Network Intrusion Analysis (hands-on)
TCP/IP protocol suite is the core of the Internet and it is vital to understand how it works together, its strengths and weaknesses and how it can be used to detect and analyze malicious traffic used to bypass your organization’s security infrastructure.
To better understand this complex suite of protocols, IPSS has developed a course that walks the student through TCP/IP and also provides hands on exercises to help understand how TCP/IP suite of protocols and services interact together. This is done using real and simulated traffic of actual attacks and exploits used to compromise a host or network.
This course address some of the Government of Canada Operational Security Standard: Management Information Technology Security (MITS)1 specifically items 15, 16.4.2, 16.4.6, 16.4.11, 17 and 18.
The purpose of this course is to help IT professionals develop an in-depth understanding of TCP/IP. The course was put together to take the student from the basics of networking to the more complex inner working of TCP/IP, including:
- A detailed understanding of IPv4 headers and traffic structure;
- Introduction to IPv6;
- Analyze and profile benign and malicious traffic through hands-on exercises;
- Learn how to use tcpdump/windump and write libpcap filters to view and extract information;
- Learn how to do network traffic forensics including how to use Wireshark to carve files from data collected in pcap files;
- Basic malware analysis using some simple tools;
- Introduction to Snort signatures: Learn how to write, test and run Snort signatures for Snort IDS using the Snort IDS with Sguil freeware sensor from http://handlers.dshield.org/gbruneau/
- Learn to use the various tools built-in Sguil (sancp network profiler, p0f, tcpflow, httpry, PADS, Wireshark) to analyze suspicious traffic;
- Several hand-on exercises to gain a better understanding of the material.
This course uses a combination of theory and appropriate hands-on technical exercises. PCs and software are provided for each student. For a detailed course outline, click here. Our next 5 day training session will be held in Ottawa between January 16th to January 20th, 2023. Cost of the 5 day course is $3500 + HST.
You can download the registration form here, or click below to register on-line.