This lab will introduce basic network protocol concepts, specifically TCP/IP. You will explore some resources available that include the process and practice of how to understand network protocols, and will use some basic tools to create and examine TCP connections.
Prerequisites
You should have some familiarity with the Unix command line.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
In this lab, you will configure routes to and from a DMZ system, then configure an IPtables-based firewall to provide access to selected services from the DMZ, analyzing the attack surface as you go.
Prerequisites
You should have some familiarity with the Unix command line, as well as some basic networking concepts
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
In the first part of this four-part lab, you will be examining actual network traffic, identifying normal and abnormal behavior within network packet captures, and you will see how specific protocol fields are expressed on the wire.
Prerequisites
You should have some familiarity with the Unix command line, as well as some basic networking concepts.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
In part two of this four-part lab, you will learn about the different headers for common network protocols and the composition of those headers. You will practice determining at what offset a specific piece of data will be located, and how to view that data.
Prerequisites
You should have already completed Protocol Analysis I
You should have some familiarity with the Unix command line, as well as some basic networking concepts.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
In part three of this four-part lab, you will learn a process and methodology for examining packets from a network connection. You will also practice the reconstruction of sessions and streams from packet data. The methods used to extract data from an encrypted SSL or TLS connection will be explored, as well as what a normal vs abnormal TCP packet looks like.
Prerequisites
You should have already completed Protocol Analysis I and Protocol Analysis II
You should have some familiarity with the Unix command line, as well as some basic networking concepts.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
In the last part of this four-part lab, you will perform packet analysis at the lowest level, and learn how to read what is truly taking place in a network connection. You'll practice the process of using filters and tools to extract data from connections using low-level offsets. Ettercap and EtherApe tools will be used to assist in the network analysis learning process. Finally, you will extract passwords and authentication data.
Prerequisites
You should have already completed Protocol Analysis I, Protocol Analysis II, and Protocol Analysis III
You should have some familiarity with the Unix command line, as well as some basic networking concepts.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
In this lab, you will explore some of the advanced features of Wireshark, including its conversation extraction, file extraction, and data decoding capabilities. Additionally, you will explore the ability to use the command line with Wireshark.
Prerequisites
You should have some familiarity with the Unix command line, as well as some basic networking concepts.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
In this lab, you will learn how to "play back" network capture files using tcpreplay and some GUI tools. The art and technique of crafting packets will be examined, and you will learn how to create a crafted packet to see how a network or target will respond.
Prerequisites
You should have some familiarity with the Unix command line, as well as some basic networking concepts.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
Students will learn how to configure an Intrusion Detection System (IDS) to examine traffic to/from a firewall. The popular Snort® IDS will be used in this exercise. The exercise will include both harmless background traffic and potentially-malicious traffic to be detected by Snort.
Prerequisites
Basic networking concepts (TCP/IP, DNS, etc.) and familiarity with the Unix/Linux command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Intrusion Detection and Prevention Lab Package
- Secure Network Setup Package
- Cyber Defense Analyst 1
- System Administrator 1
- Cyber Defense Incident Responder
- Cyber Defense Infrastructure Support Specialist 1
Students will learn how to deploy, configure and customize a Zeek Network Intrusion Detection System (NIDS). They will customize Zeek to generate enterprise specific logs and to send email notifications of events of interest. They will also create a simple Zeek plugin, using the Zeek scripting language, to detect and block brute force SSH login attempts.
Prerequisites
Basic networking concepts (TCP/IP, DNS, etc.) and familiarity with the Unix/Linux command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Secure Network Setup Package
- Introduction to Cybersecurity Lab Package
- Introduction to Network Security Lab Package
- Intrusion Detection and Prevention Lab Package
- Cyber Defense Analyst 2
- System Administrator 2
- Cyber Defense Incident Responder
- Cyber Defense Infrastructure Support Specialist 2
In this lab, you will learn how to configure a firewall to minimize the attack surface of a network, as well as allow access to services in a DMZ network.
Prerequisites
You should have some familiarity with the Unix command line, as well as some basic networking concepts.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
Students will configure a network firewall using the VyOS router appliance, which mimics physical router hardware. The exercise will include both ingress and egress filtering, stateful packet inspection, and best practices. Students will set up a partitioned network and a DMZ area to isolate specific enterprise services, such as an e-mail server. Evaluation will include network probes from both inside and outside the firewall to ensure proper rules are configured.
Prerequisites
Basic network routing concepts (firewalls, subnets, etc.) as well as basic networking concepts (TCP/IP, DNS, etc.). Students must also be comfortable working in command-line environments.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Secure Network Setup Package
- Target Developer 2
- Systems Security Analyst 2
- System Administrator 2
- Cyber Defense Infrastructure Support Specialist 2
Students will configure a network firewall using the standard Linux IPtables module. The exercise will include both ingress and egress filtering, stateful packet inspection, and best practices. More advanced techniques such as port knocking will also be introduced. Evaluation will include network probes from both inside and outside the firewall to ensure proper rules are configured.
