To provide the knowledge and skills required to identify the various types of intrusions and attacks on TCP/IP networks as well as the mechanisms which can be used to detect them, and to choose among the available detection tools.
Network specialists (other than DBAs) .
Knowledge of TCP/IP (Course RE102).
- Uses of intrusion detection systems
- Common security threats: examples and characteristics of certain attacks
- Security problems with TCP/IP: fragmentation, ICMP, OS fingerprinting, DNS, denial of service, etc.
- Principles of vulnerability identification, presentation of tools for detecting intrusions and analyzing vulnerability: commercial and free software, and examples of use (TCPdump, Wireshark, Snort 2.9.X, Kali, Nessus, DenyAll and Nikto)
- Architecture of an intrusion detection system: IDS vs. IPS, physical and logical location in the network, system disturbance analysis and system abuse detection, alarms, logging, link with the security gateway (Firewall)
- Errors to avoid, false positives and false negatives
- Securing servers and workstations
- Trace analysis
- Autopsies (Forensic)
- Managing security incidents: preparing an action plan for handling intrusions
- Administering an intrusion detection system
- Trace analysis case studies and exercises
The trainer was living up to his tasks. His experiences in the field have been useful for us.
Blaise A. / Administrateur de Réseau, GMCR Canada Holding