CyberFusion Analyst 101
The Cyber Fusion Analyst Program is a comprehensive training path designed to equip professionals with the skills necessary to protect and defend modern digital environments. The program begins with Cybersecurity Foundations 101, where participants learn the core principles of cybersecurity, including the CIA triad, network security, and incident response. Building on these basics, Cybersecurity Foundations 201 delves into advanced topics such as penetration testing, malware analysis, and sophisticated incident management strategies. Complementing these, the System Administration 101 course focuses on managing and securing IT systems, with practical skills in OS management, network configurations, and user administration. The Network Security Foundations 101 course then ensures participants can secure modern network infrastructures, implementing tools like firewalls, endpoint security, email security, and Data Loss Prevention (DLP). Together, these courses create a holistic program, blending the essential elements of cybersecurity, system administration, and network defense to train the next generation of Cyber Fusion Analysts capable of identifying, mitigating, and responding to complex cyber threats across various digital environments.
140 hours • 2 hours/class
CyberFusion Analyst 101
- Fundamentals of core networking
- Practical Lab-Based Learning
- Scalable Network study
1. Introduction to Cyber fusion analyst Course and Labs
- Introduces the Certified Fusion Analyst (CFA) course objectives and learning methodology.
- Provides an overview of the lab environment and the tools used throughout the course.
- Sets the foundation for the subsequent technical modules.
2. Networking Foundations 101 (30 Hours)
- Comprehensive cybersecurity training Provides a comprehensive foundation in networking principles and technologies.
- Covers essential topics like network topologies, OSI/TCP/IP models, IP addressing, switching, routing, and network security fundamentals.
- Includes hands-on labs to reinforce theoretical concepts and develop practical networking skills.
Introduction of Networking
- Understand the fundamental concepts of computer networks, their components, and how they function.
- Explore the evolution of networking technologies and their impact on modern communication.
OSI / TCP IP
- Learn about the OSI and TCP/IP models, their layers, and how they facilitate data communication.
- Gain an understanding of the key protocols operating at each layer.
IP addressing
- Master IP addressing concepts, including IP classes, subnetting (classful/classless), and how IP addresses enable communication on the network.
- Hands-on labs reinforce your understanding of IP addressing and subnetting concepts.
IP Classes
- Understand the historical classification of IP addresses into classes A, B, and C.
- Learn about the limitations of classful addressing and the need for more flexible addressing schemes
Subnetting Classful/Classless Lab
- Master the techniques of dividing a network into smaller subnets (subnetting) using both classful and classless addressing methods.
- Gain hands-on experience with subnetting concepts through practical lab exercises.
IP Communication in the LAN Lab
- Explore how IP addresses are used for communication within a Local Area Network (LAN).
- Conduct lab exercises to observe and analyze IP communication between devices on a network.
Switching
- Explore the role of switches in network infrastructure, including managed/unmanaged switches, VLANs, and switch security features.
- Gain practical experience through labs on switch configuration, VLAN implementation, and port security.
Introduction, Managed and Unmanaged switches, Ports, VLAN, Leading Vendors, Switch Security (l2)
- Learn about the role of switches in network infrastructure, differentiating between managed and unmanaged switches.
- Explore switch ports, VLANs (Virtual Local Area Networks), and key security features at Layer 2 of the OSI model.
Initial Setup Lab
- Gain hands-on experience with the initial setup and configuration of network switches.
- Learn basic commands for configuring switch interfaces and basic security settings.
Access/Trunk Port Configuration Lab
- Understand the difference between access and trunk ports and their role in connecting devices to different VLANs.
- Conduct lab exercises to configure access and trunk ports on a switch.
VLAN Lab
- Explore VLAN concepts in depth, including VLAN creation, assignment of ports to VLANs, and inter-VLAN communication.
- Gain practical experience with VLAN configuration through hands-on lab exercises.
Port Security / MAC Binding Lab
- Learn about port security features, including MAC address filtering and MAC address binding.
- Conduct lab exercises to configure port security on a switch to enhance network security.
