IDS mailing list archives
Re: IDS Analyst skill set
From: Eric Grejda <eric.grejda () sunrocket com>
Date: Thu, 02 Mar 2006 11:24:12 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 naveenkat () gmail com wrote:
I am new to IDS mailing list. What kind of skill sets are require for the role of IDS Analyst ? How to gain these skills (for example certs etc )?
First off, knowledge of TCP/IP. Knowing how connections are set up, the various packet types (and what's usually found in them), and where you're normally supposed to find them (which requires at least some knowledge of the networks you'll be monitoring) is essential for understanding what you'll find. Some knowledge of application protocols (SMTP, HTTP, etc) is also good, so you know what it is that you're looking at. Again, knowing what you're supposed to see should give you an idea of what you shouldn't be seeing ("Hey.. is IRC traffic supposed to be coming into this network on port 3128?") Lots and lots of patience is a must. It can be mind numbing sometimes, when you're staring at the alerts that have piled up over the weekend, especially if the IDSes you're monitoring aren't really tuned for the environment they've been installed in. A crucial ability is to step back and look at the big picture: To place something odd in the logs in the context of everything going on, to try to determine whether or not it's something worth raising a red flag over. Sometimes anomalies aren't virus activity or someone messing around but just an odd case out. Speaking for myself and not my employers, as always. - -- Eric Grejda System Administrator, Sunrocket - http://www.sunrocket.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFEBxwrHJJGEDZR+J8RAq3aAJ0ZX888alwlkyGvtySK+YanvQoVLQCePX/N BeeBTn6LaJNBbtx+vIVFVG4= =NwTW -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- IDS Analyst skill set naveenkat (Mar 02)
- Re: IDS Analyst skill set Eric Hines (Mar 03)
- Re: IDS Analyst skill set Eric Grejda (Mar 03)
- <Possible follow-ups>
- Re: IDS Analyst skill set Maarten Van Horenbeeck (Mar 17)
- Re: IDS Analyst skill set Don Parker (Mar 20)