The need for awareness of cyber deception is growing. Cyber deception has been identified as one of the top 10 technologies businesses should be employing for cyber defence.
This 5-day course will provide students with hands-on experience of how to build, deploy and configure various cyber deception tools and technologies to protect computer networks and digital data. Students will use a combination of open source software, scripts and direct operating system configurations to create confusion, bait and trap intruders and unauthorised insiders.
The course has been designed for people with a beginner and intermediate level of technical IT skill and experience. Most of the course content is hands on activities. Students will configure and build cyber deceptions. Many of these will be using command line. The course will walk students through the basics of how to undertake each activity and provide them the means to complete the exercises. No academic or technical knowledge is assumed but the course can be challenging, in places if users are not familiar with basic IT and cyber security principles and tools.
On completion of this course, participants should be able to:
- Understand basic cyber deception tactics used in civilian businesses and defence environments.
- Understand how cyber deception tools and technologies protect computer networks and digital data.
- Understand and set up honeypots, sinkholes and covert network tunnels.
- Use open source software and command line tools to falsify web pages, web traffic and SSH services.
- Demonstrate the ability to plan and use best industry practices in cyber deception.
Course Day Breakdown
Introduction to Cyber Deception
Day 1 starts with a comprehensive overview of the history of cyber deception and looks at how this concept fits into a cyber security framework. Students will be set up with VMWare environments and stepped through practical exercises.
VMWare Essentials, Linux Distributions, Command Line Basics, File System Navigation, Directories, Commands and Arguments.
Hiding the Real
This session will cover the structure of deception and will look at methods for disrupting automated attacks. Students will be introduced to Steganography along with lab based exercises covering changing identity and modifying ports.
Hidden Partitions, Port Obfuscation, Covert Network Tunnels, Steganography Processes, Obfuscating Code, Masking and Repackaging Ports.
Honeypots and other defensive tools
Day 3 will introduce students to the history of Honeypots and how they can be used to defend against cyber-attacks. The session will also look how to set up a convincing honeypot and will cover a number of other defensive tools.
SSH Honeypots, Elastichoney, HoneyNet Project, MHN Server.
Showing the False
This session will look at techniques to disrupt automated attacks such as faking network traffic and services. Student will also be introduced to the requirements of building fake content in order to delay and confuse adversaries. Practical exercises include faking web pages & traffic and faking a SSH service.
Fake Services, Fake Traffic, Fake Content, Sinkholes, Labrea Tarpit, Tiny HP, SpiderTrap, Glastopf, Cowrie.
Cyber Deception Limitations and Planning
The final day of the course will give an overview of the limitations of deceptive techniques and issues surrounding the legality of practices. Reasons and considerations to be aware of when planning to use deception will also be covered. Students will break into groups and complete a deception planning exercise.
Deception strategies, Tactics and Plan Architecture, Passive and Active Actions, Kill Chain.
Who Should Attend
Managers, network security professionals and cyber security engineers.
What You Will Recieve
- Comprehensive set of course notes
- UNSW Canberra certificate of attendance
- Morning tea, lunch and afternoon tea
NICE Framework Mapping
This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities):
K0005: Knowledge of cyber threats and vulnerabilities.
K0041: Knowledge of incident categories, incident responses, and timelines for responses.
K0058: Knowledge of network traffic analysis methods.
K0161: Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
S0078: Skill in recognising and categorising types of vulnerabilities and associated attacks.
A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
What is the NICE Framework?
The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles.
To find out more about the NICE Framework, go to: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework
UNSW Canberra Cyber
UNSW Canberra Cyber is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.
The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.
Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.
Contact us at firstname.lastname@example.org to discuss how.
Further Informationcyber@adfa.edu.au W: www.unsw.adfa.edu.au/cyber
No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.