Configs using NetScaler Console

  • Stylebooks
  • Config Management
  • Configuration Audit
  • Actionable Tasks & Recommendations

Module 12: Tuning and Performance Optimizations

  • Connection Profiles
  • SSL Profiles
  • Net Profiles
  • SSL Certificate Management
  • RPC Nodes

Course Overview

The Cisco DoD Comply-to-Connect (C2C) training teaches you how to implement and deploy a Department of Defense (DoD) Comply-to-Connect network architecture using Cisco Identity Services Engine (ISE). This training covers implementation of 802.1X for both wired and wireless devices and how Cisco ISE uses that information to apply policy control and enforcement. Additionally, other topics like supplicants, non-supplicants, ISE profiler, authentication, authorization, and accounting (AAA) and public key infrastructure (PKI) support, reporting and troubleshooting are covered. Finally, C2C specific use case scenarios are covered.

This course is worth 32 Continuing Education (CE) Credits

Course Objectives

After completing this course you should be able to:

  • Define DoD C2C, including its steps and alignment with ISE features/functions and Zero Trust 
  • Describe Cisco Identity-Based Networking Services 
  • Explain 802.1X extensible authentication protocol (EAP) 
  • Configure devices for 802.1X operation 
  • Configure access for non-supplicant devices 
  • Describe the Cisco Identity Services Engine 
  • Explain Cisco ISE deployment 
  • Describe Cisco ISE policy enforcement concepts 
  • Describe Cisco ISE policy configuration 
  • Explain PKI fundamentals, technology, components, roles, and software supplicants 
  • Troubleshoot Cisco ISE policy and third-party network access device (NAD) support 
  • Describe Cisco ISE TrustSec configurations 
  • Describe the Cisco ISE profiler service 
  • Describe profiling best practices and reporting 
  • Configure endpoint compliance 
  • Configure client posture services 
  • Configure Cisco ISE device administration 
  • Describe the four main use cases within C2C

Course Content

C2C Fundamentals

  • Comply to Connect
  • From C2C to ZTA
  • Steps to Implement C2C

Cisco Identity-Based Networking Services

  • Cisco IBNS Overview
  • AAA Role in Cisco IBNS
  • Compare Cisco IBNS and Cisco ISE Solutions
  • Explore Cisco IBNS Architecture Components

Configure Access for Non-Supplicant Devices

  • Configure Cisco IBNS for Non-Supplicant Devices
  • Explore IBNS 2.0 for Non-Supplicant Devices
  • Configure Cisco Central Web Authentication for Guests

Introducing Cisco ISE Architecture

  • Cisco ISE as a Network Access Policy Engine
  • Cisco ISE Use Cases
  • Cisco ISE Functions

Introducing Cisco ISE Deployment

  • Cisco ISE Deployment Models
  • Cisco ISE Licensing and Network Requirements
  • Cisco ISE Context Visibilty Features
  • New Features in Cisco ISE3.x

Introducing Cisco ISE Policy Enforcement Components

  • 802.1X for Wired and Wireless Access
  • MAC Authentication Bypass for Wired and Wireless Access
  • Identity Management
  • Active Directory Identity Source
  • Additional Identity Sources
  • Certificate Services

Introducing Cisco ISE Policy Configuration

  • Cisco ISE Policy
  • Cisco ISE Authentication Rules
  • Cisco ISE Authorization Rules

PKI and Advanced Supplicants

  • Public Key Infrastructure
  • TEAP in Comply to Connect (C2C)
  • Secure Client ISE Features and Configuration for C2C

Introducing the Cisco ISE Profiler

  • Web Access with Cisco ISE
  • ISE Profiler Overview
  • Cisco ISE Probes
  • Profiling Policy
  • Custom Attributes in Profiler

Introducing Cisco ISE Endpoint Compliance Services

  • Endpoint Compliance Services Overview

Configuring Client Posture Services and Compliance

  • Client Posture Sevices and Provisioning Configuration

Introducing Profiling Best Practices and Reporting

  • Profiling Best Practices

C2C Use Cases

  • Cisco CX ISE Reporting Tool
  • ISE Reporting
  • ISE Hardening
  • Profiling Best Practices for C2C

Troubleshooting Cisco ISE Policy and Third-Party NAD Support

  • Cisco ISE Third-Party Network Access Device Support
  • Troubleshooting Cisco ISE Policy Configuration

Exploring Cisco TrustSec

  • Cisco TrustSec Overview
  • Cisco TrustSec Enhancements
  • Cisco TrustSec Configuration

Working with Network Access Devices

  • Reviewing AAA
  • Cisco ISE TACACS+ Device Administration
  • Configuring TACACS+ Device Administration
  • TACACS+ Device Administration Guidelines and Best Practices

Labs:

Course Overview

This two-day Specialist-level course is designed for security professionals who want to gain the concepts and skills necessary to deploy and manage Custom Threat Prevention within a Check Point Security environment.

