The access to this course is restricted to PenTest Premium or IT Pack Premium Subscription.

Learn the principles of intrusion detection process, algorithms used in IDS.


4CPE CREDICTS


The access to this course is restricted to PenTest Premium or IT Pack Premium Subscription


After completing this course you will be able to: 

  • Install Snort by yourself and make sure of detecting basic attacks.
  • Configure and run open-source Snort and write Snort signatures.
  • Configure and run open-source Bro to provide a hybrid traffic analysis framework.
  • Use open-source traffic analysis tools to identify signs of an intrusion.
  • Write your own rule for detecting concrete signatures in network traffic in SnortIDS or SurricataIDS.
  • Test anomaly detection preprocessor for Snort – PHAD.
  • Install OSSIM (opensource SIEM) and setup it to collect events. Setup event correlation.
  • Write tcpdump filters to selectively examine a particular traffic trait.
  • Use the open-source network flow tool SiLK to find network behavior anomalies.
  • Use your knowledge of network architecture and hardware to customize placement of IDS sensors and sniff traffic off the wire.

 


COURSE SYLLABUS

What will you learn in this workshop


 

Module 1 – Introduction to intrusion detection systems (IDS).

Common theory on network attacks

Classifying attacks

First generation of IDS – history of creating and capabilities

Current generation IDS – capabilities and setup

Exercise – Try to install Snort by yourself and make sure of detecting basic attacks

 


Module 2 Signature-based IDS algorithms.


Purpose of creating signature-based algorithms

Understanding of detection process

Signature-based algorithms benefits

Signature-based algorithms restrictions

Typical application for such algorithms

Exercise – Try to write your own rule for detecting concrete signatures in network traffic in SnortIDS or SurricataIDS

 


Module 3 – Statistical anomaly-based IDS algorithms.

Purpose of creating anomaly-based algorithms

Understanding of detection process

Anomaly-based algorithms benefits

Anomaly-based algorithms restrictions

Typical application for such algorithms

Exercise – Try to setup and test anomaly detection preprocessor for Snort – PHAD


Module 4 – IDS with artificial intelligence anomaly detection.

Purpose of creating AI-based algorithms

Understanding of detection process

AI-based algorithms benefits

AI-based algorithms restrictions

Typical application for such algorithms

Methods of bypassing IDS with anomaly-based IDS


Module 5 –  Typical methods of bypassing IDS.

Methods of bypassing IDS with signature-based IDS

Methods of bypassing IDS with anomaly-based IDS

Methods of bypassing IDS with AI-based IDS

Exercise – Try to bypass SnortIDS with one of methods described


Module 6 – Understanding SIEM-systems underlying principles and event correlation.

Mission of SIEMs

Understanding SIEM architecture

Event correlation algorithms

Benefits SIEM gives

Restrictions and typical problems with SIEM systems

Comparison of currently presented SIEMs on market

Future of SIEM and IDS development

Exercise – Try to install OSSIM (opensource SIEM) and setup it to collect events. Setup event correlation


 

 

Your instructor: Vladimir Korennoy

vladimir korennoyInformation security researcher, Lead Developer
Software development.
Information security researching, developing intrusion prevention systems.
SIEM systems.
Digital Forensics/Anti-forensics tools and methods.

Head of Security Systems Development, PENTESTIT:
Supervise the developing of hybrid SIEM with intrusion prevention and detection

 
 
 
 
 
 

Course Reviews

4

4
1 ratings
  • 5 stars0
  • 4 stars1
  • 3 stars0
  • 2 stars0
  • 1 stars0
  1. New topics, and added to existing experiences.

    4

    Having picked up some of this as a network engineer, it’s been a good addition to what was not covered by the needs of my previous role. The course also confirmed what I had been doing, before security was a major issue, was good practice already.

TAKE THIS COURSE
  • Premium Subscription Only
  • UNLIMITED ACCESS
  • Course Certificate
709 STUDENTS ENROLLED

Certificate Code

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013