Intrusion Detection & Prevention
- Codice corso: SEC_Intrusion
- Durata corso: 4gg
INTRODUCTION
The course provides technical knowledge and information necessary to detect security anomalies and to be able to defend your network from potential attacks.
OBJECTIVES
The most used application protocols and the most widespread open tools will be treated, the aim is to be able to understand and examine network traffic and highlight any signs of an intrusion.
PREREQUISITES
Network administration experience, protocols and application concepts
COURSE OUTLINE
Introduction
- Detection e prevention concept
TCP/IP Protocols
- TCP
- UDP
- ICMP
- ARP
- DNS
Concepts
- Layer 2
- Layer 3
- Packet Header
Analysis tool
- TCPDUMP/Windump
- Wireshark
Lab
- Prerequisites
- First part preparation
- Wireshark lab
IDS/IPS
- IDS e IPS
- Typologies
- Implementation strategies
- Commercial IDS and Free
- Snort in depth
- Snort Labs
- Questions