DHCP configuration LAB
- Explore the role of DHCP (Dynamic Host Configuration Protocol) in assigning IP addresses to network devices.
- Conduct lab exercises to configure DHCP on a switch to automate IP address assignment.
Syslog Configuration LAB
- Learn about syslog, a system for generating, collecting, and analyzing log messages from network devices.
- Conduct lab exercises to configure syslog on a switch to generate and collect important system and security logs.
Routing
- Learn about routing protocols (static and dynamic), router configuration, and routing concepts like default, static, and RIP routing.
- Labs provide hands-on experience in configuring routers, implementing routing protocols, and utilizing Access Control Lists (ACLs).
Introduction, Routing Protocols Static and Dynamic Routing
- Understand the role of routers in directing network traffic between different networks.
- Explore different routing protocols, including static and dynamic routing algorithms (e.g., RIP, OSPF).
Initial Setup of Router, Port Configuration LAB
- Learn to configure basic router settings, including interface configurations and basic routing protocols.
- Gain hands-on experience with router configuration through practical lab exercises.
Default, Static, RIP, routing LAB
- Explore different routing methods, including default routing, static routing, and the RIP (Routing Information Protocol).
- Conduct lab exercises to configure and verify different routing scenarios.
Usage of ACL LAB
- Understand the concept of Access Control Lists (ACLs) and their role in controlling network traffic.
- Gain hands-on experience with configuring ACLs on routers to filter traffic based on source/destination IP addresses, ports, and other criteria.
DHCP Configuration LAB
- Learn how to configure DHCP on a router to provide IP addresses to devices on a network.
- Conduct lab exercises to configure and troubleshoot DHCP server functionality on a router.
Syslog Configuration LAB
- Learn how to configure syslog on a router to generate, collect, and analyze system and security logs.
- Conduct lab exercises to configure syslog on a router to send log messages to a syslog server.
Secure Access of Network Devices
- Introduces authentication methods like RADIUS, TACACS+, and ISE.
- Explains the concept of AAA (Authentication, Authorization, Accounting).
- Provides hands-on experience with configuring routers with AAA servers.
Introduction to Radius, TACCACS, ISE
- Explores centralized authentication protocols like RADIUS, TACACS+, and Identity Services Engine (ISE).
- Discusses their role in securing network access and enforcing access control policies.
AAA authentication
Explains the core principles of Authentication, Authorization, and Accounting (AAA) for secure network access.
Configuring Router with TACCAS, RADIUS, ISE
Provides hands-on experience with configuring network devices (routers, switches) to use RADIUS, TACACS+, or ISE for centralized authentication and authorization.
Module 2 Evaluation
Module Evaluation: Assessing Your Learning Outcomes
3. Network Security Foundations 101 (20 Hours)
- Focuses on core network security technologies and devices.
- Covers firewalls, VPNs, IDS/IPS, email security gateways, and WAFs.
- Includes hands-on labs to gain practical experience with these security controls.
Introduction to Network Security Infrastructure
- Define firewalls, Next-Generation Firewalls (NGFWs), and their roles in network security.
- Discuss different firewall types (e.g., stateful, packet filtering).
Firewall / NGFW 1
- Define firewalls, Next-Generation Firewalls (NGFWs), and their roles in network security.
- Discuss different firewall types (e.g., stateful, packet filtering).
VPN - Types of VPN 4
- Explain VPN technologies (e.g., site-to-site, remote access, VPN protocols).
- Discuss VPN benefits and security considerations.
IDS/IPS 1
- Define Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
- Explain how they detect and prevent cyber threats.
Email Security Gateway 1
- Discuss email security threats (e.g., spam, phishing, malware).
- Explain how email security gateways protect inboxes.
WAF 1
- Define Web Application Firewalls (WAFs).
- Explain how WAFs protect web applications from attacks.
Firewall
- Core network security device that controls incoming and outgoing network traffic.
- Enforces security policies by allowing or blocking traffic based on rules.
- Key component in protecting networks from unauthorized access and cyber threats.
