Cyber threats are increasing at an alarming rate every year and the ability for organizations to defend against full-scale, distributed attacks quickly and effectively has become much more difficult. An Intrusion Detection System (IDS) affords security administrators the ability to automate the process of identifying attacks from amongst the thousands of network sessions occurring on their infrastructure, provided the IDS signatures are well written. Taught by leaders in network defense who work in the computer security industry, this course demonstrates how to defend large-scale network infrastructure by building and maintaining an IDS and mastering advanced signature-writing techniques. With a well-tuned IDS and trained network security auditors, organizations have a reliable means to prioritize and isolate the most critical threats in real time.
Understand the features and capabilities of different IDS types, as well as the impact of sensor placement and configuration.
Write IDS signatures to detect many types of malicious traffic including network reconnaissance, IDS evasion attempts, OS fingerprinting, DoS/DDoS attacks, SQLi and more.
Equip students with the tools to write custom signatures for any situation.
Understand and configure stream reassembly in an IDS.
Tune signatures to reduce false positives.
Build complex rules and filters to set thresholds, track sessions or hosts, and manage log output.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.