book your perfect training course
thousands of courses, off-site or in-house, across the UK
browse training

Browse the full list of courses above.

education search

 

Training Course: Solaris Operating System Network Intrusion Detection

training course enquiry

Back to Search Results
Training Course Code: SC-345
Training Duration: 5 days.
Price: £2,025

Training Course Summary:

The Solaris Operating System Network Intrusion Detection course provides students with the knowledge and skills necessary to perform the advanced administration skills required to firewall, monitor, log, identify and respond to network security breaches.

Pre-Requisites:

To succeed fully in this course, students should be able to:
Install, configure, and maintain a Solaris product line server
Configure a Solaris NIC for LAN and Internet access
Have a firm understanding of the TCP/IP protocol stack and IP routing
Configure Solaris logging daemons like syslog
Install open source utilities like tcpdump and libpcap

Who Should Attend:

Students who can benefit from this course are experienced system administrators who are tasked with protecting Sun Solaris systems in a non-trusted environment such as the Internet or a LAN environment with multiple unknown/untrusted users.

Training Course Overview/Content:

Module 1 - Ethernet and IP Operation


Review OSI network model
Review application and network service layers
Identify Ethernet security issues
Review IPv4 addressing
Understand IP fragmentation
Identify ICMP security issues
Implement basic traffic capture and analysis

Module 2 - IP and ARP Vulnerability Analysis


Identify IP security issues
Describe IP routing and routing protocol security
Protect against IP abuse
Identify ARP security issues
Execute attacks against ARP
Protect against ARP abuse
Implement advanced packet capture and analysis

Module 3 - UDP/TCP Protocol and TELNET Vulnerability Analysis


Discuss characteristics of UDP and TCP
Identify TCP security issues
Describe common TCP abuses: SYN attack, sequence guessing, connection hijacking
Discuss characteristics of TELNET
Identify TELNET security issues
Execute attacks on TCP and TELNET
Protect against TCP and TELNET abuse

Module 4 - FTP and HTTP Vulnerability Analysis


Discuss characteristics of FTP
Describe FTP transfer methods and modes
Identify FTP security issues
Describe common FTP abuses: FTP bounce attack, port stealing, brute force
Discuss characteristics of HTTPv1.1
Describe role of HTTP proxy servers and HTTP authentication
Identify HTTP security issues
Describe common HTTP abuses: path name stealing, header spoofing, proxy poisoning
Execute attacks on FTP and HTTP
Protect against FTP and HTTP abuse

Module 5 - DNS Vulnerability Analysis


Discuss characteristics of DNS
Identify DNS security issues
Describe common DNS abuses: DNS spoofing, DNS cache poisoning, unauthorized zone transfers
Execute attacks on DNS
Protect against DNS abuse

Module 6 - SSH and HTTPS Vulnerability Analysis


Discuss characteristics of SSH
Describe differences between SSH1 and SSH2 protocol
Identify SSH security issues
Describe common SSH abuses: insertion attack, brute force attack, CRC compensation attack
Describe characteristics HTTPS (SSL)
Discuss other SSL enabled protocols
Identify SSL issues
Describe common SSL abuses: man-in-the-middle and version rollback attack

Module 7 - Remote Operating System Detection


Use standard system commands and exploit default settings to guess remote operating systems
Use open source utilities to guess remote operating systems by scanning open ports
Describe TCP/IP stack fingerprinting
Install and use nmap for remote OS detection

Module 8 - Network Attack Techniques and Basic Attack Detection


Identify sources of network attacks
Discuss methods of intrusion
Describe common network attacks: denial-of-service, software buffer overflow, poor system configuration, password guessing/cracking
Describe a typical intrusion scenario
Introduce the concept of an Intrusion Detection System (IDS)
List some of the most popular IDS tools: Klaxon, Portsentry, snort
Implement basic scan detection

Module 9 - Implementing Intrusion Detection Technologies


Identify the difference between host based and network based IDS
Discuss different types of IDS implementation: hybrid NIDS and honeypots
Describe core components of a NIDS using the snort NIDS
Compile and install the snort NIDS

Module 10 - Advanced NIDS Configuration


Discuss advanced snort features like "real time response" and snort log monitors
Install a database (mysql) to log snort alerts
Install the graphical user interfaces (GUI) Demarc and ACID to better
interpret snort logs by querying the snort database
Generate outside attacks that trigger snort alerts
Interpret GUI snort monitors to identify attacks

Module 11 - Writing snort rules


Describe the different components of a snort rule
Configure different snort rule options
Write custom snort rules to watch for specific traffic patterns
Execute attacks against custom snort rules and interpret GUI snort monitors to identify attacks

Module 12 - Solaris Routing


List requirements for a Solaris host to be a router
Implement a Solaris host as a rou
Training course title:
Name:
Email:
Phone:
Company Name: (if applicable)
Number of delegates attending:
 
 Preferred Location: 
 Select from above or tick in house (we come to you) 
 
Preferred dates:
Click to select a dateClick to select a date
Any Special Requests:
Send Enquiry

Other course you might also like