Overview

This course delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as DNS and HTTP, so that you can intelligently examine network traffic for signs of an intrusion. You will get plenty of practice learning to master different open source tools like tcpdump, Wireshark, Snort, Bro, tshark, and SiLK. Daily hands-on exercises suitable for all experience levels reinforce the course book material so that you can transfer knowledge to execution. Basic exercises include assistive hints while advanced options provide a more challenging experience for students who may already know the material or who have quickly mastered new material.

Learning Outcome

  • Configure and run open source Snort and write Snort signatures
  • Configure and run open source Bro to provide a hybrid traffic analysis framework
  • Understand TCP/IP component layers to identify normal and abnormal traffic
  • Use open source traffic analysis tools to identify signs of an intrusion
  • Comprehend the need to employ network forensics to investigate traffic to identify a possible intrusion
  • Use Wireshark to carve out suspicious file attachments
  • Write tcpdump filters to selectively examine a particular traffic trait
  • Craft packets with Scapy
  • Use the open source network flow tool SiLK to find network behavior anomalies
  • Use your knowledge of network architecture and hardware to customize placement of IDS sensors and sniff traffic off the wire

Who should Attend?

  • Intrusion detection (all levels), system, and security analysts
  • Network engineers/administrators
  • Hands-on security managers

Eligibility Criteria

  • Students must have at least a working knowledge of TCP/IP and hexadecimal.
  • Familiarity and comfort with the use of Linux commands such as cd, sudo, pwd, ls, more, less
This course is endorsed under Critical Infocomm Technology Resource Programme Plus (CITREP+) Programme.
To find out more about CITREP+ Funding, please refer to Programme Support under CITREP+ page


Information is accurate as of 11 August 2020