Certified Network Defender (CND)


Seminar - Ziel

Certified Network Defender (CND) is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program. It is a skills-based, lab intensive program based on the security education framework and work role task analysis presented by the National Infocomm Competency Framework (NICF) as well as a job-task analysis and cybersecurity education framework by the National Initiative of Cybersecurity Education (NICE). The course has also been mapped to global job roles and to the Department of Defense (DoD) job roles for system/network administrators.

The program prepares network administrators how to identify what parts of an organization need to be reviewed and tested for security vulnerabilities and how to reduce, prevent, and mitigate risks in the network. CND covers the protect, detect, respond and predict approach to network security.

Teilnehmer - Zielgruppe

  • Network Administrators
  • Network security Administrators
  • Network Security Engineer
  • Network Defense Technicians
  • CND Analyst
  • Security Analyst
  • Security Operator

Kurs - Voraussetzungen

Basic knowledge of network security


  • 5 Tage
  • 09:00 Uhr bis 17:00 Uhr


  • nach Absprache

Seminar-Inhalt / Agenda


  • CNDv2 Module 01: Network Attacks and Defense Strategies
  • LO#01: Explain essential terminologies related to network security attacks
  • LO#02: Describe the various examples of network-level attack techniques
  • LO#03: Describe the various examples of application-level attack techniques
  • LO#04: Describe the various examples of social engineering attack techniques
  • LO#05: Describe the various examples of email attack techniques
  • LO#06: Describe the various examples of mobile device-specific attack techniques
  • LO#07: Describe the various examples of cloud-specific attack techniques
  • LO#08: Describe the various examples of wireless network-specific attack techniques
  • LO#09: Describe Attacker’s Hacking Methodologies and Frameworks
  • LO#10: Understand fundamental goal, benefits, and challenges in network defense
  • LO#11: Explain Continual/Adaptive security strategy
  • LO#12: Explain defense-in-depth security strategy


