Intrusion Detection/Prevention Systems
The intent of the Intrusion Detection/Prevention Systems (IDS) Knowledge Unit is to provide students with knowledge and skills related to detecting and analyzing vulnerabilities and threats and taking steps to mitigate associated risks.
Topics
- Intrusion response
a. Device Reconfiguration
b. Notifications
i. Logging
ii. SNMP Trap
iii. Email
iv. Visual/Audio Alert
- Host-based Intrusion Detection and Prevention
- Network-based Intrusion Detection and Prevention
- Deep Packet Inspection
- Distributed Intrusion Detection
- Hierarchical IDS's
- Configure IDS/IPS systems to reduce false positives and false negatives.
- Anomaly Detection
a. Establishing profiles
b. Anomaly algorithms, such as:
i. Statistical Techniques
ii. Correlation Techniques
iii. Fuzzy Logic Approaches
iv. Artificial Intelligence
v. Filtering Algorithms
vi. Neural Networks
- Log File Analysis
- Cross Log Comparison and Analysis
- Log Aggregation
- Anomaly Detection
- Intrusion response
- Notifications
- Logging
- SNMP Trap
- Email
- Visual/Audio Alert
- Misuse Detection (Signature Detection)
- Specification-based Detection
- Honeynets/Honeypots
Outcomes
- Detect, identify, resolve and document host or network intrusions.
- Use tools and algorithms to detect various types of malware (keyloggers, rootkits) and unauthorized devices (rogue wireless access points) on a live network.
- Configure IDS/IPS systems to reduce false positives and false negatives.
- Deploy reactive measures to respond to detected intrusion profiles.
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
ID |
DESCRIPTION |
K0046 |
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions. |
K0054 |
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. |
K0062 |
Knowledge of packet-level analysis. |
K0301 |
Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). |
K0324 |
Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications. |
K0229 |
Knowledge of applications that can log errors, exceptions, and application faults and logging. |
K0040 |
Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). |
K0015 |
Knowledge of computer algorithms. |
K0018 |
Knowledge of encryption algorithms |
ID |
DESCRIPTION |
S0156 |
Skill in performing packet-level analysis. |
S0079 |
Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters). |
S0173 |
Skill in using security event correlation tools. |
S0109 |
Skill in identifying hidden patterns or relationships. |
ID |
DESCRIPTION |
A0128 |
Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies. |