TN-979: Intrusion Analyst Course

Course Overview:

Intrusion Analyst is a hands-on course that covers intrusion detection in-depth. This includes concepts such as the use of Snort, network traffic analysis, and IDS signatures.

A skills focus enables the student to better absorb the subject matter and perform successfully on the job.   This is not death by power point. The course is aligned with information assurance operators and executing hands-on labs. Lecture and labs walk the student through the knowledge required to truly understand the mechanics of packet and intrusion analysis.

Attendees to TN-979: Intrusion Analyst will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Advanced Snort Concepts
  • Analyst Toolkit
  • Domain Name System (DNS)
  • Examining Packet Crafting
  • Examining Packet Header Fields
  • Fragmentation
  • ICMP Theory
  • IDS Interoperability
  • IDS Patterns
  • IDS/IPS Management & Architecture Issues
  • Indications, Warnings & Traffic Correlation
  • IPv6
  • Microsoft Protocols
  • Network Traffic Analysis
  • NIDS Evasion, Instertion & Checksums
  • Snort Fundamentals & Configuration
  • Snort GUIs & Sensor Management
  • Snort Performance, Active Response & Tagging
  • Snort Rules
  • Stimulus Response
  • TCPdump Fundamentals
  • TCP/IP Fundamentals
  • Wireshark Fundamentals
  • Writing TCPdump Filters

Course Prerequisites:

  • GSEC or equivalent experience
  • UNIX, Windows, Networking, and Security Experience
  • This is a hands-on skill course requiring comfort with command line interaction and network communications

Comments

Latest comments from students

User: Tosha

Instructor comments: Dave was an excellent instructor. He is very informative and knowledgeable in the course and the material. I have enjoyed the class and I would take another course with him as the instructor.

Facilities comments: Very nice and clean hotel.

User: buckey26

Instructor comments: Dave was one of the best instructors I have ever had for a tech course. He broke down everything to the point where you can understand it internally.

Liked the class?  Then let everyone know!

Contact Us

    After you press "Request Information" near the bottom of this form, within 30 seconds, status will be provided at the bottom of the form

    Tech Now can provide on-site training anywhere in the world. We'll customize a training package to meet your needs!

    First Name*

    Last Name*

    Your Email*

    Your Company*

    Your State*

    Area of Interest

    Phone

    Questions:

    After you press "Request Information" on this form, within 30 seconds, status will be provided at the bottom of the form

    from page:

    in   

    TN-865: Wireshark Network Traffic and Security Analysis

    Course Overview:

    This course delivers the technical knowledge, insight, and hands-on training to receive in-depth knowledge on Wireshark® and TCP/IP communications analysis. You will learn to use Wireshark to identify the most common causes of performance problems in TCP/IP communications. You will learn about the underlying theory of TCP/IP and the most used application protocols, so that you can intelligently examine network traffic for performance issues or possible Indicators of Compromise (IoC).

    Duration: 5 Days

    Audience:

    Anyone interested in learning to troubleshoot and optimize TCP/IP networks and analyze network traffic with Wireshark, especially network engineers, information technology specialists, and security analysts.

    Course Prerequisites:

    We recommend that attendees of this course have the following prerequisite:
    • Network+

    Dates/Locations:

    No Events

    Course Outline:

    DAY ONE

    Course Set Up and Analyzer Testing

    Network Analysis Overview
    Wireshark Functionality Overview
    Capturing Wired and Wireless Traffic
    Define Global and Personal Preferences for Faster Analysis
    Defined Time Values and Interpret Summaries
    Interpret Basic Trace File Statistics to Identify Trends
    Create and Apply Display Filters for Efficient Analysis

    DAY TWO

    Follow Streams and Reassemble Data
    Use Wireshark’s Expert System to Identify Anomalies
    TCP/IP Analysis Overview
    Analyze Common TCP/IP Traffic Patterns

    DAY THREE

    Graph I/O Rates and TCP Trends
    802.11 (WLAN) Analysis Fundamentals
    Voice over IP (VoIP) Analysis Fundamentals
    Network Forensics Fundamentals

    DAY FOUR

    Detect Scanning and Discovery Processes
    Analyze Suspect Traffic

    DAY FIVE

    Use Command‐Line Tools

    Next/Related Courses:

     

     

    Hardware, Software, and Consulting

    TechNow Provides Integrated Solutions

    TechNow delivers enterprise hardware, software, and consulting that implements technologies in the areas of virtualization, IP telephony, open source systems, or security.  If your company is interested in the benefits of cost effective and secure hardware, software and consulting solutions, please contact us for further information.

    TechNow Virtualization Solutions:  TechNow delivers virtualization solutions in several virtualization stacks: Microsoft HyperV, Oracle VM, and VMware.  TechNow integrates open system RAID NAS storage solutions that enable high availability solutions for all stacks.  High performance I/O is critical to virtualized solutions and TechNow delivers the hardware, software, and consulting to make that happen. Mission critical environment and optimized for be both scalable and secure.  If you are interested in purchasing a virtualization solution please contact TechNow to setup an appointed to discuss your requirements.

    TechNow VoIP Solutions:   TechNow  delivers VoIP affordable solutions utilizing SIP and integrating desktop softphones, physical handset phones, iPad/iPod clients, cell phones, web status, email, voicemail, extisting landlines, and VoIP SIP Trunks.  There are many marketing terms for highly integrated solutions, the term our product is "Great".  If you are interested in purchasing a VoIP solution please contact TechNow to setup an appointed to discuss your requirements.

    TechNow Security Solutions:   TechNow delivers security solutions that are enterprise centric.  As organizations grapple with managing security in their infrastructure, TechNow can architect, deliver, and implement  hardware, software, and consulting required to insure a responsive and integrated approach to infastructure security.

    in   

    TN-335: Advanced Penetration Testing Using Open Source Tools

    Course Overview:

    This is an advanced course that assumes the attendee is a qualified security professional with experience using security tools and understands the concepts behind penetration testing. Courses that build up the expertise that enables a student to succeed in this course is Security+, CEH, CISSP, and any of the GIAC certifications. This course is completely hands-on and utilizes the BackTrack tool suite from backtrack-linux.org. The course covers, in detail, various attacks and tools that are contained in the BackTrack tool suite.

    Attendees to TN-335: Advanced Penetration Testing Using Open Source Tools will receive TechNow approved course materials and expert instruction.

    Dates/Locations:

    No Events

    Duration: 5 days

    Course Objectives:

    • Information Security and Open Source Software
    • Operating System Tools
    • Firewalls
    • Scanners
    • Vulnerability Scanners
    • Network Sniffers
    • Intrusion Detection Systems
    • Analysis and Management Tools
    • Encryption Tools
    • Wireless Tools
    • Forensic Tools
    • More on Open Source Software

    Prerequisites:

    • Experience in IT Security
    • Solid basic knowledge of networks and TCP/IP
    • Experience in command line under Linux and Windows is required

     

    Comments

    Latest comments from students

    Liked the class?  Then let everyone know!