CCNA Cybersecurity Operations Lab Manual
- By Cisco Networking Academy
- Published Mar 30, 2018 by Cisco Press. Part of the Lab Companion series.
Features
- The only authorized Lab Manual for the Cisco Networking Academy CCNA Operations course
- Enables students to easily highlight, take notes, and study offline
- Links directly to Cisco Networking Academy's online curriculum
- Copyright 2018
- Dimensions: 8-1/2" x 10-7/8"
- Pages: 400
- Edition: 1st
- Book
- ISBN-10: 1-58713-438-1
- ISBN-13: 978-1-58713-438-8
The only authorized Lab Manual for the Cisco Networking Academy CCNA Cybersecurity Operations course Curriculum Objectives
CCNA Cybersecurity Operations 1.0 covers knowledge and skills needed to successfully handle the tasks, duties, and responsibilities of an associate-level Security Analyst working in a Security Operations Center (SOC).
Upon completion of the CCNA Cybersecurity Operations 1.0 course, students will be able to perform the following tasks:
- Install virtual machines to create a safe environment for implementing and analyzing cybersecurity threat events.
- Explain the role of the Cybersecurity Operations Analyst in the enterprise.
- Explain the Windows Operating System features and characteristics needed to support cybersecurity analyses.
- Explain the features and characteristics of the Linux Operating System.
- Analyze the operation of network protocols and services.
- Explain the operation of the network infrastructure.
- Classify the various types of network attacks.
- Use network monitoring tools to identify attacks against network protocols and services.
- Use various methods to prevent malicious access to computer networks, hosts, and data.
- Explain the impacts of cryptography on network security monitoring.
- Explain how to investigate endpoint vulnerabilities and attacks.
- Analyze network intrusion data to verify potential exploits.
- Apply incident response models to manage network security incidents.
Table of Contents
Chapter 1 Cybersecurity and the Security Operations Center 1
1.0.1.2 Class Activity—Top Hacker Shows Us How It is Done 1
Objectives 1
Background/Scenario 1
Required Resources 1
1.1.1.4 Lab—Installing the CyberOps Workstation Virtual Machine 3
Objectives 3
Background/Scenario 3
Required Resources 3
Part 1: Prepare a Host Computer for Virtualization 3
Part 2: Import the Virtual Machine into the VirtualBox Inventory 4
Reflection 6
1.1.1.5 Lab—Cybersecurity Case Studies 7
Objectives 7
Background/Scenario 7
Required Resources 7
1.1.2.6 Lab—Learning the Details of Attacks 9
Objectives 9
Background/Scenario 9
Required Resources 9
Conduct a Search of IoT Application Vulnerabilities 9
1.1.3.4 Lab—Visualizing the Black Hats 11
Objectives 11
Background/Scenario 11
Required Resources 11
1.2.2.5 Lab—Becoming a Defender 14
Objectives 14
Background/Scenario 14
Required Resources 14
Chapter 2 Windows Operating System 17
2.0.1.2 Class Activity—Identify Running Processes 17
Objectives 17
Background/Scenario 17
Required Resources 17
2.1.2.10 Lab—Exploring Processes, Threads, Handles, and Windows Registry 20
Objectives 20
Required Resources 20
Part 1: Exploring Processes 20
Part 2: Exploring Threads and Handles 23
Part 3: Exploring Windows Registry 25
2.2.1.10 Lab—Create User Accounts 28
Objectives 28
Required Resources 28
Part 1: Creating a New Local User Account 28
Part 2: Reviewing User Account Properties 33
Part 3: Modifying Local User Accounts 34
Reflection 36
2.2.1.11 Lab—Using Windows PowerShell 37
Objectives 37
Background/Scenario 37
Required Resources 37
