Network Traffic Analysis
Description: This is a hands-on course that will survey network situational awareness techniques. The concept of network situational awareness is to develop a cogent set of observed network characteristics that will inform decision makers as to the wise course to take in defending the network (or more colloquially Know your network. Know the Internet. Know how they work together). The course will involve network investigation to include packet capture analysis and network flow analysis. Micro: What is the breadth of my network? What assets are important to my mission? How do I perform efficient network analysis? What does “the bad” look like? Macro: What are the geo-political effects of various movements across the world? How do I provide an assessment of a global problem to decision makers? What are the downstream affects others face because of me? Business Impacts: What will this security implementation have on my business? What do I do if my network is being used for malicious activity? Can I take advantage of new technologies?
Learning Outcomes: By the end of the course, students should perform the following: - Demonstrate network analysis using Wireshark (tshark), tcpdump, Scapy, Snort, and/or SiLK to profile a network, and identify malicious behavior in support of the mission needs of an organization. - Compare mission differences between Law Enforcement, Network Defense, and Intelligence for national security. - Summarize security-community analysis and synthesize indicators of compromise (IOCs) in order to properly communicate to the C-suite, management, or other members of the security community. - Begin creation of personal “brand” to use within the security community at large.