Advanced Intrusion Detection and Response

In this course students learn the steps of the incident handling process, the factors that influence incident response and a "pre-incident" response strategy. The course covers the typical flow of an attack and teaches the students to recognize steps normally seen in attack signatures and prior to a successful compromise of a system. Topics such as functional components of CIDF, intrusion signature categories and hackers response to IDS give students the knowledge necessary to effectively detect incidents. Students learn how to reduce false positives from damage assessment and identify the perpetrator during the response phase of investigations. Students learn forensic policy and procedures that are critical to their success in real world security issues and how to maintain the integrity of their incident response.