Intrusion Detection and Analysis - PCI DSS, Firewall Rulebase Analysis, AuditPro, Firesec, Security Assessment and Audit Software for all versions of Operating Systems, Databases, Routers, Switches, Windows, Unix, Linux, Oracle, MS SQL, IBM DB2, Cisco PIX, Cyberguard, Netscreen, Checkpoint Firewalls, GFI Languard, in India, Mumbai, Hyderabad, Delhi, Bangalore, Chennai, Kolkatta, UAE, Dubai, Kuwait, Bahrain, Qatar, Saudi Arabia, Malaysia, Singapore, Thailand, Far East, USA, Europe, North America.

Company
- About Us
- Strengths
- Forums
- Contact Us
Training
Careers
Clients
- Testimonials
Partner with us

Quick Links

Training Curriculum

Training Calendar

About Us

e-Learning Curriculum

Intrusion Detection and Analysis

A Security Operations Centre (SOC) is a centralized unit in an organization that deals with security issues, on an organizational and technical level. This course is mostly intended in making the participant aware of the anatomy of security attacks, beginning at packet level analysis and moving up to alarms generated by Security Event Management solutions such as ArcSight or netForensics. It aims to provide the participants with the hands-on experience and knowledge to handle, manage, escalate and resolve security issues with proper knowledge and technical expertise.

Who should attend this course?

System and Network Administrators
Security Administrators
Incident Handling Teams
Intrusion and Forensics Teams

Course Contents

Session One: Getting the basics right

Module 1: Introduction
Module 2: Course Objectives
Module 3: Networking Concepts
- Module 3.1: OSI Layer
- Module 3.2: IP Addressing and Routing
Module 4: Basic TCP/IP
- IP Headers
- TCP Headers
- UDP Headers
- TCP UDP Head to Head
- TCP Handshake and Shutdown
- ICMP Headers

Session Two: Packet Analysis

Module 5: TCPdump
Module 6: Introduction to TCPDump and Wireshark (formerly Ethereal)
Module 7: Binary packet capture
Module 8: Basic analysis of captured packets
Module 9: Introduction to Packet Filters
Module 10:TCPdump on Windows – Windump

Session Three: Security Information Management (SIM)

Module 11: SIM - Introduction
Module 12: OSSIM – Introduction
Module 13: OSSIM – Tools
Module 14: OSSIM Configuration

Session Four: Attack Analysis

Module 15: Detecting port scans – Port Sentry and others
Module 16: False Positives
Module 17: Analysis of DNS Attacks
Module 18: The RPC Buffer Overflow
Module 19: SQL Injection – Web-based logs

Session Five: Incident Analysis and Handling

Module 20: Defining “Incidents”
Module 21: Hacking “Incidents”
Module 22: Digital Forensics Essentials - Learning the ropes
- The 6 A's –
  - Assessment
  - Acquisition
  - Authentication
  - Analysis
  - Articulation
  - Archival
Module 23: Investigative Guidelines
Module 24: Analysis of the Indian IT Act 2000

Session Six: Security Operations Centre’s Best practices

Module 25: Security Information Overload
Module 26: What Does a Security Operations Centre Do?
Module 27: Why “After the Fact” is Too Late
Module 28: Business Requirements
- Reduce Risk and Downtime
- Threat Control and Prevention
- Ease Administrative Overheads
- People and Responsibilities
- Escalation Path
- Audit and Compliance Support
- Incident Response and Recovery
Module 29: Technical Requirements
- Speed of aggregation and Correlation
- Device and System Coverage
- Ability to Respond Quickly
- 24 x 7 Uptime
- Forensics Capabilities
- Intelligent Integration with SOC's and NOC's