About Session
Technical Level: Beginner/Intermediate
Seats are limited, so be sure to register for the workshop when you register for the conference.
This workshop provides a hands-on introduction to Intrusion Detection Systems (IDS), focusing on network-based IDS (NIDS). Participants will learn how IDS works, analyze network traffic, configure IDS rules, and use IDS for other purposes (e.g., asset identification). The session includes practical labs using off-the-shelf tools like Zeek, Suricata, and ELK, ensuring attendees gain real-world experience from specific cases.
Lab Requirements: Linux (Mac) machine (16 GB RAM, 32GB Hard Disk). User must be capable of installing the analysis/attack tools (e.g., Zeek, Suricata, ELK, nmap, Metasploit).
1. Theory – Introduction to IDS
- • What is an IDS?
- • Difference between NIDS vs. HIDS
- • Comparison: Snort vs. Suricata vs. Zeek
- • Placement of IDS in a network
