29 Feb-4 Mar 2016
29 Feb-4 Mar 2016
18 Jan 2016
300 € (no fee for the Sponsoring Nations, Contributing Nations and NATO bodies)
CDMCS Module 1: Rule-based Threat Detection Course
This intensive hands-on course concentrates on a single solution out of a number of important Cyber Defence Monitoring techniques and solutions. We focus only on rule-based threat detection, more widely known as Intrusion Detection. We will use Suricata, an open-source free software tool, to build network security monitoring for different scales - from SOHO/SME up to enterprise level.
The course demonstrates how Suricata is a perfect fit into modern network security monitoring. Attendees gain practical experience on how to build up a scalable system and how challenging the security-engineering process can be. During hands-on exercises, students start from the basic single instance installation and end up implementing a distributed system with centralised command, analysis and visualisation solutions.
In this course we will work with network traffic from Locked Shields 2015, this means the traffic will have real intrusions. We will also use samples of existing botnets to analyse obfuscation techniques used today.
NB! We most strongly discourage the participation of students who do not fulfil aforementioned prerequisites, since the course contains advanced lab sessions assuming this knowledge. Therefore, the presence of unskilled attendants in the audience is likely to hinder the overall progress of the course.
Students can take each module in the course suite independently. However, the Centre encourages the applicants to attend all three modules in order to have a complete overview of available methods, techniques, and their implementation.