Intrusion Detection, Attacks, and Countermeasures

Rik Farrow/Robert Richardson

The purpose of this course is to even up the odds by giving the defenders of networks a clear understanding about how attackers typically proceed. We'll teach you how to defend your networks, recognize attacks, and take appropriate countermeasures.

This course teaches you how to recognize the various stages of attacks and intrusions: scanning, exploits, elevation of privilege, trojans and backdoors. We will explore attack tools, see how they work and how this affects the traces your ID system might collect from the network or from host-based sensors. We will look at the attack tools themselves, then study example alerts collected by various ID systems.

Every attack is different. The source of an attack might be an automated tool, a script kiddy, a disgruntled employee, or a security expert working for a foreign government; the source strongly affects the style and timing of the attack. Most attacks have suitable countermeasures; this course suggests a range of countermeasures for each scan or attack. We will discuss firewalls and ID systems, the best locations for these, as well as configuration advice. When you leave you'll know how to defend your networks, recognize attacks, and take appropriate countermeasures.