Center for Qualified CyberSecurity Excellence & Mastery

Get Q/ualified!

Real-Time Tools and Methodologies for Discovering and Reacting to Network Intrusion Attempts

Class Focus and Features
This three-day seminar investigates the strengths and weaknesses of network- and host-based intrusion detection systems (IDS). You will explore the leading IDS products on the market today, including Cisco NetRanger, ISS RealSecure, NFR - Network Flight Recorder, Shadow (freeware), Tripwire Enterprise (and shareware), AXENT OmniGuard, Bellcore Sysguard, and more. You will compare insourcing and outsourcing options and gain the knowledge you need to make informed decisions about which is best suited to your organization. You will explore the pros and cons of perimeter defenses. A demo of hacker attack methods will illustrate port scans, buffer overruns, and other network assaults in action. When you leave this cutting-edge seminar, you will know where to position sensors and consoles; the types of responses you will receive; and how to react to alerts using industry-standard IDS countermeasures.

Who Should Attend
CIO's; Information Security Officers; Information Technology Managers, Administrators, and Auditors; Telecommunications and Network Administrators; Consultants; Systems and Data Security Analysts; Project Managers; and Technology Planners

You will receive a Network Intrusion Defense Kit on diskette.

Course Fee: $1,325
Time: 8:00am - 5pm
Location: Click here to view the course schedule
Learning Level: Intermediate
Prerequisites: Knowledge of TCP/IP and networking
CPE Credits 24
Instructor: Sondra J. Schneider, Founder and CEO

Click a class date to REGISTER NOW!

What You Will Learn

1. Introduction to IDS
• defining the role of intrusion detection in your overall network security program: IDS vs. firewalls
• strengths and weaknesses of host-based and network-based IDS

2. Comparing IDS Solutions
• Cisco's NetRanger
• NFR Flight Recorder
• ISS RealSecure SAFEsuite
• Shadow
• Tripwire Enterprise
• NAI Cybercop
• AXENT OmniGuard and Intruder Alert
• Dragon/Entarasys
• CyberSafe Centrax
freeware/shareware tools for intrusion detection solutions

3. Insourcing vs. Outsourcing Options

4. Implementing IDS
choosing an intrusion detection system
• host-based and network-based IDS
• key attributes of IDS
• placement determination
• who administers the IDS
• integrating IDS and firewalls

IDS and threat management: staff roles --clearly define responsibilities
• law enforcement contact
• overall coordinator
• documentation
• logging

the role of IDS in threat management --forensic gathering tool
• early-warning system
• escalation procedures
• document security policy and procedures
• defining the scope of incidents to be managed
• IDS alarm severity level definitions
• incident response sources
• integrating IDS and firewalls
• IDS case studies: insourcing vs. outsourcing
• developing an effective incident response capability

5. Reacting to Threats
• monitoring traffic
• sending an alert: console, audible, pager, E-mail
• taking action based on policy
• forcing the session to disconnect
• blocking all network access from the attacking source
• blocking all network access
• incident response resources

6. Validating the Threats: Hacker Attack Methods
• hacker attacks: a demo
• reconnaissance
• mapping networks
• access points
• relationships between systems
• physical and logical locations of systems
• types of systems
• system configuration
• services offered
• user information• security mechanisms
• filtering rules
• routing information
• active attacks
• bug exploitation
• buffer overruns
• race condition
• trust exploitation
• denial of service
• social engineering
• physical access

7. Essential Tools and Resources

8. What You Can Expect in the Future

*Course fees are subject to change


View Class Schedule  

More Detection Course