• Classroom
Course Description

Taught by experts in network defense, this course equips attendees with the skills to build and maintain Intrusion Detection/Prevention Systems (IDS/IPS) and utilize advanced signature-writing techniques to defend large-scale network infrastructures. Students begin with writing basic IDS signatures to identify traffic of interest and advance to creating complex signatures in order to recognize distributed attacks, multi-stage events, and other more complex threats. The course will teach them how to apply decoding and other tools to overcome IDS evasion techniques, how to determine gaps in coverage, and how to manage rule sets to maintain system efficiency.

Learning Objectives

  1. Recognize the benefits and limitations of different IDS types (network- and host-based, and distributed systems)
  2. Identify optimal sensor placement and gaps in coverage
  3. Write basic IDS signatures to identify traffic of interest and tune them to reduce false positives
  4. Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
  5. Apply decoding and other tools to overcome IDS evasion techniques

Framework Connections