Intrusion Detection, Prevention, and Response

Introduction

Incident response requires a special set of skills that combine business as well as technical analysis. You must understand the current hacker techniques and be technically able to locate every modification an intruder has made to your system. It can take days for even the most qualified security professional to identify and eradicate the damage caused by an attack.

During Intrusion Detection, Prevention and Response, you will:

  • Learn how to develop policies, procedures, and architectures needed to protect your networks from exploit.
  • Be exposed to many tools you will want to include in your Incident Response Toolkit.
  • Work through several analysis examples, designed to prepare and help you minimize the time and effort spent "cleaning up" after an intrusion.

The course also provides insight into hacker techniques as well as hands-on practice of intrusion detection methods and incident response strategies necessary to protect your critical assets. After completing the course, you will have better knowledge of the tools and framework necessary to ensure that your business continues as efficiently as possible with the shortest recovery time.

Intrusion Detection, Prevention and Response builds on the foundation of an X-Force Education Services system for Information Assurance in an organization. It presents an insight into intrusion detection and incident response strategies necessary for protecting critical assets. Hacker techniques are also discussed.

Key Instructional Focus and Objectives

  • Use VMware and the various virtual systems used in this course.
  • Define an intrusion as well as what might be a proper response to that intrusion.
  • Describe the components and architecture of Internet Security Systems' SiteProtector.
  • Use some open source network and host-based intrusion detection tools in a real-world environment.
  • Describe the six steps of incident response.
  • Discuss the five stages of a typical attack and how an intruder uses each stage.
  • Use your network assets and local policy to help identify the proper response to an incident.
  • Demonstrate several common methods hackers use to defeat IDS systems.
  • Correlate data gathered by different devices to facilitate effective incident response.
  • Use response options, such as user-defined responses, automatic response options, and host-based responses, to better secure your environment.
  • Use simple tools, such as Ethereal, tcpdump, CapXmit, and Snort, to capture and analyze network traffic.
  • Introduce tools that you can use to track down the origin of an attack.
  • Identify important system log and event files that you should examine and archive on a secure, remote system.

Key Hands-on Lab Focus and Objectives

  • Lab 1: Working with VMware
  • Lab 2: Discovering Exploits and Vulnerabilities
  • Lab 3: Set up a Commercial IPS
  • Lab 4: Configuring Open Source IDS/IPS Tools
  • Lab 5: Assets and Policy
  • Lab 6: Reporting Incidents
  • Lab 7: Attacking a System
  • Lab 8: Defeating IDS/IPS
  • Lab 9: Layered Events
  • Lab 10: Generic User Defined Responses
  • Lab 11: Tracking Network Packets
  • Lab 12: Tracking the Source of an Attack
  • Lab 13: Centralizing and Saving Events

Target Audience & Prerequisites

This course is intended for experienced network and system administrators as well as information security professionals engaged in assessing security and securing information assets. Prerequisites include:

  • Solid knowledge of TCP/IP, the OSI model, and network architecture
  • SiteProtector and snort or tcpdump analysis experience
  • Knowledge of Linux/UNIX and Windows administration
  • Recommended prerequisite courses: Network Security I and Network Security II

Course Fee

The course fee includes detailed course materials. Please contact one of our education specialists online or at 1-888-263-8739 for course fees and class availability.

Registration

Register online or call 1-888-263-8739.