Catching The Hackers II: Systems to Defend Networks
Catching The Hackers in the Act
Intrusion detection systems (IDS) give you the ability to detect
when your networks or systems are being probed or attacked,
or if they have been compromised in some manner. This critical
monitoring capability is an essential component in any comprehensive
enterprise network security program. IDS systems, however, have
a reputation for being difficult and expensive to deploy, and
can be time-consuming to properly manage. Many organizations
that have implemented IDS in their infrastructures have a hard
time developing the adequate processes for tuning the systems,
monitoring their massive amounts of output, and responding to
critical security events in a timely manner.
In this 5 -day, hands-on class you will cover the ins and outs
of intrusion detection systems. You will learn how IDS operates
and the trade-offs between host-based and networked-based intrusion
detection systems. You will discover methods for integrating
and managing a network of IDS components; how to manage and
administer IDS; where to position IDS sensors; what key freeware
and commercial IDS tools are best where on your network; and
how to determine if IDS should be outsourced or kept in-house.
Using hands-on exercises, you will set up your own real-time
IDS sensors. You will also detect and analyze an assortment
of live hacker attacks and related probes and why you can't
rely on IDS as your sole monitoring component. You will learn
the difference between anomaly based and Signature based IDS
that promise to make intrusion detection systems easier to manage
and more effective as part of your information security strategy.
Course Fee: $2,495
Time: 8:30am - 4pm
Learning Level: Advanced
CPE Credits: 40
Prerequisites: Basic knowledge of TCP/IP and networking and
security
Request
Class Dates or In-House Training of Classes.
What You Will Learn
1. Introduction to Intrusion Detection Systems
¥IDS roles and functions
¥practical applications for IDS
¥where and when IDS should NOT be used
¥strengths and weaknesses
2. Deploying IDS in the Enterprise
¥types of intrusion detection systems
¥network-based
¥host-based
¥integrity monitors
¥anomaly based
¥kernel monitors
¥real-time vs. pole for later
¥positioning IDS into a security infrastructure
¥firewalls vs. IDS
¥where IDS should be deployed in a network
¥managing and administering IDS
¥processes: analysis, incident response, CERT, escalation,
system maintenance
¥roles
¥insourcing vs. outsourcing
3. IDS Architecture
¥components of a network IDS system
¥sensors
¥collectors
¥management consoles
¥metatools
¥analysis of IDS functionality
4. IDS Operation
¥characteristics of anomalous traffic
¥false positives and negatives
¥correlation with other monitoring sources
¥event managers
¥security management consoles
5. Shopping for IDS Tools criteria for evaluating ID
tools
¥performance
¥cost
¥support
¥integration with other tools
¥market analysis and demo of current network-based IDS tools
¥market analysis and demo of host-based IDS tools
6. Hands-On Labs: Install & Configure Commercial
& Freeware IDS Tools
¥network-based IDS
¥host-based IDS
7. Network Attack Scenarios
¥types of attacks an IDS can help detect
¥network scans
¥port scans
¥denial of service
¥buffer overflow attacks
¥"de-synching" an IDS: fragmentation and other methods
¥attacks used to evade IDS:
¥CGI exploits, malformed URLs, and other application-layerattacks
¥demos: hacker attacks and what they look like on management
consols
8. Hands-On Labs: Detecting an Assortment of Probes
and Attack Scenarios
9. Reacting to the Attack: Defense Procedures
¥alert methods
¥immediate response
¥information gathering
¥analysis
¥update of procedures
10. New Directions in IDS Tools
¥meta-IDS consoles
¥NFAT tools
¥honeypots
11. Establishing a Solid ROI for IDS - Making the
Business Case
*Course fees are subject to change
Request
Class Dates or In-House Training of Classes.