Defensive Cyberspace Operations

Course #CY4700

Starts: not available

Est. completion in 3 months

Offered through Distance Learning

Avg. tuition cost per course: See tuition Info For specific tuition costs of each program or contact information, please contact the NPS Tuition office at tuition@nps.edu .

Learn more about Service Obligation Info Officers accepting orders to a Graduate Education Program (GEP) are obligated to serve on active duty after completion.

Questions? Reach out directly:

NPS Online Student Support

online@nps.edu

Email
Offerings database access

Overview

This course explores methods to discover adversarial presence on a network and defend against adversarial TTPs (tactics, techniques, and procedures). Topics include, but are not limited to: the cyber kill chain, techniques the adversary uses to remain hidden within a compromised network, adversarial command and control, malware triage, mitigation of malware and eviction of an adversary from an operational network. Labs assignments will reinforce material taught in class.

Prerequisites

  • CY3000
  • CS3690
  • Or consent by instructor

Learning Outcomes

Upon completion of this course, the student will be able to:

  • Explain the stages of the cyber kill chain, including reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives, and apply them to the defense of network systems.
  • Describe cyber reconnaissance techniques, such as foot printing, scanning, and enumeration, understanding common adversarial tactics, techniques, and tools (TTPs) to identify potential threats.
  • Understand the fundamentals of network design concepts, including firewalls, DMZs, network segmentation, Host-based Intrusion Detection Systems (HIDS), Network-based Intrusion Detection Systems (NIDS), and Security Information and Event Management (SIEM) systems, to enhance the network security posture.
  • Demonstrate proficiency in network hardening practices to mitigate vulnerabilities and strengthen defenses against cyber-attacks.
  • Identify and analyze malware persistence methods, command and control mechanisms, and employ appropriate countermeasures to mitigate their impact on network systems.
  • Conduct malware analysis and triage to identify and assess potential threats within the network environment.
  • Utilize intrusion detection tools effectively to detect and respond to cyber threats in real-time.
  • Employ techniques for locating adversaries within the network, including analyzing network traffic and identifying anomalous behavior.
  • Implement strategies for the eviction of adversaries from the network, utilizing techniques such as beaconing detection and command and control mitigation.
  • Describe and perform post-incident analysis and assessment of cyber-attacks, including evaluating the effectiveness of defensive measures and identifying areas for improvement in network security.
  • Apply principles of remote live forensics for incident response, utilizing tools such as Sysinternals to investigate and mitigate cyber incidents effectively.
  • Participate in practical exercises focused on hunting for adversaries within the network environment and implementing effective eviction strategies.