Core Module 3: Intrusion Detection and Prevention Systems
Units:
1. Intrusion Detection and Prevention Concept
1.1 Background
1.2 Network Based Intrusion Detection
1.3 Host Based Intrusion Detection
1.4 Common network threats and vulnerabilities
2. Architecture and Taxonomy
3. Analysis of threats, vulnerabilities
3.1 Log Analysis (Syslog, IDS log, Firewall log etc)
3.2 Incident analysis
3.3 Cyber Forensics
3.4 Traffic Analysis (packets)
3.5 Flow Analysis
3.6 Network Security Analysis (System, user and traffic based)
3.7 Honey-pot
4. Signature and Rule Based Detection
4.1 Writing Rules for vulnerabilities
4.2 Writing Signature for threats
4.4 Different Techniques for detection of rules and Signature
5. Anomaly Based Detection
5.1 Behavior Based Anomaly Detection
5.2 Traffic Pattern Based Anomaly Detection
5.3 Protocol Based Anomaly Detection
6. Intrusion Detection Tool
6.1 Packet Capturing and Analysis
6.2 Snort IDS and Snort Signature
6.3 N@G IDS
7. Incident Response
7.1 Security life cycle
7.2 Incident response team
7.3 Early warning & advisories
|
Week |
Units to be covered |
|
1 |
Unit 1 & 2 |
|
2 |
Unit 3 |
|
3 |
Unit 4 |
|
4 |
Unit 5 |
|
5 |
Unit 6 & 7 |
Reference Books:
1) Computer Networking: A top down approach, 5/e by James F. Kurose and Keith W. Ross: ISBN: 0-13-607967-9
2) Intrusion Signatures and Analysis, by Cooper Mark, Fearnow Matt, Frederick Karen, Northcutt Stephen, Publisher new riders