Introduction to Dashboard Setup Overview
- Familiarize with the firewall dashboard and its key components.
- Understand the basic setup and configuration steps.
Security Policies LAB
- Learn how to create and manage security rules.
- Understand the concept of allow/deny rules and their impact.
NAT and PAT LAB
- Explain Network Address Translation (NAT) and Port Address Translation (PAT).
- Configure NAT/PAT rules on the firewall.
Threat Prevention Policies, App Control, URLF, Anti-Spyware, Anti-Virus LAB
- Configure advanced security features like application control, URL filtering, and anti-malware.
- Understand how these features enhance security.
Logging Review LAB
- Understand firewall logs and their importance.
- Analyze logs to identify security incidents.
IDS/IPS LAB
- Hands-on experience with configuring and managing an IDS/IPS system.
- Learn to analyze intrusion alerts and respond to incidents.
Email Security Gateway LAB
- Hands-on experience with configuring and managing an email security gateway.
- Learn to configure anti-spam, anti-virus, and other email security features.
WAF LAB
- Hands-on experience with configuring and managing a WAF.
- Learn to protect web applications from common attacks (e.g., SQL injection, cross-site scripting).
Cloud Security Introduction
- Overview of cloud security concepts and challenges.
- Discuss security considerations for different cloud deployment models.
Module 3 Evaluation
Module Evaluation: Assessing Your Learning Outcomes
4. Operating System Administration 101
Windows OS
- Popular operating system known for its user-friendly interface and wide software compatibility.
Covers topics like Active Directory, user management, file systems, and security hardening.
Provides foundational knowledge for administering Windows-based networks.
Windows Server / Client, Domains and Trusts Introduction
- Introduce Windows Server and Client operating systems.
- Explain concepts of domains, trusts, and their importance in network environments.
AD, DNS, DHCP, NTP, FTP Theory
- Discuss Active Directory (AD), Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Network Time Protocol (NTP), and File Transfer Protocol (FTP) in detail.
AD User Management, UAC Lab
- Hands-on experience with managing users and groups in Active Directory.
- Configure User Account Control (UAC) settings.
Groups, OU LAB
- Learn to create and manage groups and organizational units (OUs) in Active Directory.
- Understand the benefits of using OUs for delegation and organization.
DNS, DHCP, NTP, FTP LAB
- Hands-on experience with configuring and managing DNS, DHCP, NTP, and FTP servers.
File Management, Permissions LAB
- Learn to manage files and folders on Windows servers.
- Configure file and folder permissions to control access.
LDAP, Kerberos, RDP LAB
- Explore Lightweight Directory Access Protocol (LDAP), Kerberos authentication, and Remote Desktop Protocol (RDP).
- Gain practical experience with these technologies.
Important Windows Services LAB
- Learn about essential Windows services and their roles.
- Troubleshoot common service issues.
Concept of Hardening and Virtualization
- Discuss security hardening techniques for Windows systems.
- Explore Windows virtualization technologies (e.g., Hyper-V).
Azure AD and Azure Infra
Introduction to Azure Active Directory (Azure AD) and Azure infrastructure services.
Linux OS
Open-source operating system known for its flexibility, stability, and security.
Explores various Linux distributions, command-line interface, file management, and system administration tasks. Offers valuable skills for system administrators and DevOps professionals.
Types of Linux Family -OS Walkthrough and Introduction LAB
Explore different Linux distributions (e.g., Ubuntu, CentOS, Debian).
Get an overview of the Linux operating system and its core concepts.
Initial Setup - Command Line Introduction LAB
Learn basic Linux commands and how to navigate the command-line interface.
Perform initial system setup and configuration tasks.
File/Package Management using CLI LAB
Learn to manage files and install/remove software packages using command-line tools.
Web, FTP services in Linux and How to control them LAB
Learn to configure and manage web servers (e.g., Apache) and FTP servers.
Understand how to control these services and secure them.
Linux Service Exploration LAB
- Explore common Linux services and their functions.
- Learn to manage and troubleshoot these services.
