the most trusted source for computer security training, certification and research
Global Information Assurance Certification

The fire hose strikes again! My brain hurts!
-Dean Farrington, Wells Fargo

Security 503: Intrusion Detection In-Depth

Mentor SEC503 with FT/Orange in Bristol

Tuesday, March 4, 2008 - Tuesday, April 29, 2008

CLOSED
Course Fees Payment Deadline
€1,895.00 Through Tuesday, February 26, 2008*
€1,995.00 After Tuesday, February 26, 2008
€300.00 Additional For Certification †

† If you wish to certify you MUST register for certification at the time you register. SANS is unable to add the certification to your registration retroactively.

* Payment must be RECEIVED by the deadline to receive the posted rate.

Mentor: Dai Morgan
Date:  Tuesday, March 4, 2008
Meeting Time:  6:00 PM - 8:00 PM
Where:

St James Court
Great Park Road, Almondsbury Park
Bradley Stoke
Bristol, United Kingdom
http://www.orange.co.uk/
Mentor Bio:
 Dai Morgan: Dai Morgan is currently working as a Senior Security Analyst at Orange / France Telecom Group in Bristol, UK. His experience in IT Security extend back over 20 years initially working on MVS mainframe security and then specializing in Firewall and IDS technologies since the mid 1990’s. He has first hand experience of deploying, tuning and running these technologies across different organizations and on a global scale.

Dai is passionate about passing on knowledge and experience, and is looking forward to mentoring in a subject he finds challenging and exciting. Dai holds GCIA and GCIH certification and serves on the SANS Advisory Board.

Learn practical hands-on intrusion detection and traffic analysis, through SANS Local Mentor Program. This advanced program is newly updated to reflect the latest attack patterns, jam packed with network traces and analysis tips.

This course is not a comparison or demonstration of multiple NIDS. Instead, the knowledge and information provided, allows students to better understand the elements that go into a sound NIDS and the whys behind them. The emphasis of this training is to increase students understanding of the workings of TCP/IP, methods of network traffic analysis and one specific network intrusion detection system Snort. Students will learn from hundreds of examples of detections that were captured in the real world and be able to apply these examples to the analysis of intrusion patterns within their own organizations. The goal of this course - better equip students to make a wise selection for their sites particular needs and put the training they receive into practice the day they get back to the office.

The challenging hands-on exercises are specially designed to be valuable for all experience levels. Students must possess a working knowledge of TCP/IP & Hex and we strongly recommend you spend some time getting familiar with TCPdump, WINdump or another network analyzer output before coming to class. To test your knowledge, please see our TCP/IP & Hex Quizzes at: www.sans.org/conference/tcpip_quiz.php.

SANS Intrusion Detection In-Depth Local Mentor-led course runs for 10 weeks and is divided into seven sections:

  • Introduction to SANS and GIAC Certification Orientation
  • TCP/IP for Intrusion Detection
  • Network Traffic Analysis Using TCPdump - Part 1
  • Network Traffic Analysis Using TCPdump - Part 2
  • Intrusion Detection Snort Style
  • IDS Signatures and Analysis - Part 1
  • IDS Signatures and Analysis - Part 2
Although many may benefit from Security 503, it is most appropriate for Intrusion Detection Analysts (all levels), Network Engineers, System, Security and Network Administrators and hands-on Security Managers.

A frequent question is whether this is a self study or a live course led by a Local Mentor? The answer is "both".

Students study SANS Intrusion Detection In-Depth course books at their own pace. Once a week, you and other professionals in your area, meet with SANS Local Mentor, who will lead class discussions, provide hands-on demonstrations, point out the most salient features, and answer questions. The Mentor's goal is to help you grasp the more difficult material, master the exercises, and prepare you for GCIA certification.

Course Materials:

  • Hardcopy SANS Intrusion Detection In-Depth Course Books and CDs
  • Local Mentor Program study materials
  • Ten Weekly 2-hour Mentor led sessions
All Students will receive 4 months access to their online study materials at the start of their 2nd Class session.

Group Discounts:
SANS Local Mentor Program is pleased to offer two (2) or more Students who work at the same organization, a Group Discount tuition fee. To obtain the Group Discount fee and Registration Code offered for this course, contact tuition@sans.org PRIOR to registering and provide the names and e-mail addresses of all the students registering within your organization.

LMP Exclusive Offer:
SANS makes every effort to help you obtain certification. SANS Local Mentor Program extends an exclusive offer to Students who previously attended SANS Intrusion Detection In-Depth after January 1, 2001, but did not complete their GCIA certification.

For details on this special offer, please contact at registration@sans.org with the date and location you attended SANS Intrusion Detection In-Depth course, along with your momgate login ID and e-mail address.