LENGTH: 1 day

OVERVIEW

Intrusion detection has grown from something that at one time was considered a “black art” to a mainstream activity in organizations throughout the world. There is a lot more to intrusion detection than meets the eye, however. Intrusion detection involves considerably more than deploying intrusion detection systems (IDSs), for example. The particular manner in which IDSs are deployed greatly affects their effectiveness, but few people genuinely understand the “in’s and out’s” of intrusion detection sufficiently to deploy IDSs in an optimal manner. Additionally, successful use of intrusion detection requires establishing an infrastructure that includes appropriate policy provisions, management oversight, incident response procedures, and many other considerations.

This one day course “puts it all together” by providing attendees with in-depth information about the most critical aspects of intrusion detection. This course teaches attendees what they need to know to set up an intrusion detection program and make sound technical decisions concerning deployment of the various elements of these programs.

WHO SHOULD ATTEND

This course is designed for a wide range of attendees, including system and network administrators, IT staff, information security staff, and auditors. It contains a mixture of technical and non- technical information.Some knowledge of networking, Unix, Linux and Windows operating systems will be helpful in understanding some of the technical content of this course, but is not required.

Outline

Topics covered include:

  • Introduction
  • Approaches to Intrusion Detection
  • How Intrusion Detection Systems Work
  • Case Studies: Two Real-Life IDSs
  • The Administrative/Procedural Side of Intrusion Detection
  • Wrap-Up