Systems Security Professional Essentials Labs

Course E003

  • Duration: Multi-Week
  • Language: English
  • Level: Foundation

Learn the security techniques used by the Internet’s most skilled professionals. This Systems Security Essentials lab bundle, which includes 32 distinct, hands-on labs, will prepare you with the essential principles of risk management, network security, identity and access management, security operations and more.

This lab bundle is designed to align to the learning objectives found in the (ISC)2 Certified Information Systems Security Professional certification — Course 2058, CISSP® Training and Certification Prep Course.

Systems Security Professional Essentials Labs Delivery Methods

  • 6-month access to CYBRScore Systems Security Professional Essentials Labs
  • Content aligned to (ISC)2 Certified Information Systems Security Professional certification

Systems Security Professional Essentials Labs Course Benefits

Practice the objectives presented in the (ISC)2 Certified Information Systems Security Professional certificationUnderstand the principles of risk management, network security, identity and access management, security operations and moreIdentify whether high-risk systems were affected in an attackAnalyze, update, and perform a gap analysis on a sample BCP/BIA/DRP/CIRP

Systems Security Professional Lab Content

Students will become familiar with the Business Continuity Plan (BCP), Business Impact Assessment (BIA), Disaster Recovery Plan (DRP) and Computer Incident Response Plan (CIRP). Each of these documents are used to address different, but related, aspects of continuing or recovering business functionality during/after an incident. During the course of the lab, students will perform a gap analysis using the provided BCP, BIAs and DRP, and make the necessary fixes to the DRP.

Students will Identify the use of an SQL Injection through the use of Wireshark. The students will also isolate the different aspects of the SQL Injection and execute the selected code.

Students will identify the use of a Buffer Overflow exploit through the use of Wireshark and by analyzing items found in the captured traffic. The students will also find the exploit code and isolate the different aspects of a Buffer Overflow exploit.

This lab exercise is designed to allow the trainee to become familiar with applying a capture filter to TCPDump and Wireshark using Berkley Packet Filter (BPF) syntax.

Students are provided a whitelist of applications allowed for installation on a system. Students will compare the list against multiple hosts and remove the installed applications which are not on the list.

Students will run Windows Forensic Toolchest against an existing system to create a baseline that will be used for future analysis.

Students will create a list of installed programs, services, and accounts in a Windows 2012 server environment using various tools and methods.

Students will create a second baseline using the Window Forensic Toolchest (WFT) and compare it against a previously created baseline using KDiff3.

Students will have access to the results of a vulnerability scan run again a sample Windows 2008 Server. They will perform any necessary remediations to the server by applying a variety of patches, systems/firewall tweaks in order to further harden it. Next, they will run a follow-up scan to ensure that the previously discovered weaknesses have been mitigated down to a reasonable level of risk. After the verification scan has been completed, they will then author a Standard Operating Procedure to help others walk through the same mitigation process they went through - enabling others to perform the same actions on other Windows 2008 servers.

In this lab we will simulate the recovery phase where we must perform a backup in a server environment.

In this lab you will perform the steps necessary to set up a pfSense firewall from the basic command line interface and then configure the firewall using the web configuration GUI on a Windows machine. This lab will provide an understanding how network interfaces are configured to allow network connectivity. You will also view and create a firewall rule which enforces your understanding of how network traffic can be managed at different levels – (IP-based, Protocol-based, Machine-based, etc).

Students will identify access to a PFSENSE firewall through the forwarding of SYSLOG (System logs) from a Firewall to the SYSLOG service we have configured and set up on the Network. Students will then identify malicious activity through system logs.

The highest risk systems are the ones with Internet facing Applications. One an attacker from the Internet is able to compromise the internal network, then it is very likely they will attempt to move to other machines on the network. The machines in the Demilitarized Zone (DMZ) are at high risk because they are not usually as protected as the computers which are part of the Internal Network.

Students will scan a system in OpenVAS (Open Vulnerability Assessment) to discover and identify systems on the network that have vulnerabilities.

Network and host based Intrusion Detection Systems (IDS) analyze traffic and provide log and alert data for detected events and activity. Security Onion provides multiple IDS options including Host IDS and Network IDS. In this lab you will setup Security Onion to function as a network based IDS and Snorby, the GUI web interface for Snort.

