mod1C01_M01Module IntroductionModule Introductionlinks../C01_M01/assets/coursemap.swfcourseMenuBtnCourse menu. Select this button to access the course menu.MainMenuButtonClickedmoduleMapBtnLesson Map. Select this button to access the lesson map.CourseMapButtonClickedglossaryBtnGlossaryGlossary. Select this button open the glossary.GlossaryButtonClickedresourcesBtnResources. Select this button open the resources.ResourcesButtonClickedexitBtnExit. Select this button to exit the course.ExitButtonClickedreplayBtnReplay. Select this button to replay the current screen.ReplayButtonClickedpauseBtnPause. Select this button to pause the course.PauseButtonClickedresumeBtnResume. Select this button to resume the course.ResumeButtonClickedpreviousPgBtnPrevious PagePrevious. Select this button to go to the previous screen.PreviousButtonClickednextPgBtnNext PageNext. Select this button to go to the next screen.NextButtonClickedIntroductiondisacnd01_011This is Pat. Like you, Pat is a computer network defense, or CND, analyst. Also like you, Pat sees numerous Intrusion Detection System, or IDS, alerts each day. The number of alerts she sees varies day by day: some days, the alerts just trickle in, but on other days, they never seem to stop. On this day, alerts are coming in with alarming frequency. For every alert that Pat begins to investigate, her queue of alerts grows. Unable to keep up with the volume of incoming alerts, she sends them up the chain of command with little more than a passing glance. However, with no investigation and analysis to provide context for these alerts, her supervisor has no idea what to do with them. Having taken only a cursory look at each alert, she doesn't see an obvious pattern in the alert data. Her lack of investigation also means that she is not aware that other analysts are also seeing similar alerts. Furthermore, aside from the sheer volume of alerts coming in, nothing about these alerts concerns her. As the day goes on and Pat falls further and further behind with the incoming alert traffic, nodes on the network begin to show suspicious behavior. It soon becomes obvious that the network is under attack and that now, in the absence of appropriate and timely remediation, an adversary has successfully gained access to the network. So where exactly did Pat go wrong? How were these events permitted to escalate into a full-blown intrusion of the organization's network? How can you be prepared to avoid similar mistakes in the future? The answer lies in the approach that you take to CND analysis. As you can see, Pat made some crucial errors in judgment. But she is not alone. CND analysts work hard around the world to safeguard the DoD's secure networks, but the individuals in this role have greatly varying levels of experience and training. Some may lack formal training altogether, and others may have training that is proprietary or vendor specific. Some analysts may have a natural aptitude for information technology but lack a basic understanding of analysis, while others may be skilled CND analysts who don't follow a consistent methodology. Knowledge, judgment, and skill are important to an analyst's ability to recognize or identify a threat event. But an analysis methodology is the key to delivering consistent results from your analyses. This module will present an analysis methodology that can be used in any networking environment to augment your existing analysis methods and provide a structured approach to CND analysis. Rich Media Text Description, Course: D O D Intrusion Detection System (I D S) Analysis, Part 3, Module 1: C N D Analysis: A Structured Approach to Intrusion Analysis, Lesson 1: Module Introduction, For each screen you will hear a description. The description is cued by an audio tone. Listen to the description, and then select the play audio narration button to continue. Screen 1 of 2. Lesson title: Module Introduction. Topic title: Introduction. Screen title: Overview. Image displays of female analyst named Pat. Label displays identifying Pat as a C N D analyst. Images and text display in support of audio. Image displays of e-mail message to suprervisor. Message reads as follows: Dave, The I D S is going haywire! Alerts are coming in way faster than I can get to them to investigate. Here's the latest string of alerts. Sincerely, Pat, C N D Analyst. The acronym C N D becomes a rollover that reads computer network defense.IntroductionLessons and Objectivesdisacnd01_022When you complete this module, you will be able to identify the role of the CND analyst in the analysis of CND information. You will also be able to analyze a narrative to determine whether it fully explains a CND incident and apply the recommended CND analysis methodology to your analysis of a CND incident. There are four lessons in this module, starting with this Module Introduction. Lesson 2, Understanding Your Role in CND Analysis, reviews the concept of analysis, discusses the role of the analyst in conducting analyses, explains the value of taking a structured approach to analysis, and introduces an analysis methodology for you to incorporate into your existing analysis processes. Lesson 3, An Approach to CND Analysis, delves deeper into the analysis methodology, discussing each phase of the methodology and explaining how the methodology can be used to augment your existing analysis methods. Finally, the Module Conclusion reviews key points from each lesson. Screen 2 of 2. Screen title: Objectives and Lessons. Three learning objectives display in support of audio. Four topics display. The first topic is titled Module Introduction. The second topic is titled Understanding Your Role in C N D Analysis. The third topic is titled An Approach to C N D Analysis. The fourth and final topic is titled Module Conclusion. Text displays as follows: References to open source or freeware in this training product are for training purposes only, and should not be considered endorsements of these products. Please check with your command, service, or agency for guidance on the use of these products.