•    Employment
  •    Academia
  •    Research
    • NICE Framework
    • CAE Program

Intrusion Detection/Prevention Systems

The intent of the Intrusion Detection/Prevention Systems (IDS) Knowledge Unit is to provide students with knowledge and skills related to detecting and analyzing vulnerabilities and threats and taking steps to mitigate associated risks.

Topics

  1. Intrusion response a. Device Reconfiguration b. Notifications i. Logging ii. SNMP Trap iii. Email iv. Visual/Audio Alert
  2. Host-based Intrusion Detection and Prevention
  3. Network-based Intrusion Detection and Prevention
  4. Deep Packet Inspection
  5. Distributed Intrusion Detection
  6. Hierarchical IDS's
  7. Configure IDS/IPS systems to reduce false positives and false negatives.
  8. Anomaly Detection a. Establishing profiles b. Anomaly algorithms, such as: i. Statistical Techniques ii. Correlation Techniques iii. Fuzzy Logic Approaches iv. Artificial Intelligence v. Filtering Algorithms vi. Neural Networks
  9. Log File Analysis
  10. Cross Log Comparison and Analysis
  11. Log Aggregation
  12. Anomaly Detection
  13. Intrusion response
  14. Notifications
  15. Logging
  16. SNMP Trap
  17. Email
  18. Visual/Audio Alert
  19. Misuse Detection (Signature Detection)
  20. Specification-based Detection
  21. Honeynets/Honeypots

Outcomes

  1. Detect, identify, resolve and document host or network intrusions.
  2. Use tools and algorithms to detect various types of malware (keyloggers, rootkits) and unauthorized devices (rogue wireless access points) on a live network.
  3. Configure IDS/IPS systems to reduce false positives and false negatives.
  4. Deploy reactive measures to respond to detected intrusion profiles.

KSA-T

Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.

  • Knowledge
  • Skills
  • Abilities
  • Tasks
ID DESCRIPTION
K0046 Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
K0054 Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
K0062 Knowledge of packet-level analysis.
K0301 Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
K0324 Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
K0229 Knowledge of applications that can log errors, exceptions, and application faults and logging.
K0040 Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
K0015 Knowledge of computer algorithms.
K0018 Knowledge of encryption algorithms
ID DESCRIPTION
S0156 Skill in performing packet-level analysis.
S0079 Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
S0173 Skill in using security event correlation tools.
S0109 Skill in identifying hidden patterns or relationships.
ID DESCRIPTION
A0128  Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.
ID DESCRIPTION