Intrusion Detection & Analysis

Learn Intrusion Detection & Analysis

A Security Operations Centre (SOC) is a centralized unit in an organization that deals with security issues, on an organizational and technical level. This course is mostly intended in making the participant aware of the anatomy of security attacks, beginning at packet level analysis and moving up to alarms generated by Security Event Management solutions such as ArcSight or netForensics. It aims to provide the participants with the hands-on experience and knowledge to handle, manage, escalate and resolve security issues with proper knowledge and technical expertise.

Who should attend this training?

  • System and Network Administrators
  • Security Administrators
  • Incident Handling Teams
  • Intrusion and Forensics Teams

Course Contents

  • Module 1: Introduction
  • Module 2: Course Objectives
  • Module 3: Networking Concepts
    • Module 3.1: OSI Layer
    • Module 3.2: IP Addressing and Routing
  • Module 4: Basic TCP/IP
    • IP Headers
    • TCP Headers
    • UDP Headers
    • TCP UDP Head to Head
    • TCP Handshake and Shutdown
    • ICMP Headers
  • Module 5: TCPdump
  • Module 6: Introduction to TCPDump and Wireshark (formerly Ethereal)
  • Module 7: Binary packet capture
  • Module 8: Basic analysis of captured packets
  • Module 9: Introduction to Packet Filters
  • Module 10: TCPdump on Windows – Windump
  • Module 11: SIM - Introduction
  • Module 12: OSSIM – Introduction
  • Module 13: OSSIM – Tools
  • Module 14: OSSIM Configuration
  • Module 15: Detecting port scans – Port Sentry and others
  • Module 16: False Positives
  • Module 17: Analysis of DNS Attacks
  • Module 18: The RPC Buffer Overflow
  • Module 19: SQL Injection – Web-based logs
  • Module 20: Defining “Incidents”
  • Module 21: Hacking “Incidents”
  • Module 22: Digital Forensics Essentials - Learning the ropes
    • The 6 A's –
      • Assessment
      • Acquisition
      • Authentication
      • Analysis
      • Articulation
      • Archival
  • Module 23: Investigative Guidelines
  • Module 24: Analysis of the Indian IT Act 2000
  • Module 25: Security Information Overload
  • Module 26: What Does a Security Operations Centre Do?
  • Module 27: Why “After the Fact” is Too Late
  • Module 28: Business Requirements
    • Reduce Risk and Downtime
    • Threat Control and Prevention
    • Ease Administrative Overheads
    • People and Responsibilities
    • Escalation Path
    • Audit and Compliance Support
    • Incident Response and Recovery
  • Module 29: Technical Requirements
    • Speed of aggregation and Correlation
    • Device and System Coverage
    • Ability to Respond Quickly
    • 24 x 7 Uptime
    • Forensics Capabilities
    • Intelligent Integration with SOC's and NOC's

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content