RE110

Intrusion Prevention and Detection

Be prepared to deal with network security incidents.

85%

overall satisfaction for this course

?Average calculated from scores obtained from 438 participants who took this course.
  • Duration 2 days
  • Regular fee 945
  • Preferential fee 795?
  • Locations
    • Montreal
  • Laboratory
    course
SUMMARY
DETAILS

Objectives

To provide the knowledge and skills required to identify the various types of intrusions and attacks on TCP/IP networks as well as the mechanisms which can be used to detect them, and to choose among the available detection tools.

Targeted audience

Network specialists (other than DBAs) .

Prerequisite

Knowledge of TCP/IP (Course RE102).

Customer Testimonials

Course well detailed and complete.

Jean-Benoît L. / Superviseur, Centre de service, Défense nationale

Content

  • Uses of intrusion detection systems
  • Common security threats: examples and characteristics of certain attacks
  • Security problems with TCP/IP: fragmentation, ICMP, OS fingerprinting, DNS, SYN flood, etc.
  • Tools for detecting intrusions and analyzing vulnerability: commercial and free software, and examples of use (TCPdump, Wireshark, Snort 2.9.X, Kali, Nessus, DenyAll and Nikto)
  • Architecture of an intrusion detection system: IDS vs. IPS, physical and logical location in the network, system disturbance analysis and system abuse detection, alarms, logging, link with the security gateway
  • Weight calculation method, false positives
  • Securing servers and workstations
  • Trace analysis
  • Autopsies (Forensic)
  • Preparing an action plan for handling intrusions
  • Administering an intrusion detection system
  • Trace analysis case studies and exercises

DATES*

*Unless stated otherwise, all sessions are in French.
  • Montreal

    October 30 to October 31 2017

  • Montreal

    May 28 to May 29 2018

Trainer(s) assigned(s)

Other course(s) in this category