eNDP : Network Defense Professional

Hi all,

I decided to go with the Network Defense Professional course from eLearnSecurity.I will let you know how it is.

I decided to go with this course because the instructor seems to know his subject (I googled him):

InfoSec Big Picture and Some Quick Wins - Schuyler Dorsey Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

I already know lot of security stuff : windows, active directory, unix, cisco etc. But I feel like this course will teach me some good and unexpensive technics to further harden the network of my company.

My goal is to be proficient in both attack and defense in order to give high value advises to my company and my clients (I own a small consulting firm : pentest, PCI DSS, hardening of web sites).

My profesionnal background :
- 3 1/2 years of IT audit experience : SOX, PCI DSS, ISO 2700x, ITIL
- 2 years of full technical security : red team, security configurations, vulnerability scanning, security architecture review, testing of security tools (vulnerability scanner, SIEM, AV solutions, WAF, etc.)
- Did many programming internships

My education background:
- Master in IT management
- CISSP
- I followed lot of courses from pentesteracademy, strategic sec, did countless hours of security tests in a lab I have created. Everytime I learned a trick, I tried to think about a defense.

Find more posts tagged with

Comments

zxshockaxz

Let us know what you think! I'm a huge fan of their teaching style and I find it to be excellent quality. I've been eyeing the eNDP since launch, but have not had the time to get to it yet.

Good luck!

Mike-Mike

I'm actually very interested in this course. I am interested in all the elearnsecurity courses, but this one is more applicable to my current role, and had considered paying my own money for it

No_Nerd

sounds like a good course. Please let us know how you like it.

TheEnforcer

Hi all,

I finished the introduction module (TCP / Attacks ) and also finished 'Perimeter Appliances' and 'Secure network design part 1'.

Introduction module is an introduction module. If you are a security pro you will learn nothing. But I think this is a really good introduction for guys who are pure Windows guys or pure Cisco guys or pure application guys. This introduction will give them a real picture of how a hack happen and why old generation perimeter firewalls and AV won't stop an intermediate hacker (OSCP type of guys).

'Perimeter Appliances' and 'Secure network design part 1' were really good sub parties of the network security module.
My day to day work is more focused on system security (Windows environment hardening) so my knowledge of next generation network appliances was limited. These sub-parties were really easy to read. I was impressed by how I can rely on next generation network appliances to secure my network and stop hackers/malware trying to call home.

This is just the beginning but here is my feeling about this course: The instructor is good. It's really easy to read. He tells you what you need to know for your day to day job and show you example of products. And that's all. No need to read a 1000 pages CISCO book, or try to understand what the vendors are trying to sell you : read these 50+ slides and you already have an idea of how to improve your perimeter security. You start thinking of new outbound 'next generation' filtering rules, new module on your ASA firewall etc. It's a good start.

I will write a small post for each sub parties I finish.

636-555-3226

Thanks, keep it up. Thinking about recommending some eLearnSecurity courses to my peeps and like to see real-time feedback to know if it'll be valuable or not

TheEnforcer

Hi all,

I decided to quickly read all the NDP modules / sections / lab manual. (Of course I will have to memorize what I have read and do the labs exercices.).
This course is really well made. For this reason, I’m taking time to write this review. The author of the course deserves it. I hope this will help others to decide whether or not this course will do the job for them.

Here is my overview of the eLearn NPD course:

One reason I waited so long before enrolling in this course (1 year) was that I thought I will learn again theoric stuffs I know well: CISSP style.
I also thought the practical examples will be really easy: click there to open port 80 to let the traffic hit the webserver, remove this user from the local admin group, etc.

I was totally wrong, of course you will have to read a brief introduction of each sections (CISSP style) but then you will learn how you can use cutting edge technologies to protect your networks and systems. You don't learn the old technologies from 2005. You learn technologies from 2014 that are still up to date in 2016.

When you read 'SSL inpection and Decryption' in the syllabus this means the instructor will show you step by step how to implement SSL inspection and decryption on your next generation firewall (Palo Alto in this course). When you read 'segmentation' in the switch configuration module then you will learn how to create multiple VLAN and configure ACL to block or authorize traffic between these VLAN. Each point in the Syllabus is really practical and detailed in the courses.

The instructor will also tell you the true: you can't configure security controls without testing them. For example it's cool to implement Windows hardening baselines, but you also have to understand the impact of the Windows hardening baseline in your specific environment. The author speaks about different controls you can implement to do the same job. This is good to know more than one control so you can start looking at technical security with an holistic view. You will stop focusing on one technology to do the job.
The labs seems good also. I did not really read the lab manuals, but there are great exercises. The labs don’t teach you how to click on ‘buttons’. They teach you how to think. For exemple at one point you will launch a vulnerability scan. Then you will have to correct the vulnerabilities by yourself! How many pentest firms launch their nessus scanners and are not able to tell you how to fix the vulnerabilities?

