An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms).
IDS is composed of several components:
There are several ways to categorize IDS depending on the type and location of the sensors and the methodology used by the engine to generate alerts. In many simple IDS implementations all three components are combined in a single device or appliance.
About this workshop
Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS) are used to detect & prevent attacks in real-time. However, if they are not configured properly they may be of no use. Further the events reported by these devices need to be monitored by analysts on a continuous basis.
An important element of effective security monitoring is the ability to examine the packet decode from network intrusion detection systems. A skilled intrusion analyst will be able to analyze packets to reduce the likelihood of false positives and also be able to proactively update signatures and apply new filters to deal with the emerging threats. This workshop enables participants to gain a better understanding of about intrusion detection and traffic analysis.
Benefits
On completion of this workshop, participants will get a better understanding of
Who should attend
This workshop will significantly benefit professionals responsible for monitoring and analyzing network traffic to detect and prevent intrusions.
The workshop is restricted to participants who have adequate knowledge of networking and TCP/IP concepts.
Workshop Outline
TCP/IP Concepts
Understanding Packets
Capturing and Analyzing Network Traffic
Intrusion Detection and Prevention Systems
Signatures and Analysis