Basic Intrusion Analysis
This course teaches participants how to use tools that are available on the Internet to analyze and identify intrusions in the network. Participants will also get a more holistic understanding of intrusion patterns to be able to analyze each case and identify the ones that are worth bringing forward. Overall, the course provides practitioners with the core skills and knowledge needed to protect networks against intrusions in the real world.
After completing this course, participants are expected to be able to:
- Configure and run open-source Snort and write Snort signatures.
- Configure and run open-source Bro to provide a hybrid traffic analysis framework.
- Understand TCP/IP components to identify traffic changes.
- Use open-source traffic analysis tools to identify signs of intrusions.
- Employ network forensics to investigate traffic to identify possible intrusions.
- Use Wireshark to carve out suspicious file attachments.
- Write tcpdump filters to selectively examine particular traffic traits.
- Craft packets with Scapy.
- Use SiLK to find network behavior anomalies
- Use network architecture and hardware to customize IDS sensor placements and identify traffic off the wire.
Who Should Join This Course?
- SOC Operators
- Security analysts
- Incident responders
- Network engineers
- Network administrators
- Security managers