
This course is designed for Networking and Security personnel that need to develop a set of packet investigation techniques through study of the Cloud and IoT networking Protocols using Wireshark and other Open-Source Analysis tools. Successful completion of this course will provide these individuals with a path-way into the field of both Network and Forensics Analysis.
Format: 5 days Classroom Instruction
Start/End Times: 0830-1630
Recommended Class Size: 5-12
Audience: Intermediate
Recommended Prerequisites: Completion of Wireshark 1 and Wireshark 2 or equivalent networking and Wireshark experience
More Information: www.scos.training
Description:
The emerging technologies of Network Cloud Computing, Cloud Storage and Internet of Things enabled devices are among the recent advances in Networking. Effective analysis and troubleshooting such advanced technologies encompasses the skills of not only capturing data, but also the ability to discern unusual patterns hidden within seemingly normal network traffic. This course will provide the student with a set of investigate and analysis techniques focusing on the use of vendor-neutral, OpenSource Tools such as Wireshark and Cloudshark to provide insight into the following areas:
- Specialized and advanced packet capture tips combined with specialized techniques including data traffic reconstruction and viewing
- Recognition, analysis and threat recognition for a many of the next generation Cloud and IoT technologies including Cloud Computing / Virtualization / IEEE 802.15 Bluetooth / IEEE 802.15.4 ZigBee / IEEE 802.16e WiMAX / Home RF / ZWave / RFID / Infrared / PBCC / 3G / 4G / 5G
Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical analysis skills. Attendees will receive a student guide including numerous reference files and networking and forensics tools, as well as a library of reference documents.
Course Details:
I. Introduction to Advanced Network Analysis
- Logistics
- Cloud and Internet of Things (IoT) Network analysis challenges
- Nomenclature, Terminology and the Next Generation Technologies
II. Collecting the Data – Data Capture
- Navigating the Wireshark 2 and Cloudshark Virtual User Interfaces
- Icon and Status Bars
- Menus and Shortcuts
- Cloudshark Virtual Interface
- Data Collection
- Location – How Network Infrastructure Devices Affect Network Analysis
- Configuring Wireshark 2.X
- Configurations – LAN vs. Cloud vs. IoT
- USBPcap / Androiddump
- Using capture filters to capture specific types of traffic
- Stealth / Silent Collection of Data – Tips & Techniques
- Real-time vs. Post Capture Analysis
- Monitoring current traffic
- Cloud and IoT Device Analysis using Wireless Control Panel
- Wireless Toolbar and WiFi features – WEP / WPA / WPA2 Decryption
- Bluetooth capture features
- Is It Good or Bad – The Role of Baselines
- What’s Normal vs. Abnormal – The Role of Baseline Files
- Building a Baseline Library – Where Do I go to Find Samples?
III. Cloud Technologies
- Overview of Cloud-Based Network Communication Architectures
- Cloud Terminology & Technologies
- Client-server
- Peer-to-peer
- Computer bureau iv. Grid computing
- Fog computing
- Dew computing
- Mainframe computer
- Utility computing
- Green computing
- Cloud sandbox
- Cloud Enabling and Supporting Technologies
- Cloud vs. Virtualization
- Service Oriented Architectures – Service Models
- Software as a Service (SaaS)
- Platform as a Service (PaaS)
- Infrastructure as a Service (Iaas)
- Cloud Terminology & Technologies
- Analyzing Cloud and IoT Conversations and Activities
- Analyzing Conversations and Activities Using Expert Systems to Determine Unusual Activity
- Determining Which Conversations are of Interest – Analyzing Latency and Throughput to recognize and analyze suspicious user traffic
- Using Wireshark Statistical Features to Isolate and Identify Suspect Conversations
- A Sample Cloud / IoT Network Analysis Methodology
- 6 Steps for Cloud / IoT based Network Analysis of suspicious traffic
- Answering the Key Troubleshooting and Analysis Questions
- A Sample Network Analysis Methodology
- Analyzing Conversations and Activities Using Expert Systems to Determine Unusual Activity
- Diagraming Conversations – A Picture is worth 1024 Words
- Related Packet and Intelligent Scrollbar features
- Constructing a Troubleshooting and Analysis Diagram
- Tips and Techniques
IV. Internet of Things Technologies
- Overview and Introduction to IoT-Based Technologies
- IoT Terminology & Technologies
- IoT Enabling Technologies
- Wired
- Short Range Wireless
- Medium Range Wireless
- Long Range Wireless
- Special Considerations for Analyzing IoT WiFi-Based Traffic
- IoT / WiFi Fundamentals
- Frequency, Bandwidth & Channel Considerations
- Spread Spectrum Technologies
- Frequency Hopping Spread Spectrum (FHSS)
- Direct Sequence Spread Spectrum (DSSS)
- Orthogonal Frequency Division Multiplexing (OFDM)
- Spatial Division Multiplexing (SDM) iii. IoT MAC Layer
- Finding a Service Set
- Connecting, Authenticating & Associating to a Service Set
- Moving Between and disconnecting from Service Sets
- IoT Wireless Frame Addressing – Transmitter and Receiver vs. Source and Destination Address
- IoT / WiFi Frame Translation
- IoT / WiFi Fundamentals
- Key IoT Technologies: SoHo and IoT
- Structure, Operation and Analysis of Key IoT Technologies:
- IEEE 802.15 Bluetooth
- IEEE 802.15.4 ZigBee
- IEEE 802.16e WiMAX
- Home RF
- ZWave
- RFID
- Infrared
- PBCC
- 3G / 4G / 5G
- Cloud and IoT Security – Vulnerabilities and Threats
- Overview of IoT-based Security Vulnerabilities
- The Key Issue – Competing Standards and Lack of Regulations
- Rouge Devices
- Man-in-the-Middle
- Malware / Ransomware
- Denial of Service (DoS / DDoS) Attacks
- Bots / Botnets
- Fixing the Problem
- Security Recommendations
- IEEE 802.1x Radius Overview
- Wireless Encryption
- Wired Equivalency Protocol (WEP)
- WiFi Protected Access (WPA / WPA2)
- Common Transport Layer Exploits and Examples of Intrusion Signatures
- Overview of IoT-based Security Vulnerabilities
V. Where do we go from Here?
- Wireshark 0 – TCP/IP Networking Fundamentals Using Wireshark
- Wireshark 1 – TCP/IP Network Analysis
- Wireshark 2 – Advanced Network and Security Analysis
- Wireshark 3 – Network Forensics Analysis
- Wireshark 4 – Mobile Device Forensics Analysis
- Wireshark 5 – Cloud and Internet of Things (IoT) Advanced Network Analysis
- Wireshark 6 – VoIP Advanced Network Analysis
- Wireshark 7 – WiFi Advanced Network Analysis
- Wireshark 8 – SCADA and ICS Advanced Network Analysis