RE110

Intrusion Prevention and Detection

85%

overall satisfaction for this course

?Average calculated from scores obtained from 429 participants who took this course.
  • Duration 2 days
  • Regular fee 895
  • Preferential fee 750?
  • Locations
    • Montreal
  • Laboratory
    course
SUMMARY
DETAILS

Objectives

To provide the knowledge and skills required to identify the various types of intrusions and attacks on a TCP/IP network as well as the mechanisms which can be used to detect them, and to choose among the available detection tools.

Targeted audience

Those in charge of security or involved in architectural planning, network and system administration, system analysis and development.

Prerequisite

Knowledge of TCP/IP (Course RE102).

Customer Testimonials

Allows to see and to understand IT security issues.

Alain P. / Administrateur système, Université du Québec à Montréal (UQAM)

Content

  • Uses of intrusion detection systems
  • Common security threats: examples and characteristics of some attacks
  • Security problems with TCP/IP: fragmentation, ICMP, OS fingerprinting, DNS, SYN flood, etc.
  • Tools for detecting Intrusion and analyzing vulnerability: commercial and free software, and examples of use (TCPdump, Wireshark, Snort 2.9.X, Kali, Nessus, DenyAll and Nikto)
  • Architecture of an intrusion detection system: IDS vs. IPS, physical and logical location in the network, system disturbance analysis and system abuse detection, alarms, logging, link with the security gateway and false positives
  • The weight calculation method, false positives
  • Securing servers and workstations
  • Trace analysis
  • Autopsies (Forensic)
  • Preparing an action plan for handling intrusions
  • Administering an intrusion detection system
  • Case studies: exercises, trace analyses

DATES*

*Unless stated otherwise, all sessions are in French.
  • Montreal

    May 29 to May 30 2017

Trainer(s) assigned(s)

Other course(s) in this category