Additional Information

Additional Information
  • Home

Account Navigation

Account Navigation

Currency - All prices are in AUD

Currency - All prices are in AUD
 Loading... Please wait...
  • Call us on 877-SOLARTECH
  • My Account
Solartech

CIHE - Incident Handling Engineer

$3,000.00

CIHE - Incident Handling Engineer

$3,000.00
Quantity:
Share

Product Description

COURSE OVERVIEW

The Certified Incident Handling Engineer 5 day course is designed to help incident handlers, system administrators, and general security engineers understand how to plan, create, and utilize their systems in order to prevent, detect, and respond to security breaches. Every business connected to the internet is getting probed by hackers trying to gain access. The ideal situation I to prevent this from happening, but realistically every business needs to know how to detect and resolve security breaches. Certified Incident Handlers are prepared to do handle these situations effectively.

Students will learn common attack techniques, vectors, and tools used by hackers, so that they can effectively prevent, detect, and respond against them. This course is ideal for those who lead incident handling teams or are part of an incident handling team.

Furthermore, students will enjoy numerous hands-on laboratory exercises that focus on topics, such as reconnaissance, vulnerability assessments using Nessus, network sniffing, web application manipulation, malware and using Netcat plus several additional scenarios for both Windows and Linux systems. The 20 hours of experience in our labs is what will put you ahead of the competition and set you apart as a leader in incident handling.

UPON COMPLETION

Students will:

• Have knowledge to detect security threats, risk, and weaknesses.
• Have knowledge to plan for prevention, detection, and responses to security breaches.
• Have knowledge to accurately report on their findings from examinations.
• Be ready to sit for the C)IHE Certification Exam

PREREQUISITES

C)SS: Security Sentinel
C)ISSO: Information Systems Security Officer
• OR Equivalent Experience

PROFESSIONAL ROLES

System Administrators
Security Consultants
IT Departments
Incident Handlers

COURSE CONTENT

Module 1 - Introduction

  • Introduction
  • Courseware Materials
  • Who is this class for?
  • What is the purpose of this course?
  • What information will be covered?
  • The Exam
  • What is Incident Handling?
  • What is a security event?
  • Common Security Events of Interest
  • What is a security incident?
  • Why Incident Response?
  • Common Goals of Incident Response Management
  • What is an incident response plan?
  • When does the plan get initiated?
  • Six Step Approach to Incident Handling
  • Course Details

Module 2: Threats, Vulnerabilities and Exploits

  • Overview
  • Malware
  • Botnets:
  • Attacks: IP Spoofing
  • CM: Ingress Filtering
  • ARP Cache Poisoning
  • ARP Normal Operation
  • ARP Cache Poisoning
  • ARP Cache Poisoning (Linux)
  • Countermeasures
  • What is DNS spoofing?
  • Tools: DNS Spoofing
  • Session Hijacking
  • Session Hijacking
  • 4 Methods continued
  • Methods to Prevent Session Hijacking
  • Buffer Overflows
  • Buffer Overflow Definition
  • Evading The Firewall and IDS
  • Evasive Techniques
  • Firewall – Normal Operation
  • Evasive Technique -Example
  • Attack: Phishing
  • Social Engineering
  • SET
  • SET
  • Attack: Denial of Service
  • Attack: Insider Threat
  • Wireless Attacks
  • Software Attacks
  • Vulnerability Assessment
  • Penetration Testing
  • Exploitation
  • Review

Module 3: Preparation

  • Overview
  • Senior Management Support
  • Policies and Procedures
  • The Team
  • Identify Incident Response Team
  • Roles of the Incident Response Team
  • IRT Team Makeup
  • Team Organization
  • Incident Communication
  • Incident Reporting
  • Incident Response Training and Awareness
  • Underlining Technologies
  • Anti-virus
  • Virus Total
  • Demo
  • SEIM
  • User Identity
  • Ticketing System
  • Instructor Demo
  • RTIR Features and Demo
  • Digital Forensics
  • eDiscovery
  • Data Backup and Recovery
  • Underlining Technologies
  • Technical Baselines

