Mastering System & Network Cybersecurity with Firewall Administration

         ปลดล็อกพลังเพื่อปกป้องเครือข่ายและระบบของท่านอย่างมั่นใจ หลักสูตร Mastering System & Network Cybersecurity with Firewall Administration จะช่วยให้ท่านมีทักษะในการสร้างเกราะการป้องกันจากภยันตรายของการละเมิดความปลอดภัยไซเบอร์ และช่วยการออกแบบตั้งค่าการทำงานของไฟร์วอลล์ได้อย่างแม่นยำ และยังปกป้องสินทรัพย์ดิจิทัลขององค์กรจากภัยคุกคามที่เปลี่ยนแปลงตลอดเวลา ช่วยยกระดับความเชี่ยวชาญด้านความปลอดภัยทางไซเบอร์ของท่านและควบคุมความปลอดภัยของเครือข่ายของท่าน 

ผู้ที่เหมาะเข้ารับการอบรม

ผู้เชี่ยวชาญด้านไอทีที่ต้องการเข้าสู่สาขาความปลอดภัยทางไซเบอร์

ผู้ดูแลระบบเครือข่าย ผู้ดูแลระบบ และที่ปรึกษาความปลอดภัย

บุคคลที่ต้องการสร้างรากฐานที่มั่นคงในหลักการความปลอดภัยทางไซเบอร์

System Integrator

ข้อกำหนดเบื้องต้น

ความรู้พื้นฐานเกี่ยวกับเครือข่ายและแนวคิดด้านไอที

ความคุ้นเคยกับหลักการความปลอดภัยทั่วไปนั้นเป็นประโยชน์ แต่ไม่เน้น

ท่านจะได้เรียนรู้อะไรจากหลักสูตรนี้

รากฐานที่มั่นคงสำหรับการบริหารจัดการกับการรักษาความปลอดภัยขององค์กร

ใช้ Cyber security kill chain เพื่อเป็นเครื่องมือภาคปฎิบัติสำหรับทำความเข้าใจกลยุทธ์การโจมตี

เพิ่มความยืดหยุ่นทางไซเบอร์ขององค์กรของท่านด้วยการออกแบบ และเขียน รวมทั้งปรับปรุงนโยบายความปลอดภัย เสริมความแข็งแกร่งให้กับเครือข่าย ใช้เซ็นเซอร์ที่ใช้งานอยู่ และใช้ประโยชน์จากข่าวกรองภัยคุกคาม

สามารถระบุประเภทของการโจมตีทางไซเบอร์ เช่น SQL Injection มัลแวร์ และภัยคุกคามทางวิศวกรรมสังคม เช่น อีเมลฟิชชิ่ง

เรียนรู้และเข้าใจอย่างลึกซึ้งเกี่ยวกับกระบวนการกู้คืนจากภัยพิบัติ

ทำความเข้าใจวิธีการตรวจสอบความปลอดภัยอย่างสม่ำเสมอและนำกลยุทธ์การจัดการช่องโหว่สำหรับระบบภายในองค์กรและไฮบริดคลาวด์

เรียนรู้วิธีวิเคราะห์ Log โดยใช้ระบบคลาวด์เพื่อระบุกิจกรรมที่น่าสงสัย รวมถึง Log จาก Amazon Web Services และ Azure

เรียนรู้วิธีการ ออกแบบเครือข่าย Firewall และการติดตั้ง Firewall จาก Brand ที่ได้รับความนิยมมากที่สุดคือ Fortigate โดยเรียนปฎิบัติจากอุปกรณ์ของจริง 

รายละเอียดหลักสูตร

1. Cybersecurity Concept

2. Cybersecurity Threat

3. Understanding the Cybersecurity Kill Chain

Reconnaissance and Footprinting

External reconnaissance

Internal reconnaissance

Techniques used by attackers: Passive vs. active reconnaissance.

Open-source intelligence (OSINT): Social Media, public records, and websites.

