 |
Customer Service or Enrol: 0800 282 353 or +44 1372 364610 |
 |
|
 |
| |
You Will Learn How To
- Detect and analyse network- and host-based intruder attacks
- Integrate intrusion detection systems (IDS) into your current network topology
- Tune IDS operations using the latest tools and techniques
- Scope and remediate intrusions with Network Security Monitoring (NSM)
- Correlate IDS alerts with scanner vulnerability information
- Enhance IDS detection by writing custom signatures
Course Benefits
IDSs are the most powerful tools for alerting analysts to network- and host-based exploits. In this course, you gain knowledge of how attackers break into networks, how an IDS can play a key role in detecting these attacks, and how NSM can be used to analyse these events. You also learn how to configure, deploy and tune an IDS to identify attacks, and how to use NSM techniques to resolve IDS alerts.
Who Should Attend
Those involved in maintaining network and system security. Participants should have knowledge at the level of Course 468, "System and Network Security Introduction", and a working knowledge of TCP/IP.
Hands-on Training
You gain hands-on experience using several IDS and NSM tools. Exercises include:
- Exposing network attacks with Snort NIDS
- Managing Snort with IDS Policy Manager
- Detecting common Nmap scans
- Monitoring enterprise security with BASE/MySQL/Apache console
- Correlating Snort alerts with Nessus vulnerability scans
- Tuning IDS for a successful detection
- Resolving IDS alerts with Sguil
- Catching server hacks with OSSEC HIDS
- Performing risk assessment and event correlation with OSSIM
- Writing custom Snort signatures
- The enemy's plan of attack
- Rapidly identifying intrusions
- Utilising multiple detection components
- Revealing violations of information assurance policies
- Validating IDS events with NSM techniques
- Classifying detection techniques by the attack time line
- Investigating the Snort MySQL alerts database
- Enhancing attack detection with honeypots
- Locating NIDS sensors
- Operating sensors in a stealth mode
- Detecting wireless intrusions with Snort-Wireless
- Sniffing switches with Switch Port Analyzer (SPAN) feature
- Connecting sensors with hubs and Taps
- Combining outputs of a dual Tap
- Designing a multilayer distributed IDS hierarchy
- Consolidating with Security Management Systems
- Ensuring reliability with IDS load balancers
- Anomaly and misuse detection, stateful analysis and advanced string matching
- Selecting raw and smart signatures
- Improving signature quality for an exploit
- Discovering IDS signature syntax
- Centralising logs with syslog
- Analysing server and firewall logs for anomalies
- Detecting log tampering
- Querying logs with Microsoft Log Parser
- Scanning with Vulnerability Assessment (VA) tools
- Replaying traces of real attacks with tcpreplay
- Crafting IP attack packets
- Minimising false positives with dynamic tuning and attack relevancy
- Utilising event filtering, propagation, consolidation and parameter tuning
- Aggregating multiple events
- Hiding Web attacks via SSL and polymorphic mutation
- Overlapping IP and TCP fragments
- Slicing packets with fragroute
- Examining transcripts and sessions
- Resolving an attacker's identity
- Scoping the intrusion
- Catching internal attacks with extrusion detection
- Correlating IDS alerts with vulnerabilities
- Congregating events from multiple sources
- Capturing a high-level security view with event correlation
- Directly attacking servers
- Indirectly attacking clients
- Discovering island hopping attacks
- Securing the sensor
- Collecting evidence
- Footprinting an organisation
- Detecting stealth port scans
- Discovering remote BO attacks
- Mutating BO exploits
- Attacking with hacker botnets
- Reflecting with DrDoS (Distributed Reflection DoS)
|
|
|
|
|
|
| |
| Customer Service or Enrol: 0800 282 353 or +44 1372 364610 |
|
|
Print Friendly
E-mail a Colleague
Course PDF
Home
