Join the Certified Network Defender (C|ND)
Unical Academy, in collaboration with EC-Council, invites you to enhance your cybersecurity skills with the Certified Network Defender (C|ND) Â course. This globally recognized certification program includes comprehensive training and an exam voucher, giving you the expertise to protect systems from cyber threats.
Take the next step in your career and become a certified ethical hacker
About the course
The Certified Network Defender (C|ND) program, developed by industry experts, equips network defenders with the strategic, technological, and operational skills necessary to build, manage, and secure networks effectively.
Participants will gain essential skills for defending local networks, endpoints, cloud infrastructure, applications, OT environments, and mobile systems. The course covers log analysis, network traffic monitoring, basic investigation and response techniques, along with business continuity and disaster recovery strategies.
Students will also explore network threats, attack surface analysis, and threat prediction, learning to apply threat intelligence in their roles as network administrators and defenders.
C|NDs will be able to apply defence and countermeasure strategies in their organisations, playing a critical role
- Protect
- Detect
- Respond
- predict
Why Should You Join the Certified Network Defender?
Mapped with real-time job roles and responsibilities of network security professionals.
Includes 100+ hands-on labs—more labs than any globally recognized network security certification.
Covers the latest tools and advanced network security requirements used by top cybersecurity experts worldwide.
Key Features
It covers defense-in-depth security strategy
Accredited under ISO/IEC 17024 standards.
It covers functions of the NIST Cybersecurity Framework (CSF)
It covers four security approaches
Recognized by the National Cyber Security Centre (NCSC)
Mapped with the NICE Framework
Approved by the US Department of Defense (DoD) under Directive 8570/8140
Includes 100+ hands-on labs
Join US
- Plan and Administer Network Security: Develop and execute security plans to protect organizational networks.
- Identify Security Risks: Recognize and assess threats, vulnerabilities, and potential risks to systems and data.
- Ensure Regulatory Compliance: Maintain adherence to industry standards and regulatory requirements.
- Design and Implement Security Policies: Establish and enforce comprehensive network security policies.
- Apply Security in Distributed Environments: Implement security best practices in mobile and distributed computing contexts.
- Implement Identity and Access Management: Manage encryption, IAM, and network segmentation for secure access control.
- Windows and Linux Security Administration: Oversee the security management of both Windows and Linux environments.
- Address Mobile and IoT Security Risks: Implement strategies to mitigate risks associated with mobile devices and IoT.
- Implement Data Security Techniques: Enforce strong data protection practices, including encryption and secure data handling.
- Manage Security in Virtual and Cloud Platforms: Secure virtual environments and cloud infrastructure against emerging threats.
- Wireless Network Security: Protect wireless networks from attacks and vulnerabilities with robust security measures.
- Conduct Risk and Vulnerability Assessments: Evaluate systems and networks for weaknesses and mitigate risks.
- Provide Incident First Response: Act as a first responder to security incidents and breaches.
- Identify Indicators of Compromise: Detect signs of malicious activity and potential attacks.
- Integrate Threat Intelligence: Use threat intelligence to enhance defense mechanisms and prevent attacks.
- Perform Attack Surface Analysis: Analyze and reduce the potential points of vulnerability within an organization.
- Assist in Business Continuity and Disaster Recovery: Contribute to planning and implementing business continuity strategies and disaster recovery processes.
- Monitor Network Traffic and Manage Logs: Continuously monitor network traffic and logs for unusual activity and potential breaches.
- Manage Proxy, Content Filtering, and Network Issues: Oversee security tools like proxies and content filters, while addressing network issues.
- Harden Endpoints and Select Firewalls: Strengthen endpoint security and implement firewall solutions.
- Configure IDS/IPS Systems: Set up Intrusion Detection and Prevention Systems to enhance security.
- Maintain an Inventory of Network Devices: Track and secure all network devices used within the organization.
- Provide Security Awareness Training: Educate staff on cybersecurity best practices and potential risks.
- Manage AAA for Network Devices: Administer Authentication, Authorization, and Accounting for network security.
- Review Audit Logs and Analyze Anomalies: Regularly check logs to identify security anomalies and breaches.
- Configure and Maintain Security Platforms: Set up and manage security platforms to protect infrastructure.
- Evaluate Security Products and Procedures: Assess new security products and optimize operational procedures.
- Classify and Secure Organizational Assets: Identify and ensure protection of critical assets.
- Implement System Integrity Monitoring: Use monitoring tools to track system integrity and detect changes.
- Understand EDR/XDR and UEBA Solutions: Gain proficiency in using Endpoint Detection & Response (EDR), Extended Detection & Response (XDR), and User and Entity Behavior Analytics (UEBA) tools.
- Conduct Privacy Impact Assessments: Perform PIA processes to evaluate and safeguard personal data privacy.
- Collaborate on Threat Hunting and Incident Response: Work with teams to proactively search for threats and respond to incidents.
- Understand SOAR Platforms: Learn how to use Security Orchestration, Automation, and Response (SOAR) tools to streamline cybersecurity operations.
