Intrusion Detection/Prevention Systems (2014)

From CyberEdWiki
Jump to: navigation, search

This is the approved element for 2014 per the Centers of Academic Excellence program office.<ref>CAE Requirements and Resources</ref> The intent of this Knowledge Unit is to provide students with knowledge and skills related to detecting and analyzing vulnerabilities and threats and taking steps to mitigate associated risks.

Outcomes

  • Students will be able to demonstrate the ability to detect, identify, resolve and document host or network intrusions.
  • Students will be able to demonstrate the ability to detect various types of malware (keyloggers, rootkits) and unauthorized devices (rogue wireless access points) on a live network.
  • Students will be able to demonstrate the ability to configure IDS/IPS systems to reduce false positives and false negatives.

Topics

  • Deep Packet Inspection
  • Log File Analysis
  • Log Aggregation
  • Cross Log Comparison and Analysis
  • Anomaly Detection
  • Misuse Detection (Signature Detection)
  • Specification-based Detection
  • Host-based Intrusion Detection and Prevention
  • Network-based Intrusion Detection and Prevention
  • Distributed Intrusion Detection
  • Hierarchical IDSes
  • Honeynets/Honeypots

Categories

Focus areas

See also

Related Knowledge Units

References

<references />