Tools for reconnaissance: WHOIS lookup, Shodan, Nmap, and Google Dorking.

Defense strategies

Hands-on Lab 1: Gathering Information Using Command line Utilities

Hands-on Lab 2: Gathering Information Using Metasploit

Hands-on Lab 3: Gathering an Email Listing Using Harvestor

Hands-on Lab 4: Footprinting a Target using Maltego

Hands-on Lab 5: Footprinting a Target Using Recon-ng

Hands-on Lab 6: Perform Port and Service Discovery using NetScanTools Pro

Hands-on Lab 7: Footprinting Target using Spiderfoot

Hands-on Lab 8: Gathering Website with Central OPs

Enumeration

Hands-on Lab 9: Perform NetBIOS Enumeration Using windows Command-Line Utilities

Hands-on Lab 10: Perform DNS Enumeration using Nmap

Hands-on Lab 11: Enumeration with DNSmap

Scanning

Hands-on Lab 12: Scan a Target Network using Metasploit

Hands-on Lab 13: using Netdiscover Scan Network and Internet

Hands-on Lab 14: using Hping3 Scan Network and Port Services

Hands-on Lab 15: using ZMAP Scan Large Network and Internet

Weaponization

Payload delivery mechanisms: Trojans, ransomware, or backdoors.

Common tools: Metasploit, Cobalt Strike, and custom scripts.

Defense strategies

Delivery

Delivery methods: Phishing emails, malicious URLs, USB drives, or exploiting vulnerabilities.

Spear phishing vs. phishing campaigns.

Email spoofing techniques.

Defense strategies

Exploitation

Exploitation techniques: Buffer overflow, privilege escalation, and browser exploits.

Exploiting zero-day vulnerabilities.

Targeted applications: Web browsers, operating systems, or third-party applications.

Defense strategies

Installation

Installing backdoors, trojans, or persistence mechanisms.

Common tools: Remote Access Trojans (RATs), keyloggers, and rootkits.

Maintaining persistence: Scheduled tasks, registry entries, or startup scripts.

Defense strategies

Command and Control (C2)

C2 techniques: HTTP/S, DNS tunneling, or custom protocols.

Botnets and their role in maintaining control.

Identifying and analyzing C2 traffic.

Defense strategies

 Security controls used to stop the Cyber Kill Chain

Use of UEBA

Security awareness

Threat life cycle management

Preventive Controls: Firewalls, intrusion prevention systems (IPS), and endpoint protection.

Detective Controls: SIEM systems, log management, and behavioral analysis.

Response Controls: Incident response plans, containment strategies, and remediation techniques.

Hands-on Lab 16: Configure Suricata to Detect Cyber Kill Chain

Overview of System Hacking

Definition and objectives of system hacking.

Types of attacks: Targeted vs. opportunistic.

Common goals: Gaining unauthorized access, privilege escalation, and data theft.

Phases of System Hacking

Reconnaissance and information gathering.

Vulnerability identification and exploitation.

Privilege escalation.

Maintaining access (persistence mechanisms).

Covering tracks (anti-forensic techniques).

Techniques Used in System Hacking

Brute force attacks: Password cracking methods.

Exploit development: Buffer overflows, DLL hijacking, and shellcode injection.

Social engineering techniques for system access.

Fileless malware attacks leveraging legitimate system tools (e.g., PowerShell, WMI).

Hacking Tools

Password cracking tools: John the Ripper, Hashcat, Hydra.

Exploitation frameworks: Metasploit, Cobalt Strike.

Vulnerability scanners: Nessus, OpenVAS.

Post-exploitation tools: Mimikatz, BloodHound.

Privilege Escalation

Understanding privilege levels in operating systems (Windows, Linux).

Exploiting misconfigured permissions or vulnerabilities for elevation.

Tools: Windows Elevation of Privilege (EoP) tools, Linux privilege escalation scripts.

Maintaining Access

Creating backdoors for persistent access.

