Technical Training Track A


Trainer: Meling Mudin (spoonfork)
Duration: 2-days
Cost: 150BD/USD400 (Early Bird) || 200BD/USD530 (Non Early Bird)

Title: Network Intrusion Detection Systems - NIDS

This course is a two-day intrusion detection course with emphasis on network intrusion detection. In this course, you will obtain valuable insights into network IDS, how they work, what they do and how they will play a vital role in your overall security infrastructure. To demonstrate this, you will be introduced to hackers and the tools of their trade. The journey then take you into the world of Snort, a popular network IDS. You will be doing hands-on exercises where you will use Snort to detect
attacks. You will also learn how to write Snort rules. The knowledge that you gain from this will help you to decide which NIDS is the best for your needs, how you will deploy and operate NIDS, and getting the most out of your IDS.

Workshop prerequisites

1. Knowledge in Linux Operating System. Participants are expected to know how to install and configure software in Linux.
2. TCP/IP and networking knowledge.

Target audience Network security administrators, system administrators, IT managers

Course Overview

1.0 Network Security, Hackers and Their Tools
1.1 Hackers and their tools
1.2 Defense-in-depth.
1.3 Hands on exercises: Using popular open-source hacking tools

2.0 Introduction to Intrusion Detection System
2.1 What is an IDS
2.2 Host-based IDS
2.3 Network-based IDS
2.4 Detection method
2.5 Usage of IDSs
2.6 Strengths and Weaknesses of IDS
2.7 Honeypot

3.0 Snort Network Intrusion Detection System
3.1 Introduction to Snort
3.2 Snort architecture, installation, configuration and operation
3.3 Hands on exercises: install, configure and run Snort

4.0 Snort Signature In-depth
4.1 Snort Signatures
4.2 Hands on exercises: writing Snort rules

5.0 Analyzing Snort Logs
5.1 Analyzing Snort Logs
5.2 Hands on exercises: perform attacks and analyze Snort output

6.0 Other IDSes
6.1 A look at some popular commercial and open-source IDS system

7.0 IDS Deployment
7.1 IDS deployment strategies
7.2 Issues and considerations

About Meling

Meling Mudin is a CTO of a start-up company focused on the development of correlation and event log management from various security devices. He was previously a security consultant and system architect at SCAN Associates, where he led the development of a security monitoring system for the Malaysian Government. He is also responsible for the annual HITBSecConf Capture the Flag game. Mr. Mudin also consults under Hack In The Box (M) Sdn. Bhd. In the past, he has worked as system administrator and programmer.

Posted by Administrator @ 2004-11-30 1:23 pm

Event Organizers

E-Security Gulf Group  

Hack In The Box (M) Sdn. Bhd.  


Microsoft Corporation  

Argus Systems Group 

Bahrain International Circuit 

Gulf Air 

Kingdom University, Bahrain 

Instec Digital Systems 

Oracle Corporation 


Duroob Technology 

Qatar Airways 

Supporting Organizations

Bellua Asia Pacific  

X-Focus China  

Bahrain Information Technology Society 

Hack In The Box (M) Sdn. Bhd.