IDS/IPS: Intrusion Detection & Prevention in depth

Brochure Image

by Ken van Wyk download a PDF brochure Download Event Brochure


Today’s enterprise data processing environments are large, distributed, and highly complex.  Monitoring and maintaining security in these heterogeneous data centers can be daunting and confusing. Further exacerbating the problem is that fact that security product vendors bombard IT managers with one “miracle product” after another, often resulting in security domains that are strained to effectively solve the problems they were intended to in the first place.

In this class, we’ll take a product-neutral look at what technologies exist and what their real capabilities are.  We’ll compare different types of Intrusion Detection Systems (IDS) as well as Intrusion Prevention Systems (IPS) to get a realistic appreciation of what we can expect of them in production environments. We’ll present a clear picture of just how they do what they do.  We’ll see first-hand the sorts of attacks these products face and why some products are best suited for particular categories of attacks. And we’ll look at how IDS/IPS products can be integrated into a typical data center environment effectively.

In summary, this course aims to:

  • Define clearly how IDS/IPS technologies and products work
  • Present a thorough description of the sorts of real world challenges one is likely to encounter when deploying IDS/IPS products
  • Look at IDS/IPS distributed architectures and how they work
  • Deliver a realistic view of typical Enterprise security attacks, how they work, and how they might (or might not) be detected by IDS/IPS technologies
  • Describe how IDS/IPS can be instrumental at providing essential input to an incident response program

Main Topics

  • Understanding the problem
  • Survey of today’s product space   
  • Attacks and attack tools hands-on exercises – Network and System level
  • Attacks and attack tools hands-on exercises – Application level
  • IDS tools in action
  • Application-level considerations
  • Real world pitfalls to understand and avoid
  • Incident response considerations
  • Bringing it all together