SEC503: Intrusion Detection In-Depth

A session at SANS Security West 2013

If you have an inkling of awareness of security (even my elderly aunt whose idea of a mobile device is a wheelchair, knows about the perils of the Interweb), you often hear the disconcerting news about another high-profile company getting compromised. The security landscape is continually changing from what was once only perimeter protection to a current exposure of always-connected and often-vulnerable. Along with this is a great demand for security savvy employees who can help to detect and prevent intrusions. That is our goal in the Intrusion Detection In-Depth track - to acquaint you with the core knowledge, tools, and techniques to prepare you to defend your networks.

This track spans a wide variety of topics from foundational material such as TCP/IP to detecting an intrusion, building in breadth and depth along the way. It's kind of like the "soup to nuts" or bits to bytes to packets to flow of traffic analysis.

Hands-on exercises supplement the course book material, allowing you to transfer the knowledge in your head to your keyboard using the Packetrix VMware distribution created by industry practitioner and SANS instructor Mike Poor. As the Packetrix name implies, the distribution contains many of the tricks of the trade to perform packet and traffic analysis. All exercises have two different approaches - a more basic one that assists you by giving hints for answering the questions. Students who feel that they would like more guidance can use this approach. The second approach provides no hints, permitting a student who may already know the material or who has quickly mastered new material a more challenging experience. Additionally, there is an "extra credit" stumper question for each exercise intended to challenge the most advanced student.

By week's end, your head should be overflowing with newly gained knowledge and skills; and your luggage should be swollen with course book material that didn't quite get absorbed into your brain during this intense week of learning. This track will enable you to "hit the ground running" once returning to a live environment.

This is a fast-paced track, and students are expected to have a basic working knowledge of TCP/IP (see www.sans.org/conference/tcpip_qu... ) in order to fully understand the topics that will be discussed. Although others may benefit from this course, it is most appropriate for students who are or who will become intrusion detection/prevention analysts. Students generally range from novices with some TCP/IP background all the way to seasoned analysts. The challenging hands-on exercises are specially designed to be valuable for all experience levels. The Packetrix VMware used in class is a Linux distribution so we strongly recommend that you spend some time before attending becoming familiar with a Linux environment that uses the command line for entry.

About the speaker

This person is speaking at this event.

Familyman, Ukulalien, Geek, Fly Fisherman, Sailor bio from Twitter

Sign in to add slides, notes or videos to this session

Tell your friends!


Date Thu 9th May 2013

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session