• EM BREVE
  • 180 Dias
0 ALUNOS INSCRITOS

    A LPIC-1 é a certificação de entrada da carreira Linux e muito reconhecida no mercado.  O LPIC-1 irá validar a …

    A LPIC-1 é a certificação de entrada da carreira Linux e muito reconhecida no mercado.  O LPIC-1 irá validar a sua capacidade de executar tarefas de manutenção com a linha de comando, instalar e configurar um computador com Linux e ser capaz de configurar a rede básica.

    Após completar este curso você terá habilidades para:

    • Install Snort by yourself and make sure of detecting basic attacks.
    • Configure and run open-source Snort and write Snort signatures.
    • Configure and run open-source Bro to provide a hybrid traffic analysis framework.
    • Use open-source traffic analysis tools to identify signs of an intrusion.
    • Write your own rule for detecting concrete signatures in network traffic in SnortIDS or SurricataIDS.
    • Test anomaly detection preprocessor for Snort – PHAD.
    • Install OSSIM (opensource SIEM) and setup it to collect events. Setup event correlation.
    • Write tcpdump filters to selectively examine a particular traffic trait.
    • Use the open-source network flow tool SiLK to find network behavior anomalies.
    • Use your knowledge of network architecture and hardware to customize placement of IDS sensors and sniff traffic off the wire.


    PROGRAMA DO CURSO

    O que você irá aprender nesse curso


     

    Module 1 – Introduction to intrusion detection systems (IDS).

    Common theory on network attacks
    Classifying attacks
    First generation of IDS – history of creating and capabilities
    Current generation IDS – capabilities and setup
    Exercise – Try to install Snort by yourself and make sure of detecting basic attacks


    Module 2 – Signature-based IDS algorithms.

    Purpose of creating signature-based algorithms
    Understanding of detection process
    Signature-based algorithms benefits
    Signature-based algorithms restrictions
    Typical application for such algorithms
    Exercise – Try to write your own rule for detecting concrete signatures in network traffic in SnortIDS or SurricataIDS

     


    Module 3 – Statistical anomaly-based IDS algorithms.

    Purpose of creating anomaly-based algorithms
    Understanding of detection process
    Anomaly-based algorithms benefits
    Anomaly-based algorithms restrictions
    Typical application for such algorithms
    Exercise – Try to setup and test anomaly detection preprocessor for Snort – PHAD


    Module 4 – IDS with artificial intelligence anomaly detection.

    Purpose of creating AI-based algorithms
    Understanding of detection process
    AI-based algorithms benefits
    AI-based algorithms restrictions
    Typical application for such algorithms
    Methods of bypassing IDS with anomaly-based IDS


    Module 5 –  Typical methods of bypassing IDS.

    Methods of bypassing IDS with signature-based IDS
    Methods of bypassing IDS with anomaly-based IDS
    Methods of bypassing IDS with AI-based IDS
    Exercise – Try to bypass SnortIDS with one of methods described


    Module 6 – Understanding SIEM-systems underlying principles and event correlation.

    Mission of SIEMs
    Understanding SIEM architecture
    Event correlation algorithms
    Benefits SIEM gives
    Restrictions and typical problems with SIEM systems
    Comparison of currently presented SIEMs on market
    Future of SIEM and IDS development
    Exercise – Try to install OSSIM (opensource SIEM) and setup it to collect events. Setup event correlation


     

    Instrutor: André de Miranda Souza

    Resenhas do Curso

    N.A

    ratings
    • 1 stars0
    • 2 stars0
    • 3 stars0
    • 4 stars0
    • 5 stars0

    Nenhuma resenha foi encontrada para este curso.

    Todos os direitos reservados.

    Login

    REGISTRO

    Crie uma conta
    Criar uma conta Voltar ao login/registro