Cisco SSFRULES – Securing Cisco Networks with Snort Rule Writing Best Practices
In this course you will learn about the Snort language and writing rules. You will begin with basic rule syntax and structure and advance to more complex rule-option usage, packet captures and practice what you have learned.
The focus of this course will be on hands-on experience with detecting certain types of attacks and using different types of rule-writing techniques.
This course is aimed at security administrators, security consultants, netwokr administrators, system engineers and technical support personne.
Upon completion you will know how to:
- Understand rule structure, rule syntax, rule options, and their usage
- Configure and create Snort rules
- Understand the rule optimization process to create efficient rules
- Understand preprocessors and how data is presented to the rule engine
- Create and implement functional regular expressions in Snort rules
- Design and apply rules using byte_jump/test/extract rule options
- Understand the concepts behind protocol modeling to write rules that perform better
Students need to have:
- Technical understanding of TCP/IP networking and network architecture
- Working knowledge of how to use and operate Cisco Sourcefire® Systems or open source Snort
- Working knowledge of command-line text editing tools, such as the vi editor
Basic rule-writing experience is suggested
1. Welcome to the Sourcefire Virtual Network
2. Basic Rule Syntax and Usage
3. Rule Optimization
4. Using PCRE in Rules
5. Using Byte_Jump/Test/Extract Rule Options
6. Protocol Modeling Concepts and Using Flowbits in Rule Writing
7. Case Studies in Rule Writing and Packet Analysis
8. Rule Performance Monitoring
9. Rule Writing Practical Labs, Exercises, and Challenges
Nu există cursuri recomandate după finalizarea acestui curs.
Nu sunt programe de ceritifcare pentru acest curs.