  • CNDv2 Module 02 Administrative Network Security
  • LO#01: Learn to obtain compliance with regulatory framework and standards
  • LO#02: Discuss various Regulatory Frameworks, Laws, and Acts
  • LO#03: Learn to design and develop security policies
  • LO#04: Learn to conduct different type security and awareness training
  • LO#05: Learn to implement other administrative security measures
  • CNDv2 Module 03: Technical Network Security
  • LO#01: Discuss access control principles, terminologies, and models
  • LO#02: Redefine the Access Control in Today’s Distributed and Mobile Computing World
  • LO#03: Discuss Identity and Access Management (IAM):
  • LO#04: Discuss cryptographic security techniques
  • LO#05: Discuss various cryptographic algorithms
  • LO#06: Discuss security benefits of network segmentation techniques
  • LO#07: Discuss various essential network security solutions
  • LO# 08: Discuss various essential network security protocols
  • CNDv2 Module 04 Network Perimeter Security
  • LO#01: Understand firewall security concerns, capabilities, and limitations
  • LO#02: LO#02: Understand different types of firewall technologies and their usage
  • LO#03: Understand firewall topologies and their usage
  • LO#04: Distinguish between hardware, software, host, network, internal, and external firewalls
  • LO#05: Select firewalls based on its deep traffic inspection capability
  • LO#06: Discuss firewall implementation and deployment process
  • LO#07: Discuss recommendations and best practices for secure firewall Implementation and
  • deployment
  • LO#08: Discuss firewall administration concepts
  • LO#09: Understand role, capabilities, limitations, and concerns in IDS deployment
  • LO#10: Discuss IDS classification
  • LO#11: Discuss various components of ID
  • LO#12: Discuss effective deployment of network and host-based IDS
  • LO#13: Learn to how to deal with false positive and false negative IDS/IPS alerts
  • LO#14: Discuss the considerations for selection of an appropriate IDS/IPS solutions
  • LO#15: Discuss various NIDS and HIDS Solutions with their intrusion detection capabilities
  • LO#16: Discuss router and switch security measures, recommendations, and best practices
  • LO#17: Leverage Zero Trust Model Security using Software-Defined Perimeter (SDP)
  • CNDv2 Module 05 Endpoint Security-Windows Systems
  • LO#01: Understand Window OS and Security Concerns
  • LO#02: Discuss Windows Security Components
  • LO#03: Discuss Various Windows Security Features
  • LO#04: Discuss Windows Security Baseline Configurations
  • LO#05: Discuss Windows User Account and Password Management
  • LO#06: Discuss Windows Patch Management
  • LO#07: Discuss User Access Management
  • LO#08: Windows OS Security Hardening Techniques
  • LO#09: Discuss Windows Active Directory Security Best Practices
  • LO#10: Discuss Windows Network Services and Protocol Security
  • CNDv2 Module 06 Endpoint Security-Linux Systems
  • LO#01: Understand Linux OS and security concern
  • LO#02: Discuss Linux Installation and Patching
  • LO#03: Discuss Linux OS Hardening Techniques
  • LO#04: Discuss Linux User Access and Password Managemen
  • LO#05: Discuss Linux Network Security and Remote Access
  • LO#06: Discuss Various Linux Security Tools and Frameworks
  • CNDv2 Module 07 Endpoint Security- Mobile Devices
  • LO#01: Common Mobile Usage Policies in Enterprises
  • LO#02: Discuss Security Risk and Guidelines associated with Enterprises mobile usage policies
  • LO#04: Discuss and implement various enterprise-level mobile security management Solutions
  • LO#05: Discuss and implement general security guidelines and best practices on Mobile platforms
  • LO#06: Discuss Security guidelines and tools for Android devices
  • LO#07: Discuss Security guidelines and tools for iOS devices
  • CNDv2 Module 08 Endpoint Security-IoT Devices
  • LO#01: Understanding IoT Devices, their need and Application Areas
  • LO#02: Understanding IoT Ecosystem and Communication models
  • LO#03: Understand Security Challenges and risks associated with IoT-enabled environments
  • LO#04: Discuss the security in IoT-enabled environments
  • LO#05: Discuss Security Measures for IoT enabled IT Environments
  • LO#06: Discuss IoT Security Tools and Best Practices
  • LO#07: Discuss and refer various standards, Initiatives and Efforts for IoT Security
  • CNDv2 Module 09 Administrative Application Security
  • LO#01: Discuss and implement Application Whitelisting and Blacklisting
  • LO#02: Discuss and implement application Sandboxing
  • LO#03: Discuss and implement Application Patch Management
  • LO#04: Discuss and implement Web Application Firewall (WAF)
  • CNDv2 Module 10: Data Security
  • LO#1: Understand data security and its importance
  • LO##2: Discuss the implementation of data access controls
  • LO#03: Discuss the implementation of Encryption of Data at rest
  • LO#04: Discuss the implementation of Encryption of “Data at transit”
  • LO#4.1: Discuss the implementation of Encryption of “Data at transit” between browser and
  • web server
  • LO#4.2: Discuss the implementation of Encryption of “Data at transit” between database server
  • and web server
  • LO#4.3: Discuss the implementation of Encryption of “Data at transit” in Email Delivery
  • LO#05: Discuss Data Masking Concepts
  • LO#06: Discuss data backup and retention
  • LO#07: Discuss Data Destruction Concepts
  • LO#08: Data Loss Prevention Concepts
  • CNDv2 Module 11: Enterprise Virtual Network Security
  • LO#01: Discuss the evolution of network and security management concept in modern
  • Virtualized IT Environments
  • LO#02: Understand Virtualization Essential Concepts
  • LO#03: Discus Network Virtualization (NV) Security
  • LO#04: Discuss SDN Security
  • LO#05: Discuss Network Function Virtualization (NFV) Security
  • LO#06: Discus OS Virtualization Security
  • LO#07: Discuss Security Guidelines, Recommendations and Best Practices for Containers
  • LO#08: Discuss Security Guidelines, Recommendations and Best practices for Dockers
  • LO#09: Discuss Security Guidelines, Recommendations and Best Practices for Kubernetes
  • CNDv2 Module 12: Enterprise Cloud Security
  • LO#01: Understand Cloud Computing Fundamentals
  • LO#02: Understanding the Insights of Cloud Security
  • LO#03: Evaluate CSP for Security before Consuming Cloud Service
  • LO#04: Discuss security in Amazon Cloud (AWS)
  • LO#05: Discuss security in Microsoft Azure Cloud
  • LO#06: Discuss security in Google Cloud Platform (GCP)
  • LO#07: Discuss general security best practices and tools for cloud security
  • CNDv2 Module 13: Wireless Network Security
  • LO#01: Understand wireless network fundamentals
  • LO#02: Understand wireless network encryption mechanisms
  • LO#03: Understand wireless network authentication methods
  • LO#04: Discuss and implement wireless network security measures


