Focal Point - Cyber Threats Detection and Mitigation
Focal Point - Cyber Threats Detection and Mitigation Course Details:
Cyber threats are increasing at an alarming rate every year and the ability for organizations to defend against full-scale, distributed attacks quickly and effectively has become much more difficult. An Intrusion Detection/ Prevention System (IDS/IPS) affords security administrators the ability to automate the process of identifying attacks among the thousands of connections on their network, provided the system is properly configured and the signatures are well written.
Taught by leaders in network defense who work in the cyber security industry, this course demonstrates how to defend large-scale network infrastructures by building and maintaining IDS/IPS and mastering advanced signature-writing techniques. With Intrusion Detection Systems and trained network security auditors, organizations have a reliable means to prioritize and isolate the most critical threats in real time.
Student Practical:.
Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students are given several packet captures containing a variety of scanning and exploitation techniques. They are tasked with identifying the significant elements of the attack and translating them into IDS signatures. Finally, they are tasked with tuning those signatures to reduce false-positives and limit excessive events.
Call (919) 283-1674 to get a class scheduled online or in your area!
*Please Note: Course Outline is subject to change without notice. Exact course outline will be provided at time of registration.
In this class you will learn:
- Recognize the benefits and limitations of different intrusion detection system types (network- and host-based, and distributed systems)
- Identify optimal sensor placement and gaps in coverage
- Write basic IDS signatures to identify traffic of interest and tune them to reduce false positives
- Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
- Apply decoding and other techniques to overcome IDS evasion efforts
- Develop complex signatures employing rule chaining, event filtering and post-detection analysis to identify distributed attacks, multi-stage events, and other more complex threats
- Use regular expressions to effectively detect variable or morphing attacks
- Manage rule sets to reduce redundancy and maintain system efficiency
Course Outline:
- Intrusions
- Common Threats
- Intrusion Detection
- Introduction to Snort
- Introduction to Bro
- Snort Configuration and Variables
- Snort Output
- Output Plugins
- Signature Writing
- Snort Rule Options
- The Detect Offset Pointer (DOE)
- DOE Content Modifiers
- DOE Rule Options
- Snort Packet Header Rule Options
- Pre-Processors
- Post Detection
- Effective Rule Writing
- Perl Compatible Regular Expressions
- Tracking State Across Sessions Using Flowbits
Labs:
- Setup and Configure an IDS to match a network topology map
- Define Network Variables
- Configure Output Statements
- Write over 30 Signatures
- Analyze and Write Signatures based attack patterns
- Tune signatures to reduce false positives and false negatives
- Reverse Engineering Existing and Downloaded rule
- Incident Responders who need to understand and react to IDS alerts
- Network Defenders seeking to automate threat detection
- IDS administrators who wish to improve their signature writing skills
- Security Operations Center Staff seeking to automate traffic analysis
- Penetration Testers looking to reduce their network visibility