An Intrusion Detection/Prevention System (IDS/IPS) can automate the process of identifying attacks
among the thousands of connections on a network. Taught by leaders in network defense who work in
the cybersecurity industry, this course demonstrates how to defend large-scale network infrastructures
by building and maintaining IDS/IPS and mastering advanced signature-writing techniques. With IDS and
trained network security auditors, organizations have a reliable means to prioritize and isolate the most
critical threats in real time.
Learning Objectives
Successful completion of this course will enable students to:
- Recognize the benefits and limitations of different intrusion detection system types (network-based, host-based, and distributed systems)
- Identify optimal sensor placement and gaps in coverage
- Write basic IDS signatures to identify traffic of interest and tune them to reduce false positives
- Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
- Apply decoding and other techniques to overcome IDS evasion efforts
- Develop complex signatures employing rule chaining, event filtering and post-detection analysis to identify distributed attacks, multi-stage events, and other more complex threats
- Use regular expressions to effectively detect variable or morphing attacks
- Manage rule sets to reduce redundancy and maintain system efficiency