‘Course Content

Module 1: History of Threat Prevention

Lab Tasks

• Verify the Security Environment

• Verify Connectivity Between Systems

Module 2: IPS Protections

Lab Tasks

• Enable and Configure Custom Threat Prevention

• Configure the Inspection Settings

• Update IPS Protections

• Configure General and Specific Protections

• Configure and Test Core Protections

Module 3: Anti-Virus and Anti-Bot Protections

Lab Tasks

• Enable Anti-Bot and Anti-Virus

• Configure Anti-Bot and Anti-Virus

Module 4: Threat Prevention Policy Profiles

Lab Tasks

• Create Custom Threat Prevention Profiles

• Configure the Custom Profiles

• Configure Anti-Bot and Anti-Virus in the Custom Profiles

Module 5: Threat Prevention Policy Layers

Lab Tasks

• Configure Gateway Interface Settings

• Configure Threat Prevention Policy Layers

• Configure Threat Prevention Rules with Custom Profiles

Module 6: Threat Prevention Logs and Traffic Analysis 

Lab Tasks 

• Modify Threat Prevention Logs and Configure SmartEvent Settings 

• Test Threat Prevention Protections 

• View Threat Prevention Logs and Events 

• Use Web SmartConsole to View Logs and Events. 

Module 7: Threat Prevention Exceptions and Exclusions 

Lab Tasks 

• Use IPS and Threat Prevention Exceptions 

• Create an Inspection Settings Exception 

• Create a Core Activations Exception 

Module 8: Correlated Threat Prevention Views and Reports 

Lab Tasks 

• Verify SmartEvent Activation 

• Generate and Verify Logs for Reporting 

• Configure SmartEvent Views and Reports 

Module 9: Threat Prevention Updates 

Lab Tasks 

• Verify Recent Updates 

• Configure Update Settings 

Module 10: Threat Prevention Performance Optimization 

Lab Tasks 

• Analyze Threat Prevention Performance 

• Create Penalty Box Exceptions and Null Profiles 

• Test the Panic Button Protocol

Course Overview

This 2-day course provides a comprehensive understanding of the Check Point VSX solution and describe how to deploy it within the corporate network environment.

Course Objectives

• Explain the benefits of virtual network security. 

• Understand the basic functions, components, and advantages of VSX technology. 

• Examine the VSX management infrastructure and understand how traffic flows within a VSX network. 

• Discuss options for deploying VSX technology within various types of organizations. 

• Understand how to install and configure VSX Gateways and Virtual Systems. 

• Describe different routing schemes and features that are available to use within the VSX environment. 

• Understand how to deploy additional VSX networking configurations that may be required in the environment. 

• Understand the differences between deploying physical Security Gateway Clusters and VSX Gateway Clusters. 

• Understand how Virtual System Load Sharing works to enhance VSX network performance. 

• Understand how to use the VSX Provisioning Tool to add and remove virtual devices. 

• Recall how CoreXL technology enhances Security Gateway performance and recognize how to use the technology in a VSX environment. 

• Understand how to employ tools for optimizing resources allocated in a VSX environment. 

• Identify various VSX command line tools commonly used to retrieve information and perform configuration changes. 

• Understand how to use VSX utility commands to perform various maintenance tasks for the VSX environment. 

• Understand how to troubleshoot and debug issues that may occur in a VSX environment.

Course Content

Course Topics:

• VSX Overview 

• Virtual System Installation and Configuration 

• VSX Clustering 

• Advanced VSX Features 

• Troubleshooting VSX

Lab Exercises:

• Configuring the VSX Environment 

• Deploying a Virtual System with a Physical Interface 

• Deploying a VS with Bonded VLAN Interfaces 

• Configuring Virtual System HA 

• Converting VSX High Availability to Virtual System Load Sharing 

• Maintaining the VSX Environment 

• Using the CLI to Manage VSX 

• Performance Tuning in VSX 

• Troubleshooting VSX Issues 

• Upgrading a VSX Environment