Module 4 Evaluation
Assess learning outcomes and knowledge gained throughout the module.
5. Cyber Security 101 (20hours)
- Provides a foundational understanding of cybersecurity concepts and principles.
- Covers core topics like threats, vulnerabilities, security controls, and best practices.
- Introduces fundamental security concepts and best practices for individuals and organizations.
Introduction to Cyber Security
- Provides a foundational understanding of cyber threats and their impact.
- Explores the importance of cybersecurity in today’s digital world.
- Introduces key concepts and principles of cybersecurity.
Cyber Kill Chain
- Describes the stages of a typical cyberattack lifecycle.
- Helps understand how attackers operate and identify opportunities for defense.
- Enables proactive security measures and incident response strategies.
CIA Triad
- Explains the core security principles of Confidentiality, Integrity, and Availability.
- Emphasizes the importance of protecting data from unauthorized access, modification, and disruption.
- Guides the development of effective security controls and policies.
Common Terminology
- Defines key cybersecurity terms and concepts.
- Covers vulnerabilities, exploits, CVEs, CVSS, compliance, and various types of attacks.
- Explains defense-in-depth strategies, IOCs/IOAs, logging and auditing, and common error/status codes.
- Provides a basic introduction to tools like Wireshark and Event Viewer.
Vulnerability
- A weakness or flaw in software, hardware, or a system that can be exploited.
- Can be software bugs, misconfigurations, or design flaws.
- Exploiting vulnerabilities can lead to unauthorized access or data breaches.
Exploit
- A piece of code or technique used to take advantage of a vulnerability.
- Can be used to gain unauthorized access, steal data, or disrupt systems.
- Examples include malware, exploits for known vulnerabilities, and social engineering attacks.
CVE
- A standardized list of publicly known cybersecurity vulnerabilities.
- Provides a unique identifier for each vulnerability.
- Used by security researchers, vendors, and organizations to track and address vulnerabilities.
CVSS
- A framework for assessing and communicating the severity of IT vulnerabilities.
- Provides a numerical score based on factors like impact, exploitability, and confidentiality.
- Helps prioritize vulnerability remediation efforts.
Compliance
- Adhering to industry standards, regulations, and legal requirements related to data security.
- Examples include HIPAA, PCI DSS, and GDPR.
- Non-compliance can result in fines, legal penalties, and reputational damage.
Attack
- Any action that attempts to compromise the security of a system or network.
- Can include malware attacks, phishing attacks, denial-of-service attacks, and more.
- Attackers may have various motives, such as financial gain, espionage, or disruption.
Hacker Types
- Different categories of individuals who engage in hacking activities.
- Include white hat hackers (ethical hackers), black hat hackers (malicious hackers), gray hat hackers, and script kiddies.
- Understanding hacker motivations and techniques is crucial for effective defense.
Defense in Depth
- A layered security approach that employs multiple security controls to protect against attacks.
- Combines various security measures to create a robust defense.
- Examples include firewalls, intrusion detection systems, antivirus software, and user training.
IOC & IOA
- Clues or evidence that a system or network has been compromised.
- IOCs can include malicious files, suspicious IP addresses, and unusual network traffic.
- IOAs provide insights into the attacker’s tactics, techniques, and procedures (TTPs).
Logging and Auditing
- The process of collecting and analyzing system and network logs.
- Helps identify security incidents, monitor user activity, and troubleshoot problems.
- Essential for incident response and security investigations.
Error/Status Codes
- Codes that indicate the status of a request or response.
- HTTP status codes (e.g., 404 Not Found, 500 Internal Server Error) provide valuable information.
- Understanding error codes helps in troubleshooting and debugging.
Event Viewer
- A Windows system tool that displays system, security, and application events.
- Provides valuable information about system activity and security incidents.
- Can be used to troubleshoot problems, monitor system health, and investigate security breaches.
Wireshark Basics
- A powerful network protocol analyzer.
- Used to capture and analyze network traffic.
- Helps identify security threats, troubleshoot network problems, and understand network protocols.