- Integrate Zero Trust Principles: Apply Zero Trust architecture to eliminate security gaps and enhance protection.
- Stay Updated on Emerging Cyber Threats: Keep up-to-date with the latest cybersecurity threats and techniques.
- Leverage AI/ML in Cyber Defense: Understand the role of Artificial Intelligence and Machine Learning in identifying and preventing cyberattacks.
| Certification Name | C|ND (MCQ Exam) |
|---|---|
| Exam Format | Multiple Choice Questions |
| Exam Code | 312-38 (ECC Exam) |
| Number of Questions | 100 Questions |
| Exam Duration | 4 hrs |
| Passing Score | 60%-85% |
| Exam Delivery | ECC EXAM |
The targeted audience for the Certified Network Defender (CND) includes:
- Network administrator
- Network security professional
- Security professional or auditor
- Site administrator
- Any individual working towards the enterprise and network infrastructure security
Course Curriculum
This module covers mechanisms of various attack techniques and hacking methodologies that attackers use to breach the security of an organization’s networks.
It also introduces defense strategies that network defenders should adopt to ensure comprehensive network security. Key topics covered: Attack, threat, threats sources, threat actors, vulnerability, risk, network attacks, application attacks, social engineering attacks, email attacks, mobile attacks, cloud attacks, supply chain attacks, wireless attacks, hacking methodologies and frameworks, adaptive security strategy, and defense-in-depth security.
The hands-on lab exercises in this module help to understand the modus operandi of different attacks at network, application, and host levels.
This module covers administrative security measures, including compliance efforts, creating and enforcing security policies, security awareness training, asset management, etc.
Key topics covered: Compliance, regulatory frameworks, security policies, security awareness, asset management, and recent cybersecurity trends.
The hands-on lab exercises in this module help to demonstrate skills in security policy implementation, asset management, employee monitoring, etc.
This module covers the technical aspects of network security. It describes the concepts of access control, Identity and Access Management (IAM), cryptographic security techniques, and various network security devices and protocols.
Key topics covered: Access controls, Authentication, Authorization, and Accounting (AAA), IAM, cryptography, network segmentation, zero trust, network security controls, and network security protocols.
The hands-on lab exercises in this module help demonstrate skills in implementing access controls, VPN, etc.
This module covers the security configuration of network perimeter devices such as firewalls, intrusion detection and intrusion protection systems (IDSs/IPSs), routers, switches, etc., for effective perimeter protection.
Key topics covered: Firewalls, firewall types, firewall topologies, firewall selection, firewall implementation and deployment, firewall administration, IDS/IPS, IDS/IPS classification, IDS/IPS selection, false positives, false negatives, router security, switch security, software-defined perimeter (SDP).
The hands-on lab exercises in this module help to demonstrate skills in perimeter security, which includes how to configure and implement firewalls and IDS/IPS with the help of well-known tools such as pfSense, Smoothwall, Windows Firewall, iptables, Suricata, Wazuh, ModSecurity, etc.
This module covers various security features and secure configuration techniques used to secure Windows systems.
Key topics covered: Windows security risks, Windows security components, Windows security features, Windows security baseline configurations, user account and password management, Windows patch management, Windows user access management, active directory security, Windows network services and protocol security, and Windows security best practices.
The hands-on lab exercises in this module help demonstrate Windows security skills, including but not limited to Windows patch management, Windows file integrity, Windows endpoint protection, Windows security configuration baseline, active directory security, security troubleshooting, permissions, etc.
This module covers the Linux OS, its security features, and the various techniques to harden the OS security.
Key topics covered: Linux security risks, Linux installation and patching, Linux user access and password management, Linux OS hardening techniques, Linux network and remote access security, and Linux security tools and frameworks.
The hands-on lab exercises in this module help demonstrate skills in Linux security, including but not limited to system hardening, system security auditing, file integrity monitoring, permissions, access controls, etc.
This module covers securing the use of mobile devices under various mobile usage policies implemented and enforced in enterprises.
Key topics covered: Bring Your Own Device (BYOD), Choose Your Own Device (CYOD), Corporate Owned, Personally Enabled (COPE), Company Owned, Business Only (COBO), Mobile Device Management (MDM), Mobile Application Management (MAM), Mobile Threat Defense (MTD), Unified Endpoint Management (UEM), Mobile Email Management (MEM), Mobile Content Management (MCM), Enterprise Mobility Management (EMM), mobile device security, android security, and iPhone security.
The hands-on lab exercises in this module help demonstrate skills in implementing MDM solutions and various mobile security measures.
This module covers the use of IoT devices, the associated security challenges and risks, as well as appropriate security measures implemented to secure IoT-enabled environments.
Key topics covered: IoT devices, IoT application areas, IoT ecosystem, IoT communication models, IoT-enabled environments, IoT security risk and challenges, IoT security in IoT-enabled IT environments, IoT security tools, IoT security best practices, IoT security standards, initiatives, and efforts.
The hands-on lab exercises in this module help demonstrate skills to secure IoT device communication.
