Intrusion Detection System IDPS Training
Intrusion detection and prevention systems (IDPS) are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
This 5-day class consolidates the Snort IDS/IPS Technology class and the Rule Writing Best Practices class. Students will learn how to build and manage a Snort sensor using open source tools, plug-ins, and the Snort rule language to help manage, tune, and deliver feedback onsuspicious network activity. Hands-on labs help students construct solid, secure Snort installations and write Snort rules using proper syntax and structure. Students will also test their rule writing skills in two challenges: a theoretical challenge that tests their knowledge of rule syntax and usage and a practical challenge in which an exploit is presented for students to analyze and research so they can defend their installations against the attack.
Target Audience:
This course is a must for network administrators, security administrators, security consultants, and other security professionals responsible for deploying open source IDS/IPS sensors and writing Snort rules.
Prerequisites:
This course assumes that students have a technical understanding of TCP/IP networking (we do a refresher in Day 1) and network architecture. Proficiency with Linux and UNIX text editing tools (vi editor) is suggested, not required.
