Course Description
An Intrusion Detection/Prevention System (IDS/IPS) can automate the process of identifying attacks among the thousands of connections on a network. Taught by leaders in network defense who work in the cybersecurity industry, this course demonstrates how to defend large-scale network infrastructures by building and maintaining IDS/IPS and mastering advanced signature-writing techniques. With IDS and trained network security auditors, organizations have a reliable means to prioritize and isolate the most critical threats in real time.
Learning Objectives
- Recognize the benefits and limitations of different intrusion detection system types (network- and host-based, and distributed systems)
- Identify optimal sensor placement and gaps in coverage
- Write basic IDS signatures to identify traffic of interest and tune them to reduce false positives
- Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
- Apply decoding and other techniques to overcome IDS evasion efforts
- Develop complex signatures employing rule chaining, event filtering and post-detection analysis to identify distributed attacks, multi-stage events, and other more complex threats
- Use regular expressions to effectively detect variable or morphing attacks
- Manage rule sets to reduce redundancy and maintain system efficiency
Framework Connections
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.