ISS trainings
Intrusion Detection, Prevention and Response

Incident response requires a special set of skills that combine business as well as technical analysis; you must understand the current hacker techniques and be technically able to locate every modification an intruder has made to your system. It can take days for even the most qualified security professional to identify and eradicate the damage caused by an attack. During Advanced Intrusion Detection and Response, you will:
1. Learn how to develop policies, procedures, and architectures needed to protect your networks from exploit.
2. Be exposed to many tools you will want to include in your Incident Response Toolkit.
3. Work through several analysis examples, designed to prepare and help you minimize the time and effort
spent "cleaning up" after an intrusion.
3 days
Key Instructional Focus and Objectives
1. Use VMware and the various virtual systems used in this course.
2. Define an intrusion as well as what might be a proper response to that intrusion.
3. Describe the components and architecture of Internet Security Systems' SiteProtector.
4. Use some open source network and host-based intrusion detection tools in a real-world environment.
5. Describe the six steps of incident response.
6. Discuss the five stages of a typical attack and how an intruder uses each stage.
7. Use your network assets and local policy to help identify the proper response to an incident.
8. Demonstrate several common methods hackers use to defeat IDS systems.
9. Correlate data gathered by different devices to facilitate effective incident response.
10. Use response options, such as user-defined responses, automatic response options, and host-based responses, to better secure your environment.
11. Use simple tools, such as Ethereal, tcpdump, CapXmit, and Snort, to capture and analyze network traffic.
12. Introduce tools that you can use to track down the origin of an attack.
13. Identify important system log and event files that you should examine and archive on a secure, remote system.
Key Hands-on Lab Focus and Objectives
Lab 1: Working with VMware
Lab 2: Discovering Exploits and Vulnerabilities
Lab 3: Set up a Commercial IPS
Lab 4: Configuring Open Source IDS/IPS Tools
Lab 5: Assets and Policy
Lab 6: Reporting Incidents
Lab 7: Attacking a System
Lab 8: Defeating IDS/IPS
Lab 9: Layered Events
Lab 10: Generic User Defined Responses
Lab 11: Tracking Network Packets
Lab 12: Tracking the Source of an Attack
Lab 13: Centralizing and Saving Events
Solid knowledge of TCP/IP, the OSI model, and network architecture
Knowledge of Linux/Unix and Windows administration
The participants will obtain certificates signed by Internet Security Systems
Krakow - 5 Tatarska Street, II floor, hours: 9:00 am - 4:00 pm
Warsaw - 17 Bielska Street, hours: 9:00 am - 4:00 pm
Authorized Internet Security Systems Trainer
2400 EUR

• Opening Extreme Networks Authorized Traininigs in Special Price
• ISS week with free accommodation!
• Check Point Advanced Specializations
• If Check Point ----- point Krakow!

• BlueCoat: Blue Coat Director Course
• BlueCoat: Blue Coat WAN Acceleration Professional (BCWAP) Course
• Fortinet: FortiMail Email Filtering
•   New trainings: RSS Feed »