Intrusion Analysis and Response

Contact information

For further information or to request a quotation, please contact the Professional Education Courses Unit on:

Enquiries Phone: 02 5114 5573

Enquiries Email:

In-house delivery

UNSW Canberra Professional Education Courses may be available for in-house delivery at your organisation's premises. In-house courses allow maximum attendance without the additional travel costs. Courses can be developed to suit the specific staff development and training needs of your organisation. Recommended for groups of 10 or more.

This course aims to develop knowledge and understanding of the strategies, techniques and technologies used in attacking and defending networks and how to design secure networks and protect against intrusion, malware and other hacker exploits.

Designed as either a standalone course or to flow from Introduction to Pen Testing, the course will explore the attackers’ mindsets and methods, and work through the different ways of protecting the estate. The course will cover keystone technologies required in an effective security defence solution including an introduction to usable and effective policies that staff will follow and not be encouraged to work around.

Topics covered include:

  • Network security fundamentals
  • Intrusion analysis and response
  • Secure socket layer (SSL)
  • IPSec
  • Firewalls
  • Intrusion analysis practices
  • Legal, privacy and ethics issues

Learning outcomes

On completion of this course, participants should be able to:

  • Understand the main functions of a Security Operations Centre.
  • Understand and evaluate the key issues involved in designing secure networks.
  • Understand the issues arising in the collection of computer evidence after network breach.
  • Develop effective risk management plans to protect against malware and other hacking exploits.
  • Formulate a range of strategies and solutions for testing and continuously improving the security of a network.

Course Information

Day 1

Network Security and Linux IAR Fundamentals

The first day of the course will look at Linux incident analysis and response processes, specifically Bash Shell scripting, permissions, shell expansion, functions and hashing. Students will then be introduced to network security fundamentals, looking at layers, services, protocols and common issues.


Linux Command Line, Shell Coding, Trustico, Networking, Traffic Management, Security Architecture, SSL Components, Firewall Principles, Intrusion Analysis Practices.

Day 2

Cryptography and Computer Networks

Day 2 of the course will introduce students to the principles of cryptography, properties of secure communication and methods of encryption/decryption. Students will then be stepped through the fundamentals of computer networks, covering transport-layer services, UDP/TCP and IP protocol.


Confidentiality, Authentication, Integrity, Digital Signatures, Access Control, Public Key Algorithms, Transport & Network Layer Protocols, Internet Routing.

Day 3

Introduction to MANET; Incident Analysis & Response Theory

The first half of the session will cover the characteristics of mobile ad hoc networks (MANET), their applications and common security vulnerabilities. The rest of the day will focus on the concepts and practical processes of incident analysis and response.


Security in MANET, Dynamic Source Routing, Attacks in MANET, DDoS, Incident Response Process, Electronic Evidence Collection and Analysis, Cyber Kill Chain techniques.

Day 4

Attacks, Counter Measures, Security Assessment and Testing

Day 4 will look at different types of attack vectors and methods of defence. Students will be given an introduction to security assessment, risk identification and evaluation techniques. We will also look at penetration testing methodologies, information gathering and flaw testing.


In-line Memory Attacks, Webshells, Dos Attack, Flood Attack, Smurf IP Attack, Asset Identification, Threat Assessment, Security Assessment Components, Probing the Network.

Day 5

Legal, Privacy and Ethical Aspects

The final day of the course will give an overview of the various governance issues involved with cybercrime and computer crime. Students will be introduced to the issues facing law enforcement, intellectual property and copyright implications, privacy concerns, and ethical codes of conduct.


Types of Property, Patents, Trademarks, DMCA Copyright Act, Privacy Protections, Australian and Global Privacy Laws, Data Surveillance.

Intrusion Analysis and Response
filter Download 595.57 KB PDF
Intrusion Analysis and Response

This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities):

K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

K0019: Knowledge of cryptography and cryptographic key management concepts

K0042: Knowledge of incident response and handling methodologies.

K0112: Knowledge of defence-in-depth principles and network security architecture.

K0179: Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

K0222: Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defence activities.

K0290: Knowledge of systems security testing and evaluation methods.

K0297: Knowledge of countermeasure design for identified security risks.

S0054: Skill in using incident handling methodologies.

S0059: Skill in using Virtual Private Network (VPN) devices and encryption.

S0124: Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.

A0015: Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.

A0128: Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies. A0159 : Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).

What is the NICE Framework?

The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles.

To find out more about the NICE Framework, go to:

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.

UNSW Institute for Cyber Security is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.

The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.

Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.

Contact us at to discuss how.