Course Summary
In this course, you will learn essential skills for network and host monitoring, traffic analysis, and intrusion detection, enabling you to protect your organization’s network from potential threats. You will gain the ability to:
Analyze network traffic to proactively detect and prevent threats, reducing the risk of becoming a target.
Identify zero-day threats that lack published signatures from network monitoring tools.
Customize and fine-tune your network monitoring systems to maximize detection capabilities.
Effectively triage network alerts, particularly during security incidents.
Reconstruct events to determine what occurred, when it happened, and who was responsible.
Gain hands-on experience with detection, analysis, and network forensic investigations using various tools.
Deepen your understanding of TCP/IP and common application protocols to differentiate between normal and abnormal network traffic.
Understand the strengths and limitations of signature-based network monitoring tools.
Leverage behavioral network monitoring tools for enterprise-wide automated correlation and learn how to use them effectively.
Conduct threat modeling for network activities to anticipate and mitigate potential risks.
Translate threat modeling into actionable detection strategies for emerging threats like zero-day attacks.
Use flow and hybrid traffic analysis frameworks to enhance detection capabilities in traditional, hybrid, and cloud-based network environments.
Advanced IDS Concepts
You will learn advanced intrusion detection system (IDS) tuning methods and understand common correlation challenges.
Application Protocols
You will gain the knowledge and skills required to dissect and analyze application layer protocols.
Concepts of TCP/IP and the Link Layer
You will develop a comprehensive understanding of the TCP/IP communications model and the operations of the link layer.
Fragmentation
You will learn how packet fragmentation works, how to identify fragmentation in packet captures, and recognize fragmentation-based attacks.
IDS Fundamentals and Network Architecture
You will gain an understanding of fundamental IDS concepts, including network architecture options and the strengths and weaknesses of different IDS systems.
Intrusion Detection System Rules
You will learn how to create effective IDS rules to detect a wide range of malicious activities.
IP Headers
You will become proficient at dissecting IP packet headers, analyzing them for normal and anomalous values that may indicate security issues.
IPv6
You will gain a solid understanding of IPv6 and its differences from IPv4.
Network Forensics and Traffic Analysis
You will develop expertise in analyzing data from various sources—such as full packet capture, netflow, and log files—to identify both normal and malicious network behaviors.
Packet Engineering
You will gain knowledge in packet crafting and manipulation for deeper network analysis.
SiLK and Other Traffic Analysis Tools
You will learn how to use SiLK and other traffic analysis tools to perform network traffic and flow analysis.
TCP
You will develop a deep understanding of the TCP protocol and the ability to identify typical versus anomalous behaviors in TCP traffic.
Tcpdump Filters
You will learn how to create custom tcpdump filters to capture traffic based on specific criteria.
UDP and ICMP
You will gain an understanding of the UDP and ICMP protocols and the skills to distinguish between normal and malicious traffic patterns.
Wireshark Fundamentals
You will learn to effectively use Wireshark to analyze both typical and malicious network traffic.
Other Popular Courses
CompTIA: SecurityX
- Duration: 5 Days
- Language: English
- Level: Advanced
- Exam: CAS-005
Executive Cyber Risk Certification (ECRC)
- Duration: 2 Days
- Language: English
- Level: Advanced
- Exam: ECRC
Mastering Communication & Presentation Te...
- Duration: 5 Days
- Language: Danish
- Level: Intermediate
- Exam: MCPT