DoS Attacks and Defense
*(ISC)² Members/Associates can access this course for free by logging in above and clicking the 'My Courses' menu item.
Denial of Service (DoS) attacks are increasing in regularity and sophistication. These attacks can have massive negative impacts to an organization, and as this threat vector continues to grow it is important to understand how they work, and the tools and processes needed to keep your organization safe. DoS attacks can result in loss of revenue, brand damage, and a loss of customer trust. Security practitioners need to be able to build effective defense solutions. This hands-on lab is designed to help learners better understand how these attacks work, how they are deployed and the mechanisms they can implement to protect their organization.
This course includes the following modules: 1) Launch and Detect a TCP SYN Flood Attack 2) Mitigate a TCP SYN Flood Attack 3) Application Layer DoS Attack 4) Mitigating Slowloris Attacks 5) DNS Amplification Attacks
Audience or Who Should Take This Course
Security practitioners, incident responders, or anyone hoping to learn more about how DoS attacks are performed, executed, and defended against.
Prior to taking this course the learner should have familiarity using the Unix/Linux command line and a working understanding of networking and filtering concepts (TCP/IP, DNS, etc.), and basic web application knowledge (HTTP, URL parameters, etc.)
How This Course Works
Lab content within this course takes place within a Linux virtual machine environment. Learners are introduced to each section of the lab and will have the ability to work through the entire lab at their own pace. Learners have seven days to work through the lab before progress resets.
Throughout this course learners will be asked to work through and complete the following activities:
- Review of foundation information needed to succeed in the lab.
- Video walkthrough for additional support. (optional)
- 5 lab task using pfSense in regard to basic administration and understanding the functions common among firewalls. These tasks include the following:
- Simulate and detect a TCP SYN flood attack
- Mitigate a TCP SYN flood attack
- Slow HTTP/Slowloris attack prevention. Enable “request read time-out.”
- Slow HTTP/Slowloris attack prevention. Enable “quality of service” module.
- Simulate and then defend against an amplification attack.
- Knowledge Checks
- Final Assessment
- Course Evaluation
CPE credits for (ISC)2 credentials must be self-reported by members and associates through the (ISC)2 CPE Portal accessible via www.isc2.org using your member login credentials.
CPE credits earned for this course may be eligible for continuing professional education credits for non-(ISC)² certifications. Please visit the continuing education requirements established by the credentialing organization for eligibility.
For specific questions related to your CPE credits or the CPE portal please contact member support - email@example.com