Reflection 42
2.2.1.12 Lab—Windows Task Manager 43
Objectives 43
Background/Scenario 43
Required Resources 43
Part 1: Working in the Processes Tab 43
Part 2: Working in the Services Tab 47
Part 3: Working in the Performance Tab 48
Reflection 51
2.2.1.13 Lab—Monitor and Manage System Resources in Windows 52
Objectives 52
Recommended Equipment 52
Part 1: Starting and Stopping the Routing and Remote Access Service 52
Part 2: Working in the Computer Management Utility 59
Part 3: Configuring Administrative Tools 61
Chapter 3 Linux Operating System 71
3.1.2.6 Lab—Working with Text Files in the CLI 71
Objectives 71
Required Resources 71
Part 1: Graphical Text Editors 71
Part 2: Command Line Text Editors 72
Part 3: Working with Configuration Files 74
Reflection 81
3.1.2.7 Lab—Getting Familiar with the Linux Shell 82
Introduction 82
Recommended Equipment 82
Part 1: Shell Basics 82
Part 2: Copying, Deleting, and Moving Files 87
Reflection 89
3.1.3.4 Lab—Linux Servers 90
Introduction 90
Recommended Equipment 90
Part 1: Servers 90
Part 2: Using Telnet to Test TCP Services 94
Reflection 96
3.2.1.4 Lab—Locating Log Files 97
Introduction 97
Required Resources 97
Part 1: Log File Overview 97
Part 2: Locating Log Files in Unknown Systems 99
Part 3: Monitoring Log Files in Real Time 104
Reflection 113
3.2.2.4 Lab—Navigating the Linux Filesystem and Permission Settings 114
Objectives 114
Required Resources 114
Part 1: Exploring Filesystems in Linux 114
Part 2: File Permissions 117
Part 3: Symbolic Links and other Special File Types 120
Reflection 123
Chapter 4 Network Protocols and Services 125
4.1.1.7 Lab—Tracing a Route 125
Objectives 125
Background 125
Scenario 125
Required Resources 126
Part 1: Verifying Network Connectivity Using Ping 126
Part 2: Tracing a Route to a Remote Server Using Traceroute 126
Part 3: Trace a Route to a Remote Server Using Web-Based Traceroute
Tool 127
Reflection 128
4.1.2.10 Lab—Introduction to Wireshark 129
Mininet Topology 129
Objectives 129
Background/Scenario 129
Required Resources 130
Part 1: Install and Verify the Mininet Topology 130
Part 2: Capture and Analyze ICMP Data in Wireshark 131
4.4.2.8 Lab—Using Wireshark to Examine Ethernet Frames 136
Mininet Topology 136
Objectives 136
Background/Scenario 136
Required Resources 137
Part 1: Examine the Header Fields in an Ethernet II Frame 137
Part 2: Use Wireshark to Capture and Analyze Ethernet Frames 139
Reflection 142
4.5.2.4 Lab—Using Wireshark to Observe the TCP 3-Way Handshake 143
Mininet Topology 143
Objectives 143
Background/Scenario 143
Required Resources 143
Part 1: Prepare the Hosts to Capture the Traffic 144
Part 2: Analyze the Packets Using Wireshark 144
Part 3: View the Packets Using tcpdump 147
Reflection 148
4.5.2.10 Lab—Exploring Nmap 149
Topology 149
Objectives 149
Background/Scenario 149
Required Resources 149
Part 1: Exploring Nmap 149
Part 2: Scanning for Open Ports 152
Reflection 155
4.6.2.7 Lab—Using Wireshark to Examine a UDP DNS Capture 156
Topology 156
Objectives 156
Background/Scenario 156
Required Resources 156
Part 1: Record VM’s IP Configuration Information 156
Part 2: Use Wireshark to Capture DNS Queries and Responses 157
Part 3: Analyze Captured DNS or UDP Packets 158
Reflection 162
4.6.4.3 Lab—Using Wireshark to Examine TCP and UDP Captures 163
Topology — Part 1 (FTP) 163
Mininet Topology — Part 2 (TFTP) 163
Objectives 164
Background/Scenario 164
Required Resources 164
Part 1: Identify TCP Header Fields and Operation Using a Wireshark FTP
Session Capture 164