  • CNDv2 Module 14: Network Traffic Monitoring and Analysis
  • LO#01: Understand the need and advantages of network traffic monitoring
  • LO#02: Setting up the environment for network monitoring
  • LO#03: Determine baseline traffic signatures for normal and suspicious network traffic
  • LO#04: Perform network monitoring and analysis for suspicious traffic using Wireshare
  • LO#06: Discuss network performance and bandwidth monitoring tools and techniques
  • CNDv2 Module 15: Network Logs Monitoring and Analysis
  • LO#01: Understand logging concepts
  • LO#02: Discuss log monitoring and analysis on Windows systems
  • LO#03: Discuss log monitoring and analysis on Linux
  • LO#04: Discuss log monitoring and analysis on Mac
  • LO#05: Discuss log monitoring and analysis in Firewall
  • LO#06: Discuss log monitoring and analysis on Routers
  • LO#07: Discuss log monitoring and analysis on Web Servers
  • LO#08: Discuss centralized log monitoring and analysis


  • CNDv2 Module 16 Incident Response and Forensic Investigation
  • LO#01: Understand incident response concept
  • LO#02: Understand the role of first responder in incident response
  • LO#03: Discuss Do’s and Don’t in first response
  • LO#04: Describe incident handling and response process
  • LO#05: Describe forensics investigation process
  • Exercise 1: Working with Incident Tickets in OSSIM
  • CNDv2 Module 17 Business Continuity and Disaster Recovery
  • LO#01: Introduction to Business Continuity (BC) and Disaster Recovery (DR) concepts
  • LO#02: Discuss BC/DR Activities
  • LO#03: Explain Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)
  • LO#04: Discuss BC/DR Standards


  • CNDv2 Module 18 Risk Anticipation with Risk Management
  • LO#01: Understand risk management concepts
  • LO#02: Learn to manage risk though risk management program
  • LO#03: Learn different Risk Management Frameworks (RMF)
  • LO#04: Learn to manage vulnerabilities through vulnerability management program
  • LO#05: Learn vulnerability Assessment and Scanning
  • CNDv2 Module 19 Threat Assessment with Attack Surface Analysis
  • LO#01: Understand the attack surface concepts
  • LO#02: Learn to understand and visualize your attack surface
  • LO#03: Learn to identify Indicators of Exposures (IoE)
  • LO#04: Learn to perform attack simulation
  • LO#05: Learn to reduce the attack surface
  • LO#06: Discuss attack surface analysis specific to Cloud and IoT
  • CNDv2 Module 20 Threat Prediction with Cyber Threat Intelligence
  • LO#01: Understand role of cyber threat intelligence in network defense
  • LO#02: Understand the types of threat Intelligence
  • LO#03: Understand the Indicators of Threat Intelligence: Indicators of Compromise (IoCs) and
  • Indicators of Attack (IoA)
  • LO#04: Understand the layers of Threat Intelligence
  • LO#05: Learn to leverage/consume threat intelligence for proactive defense
  • APPENDICES (Self-Study):
  • APPENDIX A: Computer Network Fundamentals
  • LO#01: Understand various network fundamental concepts
  • LO#02: Understand the working of different protocols in TCP/IP protocol suite
  • LO#03: Understand the concepts of IP Addressing and port numbers
  • LO#04: Understand other network related terminologies
  • LO#05: Learn to troubleshoot basic network issues with network troubleshooting utilities
  • APPENDIX B: Physical Network Security
  • LO#01: Understand the importance of physical security
  • LO#02: Describe various physical security controls
  • LO#03: Describe Workplace Security
  • LO#04: Describe various Environmental Controls
  • APPENDIX C: Virtual Private Network (VPN) Security
  • LO#01: Understand the working of VPN
  • LO#02: Understand the VPN Components
  • LO#03: Explain different VPN types and categories
  • LO#04: Explain the core functions, technologies, and topologies of VPN
  • LO#05: Explain VPN security risks
  • LO#06: Explain VPN security
  • LO#06: Discuss Deployment, Quality Of Service and Performance in VPNs

Weitere Schulungen zu Thema EC-Council

Certified Incident Handler (ECIH)

- u.a. in Nürnberg, Berlin, Stuttgart, München, Köln

This latest iteration of EC-Council’s Certified Incident Handler (E|CIH) program has been designed and developed in collaboration with cybersecurity and incident handling and response practitioners across the globe. It is a comprehensive specialist-level program that imparts ...

Computer Hacking Forensic Investigator v10 (CHFI)

- u.a. in Nürnberg, Berlin, Stuttgart, München, Köln

The Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on ...

Certified Penetration Testing Professional (CPENT)

- u.a. in Hamburg, Leipzig, Nürnberg, Düsseldorf, Mannheim

EC-Council’s Certified Penetration Tester (CPENT) program is all about the pen test and will teach you to perform in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live ...

Certified SOC-Analyst (CSA)

- u.a. in Hamburg, München, Wien, Mannheim, Darmstadt

The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations. CSA is a ...