Least-privilege is an important concept across many domains (e.g., Windows server/workstation management, networking, Linux management, etc.) and requires great discipline to implement properly. This lab walks students through implementing least privilege in both an Active Directory setup and a normal Windows-based workstation.

In this lab students will use command line tools to create, modify, and manage users and groups within the Linux operating environment.

When defending networked digital systems, attention must be paid to the logging mechanisms set in place to detect suspicious behavior. In this lab, students will work with Splunk to help correlate server logs, system logs, and application logs in order to determine if an attacker was successful, and if so what happened and how they got in.

Students will learn how to conduct manual scanning against systems using command line tools such as Netcat then they will login to a discovered system and enable object access verify that auditing to the object is enabled.

Several company employees have received unsolicited emails with suspicious pdf attachments. The CIO has asked you to look at the attachments and see if they are malicious.

Several company employees have received unsolicited emails with suspicious pdf attachments. The CIO has asked you to look at the attachments and see if they are malicious.

In this lab you will use Microsoft Baseline Security Analyzer (MBSA) to perform scans of individual host computers and of groups of computers. You will also learn how to perform the most common scans using command line tools. Once completed, you will have learned how to use MBSA to perform a comprehensive security analysis of your network environment.

Students will analyze a MBSA Baseline report and compare it to current system configurations. Students will then make necessary system changes to machines and validate baseline using MBSA. Students will finally compare hash values to determine if any changes have been made to a system.

In this lab we will replicate potentially malicious scans from the Internet against a corporate asset. Scans from the Internet are very common. An analyst should know how to identify this activity by artifacts that are present in the IDS as well as entries in the web logs.

In this lab we will take the concept of zones and create three zones and route traffic accordingly. We will have the trusted zones ZONE - LAN which will be the internal Local Area Network. ZONE - DMZwhich will be the demilitarized zone. ZONE - WAN - which will be the Wide area network. We will set up a firewall (PFSENSE) to allow internal traffic from the LAN to the WAN. We will allow traffic WAN to DMZ and DMZ to WAN. Internal traffic WILL NOT BE ALLOWED TO ENTER THE DMZ UNLESS IT COMES through the WAN interface. This will prevent/deter hackers who if possibly compromised a DMZ asset will not be able to access the internal LAN segment. We'll also show trainees how a contractor would likely VPN into a retail network and how to appropriately restrict their access.

This lab teach students how to extract various files from network traffic using Network Miner and Wireshark.

Students will identify if a vulnerability is present on two Windows systems and then move to remediate the vulnerability, if necessary.

This next lab walks students through identifying a security incident, as well as handling and then responding to the incident.

Students will use Zenmap to scan a network segment in order to create an updated network map and detail findings on the systems discovered. They will use the material they generated to help them discover if there have been any changes to the network after they compare it to a previously generated network map/scan.

Linux environments are ubiquitous in many different sectors, and securing these environments is as important as securing Windows environments. This lab walks you through implementing least-privilege and strong security practices in a Linux environment. Specifically, you will walk through ways to secure your Linux box, look at and fix common areas of privilege issues/abuses, and get introduced to SELinux and how it helps when implementing least-privilege.

Students will use pfTop, a network traffic monitoring/statistics plugin used in pfSense, to analyze and monitor network traffic. They will walk through the steps of performing a detailed investigation to determine what type of traffic is occurring across the exercise network. Finally, with the use of visualization tools they will be able to further analyze network traffic statistics and learn how visuals can quickly aid in the incident response process.

Learners will use Nmap and OpenVAS/Greenbone Vulnerability Scanner to confirm old vulnerable systems and to also discover new ones. They will perform a risk analysis of the findings and determine steps to be taken to mitigate the issues discovered. Finally, armed with a previously completed audit report as an example, they will fill out the necessary audit documentation to provide details on their findings and to add any suggested mitigations.

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

Course FAQs

  • CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience.

  • Each lab consists of multiple tasks that take anywhere from 30 minutes to 2 hours to complete.

  • All you need is an HTML5 compatible browser, such as Google Chrome, Mozilla Firefox, or Microsoft Edge.

  • CYBRScore Labs are available for use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.

  • Once your purchase is complete, Learning Tree will contact you with the URL and login credentials you will use to access your lab bundle.
Chat With Us