Part 2: Identify UDP Header Fields and Operation Using a Wireshark
TFTP Session Capture 171
Reflection 174
4.6.6.5 Lab—Using Wireshark to Examine HTTP and HTTPS 175
Objectives 175
Background/Scenario 175
Required Resources 175
Part 1: Capture and Vview HTTP Traffic 175
Part 2: Capture and View HTTPS Traffic 178
Reflection 181
Chapter 5 Network Infrastructure 183
5.2.2.4 Packet Tracer—Access Control List Demonstration 183
Topology 183
Objectives 183
Background 183
Part 1: Verify Local Connectivity and Test Access Control List 183
Part 2: Remove ACL and Repeat Test 184
Suggested Scoring Rubric 185
5.3.1.10 Packet Tracer—Identify Packet Flow 186
Topology 186
Objectives 186
Background/Scenario 186
Required Resources 186
Part 1: Verifying Connectivity 187
Part 2: Remote LAN Network Topology 187
Part 3: WAN Network Topology 188
Chapter 6 Principles of Network Security 191
6.2.1.11 Lab—Anatomy of Malware 191
Objectives 191
Background/Scenario 191
Required Resources 191
Conduct a Search of Recent Malware 191
6.2.2.9 Lab—Social Engineering 192
Objectives 192
Background/Scenario 192
Required Resources 192
Chapter 7 Network Attacks: A Deeper Look 195
7.0.1.2 Class Activity—What’s Going On? 195
Objectives 195
Background/Scenario 195
Required Resources 195
7.1.2.7 Packet Tracer—Logging Network Activity 198
Topology 198
Addressing Table 198
Objectives 198
Background 198
Part 1: Create FTP Traffic 198
Part 2: Investigate the FTP Traffic 199
Part 3: View syslog Messages 199
Suggested Scoring Rubric 200
7.3.1.6 Lab—Exploring DNS Traffic 201
Objectives 201
Background/Scenario 201
Required Resources 201
Part 1: Capture DNS Traffic 201
Part 2: Explore DNS Query Traffic 204
Part 3: Explore DNS Response Traffic 209
Reflection 211
7.3.2.4 Lab—Attacking a mySQL Database 212
Objectives 212
Background/Scenario 212
Required Resources 212
Part 1: Open the PCAP File and Follow the SQL Database Attacker 212
Reflection 225
7.3.2.5 Lab—Reading Server Logs 226
Objectives 226
Background/Scenario 226
Required Resources 226
Part 1: Reading Log Files with Cat, More, Less, and Tail 226
Part 2: Log Files and Syslog 230
Part 3: Log Files and Journalctl 231
Reflection 232
Chapter 8 Protecting the Network 233
There are no labs in this chapter.
Chapter 9 Cryptography and the Public Key Infrastructure 235
9.0.1.2 Class Activity—Creating Codes 235
Objectives 235
Background/Scenario 235
Required Resources 235
9.1.1.6 Lab—Encrypting and Decrypting Data Using OpenSSL 238
Objectives 238
Background/Scenario 238
Required Resources 238
Part 1: Encrypting Messages with OpenSSL 238
Part 2: Decrypting Messages with OpenSSL 240
9.1.1.7 Lab—Encrypting and Decrypting Data Using a Hacker Tool 241
Objectives 241
Background/Scenario 241
Required Resources 241
Part 1: Create and Encrypt Files 242
Part 2: Recover Encrypted Zip File Passwords 243
9.1.1.8 Lab—Examining Telnet and SSH in Wireshark 247
Objectives 247
Background/Scenario 247
Required Resources 247
Part 1: Examining a Telnet Session with Wireshark 247
Part 2: Examine an SSH Session with Wireshark 249
Reflection 250
9.1.2.5 Lab—Hashing Things Out 251
Objectives 251
Background/Scenario 251
Required Resources 251
Part 1: Creating Hashes with OpenSSL 251
Part 2: Verifying Hashes 253
9.2.2.7 Lab—Certificate Authority Stores 254
Objectives 254
Background/Scenario 254
Required Resources 254
Part 1: Certificates Trusted by Your Browser 254
Part 2: Checking for Man-In-Middle 258
Part 3: Challenges (Optional) 262
Reflection 262
Chapter 10 Endpoint Security and Analysis 263
There are no labs in this chapter.
