Computer Network Defense is listed in the DoDD 8140, Cyberspace workforce has as a task among the Protect & Defend Category.
Job Description of Computer Network Defense
The actual work of Computer Network Defense covers Protect & defend and Analyze and possibly other categories. A system security analyst doing CND work is expect to monitor, detect and respond to security incidents on the network. They need to be familiar with not only information system security tools to monitor network traffic but they must also be able to know what the actual packets look like with certain patterns emerge on the network. They must be familiar with certain patterns to detect network attacks and be familiar with incident handling.
Tools of Computer Network Defense
System security analyst performing CND work should be able to use a packet sniffer (protocol analyzer) such as wireshark and etherape. The are also expected to be knowledgeable of certain Intrusion Detection System (such as Snort). Or they can also have working experience with Intrusion Prevention Systems. Since there are so many products that do very similar work of IPS, IDS, or packet analyzer knowing one really good and having a little hands on with others is usually ok. What is important is knowing signature system attacks well enough to detect them when they occur, understanding ports, protocols and services and being intimately familiar with network packets.
Computer Network Defense Certification
GIAC Certified Intrusion Analysts (GCIAs) – The top of the food chain for security analysts doing pure analyst work. Highly, highly respect intrusion cert.
GIAC Certified Incident Handler (GCIH) – Help certification to establish yourself.
CISSP – not really relevant or specialized for incident analysis but accepted like a VISA card.
Security+…not so much.. its like bringing a knife to a gun fight.