Description:
Main monitoring solutions and techniques in cyber defense. Log and event generation for firewalls, IDS/IPS sensors, services, and applications. Collecting and monitoring logs and events. Intrusion detection and prevention.
Learning outcomes:
On completion of the course the student:
* has an overview of the principles and standards of log collecting (BSD and IETF syslog)
* can tune the UNIX logging software syslogd, rsyslog ja syslog-ng
* is able to filter the network packets and generate log messages using netfilter firewall
* knows different dialects of the regular expression languages (ERE, Perl) and is able to use these in the log monitoring
* has an overview of the event correlation principles
* is able to correlate events using Simple Event Correlator and use it for discovering and responding to attacks using different correlation techniques
* has an overview of the network-based intrusion detection and prevention systems (network IDS/IPS)
* is able to use Snort for intrusion detection and prevention