Scheduled tasks, registry modifications, and startup programs.

Remote Access Trojans (RATs) and their deployment.

Covering Tracks

Clearing system logs and hiding malicious files.

Anti-forensics techniques: File obfuscation, timestamp manipulation.

Evading endpoint detection and response (EDR) tools.

Countermeasures

Hands-on Lab 17: Hack a Windows Machine using Metasploit and Perform Post Exploitation

Hands-on Lab 18: Clear Windows Machine Logs using CCleaner

Hands-on Lab 19: Capture Credential with Hydra

Hands-on Lab 20: Crack Password MD5 with John the Ripper

Hands-on Lab 21: Cracking Password with Hashcat

4. Malware and Ransomware Threat

Malware Types: Viruses, worms, trojans, spyware, and ransomware.

Ransomware Lifecycle: Delivery, encryption, extortion, and recovery.

Definition and differences between malware and ransomware.

Types of Malware

Viruses: Characteristics and propagation methods.

Worms: Differences from viruses and their self-replication ability.

Trojans: Types (backdoor, dropper, banker) and their stealth tactics.

Spyware and Adware: Data collection and user monitoring.

Fileless Malware: Exploiting legitimate tools and memory-based attacks.

Types of Ransomware

Locker Ransomware: Locking systems and denying access.

Crypto Ransomware: Encrypting files and demanding payment.

Double Extortion Ransomware: Combining encryption with data exfiltration.

Ransomware-as-a-Service (RaaS): Marketplace for launching ransomware attacks.

Malware and Ransomware Delivery Methods

Email phishing campaigns and malicious attachments.

Drive-by downloads and watering hole attacks.

Exploiting software vulnerabilities.

Malvertising and social engineering techniques.

Infection and Propagation Techniques

Exploiting weak credentials and remote desktop protocol (RDP).

Using network shares and USB devices for lateral movement.

Leveraging zero-day vulnerabilities.

Impact of Malware and Ransomware

Malware Detection Techniques

Signature-based detection: Antivirus and antimalware tools.

Behavior-based detection: Identifying suspicious activities.

Machine learning and AI-driven threat detection.

Indicators of compromise (IoCs) and threat hunting.

Prevention and Mitigation Strategies

Regular patching and software updates.

Deploying advanced endpoint detection and response (EDR) solutions.

Email filtering and anti-phishing measures.

Network segmentation and firewall policies.

Incident Response to Ransomware Attacks

Identifying and isolating infected systems.

Engaging incident response teams and cybersecurity experts.

Deciding on ransom payment: Risks and ethical considerations.

Forensic analysis and lessons learned.

Hands-on Lab 22: Infect the Target System Using a Virus

Hands-on Lab 23: Find The Portable Executable (PE) Information of a Malware Executable File Using PE Explorer

5. Vulnerability Analysis

Vulnerability Management Framework

Vulnerability Assessment

Vulnerability Identification

Vulnerability Management Policy

Hands-on Lab 24: Perform Vulnerability Scanning using Nessus

Hands-on Lab 25: Perform Network Vulnerability Scanning using OpenVAS

Hands-on Lab 26: Perform Web Application Vulnerability Scanning with OWASP Zap

6. Endpoint Detection and Response (EDR)

Key Features of EDR

Real-Time Threat Detection

Threat Investigation

Threat Response

Behavioral Analysis

Threat Hunting

Integration with Threat Intelligence

Components of EDR

Agents

Centralized Management Console

Threat Database

Cloud and On-Premises Deployment Options

Lab 27: Installing and configuring an EDR agent on Windows or Linux endpoints.

7. Security Policy

Types of Security Policies

Acceptable Use Policy (AUP): Governs proper use of organizational assets like computers, email, and internet.

Access Control Policy: Specifies user authentication, authorization, and privileges.

Data Protection Policy: Addresses the handling, storage, and transmission of sensitive data.

Incident Response Policy: Outlines procedures for detecting, reporting, and mitigating security incidents.

