دیدگاه‌ها برای SANS SEC503: Intrusion Detection In-Depth 2017 با MSH

شرکت SANS یکی از شرکت های قدرتمند در حوزه امنیت اطلاعات می باشد که سایت این شرکت به آدرس sans.org دارای مطالب بسیار مفید و کاربردی در مورد امنیت شبکه و اطلاعات است. هزینه دوره های شرکت SANS بسیار بالا بوده و امکان شرکت در این دوره ها برای اغلب افراد امکان پذیر نمی باشد ولی این شرکت مقالات بسیار مفید وکاربردی در سایت خود به صورت رایگان قرار داده است که می توانید از آن ها استفاده نمایید. یکی از بخش های سایت شرکت SANS، بخش مربوط به هشدارهای امنیتی یا SANS Awareness می باشد که در آن به صورت کوتاه در یک تا سه صفحه به اعلام هشدارهای امنیتی نموده است.

SANS SEC503 : Intrusion Detection In-Depth 2017

Access Period: 4 months
Included: USB
Price: 6,210 USD
Instructor: Joshua Wright
Info: More

Reports of prominent organizations being and suffering irreparable reputational damage have become all too common. How can you prevent your company from becoming the next victim of a major cyber attack?

Preserving the security of your site in today’s threat environment is more challenging than ever before. The security landscape is continually changing from what was once only perimeter protection to protecting exposed and mobile systems that are almost always connected and sometimes vulnerable. Security-savvy employees who can help detect and prevent intrusions are therefore in great demand. Our goal in SEC503: Intrusion Detection In-Depth is to acquaint you with the core knowledge, tools, and techniques to defend your networks with insight and awareness. The training will prepare you to put your new skills and knowledge to work immediately upon returning to a live environment.

Mark Twain said, “It is easier to fool people than to convince them that they’ve been fooled.” Too many IDS/IPS solutions provide a simplistic red/green, good/bad assessment of traffic and too many untrained analysts accept that feedback as the absolute truth. This course emphasizes the theory that a properly trained analyst uses an IDS alert as a starting point for examination of traffic, not as a final assessment. SEC503 imparts the philosophy that the analyst must have access and the ability to examine the alerts to give them meaning and context. You will learn to investigate and reconstruct activity to deem if it is noteworthy or a false indication.

SEC503: Intrusion Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence. You will learn about the underlying theory of TCP/IP and the most used application protocols, such as DNS and HTTP, so that you can intelligently examine network traffic for signs of an intrusion. You will get plenty of practice learning to master different open source tools like tcpdump, Wireshark, Snort, Bro, tshark, and SiLK. Daily hands-on exercises suitable for all experience levels reinforce the course book material so that you can transfer knowledge to execution. Basic exercises include assistive hints while advanced options provide a more challenging experience for students who may already know the material or who have quickly mastered new material.

A VM is provided with tools of the trade. It is supplemented with demonstration “pcaps,” which are files that contain network traffic. This allows you to follow along on your laptop with the class material and demonstrations. The pcaps also provide a good library of network traffic to use when reviewing the material, especially for certification.

SEC503 is most appropriate for students who monitor and defend their network like security analysts, although others may benefit from the course as well. Students range from seasoned analysts to novices with some TCP/IP background. Please note that the VMware image used in class is a Linux distribution, so we strongly recommend that you spend some time getting familiar with a Linux environment that uses the command line for entry, along with learning some of the core UNIX commands, before coming to class.

Course Syllabus
SEC503.1: Fundamentals of Traffic Analysis: Part I
SEC503.2: Fundamentals of Traffic Analysis: Part II
SEC503.3: Application Protocols and Traffic Analysis
SEC503.4: Network Monitoring: Snort and Bro
SEC503.5: Network Traffic Forensics
SEC503.6: NetWars: IDS Version

Author Statement

When I was invited to be a member of a computer incident response team in the late 1990s (just after Al Gore invented the Internet), there was no formal cybersecurity training available. Consequently, I learned on the job and made my share, and then some, of mistakes. I was so naive that I tried to report an attack on our network by a host with an IP address in the 192.168 reserved private network, available for use by anyone. Needless to say, I got a very embarrassing enlightenment when someone clued me in. With the benefit of experience and the passage of time, there are many lessons to be shared with you. This knowledge affords you the opportunity to learn and practice in the classroom to prepare you for the fast-paced always-interesting job of intrusion detection analysts.