NSA Approved Network Security Course OutlinesCMSY 164 – INTRODUCTION TO INTRUSION DETECTION SYSTEMS
1. IDS Systems
1.1. Define Host Based Systems
1.2. Define Network Based Systems
1.3. Different IDS Systems and How they function
1.4. Compare host based vs. network based IDS and when to
deploy them
1.5. Define Hybrid systems
2. TCP/IP
2.1. Packet Sniffing
2.2. Define a TCP/IP packet and isolate the critical parts of a packet
2.3. Demonstrate how IDS systems function similar to a packet sniffer
3. Secure Technology
3.1. Demonstrate where different technologies fit within a secure
network
3.2. Determine where an IDS system should be within the structure
4. Attacks
4.1. Define the types of attacks that may occur on critical systems
4.2. Show how attacks may breach other network security devices
4.3. Attack signatures and how they are structures to determine
an attack
4.3.1. Compare an attack signature to packets captured
via a sniffer
4.3.2. Define & write custom attack signatures to capture
specific traffic
5. False Positives/False Negatives
5.1. Define the terms for IDS Understanding
5.2. Show how to limit the level of false positives and negatives
5.3. Determine if a packet indicates a false positive or a true attack
6. Alerting and Attack Response
6.1. How an IDS alerts when attacked
6.2. Determine how to structure alerts so that an Administrator is not overwhelmed
6.3. Discuss the differences between alerting and logging
6.4. Demonstrate Incident response procedures and what should be done
when an attack has occurred.
7. Passive IDS/Active IDS
7.1. Compare an IDS system that interacts with security policy & one
that doesn’t
7.2. Demonstrate why it is recommended that an IDS work as a
passive device
7.3. Show technology that will allow for more active devices
8. IDS Implementation
8.1. Install and Configure an IDS system
8.2. Manage the system
8.3. Simulate Attacks on the system and respond accordingly
8.4. Adjust the system for functionality on different parts of
the network
8.5. Evaluate the data to determine correct responses
9. Access Control Systems and Methodology
9.1. Access Control Techniques
9.2. Access Control Administration
9.3. Access Control Models
10. Applications and Systems Development
10.1. Malicious Code
11. Physical Security
11.1. Threats, Vulnerabilities, and Countermeasures related to physically
protecting the enterprise’s sensitive information assets
11.2. The risk to people, facilities, data, media, equipment, support
systems, and supplies as the risk applies to Computer
Physical Security
12. Organizational Issues
12.1. Organizational Security Model
12.2. Defining Risk
12.3. Risk
12.4. Defining the Threat
12.5. Quantitative Risk Assessment
12.6. Management Issues
12.6.1. Bang for the Buck
12.6.2. Threats and Vulnerabilities
12.6.3. Asset Identification/Valuation
12.6.4. Cost Benefit Analysis
13. Security Architecture and Models
13.1. Network Protocol Stack Functions
13.2. Common flaws and security Issues associated with
system architectures and designs
14. Telecommunications, Network, and Internet Security
14.1. ISO/OSI Layers and Characteristics
14.2. Communications and Network Security
14.3. Internet/Intranet/Extranet
14.4. Security boundaries and how to translate security policy to controls
14.5. Network Attack and Countermeasures
