CMSY-164 Introduction to Intrusion Detection and Prevention Systems
From this introduction to intrusion detection and prevention systems (IDPS), students will develop a solid foundation for understanding IDPS and how they function. This course will give students a background in the technology of detecting network attacks. It will introduce all the concepts and procedures used for IDPS. Students will have hands-on experience with implementing and configuring software-and hardware-based IDPS in a network infrastructure. This course is designed with a network administrator in mind. A student with a fairly extensive background in network administration or a computer professional with an MCSE or equivalent would have adequate background knowledge for waiver.
Hours Weekly
2 hours lecture, 2 hours lab weekly
Course Objectives
- 1. Define what an IDPS is and how it functions.
- 2. Determine where IDPS should be placed in a network.
- 3. Employ a packet sniffer and identify the critical parts of a TCP/IP packet.
- 4. Identify attack signatures and relate them to specific attacks.
- 5. Identify false-positives and false-negatives, and have the ability to determine what causes them.
- 6. Define and identify the different types of IDPS.
- 7. Build and implement an open source IDPS system.
Course Objectives
- 1. Define what an IDPS is and how it functions.
- 2. Determine where IDPS should be placed in a network.
- 3. Employ a packet sniffer and identify the critical parts of a TCP/IP packet.
- 4. Identify attack signatures and relate them to specific attacks.
- 5. Identify false-positives and false-negatives, and have the ability to determine what causes them.
- 6. Define and identify the different types of IDPS.
- 7. Build and implement an open source IDPS system.