Considerable concern has resulted from reports that Google, and what has been reported as more than 20 other companies, have fallen under hacking attacks thought to emanate from China. There is nothing special about news of hacking. What has changed is the recent realization that it is likely that the latest breed of hacker is no longer an individual amateur wanting to prove their individual skill as a challenge, but may well be serious government funded professional group. It is thought that attacks have been perpetrated on commercial, banking and defense corporations as well as high profile Internet businesses like Google and Yahoo.
With potential in the future from terror groups as well, detecting attempted intrusions attacks early and effectively is critical, not just to protect human rights, as was thought to be the motivation for the Google attacks but also to protect major commercial Interests and national security. Detecting potential attacks and being aware of likely threats is important to all organizations. It is no longer just security experts that need security skills, but it should be within the knowledge base of all technical professionals.
This course provides an understanding of the jargon that surrounds this field. It analyzes the different classes of attack that have been identified and examines some of the methods that have been employed by hackers. Having established the form of the threats it teaches how to detect and recognize these threats without crippling the networks being defended. It then goes on to establishing countermeasures and good practice to minimize or remove the threats.
Students learn the inner workings of the "real" TCPIP protocols from intrusion detection points of view. In addition to studying the normal or expected TCPIP conventions and behavior the course examines malicious or unexpected patterns that may be seen in the wild. This provides participants a more accurate view of real world situations that they would encounter and prepares them to determine what is going on in the actual network traffic. WireShark is used to produce an audit trail of traffic flowing in and out of the network and allows packet content to be analyzed for abnormalities. Students learn how to recognize the warnings and alerts produced by intrusion detection systems and determine the source of problem as well as capturing pertinent activities afterwards. Hands-On exercises on analysis tools are used to achieve this.
The course finally goes on to examine how Intrusion Detection Systems can be deployed to automate detection and potentially undertake countermeasures to protect.
Students Will Learn: