| |
Catching The Hackers II: Systems to Defend Networks
Catching The Hackers in the Act 
Intrusion detection systems (IDS) give you the ability to detect when your networks or systems are being probed or attacked, or if they have been compromised in some manner. This critical monitoring capability is an essential component in any comprehensive enterprise network security program. IDS systems, however, have a reputation for being difficult and expensive to deploy, and can be time-consuming to properly manage. Many organizations that have implemented IDS in their infrastructures have a hard time developing the adequate processes for tuning the systems, monitoring their massive amounts of output, and responding to critical security events in a timely manner.
In this 5 -day, hands-on class you will cover the ins and outs of intrusion detection systems. You will learn how IDS operates and the trade-offs between host-based and networked-based intrusion detection systems. You will discover methods for integrating and managing a network of IDS components; how to manage and administer IDS; where to position IDS sensors; what key freeware and commercial IDS tools are best where on your network; and how to determine if IDS should be outsourced or kept in-house. Using hands-on exercises, you will set up your own real-time IDS sensors. You will also detect and analyze an assortment of live hacker attacks and related probes and why you can't rely on IDS as your sole monitoring component. You will learn the difference between anomaly based and Signature based IDS that promise to make intrusion detection systems easier to manage and more effective as part of your information security strategy.
| Course Fee: |
$2,995 |
| Time: |
8:30am - 5pm |
| Location: |
Click here to view the course schedule |
| Learning Level: |
Advanced |
| CPE Credits: |
40 |
| Prerequisites: |
Basic knowledge of TCP/IP and networking and security |
What You Will Learn
1. Introduction to Intrusion Detection Systems
•IDS roles and functions
•practical applications for IDS
•where and when IDS should NOT be used
•strengths and weaknesses
2. Deploying IDS in the Enterprise
•types of intrusion detection systems
•network-based
•host-based
•integrity monitors
•anomaly based
•kernel monitors
•real-time vs. pole for later
•positioning IDS into a security infrastructure
•firewalls vs. IDS
•where IDS should be deployed in a network
•managing and administering IDS
•processes: analysis, incident response, CERT, escalation,
system maintenance
•roles
•insourcing vs. outsourcing
3. IDS Architecture
•components of a network IDS system
•sensors
•collectors
•management consoles
•metatools
•analysis of IDS functionality
4. IDS Operation
•characteristics of anomalous traffic
•false positives and negatives
•correlation with other monitoring sources
•event managers
•security management consoles
5. Shopping for IDS Tools criteria for evaluating ID tools
•performance
•cost
•support
•integration with other tools
•market analysis and demo of current network-based IDS tools
•market analysis and demo of host-based IDS tools
6. Hands-On Labs: Install & Configure Commercial & Freeware IDS Tools
•network-based IDS
•host-based IDS
7. Network Attack Scenarios
•types of attacks an IDS can help detect
•network scans
•port scans
•denial of service
•buffer overflow attacks
•"de-synching" an IDS: fragmentation and other methods
•attacks used to evade IDS:
•CGI exploits, malformed URLs, and other application-layerattacks
•demos: hacker attacks and what they look like on management consols
8. Hands-On Labs: Detecting an Assortment of Probes and Attack Scenarios
9. Reacting to the Attack: Defense Procedures
•alert methods
•immediate response
•information gathering
•analysis
•update of procedures
10. New Directions in IDS Tools
•meta-IDS consoles
•NFAT tools
•honeypots
11. Establishing a Solid ROI for IDS - Making the Business Case
*Course fees are subject to change
Top
View Class Schedule
More Detection Courses
|
