Intrusion Detection/Prevention Systems (2020)

From CyberEdWiki
Jump to: navigation, search

The intent of the Intrusion Detection/Prevention Systems (IDS) Knowledge Unit is to provide students with knowledge and skills related to detecting and analyzing vulnerabilities and threats and taking steps to mitigate associated risks.

Outcomes[edit]

To complete this KU, students should be able to:

  1. Detect, identify, resolve and document host or network intrusions.
  2. Use tools and algorithms to detect various types of malware (keyloggers, rootkits) and unauthorized devices (rogue wireless access points) on a live network.
  3. Configure IDS/IPS systems to reduce false positives and false negatives.
  4. Deploy reactive measures to respond to detected intrusion profiles.

Topics[edit]

  1. Deep Packet Inspection
  2. Log File Analysis
  3. Log Aggregation
  4. Cross Log Comparison and Analysis
  5. Anomaly Detection
    1. Establishing profiles
    2. Anomaly algorithms, such as:
      1. Statistical Techniques
      2. Correlation Techniques
      3. Fuzzy Logic Approaches
      4. Artificial Intelligence
      5. Filtering Algorithms
      6. Neural Networks
  6. Misuse Detection (Signature Detection)
  7. Specification-based Detection
  8. Host-based Intrusion Detection and Prevention
  9. Network-based Intrusion Detection and Prevention
    1. Stealth mode
  10. Distributed Intrusion Detection
  11. Hierarchical IDS's
  12. Honeynets/Honeypots
  13. Intrusion response
    1. Device Reconfiguration.
    2. Notifications
      1. Logging
      2. SNMP Trap
      3. Email
      4. Visual/Audio Alert
    3. Trace Recording
    4. Opening Application
    5. Session Interuption
    6. Reach back.

Skills[edit]

Specialization Areas[edit]

See also[edit]

Related Knowledge Units


Original Knowledge Unit

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]

Contacts[edit]

Reference ID[edit]

IDS