This module covers various application security measures implemented to monitor, patch, and upgrade the installed applications constantly.
Key topics covered: Application whitelisting, application blacklisting, application sandboxing, application patch management, and web application firewalls (WAFs).
The hands-on lab exercises in this module help demonstrate skills in application whitelisting, application sandboxing, WAF, etc.
This module covers various security measures implemented to secure an organization’s data from prying eyes.
Key topics covered: Data security, data encryption data at rest, data encryption at transit, data masking, data backup, data retention, data destruction, data loss prevention (DLP), and data integrity.
The hands-on lab exercises in this module help demonstrate skills in data encryption at rest, data encryption at transit, database encryption, email encryption, data backup, data recovery, disk encryption, etc.
This module covers virtualization concepts and technologies such as network virtualization, software-defined network, and network function virtualization and their security.
Key topics covered: Network virtualization (NV), software-defined network (SDN), network function virtualization (NFV) security, OS virtualization security, container security, docker security, and Kubernetes security.
The hands-on lab exercises in this module help demonstrate skills in docker security audit, SDN communication security, Kubernetes security, etc.
This module covers the various aspects of enterprise cloud security that are important for an organization to securely store or process data on the cloud.
Key topics covered: Cloud Computing, cloud security, shared responsibility model, Amazon Cloud (AWS) Security , Microsoft Azure cloud security, and Google Cloud Platform (GCP) security.
The hands-on lab exercises in this module help demonstrate skills in AWS IAM, AWS KMS, AWS Storage, Azure MFA, GCP IAM, Azure Resource locking, and GCP Cloud IAP.
This module covers various security measures and best practices used to secure wireless networks in enterprises.
Key topics covered: Wireless network, wireless standards, wireless topologies, wireless network components, wireless network encryption, wireless network authentication, wireless network security measures, and Wi-Fi security tools.
The hands-on lab exercises in this module help demonstrate skills in wireless router security.
This module covers threat, bandwidth, and performance monitoring with the help of network traffic monitoring and analysis.
Key topics covered: Network traffic monitoring, baseline traffic signatures, suspicious network traffic signatures, threat detection with Wireshark, bandwidth monitoring, performance monitoring, network anomaly detection, and behavior analysis.
The hands-on lab exercises in this module help demonstrate skills in packet capturing, traffic monitoring, traffic analysis, threat detection, and bandwidth monitoring with tools such as Wireshark, tcpdump, PRTG, Capsa, NTOP, etc.
This module covers threat detection with the help of log monitoring and analysis.
Key topics covered: Logs, Windows log analysis, Linux log analysis, Mac log analysis, firewall log analysis, router log analysis, web server log analysis, and centralized log management.
The hands-on lab exercises in this module help demonstrate skills in configuring, viewing, and analyzing logs in a local as well as a centralized location.
This module covers the role of incident response and forensic investigation in an organization’s security.
Key topics covered: First responder, incident handling and response process, SOAR, endpoint detection and response (EDR), extended detection and response (XDR), and forensics investigation.
The hands-on lab exercises in this module help demonstrate skills in incident ticketing, reporting, and escalations with OSSIM.
This module covers concepts around business continuity and disaster recovery.
Key topics covered: Business Continuity (BC), Disaster Recovery (DR), Business Continuity Management (BCM), BC/DR Activities, Business Impact Analysis (BIA), Recovery Time Objective (RTO), Recovery Point Objective (RPO), Business Continuity Plan (BCP), and Disaster Recovery Plan (DRP).
The hands-on lab exercises in this module help demonstrate skills in implementing business continuity and disaster recovery scenarios with NLB.
This module covers various phases in implementing and executing an organization’s risk management program.
Key topics covered: Risk management, risk identification, risk assessment, risk treatment, risk treatment steps, risk tracking and review, risk management frameworks (RMFs), vulnerability management, vulnerability scanning, vulnerability reporting, and privacy impact assessment (PIA).
The hands-on lab exercises in this module help demonstrate skills in network security audit, vulnerability management, application vulnerability scanning, and analysis.
This module covers concepts around visualizing, analyzing, and reducing the attack surface.
Key topics covered: Attack surface, attack surface analysis, system attack surface, network attack surface, software attack surface, physical attack surface, human attack surface, Indicators of Exposures (IoEs), attack simulation, attack surface reduction, attack surface monitoring tools, and cloud and IoT attack surface analysis.
The hands-on lab exercises in this module help demonstrate skills in system attack surface analysis, application attack surface analysis, attack surface mapping, etc.
This module covers leveraging threat intelligence capabilities for responding quickly, decisively, and effectively to emerging threats.
Key topics covered: Cyber threat intelligence, threat Intelligence types, Indicators of Compromise (IoCs), Indicators of Attack (IoA), threat intelligence layers, threat intelligence sources, threat intelligence feeds, threat intelligence platforms (TIP), and threat hunting.
The hands-on lab exercises in this module help demonstrate skills in integrating OTX threat feeds, threat hunting, etc.