SSFSNORT - Securing Cisco Networks with Open Source Snort - On-Demand Course

The SSFSNORT - Securing Cisco Networks with Open Source Snort course is a 4-day lab-intensive course that is designed to introduce students to the open source Snort technology, as well as rule writing. Among other powerful features, students will become familiar with:?

• Building and Managing a Snort system
• Updating rules
• Snort rules language
• The capabilities of Snort when deployed passively and inline?

The course with an introduction to the Snort technology and progresses through the installation and operation of Snort. Students will discover the various output types that Snort provides and learn about automated rule management including how to deploy and configure Pulled Pork, inline operations, and how to create custom Snort rules, including advanced rule-writing techniques and OpenAppID.

This course combines lecture materials and hands-on labs that give students practice in deploying and managing Snort.

• Snort technology and identify the resources that are available for maintaining a Snort deployment
• Installing Snort on a Linux-based operating system
• Snort operation modes and their command-line options
• Snort intrusion detection output options
• Downloading and deploying a new rule set to Snort
• Configuring the snort.conf file
• Configuring Snort for inline operation and configure the inline-only features
• Snort basic rule syntax and usage
• How traffic is processed by the Snort engine
• Several advanced rule options used by Snort
• OpenAppID features and functionality
• How to monitor of Snort performance and how to tune rules

• Security administrators
• Security consultants
• Network administrators
• System engineers
• Technical support personnel using open source IDS and IPS
• Channel partners and resellers

Basic understanding of:

• Networking and network protocols
• Linux command line utilities
• Text-editing utilities commonly found in Linux
• Network security concepts

1. Intrusion Sensing Technology, Challenges, and Sensor Deployment

2. Introduction to Snort Technology

3. Snort Installation

4. Configuring Snort for Database Output and Graphical Analysis

5. Operating Snort

6. Snort Configuration

7. Configuring Snort Preprocessors

8. Keeping Rules Up to Date

9. Building a Distributed Snort Installation

10. Basic Rule Syntax and Usage

11. Building a Snort IPS Installation

12. Rule Optimization

13. Using PCRE in Rules

14. Basic Snort Tuning

15. Using Byte_Jump/Test/Extract Rule Options

16. Protocol Modeling Concepts and Using Flowbits in Rule Writing

17. Case Studies in Rule Writing and Packet Analysis

Lab 1: Install Snort and Its Components

Lab 2: Barnyard2 Installation

Lab 3: Barnyard and Snorby Configuration

Lab 4: Operating Snort

Lab 5: Configuring Your IDS/IPS Installation

Lab 6: Portscan Configuration

Lab 7: Stream Reassembly

Lab 8: Pulled Pork Installation, Configuration, and Usage

Lab 9: Building a Distributed Snort Installation

Lab 10: Writing Custom Rules

Lab 11: Building an Inline IPS

Lab 12: Using the Drop Action

Lab 13: Using the Replace Action

Lab 14: Optimizing Rules

Lab 15: Using and Testing PCRE in Rules

Lab 16: Using Event Filtering

Lab 17: Using Suppression

Lab 18: Configuring Rule Profiling

Lab 19: Detecting SADMIND Trust with Byte_Jump and Byte_Test

Lab 20: Using the Bitwise and Operation in Byte_Test

Lab 21: Detecting ZENworks Directory Traversal with Byte_Extract

Lab 22: Writing Flowbits Rules

Lab 23: Research and Packet Analysis

Lab 24: Revisiting the Kaminsky Vulnerability

Basic understanding of:

• Networking and network protocols
• Linux command line utilities
• Text-editing utilities commonly found in Linux
• Network security concepts