IDS/IPS: Intrusion Detection using Snort 2010

Today s Enterprise Data Processing environments are large, distributed, and highly complex. Monitoring and maintaining security in these heterogeneous data centers can be daunting and confusing. Further exacerbating the problem is that fact that security product vendors bombard IT managers with one miracle product after another, often resulting in security domains that are strained to effectively solve the problems they were intended to in the first place.

In this class, we ll take a product-neutral look at what technologies exist and what their real capabilities are. We ll compare different types of Intrusion Detection Systems (IDS) as well as Intrusion Prevention Systems (IPS) to get a realistic appreciation of what we can expect of them in production environments. We ll present a clear picture of just how they do what they do. We ll see first-hand the sorts of attacks these products face and why some products are best suited for particular categories of attacks. And we ll look at how IDS/IPS products can be integrated into a typical data center environment effectively.

Main Topics

• Understanding the problem
• Survey of today s product space
• Attacks and attack tools hands-on exercises Network and System level
• Attacks and attack tools hands-on exercises Application level
• IDS tools in action
• Application-level considerations
• Real world pitfalls to understand and avoid
• Incident response considerations
• Bringing it all together