Clever Geek Handbook

CND: Protection against hacker attacks (EC-Council CND)

Certified Network Defender (CND) is the next level after Certified Encryption Specialist (ECES) . The course and certification are much more popular, complex, interesting and already require some experience with the network. For me, this was the second certification in the EC-Council, and my colleagues went straight to CEH.



As in the last time, the article will not be limited only to the exam, but there will be additional information covering some organizational points.



About certification and course



Full details are available on the official website .



CND is about 1500 pages of a textbook, an official course for 40 academic hours, an exam for 4 hours, 100 questions and a passing score from 60% to 85% depending on the pool of questions (the passing score will be indicated immediately before the exam, I had 70% ).



The course consists of 14 modules:



  • Fundamentals of computer networks and approaches to their protection;
  • Network security threats, vulnerabilities and attacks;
  • Network security management, protocols and devices;
  • Design and implementation of network security policy;
  • Physical security;
  • Host security;
  • Design and configuration of firewalls;
  • IDS. Intrusion detection systems design and configuration;
  • VPN. Design and configuration of virtual private networks;
  • Wi-Fi. Protection of wireless networks;
  • Monitoring and analysis of network traffic;
  • Risks and Vulnerability Management;
  • Data backup and recovery;
  • Incident response management.


I did not notice that the CND in the materials or in the questions on the exam somehow intersected with ECES, but there is a very strong connection with CEH, which is practically CND + hacker techniques and tools.



The training center issues a key for the Aspen personal account, training materials and an exam voucher are valid for 1 year.



Qualification criteria



As in the case of ECES, CND has 2 options for admission to the exam, but the requirements themselves are more serious:



  • Take the official course, get an exam voucher for it;
  • Or confirm 2 years of experience, pay a fee and buy a voucher.


Having a higher certification makes it impossible to buy a voucher without proof of experience.



Taking an official course



There are several options for taking the course at the EC-Council:



  • Independently based on ready-made videos and iLearn materials, but it does not give the right to take the exam, therefore, it is probably intended only for those who have confirmed their experience or are simply not going to take the exam;
  • Training in the iClass format - iclass.eccouncil.org , which is suitable if it is not possible to study at an accredited center with an instructor or the nearest center does not conduct the programs you need (as, for example, in my case I was interested in the CASE Java course, but this program was not available in center where I passed all the others). This option and all subsequent ones give the right to take the exam;
  • And good old school training at an accredited center.


This is not a complete list of training options, since there are also master classes that are not part of the iClass format, and cultural events (somewhat similar to master classes, only under a different wrapper), after participation in which the student is provided with all iLearn access + key.



All materials for classes will be available in the Aspen room







. Access to laboratories will be organized depending on the format of the training. For CND, I chose the training format at the center and do not regret it.



Preparation for the exam and the exam itself



I mastered the textbook and materials in a month, I could have done it faster, but I also need to work and rest, I confess I didn’t touch the laboratory ones because I had enough skills and experience without them. I did not take anything from the additional literature, but, obviously, the course itself has a certain threshold of entry, and if there is no knowledge of networks, then why did you come to the defender of networks? But if you want to refresh your knowledge - Andrew Tanenbaum and his "Computer Networks" rush to the rescue.

The exam was relatively easy, they did not dig deeply, they asked everyone only according to their textbook, and only rare questions were drawn up as a kind of situation where it was required to indicate the best way to solve the problem. Only one question drove me into a stupor, I was asked about the classification of fires and fire extinguishing means - in the end I didn’t answer it correctly, I decided β€œit is doubtful that on the network exam they will ask about an ordinary household fire, most likely the correct answer will not turn on water or foam ”- but how wrong I was. I later found the answer in the book, it was a short line in one of the pictures.



To prepare for the exam, the EC-Council provides access to the CND Assessment - 50 practice questions that are really very similar to those on the actual exam.



Organizational moments



Strange, but the www.proctoru.com platform stopped accepting this exam at the beginning of 2019, the EC-Council simply did not renew the five-year contract with them. Perhaps this problem will be solved soon, but I was offered to take it in the very center or pay $ 100 and take it in any form on the Pearson VUE platform (if you passed the AWS, Oracle, etc. exams, then you know about it). In the letter, they kindly indicated a link to the store .



This upgrade works on all exams. I did not notice any cardinal differences from passing in ProctorU, just more familiar. This time there was no audit and the certificate came the next day. Unlike ECES, it did not contain the version name.



Certified Network Defender CNDv2



In September 2020, a course update was announced, the first in years. EC-Council in its program promise to focus on remote work and cloud technologies in the new version. Compared with 14 CNDv1 modules, CNDv2 already consists of 20. Several old ones have been combined and 10 new ones have been added. At the moment, the list is something like this:



  • Modern network attacks and defense strategies;
  • Administrative network security;
  • Technical network security;
  • Perimeter security;
  • Windows Endpoint Protection;
  • Linux endpoint protection;
  • Endpoint protection of mobile devices;
  • Internet of Things (IoT) endpoint protection;
  • Application protection;
  • Data security;
  • Corporate virtual network security;
  • Security of the corporate cloud network;
  • Security of corporate wireless networks;
  • Monitoring and analysis of network traffic;
  • Monitoring and analysis of network logs;
  • Incident response and incident investigation;
  • Business Continuity and Disaster Recovery;
  • Foresight and risk management;
  • Threat assessment with analysis of the attack surface;
  • Forecasting with intelligence in the field of cyber threats.


The number of laboratory work has increased and now most of the time is devoted to practical work, rather than listening to lectures. No changes were noticed in the exam - the admission criteria, passing score, number of questions and time remained unchanged, but the pool of questions will probably be completely updated. All in all a pretty interesting update to the classic networking course. The CEH course is also expected to release a new 11 version.



Conclusion



I liked the Certified Network Defender course much more than ECES and even more than CEH. Information was taught not divorced from life, and the tools, approaches and solutions are completely relevant for 2020 (with the exception of a couple of recommended programs and the author's special love for class IP addressing of IP networks). CND is not at all a "passable" certification, but on the contrary - all subsequent ones are based on it. Thank you for attention.


More articles:


All Articles