Course: Intrusion Detection (IDS) 


Duration:    2 Days
Subject and aims of course: In order to protect computer systems against hacker attacks, various firewalls are used today. Doubtlessly, firewalls increase IT security. However, firewalls cannot ward off all attacks. They are useless against attacks initiated from within the network itself (the majority!). The Intrusion Detection Systems (IDS) are utilized for this type of protection. Intrusion Detection is the art of detecting inappropriate, incorrect, or suspicious activity.
In this specialized course, the participants are tought the possibilities and limitations of the IDSs . They learn comprehensive network protection capabilities, using built-in, proactive defenses for damage prevention. 
Target groups: Network administrators, system engineers, those responsible for security
Course contents: Introduction 
- TCP/IP for Intrusion Detection 
- Internet Security Threats
- Common Hacker Attacks 

Intrusion Detection  
- What is Intrusion Detection ? 
- Targets of an Itrusion Detection System
- Network- versus Host-based Detection System
- Structure of an Intrusion Detection System
- Intrusion Detection Process
- Limits of an Intrusion Detection System

Network-based Intrusion Detection Systems
- Introduction
- Architecture
- Distributed Network-Node System
- Benefits

Host-based Intrusion Detection Systems
- Introduction
- Architecture
- Distributed Host-based System
- Benefits

IDS Signatures and Analysis
- Concept
- Common Vulnerabilities and Exposures
- Normal Traffic Signatures
- Abnormal Traffic Signatures

Open Source IDS
- Snort (Architecture, Installation, Configuration, Logs,..)

Business Aspects
- Requirements Definition
- Tool Selection and Evaluation Process

Commercial Intrusion Detection Tools
- NFR, BlackICE, ISS, ....

Organizations and Standards 

Conditions: Attending the "Networking", and "TCP/IP Protocol" courses or equivalent knowledge.
Please contact us for any queries, we will be happy to be of assistance. 
Course environment: The course is carried out as a combination of presentation and workshop. The individual modules are initiated by an introductory presentation. They are then extended by a various "live" demonstrations / exercises..

All participating PCs have an Intrusion Detection System, Analyzer, Port Scanner, Internet connection, ...

Various Firewalls (CheckPoint FW-1, Netscreen, ZyWALL, Cisco PIX ...) are available as well. 

ROMAN - Consulting & Engineering AG