Cisco SSFSNORT – Securing Cisco Networks with Open Source Snort
In this course you will learn how to use open source tools, plug-ins and Snort in order to build and manage a Snort system.
Other topics covered by this course include management, tunning, feedback delivery of suspicious network activity, Snort installation and Snort writing rules for good syntax.
Who needs to attend?
This course is aimed at security administrators, security consultants, network administrators, system engineers and technical support personnel.
What you will learn
Upon completion you will know how to:
- What Snort is and its basic architectural components
- Snort’s dynamic plug-in capabilities
- Different modes of Snort operation
- Perform installation and configuration of the Snort system
- Install and configure Snorby
- Configure and tune the Snort pre-processors
- Rule maintenance and techniques to keep rules current
- Create Snort rules using both simple and advanced rule-writing techniques
- Monitor performance of a Snort deployment
Students need to have:
- Technical understanding of TCP/IP networking and network architecture
- Proficiency with Linux and UNIX text editing tools
It is recommended but not compulsory:
- Knowledge of vi editor
1. Intrusion Sensing Technology, Challenges, and Sensor Deployment
2. Introduction to Snort Technology
3. Snort Installation
4. Configuring Snort for Database Output and Graphical Analysis
5. Operating Snort
6. Snort Configuration
7. Configuring Snort Preprocessors
8. Keeping Rules Up to Date
9. Building a Distributed Snort Installation
10. Basic Rule Syntax and Usage
11. Building a Snort IPS Installation
12. Rule Optimization
13. Using PCRE in Rules
14. Basic Snort Tuning
15. Using Byte_Jump/Test/Extract Rule Options
16. Protocol Modeling Concepts and Using Flowbits in Rule Writing
17. Case Studies in Rule Writing and Packet Analysis
There are no follow-ons for this course.
There are no certifications associated with this course.