Description
Securing Cisco Networks with Open Source SnortTM (SSFSNORT) is a 4-day instructor-led course offered by Cisco Learning Services High-Touch Delivery. It is a lab-intensive course that introduces students to the open source Snort technology as well as rule writing. You will learn how to build and manage a Snort system using open source tools, plug-ins, and the Snort rule language to help manage, tune, and deliver feedback about suspicious network activity.
This course combines lecture materials and hands-on labs throughout to make sure that you are able to construct a solid, secure Snort installation and write Snort rules using proper syntax and structure. This course prepares you to take the Securing Cisco Networks with Open Source Snort exam (exam ID 500-280).
This course combines lecture materials and hands-on labs throughout to make sure that you are able to construct a solid, secure Snort installation and write Snort rules using proper syntax and structure. This course prepares you to take the Securing Cisco Networks with Open Source Snort exam (exam ID 500-280).
Objectives
Upon completion of this course, you should be able to:
- Describe what Snort is and its basic architectural components
- Describe the Snort dynamic plug-in capabilities
- Describe the different modes of Snort operation
- Perform installation and configuration of the Snort system
- Install and configure Snorby
- Configure and tune the Snort preprocessors
- Understand rule maintenance and techniques to keep rules current
- Create Snort rules using both simple and advanced rule writing techniques
- Monitor performance of a Snort deployment
Outline
Course Outline
Lab Outline
- Module 1: Intrusion Sensing technology, Challenges, and Sensor Deployment
- Module 2: Introduction to Snort Technology
- Module 3: Snort Installation
- Module 4: Configuring Snort for Database Output and Graphical Analysis
- Module 5: Operating Snort
- Module 6: Snort Configuration
- Module 7: Configuring Snort Preprocessors
- Module 8: Keeping Rules Up-to-date
- Module 9: Building a Distributed Snort Installation
- Module 10: Basic Rule Syntax and Usage
- Module 11: Building a Snort IPS Installation
- Module 12: Rule Optimization
- Module 13: Using Perl Compatible Regular Expressions (PCRE) in Rules
- Module 14: Basic Snort Tuning
- Module 15: Using Byte_Jump, Byte_Test and Byte_Extract Rule Options
- Module 16: Protocol Modeling Concepts and Using Flowbits in Rule Writing
- Module 17: Case Studies in Rule Writing and Packet Analysis
Lab Outline
- Lab 1: Installing Snort and Its Components (Module 3)
- Lab 2: Barnyard2 Installation (Module 4)
- Lab 3: Barnyard and Snorby Configuration (Module 4)
- Lab 4: Operating Snort (Module 5)
- Lab 5: Configuring Your IDS and IPS Installation (Module 6)
- Lab 6: Portscan Configuration (Module 7)
- Lab 7: Stream Reassembly (Module 7)
- Lab 8: Pulled Pork Installation, Configuration, and Usage (Module 8)
- Lab 9: Building a Distributed Snort Installation (Module 9)
- Lab 10: Writing Custom Rules (Module 10)
- Lab 11: Building an Inline IPS (Module 11)
- Lab 12: Using the Drop Action (Module 11)
- Lab 13: Using the Replace Action (Module 11)
- Lab 14: Optimizing Rules (Module 12)
- Lab 15: Using and Testing PCRE in Rules (Module 13)
- Lab 16: Using Event Filtering (Module 14)
- Lab 17: Using Supression (Module 14)
- Lab 18: Configuring Rule Profiling (Module 14)
- Lab 19: Detecting SADMIND Trust with Byte_Jump and Byte_Test (Module 15)
- Lab 20: Using the Bitwise AND Operation in Byte_Test (Module 15)
- Lab 21: Detecting ZenWorks Directory Traversal with Byte_Extract (Module 15)
- Lab 22: Writing Flowbits Rules (Module 16)
- Lab 23: Research and Packet Analysis (Module 17)
- Lab 24: Revisiting Kaminsky DNS Vulnerability (Module 17)
Prerequisite Knowledge
- Technical understanding of TCP/IP networking and network architecture
- Proficiency with Linux and UNIX text editing tools (vi editor is suggested but not required)
Training Availability and Pricing
Date
Lang.
Location
Price
Date: /
Language: /
Location: /
55930 R