Following the instructions given in this course and the labs, I think I will be able to create a virtualized secure entreprise network in my lab.

My point of view on the value of this course:

- I did not enrolled earlier in this course because I thought it was easy and really high lvl : I was wrong, it's at the right lvl and let room for improvement, reading etc. You won't be a Cyber defense hero, but you will be on the right path.

- I did not enrolled earlier in this course because I thought I will be able to find the same information for free : For two years I read lot of books, vendors articles, did some labs, etc. The true is that learning by yourself after work by browsing the internet is good. But it takes time. This will eat your energy. You will read an article and then you will read an other article that says the contrary, etc. If you go with NPD the instructor will help you go the right direction. He won’t try to sell you BS techologies like vendors. The intructor in NPD knows hacking, he knows Microsoft technologies administration, networking systems, he knows malwares, he know IT operation. By enrolling into this course you will be on the right track to speak with admins and challenge them about what is 'true' efficient security. I also like when the instructor says : ‘by doing this you will stop 90% malware I've seen’. Etc. This is real experience knowledge. The instructor will teach you how to stop script kiddies, OSCP guys, stop malware spreading. To stop APT you will have to read more, practice and be lucky J

Who should enroll in this course :

- If you are a young pentester who have never configured Active Directory, Windows and networking systems this will avoid communication issues with your clients : No we won’t patch Windows 2003. No we won’t stop using NTLM so easily J You will also learn what type of technology can stop you. If you know the technologie you can try to bypass it. If you don’t know the techology then you will be stop immediatly or the blue team will be alerted.

- If you are an IT auditor or a security policy guy : you can’t tell admin stuff you don’t understand. You have to know their work if you want to control them. If you don’t know their work they won’t do the job you give them.

- If you are an admin specialized in Cisco OR Windows : you will learn how to secure the other side of the infratructure. If you are a CISCO guy you will learn how to secure Windows. If you are a Windows guy you will learn how to secure networking systems. Both will learn how to react in case of malware spreading. How to communicate together.

- If you are a general admin (CISCO + Windows) : this course will give you some value. But may be it’s not worth the money. If your company is paying why not. But if it’s out of pocket and you already have CISCO and Windows admin xp, I don’t see lot of value. You will learn some tricks. Are these tricks worth 1k $? May be it’s better for you to start learning hacking with eCPPT, OSCP or pentester academy.

Value compare to others certs:

Fame : no value at all with HR. But the best value is what you know, how you speak, how you give value to your organization. This is not the cert. This is who you are as a security profesionnal. I met CEO of very good small security consulting firms without certifications other than CISSP.
Knowledge : really good value for the price. For me it’s like a GIAC certification with hand on lab in bonus (I did not attend a GIAC course. I only know peoples who did).
I think taking this cert + CISSP + pentester academy / OSCP is the best knowledge for the price when you want to work in blue team in an organization.

Am I happy with this course. Will I buy it again if I have the choice?:

I feel like elearn security is good. I did not want to spend money or the money of my company for training. Now I feel like I should have enroll into eCPPT and eNDP directly. I spent all my free time on the internet to find free courses. I feel like in 3 months with Elearn security (eCPPT and eNDP) you can learn what will take 2 years with free ressources on the internet.
There are lot of free or cheap pentesting courses on the internet. But there are not a lot of network defense course. For this reason I recommand paying the extra bucks to enroll into eNDP. This will save you lot of time. You will be more confident with technology and your system administrators.
I think Elearn security is good for people who are starting in the field. With this kind of courses they can be operationnal in 2 months of hard work. Then go for CISSP, OSCP, MCSA, CCNA if you really want to collect the alphabet soup J
I hope my review will help. Feel free to ask questions. Sorry for the bad english. English is not my first language and also I did not take the time to write well.
Let me know if you know other great network defense ressources.

eth0

http://www.techexams.net/search.php?searchid=1018402

this looks like poor advertisement, you so much want show how eNDP is cool but to be honest most opinions about eLS are that learning is boring and unrealistic (environment, cases that you will never see in real job)

TheEnforcer

Hi,

The link is not working. What did you want to share?

I think that if you are new to the field of 'technical' IT security (0 to 3 years of exp), have the money and not lot of time, then eNDP have value.

If you went to a really technical school or if you are a day to day CISCO & Windows administrator and are autodidact then may be it's not worth paying for this course.

