Replace:NGE87079CIW Security Professional Part 5: Intrusion Detection and Threat Analysis

Course Code NGE87015

Contents

1. Contents
2. Description
3. Audience
4. Prerequisites
5. Objectives
6. Topics Include
7. Duration
8. Minimum Requirements
9. Media

Screenshot

Description

This is the final course in a five part series that teaches students how to automate intrusion detection, how to conduct a log analysis, and how to analyze the results of a security audit and implement solutions to problems identified by the audit.

Audience

The target audiences for this course are, System Administrators, Application Developers, Firewall Administrators, and IT Security Officers. Students must have CIW Foundations certification or equivalent experience, as well pass the CIW Server Administrator and CIW Internetworking Professional exams or have equivalent skills. In addition, students should have taken the first four parts in this series (87011-87014). This course is an approved study guide that will help Certified Internet Webmaster (CIW) candidates prepare for exam 1D0-470.

Prerequisites

(Currently no course prerequisite information)

Objective

• Identify the advantages of an IDS and types of IDS architecture.
• Identify how to install and use networkbased and hostbased IDS.
• Identify interpreting Debug Logs and operating system logs and filtering Windows NT and LINUX logs.
• Identify auditing recommendations and audit report formats.
• Identify installing Con Seal personal firewall, and SSH for enhancing the security of a network.

Topics Include

Unit 1: Intrusion Detection

• Identify the advantage of using an IDS in a specified scenario.
• Identify the appropriate IDS architecture for a network in the specified situation.
• Conduct a security scan by using eTrust Intrusion Detection.
• Conduct a network activity trace by using the eTrust Intrusion Detection window.
• Create an intrusion detection rule by using the Intrusion Attempt Detection Rules dialog box.
• Install ITA on a Windows NT system by using the Intruder Alert wizard.
• Connect to an ITA manager by using ITA Admin.
• Activate the required policies for a domain by using the shortcut menu in the Intruder Alert 3.0 window.
• Scan specific activities by using ITA View.
• Register an agent with additional managers by using ITA Setup.

Unit 2: Log Analysis

• Display Debug Log on a firewall by using WinRoute.
• Identify the information that a specific entry in the Debug Log represents.
• Match the specified situations with the Windows NT logs that can provide information about the situations.
• Enable directory auditing in Windows NT.
• Filter logs in Windows NT to display specific events.
• Identify the correct Linux command to filter a Linux log.

Unit 3: Auditing and Security

• Match auditing categories with the recommendations that can be made in each category for enhancing security.
• Identify the most appropriate audit report format.
• Identify a host auditing solution for a specified problem.
• Identify a method for securing a router from forwarding a DOS attack in a specified situation.
• Detect whether or not the NIC of a computer is in promiscuous mode by using AntiSniff.
• Install the ConSeal PC FIREWALL service by using the Network dialog box.
• Sequence the steps to install SSH on a Linux computer.
• Identify the correct set of steps for establishing a user-to-user trust relationship in Linux.

Duration

8

Minimum Requirements

The CDROM version of this course requires:

• At least a 486DX 33Mhz CPU.
• Microsoft Windows 3.1 or higher and a Microsoft compatible mouse.
• At least 8MB RAM.
• At least VGA graphics capability with a minimum 512K video RAM (1MB video RAM recommended).
• At least a double speed CDROM drive.
• An MPC compliant sound card with attached speakers or headphones is recommended (Currently, only the CDROM version supports audio).

• At least a 486DX 33Mhz CPU.
• Microsoft Windows 3.1 or higher and a Microsoft compatible mouse.
• At least 8MB RAM and 22MB available hard disk space or file server space.
• At least VGA graphics capability with a minimum 512K video RAM (1MB video RAM recommended).

Media