Prerequisites
Basic network routing concepts (firewalls, subnets, etc.) as well as basic networking concepts (TCP/IP, DNS, etc.). Students should also be comfortable with the Linux/Unix command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Essential Tools for Network Engineering
- Secure Network Setup Package
- Cyber Defense Analyst 1
- Cyber Operator 1
- Target Developer 1
- Systems Security Analyst 1
- System Administrator 1
- Authorizing Official/Designating Representative
- Cyber Defense Infrastructure Support Specialist 1
Students will learn to secure and configure the widely used, open-source pfSense firewall. They will learn to create firewall rules, the order in which rules are applied, how pfSense aliases can be used to simplify the pfSense rule set, and how to secure pfSense itself. They will also learn to view statistics and logs collected by pfSense.
Prerequisites
Basic network routing concepts (firewalls, subnets, etc.) as well as basic networking concepts (TCP/IP, DNS, etc.). Students should also be comfortable with the Linux/Unix command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Secure Network Setup Package
- Introduction to Cybersecurity Lab Package
- Introduction to Network Security Lab Package
- Intrusion Detection and Prevention Lab Package
- Cyber Defense Analyst 2
- Cyber Operator 2
- Target Developer 2
- Systems Security Analyst 2
- System Administrator 2
- Authorizing Official/Designating Representative
- Cyber Defense Infrastructure Support Specialist 2
In this lab, you will configure a pfSense firewall appliance, including RFC 1918 and bogon settings. You will configure a service through the firewall, forwarding traffic to a DMZ network, then examine the resulting attack surface from that service and from the firewall itself.
Prerequisites
You should have some familiarity with the Unix command line, as well as some basic networking concepts
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
In this lab, you will perform basic configuration of an IPtables-based firewall to have a DMZ network, including a honeypot or decoy system. You will also explore some time-based rules and blockhole routes.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
In this lab, you will configure a pfSense firewall to block all external network access on weekends from computers on an internal network.
Prerequisites
You should have some familiarity with the Unix command line, as well as some basic networking concepts.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
In this lab, you will learn how to configure DNS servers using the ubiquitous Berkeley Internet Name Daemon (BIND) server. You will set up both a primary and secondary server, then add a vital security layer with DNSSEC.
Prerequisites
You should have some familiarity with the Unix command line, as well as some basic networking concepts.
Expected Duration
0.5 hours, self-paced. Pause and continue at any time.
0.5 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
Hackers shouldn’t be able to explore your internal network. To make sure they do not, you need to learn about split horizon DNS configuration. And it might help to know something about BIND, probably the most used DNS software on the internet.
In this lab, students will configure a split-horizon DNS infrastructure that consists of two DNS servers: An External DNS server and an Internal DNS server. The External DNS lives in the organization's DMZ network; it is used by external hosts to resolve names of servers in the DMZ. The Internal DNS lives in the organization's internal network and is reachable only by hosts on the internal network. It resolves names of hosts on the internal network.
The lab uses BIND, the most popular DNS server in use today.
Prerequisites
Basic network routing concepts (firewalls, subnets, etc.) as well as basic networking concepts (TCP/IP, DNS, etc.). Students should also be comfortable with the Unix/Linux command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Essential Tools for Network Engineering
- Secure Network Setup Package
- Introduction to Network Security Lab Package
- Intrusion Detection and Prevention Lab Package
- Vulnerability Assessment Analyst 1
- Systems Security Analyst 2
- System Administrator 2
- Security Architect
- Authorizing Official/Designating Representative
- Cyber Defense Infrastructure Support Specialist 2
Students will learn to configure and set up an OpenVPN server. OpenVPN is an open-source Virtual Private Network (VPN) solution. VPNs extend a private network over a public network, allowing users to send and receive data the public networks as if they are directly connected to the private network.
Students will learn to set up a Certificate Authority to create the keys and certificates needed to (1) authenticate users (VPN clients) and the VPN server and, (2) encrypt communication between the two. They will also learn how to revoke client certificates when needed.
Prerequisites
Basic knowledge of public key infrastructures and certificates, and familiarity with the Unix/Linux command line.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 1: CYRIN Enterprise Instructional Labs
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Essential Tools for Network Engineering
- Secure Network Setup Package
- Introduction to Network Security Lab Package
- Intrusion Detection and Prevention Lab Package
- System Administrator 2
- Security Architect
- Cyber Defense Infrastructure Support Specialist 2
In this exercise students must configure the firewalls and routers of an enterprise network in accordance with the security policies of the organization. The computers and network devices in the network have been physically connected but the firewalls and routers have not been configured. You must configure these firewalls and routers to implement policies related to how traffic to/from the Internet and traffic between the different subnets is handled. This exercise is brought to you by the Rochester Institute of Technology-Global Cybersecurity Institute.
This exercise uses pfSense, an open-source firewall and router that is used by thousands of enterprises and officially supported by Netgate. Students must be familiar with the pfSense console and web interfaces. Those not familiar with pfSense are encouraged to complete the CYRIN Firewall Configuration with pfSense lab before attempting this exercise.
Prerequisites
Basic networking concepts including IP routing, Network Address Translation (NAT), basics of network firewalls, and familiarity with pfSense.
If you are not familiar with pfSense and its configuration, complete the CYRIN Firewall Configuration with pfSense lab before attempting this exercise.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
Availability
Included if you are a subscriber to any of the following training packages:
- Level 2: Attack/Defense/IR Exercises and Instructional Labs
- Level 3: Attack Scenarios, Attack/Defense/IR Exercises, and Instructional Labs
- Attack, Defense, and System Administration Exercises Package
- System Administrator 2
- Security Architect
- Secure Network Setup Package