Poor advertisement? I'm not trying to sell anything. I'm just trying to make a review of this course after reading the courses really quickly. This is the point of view of a guy who did IT audit work for 3 years and then 2 years of IT security assessment (Windows, Active directory hardening), Security architecture review, implementation of security solutions, scoping and project management for the implementation of PCI DSS.

Eth0, I spoke of eCPPT but I don't know if it's good or not. I only did OSCP & Pentester academy courses and labs. I don't know if other elearn security courses a good or not. I'm just speaking for eNDP.

What is your point of view for eWPT? Worth the money for a guy who already know how to exploit vulns in DVWA and OSCP lab machines (manually and with tools like burp, SQLMAP, etc.)?

Thanks!

chrisone

TheEnforcer wrote: »

No need to read a 1000 pages CISCO book, or try to understand what the vendors are trying to sell you : read these 50+ slides and you already have an idea of how to improve your perimeter security. You start thinking of new outbound 'next generation' filtering rules, new module on your ASA firewall etc. It's a good start.

Be careful in thinking you are going to be trusted with next gen firewalls because you read 50 slides from elearnsecurity. You can seriously bring down the network or shut critical business services down if you do not know how to properly install, maintain, and operate "vendor" specific firewalls. Those 1000 pg Certification books are 10 times more valuable than 50 slides of elearnsecurity security.

Good to hear your are enthusiastic about the course. Keep us updated on your progress.

Mike7

TheEnforcer wrote: »

I decided to go with the Network Defense Professional course from eLearnSecurity.I will let you know how it is.

My goal is to be proficient in both attack and defense in order to give high value advises to my company and my clients (I own a small consulting firm : pentest, PCI DSS, hardening of web sites).

eLS provides excellent training materials and a hands-on lab for practice. As they are pretty new, their certifications are not as well recognised yet. If you are interested in more eLS course, their 4-in-a-box promotion is still on but at a higher price of US$3,499. It was $2,999 during X'mas month.

If you are looking for certifications that highlight your capability to clients, check out SANS GIAC and OffSec's OSCP certs. In Europe especially UK, CREST is more recognised. I wrote about this at http://www.techexams.net/forums/jobs-degrees/117143-becoming-pen-tester.html#post1001443.

TheEnforcer

chrisone wrote: »

Be careful in thinking you are going to be trusted with next gen firewalls because you read 50 slides from elearnsecurity. You can seriously bring down the network or shut critical business services down if you do not know how to properly install, maintain, and operate "vendor" specific firewalls. Those 1000 pg Certification books are 10 times more valuable than 50 slides of elearnsecurity security.

Good to hear your are enthusiastic about the course. Keep us updated on your progress.

Yes you are 100% right. This course alone won't make you a Windows or a firewall administrator in a big company.
This course won't make you a MCSA/MCSE or CCNA/CCNP security.

But i'm sure you can use this knowledge to slowly start managing the security of a small/medium company (if the installation/maintenance of the equipment is done by a specialized firm in order not to shutdown production). You can always learn and slowly master the technology you are using. Nothing is static. I know Windows admins who are now CISCO administrators for a big company. This is possible to learn on the job even if it's always difficult the first 2-3 years.

I'm enthousiast about this course because it's good for an IT security analyst with my experience. It gives you arrows to assess and ask for enhancements in the security posture of the company. You can prepare the job for the administrators to implement : network initial design, GPO, proof of concepts in a lab, better understanding of what vendors wants to sell you, write better procedures, accept security trade off, etc.

To conclude, I repeat nothing is better than real professional experience. Elearn Security gives training. Then you can decide to build on this initial knowledge to enhance your skills : do personal researches, install labs, work for free for charity, have a strategy to change job if you want.
School/Certs is only 20%. The other 80% is your strategy to end up doing what you want. Training just helps you in the beginning in order not to get lost. Training speed up your success if followed by hard work and dedication / work ethic.

eth0

TheEnforcer wrote: »

What is your point of view for eWPT? Worth the money for a guy who already know how to exploit vulns in DVWA and OSCP lab machines (manually and with tools like burp, SQLMAP, etc.)?

Thanks!

OSCP have almost nothing about websec, eWPT is good for new people in websec

UnixGuy

Thanks for sharing your experience TheEnforcer. Sounds like another great course from eLearnSecurity!

eth0

How look eNDP exam?

TheEnforcer

eth0 wrote: »

How look eNDP exam?

Hi,

I did not take the exam but I have read the document that explains the exam. First, you have to answer to multiple questions. If you were able to answer most questions, you can take the exam. I don't know how is the exam. If I understood well you are provided a scenario where a company have been hacked. I think you have to understand the hack and harden the environment. You have 96 hours to complete the exam and then some more days to send a report.

