Intrusion Detection/Prevention Systems (2020)
From CyberEdWiki
The intent of the Intrusion Detection/Prevention Systems (IDS) Knowledge Unit is to provide students with knowledge and skills related to detecting and analyzing vulnerabilities and threats and taking steps to mitigate associated risks.
Contents
Outcomes[edit]
After completing the KU, students will be able to:
- Detect, identify, resolve and document host or network intrusions.
- Use tools and algorithms to detect various types of malware (keyloggers, rootkits) and unauthorized devices (rogue wireless access points) on a live network.
- Configure IDS/IPS systems to reduce false positives and false negatives.
- Deploy reactive measures to respond to detected intrusion profiles.
Topics[edit]
- Deep Packet Inspection
- Log File Analysis
- Log Aggregation
- Cross Log Comparison and Analysis
- Anomaly Detection
- Establishing profiles
- Anomaly algorithms, such as:
- Statistical Techniques
- Correlation Techniques
- Fuzzy Logic Approaches
- Artificial Intelligence
- Filtering Algorithms
- Neural Networks
- Misuse Detection (Signature Detection)
- Specification-based Detection
- Host-based Intrusion Detection and Prevention
- Network-based Intrusion Detection and Prevention
- Stealth mode
- Distributed Intrusion Detection
- Hierarchical IDS's
- Honeynets/Honeypots
- Intrusion response
- Device Reconfiguration.
- Notifications
- Logging
- SNMP Trap
- Visual/Audio Alert
- Trace Recording
- Opening Application
- Session Interuption
- Reach back.
Skills[edit]
NICE Framework Categories[edit]
CSEC 2017 Categories[edit]
Specialization Areas[edit]
- Data Security Analysis
- Industrial Control Systems-SCADA Security
- Network Security Administration, Specialization Area
- Network Technology and Protocols
- Security Incident Analysis and Response
- System Security Administration
See also[edit]
Related Knowledge Units
- Basic Networking
- Network Defense
- Network Technology and Protocols
- Advanced Network Technology and Protocols
- Network Security Administration
- Wireless Sensor Networks
Original Knowledge Unit
Further reading[edit]
Suggested textbooks[edit]
Suggested academic readings[edit]
Sample knowledge test[edit]
Sample skills test[edit]
Sample abilities test[edit]
Additional notes or materials[edit]
Contacts[edit]
Reference ID[edit]
IDS