1-800-THE-TREE (1-800-843-8733)
 

Detecting and Analyzing Intrusions: Hands-On

Network Security Monitoring (NSM)

 
Course: 588     Type: Hands-On Training     Duration: 4 Days

Quick Enroll    

You Will Learn How To
  • Detect and analyze network- and host-based intruder attacks
  • Integrate intrusion detection systems (IDS) into your current network topology
  • Tune IDS operations using the latest tools and techniques
  • Scope and remediate intrusions with Network Security Monitoring (NSM)
  • Correlate IDS alerts with scanner vulnerability information
  • Enhance IDS detection by writing custom signatures

Course Benefits
IDSs are the most powerful tools for alerting analysts to network- and host-based exploits. In this course, you gain knowledge of how attackers break into networks, how an IDS can play a key role in detecting these attacks, and how NSM can be used to analyze these events. You also learn how to configure, deploy and tune an IDS to identify attacks, and how to use NSM techniques to resolve IDS alerts.

Who Should Attend
Those involved in maintaining network and system security. Participants should have knowledge at the level of Course 468, "System and Network Security Introduction," and a working knowledge of TCP/IP.

Hands-On Training
You gain hands-on experience using several IDS and NSM tools. Exercises include:
  • Exposing network attacks with Snort NIDS
  • Managing Snort with IDS Policy Manager
  • Detecting common Nmap scans
  • Monitoring enterprise security with BASE/MySQL/Apache console
  • Correlating Snort alerts with Nessus vulnerability scans
  • Tuning IDS for a successful detection
  • Resolving IDS alerts with Sguil
  • Catching server hacks with OSSEC HIDS
  • Performing risk assessment and event correlation with OSSIM
  • Writing custom Snort signatures

Course 588 Content
Introduction to NSM
Defensible networks
  • The enemy's plan of attack
  • Rapidly identifying intrusions
  • Utilizing multiple detection components
The role of an IDS
  • Revealing violations of information assurance policies
  • Validating IDS events with NSM techniques
Navigating the IDS landscape
  • Classifying detection techniques by the attack time line
  • Investigating the Snort MySQL alerts database
  • Enhancing attack detection with honeypots
Deploying a Network IDS
Monitoring attacks on the network
  • Locating NIDS sensors
  • Operating sensors in a stealth mode
  • Detecting wireless intrusions with Snort-Wireless
Solutions for a switched network
  • Sniffing switches with Switch Port Analyzer (SPAN) feature
  • Connecting sensors with hubs and Taps
  • Combining outputs of a dual Tap
Uncovering intrusions in the enterprise
  • Designing a multilayer distributed IDS hierarchy
  • Consolidating with Security Management Systems
  • Ensuring reliability with IDS load balancers
Interpreting IDS Alerts
Identifying IDS signatures
  • Anomaly and misuse detection, stateful analysis and advanced string matching
  • Selecting raw and smart signatures
  • Improving signature quality for an exploit
  • Discovering IDS signature syntax
Discovering attacks with Host-IDS (HIDS)
  • Centralizing logs with syslog
  • Analyzing server and firewall logs for anomalies
  • Detecting log tampering
  • Querying logs with Microsoft Log Parser
Verifying IDS operation
  • Scanning with Vulnerability Assessment (VA) tools
  • Replaying traces of real attacks with tcpreplay
  • Crafting IP attack packets
Tuning the IDS
  • Minimizing false positives with dynamic tuning and attack relevancy
  • Utilizing event filtering, propagation, consolidation and parameter tuning
  • Aggregating multiple events
Evading IDS
  • Hiding Web attacks via SSL and polymorphic mutation
  • Overlapping IP and TCP fragments
  • Slicing packets with fragroute
Analyzing Intrusions
Monitoring network security using NSM
  • Examining transcripts and sessions
  • Resolving an attacker's identity
  • Scoping the intrusion
  • Catching internal attacks with extrusion detection
Validating intrusions
  • Correlating IDS alerts with vulnerabilities
  • Congregating events from multiple sources
  • Capturing a high-level security view with event correlation
Classifying attack scenarios
  • Directly attacking servers
  • Indirectly attacking clients
  • Discovering island hopping attacks
Performing digital network forensics
  • Securing the sensor
  • Collecting evidence
Recognizing Attacks
Scanning for low-hanging fruit
  • Footprinting an organization
  • Detecting stealth port scans
Creating buffer overflow (BO)
  • Discovering remote BO attacks
  • Mutating BO exploits
Cyberextortion with Denial of Service (DoS)
  • Attacking with hacker botnets
  • Reflecting with DrDoS (Distributed Reflection DoS)

Related Courses
  
 
Request More Info

Salutation

First Name

Last Name

Company

Zip Code

Country
   Codes
Work Phone

Extension

E-mail

A representative will contact you to follow up your request.
Privacy Statement

Save as much as $2,350 on a Triple-Pack!

Detecting and Analyzing Intrusions: Hands-On
Upcoming Dates
May 27 - 30, 2008
 Washington, DC (Rockville, MD)
Jul 29 - Aug 1, 2008
 Washington, DC (Reston, VA)
Oct 14 - 17, 2008
 New York

Detecting and Analyzing Intrusions: Hands-On
Bring Learning Tree On-Site

Course Tuition
$ 2,650 Standard Tuition
Tuition with a Savings Plan
$ 1,660 10-Day Pass
$ 1,665 Training Passport
$ 1,830 Flex-Pass
$ 2,095 Voucher 10-Pack
$ 2,385 Alumni Gold Discount
$ 2,360 Government Discount
 

 

Detecting and Analyzing Intrusions: Hands-On
Detecting and Analyzing Intrusions: Hands-On
Participants detecting an attack using an intrusion detection system.

Certification Core Course CPE 23 Credits ISC2 32 A 2 Hour(s) College Credit
Customer Service or Enroll: 1-800-843-8733