My thought about this course after 2 weeks:

I already have read all the course and saw the videos but I decided to go in deep into Windows hardening. If you really harden Windows it becomes really hard to exploit even if the users like to click everywhere. (lot of really good ressources here Publications: ASD Australian Signals Directorate and here Harden Windows 10 for Security. How to secure Windows 10.).

After 2 weeks, I can tell this course is good for peoples who have less than 2 years of hand on experience in system security or network security (if you have both don't take the course unless it's paid by you company?). It helps joining the dots and make sense. It's really complete. The knowledge in this course is necessary if you want to become a blue team guy.

Does this course worth 1000$? I think that it worth it if you want to become a blue teamer and have the money. You can have the same knowledge by reading lot of different specialized books. But i have never seen a course so easy to read with just what you need to know to start working. So my advise for someone who start in defensive security is to start this course and then go deep in each modules by reading specialized books, building your lab, etc. Instead of taking 4-6 months to read different books and build your lab, take this course and in 1 month you will earn the same knowledge.

My next goal will be to challenge GCWN and may be GCFA or GMON. (SANS is so expensive, but it's always good to have 1 or 2 on the resume...)

Mike-Mike

the more I read on TE about eLearn, the more I want to take their courses

supasecuritybro

I took their eJPT course and exam. It was legit. At first I thought it was a little basic but it got pretty complex toward them end and I had to really research to complete the exam with furthering my exploit skills. I would say it was better than the CEH since you get to really put traction to your knowledge. I have been interested on this one also. Doing RHCSA next then maybe this or the eCPPT. We will see.

TheEnforcer

Maybe it's better to first learn pentesting and then defense? With my pentesting knowledge (OSCP/pentester academy type of knowledge) I like to go deep in this course. I try to find how to block or detect all the attacks that I already know. If you don't know pentesting, may be this course has less value? The risk is to only learn how to press button but don't really understand why?

Mike-Mike

good questions, for those that have done both, would you recommend doing the network defense or the pentesting courses first?

eth0

supasecuritybro wrote: »

I took their eJPT course and exam. It was legit. At first I thought it was a little basic but it got pretty complex toward them end and I had to really research to complete the exam with furthering my exploit skills. I would say it was better than the CEH since you get to really put traction to your knowledge. I have been interested on this one also. Doing RHCSA next then maybe this or the eCPPT. We will see.

but how look this exam? are this questions or some technical aspects todo?

princesamus

I'm currently preparing for the GMON (the course was really awesome), and I just purchased the eNDP course which looks quite exciting.
I have 2 years of experience as consultant/auditor pretty much like you TheEnforcer.

There are a lot of pentest course out there but the "cyber defense" path is relatively empty in terms of training/certification.
Did you take the exam already? Let us know.

jamesleecoleman

Hey,
Any update with the course? I'm looking at the course to help me understand the defense side of things a lot better and quicker. I would like to keep up on the knowledge and gain new skills as well. I might go ahead and sign up for the four month course if I can. How are the labs? Do you have to remote desktop in?

supasecuritybro

eth0 wrote: »

but how look this exam? are this questions or some technical aspects todo?

Im sorry I didn't see this post until now. I don't understand the question, how look this exam???

jamesleecoleman

Maybe the person is asking what is the exam like or what was your experience with the exam.

alvinoo

Hi there,

I have just about to embarked on this course. I came from a red teaming/penetration testing background. What attracts me about this course is: "Additionally, penetration testers will also learn more about how different networks are defended and gain a better understanding of how to penetrate them."

To be honest after these years, I don't have much working knowledge about Perimeter applicance such as Web Filter, IPS/IDS such as LanDesk/McAfee, Firewall applicances such Barracuda, Cisco, Palo Alto, Advanced Malware Protection such as Fireeye. Understanding of Network Topology such as DMZ, Zones etc, System Security.

However, i have knowledge on VAPT, types of misconfigurations, attacks pivoting etc.

I hope this course can leads me to be better advisory to my customer or maybe lead me to a network defense jobs.

flamecopper

Emet (one of the subject/theme of the PND course) ends of life: 07.2018

flamecopper

I never had a chance to attack and defense and test whether the controls are working at the same time.
I got the change to configure a NGFW open source firewall Pfsense. I got to used nmap to port scan into other parts of the network. I got to study the topology of the network work and read policies such as user are only allowed to surf net, developer are only supposed to upload the website, and nothing else. I figuring out how to edit firewall rules and test them, one really tricky parts is how do I used Nmap to test whether Firewall is in place, suddenly

I just couldn't find any open ports after doing an Allow on the network.

Ya, things are going to get interesting as I move on to Palo Alto Firewall, learn more advance things like Web Filters, IPS, AMP, etc.