Intrusion Detection & Response

Monthly Archives: June 2015




Please check your grades at

I want to everyone has been graded for an assignment they have submitted.  If you do not see a grade, then I don’t have an assignment for you that is missing the grade.  Please contact me if there is a discrepancy.



Reading requirements for Monday 6/17


Please ensure that you read chapter 17 of the Incident Response & Computer Forensics books for monday.  Along with the following SANS publication.

See you on Monday.



This is just a friendly reminder for the remainder of the course.  The research paper is due on Sunday at 11:59 PM.  Please make sure you get them to me by the time.  Tomorrow we will continue with the Splunk configuration.  As we spend some time incorporating the PCAP data into Splunk along with the tutorial data from the Splunk’s website.  We will continue with the tutorial to understand how we can manipulate the data.

On Monday we will be discussing managing intrusions with our (organizations’) outsourcer.

And next Wednesday is the final.  See you all tomorrow.  Please bring in your laptops.


OPM Breach

In light of the recent breach with federal employee information, we will be discussing this breach.  We will discuss what it means for federal employees, United States as a whole, and what could have happened

You can also use the document below to help guide our discussion today.





Due to unplanned situation at work, we will not have lecture tonight.  There will be NO CLASS tonight.  In lieu of the lecture.  Please check out the following videos on splunk.

You can submit the video summaries for monday as your reading assignment.

Please bring your laptops to class on Monday.

Thank You



Term Paper


I wanted to take a moment to remind you that there  is paper due on June 10th.  That is 10 days away.  Here is the information on the paper from the syllabus.

Intrusion Detection and Management comprises of several phases. Each phase consists of its own issues. Following are some of the examples and issues that need to be considered. Please pick one of the following as your topic of the paper.  You may decided to do something not listed below.  If you decide to pick something different please check with me.

  • Legal issues with the use of IDS Logs and Packet Capture Data.
  • Financial Implications of not having an Intrusion Detection and Management program.
  • Technical Obstacles with the deployment of IDS
  • Effectiveness of Intrusion Detective Systems
  • Pros and Cons of sharing the details of a cyber-attack with the government or other entities.
  • Identify several metrics that you would consider developing to highlight the success of a Cyber Incident Security Response Centers.

All papers need to have the following requirements.

  • APA formatting, – Paper should be properly cited for appropriate references.
  • A minimum of 5 professional references (Def: professional references are those that have been published in journals or industry publications. Websites and Blogs will not be considered professional references)
  • A minimum of 6 – 8 pages.


Welcome to class
Recent Comments