OPS300 - Concepts of Intelligence Based Computer Network Defense

Class Overview

The OPS300 class introduces students to the concept of Advanced Persistent Threats (APT) and the tools and tactics to mitigate them. As traditional incident response focuses on vulnerabilities and defends the enterprise network with tools such as anti-virus and intrusion detection systems (IDS), some threat actor goals, and sophistication have rendered this insufficient. These APTs are prepared to conduct multi-year intrusion campaigns and use advanced tools and techniques to defeat most conventional computer network defenses. An intelligence feedback loop enables defenders to create a state of information superiority, which decreases the likelihood of successful intrusions after every attempt. This iterative intelligence is gathered by mapping adversary indicators of compromise (IOC), identifying patterns, and linking individual intrusions to multi-year campaigns for sensitive, proprietary, or national security information. This approach provides relevant metrics of effectiveness and performance. It reduces the likelihood of adversary success and informs network defense investment and resource prioritization.

Class Outline

• Intro to Traditional IT and Security Intelligence
• Basic Perimeter and Network Defense
• CIA Triad
• Threats
• Threat Actors
• Insider Threats
• Cyber Kill Chain
• Advanced Persistent Attacks
• Attribution
• Threat Intelligence and Lifecycle
• Open-Source and Cyber
• Threat Hunting
• Defensive Tactics and Procedures
• Packet Analysis and Filtering
• Intrusion Detection / Prevention
• Anomaly Detection
• Risk Analysis
• Disaster Recovery and Business Continuity