Compliance
- Adhering to industry standards, regulations, and legal requirements related to data security.
- Examples include HIPAA, PCI DSS, and GDPR.
- Non-compliance can result in fines, legal penalties, and reputational damage.
6. Cyber Security 201 - 20 hours
Types of Malware/Virus
- Explores various types of malware such as viruses, worms, trojans, ransomware, spyware, and adware.
- Discusses their characteristics, impact, and methods of propagation.
- Provides an understanding of how malware operates and infects systems.
Types of Attacks
- Focuses on common cyberattacks and their characteristics.
- Covers topics like malware, phishing, ransomware, and denial-of-service attacks.
- Provides practical understanding of attack vectors and mitigation strategies.
Network Attacks - DoD, Spoofing, Hijacking, Replay, Transitive Attacks, DNS Attacks, ARP spoofing, Ports and Protocols
- Covers common network attacks like Denial of Service (DoS), Distributed Denial of Service (DDoS), Man-in-the-Middle (MitM), and spoofing attacks.
- Explores vulnerabilities related to network protocols, ports, and services.
- Discusses mitigation strategies and best practices for network security.
Web Application Attacks - OWASP Top 10, DoS, Application Exploitation
- Focuses on OWASP Top 10 vulnerabilities such as SQL injection, cross-site scripting (XSS), and session hijacking.
- Explores techniques used to exploit web applications and their security implications.
- Provides an understanding of web application security best practices.
Social Engineering
- Discusses various social engineering tactics such as phishing, pretexting, and baiting.
- Highlights the human element in cybersecurity and the importance of awareness.
- Provides strategies for identifying and preventing social engineering attacks.
Enumeration - LAB
- Hands-on experience with network enumeration techniques.
- Learn to gather information about target systems and networks.
- Understand the importance of information gathering in security assessments.
Exploitation - LAB
- Hands-on experience with network enumeration techniques.
- Learn to gather information about target systems and networks.
- Understand the importance of information gathering in security assessments.
Security Applications and Devices
- Hands-on experience with exploiting vulnerabilities.
- Learn to identify and exploit vulnerabilities in systems and applications.
- Understand the ethical and legal considerations of vulnerability exploitation.
Risk Assessment
- Explores various security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, and endpoint security solutions.
- Discusses their functionalities, deployment options, and best practices for effective use.
- Provides an understanding of the role of these tools in a layered defense strategy.
Cryptography - Hashing, MD5, SHA, Salting, Encryption
- Explores fundamental cryptographic concepts such as hashing, encryption, and digital signatures.
- Discusses different hashing algorithms (MD5, SHA) and their applications.
- Provides an understanding of encryption techniques and their role in securing data.
Vendor Relationships - NDA< MOU, SLA, ISA, BPA
- Explores key legal and contractual aspects of vendor relationships.
- Discusses Non-Disclosure Agreements (NDAs), Memoranda of Understanding (MOUs), Service Level Agreements (SLAs), and other relevant agreements.
- Provides an understanding of the importance of clear and enforceable contracts.
SIEM - Introduction - LAB
- Introduces Security Information and Event Management (SIEM) systems.
- Explores SIEM functionalities such as log collection, analysis, and correlation.
- Hands-on experience with using a SIEM system to detect and investigate security incidents.
IRP
- Explores the Incident Response Process (IRP), including incident identification, containment, eradication, recovery, and lessons learned.
- Discusses best practices for incident response planning and execution.
Provides an understanding of the importance of a well-defined IRP.
Module 5 evaluation
- Assesses learning outcomes and knowledge gained throughout the Cyber Security 201 module.
7. Project Work
a. IRP Report Based on a SCENARIO
- Develop and document a comprehensive Incident
- Response Plan (IRP) tailored to a specific scenario.
- Conduct tabletop exercises or simulations to test the effectiveness of the developed IRP.
b. Threat Research Talk/Write about a real Attack in Detail.
- Conduct in-depth research on a specific cyberattack, analyzing its methodology, impact, and lessons learned.
- Present findings through a written report or a detailed presentation.
