Intrusion Detection II

Intrusion Detection II is a fully hands-on course during which you will learn to design, deploy, manage and operate the security of a corporate environment.

Who Should Attend

This course is ideally suited for:

  • System administrators
  • Intrusion detection analysts
  • Incident handling and response officers
  • Security professionals wanting to gain practical knowledge and competences in the domain of intrusion detection.

“The class will benefit anyone who wants to gain practical knowledge in the domain of intrusion detection”

Prerequisites

The course is "hands-on", technically focused and aimed at those individuals who have a good knowledge of common networking protocols, and practical familiarity with the Linux and Microsoft operating systems. It is also highly recommended practical familiarity with intrusion detection tools such as tcpdump, snort and modsecurity.

Duration:5 days

About the course

Intrusion Detection II is a course developed for those professionals who need to manage and secure a corporate environment. The course builds on the skills and competences acquired with Intrusion Detection I and teaches you how to deploy, configure and operate intrusions detection and prevention systems in a corporate IT infrastructure where you are required to deal with potentially thousands of security events daily. In this course you will learn how to use large scale monitoring systems to keep track of a corporate IT infrastructure and how to operate and customize Security Information and Event Management (SIEM) systems to effectively correlate security events and act upon them in a timely manner. Finally, the courses touches upon architectural issues to teach you how to best design defendable networks.

Laptop Requirements

A laptop is required to be able to work through all the practical hands-n workshops. Failure to meet the requirements below may result in the delegate not being able to carry out one or more of the practical workshops and thus not taking full benefit for the Intrusion Detection course. The minimum laptop requirements are:

  •  x86-compatible 1.5 Ghz CPU Minimum or higher
  • DVD Drive
  • 1GB RAM minimum or higher
  • Ethernet adapter
  • 10 Gigabyte available hard drive space
  • The system must be capable of booting from a CD
  • VMware Player or VMware Workstation.

 Intrusion Detection Security Assessment Toolkit

Each student will be given the Silensec Intrusion Detection course DVD, including the required software and hands-on labs

 

Course Outline

Day

Details
1 We begin by learning how to identify and manage all the elements of a corporate IT infrastructure, including network devices, computers, and software. We cannot defend what we do not have knowledge of!
2 We introduce the concept of Network Security Monitoring and work on the familiar intrusion detection tools and see how they can be integrated in order to give the intrusion detection analyst all the necessary data required from identifying an incident up to the successful investigation and full data analysis
3 We begin to work with large scale Security Information and Event Management (SIEM) systems understanding their architectural components and deployment. You will work on the deployment and configuration of the OSSIM SIEM practising on the development of policy, and integrating vulnerability assessments with intrusion detection.
4 As you develop your competences it is now time to tune your SIEM to the requirements of your organization and learn how to keep it up to date over time. You also practise on better understanding the event correlation process and how to write new correlation rules.
5 The final day focuses on architectural issues, teaching you how to design defendable networks and practising with advance techniques to block a number of attacks

Course Breakdown

Day 1

1 IT Infrastructure Monitoring
   1.1 Nagios, Zabbix, Zenoss, Spiceworks
   1.2 Inventory management
   1.3 Compliance
2 Log Management
   2.1 Collecting and analysing logs
   2.2 Firewalls management

Day 2

4 Network Security Monitoring (NSM)
   4.1 NSM tools and deployment
   4.2 InstantNSM
   4.3 NSMnow
5 Using NSM to identify and investigate intrusions
   5.1 Dealing with alerts
   5.2 Analysing statistical data
   5.3 Analysing traffic sessions
   5.4 Perform content inspection
6 Inspecting suspicious files (VirusTotal, Jotti, av-check.com and virtest.com etc.)
7 Data flow analysis with Argus
8 OSSEC Integrity Checking
   8.1 OSSEC-Sguil Integration for alert monitoring
   8.2 Monitoring Web Intrusion alerts with OSSEC and Sguil
   8.3 Querying Intrusion Alerts through SQueRT

Day 3

9 Security Information and Event Management (SIEM) systems
   9.1 OSSIM
   9.2 Prelude
10 OSSIM SIEM
   10.1 Components and Architecture
   10.2 Configuration
   10.3 Inventory Management
   10.4 Security Analysis
   10.5 Vulnerabilities Management
   10.6 Ticketing System
   10.7 Reporting

Day 4

11 Correlating Events
   11.1 Writing plugins
   11.2 Writing directives
   11.3 Event Filtering
   11.4 Tuning and Performance

Day 5

12 Designing and Controlling Defensible Networks
   12.12 Defensible Network Architectures
   12.13 Controlling outbound traffic
13 Architectural Issues
   13.12 Positioning the sensors
   13.13 Securing the sensors
14 Network Access Control
15 Traffic Threat Assessment
16 Final Challenge

  

Why us?

"Our trainers are security consultants with many years of experience, highly dedicated to teach and share their knowledge."

"Intrusion Detection is about acquiring practical skills and competence - not just theory."

"We focus on the tools and techniques which are used in real life."

 

Dr. Almerindo Graziano
CEO Silensec

top
© 2012 Silensec. All Rights Reserved. Legal notice | Sitemap