SEC503: Intrusion Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that you can intelligently examine network traffic for signs of an intrusion.
The hands-on training (Aug. 05 - Aug. 10 2007) in SEC503 is intended to be both approachable and challenging for beginners and seasoned veterans. There are two different approaches for each exercise. The first contains guidance and hints for those with less experience, and the second contains no guidance and is directed toward those with more experience. In addition, an optional extra credit question is available for each exercise for advanced students who want a particularly challenging brain teaser. A sampling of hands-on exercises includes the following:
- Day 1: Hands-On: Introduction to Wireshark
- Day 2: Hands-On: Writing tcpdump filters
- Day 3: Hands-On: IDS/IPS evasion theory
- Day 4: Hands-On: Snort rules
- Day 5: Hands-On: Analysis of three separate incident scenarios
- Day 6: Hands-On: The entire day is spent engaged in the NetWars: IDS Version challenge
Link: Network Intrusion Detection | SANS SEC503 | Intrusion Detection Training