Module 4: RTIR

  • Overview
  • What is Request Tracker?
  • RT Cake
  • Why Use Request Tracker?
  • Who Uses Request Tracker?
  • RT Components
  • Tickets
  • Queues
  • What is RTIR?
  • RTIR Components
  • RTIR Workflow
  • File an Incident Report
  • Create an Incident
  • Launch an Investigation
  • Initiating a Block
  • RTFM

Module 5: Preliminary Response

  • Overview
  • Responder Toolkit
  • Responder’s System
  • What to look for
  • Attention
  • Volatility
  • First things first
  • Windows Log Events
  • Windows Log Events
  • Windows Services
  • Windows Network Usage
  • Windows Network Usage
  • Windows Scheduled Tasks
  • Windows Accounts
  • Windows Tools
  • Linux Log Events
  • Linux Log Events
  • Linux Processes
  • Linux Network Usage
  • Linux Scheduled Tasks
  • Linux Accounts
  • Linux Files
  • Linux Files
  • Linux Tools
  • Review

Module 6: Identification and Initial Response

  • Goal
  • Challenges
  • Categorize Incidents
  • Incident Signs
  • Three Basic Steps
  • Receive
  • Examples of Electronic Signs
  • Examples of Human Signs
  • Analyze
  • Analysis
  • Incident Documentation
  • Incident Prioritization
  • Incident Notification

Module 7: Sysinternals

  • Overview
  • Introduction
  • Where to get them
  • Process Explorer
  • Procexp Features
  • Process Monitor
  • Promon Filtering engine
  • Autoruns
  • PsTools
  • Psexec
  • Disk Utilities
  • Disk Monitor
  • Diskview
  • Security Utilities
  • Sigcheck
  • TCPView

Module 8: Containment

  • Overview
  • Containment
  • Goals
  • Delaying Containment
  • Choosing a Containment Strategy
  • On-site Response
  • Secure the Area
  • Conduct Research
  • Procedures for Containment
  • Make Recommendations
  • Establish Intervals
  • Capture Digital Evidence
  • Change Passwords

Module 9: Eradication

  • Overview
  • Eradication
  • Goals
  • Procedures for Eradication

Module 10: Follow-up

  • Overview
  • Follow-up
  • Goals
  • Procedures of Follow-up

Module 11: Incident-handling recovery

  • Overview
  • Recovery
  • Goals
  • Procedure for Recovery

Module 12: Virtual Machine Security

  • Virtualization Components
  • Virtualization Attacks
  • Identifying VMs

Module 13: Malware Incident Response

  • Agenda
  • History of Malware
  • Computer Viruses
  • Compiled Viruses
  • Interpreted Viruses
  • Computer Worms
  • Trojans
  • Backdoors
  • Instructor Demo
  • Executable Wrappers
  • Instructor Demo
  • Rootkits
  • Instructor Demo
  • Mobile Code
  • Blended Attacks
  • Cookies
  • Browser Plug-ins
  • E-mail Generators
  • Key Loggers
  • Instructor Demo
  • Review
  • Agenda
  • The Policy
  • Policy Considerations
  • User Awareness
  • Instructor Demo
  • Vulnerability Vs. Threat Mitigation
  • Patch Management
  • Account Security
  • Host Hardening
  • Host Hardening - Examples
  • Anti-virus Software
  • Instructor Demo
  • Spyware Detection and Removal
  • Intrusion Prevention Systems
  • Firewall and Routers
  • Application Security Settings
  • Instructor Demo
  • Review
  • Agenda
  • The Decision Flow
  • Confirm the Infection
  • Determine Course of Action Decision Flow
  • Clean the System Decision Flow
  • Attempt to Clean the System
  • Clean the System
  • Attempt to Restore System State
  • Rebuild the System Decision Flow
  • Rebuild the System
  • Conduct a Post-Attack Review
  • Review

Product Reviews

Find Similar Products by Category