Bring Your Own Device (BYOD) Policy: Defines rules for using personal devices within the organization's network.

Types of Security Policies

Key Elements of a Security Policy

Scope: Defines the boundaries and areas covered (e.g., networks, devices, personnel).

Roles and Responsibilities: Specifies who is accountable for implementation, monitoring, and compliance.

Risk Management Framework: Identifies potential threats and mitigation strategies.

Incident Reporting: Procedures for identifying and reporting security events.

Enforcement and Compliance: Measures to ensure adherence, including disciplinary actions.

8. Security Incident and Event Management (SIEM)

What is SIEM

What is Difference between SIEM, MDR, and XDR

What does the SIEM workflow look like?

Setting up and managing SIEM

Benefits of setting up and managing SIEM

Deploying a SIEM system for use

SIEM data collection methods and considerations

Key considerations for data collection in SIEM

Security Log Analysis and Management

Types of logs: system logs, application logs, network logs, and security logs.

Common log sources: firewalls, intrusion detection systems (IDS), antivirus software, and operating systems.

Log Collection and Centralization

Tools and methods for collecting logs (e.g., Syslog, Windows Event Forwarding).

Centralized log management systems like SIEM and log aggregators.

Setting up secure log transport protocols (e.g., TLS, SSH).

Log Storage and Retention

Designing log storage solutions for scalability and accessibility.

Log retention policies based on compliance requirements (e.g., GDPR, HIPAA).

Best practices for managing storage costs and performance.

Log Analysis Techniques

Parsing and normalizing logs for consistency.

Correlation of logs from multiple sources to detect complex events.

Identifying anomalies using pattern recognition and machine learning.

Tools for analysis: Splunk, Elastic Stack, Graylog.

Threat Detection and Incident Response

Using logs to identify security incidents such as unauthorized access, malware activity, and insider threats.

Real-time alerting and notification setup for critical events.

Conducting forensic analysis using historical logs.

Log Security and Integrity

Ensuring the security of log data to prevent tampering.

Implementing access controls and encryption for log files.

Regular log auditing to ensure compliance and integrity.

Advanced Log Management Practices

Automating log analysis using machine learning and AI.

Implementing use case-driven log monitoring tailored to specific threats.

Continuous improvement of logging strategies based on feedback and threat evolution.

9. Network Security

The defense-in-depth approach

Infrastructure and services

Documents in transit

Endpoints

Microsegmentation

Physical network segmentation

Discovering your network with a network mapping tool

Securing remote access to the network

Site-to-site VPN

Virtual network segmentation

Zero trust network

Planning zero trust network adoption

Hybrid cloud network security

Cloud network visibility

10. Incident Response Process

The incident response process

Reasons to have an IR process in place

Creating an incident response process

Incident response team

Incident life cycle

Handling an incident

Incident handling checklist

Post-incident activity

Considerations for incident response in the cloud

11. Cloud Security and Resilience (Blue Team Focus)

Cloud Infrastructure Security Fundamental

Identity and Access management (IAM) for Cloud Services

Data Protection and Encryption in the Cloud

Cloud Specific Threats and Attack Vectors

Cloud Security Best Practices and Frameworks

Cloud Security Monitoring Tools and Strategies

Securing Serverless Architectures and Containers

Securing Cloud Applications and APIs

Cloud Network Security and Monitoring

Cloud Compliance and Audit Considerations

Incident Response in a Cloud Environment

Multi-Cloud and Hybrid Cloud Security Strategies

12. Introduction to Cryptography

Definition and importance of cryptography in securing communication and data.

Historical context: Classical cryptography (e.g., Caesar cipher, Enigma machine).

Modern cryptography: Its role in securing digital environments.

Types of Cryptography

Symmetric Cryptography

Single key for encryption and decryption.

Examples: AES (Advanced Encryption Standard), DES (Data Encryption Standard).

Use cases: Securing data at rest and in transit.

