Search Results

Hi there. Previously, you learned how an incident handler's journal is used for documenting the 5 W's of an incident: who, what, where, when, and why an incident occurred.  In this section, we'll continue our discussion on documentation by exploring...

In this video, we'll introduce you to intrusion detection and intrusion prevention systems. Imagine that you've just installed a home intrusion security system. You've installed intruder sensors for each entry and exit point in your...

Previously, you explored intrusion detection system (IDS) and intrusion prevention system (IPS) technologies. In this reading, you’ll compare and contrast these tools and learn about endpoint detection and response (EDR). As a security analyst, you'll likely w...

Our discussion on detection tools may have left you wondering where alerts are sent and how alerts are accessed by security analysts. This is where security information and event management, or SIEM, tools are used. SIEM is a tool...

Way to go! You made it through a new section, and you've learned a lot. As a refresher, we first covered the incident response lifecycle as a framework to support incident response processes. You were also given yo...

Welcome back! I'm so glad you're joining us. Previously, you were introduced to incident detection and response. You may also remember learning about networking from a previous course. To recap, you learned about how devices talk ...

Hi, my name is Casey and I'm part of the Google Cloud Enterprise Security sales team. First of all, the biggest piece of advice I can give is: do it. I want you to be here.  We need all the people.  It's a non-stop, ever-changing world in cybersecurity...

In many organizations, network communication travels over multiple networks in different countries and across different devices. Data can get unintentionally sent and stored in insecure places, like personal email inboxes or cloud storage platforms. ...

Network communication can be noisy! Events like sending an email, streaming a video, or visiting a website all produce network communications in the form of network traffic and network data. As a reminder, network traffic is the amount of data that moves acros...

Monitoring network traffic helps security professionals detect, prevent, and respond to attacks.  In my experience as a security professional, monitoring for deviations from typical network traffic patterns has yielded big results. Even if information...

Whether it's an employee sending an email or a malicious actor attempting to exfiltrate confidential data, actions that are performed on a network can be identified through examining network traffic flows. Understanding these network ...

The role of security analysts involves monitoring and analyzing network traffic flows. One way to do this is by generating packet captures and then analyzing the captured traffic to identify unusual activity on a network. Previously, you explored the fundamen...

If a packet capture is like intercepting an envelope in the mail, then packet analysis is like reading the letter inside of the envelope. Let's discuss how analyzing packets can help us interpret and understand network communications. ...

While there are many different tools available to use, it's important as a security analyst that you learn how to read and analyze packets manually.  To do so, let's examine an important packet component: IP headers. Previously, you ...

So far, you've learned about how network protocol analyzers (packet sniffers) intercept network communications. You've also learned how you can analyze packet captures (p-caps) to gain insight into the activity happening on a network. As a security analyst, yo...

Tcpdump is a popular network analyzer. It's pre-installed on many Linux distributions and can be installed on most Unix-like operating systems, like macOS. You can easily capture and monitor network traffic such as TCP, IP, ICMP, and many more. ...

Use ifconfig to identify the interfaces that are available: sudo ifconfig example output analyst@b4aade4b3e15:~$ sudo ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1460 inet 172.18.0.2 netmask 255.255.0.0 broadcast 172.18.255....

i probably legally cant give you anything coz its an activitybut here is the gist In this activity, you'll focus on the two network protocol analyzers: Wireshark and tcpdump. Your goal is to gain a basic understanding of the Wireshark and tcpdump, how they wo...

Nice work so far!ddddddddddddddd Congratulations on capturing and analyzing your first packet. Let's review what we've covered so far. First, you learned how network traffic flows provide valuable communications insight. Through monitoring network...

Welcome back! I want to commend you on such a fantastic job you're doing so far. The skills you are learning will create a solid foundation as you begin your security career. In the previous section, you applied your networking kn...