Intrusion Analyst

Virtual Instructor-Led Training

5 Days (40 Hours)

Intrusion Analyst is a hands-on course that covers intrusion detection in-depth. This includes concepts such as the use of Snort, network traffic analysis, and IDS signatures.

Understand and configure Snort for effective intrusion detection.
Analyze network traffic to identify potential security threats.
Master packet crafting, fragmentation, and IDS evasion techniques.
Develop expertise in TCP/IP and Microsoft protocol analysis.
Utilize Wireshark and TCPdump for deep packet inspection.

Download course details

Prerequisites

Required

UNIX, Windows, Networking, and Security Experience

This is a hands-on skill course requiring comfort with command line interaction and network communications

Course Outline

Advanced Snort Concepts

Analyst Toolkit

Domain Name System (DNS)

Examining Packet Crafting

Examining Packet Header Fields

Fragmentation

ICMP Theory

IDS Interoperability

IDS Patterns

IDS/IPS Management & Architecture Issues

Indications, Warnings & Traffic Correlation

IPv6

Microsoft Protocols

Network Traffic Analysis

NIDS Evasion, Instertion & Checksums

Snort Fundamentals & Configuration

Snort GUIs & Sensor Management

Snort Performance, Active Response & Tagging

Snort Rules

Stimulus Response

TCPdump Fundamentals

TCP/IP Fundamentals

Wireshark Fundamentals

Writing TCPdump Filters