 Asymmetric Cryptography:

Public and private key pairs for encryption and decryption.

Examples: RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptography).

Use cases: Secure key exchange, digital signatures.

Hash Functions

One-way cryptographic functions for data integrity.

Examples: SHA-256, MD5, HMAC (Hash-based Message Authentication Code).

Use cases: Data verification, digital fingerprinting.

Key Management

Generating, distributing, and securely storing cryptographic keys.

Best practices for key rotation and expiration.

Introduction to hardware security modules (HSMs) for key management.

Cryptographic Protocols

Overview of protocols using cryptography

TLS/SSL: Secure communication over the internet.

IPsec: Encrypting network traffic for VPNs.

PGP: Securing emails with encryption and digital signatures.

Role of cryptographic protocols in modern network security.

Public Key Infrastructure (PKI)

Components of PKI: Certificate authorities (CA), digital certificates, and certificate revocation lists (CRL).

Implementing PKI for authentication and trust management.

Practical use cases: Securing websites, email encryption, and digital signatures.

Cryptanalysis and Vulnerabilities

Common cryptographic vulnerabilities: Weak keys, poor implementations, and outdated algorithms.

Types of cryptanalytic attacks: Brute force, side-channel, and chosen-plaintext attacks.

How to mitigate risks through algorithm selection and secure configurations.

13. Introduction to Zero Trust

Definition: A security model based on the principle of "never trust, always verify."

Purpose: To minimize the risk of unauthorized access and lateral movement in a network.

Evolution: Transition from traditional perimeter-based security to a user, device, and resource-centric approach.

 Core Principles of Zero Trust

Verify Explicitly

Use Least Privilege Access

Assume Breach

Zero Trust Architecture (ZTA)

Key components

Identity and access management (IAM).

Multi-factor authentication (MFA).

Device security and health monitoring.

Micro-segmentation for network isolation.

Real-time threat intelligence and analytics.

Implementation: Integrating Zero Trust into existing security frameworks.

Zero Trust Network Access (ZTNA)

Replacing traditional VPNs for secure remote access.

Context-aware access to applications based on identity and device posture.

Role in reducing exposure of internal resources to potential attackers.

14.  Web Application Security

Introduction to Web Application Security

Definition: Protecting web applications from vulnerabilities and cyber threats that target the application, its users, and the underlying infrastructure.

Importance: Ensures data integrity, user privacy, and compliance with legal and regulatory requirements.

Common Web Application Vulnerabilities

SQL Injection (SQLi): Exploiting improper input validation to manipulate databases.

Cross-Site Scripting (XSS): Injecting malicious scripts to steal user data or hijack sessions.

Cross-Site Request Forgery (CSRF): Forcing users to perform unintended actions while authenticated.

Broken Authentication: Exploiting weak session management or credential storage.

Insecure Direct Object References (IDOR): Accessing unauthorized data through predictable URLs or object references.

Server-Side Request Forgery (SSRF): Forcing servers to make unauthorized requests to other servers.

Best Practices for Web Application Security

OWASP Top 10 and Compliance

15. Fortigate Firewall Initial and Advanced Configuration

Firewall Policies

Network Address Translation (NAT)

Firewall Authentication

Logging and Monitoring

Web Filtering

Application Control

Antivirus

Intrusion Prevention and Denial of Service

SSL VPN

Configuring Fortigate Firewall

Configuring Internetworking Layer 3 VLAN

Configure Link Aggregation

Configure Internet Connection

Configure WAN Interconnection

Configure IPSec VPN Connection

Configure SSL VPN Connection

ท่านสามารถสอบถามเพิ่มเติมได้ที่ T. 081-6676981, 089-7767190,

02-2740864, 02-2740867

Email: This email address is being protected from spambots. You need JavaScript enabled to view it. , This email address is being protected from spambots. You need JavaScript enabled to view it. 

 Facebook.com/cyberthai        Line ID : cyberthai