Code:CNT1202

Introduction

The objective of the course is to deliver technical knowledge, awareness and hands-on Intrusion Detection and Prevention Systems (IDS/IPS). The course will provide clear understanding of how to instrument your network and enable participants to perform detailed incident analysis and reconstruction.

Course content

  • Introduction to IDS/IPS
    • What is an IDS / IPS
    • Types of IDS / IPS
    • Alert classification

 

  • IDS/IPS deployment
    • Deployment strategy
    • Suricata introduction
    • Wazuh introduction

 

  • Configuration and administration
    • Detection strategy and rule writing
    • NIDS (Suricata)
    • HIDS (Wazuh)

 

  • Limitations and bypass techniques
    • Sensor and ruleset management
    • Adversary techniques

Learning outcomes

  • Understand and analyze IDS/IPS traffic to mitigate threats
  • Identify potentially malicious activities
  • Hands-on practice on detection and analysis
  • Configure and run IDS/IPS sensor and write signatures
  • Deploy, implement and administrate IDS/IPS

Prerequisites

  • Foundational knowledge of the Open Systems Interconnection (OSI) model 
  • Foundational knowledge of TCP / IP and networking protocols
  • Foundational knowledge of Windows operating systems
  • Foundational knowledge of UNIX / Linux operating systems
  • Foundational knowledge of cyber security threats and attack methods
  • Foundational knowledge of Security Information and Event Management (SIEM) systems
  • Foundational knowledge of digital forensic concepts

Duration

  • 3 Days
DOWNLOAD COURSE