SANS: SOS: SANS October Singapore 2012 - Intrusion Detection In-Depth

Security 503

6 Day Course

Get OnDemand Demo

(Portal Account Required)

For GIAC Certification

If you register for the full course, you may register to seek your GCIA Certification for only $549.00 US.

Students who attend a live SANS Training Event will receive access to the GIAC certification attempt approximately 7-10 business days after the last day of the event.

Additional information:
GCIA Information
GIAC FAQ
Fee Information

For OnDemand Bundles

You can bundle SANS OnDemand online training and assessment package for an additional $449.00 US when registering for the full course. Additional information can be found at the OnDemand Bundles page and the OnDemand FAQ.

COSEINC, our Singapore Course Provider will be marketing this program locally. Note that Singapore Citizens and PRs must register via COSEINC for CITREP eligibility

SECURITY 503

Intrusion Detection In-Depth

Monday, October 8, 2012 - Saturday, October 13, 2012
Staff, The SANS Institute
6 CPE/CMU Credits Per Day

Laptop RequiredFree

This course prepares you for the GCIA certification, which meets the requirement of the DoD 8570 CND ANALYST.

Learn practical hands-on intrusion detection and traffic analysis from top practitioners/authors in the field. This challenging track methodically progresses from understanding the theory of TCP/IP, examining packets, using Snort to analyze traffic, becoming familiar with the tools and techniques for traffic and intrusion analysis, to reinforcing what you've learned with a hands-on challenge of investigating an incident. Students should be able to "hit the ground running" once returning to a live environment where traffic analysis it required.

This is a fast-paced course, and students are expected to have a basic working knowledge of TCP/IP in order to fully understand the topics that will be discussed. Although others may benefit from this course, it is most appropriate for students who are or who will become intrusion detection/prevention analysts. Students generally range from novices with some TCP/IP background all the way to seasoned analysts. The challenging hands-on exercises are specially designed to be valuable for all experience levels. We strongly recommend that you spend some time getting familiar with tcpdump before coming to class.

Prerequisite

Students must possess at least a working knowledge of TCP/IP and hexadecimal. To test your knowledge, see our TCP/IP & Hex Quizzes here.

Who Should Attend?

Intrusion detection analysts (all levels)
Network engineers
System, security, and network administrators
Hands-on security managers

Sampling of Topics:

TCP/IP

Tcpdump Overview and TCP/IP concepts
ICMP
Fragmentation
Stimulus - Response
Microsoft Protocols
Domain Name System (DNS)
IPv6

Hands-On tcpdump Analysis

Mechanics of running tcpdump
General network traffic analysis

Hands-On Snort Usage

Various modes of running Snort
Writing Snort rules

Intrusion Analysis

Intrusion Detection Architecture
Intrusion Detection/Prevention Analysis

Excellent conference I have a ton of stuff to bring back to my company and clients.
-John S. Macy, Network Design Associates

Author Statement

When I was invited to be a member of a computer incident response team in the late 1990's (just after Al Gore invented the Internet), there was no formal cybersecurity training available. Consequently, I learned on the job and made my share, and then some, of mistakes. I was so naive that I tried to report an attack on our network by a host with an IP address in the 192.168 reserved private network, available for use by anyone. Needless to say, I got a very embarrassing enlightenment when someone clued me in.

With the benefit of experience and the passage of time, there are many lessons to be shared with you. This knowledge affords you the opportunity to learn and practice in the classroom to prepare you for the fast-paced always-interesting job of intrusion detection analysts.

- Judy Novak