Setting up your network securely is the first step in preventing attacks and misuse of your resources.

The labs in this category help you gain experience with common network security practices, intrusion detection systems, and firewall policies. You will gain exposure to multiple tools in order to apply your existing knowledge—seeing how specific tools implement best practices and principles. Even if your particular network uses different software packages, the principles and procedures honed here will apply equally in your configuration.

The labs in this category assume general knowledge of TCP/IP networking and network setup principles.

Questions about which lab is right for you? Contact cyrin@atcorp.com.

### Introductory IDS Configuration with Snort

Students will learn how to configure an Intrusion Detection System (IDS) to examine traffic to/from a firewall. The popular Snort® IDS will be used in this exercise. The exercise will include both harmless background traffic and potentially-malicious traffic to be detected by Snort.

##### Prerequisites
• Familiarity with the Unix/Linux command line
• Basic networking concepts (TCP/IP, DNS, etc.)
##### Expected Duration

4 hours, self-paced. Pause and continue at any time.

4 CPEs awarded on successful completion.

$79 for 6 months of access. This lab is also available as part of the CYRIN Secure Network Setup Package as well as the CYRIN Cyber Range All Access Package. ### SSH Server Configuration Students learn the proper setup of the OpenSSH remote administration tool, including security-relevant settings. During the exercise, students will learn best practices such as host filtering, public-key or Kerberos authentication, and PAM integration. ##### Prerequisites • Familiarity with the Unix/Linux command line • Basic networking concepts (TCP/IP, DNS, etc.) ##### Expected Duration 4 hours, self-paced. Pause and continue at any time. 4 CPEs awarded on successful completion. ##### Cost$79 for 6 months of access.

This lab is also available as part of the CYRIN Secure Network Setup Package as well as the CYRIN Cyber Range All Access Package.

### Simple Log Analysis and Response

Students will analyze audit log data from the standard Unix syslog system using common, open-source tools. Security tools such as fail2ban will be introduced. The exercise will conclude with a simulated brute-force attack against network services in order to demonstrate how log analysis performs in the real world.

##### Prerequisites
• Familiarity with the Unix/Linux command line
• Basic networking concepts (TCP/IP, DNS, etc.)
##### Expected Duration

4 hours, self-paced. Pause and continue at any time.

4 CPEs awarded on successful completion.

##### Cost

Coming very soon... check back in a few days!

### Firewall Configuration with VyOS

Students will configure a network firewall using the VyOS router appliance, which mimics physical router hardware. The exercise will include both ingress and egress filtering, stateful packet inspection, and best practices. Students will set up a partitioned network and a DMZ area to isolate specific enterprise services, such as an e-mail server. Evaluation will include network probes from both inside and outside the firewall to ensure proper rules are configured.

##### Prerequisites
• Comfort working with command-line environments
• Basic networking concepts (TCP/IP, DNS, etc.)
• Basic network routing concepts (firewalls, subnets, etc.)
##### Expected Duration

4 hours, self-paced. Pause and continue at any time.

4 CPEs awarded on successful completion.

$79 for 6 months of access. This lab is also available as part of the CYRIN Secure Network Setup Package as well as the CYRIN Cyber Range All Access Package. ### Firewall Configuration with IPtables Students will configure a network firewall using the standard Linux iptables module. The exercise will include both ingress and egress filtering, stateful packet inspection, and best practices. More advanced techniques such as port knocking will also be introduced. Evaluation will include network probes from both inside and outside the firewall to ensure proper rules are configured. ##### Prerequisites • Familiarity with the Unix/Linux command line • Basic networking concepts (TCP/IP, DNS, etc.) • Basic network routing concepts (firewalls, subnets, etc.) ##### Expected Duration 4 hours, self-paced. Pause and continue at any time. 4 CPEs awarded on successful completion. ##### Cost$79 for 6 months of access.

This lab is also available as part of the CYRIN Secure Network Setup Package as well as the CYRIN Cyber Range All Access Package.