Average Rating: 0.00/10
(# Rating Votes: 0 | Rate This Course | Contribute a Review )
Short Description:
'Open Source Intrusion Detection Systems' is a 40-hour class which provides a conceptual understanding of current generation, open source, intrusion detections systems, specifically the Snort 2.0 IDS sensor.
Full Description:
Why Open Source Intrusion Detection Solutions?
Detailed explanation of benefits.
Prerequisites
Familiarity with the TCP/IP networking suite, and exposure to the Linux/Unix operating system(s).
Class schedule:
Day 1: Introduction to Intrusion Detection Systems
1.1 Designed for the beginner and advanced student alike, day one of the course is designed as a primer on IDS technology and technical terminology, and will bring the student up to speed on current IDS offerings, both open source and commercial in nature.
1.2 The second half of the day is focused on IDS architectures, and a description of the many varying types of intrusion detection systems that can be deployed on a network.
Day 2: Overview of Snort
2.1 Day two of the course is a detailed overview of the Snort 2.0 IDS sensor, and gives the student a hands on introduction to the platform including: system requirements, Snort 2.0 features, uses for Snort on a network, problems faced with monitoring switched networks, the quandary of false positives, and frequently asked questions about the Snort IDS sensor platform.
2.2 The second half of day two provides the student with a virtual machine testbed on which to install Snort, and includes a step-by-step procedure for initial operating system configuration and hardening, packet capture library installation, retrieval of recent Snort sources, and a detailed walk-through on compiling the Snort package from scratch.
Day 3: Inside the Snort IDS
3.1 The third day of instruction starts with an introduction to capturing network traffic and sniffing, and segues into a more advanced discussion on the inner workings of Snort, including: processing packets, packet preprocessors, rule parsing and the use of detection engines, rule formats and packet matching, configuration files, and rule headers.
3.2 The second half of day three is understanding the characteristics of Snort rules, including IP options, TCP options, ICMP options, rule identifier options, and many other miscellaneous rule options specific to the Snort sensor engine.
Day 4: Advanced Snort Topics
4.1 By day four of the class, students will have a good understanding of IDS technology and architecture, and will have mastered the concepts surrounding initial installation and configuration of a Snort sensor. Advanced topics on Snort IDS deployments is presented to the student, including sessions on: Snort preprocessors, preprocessor options for reassembly of packets, IP fragment reassembly and attack detection, preprocessor options for normalization of network traffic, HTTP normalization, and an introduction to writing a custom preprocessor.
4.2 The second half of day four provides a fast track to understanding and implementing Snort plugins, including custom logging options, unified logging facilities, understanding Snort output, exploration of third-party data analysis tools, and an introduction to third-party plugins and addon tools for the Snort 2.0 intrusion detection suite.
Day 5: Snort Rules Workshop
5.1 Day five of the class finalizes the student's understanding of the Snort IDS engine, and provides the student with an exhaustive "Do It Yourself" approach to creating custom snort rules, including:
controlling information leaks
policy enforcement
rules for "honeypot" hosts
the use of "honey tokens" for early warning systems
and more.
By the end of day five, the new found Snort adept will be armed with an arsenal of tools for implementing open source intrusion detection systems in high speed and high performance networking environments, while utilizing the Snort 2.0 IDS sensor as a virtual "Swiss Army Knife" for network and host attack mitigation.
Duration:
5 days
Price:
$4500
Submitted by: Marco Polo
Hits: 0
Open Source Intrusion Detection Systems (IDS)Training Course Web Page
|
