mod1C02_M01Module IntroductionModule Introductionlinks../C02_M01/assets/coursemap.swfcourseMenuBtnCourse menu. Select this button to access the course menu.MainMenuButtonClickedmoduleMapBtnLesson Map. Select this button to access the lesson map.CourseMapButtonClickedglossaryBtnGlossaryGlossary. Select this button open the glossary.GlossaryButtonClickedresourcesBtnResources. Select this button open the resources.ResourcesButtonClickedexitBtnExit. Select this button to exit the course.ExitButtonClickedreplayBtnReplay. Select this button to replay the current screen.ReplayButtonClickedpauseBtnPause. Select this button to pause the course.PauseButtonClickedresumeBtnResume. Select this button to resume the course.ResumeButtonClickedpreviousPgBtnPrevious PagePrevious. Select this button to go to the previous screen.PreviousButtonClickednextPgBtnNext PageNext. Select this button to go to the next screen.NextButtonClickedIntroductionOverviewdisaidscr1_011Malicious events on DoD networks increase in number and complexity each year. Network intrusion detection systems, commonly referred to as a NIDS, can detect when malicious actors reach into the network. As Computer Network Defense Infrastructure Support, or CND-IS, personnel, your ability to use intrusion detection tools and understand trends in network penetration techniques maintains the confidentiality, integrity, and availability of DoD information and information systems. In this module, you will learn about leveraging the power of your NIDS by creating and using custom rules to detect advanced intrusions and malicious events. Rich Media Text Description, Course: D O D Intrusion Detection System (I D S) Analysis, Part 3, Module 2: DoD Network Intrusion Detection System (NIDS) Custom Rules Module, Lesson 1: Module Introduction, For each screen you will hear a description. The description is cued by an audio tone. Listen to the description, and then select the play audio narration button to continue. Screen 1 of 2. Lesson title: Module Introduction. Topic title: Introduction. Screen title: Overview. Images of a computer network, a cloud labeled Internet, and a wall labeled firewall between them appears on the screen with pulsing lines moving between them representing data flow. Images of a globe and masked men actors with laptops representing malicious appear with pulsing lines of data moving toward the cloud labeled internet. The lines representing malicious activity pass through the cloud and move toward the firewall image. The firewall deflects the lines from the masked men. Image of a computer server labeled NIDS is added to the network. One of the malicious actors sends a line of data through the internet. The malicious activity makes it through the firewall, and the NIDS displays an alert. Image of a worker at a workstation, labeled C N D I S, is added to the network. The malicious actors send another line of malicious activity through the firewall and reach the computer network. The C N D I S screen displays network intrusion.The malicious actors send another line of data representing a malicious activity of a worm file. The worm makes it through the firewall and connects with one of the workstations. The workstation displays an image of toxic infection on the monitor. The monitor of the C N D I S also displays Alert: potential worm outbreak.Objectives and Lessonsdisaidscr1_022When you complete this module, you will be able to identify considerations for writing NIDS rules within a government or military environment. You will be able to write a simple NIDS rule using a defined outcome. You will also be able to write a complex NIDS rule using modifiers for a defined outcome, as well as a complex rule using tag options for a defined outcome. Finally, you will be able to write a NIDS rule using advanced detection capabilities. This module includes six lessons, starting with this Module Introduction. Lesson 2, NIDS Rules Fundamentals, explains the components of a NIDS rule, the main options of a NIDS rule, and reviews examples of the uses of NIDS rules. Lesson 3, NIDS Advanced Rules, introduces more complex rule options to better identify anomalies the NIDS should detect. Lesson 4, Rule Optimization, explains the benefits and drawbacks of rule modifiers and various system logging features. Lesson 5, Detecting Worms and Data Exfiltration, introduces ways to use custom rules to detect these specific network threats. Finally, the Module Conclusion reviews key learning from each lesson. Screen 2 of 2. Screen title: Objectives and Lessons. Five learning objectives display in support of audio. Six topics display. The first topic is titled Module Introduction. The second topic is titled NIDS Rules Fundamentals. The third topic is titled NIDS Advanced Rules. The fourth topic is titled Rule Optimization. The fifth topic is titled Detecting Worms and Data Exfiltration. The sixth and final topic is the Module Conclusion. A text box displays and states: References to open source or freeware in this training product are for training purposes only, and should not be considered endorsements of these products. Please check with your command, service or agency for guidance on the use of these products.