Students play the role of a network security administrator of an enterprise. They are told that a host on the Internet has been persistently scanning their network.
They will use an Incident Response Rack with intrusion detection systems and log analysis tools to determine:
- The service being targeted by the attacker.
- If the attackers succeeds in finding and exploiting a vulnerability in this service.
Finally, they must block the attacker from the network.
After the attack is blocked, students will learn to exploit the vulnerability in the service.
Prerequisites
- Configure a pfSense firewall and router.
- Create Suricata IDS alerts.
- Analyze information displayed on a Kibana dashboard.
Expected Duration
2 hours, self-paced. Pause and continue at any time.
2 CPEs awarded on successful completion.