Chapter 11 Security Monitoring 265
11.2.3.10 Packet Tracer—Explore a NetFlow Implementation 265
Topology 265
Objectives 265
Background 265
Part 1: Observe NetFlow Flow Records - One Direction 265
Part 2: Observe NetFlow Records for a Session that Enters and Leaves the
Collector 269
Suggested Scoring Rubric 271
11.2.3.11 Packet Tracer—Logging from Multiple Sources 272
Topology 272
Objectives 272
Background/Scenario 272
Part 1: View Log Entries with Syslog 272
Part 2: Log User Access 273
Part 3: NetFlow and Visualization 274
Reflection 275
11.3.1.1 Lab—Setup a Multi-VM Environment 276
Topology 276
Objectives 276
Background/Scenario 276
Required Resources 276
Chapter 12 Intrusion Data Analysis 283
12.1.1.7 Lab—Snort and Firewall Rules 283
Topology 283
Objectives 283
Background/Scenario 283
Required Resources 284
Part 1: Preparing the Virtual Environment 284
Part 2: Firewall and IDS Logs 284
12.2.1.5 Lab—Convert Data into a Universal Format 292
Objectives 292
Background/Scenario 292
Required Resources 292
Part 1: Normalize Timestamps in a Log File 292
Part 2: Normalize Timestamps in an Apache Log File 295
Part 3: Log File Preparation in Security Onion 297
Part 4: Reflection 303
12.2.2.9 Lab—Regular Expression Tutorial 304
Objectives 304
Background/Scenario 304
Required Resources 304
12.2.2.10 Lab—Extract an Executable from a PCAP 307
Objectives 307
Background/Scenario 307
Required Resources 307
Part 1: Prepare the Virtual Environment 307
Part 2: Analyze Pre-Captured Logs and Traffic Captures 307
Part 3: Extract Downloaded Files From PCAPS 311
12.4.1.1 Alt Lab—Interpret HTTP and DNS Data to Isolate Threat Actor 315
Objectives 315
Background/Scenario 315
Required Resources 315
Part 1: Prepare the Virtual Environment 315
Part 2: Investigate an SQL Injection Attack 316
Part 3: Analyze a Data Exfiltration 323
12.4.1.1 Lab—Interpret HTTP and DNS Data to Isolate Threat Actor 325
Topology 325
Objectives 325
Background/Scenario 325
Required Resources 326
Part 1: Prepare the Virtual Environment 326
Part 2: Investigate an SQL Injection Attack 327
Part 3: Data Exfiltration Using DNS 336
12.4.1.2 Alt Lab—Isolated Compromised Host Using 5-Tuple 342
Objectives 342
Background/Scenario 342
Required Resources 342
Part 1: Prepare the Virtual Environment 342
Part 2: Review the Logs 343
Reflection 351
12.4.1.2 Lab—Isolated Compromised Host Using 5-Tuple 352
Topology 352
Objectives 352
Background/Scenario 352
Required Resources 353
Part 1: Prepare the Virtual Environment 353
Part 2: Reconnaissance 355
Part 3: Exploitation 356
Part 4: Infiltration 360
Part 5: Review the Logs 363
Reflection 371
Chapter 13 Incident Response and Handling 373
13.2.2.13 Lab—Incident Handling 373
Objectives 373
Background/Scenario 373
Scenario 1: Worm and Distributed Denial of Service (DDoS) Agent
Infestation 373
Scenario 2: Unauthorized Access to Payroll Records 374
- Request an Instructor or Media review copy.
- Corporate, Academic, and Employee Purchases
- International Buying Options