Taught by experts in network defense, this course equips you with the skills to build and maintain Intrusion Detection/Prevention Systems (IDS/IPS) and utilize advanced signature-writing techniques to defend large-scale network infrastructures. You will begin with writing basic IDS signatures to identify traffic of interest and advance to creating complex signatures to recognize distributed attacks, multi-stage events, and other more complex threats. The course also teaches you how to apply decoding and other tools to overcome IDS evasion techniques, how to determine gaps in coverage, and how to manage rule sets to maintain system efficiency. Beyond threat detection and mitigation, you will also learn the benefits and limitations of different IDS/IPS system types.
Day 5 – Student Practical Demonstration
Students are given several packet captures containing a variety of scanning and exploitation techniques. They are tasked with identifying the significant elements of the attack and translating them into IDS signatures. Finally, they are tasked with tuning those signatures to reduce false positives and limit excessive events